Skip to content

Commit

Permalink
initial
Browse files Browse the repository at this point in the history
  • Loading branch information
@anixon604
anixon604 committed Sep 30, 2024
0 parents commit 6f8996d
Show file tree
Hide file tree
Showing 11 changed files with 657 additions and 0 deletions.
76 changes: 76 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
# Ignore Terraform state files and crash logs
*.tfstate
*.tfstate.*
crash.log

# Ignore Terraform variable files containing sensitive data
*.tfvars

# Ignore Terraform provider-specific files
.terraform/
.terraform.lock.hcl

# Ignore Terraform plan files
*.tfplan

# Ignore Terraform override files
override.tf
override.tf.json
*_override.tf
*_override.tf.json

# Ignore temporary Terraform files
terraform.tfstate.backup
.terraformrc

# Ignore Ansible configuration file
ansible.cfg

# Ignore Ansible inventory files
.inventory

# Ignore Ansible retry files
*.retry

# Ignore SSH keys
*.pem
*.key
ssh-login.sh

# Ignore Python virtual environment directories commonly used in Ansible projects
venv/
env/

# Ignore Python byte-code files
__pycache__/
*.py[cod]
*$py.class

# Ignore Ansible Galaxy roles and collections
roles/*
collections/*

# If you are using Ansible Vault, you may want to ignore encrypted secrets files
*.vault

# Ignore miscellaneous temporary files
.DS_Store
*.swp
*.swo
*~

# Ignore IDE/editor specific files
.idea/
.vscode/
*.iml

# Ignore logs
*.log

# Ignore shell history files
.bash_history
.zsh_history

# Ignore OS generated files
Thumbs.db
.DS_Store
111 changes: 111 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
# Azure Validator Node

Create a new Azure Validator Node with the following steps:

## Overview

This repository contains scripts and configurations to set up and manage an Azure Validator Node using Terraform and Ansible.

### Terraform

Terraform scripts are located in the [./terraform](./terraform) directory. These scripts are used to provision the necessary Azure infrastructure for the Validator Node.

### Ansible

Ansible playbooks are located in the [./ansible](./ansible) directory. These playbooks are used to configure the provisioned infrastructure and deploy the Validator Node.

## Requirements

Before you begin, ensure you have the following installed:

- [Terraform](https://www.terraform.io/downloads.html)
- [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
- [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli)

## Pre-requisites
Authenticate with Azure CLI
```sh
az login
```

## Installation

1. **Clone the repository:**

```sh
git clone https://github.com/ten-protocol/ten-validator.git
cd ten-validator
```

2. **Install Terraform:**

Follow the instructions on the [Terraform website](https://www.terraform.io/downloads.html) to install Terraform.

3. **Install Ansible:**

Follow the instructions on the [Ansible website](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) to install Ansible.

4. **Install Azure CLI:**

Follow the instructions on the [Azure CLI website](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) to install the Azure CLI.

## Usage

### Terraform

1. **Navigate to the Terraform directory:**

```sh
cd AzureTerra/terraform
```

2. **Initialize Terraform:**

```sh
terraform init
```

3. **Apply the Terraform configuration:**

```sh
terraform apply
```

Follow the prompts to confirm the infrastructure changes.

### Login to Validator Node
#### get-key.sh

The `get-key.sh` script is used to retrieve necessary keys for the Validator Node and generate a simple ssh-login.sh script to login to the Validator Node.

1. **Run the script:**

```sh
chmod +x get-key.sh
./get-key.sh
```

2. **Run the generated script:**

```sh
chmod +x ssh-login.sh
./ssh-login.sh
```

This will log you into the Validator Node.

### Ansible

1. **Navigate to the Ansible directory:**

```sh
cd AzureTerra/ansible
```

2. **Run the Ansible playbook:**

```sh
ansible-playbook -i inventory main.yml
```

Ensure that the `inventory` file is correctly configured with the details of your provisioned infrastructure.
113 changes: 113 additions & 0 deletions ansible/setup-validator-playbook.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
---
- name: Setup ten_validatorVM
hosts: all
become: yes
tasks:
- name: Create directory /home/obscuro
file:
path: /home/obscuro
state: directory

- name: Clone go-ten repository
git:
repo: "https://github.com/ten-protocol/go-ten.git"
dest: /home/obscuro/go-obscuro
version: "{{ lookup('env', 'BRANCH_NAME') }}"
depth: 1

- name: Copy edb-connect.sh
copy:
src: /home/obscuro/go-obscuro/tools/edbconnect/edb-connect.sh
dest: /home/obscurouser/edb-connect.sh
owner: obscurouser
group: obscurouser
mode: '0755'

- name: Create Docker network
docker_network:
name: node_network
driver: bridge

- name: Create directory /home/obscuro/promtail
file:
path: /home/obscuro/promtail
state: directory

- name: Create promtail-config.yaml
copy:
dest: /home/obscuro/promtail/promtail-config.yaml
content: |
server:
http_listen_port: 9080
grpc_listen_port: 0
positions:
filename: /tmp/positions.yaml
clients:
- url: "{{ lookup('vars', 'METRICS_URI') }}"
batchwait: 3s
batchsize: 1048576
tls_config:
insecure_skip_verify: true
basic_auth:
username: "{{ lookup('secrets', 'LOKI_USER') }}"
password: "{{ lookup('secrets', 'LOKI_PASSWORD') }}"
scrape_configs:
- job_name: flog_scrape
docker_sd_configs:
- host: unix:///var/run/docker.sock
refresh_interval: 5s
relabel_configs:
- source_labels: ["__meta_docker_container_name"]
regex: "/(.*)"
target_label: "container"
- source_labels: ["__meta_docker_container_log_stream"]
target_label: "logstream"
- source_labels: ["__meta_docker_container_label_logging_jobname"]
target_label: "job"
- replacement: "{{ lookup('matrix', 'host_id') }}-{{ lookup('github', 'event.inputs.testnet_type') }}-{{ lookup('GITHUB', 'RUN_NUMBER') }}"
target_label: "node_name"
- name: Run promtail container
docker_container:
name: promtail
image: grafana/promtail:latest
state: started
restart_policy: always
network_mode: node_network
env:
HOSTNAME: "{{ lookup('matrix', 'host_id') }}-{{ lookup('github', 'event.inputs.testnet_type') }}-{{ lookup('GITHUB', 'RUN_NUMBER') }}"
volumes:
- /var/log:/var/log
- /home/obscuro/promtail:/etc/promtail
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock
command: -config.file=/etc/promtail/promtail-config.yaml -config.expand-env=true

- name: Run go-ten node
command: >
sudo go run /home/obscuro/go-obscuro/go/node/cmd
-is_genesis={{ lookup('matrix', 'is_genesis') }}
-node_type={{ lookup('matrix', 'node_type') }}
-is_sgx_enabled=true
-host_id={{ lookup('vars', 'matrix.node_addr_lookup') }}
-l1_ws_url={{ lookup('secrets', 'matrix.node_l1_ws_lookup') }}
-management_contract_addr={{ lookup('needs.build.outputs', 'MGMT_CONTRACT_ADDR') }}
-message_bus_contract_addr={{ lookup('needs.build.outputs', 'MSG_BUS_CONTRACT_ADDR') }}
-l1_start={{ lookup('needs.build.outputs', 'L1_START_HASH') }}
-private_key={{ lookup('secrets', 'matrix.node_pk_lookup') }}
-sequencer_addr=obscuronode-0-{{ lookup('github.event.inputs', 'testnet_type') }}-{{ lookup('GITHUB', 'RUN_NUMBER') }}.uksouth.cloudapp.azure.com:10000
-host_public_p2p_addr=obscuronode-{{ lookup('matrix', 'host_id') }}-{{ lookup('github.event.inputs', 'testnet_type') }}-{{ lookup('GITHUB', 'RUN_NUMBER') }}.uksouth.cloudapp.azure.com:10000
-host_p2p_port=10000
-enclave_docker_image={{ lookup('vars', 'L2_ENCLAVE_DOCKER_BUILD_TAG') }}
-host_docker_image={{ lookup('vars', 'L2_HOST_DOCKER_BUILD_TAG') }}
-is_debug_namespace_enabled=true
-log_level={{ lookup('github.event.inputs', 'log_level') }}
-batch_interval={{ lookup('vars', 'L2_BATCH_INTERVAL') }}
-max_batch_interval={{ lookup('vars', 'L2_MAX_BATCH_INTERVAL') }}
-rollup_interval={{ lookup('vars', 'L2_ROLLUP_INTERVAL') }}
-l1_chain_id={{ lookup('vars', 'L1_CHAIN_ID') }}
-postgres_db_host=postgres://tenuser:{{ lookup('secrets', 'TEN_POSTGRES_USER_PWD') }}@postgres-ten-{{ lookup('github.event.inputs', 'testnet_type') }}.postgres.database.azure.com:5432/
start
25 changes: 25 additions & 0 deletions terraform/app-role.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Create a role assignment for the service principal# Create a service principal
resource "azuread_application" "ten_validatorApp" {
display_name = "ten_validatorApp"
}

resource "azuread_service_principal" "ten_validatorApp" {
application_id = azuread_application.ten_validatorApp.application_id
}

resource "azuread_service_principal_password" "ten_validatorApp" {
service_principal_id = azuread_service_principal.ten_validatorApp.object_id
end_date = "2099-01-01T00:00:00Z"
}

# Data source to get the current subscription ID
data "azurerm_subscription" "primary" {}

# Role assignment resource
resource "azurerm_role_assignment" "ra" {
principal_id = azuread_service_principal.ten_validatorApp.object_id
role_definition_name = "Reader"
scope = data.azurerm_subscription.primary.id
}

data "azurerm_client_config" "ten_validatorApp" {}
10 changes: 10 additions & 0 deletions terraform/get-key.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
#!/bin/bash

terraform output -raw private_key_data > ./ssh-key.pem
chmod 600 ./ssh-key.pem

pubip=$(terraform output -raw public_ip_address)

# creates a bash script to login to the instance
echo "ssh -i ssh-key.pem tenuser@${pubip}" > ./ssh-login.sh
chmod +x ./ssh-login.sh
Loading

0 comments on commit 6f8996d

Please sign in to comment.