ci: deploy batcher with ansible (#1384)

Co-authored-by: Klaus Lungwitz <[email protected]>

Author: JuArce

.gitignore

@@ -14,3 +14,5 @@ volume
 config-files/*.last_processed_batch.json
 
 nonce_*.bin
+
+infra/ansible/playbooks/ini/**.ini

Makefile

@@ -1069,3 +1069,21 @@ setup_local_aligned_all:
 
 	tmux new-window -t aligned_layer -n telemetry
 	tmux send-keys -t aligned_layer:telemetry 'docker compose -f telemetry-docker-compose.yaml down && make telemetry_create_env && make telemetry_run_db && make open_telemetry_start && make telemetry_start' C-m
+
+__ANSIBLE__: ## ____
+
+ansible_batcher_create_env: ## Create empty variables files for the Batcher deploy
+	@cp -n infra/ansible/playbooks/ini/caddy-batcher.ini.example infra/ansible/playbooks/ini/caddy-batcher.ini
+	@cp -n infra/ansible/playbooks/ini/config-batcher.ini.example infra/ansible/playbooks/ini/config-batcher.ini
+	@cp -n infra/ansible/playbooks/ini/env-batcher.ini.example infra/ansible/playbooks/ini/env-batcher.ini
+	@echo "Config files for the Batcher created in infra/ansible/playbooks/ini"
+	@echo "Please complete the values and run make ansible_batcher_deploy"
+
+ansible_batcher_deploy: ## Deploy the Batcher. Parameters: INVENTORY, KEYSTORE
+	@if [ -z "$(INVENTORY)" ] || [ -z "$(KEYSTORE)" ]; then \
+		echo "Error: Both INVENTORY and KEYSTORE must be set."; \
+		exit 1; \
+	fi
+	@ansible-playbook infra/ansible/playbooks/batcher.yaml \
+		-i $(INVENTORY) \
+		-e "keystore_path=$(KEYSTORE)"

infra/ansible/README.md

@@ -0,0 +1,57 @@
+# Guide to Deploy
+
+## Batcher
+
+To deploy the Batcher you need to set some variables and then run the Batcher playbook
+
+Create the variables files:
+
+```shell
+make ansible_batcher_create_env
+```
+
+This will create the following files in `infra/ansible/playbooks/ini`
+
+- `config-batcher.ini`
+- `env-batcher.ini`
+- `caddy-batcher.ini`
+
+The `config-batcher.ini` contains the following variables:
+
+| Variable                                  | Description                                                | Stage                                                                                                           | Testnet                                                                                                    | Mainnet                             |
+|-------------------------------------------|------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------|-------------------------------------|
+| aligned_layer_deployment_config_file_path | JSON with Aligned contracts addresses                      | /home/app/repos/batcher/aligned_layer/contracts/script/output/holesky/alignedlayer_deployment_output.stage.json | /home/app/repos/operator/aligned_layer/contracts/script/output/holesky/alignedlayer_deployment_output.json | TBD                                 |
+| eigen_layer_deployment_config_file_path   | JSON with EigenLayer contracts addresses                   | /home/app/repos/batcher/aligned_layer/contracts/script/output/holesky/eigenlayer_deployment_output.json         | /home/app/repos/operator/aligned_layer/contracts/script/output/holesky/eigenlayer_deployment_output.json   | TBD                                 |
+| eth_rpc_url                               | HTTP RPC url                                               | <your_rpc_http_provider>                                                                                        | <your_rpc_http_provider>                                                                                   | <your_rpc_http_provider>            |
+| eth_rpc_url_fallback                      | HTTP RPC fallback url. Must be different than eth_rpc_url  | https://ethereum-holesky-rpc.publicnode.com                                                                     | https://ethereum-holesky-rpc.publicnode.com                                                                | https://ethereum-rpc.publicnode.com |
+| eth_ws_url                                | WS RPC url                                                 | <your_rpc_ws_provider>                                                                                          | <your_rpc_ws_provider>                                                                                     | <your_rpc_ws_provider>              |
+| eth_ws_url_fallback                       | WS RPC fallback url. Must be different than eth_ws_rpc_url | wss://ethereum-holesky-rpc.publicnode.com                                                                       | wss://ethereum-holesky-rpc.publicnode.com                                                                  | wss://ethereum-rpc.publicnode.com   |
+| ecdsa_private_key_store_password          | Password of the ECDSA keystore                             | <your_ecdsa_keystore_password>                                                                                  | <your_ecdsa_keystore_password>                                                                             | <your_ecdsa_keystore_password>      |
+| telemetry_ip_port_address                 | IP:Port of the Telemetry service                           | <IP>:4001                                                                                                       | <IP>:4001                                                                                                  | TBD                                 |
+| batcher_replacement_private_key           | This is the private key for the non-paying users           | -                                                                                                               | -                                                                                                          | -                                   |
+
+The `env-batcher.ini` contains the following variables:
+
+| Variable          | Description                                                | Stage                               | Testnet                               | Mainnet                       |
+|-------------------|------------------------------------------------------------|-------------------------------------|---------------------------------------|-------------------------------|
+| secret_access_key | Secret access key for user with access to the Storage (S3) | <your_secret_access_key>            | <your_secret_access_key>              | <your_secret_access_key>      |
+| region            | Region of the Storage                                      | <us-east-1>                         | <us-east-1>                           | <us-east-1>                   |
+| access_key_id     | Access key for the user with access to the Storage (S3)    | <your_access_key_id>                | <your_access_key_id>                  | <your_access_key_id>          |
+| bucket_name       | Bucket name                                                | <stage.storage.example.com>         | <holesky.storage.example.com>         | <storage.example.com>         |
+| download_endpoint | Public endpoint to download batcher                        | <https://stage.storage.example.com> | <https://holesky.storage.example.com> | <https://storage.example.com> |
+| log_level         | Log level                                                  | info                                | info                                  | info                          |
+
+The `caddy-batcher.ini` contains the following variables:
+
+| Variable       | Description                          | Stage                       | Testnet                       | Mainnet               |
+|----------------|--------------------------------------|-----------------------------|-------------------------------|-----------------------|
+| batcher_domain | Domain of the Batcher to send proofs | <stage.batcher.example.com> | <holesky.batcher.example.com> | <batcher.example.com> |
+
+> [!WARNING]
+> You need to previously set the `batcher_domain` in your DNS provider to point to the Batcher IP.
+
+Deploy the Batcher:
+
+```shell
+make ansible_batcher_deploy INVENTORY=</path/to/inventory> KEYSTORE=<path/to/keystore/in/your/local>
+```

infra/ansible/aggregator.yaml

@@ -0,0 +1,61 @@
+- import_playbook: setup.yaml
+- import_playbook: go.yaml
+- import_playbook: rust.yaml
+- import_playbook: eigenlayer-cli.yaml
+
+- hosts: aggregator
+  vars:
+    service: "aggregator"
+
+  tasks:
+    - name: Update apt and install required system packages
+      become: true
+      apt:
+        pkg:
+          - pkg-config
+          - libssl-dev
+          - gcc
+        state: latest
+        update_cache: true
+
+    - name: Create directories for each service if do not exist
+      become: true
+      ansible.builtin.file:
+        path: /home/{{ app_user }}/repos/{{ service }}
+        state: directory
+        mode: '0755'
+        owner: '{{ app_user }}'
+        group: '{{ app_user }}'
+      loop:
+        - aggregator
+
+    - name: Clone Aligned repository
+      become: true
+      ansible.builtin.git:
+        repo: https://github.com/yetanotherco/aligned_layer.git
+        dest: /home/{{ app_user }}/repos/{{ service }}/aligned_layer
+        version: v0.10.2
+      loop:
+        - aggregator
+
+    - name: Set permissions for cloned repository
+      become: true
+      ansible.builtin.file:
+        path: /home/{{ app_user }}/repos/{{ service }}/aligned_layer
+        mode: '0755'
+        owner: '{{ app_user }}'
+        group: '{{ app_user }}'
+        recurse: yes
+
+    - name: Compile all FFIs
+      become: true
+      shell:
+        chdir: /home/{{ app_user }}/repos/aggregator/aligned_layer
+        cmd: sudo -u {{ app_user }} . /home/{{ app_user }}/.profile && sudo -u {{ app_user }} make build_all_ffi_linux
+
+    - name: Allow access to tcp port 8090
+      become: true
+      ufw:
+        rule: allow
+        port: 8090
+        proto: tcp

infra/ansible/playbooks/avs-sync.yaml

@@ -0,0 +1,16 @@
+- import_playbook: setup.yaml
+- import_playbook: go.yaml
+
+- hosts: aligned-holesky-others
+  become: true
+  vars:
+    user: "{{ user }}"
+
+  tasks:
+    # Clone avs-sync repository
+    - name: Clone Aligned repository
+      ansible.builtin.git:
+        repo: https://github.com/Layr-Labs/avs-sync.git
+        dest: /home/{{ user }}/repos/avs-sync
+      become_user: "{{ user }}"
+

infra/ansible/playbooks/batcher.yaml

@@ -0,0 +1,142 @@
+- name: Run setup playbook
+  ansible.builtin.import_playbook: setup.yaml
+  vars:
+    host: batcher
+
+- name: Run webserver playbook
+  ansible.builtin.import_playbook: webserver.yaml
+  vars:
+    host: batcher
+
+- name: Run go playbook
+  ansible.builtin.import_playbook: go.yaml
+  vars:
+    host: batcher
+
+- name: Run rust playbook
+  ansible.builtin.import_playbook: rust.yaml
+  vars:
+    host: batcher
+
+- name: Run eigenlayer-cli playbook
+  ansible.builtin.import_playbook: eigenlayer-cli.yaml
+  vars:
+    host: batcher
+
+- hosts: batcher
+
+  tasks:
+    # Install required packages
+    - name: Update apt and install required system packages
+      become: true
+      apt:
+        pkg:
+          - pkg-config
+          - libssl-dev
+        state: latest
+        update_cache: true
+      vars:
+        ansible_ssh_user: "{{ admin_user }}"
+
+    # Create directories for each service
+    - name: Create directories for each service if do not exist
+      ansible.builtin.file:
+        path: /home/{{ ansible_user }}/repos/batcher
+        state: directory
+        mode: '0755'
+        owner: '{{ ansible_user }}'
+        group: '{{ ansible_user }}'
+
+    # Clone Aligned repository for the service
+    - name: Clone Aligned repository
+      ansible.builtin.git:
+        repo: https://github.com/yetanotherco/aligned_layer.git
+        dest: /home/{{ ansible_user }}/repos/batcher/aligned_layer
+        version: v0.10.2
+        recursive: false
+
+    # Build the batcher
+    - name: Install deps
+      make:
+        chdir: /home/{{ ansible_user }}/repos/batcher/aligned_layer
+        target: deps
+      environment:
+        PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin:/home/{{ ansible_user }}/.cargo/bin"
+
+    - name: Install batcher
+      make:
+        chdir: /home/{{ ansible_user }}/repos/batcher/aligned_layer
+        target: install_batcher
+      environment:
+        PATH: "{{ ansible_env.PATH }}:/usr/local/go/bin:/home/{{ ansible_user }}/.cargo/bin"
+
+    - name: Create systemd services directory
+      file:
+        path: "/home/{{ ansible_user }}/.config/systemd/user/"
+        state: directory
+
+    - name: Add service to systemd
+      template:
+        src: services/batcher.service.j2
+        dest: "/home/{{ ansible_user }}/.config/systemd/user/batcher.service"
+        force: no
+
+    - name: Upload config file for batcher
+      template:
+        src: config-files/config-batcher.yaml.j2
+        dest: "/home/{{ ansible_user }}/config/config-batcher.yaml"
+      vars:
+        aligned_layer_deployment_config_file_path: "{{ lookup('ini', 'aligned_layer_deployment_config_file_path', file='ini/config-batcher.ini') }}"
+        eigen_layer_deployment_config_file_path: "{{ lookup('ini', 'eigen_layer_deployment_config_file_path', file='ini/config-batcher.ini') }}"
+        eth_rpc_url: "{{ lookup('ini', 'eth_rpc_url', file='ini/config-batcher.ini') }}"
+        eth_rpc_url_fallback: "{{ lookup('ini', 'eth_rpc_url_fallback', file='ini/config-batcher.ini') }}"
+        eth_ws_url: "{{ lookup('ini', 'eth_ws_url', file='ini/config-batcher.ini') }}"
+        eth_ws_url_fallback: "{{ lookup('ini', 'eth_ws_url_fallback', file='ini/config-batcher.ini') }}"
+        ecdsa_private_key_store_path: "/home/{{ ansible_user }}/.keystores/batcher"
+        ecdsa_private_key_store_password: "{{ lookup('ini', 'ecdsa_private_key_store_password', file='ini/config-batcher.ini') }}"
+        telemetry_ip_port_address: "{{ lookup('ini', 'telemetry_ip_port_address', file='ini/config-batcher.ini') }}"
+        batcher_replacement_private_key: "{{ lookup('ini', 'batcher_replacement_private_key', file='ini/config-batcher.ini') }}"
+
+
+    - name: Upload env file for batcher
+      template:
+        src: config-files/env-batcher.j2
+        dest: "/home/{{ ansible_user }}/config/.env.batcher"
+      vars:
+        secret_access_key: "{{ lookup('ini', 'secret_access_key', file='ini/env-batcher.ini') }}"
+        region: "{{ lookup('ini', 'region', file='ini/env-batcher.ini') }}"
+        access_key_id: "{{ lookup('ini', 'access_key_id', file='ini/env-batcher.ini') }}"
+        bucket_name: "{{ lookup('ini', 'bucket_name', file='ini/env-batcher.ini') }}"
+        download_endpoint: "{{ lookup('ini', 'download_endpoint', file='ini/env-batcher.ini') }}"
+        log_level: "{{ lookup('ini', 'log_level', file='ini/env-batcher.ini') }}"
+
+    - name: Add reverse proxy to Caddy
+      become: true
+      template:
+        src: caddy/Caddyfile.batcher.j2
+        dest: "/etc/caddy/Caddyfile"
+      vars:
+        ansible_ssh_user: "{{ admin_user }}"
+        batcher_domain: "{{ lookup('ini', 'batcher_domain', file='ini/caddy-batcher.ini') }}"
+
+    - name: Copy keystore to server
+      ansible.builtin.copy:
+        src: '{{ keystore_path }}'
+        dest: /home/{{ ansible_user }}/.keystores/batcher
+        owner: '{{ ansible_user }}'
+        group: '{{ ansible_user }}'
+
+    - name: Start Batcher service
+      ansible.builtin.systemd_service:
+        name: batcher
+        state: started
+        enabled: true
+        scope: user
+
+    - name: Restart Caddy service
+      become: true
+      ansible.builtin.systemd_service:
+        name: caddy
+        state: restarted
+      vars:
+        ansible_ssh_user: "{{ admin_user }}"

infra/ansible/playbooks/docker.yaml

@@ -0,0 +1,47 @@
+- name: Docker Setup
+  hosts: all
+  become: true
+  vars:
+    user: "{{ user }}"
+
+  tasks:
+    - name: Install required system packages
+      apt:
+        pkg:
+          - apt-transport-https
+          - ca-certificates
+          - curl
+          - software-properties-common
+          - python3-pip
+          - virtualenv
+          - python3-setuptools
+        state: latest
+        update_cache: true
+
+    - name: Add Docker GPG apt Key
+      apt_key:
+        url: https://download.docker.com/linux/ubuntu/gpg
+        state: present
+
+    - name: Add Docker Repository
+      apt_repository:
+        repo: deb https://download.docker.com/linux/ubuntu focal stable
+        state: present
+
+    - name: Update apt and install docker-ce
+      apt:
+        name: docker-ce
+        state: latest
+        update_cache: true
+
+    - name: Ensure group "docker" exists
+      ansible.builtin.group:
+        name: docker
+        state: present
+
+    - name: Add user to docker group
+      user:
+        name: "{{ user }}"
+        groups: docker
+        append: yes
+        state: present

infra/ansible/playbooks/eigenlayer-cli.yaml

@@ -0,0 +1,26 @@
+- name: Eigenlayer CLI Setup
+  hosts: "{{ host }}"
+
+  tasks:
+    - name: check if eigenlayer is installed
+      stat:
+        path: /home/{{ ansible_user }}/bin/eigenlayer
+      register: eigenlayer_exists
+
+    - name: Download Eigenlayer CLI
+      when: not eigenlayer_exists.stat.exists
+      get_url:
+        url: https://raw.githubusercontent.com/layr-labs/eigenlayer-cli/master/scripts/install.sh
+        dest: /tmp/eigenlayer.sh
+        mode: '0755'
+
+    - name: Install Eigenlayer CLI
+      when: not eigenlayer_exists.stat.exists
+      shell: /tmp/eigenlayer.sh
+
+    - name: Add eigenlayer path to ~/.profile
+      when: not eigenlayer_exists.stat.exists
+      lineinfile:
+        path: ~/.profile
+        line: 'export PATH=$PATH:~/bin'
+        state: present