From 65be098ce963ea7832c3a7204bc8797f900945df Mon Sep 17 00:00:00 2001 From: nabarun Date: Wed, 23 Oct 2024 06:53:07 +0000 Subject: [PATCH] Add steps to clean up service provider setup (#14) Part of [Service Provider Setup](https://www.notion.so/Service-provider-setup-a09e2207e1f34f3a847f7ce9713b7ac5) - Move user setup playbook to separate directory - Remove unneeded variables Co-authored-by: Adw8 Reviewed-on: https://git.vdb.to/cerc-io/testnet-ops/pulls/14 --- README.md | 13 ++ hosts.example.ini | 2 +- nitro-bridge-setup/README.md | 60 ++---- nitro-bridge-setup/setup-vars.yml | 2 +- nitro-contracts-setup/README.md | 58 ++---- nitro-contracts-setup/setup-vars.yml | 2 +- nitro-nodes-setup/README.md | 59 ++---- nitro-nodes-setup/setup-vars.yml | 2 +- service-provider-setup/README.md | 197 ++++++++++-------- service-provider-setup/setup-k8s.yml | 5 +- service-provider-setup/templates/k8s.yml.j2 | 2 +- .../vars/dns-vars.example.yml | 2 +- .../vars/k8s-vars.example.yml | 1 - .../vars/webapp-vars.example.yml | 8 +- stack-orchestrator-setup/README.md | 32 ++- user-setup/.gitignore | 1 + user-setup/README.md | 74 +++++++ .../setup-user.yml | 4 +- .../vars => user-setup}/user-vars.example.yml | 0 19 files changed, 287 insertions(+), 237 deletions(-) create mode 100644 user-setup/.gitignore create mode 100644 user-setup/README.md rename {service-provider-setup => user-setup}/setup-user.yml (96%) rename {service-provider-setup/vars => user-setup}/user-vars.example.yml (100%) diff --git a/README.md b/README.md index 64a60d7..d0c7ed1 100644 --- a/README.md +++ b/README.md @@ -36,6 +36,19 @@ - Reference: +- Verify ansible installation by running the following command: + + ```bash + ansible --version + # ansible [core 2.17.2] + ``` + +- Install `sshpass` used for automating SSH password authentication + + ```bash + sudo apt-get install sshpass + ``` + ## Playbooks - [stack-orchestrator-setup](./stack-orchestrator-setup/README.md) diff --git a/hosts.example.ini b/hosts.example.ini index 05fd65c..a5aa882 100644 --- a/hosts.example.ini +++ b/hosts.example.ini @@ -1,2 +1,2 @@ [deployment_host] - ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' \ No newline at end of file + ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' diff --git a/nitro-bridge-setup/README.md b/nitro-bridge-setup/README.md index 345fce1..a6d26f0 100644 --- a/nitro-bridge-setup/README.md +++ b/nitro-bridge-setup/README.md @@ -1,8 +1,10 @@ # nitro-bridge-setup -## Setup Ansible +## Prerequisites -To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine +- Setup Ansible: To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine. + +- Setup user with passwordless sudo: Follow steps from [Setup a user](../user-setup/README.md#setup-a-user) to setup a new user ## Setup @@ -40,33 +42,13 @@ The following commands have to be executed in the [`nitro-bridge-setup`](./) dir ## Run Nitro Bridge -### On Local Host - -- To setup and run nitro bridge locally, execute the `run-nitro-bridge.yml` Ansible playbook: - - ```bash - LANG=en_US.utf8 ansible-playbook run-nitro-bridge.yml --extra-vars='{ "target_host": "localhost"}' --user $USER -kK - ``` - - NOTE: By default, deployments are created in an `out` directory. To change this location, update the `nitro_directory` variable in the [setup-vars.yml](./setup-vars.yml) file - -- For skipping container build, set `"skip_container_build" : true` in the `--extra-vars` parameter: - - ```bash - LANG=en_US.utf8 ansible-playbook run-nitro-bridge.yml --extra-vars='{"target_host" : "localhost", "skip_container_build": true}' --user $USER -kK - ``` - -### On Remote Host - -To run the playbook on a remote host: - - Create a new `hosts.ini` file: - ```bash - cp ../hosts.example.ini hosts.ini - ``` + ```bash + cp ../hosts.example.ini hosts.ini + ``` -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: +- Edit the [`hosts.ini`](./hosts.ini) file: ```ini [] @@ -76,12 +58,12 @@ To run the playbook on a remote host: - Replace `` with `nitro_host` - Replace `` with the alias of your choice - Replace `` with the IP address or hostname of the target machine - - Replace `` with the SSH username (e.g., dev, ubuntu) + - Replace `` with the username of the user that you set up on target machine (e.g. dev, ubuntu) -- Verify that you are able to connect to the host using the following command +- Verify that you are able to connect to the host using the following command: ```bash - ansible all -m ping -i hosts.ini -k + ansible all -m ping -i hosts.ini # Expected output: @@ -94,25 +76,27 @@ To run the playbook on a remote host: # } ``` -- Execute the `run-nitro-bridge.yml` Ansible playbook for remote deployment: +- Execute the `run-nitro-bridge.yml` Ansible playbook for deploying nitro bridge: ```bash - LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-bridge.yml --extra-vars='{ "target_host": "nitro_host"}' --user $USER -kK + LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-bridge.yml --extra-vars='{ "target_host": "nitro_host"}' --user $USER ``` + NOTE: By default, deployments are created in an `out` directory. To change this location, update the `nitro_directory` variable in the [setup-vars.yml](./setup-vars.yml) file + - For skipping container build, run with `"skip_container_build" : true` in the `--extra-vars` parameter: ```bash - LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-bridge.yml --extra-vars='{ "target_host": "nitro_host", "skip_container_build": true }' --user $USER -kK + LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-bridge.yml --extra-vars='{ "target_host": "nitro_host", "skip_container_build": true }' --user $USER ``` ## Check Deployment Status -- Run the following command in the directory where the bridge-deployment is created: +Run the following command in the directory where the bridge-deployment is created: - - Check logs for deployments: +- Check logs for deployments: - ```bash - # Check the bridge deployment logs, ensure that the node is running - laconic-so deployment --dir bridge-deployment logs nitro-bridge -f - ``` + ```bash + # Check the bridge deployment logs, ensure that the node is running + laconic-so deployment --dir bridge-deployment logs nitro-bridge -f + ``` diff --git a/nitro-bridge-setup/setup-vars.yml b/nitro-bridge-setup/setup-vars.yml index d1d497f..ef0a210 100644 --- a/nitro-bridge-setup/setup-vars.yml +++ b/nitro-bridge-setup/setup-vars.yml @@ -1,3 +1,3 @@ -target_host: "localhost" +target_host: "nitro_host" nitro_directory: out skip_container_build: false diff --git a/nitro-contracts-setup/README.md b/nitro-contracts-setup/README.md index 05d103d..846af3f 100644 --- a/nitro-contracts-setup/README.md +++ b/nitro-contracts-setup/README.md @@ -1,8 +1,10 @@ # nitro-contracts-setup -## Setup Ansible +## Prerequisites -To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine +- Setup Ansible: To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine. + +- Setup user with passwordless sudo: Follow steps from [Setup a user](../user-setup/README.md#setup-a-user) to setup a new user with passwordless sudo ## Setup @@ -34,33 +36,13 @@ The following commands have to be executed in the [`nitro-contracts-setup`](./) ## Deploy Contracts -### On Local Host - -- To deploy nitro contracts locally, execute the `deploy-contracts.yml` Ansible playbook: - - ```bash - LANG=en_US.utf8 ansible-playbook deploy-contracts.yml --extra-vars='{ "target_host": "localhost"}' --user $USER -kK - ``` - - NOTE: By default, deployments are created in an `out` directory. To change this location, update the `nitro_directory` variable in the [setup-vars.yml](./setup-vars.yml) file - -- For skipping container build, set `"skip_container_build" : true` in the `--extra-vars` parameter: - - ```bash - LANG=en_US.utf8 ansible-playbook deploy-contracts.yml --extra-vars='{"target_host" : "localhost", "skip_container_build": true}' --user $USER -kK - ``` - -### On Remote Host - -To run the playbook on a remote host: - - Create a new `hosts.ini` file: ```bash cp ../hosts.example.ini hosts.ini ``` -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: +- Edit the [`hosts.ini`](./hosts.ini) file: ```ini [] @@ -70,12 +52,12 @@ To run the playbook on a remote host: - Replace `` with `nitro_host` - Replace `` with the alias of your choice - Replace `` with the IP address or hostname of the target machine - - Replace `` with the SSH username (e.g., dev, ubuntu) + - Replace `` with the username of the user that you set up on target machine (e.g. dev, ubuntu) - Verify that you are able to connect to the host using the following command ```bash - ansible all -m ping -i hosts.ini -k + ansible all -m ping -i hosts.ini # Expected output: @@ -88,35 +70,37 @@ To run the playbook on a remote host: # } ``` -- Execute the `deploy-contracts.yml` Ansible playbook for remote deployment: +- Execute the `deploy-contracts.yml` Ansible playbook to deploy nitro contracts: ```bash - LANG=en_US.utf8 ansible-playbook -i hosts.ini deploy-contracts.yml --extra-vars='{ "target_host": "nitro_host"}' --user $USER -kK + LANG=en_US.utf8 ansible-playbook -i hosts.ini deploy-contracts.yml --extra-vars='{ "target_host": "nitro_host"}' --user $USER ``` + NOTE: By default, deployments are created in an `out` directory. To change this location, update the `nitro_directory` variable in the [setup-vars.yml](./setup-vars.yml) file + - For skipping container build, run with `"skip_container_build" : true` in the `--extra-vars` parameter: ```bash - LANG=en_US.utf8 ansible-playbook -i hosts.ini deploy-contracts.yml --extra-vars='{ "target_host": "nitro_host", "skip_container_build": true }' --user $USER -kK + LANG=en_US.utf8 ansible-playbook -i hosts.ini deploy-contracts.yml --extra-vars='{ "target_host": "nitro_host", "skip_container_build": true }' --user $USER ``` ## Check Deployment Status -- Run the following command in the directory where the nitro-contracts-deployment is created: +Run the following command in the directory where the nitro-contracts-deployment is created: - - Check logs for deployments: +- Check logs for deployments: - ```bash + ```bash # Check the L2 nitro contract deployment logs - laconic-so deployment --dir nitro-contracts-deployment logs l2-nitro-contracts -f + laconic-so deployment --dir nitro-contracts-deployment logs l2-nitro-contracts -f ``` ## Get Contract Addresses -- Run the following commands in the directory where the deployments are created: +Run the following commands in the directory where the deployments are created: - - Get addresses of L1 nitro contracts: +- Get addresses of L1 nitro contracts: - ```bash - laconic-so deployment --dir nitro-contracts-deployment exec nitro-contracts "cat /app/deployment/nitro-addresses.json" - ``` + ```bash + laconic-so deployment --dir nitro-contracts-deployment exec nitro-contracts "cat /app/deployment/nitro-addresses.json" + ``` diff --git a/nitro-contracts-setup/setup-vars.yml b/nitro-contracts-setup/setup-vars.yml index d1d497f..ef0a210 100644 --- a/nitro-contracts-setup/setup-vars.yml +++ b/nitro-contracts-setup/setup-vars.yml @@ -1,3 +1,3 @@ -target_host: "localhost" +target_host: "nitro_host" nitro_directory: out skip_container_build: false diff --git a/nitro-nodes-setup/README.md b/nitro-nodes-setup/README.md index 00b5756..5e17f1d 100644 --- a/nitro-nodes-setup/README.md +++ b/nitro-nodes-setup/README.md @@ -1,8 +1,10 @@ # nitro-nodes-setup -## Setup Ansible +## Prerequisites -To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine +- Setup Ansible: To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine. + +- Setup user with passwordless sudo: Follow steps from [Setup a user](../user-setup/README.md#setup-a-user) to setup a new user with passwordless sudo ## Setup @@ -52,33 +54,13 @@ The following commands have to be executed in [`nitro-nodes-setup`](./) director ## Run Nitro Node -### On Local Host - -- To run a nitro node, execute the `run-nitro-nodes.yml` Ansible playbook by running the following command: - - ```bash - LANG=en_US.utf8 ansible-playbook run-nitro-nodes.yml --extra-vars='{ "target_host": "localhost"}' --user $USER -kK - ``` - - NOTE: By default, deployments are created in a `out` directory. To change this location, update the `nitro_directory` variable in the [setup-vars.yml](./setup-vars.yml) file - -- For skipping container build, run with `"skip_container_build" : true` in the `--extra-vars` parameter: - - ```bash - LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-nodes.yml --extra-vars='{ "target_host": "localhost", "skip_container_build": true }' --user $USER -kK - ``` - -### On Remote Host - -To run the playbook on a remote host: - - Create a new `hosts.ini` file: ```bash cp ../hosts.example.ini hosts.ini ``` -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: +- Edit the [`hosts.ini`](./hosts.ini) file: ```ini [] @@ -88,12 +70,12 @@ To run the playbook on a remote host: - Replace `` with `nitro_host` - Replace `` with the alias of your choice - Replace `` with the IP address or hostname of the target machine - - Replace `` with the SSH username (e.g., dev, ubuntu) + - Replace `` with the username of the user that you set up on target machine (e.g. dev, ubuntu) - Verify that you are able to connect to the host using the following command ```bash - ansible all -m ping -i hosts.ini -k + ansible all -m ping -i hosts.ini # Expected output: @@ -108,31 +90,32 @@ To run the playbook on a remote host: - Copy and edit the [`nitro-vars.yml`](./nitro-vars.yml) file as described in the [local setup](./README.md#run-nitro-node-on-local-host) section -- Execute the `run-nitro-nodes.yml` Ansible playbook for remote deployment: +- Execute the `run-nitro-nodes.yml` Ansible playbook to deploy nitro nodes: ```bash - LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-nodes.yml --extra-vars='{ "target_host": "nitro_host"}' --user $USER -kK + LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-nodes.yml --extra-vars='{ "target_host": "nitro_host"}' --user $USER ``` + NOTE: By default, deployments are created in a `out` directory. To change this location, update the `nitro_directory` variable in the [setup-vars.yml](./setup-vars.yml) file + - For skipping container build, run with `"skip_container_build" : true` in the `--extra-vars` parameter: ```bash - LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-nodes.yml --extra-vars='{ "target_host": "nitro_host", "skip_container_build": true }' --user $USER -kK + LANG=en_US.utf8 ansible-playbook -i hosts.ini run-nitro-nodes.yml --extra-vars='{ "target_host": "nitro_host", "skip_container_build": true }' --user $USER ``` - ## Check Deployment Status -- Run the following command in the directory where the deployments are created +Run the following command in the directory where the deployments are created - - Check L1 nitro node logs: +- Check L1 nitro node logs: - ```bash - laconic-so deployment --dir l1-nitro-deployment logs nitro-node -f - ``` + ```bash + laconic-so deployment --dir l1-nitro-deployment logs nitro-node -f + ``` - - Check L2 nitro node logs: +- Check L2 nitro node logs: - ```bash - laconic-so deployment --dir l2-nitro-deployment logs nitro-node -f - ``` + ```bash + laconic-so deployment --dir l2-nitro-deployment logs nitro-node -f + ``` diff --git a/nitro-nodes-setup/setup-vars.yml b/nitro-nodes-setup/setup-vars.yml index d1d497f..ef0a210 100644 --- a/nitro-nodes-setup/setup-vars.yml +++ b/nitro-nodes-setup/setup-vars.yml @@ -1,3 +1,3 @@ -target_host: "localhost" +target_host: "nitro_host" nitro_directory: out skip_container_build: false diff --git a/service-provider-setup/README.md b/service-provider-setup/README.md index fd92387..b46e161 100644 --- a/service-provider-setup/README.md +++ b/service-provider-setup/README.md @@ -1,76 +1,16 @@ # service-provider-setup -## Setup Ansible - -To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine - ## Prerequisites +- Setup Ansible: follow the [installation](../README.md#installation) guide to setup ansible on your machine + - Set up a DigitalOcean Droplet with passwordless SSH access - Buy a domain and configure [nameservers pointing to DigitalOcean](https://docs.digitalocean.com/products/networking/dns/getting-started/dns-registrars/) - Generate a DigitalOcean access token, used for API authentication and managing cloud resources -## Setup a new User - -- Create a new `hosts.ini` file: - - ```bash - cp ../hosts.example.ini hosts.ini - ``` - -- Edit the [`hosts.ini`](./hosts.ini) file to run the playbook on a remote machine: - - ```ini - [root_host] - ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' - ``` - - - Replace `` with the desired `hostname` of the remote machine - - Replace `` with the IP address or hostname of the target machine - - Replace `` with `root` - -- Verify that you are able to connect to the host using the following command: - - ```bash - ansible all -m ping -i hosts.ini - - # Expected output: - - # | SUCCESS => { - # "ansible_facts": { - # "discovered_interpreter_python": "/usr/bin/python3.10" - # }, - # "changed": false, - # "ping": "pong" - # } - ``` - -- Setup `user-vars.yml` using the example file - - ```bash - cp vars/user-vars.example.yml vars/user-vars.yml - ``` - -- Edit the `user-vars.yml` file: - - ```bash - # name of the user you want to setup on the target host - username: "" - - # password of the user you want to setup on the target host - password: "" - - # path to the ssh key on your machine, eg: "/home/user/.ssh/id_rsa.pub" - path_to_ssh_key: "" - ``` - -- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions: - - ```bash - LANG=en_US.utf8 ansible-playbook setup-user.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host" }' - ``` +- Setup a user: Follow steps from [Setup a user](../user-setup/README.md#setup-a-user) to setup a new user with passwordless sudo ## Become a Service Provider @@ -93,47 +33,47 @@ To get started, follow the [installation](../README.md#installation) guide to se ```bash # vars/dns-vars.yml - full_domain: "" # eg: laconic.com - subdomain_prefix: "" # eg: lcn-cad - service_provider_ip: "" # eg: 23.111.78.179 - do_api_token: "" # DigitalOcean access token that you generated, eg: dop_v1... + full_domain: "" # eg: laconic.com + service_provider_ip: "" # eg: 23.111.78.179 + do_api_token: "" # DigitalOcean access token that you generated, eg: dop_v1... # vars/gpg-vars.yml - gpg_user_name: "" # full name of the user for the GPG key - gpg_user_email: "" # email address associated with the GPG key - gpg_passphrase: "" # passphrase for securing the GPG key + gpg_user_name: "" # full name of the user for the GPG key + gpg_user_email: "" # email address associated with the GPG key + gpg_passphrase: "" # passphrase for securing the GPG key # vars/k8s-vars.yml - target_host: "deployment_host" - org_id: "" # eg: lcn - location_id: "" # eg: cad - base_domain: "" # eg: laconic - support_email: "" # eg: support@laconic.com + org_id: "" # eg: lcn + location_id: "" # eg: cad + support_email: "" # eg: support@laconic.com # vars/container-vars.yml - container_registry_username: "" # username to login to the container registry - container_registry_password: "" # password to login to the container registry + container_registry_username: "" # username to login to the container registry + container_registry_password: "" # password to login to the container registry # vars/laconicd-vars.yml chain_id: "" # chain id to use for the Laconic chain # vars/webapp-vars.yml - authority_name: "" # eg: my-org-name - cpu_reservation: "" # minimum number of cpu cores to be used, eg: 2 - memory_reservation: "" # minimum amount of memory in GB to be used, eg: 4G - cpu_limit: "" # maximum number of cpu cores to be used, eg: 6 - memory_limit: "" # maximum amount of memory in GB to be used, eg: 8G - deployer_gpg_passphrase: "" # passphrase for creating GPG key used by webapp-deployer, eg: SECRET - handle_auction_requests: "" # whether the webapp deployer should handle deployment auction requests, eg: true - auction_bid_amount: "" # bid amount for deployment auctions in alnt, eg: 500000 + authority_name: "" # eg: laconic-authority + cpu_reservation: "1" # minimum number of cpu cores to be used, eg: 2 + memory_reservation: "2G" # minimum amount of memory in GB to be used, eg: 4G + cpu_limit: "6" # maximum number of cpu cores to be used, eg: 6 + memory_limit: "8G" # maximum amount of memory in GB to be used, eg: 8G + deployer_gpg_passphrase: "" # passphrase for creating GPG key used by webapp-deployer, eg: SECRET + handle_auction_requests: "true" # whether the webapp deployer should handle deployment auction requests, eg: true + auction_bid_amount: "500000" # bid amount for deployment auctions in alnt, eg: 500000 ``` -- Update the [`hosts.ini`](./hosts.ini) file: +- Create a new `hosts.ini` file: + + ```bash + cp ../hosts.example.ini hosts.ini + ``` + +- Edit the [`hosts.ini`](./hosts.ini) file: ```ini - [root_host] - ansible_host= ansible_user=root ansible_ssh_common_args='-o ForwardAgent=yes' - [deployment_host] ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' ``` @@ -178,3 +118,82 @@ After the playbook finishes executing, the following services will be deployed ( - laconic console: - webapp deployer API: - webapp deployer UI: + +## Cleanup + +Run the following steps on the target machine to stop the webapp-deployer, container-registry, fixturenet-laconicd and laconic-console-deployment, undeploy k8s, remove GPG keys and DNS records +- Stop deployments + + ``` + $ laconic-so deployment --dir webapp-ui stop + $ laconic-so deployment --dir webapp-deployer + $ laconic-so deployment --dir container-registry stop + $ laconic-so deployment --dir laconic-console-deployment stop --delete-volumes + $ laconic-so deployment --dir fixturenet-laconicd-deployment stop --delete-volumes + ``` + +- Remove deployment directories + ``` + sudo rm -rf webapp-ui + sudo rm -rf webapp-deployer + sudo rm -rf container-registry + sudo rm -rf laconic-console-deployment + sudo rm -rf fixturenet-laconicd-deployment + ``` + +- Remove spec files + + ``` + rm webapp-deployer.spec + rm container-registry.spec + rm laconic-console-spec.yml + rm fixturenet-laconicd-spec.yml + ``` + +- Undeploy the k8s + + ``` + $ cd service-provider-template + $ export VAULT_KEY= + $ bash .vault/vault-rekey.sh + $ ansible-playbook -i hosts site.yml --tags=k8s --limit=_ --user --extra-vars 'k8s_action=destroy' + ``` + +- Remove service-provider-template repo + ``` + $ rm -rf service-provider-template + ``` + +- Remove any existing GPG keys + ``` + $ rm -rf gpg-keys/ + $ gpg --list-secret-keys --keyid-format=long + /home/dev/.gnupg/pubring.kbx + ---------------------------- + sec rsa4096/DA9E3D638930A699 2024-10-15 [SCEA] + 69A3200727091E72B773BBEBDA9E3D638930A699 + uid [ultimate] deepstack + ssb rsa3072/2B5D80CF44753EFD 2024-10-15 [SEA] + + sec rsa3072/2449A62C838440AB 2024-10-15 [SC] + 646A42164F978DC1415C11F12449A62C838440AB + uid [ultimate] webapp-deployer-api.deepstack.com + ssb rsa3072/67576558A2F2FE91 2024-10-15 [E] + + $ gpg --delete-secret-key 69A3200727091E72B773BBEBDA9E3D638930A699 + $ gpg --delete-key 69A3200727091E72B773BBEBDA9E3D638930A699 + $ gpg --delete-secret-key 646A42164F978DC1415C11F12449A62C838440AB + $ gpg --delete-key 646A42164F978DC1415C11F12449A62C838440AB + ``` +- Remove the user if required + + ```bash + $ userdel + + # If required, kill process that is using the user + # userdel: user is currently used by process 1639 + # $ kill -9 1639 + ``` + +- Remove DNS records using DigitalOcean's API: + - diff --git a/service-provider-setup/setup-k8s.yml b/service-provider-setup/setup-k8s.yml index bb46a95..d672695 100644 --- a/service-provider-setup/setup-k8s.yml +++ b/service-provider-setup/setup-k8s.yml @@ -66,6 +66,7 @@ command: gpg-agent --daemon ignore_errors: yes + # Cache GPG passphrase by signing a dummy string to avoid passphrase prompts in later steps - name: Sign a dummy string using gpg-key shell: echo "This is a dummy string." | gpg --batch --yes --local-user "{{ gpg_key_id }}" --passphrase "{{ vault_passphrase }}" --pinentry-mode loopback --sign - @@ -124,10 +125,10 @@ src: ./templates/k8s.yml.j2 dest: "{{ ansible_env.HOME }}/service-provider-template/group_vars/{{ org_id }}_{{ location_id }}/k8s.yml" - - name: Copy wildcard-pwa-{{ base_domain }}.yaml to the remote VM + - name: Copy wildcard template to the remote VM template: src: ./templates/wildcard-pwa-example.yml.j2 - dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ base_domain }}.yaml" + dest: "{{ ansible_env.HOME }}/service-provider-template/files/manifests/wildcard-pwa-{{ full_domain | replace('.', '-') }}.yaml" - name: Delete old wildcard-pwa file file: diff --git a/service-provider-setup/templates/k8s.yml.j2 b/service-provider-setup/templates/k8s.yml.j2 index e6c35f7..33c4688 100644 --- a/service-provider-setup/templates/k8s.yml.j2 +++ b/service-provider-setup/templates/k8s.yml.j2 @@ -52,4 +52,4 @@ k8s_manifests: # initiate wildcard cert - name: pwa.{{ full_domain }} type: file - source: wildcard-pwa-{{ base_domain }}.yaml + source: wildcard-pwa-{{ full_domain | replace('.', '-') }}.yaml diff --git a/service-provider-setup/vars/dns-vars.example.yml b/service-provider-setup/vars/dns-vars.example.yml index 3d2e67f..03639e6 100644 --- a/service-provider-setup/vars/dns-vars.example.yml +++ b/service-provider-setup/vars/dns-vars.example.yml @@ -1,5 +1,5 @@ full_domain: "" -subdomain_prefix: "" +subdomain_prefix: "{{ org_id }}-{{ location_id }}" subdomain_cluster_control: "{{ subdomain_prefix }}-cluster-control" service_provider_ip: "" do_api_token: "" diff --git a/service-provider-setup/vars/k8s-vars.example.yml b/service-provider-setup/vars/k8s-vars.example.yml index 78e06d6..54e3a0a 100644 --- a/service-provider-setup/vars/k8s-vars.example.yml +++ b/service-provider-setup/vars/k8s-vars.example.yml @@ -2,6 +2,5 @@ gpg_key_id: "{{ sec_key_id }}" vault_passphrase: "{{ gpg_passphrase }}" org_id: "" location_id: "" -base_domain: "" support_email: "" ansible_ssh_extra_args: '-o StrictHostKeyChecking=no' diff --git a/service-provider-setup/vars/webapp-vars.example.yml b/service-provider-setup/vars/webapp-vars.example.yml index cf050d3..78a7b0f 100644 --- a/service-provider-setup/vars/webapp-vars.example.yml +++ b/service-provider-setup/vars/webapp-vars.example.yml @@ -1,10 +1,10 @@ ALICE_PK: "{{ ALICE_PK }}" BOND_ID: "{{ BOND_ID }}" authority_name: "" -cpu_reservation: "" -memory_reservation: "" +cpu_reservation: "1" +memory_reservation: "2G" cpu_limit: "6" memory_limit: "8G" deployer_gpg_passphrase: "" -handle_auction_requests: "false" -auction_bid_amount: "0" +handle_auction_requests: "true" +auction_bid_amount: "500000" diff --git a/stack-orchestrator-setup/README.md b/stack-orchestrator-setup/README.md index c101486..6789e98 100644 --- a/stack-orchestrator-setup/README.md +++ b/stack-orchestrator-setup/README.md @@ -1,8 +1,10 @@ # stack-orchestrator-setup -## Setup Ansible +## Prerequisites -To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine. +- Setup Ansible: To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine. + +- Setup user with passwordless sudo: Follow steps from [Setup a user](../user-setup/README.md#setup-a-user) to setup a new user with passwordless sudo ## Setup Stack Orchestrator @@ -10,18 +12,6 @@ This playbook will install Docker and Stack Orchestrator (laconic-so) on the mac Run the following commands in the [`stack-orchestrator-setup`](./) directory. -### On Local Host - -To setup stack orchestrator and docker locally, execute the `setup-laconic-so.yml` Ansible playbook: - -```bash -LANG=en_US.utf8 ansible-playbook setup-laconic-so.yml --user $USER -kK -``` - -### On Remote Host - -To run the playbook on a remote host: - - Create a new `hosts.ini` file: ```bash @@ -37,12 +27,12 @@ To run the playbook on a remote host: - Replace `` with the alias of your choice - Replace `` with the IP address or hostname of the target machine - - Replace `` with the SSH username (e.g., dev, ubuntu) + - Replace `` with the username of the user that you set up on target machine (e.g. dev, ubuntu) - Verify that you are able to connect to the host using the following command ```bash - ansible all -m ping -i hosts.ini -k + ansible all -m ping -i hosts.ini # Expected output: @@ -55,22 +45,24 @@ To run the playbook on a remote host: # } ``` -- Execute the `setup-laconic-so.yml` Ansible playbook for setting up stack orchestrator and docker on a remote machine: +- Execute the `setup-laconic-so.yml` Ansible playbook for setting up stack orchestrator and docker on the target machine: ```bash - LANG=en_US.utf8 ansible-playbook setup-laconic-so.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host"}' --user $USER -kK + LANG=en_US.utf8 ansible-playbook setup-laconic-so.yml -i hosts.ini --extra-vars='{ "target_host": "deployment_host"}' --user $USER ``` ## Verify Installation -- After the installation is complete, verify if `$HOME/bin` is already included in your PATH by running: +Run the following commands on your target machine: + +- After the installation is complete, verify if `$HOME/bin` is already included in the `PATH` by running: ```bash echo $PATH | grep -q "$HOME/bin" && echo "$HOME/bin is already in PATH" || echo "$HOME/bin is not in PATH" ``` If the command outputs `"$HOME/bin is not in PATH"`, you'll need to add it to your `PATH`. -- To add `$HOME/bin` to your PATH, run the following command: +- To add `$HOME/bin` to your `PATH`, run the following command: ```bash export PATH="$HOME/bin:$PATH" diff --git a/user-setup/.gitignore b/user-setup/.gitignore new file mode 100644 index 0000000..ab0c719 --- /dev/null +++ b/user-setup/.gitignore @@ -0,0 +1 @@ +user-vars.yml diff --git a/user-setup/README.md b/user-setup/README.md new file mode 100644 index 0000000..3954c81 --- /dev/null +++ b/user-setup/README.md @@ -0,0 +1,74 @@ +# user-setup + +## Prerequisites + +- Setup Ansible: follow the [installation](../README.md#installation) guide to setup ansible on your machine. + +- Setup a remote machine with passwordless SSH login for the root user + +- Install `passlib` used for handling encrypted passwords when setting up a user + + ```bash + pip install passlib + ``` + +## Setup a user + +- Create a new `hosts.ini` file: + + ```bash + cd user-setup/ + cp ../hosts.example.ini hosts.ini + ``` + +- Edit the [`hosts.ini`](./hosts.ini) file: + + ```ini + [deployment_host] + ansible_host= ansible_user= ansible_ssh_common_args='-o ForwardAgent=yes' + ``` + + - Replace `` with the desired `hostname` of the remote machine + - Replace `` with the IP address or hostname of the target machine + - Replace `` with `root` + +- Verify that you are able to connect to the host using the following command: + + ```bash + ansible all -m ping -i hosts.ini + + # Expected output: + + # | SUCCESS => { + # "ansible_facts": { + # "discovered_interpreter_python": "/usr/bin/python3.10" + # }, + # "changed": false, + # "ping": "pong" + # } + ``` + +- Setup `user-vars.yml` using the example file + + ```bash + cp user-vars.example.yml user-vars.yml + ``` + +- Edit the `user-vars.yml` file: + + ```bash + # name of the user you want to setup on the target host + username: "" + + # password of the user you want to setup on the target host + password: "" + + # path to the ssh key on your machine, eg: "/home/user/.ssh/id_rsa.pub" + path_to_ssh_key: "" + ``` + +- Execute the `setup-user.yml` Ansible playbook to create a user with passwordless sudo permissions: + + ```bash + LANG=en_US.utf8 ansible-playbook setup-user.yml -i hosts.ini + ``` diff --git a/service-provider-setup/setup-user.yml b/user-setup/setup-user.yml similarity index 96% rename from service-provider-setup/setup-user.yml rename to user-setup/setup-user.yml index 35fca4c..d74d84f 100644 --- a/service-provider-setup/setup-user.yml +++ b/user-setup/setup-user.yml @@ -1,9 +1,9 @@ - name: Configure system - hosts: root_host + hosts: deployment_host become: yes vars_files: - - vars/user-vars.yml + - user-vars.yml tasks: - name: Create a user diff --git a/service-provider-setup/vars/user-vars.example.yml b/user-setup/user-vars.example.yml similarity index 100% rename from service-provider-setup/vars/user-vars.example.yml rename to user-setup/user-vars.example.yml