cerc-io/stack-orchestrator
12
1
Fork 3
Code Issues 117 Pull Requests 25 Actions Packages Projects Releases 493 Wiki Activity
3bf87a2e9b
stack-orchestrator/playbooks/connect-doublezero-multicast.yml
A. F. Dudley 9cbc115295 fix: inventory layering — playbooks use hosts:all, cross-inventory uses explicit hosts 
Normal playbooks should never hardcode hostnames — that's an inventory
concern. Changed all playbooks to hosts:all. The one exception is
ashburn-relay-check.yml which legitimately spans both inventories
(switches + biscayne) and uses explicit hostnames.

Also adds:
- ashburn-relay-check.yml: full-path relay diagnostics (switches + host)
- biscayne-start.yml: start kind container and scale validator to 1
- ashburn-relay-setup.sh.j2: boot persistence script for relay state
- Direct device mounts replacing rbind (ZFS shared propagation fix)
- systemd service replacing broken if-up.d/netfilter-persistent
- PV mount path corrections (/mnt/validator-* not /mnt/solana/*)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 22:28:21 +00:00

135 lines
4.6 KiB
YAML
Raw Blame History

---
# Connect biscayne to DoubleZero multicast via laconic-mia-sw01
#
# Establishes a GRE tunnel to the nearest DZ hybrid device and subscribes
# to jito-shredstream and bebop multicast groups.
#
# Usage:
# ansible-playbook playbooks/connect-doublezero-multicast.yml
# ansible-playbook playbooks/connect-doublezero-multicast.yml --check # dry-run
- name: Connect biscayne to DoubleZero multicast
hosts: all
gather_facts: false
vars:
dz_multicast_groups:
- jito-shredstream
- bebop
tasks:
# ------------------------------------------------------------------
# Pre-checks
# ------------------------------------------------------------------
- name: Verify doublezerod service is running
ansible.builtin.systemd:
name: doublezerod
state: started
check_mode: true
register: dz_service
failed_when: dz_service.status.ActiveState != "active"
- name: Get doublezero identity address
ansible.builtin.command:
cmd: doublezero address
register: dz_address
changed_when: false
- name: Verify doublezero identity matches expected pubkey
ansible.builtin.assert:
that:
- dz_address.stdout | trim == dz_identity
fail_msg: >-
DZ identity mismatch: got '{{ dz_address.stdout | trim }}',
expected '{{ dz_identity }}'
- name: Check current DZ connection status
ansible.builtin.command:
cmd: "doublezero -e {{ dz_environment }} status"
register: dz_status
changed_when: false
failed_when: false
- name: Fail if already connected (tunnel is up)
ansible.builtin.fail:
msg: >-
DoubleZero tunnel is already connected. To reconnect, first
disconnect manually with: doublezero -e {{ dz_environment }} disconnect
when: "'connected' in dz_status.stdout | lower"
# ------------------------------------------------------------------
# Create access pass
# ------------------------------------------------------------------
- name: Create DZ access pass for multicast subscriber
ansible.builtin.command:
cmd: >-
doublezero -e {{ dz_environment }} access-pass set
--accesspass-type solana-multicast-subscriber
--client-ip {{ client_ip }}
--user-payer {{ dz_identity }}
--solana-validator {{ validator_identity }}
--tenant {{ dz_tenant }}
register: dz_access_pass
changed_when: "'created' in dz_access_pass.stdout | lower or 'updated' in dz_access_pass.stdout | lower"
- name: Show access pass result
ansible.builtin.debug:
var: dz_access_pass.stdout_lines
# ------------------------------------------------------------------
# Connect to DZ multicast
# ------------------------------------------------------------------
- name: Connect to DoubleZero multicast via {{ dz_device }}
ansible.builtin.command:
cmd: >-
doublezero -e {{ dz_environment }} connect multicast
{% for group in dz_multicast_groups %}
--subscribe {{ group }}
{% endfor %}
--device {{ dz_device }}
--client-ip {{ client_ip }}
register: dz_connect
changed_when: true
- name: Show connect result
ansible.builtin.debug:
var: dz_connect.stdout_lines
# ------------------------------------------------------------------
# Post-checks
# ------------------------------------------------------------------
- name: Verify tunnel status is connected
ansible.builtin.command:
cmd: "doublezero -e {{ dz_environment }} status"
register: dz_post_status
changed_when: false
failed_when: "'connected' not in dz_post_status.stdout | lower"
- name: Show tunnel status
ansible.builtin.debug:
var: dz_post_status.stdout_lines
- name: Verify routes are installed
ansible.builtin.command:
cmd: "doublezero -e {{ dz_environment }} routes"
register: dz_routes
changed_when: false
- name: Show installed routes
ansible.builtin.debug:
var: dz_routes.stdout_lines
- name: Check multicast group membership
ansible.builtin.command:
cmd: "doublezero -e {{ dz_environment }} status"
register: dz_multicast_status
changed_when: false
- name: Connection summary
ansible.builtin.debug:
msg: >-
DoubleZero multicast connected via {{ dz_device }}.
Subscribed groups: {{ dz_multicast_groups | join(', ') }}.
Next step: request allowlist access from group owners
(see docs/doublezero-multicast-access.md).
Reference in New Issue View Git Blame Copy Permalink