Skip to content

ci: add ansible deploy scripts and gh action #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
helder-moreira wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

ci: add ansible deploy scripts and gh action #18

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions .github/actions/ansible/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
FROM lexauw/ansible-alpine

WORKDIR /github/workspace
RUN apk add rsync

COPY entrypoint.sh /usr/local/bin/entrypoint
ENTRYPOINT [ "entrypoint" ]
29 changes: 29 additions & 0 deletions .github/actions/ansible/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Ansible
description: Ansible
inputs:
ssh_key_b64:
description: SSH private key to be used by ansible to access remote hosts (in base64)
required: true
playbook:
description: Playbook to run
required: true
inventory:
description: Inventory
required: true
inventory_script:
description: Whether inventory is a script
required: false
default: "false"
extra_vars:
description: Extra variables
required: false
wait:
description: Seconds to wait before starting
required: false
default: "0"
vault_password:
description: Password for ansible-vault
required: false
runs:
using: docker
image: 'Dockerfile'
21 changes: 21 additions & 0 deletions .github/actions/ansible/entrypoint.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
#!/bin/sh

mkdir -p ~/.ssh && echo $INPUT_SSH_KEY_B64 | base64 -d > ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa

if [ "$INPUT_INVENTORY_SCRIPT" == "true" ]
then
chmod +x $INPUT_INVENTORY;
fi

if [ -n "$INPUT_VAULT_PASSWORD" ]; then
echo $INPUT_VAULT_PASSWORD > /tmp/vault-passwd
export ANSIBLE_VAULT_PASSWORD_FILE=/tmp/vault-passwd
fi

sleep $INPUT_WAIT
ANSIBLE_HOST_KEY_CHECKING=False \
ansible-playbook \
-i $INPUT_INVENTORY \
$INPUT_PLAYBOOK \
-e "$INPUT_EXTRA_VARS" \
--key-file ~/.ssh/id_rsa
20 changes: 20 additions & 0 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
on:
push:
branches:
- master

jobs:
deploy:
name: apply ansible scripts
runs-on: ubuntu-latest
steps:
- name: checkout repository
uses: actions/checkout@v2

- name: apply ansible
uses: ./.github/actions/ansible
with:
ssh_key_b64: ${{ secrets.SSH_KEY_B64 }}
playbook: ansible/playbook.yml
inventory: ansible/inventory.ini
extra_vars: reset=false
5 changes: 5 additions & 0 deletions ansible/inventory.ini
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
[validators]
3.235.19.123
34.234.208.18
3.231.205.70
3.216.27.122
22 changes: 22 additions & 0 deletions ansible/playbook.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
- hosts: validators
become: yes
remote_user: ubuntu
vars:
dex_version: master
reset: false
chain_id: uex-testnet
denom: asset
key_password: supersecret
roles:
- common
- validator

- hosts: validators[0]
become: yes
remote_user: ubuntu
vars:
domain_name: dex.hopto.org
letsencrypt_email: helder@tendermint.com
roles:
- webapp
36 changes: 36 additions & 0 deletions ansible/roles/common/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
---
- name: add the dex user
user:
name: dex
shell: /bin/bash

- name: install required tools
apt:
update_cache: yes
pkg:
- software-properties-common
- make
- jq
- build-essential
- moreutils

- name: add golang ppa
apt_repository:
repo: ppa:longsleep/golang-backports

- name: install golang
apt:
name: golang-go
update_cache: yes

- name: set GOPATH
lineinfile:
dest: /etc/bash.bashrc
state: present
line: "export GOPATH=$HOME/go"

- name: add GOPATH/bin PATH
lineinfile:
dest: /etc/bash.bashrc
state: present
line: "export PATH=$GOPATH/bin:$PATH"
183 changes: 183 additions & 0 deletions ansible/roles/validator/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,183 @@
---
- name: clone dex-demo repo
git:
repo: https://github.com/tendermint/dex-demo
dest: /usr/local/src/dex-demo
version: "{{ dex_version }}"

- name: install dexd and dexcli
become_user: dex
make:
chdir: /usr/local/src/dex-demo
target: install

- name: install dexd service
template:
src: templates/dexd.service.j2
dest: /etc/systemd/system/dexd.service
owner: root
group: root
mode: 0644

- name: install dexcli rest server service
template:
src: templates/dexcli.service.j2
dest: /etc/systemd/system/dexcli.service
owner: root
group: root
mode: 0644

- name: stop dexd service
systemd:
name: dexd
state: stopped

- name: stop dexcli service
systemd:
name: dexcli
state: stopped

- name: reset node and genesis
when: reset | bool == true
become_user: dex
shell: |
~/go/bin/dexd unsafe-reset-all
rm -rf ~/.dex*

- name: config dexcli
become_user: dex
shell: |
~/go/bin/dexcli config chain-id {{ chain_id }}
~/go/bin/dexcli config output json
~/go/bin/dexcli config indent true
~/go/bin/dexcli config trust-node true

- name: check if genesis exist
become_user: dex
stat:
path: ~/.dexd/config/genesis.json
register: genesis

- name: initialize node
when: genesis.stat.exists == false
become_user: dex
args:
executable: /bin/bash
shell: ~/go/bin/dexd init {{ ansible_hostname }} --chain-id {{ chain_id }}

- name: get genesis time
run_once: true
become_user: dex
args:
chdir: ~/.dexd/config
shell: jq -r .genesis_time genesis.json
register: genesis_time

- name: synchronize genesis time and chain id
become_user: dex
args:
chdir: ~/.dexd/config
shell: |
jq -r '.genesis_time="{{ genesis_time.stdout }}"' genesis.json | sponge genesis.json
jq -r '.chain_id="{{ chain_id }}"' genesis.json | sponge genesis.json

- name: check if key exists
become_user: dex
stat:
path: ~/.dexcli/keys
register: keyring

- name: create key
when: keyring.stat.exists == false
become_user: dex
no_log: true
args:
executable: /bin/bash
shell: 'echo -e "{{ key_password }}\n{{ key_password }}" | ~/go/bin/dexcli keys add {{ ansible_hostname }} 2> ~/secret'

- name: get node id
become_user: dex
args:
executable: /bin/bash
shell: ~/go/bin/dexd tendermint show-node-id
register: node_id

- name: set persistent peers list
become_user: dex
args:
executable: /bin/bash
chdir: ~/.dexd/config
shell: |
IFS=',' read -r -a IDS <<< "{{ groups['validators'] | reject('equalto', inventory_hostname) | map('extract', hostvars, ['node_id', 'stdout']) | join(",") }}"
IFS=',' read -r -a IPS <<< "{{ groups['validators'] | reject('equalto', inventory_hostname) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | join(",") }}"
for idx in "${!IDS[@]}"
do
peers="$peers,${IDS[index]}@${IPS[index]}:26656";
done
sed -i "s/persistent_peers =.*/persistent_peers = \"${peers:1}\"/g" config.toml

- name: get key address
become_user: dex
args:
executable: /bin/bash
shell: ~/go/bin/dexcli keys show {{ ansible_hostname }} -a
register: key_address

- name: adding keys to genesis
become_user: dex
with_items: "{{ groups['validators'] | map('extract', hostvars, ['key_address', 'stdout']) | list }}"
args:
executable: /bin/bash
chdir: ~/.dexd/config
shell: ~/go/bin/dexd add-genesis-account {{ item }} 40000000000000000000000000stake,40000000000000000000000000{{ denom }} || true

- name: (re)generate gentx
become_user: dex
args:
executable: /bin/bash
warn: no
shell: |
rm -rf ~/.dexd/config/gentx
echo '{{ key_password }}' | ~/go/bin/dexd gentx --name {{ ansible_hostname }}

- name: grab gentx file
become_user: dex
synchronize:
src: /home/dex/.dexd/config/gentx
dest: /tmp
mode: pull

- name: add all gentxs
become_user: dex
synchronize:
src: /tmp/gentx
dest: /home/dex/.dexd/config
mode: push
owner: no
group: no

- name: remove temporary gentx files
become: no
local_action: command rm -rf /tmp/gentx
args:
warn: no

- name: collect all gentxs
become_user: dex
args:
executable: /bin/bash
shell: ~/go/bin/dexd collect-gentxs

- name: start the dexd service
systemd:
name: dexd
daemon_reload: yes
state: restarted
enabled: True

- name: start the dexcli rest server service
systemd:
name: dexcli
daemon_reload: yes
state: restarted
enabled: True
13 changes: 13 additions & 0 deletions ansible/roles/validator/templates/dexcli.service.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
[Unit]
Description=dexcli
Requires=network-online.target
After=network-online.target

[Service]
User=dex
Group=dex
ExecStart=/home/dex/go/bin/dexcli rest-server --trust-node true
Restart=on-failure

[Install]
WantedBy=multi-user.target
13 changes: 13 additions & 0 deletions ansible/roles/validator/templates/dexd.service.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
[Unit]
Description=dexd
Requires=network-online.target
After=network-online.target

[Service]
User=dex
Group=dex
ExecStart=/home/dex/go/bin/dexd start --pruning=nothing
Restart=on-failure

[Install]
WantedBy=multi-user.target
Loading