diff --git a/.github/workflows/polkadot_version.yaml b/.github/workflows/polkadot_version.yaml index 0a4e540..0b79b4c 100644 --- a/.github/workflows/polkadot_version.yaml +++ b/.github/workflows/polkadot_version.yaml @@ -1,56 +1,65 @@ +--- name: Check Polkadot and Cumulus Update on: schedule: - - cron: '0 0 * * *' # Runs at midnight UTC every day + - cron: '0 0 * * *' # Runs at midnight UTC every day jobs: update-version: runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Set up Python - uses: actions/setup-python@v3 - with: - python-version: '3.x' - - - name: Install Python dependencies - run: | - python -m pip install --upgrade pip - pip install pyyaml requests - - - name: Check for updates in Polkadot and replace version if needed - id: check-update-polkadot - run: python scripts/extract_version.py group_vars/polkadot.yaml default_client_version paritytech polkadot true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Check for updates in Cumulus and replace version if needed - id: check-update-cumulus - run: python scripts/extract_version.py group_vars/cumulus.yaml default_client_version paritytech cumulus true - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Set up Git config - if: steps.check-update-polkadot.outputs.current_version != steps.check-update-polkadot.outputs.latest_release || steps.check-update-cumulus.outputs.current_version != steps.check-update-cumulus.outputs.latest_release - run: | - git config --global user.name 'github-actions[bot]' - git config --global user.email 'github-actions[bot]@users.noreply.github.com' - - - name: Commit updated YAML files - if: steps.check-update-polkadot.outputs.current_version != steps.check-update-polkadot.outputs.latest_release || steps.check-update-cumulus.outputs.current_version != steps.check-update-cumulus.outputs.latest_release - run: | - git add group_vars/polkadot.yaml group_vars/cumulus.yaml - git commit -m "Update Polkadot and Cumulus versions" - git push - - - name: Create Pull Request for Polkadot and Cumulus Update - if: steps.check-update-polkadot.outputs.current_version != steps.check-update-polkadot.outputs.latest_release || steps.check-update-cumulus.outputs.current_version != steps.check-update-cumulus.outputs.latest_release - uses: repo-sync/pull-request@v2 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - pr_title: "Update Polkadot and Cumulus versions" - pr_body: "Automatically updated by GitHub Actions." - pr_label: "automated-pr" + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Set up Python + uses: actions/setup-python@v3 + with: + python-version: '3.x' + + - name: Install Python dependencies + run: | + python -m pip install --upgrade pip + pip install pyyaml requests + + - name: Check for updates in Polkadot and replace version if needed + id: check-update-polkadot + run: > + python scripts/extract_version.py + group_vars/polkadot.yaml + default_client_version + paritytech polkadot-sdk true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Check for updates in Cumulus and replace version if needed + id: check-update-cumulus + run: > + python scripts/extract_version.py + group_vars/cumulus.yaml + default_client_version + paritytech polkadot-sdk true + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Set up Git config + if: steps.check-update-polkadot.outputs.current_version != steps.check-update-polkadot.outputs.latest_release || steps.check-update-cumulus.outputs.current_version != steps.check-update-cumulus.outputs.latest_release + run: | + git config --global user.name 'github-actions[bot]' + git config --global user.email 'github-actions[bot]@users.noreply.github.com' + + - name: Commit updated YAML files + if: steps.check-update-polkadot.outputs.current_version != steps.check-update-polkadot.outputs.latest_release || steps.check-update-cumulus.outputs.current_version != steps.check-update-cumulus.outputs.latest_release + run: | + git add group_vars/polkadot.yaml group_vars/cumulus.yaml + git commit -m "Update Polkadot and Cumulus versions" + git push + + - name: Create Pull Request for Polkadot and Cumulus Update + if: steps.check-update-polkadot.outputs.current_version != steps.check-update-polkadot.outputs.latest_release || steps.check-update-cumulus.outputs.current_version != steps.check-update-cumulus.outputs.latest_release + uses: repo-sync/pull-request@v2 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + pr_title: "Update Polkadot and Cumulus versions" + pr_body: "Automatically updated by GitHub Actions." + pr_label: "automated-pr" diff --git a/.later.yaml b/.later.yaml index 81d017e..558ee3c 100644 --- a/.later.yaml +++ b/.later.yaml @@ -80,7 +80,8 @@ rules: - "ANSIBLE0026" - "LINT0007" - "LINT0008" - - YML108 + - "YML108" + - "ANS126" # All dotfiles (including hidden folders) are excluded by default. # You can disable this setting and handle dotfiles by yourself with `exclude_files`. diff --git a/group_vars/reth.yaml b/group_vars/reth.yaml index b903572..66bf328 100644 --- a/group_vars/reth.yaml +++ b/group_vars/reth.yaml @@ -36,4 +36,3 @@ reth_eth_bt_port: 42069 reth_eth_sentry_port: 4000 reth_eth_sentry2_port: 4001 reth_eth_http_api: "engine,eth,reth,ots,web3,net,debug,trace,txpool,shh" -... diff --git a/host_vars/eth01.yaml b/host_vars/eth01.yaml index be9fc22..3b8bd96 100644 --- a/host_vars/eth01.yaml +++ b/host_vars/eth01.yaml @@ -11,4 +11,3 @@ role: "reth" erigon_eth: True pruned: False pinned_service: True -... diff --git a/playbooks/reth.yaml b/playbooks/reth.yaml index e3b59de..19be412 100644 --- a/playbooks/reth.yaml +++ b/playbooks/reth.yaml @@ -5,4 +5,3 @@ roles: - setup_add_node_role - setup_install_reth -... diff --git a/roles/setup_install_hyperbridge/handlers/main.yaml b/roles/setup_install_hyperbridge/handlers/main.yaml new file mode 100644 index 0000000..5b96044 --- /dev/null +++ b/roles/setup_install_hyperbridge/handlers/main.yaml @@ -0,0 +1,44 @@ +--- +- name: Symlink Cumulus release + ansible.builtin.file: + src: "{{ default_base_path }}/cumulus-v{{ default_client_version }}" + dest: "{{ default_base_path }}/cumulus" + force: True + state: link + owner: "{{ default_user }}" + group: "{{ default_user }}" + +- name: Symlink binary executable + ansible.builtin.file: + src: "{{ default_base_path }}/cumulus-v{{ default_client_version }}" + dest: "/usr/local/bin/cumulus" + force: True + state: link + owner: "{{ default_user }}" + group: "{{ default_user }}" + +- name: Symlink Cumulus service to systemd + ansible.builtin.file: + src: "{{ default_base_path }}/cumulus.service" + dest: "/etc/systemd/system/cumulus.service" + state: link + force: True + owner: "root" + group: "root" + mode: '0644' + +- name: Stop Cumulus + ansible.builtin.systemd: + name: cumulus + state: stopped + enabled: True + +- name: Systemd daemon-reload + ansible.builtin.systemd: + daemon_reload: True + +- name: Start Cumulus + ansible.builtin.systemd: + name: cumulus + state: started + enabled: True diff --git a/roles/setup_install_hyperbridge/meta/main.yaml b/roles/setup_install_hyperbridge/meta/main.yaml new file mode 100644 index 0000000..e29e21c --- /dev/null +++ b/roles/setup_install_hyperbridge/meta/main.yaml @@ -0,0 +1,14 @@ +# Standards: 0.2 +--- +galaxy_info: + author: Rotko Networks + description: Install or upgrade Collator + min_ansible_version: 3.0 + platforms: + - name: Debian + versions: + - bullseye + - bookworm +dependencies: + - setup_add_node_role + - setup_install_rust diff --git a/roles/setup_install_hyperbridge/tasks/main.yaml b/roles/setup_install_hyperbridge/tasks/main.yaml new file mode 100644 index 0000000..e4195fa --- /dev/null +++ b/roles/setup_install_hyperbridge/tasks/main.yaml @@ -0,0 +1,86 @@ +--- +- name: Ensure group {{ default_user }} exists + ansible.builtin.group: + name: "{{ default_user }}" + state: present + system: True + +- name: Ensure user {{ default_user }} exists without unnecessary privileges + ansible.builtin.user: + append: True + comment: hyperbridge service user + create_home: False + group: "{{ default_user }}" + groups: [] + home: "{{ default_base_path }}" + name: "{{ default_user }}" + shell: "/sbin/nologin" + state: present + system: True + +- name: Ensure user {{ default_user }} owns directories + ansible.builtin.file: + path: "{{ item }}" + owner: "{{ default_user }}" + group: "{{ default_user }}" + mode: '0750' + state: directory + loop: + - "{{ default_base_path }}" + - "{{ default_database_path }}" + +- name: Gather facts + ansible.builtin.setup: + +- name: Copy Hyperbridge systemd service for specific node type + ansible.builtin.template: + src: "{{ 'hyperbridge_' + default_node_type + '.service.j2' }}" + dest: "{{ default_base_path }}/hyperbridge.service" + owner: "{{ default_user }}" + group: "{{ default_user }}" + mode: '0640' + when: default_node_type in ["node", "validator", "full-node"] + notify: + - Symlink Hyperbridge service to systemd + - Stop Hyperbridge + - Systemd daemon-reload + - Start Hyperbridge + - Add type of service fact + +- name: Flush handlers after Hyperbridge service copy + ansible.builtin.meta: flush_handlers + +- name: Install Hyperbridge v{{ default_client_version }} + ansible.builtin.get_url: + url: "{{ default_download_url }}" + dest: "{{ default_base_path }}/hyperbridge-v{{ default_client_version }}" + mode: "u+r+x" + owner: "{{ default_user }}" + group: "{{ default_user }}" + register: download_result + notify: + - Add Service Pinned Status + - Add Hyperbridge service version + - Symlink Hyperbridge service to systemd + - Symlink Hyperbridge release + - Symlink binary executable + - Stop Hyperbridge + - Systemd daemon-reload + - Start Hyperbridge + when: + - ansible_local['noderole']['node']['pinned'] != "True" + - ansible_local['noderole']['node']['version'] != default_client_version + +- name: Flush handlers after Hyperbridge install + ansible.builtin.meta: flush_handlers + +- name: Verify Hyperbridge version + ansible.builtin.command: "{{ default_base_path }}/hyperbridge --version" + register: default_client_version_result + changed_when: False + failed_when: "default_client_version not in default_client_version_result.stdout" + +- name: Ensure Hyperbridge service is running + ansible.builtin.systemd: + name: hyperbridge + state: started diff --git a/roles/setup_install_hyperbridge/templates/cumulus_bootnode.service.j2 b/roles/setup_install_hyperbridge/templates/cumulus_bootnode.service.j2 new file mode 100644 index 0000000..2a56880 --- /dev/null +++ b/roles/setup_install_hyperbridge/templates/cumulus_bootnode.service.j2 @@ -0,0 +1,41 @@ +[Unit] +Description="{{ host_name.split('.')[0] }} bootnode - Cumulus service" +After=network-online.target +Wants=network-online.target + +[Service] +User={{ default_user }} +Group={{ default_group }} +ExecStart={{ default_base_path }}/cumulus \ + --name "{{ default_telemetry_name }}" \ + --chain {{ default_network }} \ + --base-path {{ default_base_path }} \ + --database {{ default_database }} \ + --state-pruning 256 \ + --log sync=warn,afg=warn,babe=warn \ + --telemetry-url 'wss://telemetry-backend.w3f.community/submit 1' \ + --telemetry-url 'wss://telemetry.polkadot.io/submit/ 1' \ + --listen-addr /ip4/0.0.0.0/tcp/{{ default_p2p_port }} \ + --listen-addr /ip4/0.0.0.0/tcp/{{ default_p2p_port_ws }}/ws \ + --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port }} \ + --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port_ws }}/ws \ + --public-addr /dns/{{ default_public_dns }}/tcp/{{ default_p2p_port }} \ + --public-addr /dns/{{ default_public_dns }}/tcp/{{ default_p2p_port_ws }}/ws \ + --public-addr /dns/{{ default_public_dns }}/tcp/{{ default_p2p_port_wss }}/wss \ + --rpc-port {{ default_rpc_port }} \ + --prometheus-port {{ default_prom_port }} \ + --prometheus-external \ + --relay-chain-rpc-urls {{ default_relay_rpc }} {{ default_relay_rpc_fallback }} \ + --wasm-execution Compiled \ + --sync {{ default_syncmode | default('warp') }} \ + --no-hardware-benchmarks \ + --rpc-external \ + --rpc-methods safe \ + --rpc-cors all \ + --allow-private-ipv4 + +Restart=always +RestartSec=120 + +[Install] +WantedBy=multi-user.target diff --git a/roles/setup_install_hyperbridge/templates/cumulus_collator.service.j2 b/roles/setup_install_hyperbridge/templates/cumulus_collator.service.j2 new file mode 100644 index 0000000..a60812f --- /dev/null +++ b/roles/setup_install_hyperbridge/templates/cumulus_collator.service.j2 @@ -0,0 +1,35 @@ +[Unit] +Description="{{ host_name.split('.')[0] }} Collator - Cumulus service" +After=network.target +StartLimitIntervalSec=0 + +[Service] +Type=simple +Restart=on-failure +RestartSec=10 +User={{ default_user }} +Group={{ default_group }} +SyslogIdentifier={{ default_service }} +LimitNOFILE={{ default_max_open_files_in_service }} +SyslogFacility=local7 +KillSignal=SIGHUP +ExecStart={{ default_base_path }}/cumulus \ + --base-path {{ default_base_path }} \ + --chain {{ default_network }} \ + --database {{ default_database }} \ + --sync {{ default_syncmode }} \ + --name "{{ hostvars[inventory_hostname]['default_telemetry_name'] | default(host_name) }}" \ + --telemetry-url 'wss://telemetry-backend.w3f.community/submit 1' \ + --port {{ default_p2p_port }} \ + --rpc-port {{ default_rpc_port }} \ + --prometheus-port {{ default_prom_port }} \ + --prometheus-external \ + --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port }} \ + --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port_ws }}/ws \ + --relay-chain-rpc-urls {{ default_relay_rpc }} {{ default_relay_rpc_fallback }} \ + --wasm-execution compiled \ + --pruning 1000 \ + --db-cache {{ ansible_memtotal_mb // 2 }} + +[Install] +WantedBy=multi-user.target diff --git a/roles/setup_install_hyperbridge/templates/cumulus_endpoint.service.j2 b/roles/setup_install_hyperbridge/templates/cumulus_endpoint.service.j2 new file mode 100644 index 0000000..cd9553b --- /dev/null +++ b/roles/setup_install_hyperbridge/templates/cumulus_endpoint.service.j2 @@ -0,0 +1,38 @@ +[Unit] +Description="{{ host_name.split('.')[0] }} endpoint - Cumulus service" +After=network-online.target +Wants=network-online.target + +[Service] +User={{ default_user }} +Group={{ default_group }} +ExecStart={{ default_base_path }}/cumulus \ + --name "{{ default_telemetry_name }}" \ + --chain {{ default_network }} \ + --base-path {{ default_base_path }} \ + --state-pruning archive \ + --database {{ default_database }} \ + --sync full \ + --listen-addr /ip4/0.0.0.0/tcp/{{ default_p2p_port }} \ + --listen-addr /ip4/0.0.0.0/tcp/{{ default_p2p_port_ws }}/ws \ + --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port }} \ + --public-addr /ip4/{{ ansible_host }}/tcp/{{ default_p2p_port_ws }}/ws \ + --public-addr /dns/{{ default_public_dns }}/tcp/{{ default_p2p_port }} \ + --public-addr /dns/{{ default_public_dns }}/tcp/{{ default_p2p_port_ws }}/ws \ + --public-addr /dns/{{ default_public_dns }}/tcp/{{ default_p2p_port_wss }}/wss \ + --rpc-port {{ default_rpc_port }} \ + --prometheus-port {{ default_prom_port }} \ + --prometheus-external \ + --relay-chain-rpc-urls {{ default_relay_rpc }} {{ default_relay_rpc_fallback }} \ + --wasm-execution Compiled \ + --no-hardware-benchmarks \ + --rpc-external \ + --rpc-methods safe \ + --rpc-cors all \ + --allow-private-ipv4 + +Restart=always +RestartSec=120 + +[Install] +WantedBy=multi-user.target diff --git a/roles/setup_install_reth/handlers/main.yaml b/roles/setup_install_reth/handlers/main.yaml index c7c7a77..66fb721 100644 --- a/roles/setup_install_reth/handlers/main.yaml +++ b/roles/setup_install_reth/handlers/main.yaml @@ -46,4 +46,3 @@ daemon_reload: True state: started enabled: True -... diff --git a/roles/setup_install_reth/meta/main.yaml b/roles/setup_install_reth/meta/main.yaml index c32f49b..c211303 100644 --- a/roles/setup_install_reth/meta/main.yaml +++ b/roles/setup_install_reth/meta/main.yaml @@ -12,4 +12,3 @@ galaxy_info: dependencies: - role: setup_install_rust - role: setup_add_node_role -... diff --git a/roles/setup_install_reth/tasks/main.yaml b/roles/setup_install_reth/tasks/main.yaml index 938196e..450ab32 100644 --- a/roles/setup_install_reth/tasks/main.yaml +++ b/roles/setup_install_reth/tasks/main.yaml @@ -111,4 +111,3 @@ ansible.builtin.include_role: name: setup_install_lighthouse when: ethereum_syncmode != "light" -...