diff --git a/bkk06 b/bkk06 index cce0027..9bc1fa4 100644 --- a/bkk06 +++ b/bkk06 @@ -60,6 +60,8 @@ kppl26 wppl26 wglu26 pmint26 +pppl26 +psobh26 [encointer] enc14 diff --git a/bkk07 b/bkk07 index 209585b..5e86d5c 100644 --- a/bkk07 +++ b/bkk07 @@ -40,6 +40,8 @@ kppl27 wppl27 wglu27 pmint27 +pppl27 +psobh27 [services] monitor diff --git a/group_vars/polkadot.yaml b/group_vars/polkadot.yaml index 884ab50..bee9fca 100644 --- a/group_vars/polkadot.yaml +++ b/group_vars/polkadot.yaml @@ -9,9 +9,9 @@ default_database_path: /opt/polkadot/chains default_download_base_url: https://github.com/paritytech/polkadot-sdk/releases/download/ default_download_url: '{{ default_download_base_url }}{{ default_client_version }}/polkadot' -default_download_url_execute: '{{ default_download_base_url }}polkadot-v{{ default_client_version +default_download_url_execute: '{{ default_download_base_url }}{{ default_client_version }}/polkadot-execute-worker' -default_download_url_prepare: '{{ default_download_base_url }}polkadot-v{{ default_client_version +default_download_url_prepare: '{{ default_download_base_url }}{{ default_client_version }}/polkadot-prepare-worker' default_group: '{{ service_users[''polkadot''] }}' default_log_level: info diff --git a/group_vars/proxmox_nodes.yaml b/group_vars/proxmox_nodes.yaml index 779e9f6..79269d6 100644 --- a/group_vars/proxmox_nodes.yaml +++ b/group_vars/proxmox_nodes.yaml @@ -1,6 +1,4 @@ --- -default_certificate_email: hq@rotko.net - default_packages: - sysstat - psmisc diff --git a/host_vars/bkk06.yaml b/host_vars/bkk06.yaml index c6ef68c..84f1e1c 100644 --- a/host_vars/bkk06.yaml +++ b/host_vars/bkk06.yaml @@ -1409,3 +1409,73 @@ lxc_nodes: - from_port: "{{ hostvars['kppl26']['default_p2p_port_wss'] }}" to_host: "{{ hostvars['kppl26']['container_ip'] }}:{{ hostvars['kppl26']['default_p2p_port_wss'] }}" protocol: "tcp" + - host: "pppl26" + proxmox_config: + vmid: "846" + hostname: "{{ hostvars['pppl26']['host_name'] }}" + ostemplate: "local:vztmpl/{{ default_container_template }}" + netif: "{{ hostvars['pppl26']['netif'] }}" + cores: 4 + memory: 16384 + swap: 8192 + password: "{{ default_password }}" + disk: "{{ default_storage }}:20" + mounts: '{"mp0":"{{ default_storage }}:100,mp={{ hostvars["pppl26"]["default_database_path"] }}"}' + onboot: True + unprivileged: True + validate_certs: False + description: "{{ hostvars['pppl26']['default_network'] }} {{ hostvars['pppl26']['default_node_type'] }}: {{ hostvars['pppl26']['host_name'] }}" + state: present + features: + - nesting=1 + port_forwards: + - from_port: "{{ hostvars['pppl26']['ansible_port'] }}" + to_host: "{{ hostvars['pppl26']['container_ip'] }}:22" + protocol: "tcp" + - from_port: "{{ hostvars['pppl26']['zabbix_ext_port'] }}" + to_host: "{{ hostvars['monitor']['container_ip'] }}:10050" + protocol: "tcp" + - from_port: "{{ hostvars['pppl26']['default_p2p_port'] }}" + to_host: "{{ hostvars['pppl26']['container_ip'] }}:{{ hostvars['pppl26']['default_p2p_port'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['pppl26']['default_p2p_port_ws'] }}" + to_host: "{{ hostvars['pppl26']['container_ip'] }}:{{ hostvars['pppl26']['default_p2p_port_ws'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['pppl26']['default_p2p_port_wss'] }}" + to_host: "{{ hostvars['pppl26']['container_ip'] }}:{{ hostvars['pppl26']['default_p2p_port_wss'] }}" + protocol: "tcp" + - host: "psobh26" + proxmox_config: + vmid: "846" + hostname: "{{ hostvars['psobh26']['host_name'] }}" + ostemplate: "local:vztmpl/{{ default_container_template }}" + netif: "{{ hostvars['psobh26']['netif'] }}" + cores: 4 + memory: 16384 + swap: 8192 + password: "{{ default_password }}" + disk: "{{ default_storage }}:20" + mounts: '{"mp0":"{{ default_storage }}:100,mp={{ hostvars["psobh26"]["default_database_path"] }}"}' + onboot: True + unprivileged: True + validate_certs: False + description: "{{ hostvars['psobh26']['default_network'] }} {{ hostvars['psobh26']['default_node_type'] }}: {{ hostvars['psobh26']['host_name'] }}" + state: present + features: + - nesting=1 + port_forwards: + - from_port: "{{ hostvars['psobh26']['ansible_port'] }}" + to_host: "{{ hostvars['psobh26']['container_ip'] }}:22" + protocol: "tcp" + - from_port: "{{ hostvars['psobh26']['zabbix_ext_port'] }}" + to_host: "{{ hostvars['monitor']['container_ip'] }}:10050" + protocol: "tcp" + - from_port: "{{ hostvars['psobh26']['default_p2p_port'] }}" + to_host: "{{ hostvars['psobh26']['container_ip'] }}:{{ hostvars['psobh26']['default_p2p_port'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['psobh26']['default_p2p_port_ws'] }}" + to_host: "{{ hostvars['psobh26']['container_ip'] }}:{{ hostvars['psobh26']['default_p2p_port_ws'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['psobh26']['default_p2p_port_wss'] }}" + to_host: "{{ hostvars['psobh26']['container_ip'] }}:{{ hostvars['psobh26']['default_p2p_port_wss'] }}" + protocol: "tcp" diff --git a/host_vars/bkk07.yaml b/host_vars/bkk07.yaml index bbe2b7d..4e29f0a 100644 --- a/host_vars/bkk07.yaml +++ b/host_vars/bkk07.yaml @@ -340,3 +340,73 @@ lxc_nodes: - from_port: "{{ hostvars['mint27']['default_p2p_port_wss'] }}" to_host: "{{ hostvars['mint27']['container_ip'] }}:{{ hostvars['mint27']['default_p2p_port_wss'] }}" protocol: "tcp" + - host: "pppl27" + proxmox_config: + vmid: "847" + hostname: "{{ hostvars['pppl27']['host_name'] }}" + ostemplate: "local:vztmpl/{{ default_container_template }}" + netif: "{{ hostvars['pppl27']['netif'] }}" + cores: 4 + memory: 16384 + swap: 8192 + password: "{{ default_password }}" + disk: "{{ default_storage }}:20" + mounts: '{"mp0":"{{ default_storage }}:100,mp={{ hostvars["pppl27"]["default_database_path"] }}"}' + onboot: True + unprivileged: True + validate_certs: False + description: "{{ hostvars['pppl27']['default_network'] }} {{ hostvars['pppl27']['default_node_type'] }}: {{ hostvars['pppl27']['host_name'] }}" + state: present + features: + - nesting=1 + port_forwards: + - from_port: "{{ hostvars['pppl27']['ansible_port'] }}" + to_host: "{{ hostvars['pppl27']['container_ip'] }}:22" + protocol: "tcp" + - from_port: "{{ hostvars['pppl27']['zabbix_ext_port'] }}" + to_host: "{{ hostvars['monitor']['container_ip'] }}:10050" + protocol: "tcp" + - from_port: "{{ hostvars['pppl27']['default_p2p_port'] }}" + to_host: "{{ hostvars['pppl27']['container_ip'] }}:{{ hostvars['pppl27']['default_p2p_port'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['pppl27']['default_p2p_port_ws'] }}" + to_host: "{{ hostvars['pppl27']['container_ip'] }}:{{ hostvars['pppl27']['default_p2p_port_ws'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['pppl27']['default_p2p_port_wss'] }}" + to_host: "{{ hostvars['pppl27']['container_ip'] }}:{{ hostvars['pppl27']['default_p2p_port_wss'] }}" + protocol: "tcp" + - host: "psobh27" + proxmox_config: + vmid: "847" + hostname: "{{ hostvars['psobh27']['host_name'] }}" + ostemplate: "local:vztmpl/{{ default_container_template }}" + netif: "{{ hostvars['psobh27']['netif'] }}" + cores: 4 + memory: 16384 + swap: 8192 + password: "{{ default_password }}" + disk: "{{ default_storage }}:20" + mounts: '{"mp0":"{{ default_storage }}:100,mp={{ hostvars["psobh27"]["default_database_path"] }}"}' + onboot: True + unprivileged: True + validate_certs: False + description: "{{ hostvars['psobh27']['default_network'] }} {{ hostvars['psobh27']['default_node_type'] }}: {{ hostvars['psobh27']['host_name'] }}" + state: present + features: + - nesting=1 + port_forwards: + - from_port: "{{ hostvars['psobh27']['ansible_port'] }}" + to_host: "{{ hostvars['psobh27']['container_ip'] }}:22" + protocol: "tcp" + - from_port: "{{ hostvars['psobh27']['zabbix_ext_port'] }}" + to_host: "{{ hostvars['monitor']['container_ip'] }}:10050" + protocol: "tcp" + - from_port: "{{ hostvars['psobh27']['default_p2p_port'] }}" + to_host: "{{ hostvars['psobh27']['container_ip'] }}:{{ hostvars['psobh27']['default_p2p_port'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['psobh27']['default_p2p_port_ws'] }}" + to_host: "{{ hostvars['psobh27']['container_ip'] }}:{{ hostvars['psobh27']['default_p2p_port_ws'] }}" + protocol: "tcp" + - from_port: "{{ hostvars['psobh27']['default_p2p_port_wss'] }}" + to_host: "{{ hostvars['psobh27']['container_ip'] }}:{{ hostvars['psobh27']['default_p2p_port_wss'] }}" + protocol: "tcp" diff --git a/host_vars/ksm24.yaml b/host_vars/ksm24.yaml index 2020a5f..cea080f 100644 --- a/host_vars/ksm24.yaml +++ b/host_vars/ksm24.yaml @@ -10,9 +10,6 @@ pinned_service: False default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}" default_public_dns: "{{ host_name }}" -default_public_dns_lb: "kusama.rotko.net" -default_public_dns_ibp: "rpc.ibp.network" -default_public_dns_dotters: "rpc.dotters.network" default_ibp_repository: "git@github.com:GATOTECH-LTD/ibp-ssl" default_dotters_repository: "git@github.com:senseless/dotters-ssl" default_network: kusama diff --git a/host_vars/pppl26.yaml b/host_vars/pppl26.yaml new file mode 100644 index 0000000..a345128 --- /dev/null +++ b/host_vars/pppl26.yaml @@ -0,0 +1,26 @@ +--- +ansible_host: "160.22.181.181" +container_ip: "192.168.76.18" # people polkadot 18 +ansible_port: "2846" +host_name: "pppl26.rotko.net" +host_timezone: "Asia/Bangkok" +netif: '{"net0":"name=eth0,gw={{ default_nat_network_forward_cidr.split("/")[0] }},ip={{ default_host_ip }}/16,bridge={{ default_nat_device }}"}' +role: "cumulus" +pinned_service: True + +default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}" +default_public_dns: "{{ host_name }}" +default_network: "people-polkadot" +default_chain_spec: "{{ default_base_path }}/people-polkadot.json" +default_chain_spec_dl_url: "https://raw.githubusercontent.com/paritytech/polkadot-sdk/master/cumulus/parachains/chain-specs/people-polkadot.json" +default_relay_rpc: "ws://{{ hostvars['dot26']['container_ip'] }}:{{ hostvars['dot26']['default_rpc_port'] }}" +default_relay_rpc_fallback: "ws://{{ hostvars['dot24']['container_ip'] }}:{{ hostvars['dot24']['default_rpc_port'] }}" +default_database: "paritydb" +default_node_type: "endpoint" +default_p2p_port: 33846 +default_p2p_port_ws: 34846 +default_p2p_port_wss: 35846 +default_rpc_port: 9846 +default_secure_rpc_port: 42846 +default_prom_port: 7846 +zabbix_ext_port: 10846 diff --git a/host_vars/pppl27.yaml b/host_vars/pppl27.yaml new file mode 100644 index 0000000..806f7f1 --- /dev/null +++ b/host_vars/pppl27.yaml @@ -0,0 +1,26 @@ +--- +ansible_host: "160.22.181.181" +container_ip: "192.168.77.18" # people polkadot 28 +ansible_port: "2847" +host_name: "pppl27.rotko.net" +host_timezone: "Asia/Bangkok" +netif: '{"net0":"name=eth0,gw={{ default_nat_network_forward_cidr.split("/")[0] }},ip={{ default_host_ip }}/16,bridge={{ default_nat_device }}"}' +role: "cumulus" +pinned_service: True + +default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}" +default_public_dns: "{{ host_name }}" +default_network: "people-polkadot" +default_chain_spec: "{{ default_base_path }}/people-polkadot.json" +default_chain_spec_dl_url: "https://raw.githubusercontent.com/paritytech/polkadot-sdk/master/cumulus/parachains/chain-specs/people-polkadot.json" +default_relay_rpc: "ws://{{ hostvars['dot26']['container_ip'] }}:{{ hostvars['dot26']['default_rpc_port'] }}" +default_relay_rpc_fallback: "ws://{{ hostvars['dot24']['container_ip'] }}:{{ hostvars['dot24']['default_rpc_port'] }}" +default_database: "paritydb" +default_node_type: "endpoint" +default_p2p_port: 33847 +default_p2p_port_ws: 34847 +default_p2p_port_wss: 35847 +default_rpc_port: 9847 +default_secure_rpc_port: 42847 +default_prom_port: 7847 +zabbix_ext_port: 10847 diff --git a/host_vars/psobh26.yaml b/host_vars/psobh26.yaml new file mode 100644 index 0000000..934edab --- /dev/null +++ b/host_vars/psobh26.yaml @@ -0,0 +1,27 @@ +--- +ansible_host: "160.22.181.181" +container_ip: "192.168.76.66" +ansible_port: "2625" +host_name: "pbr26.rotko.net" +host_timezone: "Asia/Bangkok" +netif: '{"net0":"name=eth0,gw={{ default_nat_network_forward_cidr.split("/")[0] }},ip={{ default_host_ip }}/16,bridge={{ default_nat_device }}"}' +role: "cumulus" +pinned_service: True + +default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}" +default_public_dns: "{{ host_name }}" +default_network: "bridge-hub-polkadot" +default_chain_spec: "{{ default_base_path }}/bridge-hub-paseo.raw.json" +default_chain_spec_dl_url: "https://raw.githubusercontent.com/paseo-network/runtimes/main/chain-specs/bridge-hub-paseo.raw.json" +default_relay_rpc: "ws://{{ hostvars['dot26']['container_ip'] }}:{{ hostvars['dot26']['default_rpc_port'] }}" +default_relay_rpc_fallback: "ws://{{ hostvars['dot23']['container_ip'] }}:{{ hostvars['dot23']['default_rpc_port'] }}" +default_database: rocksdb +default_node_type: "endpoint" +default_p2p_port: 33925 +default_p2p_port_ws: 34925 +default_p2p_port_wss: 35925 +default_rpc_port: 9925 +default_secure_rpc_port: 42925 +default_prom_port: 7925 +zabbix_ext_port: 10925 + diff --git a/host_vars/psobh27.yaml b/host_vars/psobh27.yaml new file mode 100644 index 0000000..b0223e2 --- /dev/null +++ b/host_vars/psobh27.yaml @@ -0,0 +1,27 @@ +--- +ansible_host: "160.22.181.181" +container_ip: "192.168.77.66" +ansible_port: "2925" +host_name: "psobh26.rotko.net" +host_timezone: "Asia/Bangkok" +netif: '{"net0":"name=eth0,gw={{ default_nat_network_forward_cidr.split("/")[0] }},ip={{ default_host_ip }}/16,bridge={{ default_nat_device }}"}' +role: "cumulus" +pinned_service: True + +default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}" +default_public_dns: "{{ host_name }}" +default_network: "bridge-hub-polkadot" +default_chain_spec: "{{ default_base_path }}/bridge-hub-paseo.raw.json" +default_chain_spec_dl_url: "https://raw.githubusercontent.com/paseo-network/runtimes/main/chain-specs/bridge-hub-paseo.raw.json" +default_relay_rpc: "ws://{{ hostvars['dot26']['container_ip'] }}:{{ hostvars['dot26']['default_rpc_port'] }}" +default_relay_rpc_fallback: "ws://{{ hostvars['dot23']['container_ip'] }}:{{ hostvars['dot23']['default_rpc_port'] }}" +default_database: rocksdb +default_node_type: "endpoint" +default_p2p_port: 33925 +default_p2p_port_ws: 34925 +default_p2p_port_wss: 35925 +default_rpc_port: 9925 +default_secure_rpc_port: 42925 +default_prom_port: 7925 +zabbix_ext_port: 10925 + diff --git a/host_vars/wbr13.yaml b/host_vars/wbr13.yaml index 494b3ac..2a7845d 100644 --- a/host_vars/wbr13.yaml +++ b/host_vars/wbr13.yaml @@ -13,11 +13,10 @@ default_public_dns: "{{ host_name }}" default_network: "bridge-hub-westend" default_relay_rpc: "ws://{{ hostvars['wnd26']['container_ip'] }}:{{ hostvars['wnd26']['default_rpc_port'] }}" default_relay_rpc_fallback: "ws://{{ hostvars['wnd23']['container_ip'] }}:{{ hostvars['wnd23']['default_rpc_port'] }}" -default_database: paritydb +default_database: rocksdb +default_syncmode: fast-unsafe default_node_type: "bootnode" default_pruning: 256 -default_syncmode: warp -# default_syncmode: warp default_p2p_port: 33563 default_p2p_port_ws: 34563 default_p2p_port_wss: 35563 diff --git a/host_vars/wch13.yaml b/host_vars/wch13.yaml index e7e0035..e63e63d 100644 --- a/host_vars/wch13.yaml +++ b/host_vars/wch13.yaml @@ -13,11 +13,10 @@ default_public_dns: "{{ host_name }}" default_network: "collectives-westend" default_relay_rpc: "ws://{{ hostvars['wnd26']['container_ip'] }}:{{ hostvars['wnd26']['default_rpc_port'] }}" default_relay_rpc_fallback: "ws://{{ hostvars['wnd23']['container_ip'] }}:{{ hostvars['wnd23']['default_rpc_port'] }}" -default_database: paritydb +default_database: rocksdb +default_syncmode: fast-unsafe default_node_type: "bootnode" default_pruning: 256 -default_syncmode: warp -# default_syncmode: warp default_p2p_port: 33593 default_p2p_port_ws: 34593 default_p2p_port_wss: 35593 diff --git a/host_vars/wmint14.yaml b/host_vars/wmint14.yaml index dcdb28c..59c282e 100644 --- a/host_vars/wmint14.yaml +++ b/host_vars/wmint14.yaml @@ -13,10 +13,10 @@ default_public_dns: "{{ host_name }}" default_network: "asset-hub-westend" default_relay_rpc: "ws://{{ hostvars['wnd26']['container_ip'] }}:{{ hostvars['wnd26']['default_rpc_port'] }}" default_relay_rpc_fallback: "ws://{{ hostvars['wnd23']['container_ip'] }}:{{ hostvars['wnd23']['default_rpc_port'] }}" -default_database: paritydb +default_database: rocksdb +default_syncmode: fast-unsafe default_node_type: "bootnode" default_pruning: 256 -default_syncmode: warp # default_syncmode: warp default_p2p_port: 33534 default_p2p_port_ws: 34534 diff --git a/host_vars/wnd26.yaml b/host_vars/wnd26.yaml index a4db15c..8babf98 100644 --- a/host_vars/wnd26.yaml +++ b/host_vars/wnd26.yaml @@ -10,9 +10,6 @@ pinned_service: True default_telemetry_name: "Rotko Networks - {{ host_name.split('.')[0] }} {{ default_node_type | capitalize }}" default_public_dns: "{{ host_name }}" -default_public_dns_lb: "westend.rotko.net" -default_public_dns_ibp: "rpc.ibp.network" -default_public_dns_dotters: "rpc.dotters.network" default_ibp_repository: "git@github.com:GATOTECH-LTD/ibp-ssl" default_dotters_repository: "git@github.com:senseless/dotters-ssl" default_network: "westend" diff --git a/inventory b/inventory index e10f430..3d99eee 100644 --- a/inventory +++ b/inventory @@ -67,17 +67,21 @@ wglu16 pmint16 wcore26 kcore26 +pppl26 kppl26 wppl26 wglu26 pmint26 wcore27 kcore27 +pppl27 kppl27 wppl27 wglu27 pmint27 mint27 +psobh26 +psobh27 [encointer] enc14 diff --git a/roles/setup_install_cumulus/handlers/main.yaml b/roles/setup_install_cumulus/handlers/main.yaml index f79f7fc..ed3f01f 100644 --- a/roles/setup_install_cumulus/handlers/main.yaml +++ b/roles/setup_install_cumulus/handlers/main.yaml @@ -12,7 +12,7 @@ - name: Symlink Cumulus release ansible.builtin.file: - src: "{{ default_base_path }}/cumulus-v{{ default_client_version }}" + src: "{{ default_base_path }}/{{ default_client_version }}" dest: "{{ default_base_path }}/cumulus" force: True state: link @@ -21,7 +21,7 @@ - name: Symlink binary executable ansible.builtin.file: - src: "{{ default_base_path }}/cumulus-v{{ default_client_version }}" + src: "{{ default_base_path }}/{{ default_client_version }}" dest: "/usr/local/bin/cumulus" force: True state: link diff --git a/roles/setup_install_cumulus/tasks/main.yaml b/roles/setup_install_cumulus/tasks/main.yaml index 3f178e5..740bebb 100644 --- a/roles/setup_install_cumulus/tasks/main.yaml +++ b/roles/setup_install_cumulus/tasks/main.yaml @@ -61,10 +61,10 @@ - name: Flush handlers after service copy ansible.builtin.meta: flush_handlers -- name: Install Cumulus v{{ default_client_version }} +- name: Install Cumulus - {{ default_client_version }} ansible.builtin.get_url: url: "{{ default_download_url }}" - dest: "{{ default_base_path }}/cumulus-v{{ default_client_version }}" + dest: "{{ default_base_path }}/{{ default_client_version }}" mode: "u+r+x" owner: "{{ default_user }}" group: "{{ default_user }}" diff --git a/roles/setup_install_cumulus/templates/cumulus_bootnode.service.j2 b/roles/setup_install_cumulus/templates/cumulus_bootnode.service.j2 index 35dabf3..74f6085 100644 --- a/roles/setup_install_cumulus/templates/cumulus_bootnode.service.j2 +++ b/roles/setup_install_cumulus/templates/cumulus_bootnode.service.j2 @@ -11,7 +11,9 @@ ExecStart={{ default_base_path }}/cumulus \ --chain {% if needs_custom_chain_spec %}{{ default_chain_spec }}{% else %}{{ default_network }}{% endif %} \ --base-path {{ default_base_path }} \ --database {{ default_database }} \ + --sync {{ default_syncmode | default('fast-unsafe') }} \ --state-pruning 256 \ + --blocks-pruning 1000 \ --log sync=warn,afg=warn,babe=warn \ --telemetry-url 'wss://telemetry-backend.w3f.community/submit 1' \ --telemetry-url 'wss://telemetry.polkadot.io/submit/ 1' \ @@ -27,7 +29,6 @@ ExecStart={{ default_base_path }}/cumulus \ --prometheus-external \ --relay-chain-rpc-urls {{ default_relay_rpc }} {{ default_relay_rpc_fallback }} \ --wasm-execution Compiled \ - --sync {{ default_syncmode | default('fast-unsafe') }} \ --no-hardware-benchmarks \ --rpc-external \ --rpc-methods safe \ diff --git a/roles/setup_install_hydradx/tasks/main.yaml b/roles/setup_install_hydradx/tasks/main.yaml index 7a8d41a..0663c08 100644 --- a/roles/setup_install_hydradx/tasks/main.yaml +++ b/roles/setup_install_hydradx/tasks/main.yaml @@ -74,12 +74,6 @@ - name: Flush handlers after HydraDX install ansible.builtin.meta: flush_handlers -- name: Verify HydraDX version - ansible.builtin.command: "{{ default_base_path }}/hydradx --version" - register: default_client_version_result - changed_when: False - failed_when: "default_client_version not in default_client_version_result.stdout" - - name: Ensure HydraDX service is running ansible.builtin.systemd: name: hydradx diff --git a/roles/setup_install_nginx/defaults/main.yaml b/roles/setup_install_nginx/defaults/main.yaml index b8a225b..36da532 100644 --- a/roles/setup_install_nginx/defaults/main.yaml +++ b/roles/setup_install_nginx/defaults/main.yaml @@ -3,3 +3,18 @@ default_certificate_email: hq@rotko.net default_public_dns: "{{ host_name }}" porkbun_api_key: "pk1_xxx" porkbun_secret_key: "sk1_xxx" + +# Additional default variables +certbot_porkbun_plugin: certbot_dns_porkbun +nginx_config_dirs: + - sites-available + - sites-enabled +psk_file_path: /etc/nginx/psk.txt +nginx_site_config: "/etc/nginx/sites-available/{{ default_public_dns }}" + +# Package list +packages: + - nginx + - python3-certbot-nginx + - certbot + - python3-pip diff --git a/roles/setup_install_nginx/tasks/main.yaml b/roles/setup_install_nginx/tasks/main.yaml index 9793e02..3bd5dfd 100644 --- a/roles/setup_install_nginx/tasks/main.yaml +++ b/roles/setup_install_nginx/tasks/main.yaml @@ -1,46 +1,57 @@ --- - name: Install necessary packages ansible.builtin.package: - name: "{{ item }}" + name: "{{ packages }}" state: present - loop: - - nginx - - python3-certbot-nginx - - certbot - - python3-pip register: packages_installed - name: Check certbot plugins ansible.builtin.command: cmd: certbot plugins register: certbot_plugins_output - failed_when: False - changed_when: False + changed_when: false + check_mode: false -- name: Install certbot_dns_porkbun plugin if absent +- name: Install Cloudflare DNS plugin for Certbot ansible.builtin.pip: - name: certbot_dns_porkbun + name: "{{ certbot_cloudflare_plugin }}" state: present - extra_args: --break-system-packages - when: "'dns-porkbun' not in certbot_plugins_output.stdout" + when: "'dns-cloudflare' not in certbot_plugins_output.stdout" + +- name: Ensure Cloudflare credentials directory exists + ansible.builtin.file: + path: "{{ cloudflare_creds_path | dirname }}" + state: directory + mode: '0700' + owner: root + group: root + +- name: Create Cloudflare credentials file + ansible.builtin.copy: + content: | + dns_cloudflare_email = {{ cloudflare_email }} + dns_cloudflare_api_key = {{ cloudflare_api_key }} + dest: "{{ cloudflare_creds_path }}" + mode: '0600' + owner: root + group: root + no_log: true - name: Obtain certificate using DNS-01 challenge ansible.builtin.command: cmd: > - certbot certonly --non-interactive --agree-tos --email "{{ default_certificate_email }}" - --preferred-challenges dns --authenticator dns-porkbun - --dns-porkbun-key "{{ porkbun_api_key }}" - --dns-porkbun-secret "{{ porkbun_secret_key }}" - --dns-porkbun-propagation-seconds 60 + certbot certonly + --non-interactive + --agree-tos + --email "{{ default_certificate_email }}" + --preferred-challenges dns + --authenticator dns-cloudflare + --dns-cloudflare-credentials {{ cloudflare_creds_path }} + --dns-cloudflare-propagation-seconds 60 -d "{{ default_public_dns }}" register: certbot_result changed_when: "'Congratulations' in certbot_result.stdout" - no_log: False - -- name: Reload nginx service - ansible.builtin.service: - name: nginx - state: reloaded + no_log: true - name: Set up Certbot DNS auto-renewal cron job ansible.builtin.cron: @@ -54,61 +65,35 @@ path: "/etc/nginx/{{ item }}" state: directory mode: '0755' - loop: - - sites-available - - sites-enabled - -- name: Check if PSK already exists - ansible.builtin.stat: - path: "/etc/nginx/psk.txt" - register: psk_stat - no_log: True + loop: "{{ nginx_config_dirs }}" - name: Generate Pre-Shared Key (PSK) if not existing - ansible.builtin.command: - cmd: openssl rand -base64 32 + ansible.builtin.shell: + cmd: | + if [ ! -f {{ psk_file_path }} ]; then + openssl rand -base64 32 > {{ psk_file_path }} + chmod 600 {{ psk_file_path }} + fi + cat {{ psk_file_path }} register: psk_output - changed_when: False - when: not psk_stat.stat.exists - no_log: True + changed_when: false + no_log: true -- name: Store PSK in a fact if newly generated +- name: Store PSK in a fact ansible.builtin.set_fact: default_nginx_psk: "{{ psk_output.stdout }}" - when: not psk_stat.stat.exists - no_log: True - -# TODO: use vault instead of txt files -- name: Store PSK in a secure file if newly generated - ansible.builtin.copy: - content: "{{ default_nginx_psk }}" - dest: "/etc/nginx/psk.txt" - mode: '0600' - no_log: True - when: not psk_stat.stat.exists - -- name: Get PSK from file - ansible.builtin.slurp: - src: "/etc/nginx/psk.txt" - register: psk_slurp - no_log: True - when: psk_stat.stat.exists - -- name: Store existing PSK in a fact - ansible.builtin.set_fact: - default_nginx_psk: "{{ psk_slurp.content | b64decode }}" - when: psk_stat.stat.exists - no_log: True + no_log: true - name: Apply HTTPS configuration to NGINX ansible.builtin.template: - src: https-{{ default_node_type }}.j2 - dest: "/etc/nginx/sites-available/{{ default_public_dns }}" - mode: '0755' + src: "https-{{ default_node_type }}.j2" + dest: "{{ nginx_site_config }}" + mode: '0644' + notify: Reload nginx - name: Enable HTTPS configuration for NGINX ansible.builtin.file: - src: "/etc/nginx/sites-available/{{ default_public_dns }}" + src: "{{ nginx_site_config }}" dest: "/etc/nginx/sites-enabled/{{ default_public_dns }}" state: link notify: Reload nginx diff --git a/roles/setup_install_polkadot/handlers/main.yaml b/roles/setup_install_polkadot/handlers/main.yaml index 872451e..4b5fd2c 100644 --- a/roles/setup_install_polkadot/handlers/main.yaml +++ b/roles/setup_install_polkadot/handlers/main.yaml @@ -1,7 +1,7 @@ --- - name: Symlink Polkadot release ansible.builtin.file: - src: "{{ default_base_path }}/polkadot-v{{ default_client_version }}" + src: "{{ default_base_path }}/{{ default_client_version }}" dest: "{{ default_base_path }}/polkadot" force: True state: link @@ -10,7 +10,7 @@ - name: Symlink binary executable ansible.builtin.file: - src: "{{ default_base_path }}/polkadot-v{{ default_client_version }}" + src: "{{ default_base_path }}/{{ default_client_version }}" dest: "/usr/local/bin/polkadot" force: True state: link diff --git a/roles/setup_install_polkadot/tasks/main.yaml b/roles/setup_install_polkadot/tasks/main.yaml index 658dc85..30734b8 100644 --- a/roles/setup_install_polkadot/tasks/main.yaml +++ b/roles/setup_install_polkadot/tasks/main.yaml @@ -85,7 +85,7 @@ - name: Install Polkadot v{{ default_client_version }} ansible.builtin.get_url: url: "{{ default_download_url }}" - dest: "{{ default_base_path }}/polkadot-v{{ default_client_version }}" + dest: "{{ default_base_path }}/{{ default_client_version }}" mode: "u+r+x" owner: "{{ default_user }}" group: "{{ default_user }}" @@ -107,12 +107,6 @@ ansible.builtin.meta: flush_handlers when: download_result.changed -- name: Verify Polkadot version - ansible.builtin.command: "{{ default_base_path }}/polkadot --version" - register: default_client_version_result - changed_when: False - failed_when: "default_client_version not in default_client_version_result.stdout" - - name: Ensure Polkadot service is running ansible.builtin.systemd: name: polkadot