Allow to create a package and install a package compiled from GitHub

Also add nginx config for reverse proxying and set up Let's Encrypt automatically
2017-05-05 19:47:30 +02:00 · 2017-05-05 19:47:30 +02:00 · 2624c09875
commit 2624c09875
parent fcf3b0b0dc
13 changed files with 274 additions and 20 deletions
--- a/site-cookbooks/kosmos-parity/attributes/default.rb
+++ b/site-cookbooks/kosmos-parity/attributes/default.rb
@ -1,3 +1,7 @@
-node.default['kosmos-parity']['home_path'] = "/home/parity"
-node.default['kosmos-parity']['version']   = "1.6.6"
-node.default['kosmos-parity']['checksum']  = '99ed4c0bf8cf7e0b143d8901f51c666d743844b0788ab03ccacb1f4538bfd085'
+node.default['kosmos-parity']['home_path']          = "/home/parity"
+node.default['kosmos-parity']['version']            = "1.6.6"
+node.default['kosmos-parity']['package_checksum']   = '7fd51ded7a367774e62c965088ffd15ad0fa42251005d448eb700cbf5db8df24'
+node.default['kosmos-parity']['package_version']    = '1.7.0'
+node.default['kosmos-parity']['package_timestamp']  = '1493999009'
+node.default['kosmos-parity']['debian_package_dir'] = Chef::Config[:file_cache_path]
+node.default['kosmos-parity']['hostname']           = "parity.kosmos.org"
--- a/site-cookbooks/kosmos-parity/metadata.rb
+++ b/site-cookbooks/kosmos-parity/metadata.rb
@ -9,3 +9,6 @@ version          '0.1.0'
 gem 'toml'

 depends 'ark'
+depends 'build-essential'
+depends 'kosmos-nginx'
+depends 'firewall'
--- a/site-cookbooks/kosmos-parity/recipes/create_package_from_github.rb
+++ b/site-cookbooks/kosmos-parity/recipes/create_package_from_github.rb
@ -0,0 +1,69 @@
+#
+# Cookbook Name:: kosmos-parity
+# Recipe:: create_package_from_github
+#
+# Copyright 2017, Kosmos
+#
+# All rights reserved - Do Not Redistribute
+#
+
+include_recipe 'kosmos-parity::user'
+include_recipe 'build-essential'
+package %w(git libssl-dev pkg-config libudev-dev)
+gem_package 'fpm' do
+  version '1.8.1'
+end
+
+rust_version = '1.17.0'
+architecture = node['kernel']['machine']
+rust_canonical_basename = "rust-#{rust_version}-#{architecture}-unknown-linux-gnu"
+rust_path = "/usr/local/rust_#{rust_version}"
+
+url = "https://static.rust-lang.org/dist/#{rust_canonical_basename}.tar.gz"
+
+ark "rust_#{rust_version}" do
+  url      url
+  path     "/usr/local"
+  action   :put
+  notifies :run, "execute[install rust]", :immediately
+end
+
+execute "install rust" do
+  command "./install.sh"
+  cwd     "#{rust_path}"
+  action  :nothing
+end
+
+parity_revision = "0d8920347a72fc50e82b540855eba94c8bbb2c0f"
+
+git "/home/parity/parity" do
+  repository "https://github.com/paritytech/parity.git"
+  revision   parity_revision
+  user       "parity"
+  group      "parity"
+  notifies :run, "execute[build parity]", :immediately
+end
+
+execute "build parity" do
+  cwd         "/home/parity/parity"
+  environment "HOME" => "/home/parity"
+  command     "cargo build --release"
+  action      :nothing
+  user        "parity"
+  group       "parity"
+  notifies    :run, "execute[copy parity]", :immediately
+end
+
+execute "copy parity" do
+  command  "cp /home/parity/parity/target/release/parity /usr/bin/"
+  action   :run
+  notifies :run, "execute[create package]", :immediately
+end
+
+timestamp = Time.now.strftime('%s')
+parity_version  = node['kosmos-parity']['package_version']
+execute "create package" do
+  cwd     node['kosmos-parity']['debian_package_dir']
+  command "fpm -s dir -t deb -n parity -v #{parity_version}-#{timestamp} -p parity_#{parity_version}-#{timestamp}.deb /usr/bin/parity"
+  action  :nothing
+end
--- a/site-cookbooks/kosmos-parity/recipes/default.rb
+++ b/site-cookbooks/kosmos-parity/recipes/default.rb
@ -7,17 +7,7 @@
 # All rights reserved - Do Not Redistribute
 #

-group "parity" do
-  gid 72748
-end
-
-user "parity" do
-  system true
-  manage_home true
-  comment "parity user"
-  uid 72748
-  gid 72748
-end
+include_recipe 'kosmos-parity::user'

 parity_version = node['kosmos-parity']['version']
 parity_package_path = "#{Chef::Config[:file_cache_path]}/parity_#{parity_version}_amd64.deb"
--- a/site-cookbooks/kosmos-parity/recipes/from_package.rb
+++ b/site-cookbooks/kosmos-parity/recipes/from_package.rb
@ -0,0 +1,27 @@
+#
+# Cookbook Name:: kosmos-parity
+# Recipe:: default
+#
+# Copyright 2017, Kosmos
+#
+# All rights reserved - Do Not Redistribute
+#
+
+include_recipe 'kosmos-parity::user'
+
+parity_version    = node['kosmos-parity']['package_version']
+package_timestamp = node['kosmos-parity']['package_timestamp']
+parity_filename   = "parity_#{parity_version}-#{package_timestamp}.deb"
+
+parity_package_path = "#{Chef::Config[:file_cache_path]}/#{parity_filename}"
+remote_file parity_package_path do
+  source   "https://dl.5apps.com/#{parity_filename}"
+  checksum node['kosmos-parity']['checksum']
+  mode     0750
+  notifies :install, "dpkg_package[parity]", :immediately
+end
+
+dpkg_package "parity" do
+  source  parity_package_path
+  version "#{parity_version}-#{package_timestamp}"
+end
--- a/site-cookbooks/kosmos-parity/recipes/letsencrypt.rb
+++ b/site-cookbooks/kosmos-parity/recipes/letsencrypt.rb
@ -0,0 +1,40 @@
+#
+# Cookbook Name:: kosmos-parity
+# Recipe:: letsencrypt
+#
+# Copyright 2017, Kosmos
+#
+# All rights reserved - Do Not Redistribute
+#
+
+include_recipe "kosmos-base::letsencrypt"
+
+hostname = node['kosmos-parity']['hostname']
+
+directory "/var/www/#{hostname}/.well-known/acme-challenge" do
+  owner     node["nginx"]["user"]
+  group     node["nginx"]["group"]
+  action    :create
+  recursive true
+end
+
+template "#{node['nginx']['dir']}/sites-available/#{hostname}" do
+  source 'nginx_conf_parity_letsencrypt.erb'
+  owner 'www-data'
+  mode 0640
+  variables server_name: hostname,
+            ssl_cert:    "/etc/letsencrypt/live/#{hostname}/fullchain.pem",
+            ssl_key:     "/etc/letsencrypt/live/#{hostname}/privkey.pem"
+  notifies :reload, 'service[nginx]', :delayed
+end
+
+nginx_site "#{hostname}" do
+  action :enable
+end
+
+execute "letsencrypt cert for #{hostname}" do
+  command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{hostname} -d #{hostname} -n"
+  cwd "/usr/local/certbot"
+  not_if { File.exist? "/etc/letsencrypt/live/#{hostname}/fullchain.pem" }
+  notifies :reload, "service[nginx]", :delayed
+end
--- a/site-cookbooks/kosmos-parity/recipes/node_dev.rb
+++ b/site-cookbooks/kosmos-parity/recipes/node_dev.rb
@ -7,6 +7,9 @@
 # All rights reserved - Do Not Redistribute
 #

+rpc_proxy_port = 8545
+rpc_port       = 18545
+
 parity_node "dev" do
  password "parityparity"
  config parity: {
@ -18,18 +21,33 @@ parity_node "dev" do
           warp: true,
         },
         rpc: {
-           port: 8545,
+           port: rpc_port,
           cors: "*",
+           apis: ["safe"],
+           hosts: ["all"],
         },
         dapps: {
-           port: 8090,
+           disable: true,
         },
         ui: {
-           port: 8180,
-           force: true,
+           disable: true,
+         },
+         websockets: {
+           disable: true,
         },
         mining: {
           reseal_min_period: 0,
         }
+  rpc_proxy_port rpc_proxy_port
 end

+# The firewall_rule doesn't appear to work inside a resource, that's why we're
+# doing it here
+unless node.chef_environment == "development"
+  include_recipe 'firewall'
+  firewall_rule "parity_dev" do
+    port     rpc_proxy_port
+    protocol :tcp
+    command  :allow
+  end
+end
--- a/site-cookbooks/kosmos-parity/recipes/node_mainnet.rb
+++ b/site-cookbooks/kosmos-parity/recipes/node_mainnet.rb
@ -13,6 +13,7 @@ parity_node "mainnet" do
  password credentials["mainnet_password"]
  config parity: {
           chain: "homestead",
+           no_download: true, # Don't Download Updates
         },
         network: {
           port: 30305,
--- a/site-cookbooks/kosmos-parity/recipes/node_testnet.rb
+++ b/site-cookbooks/kosmos-parity/recipes/node_testnet.rb
@ -13,6 +13,7 @@ parity_node "testnet" do
  password credentials["testnet_password"]
  config parity: {
           chain: "ropsten",
+           no_download: true, # Don't Download Updates
         },
         network: {
           port: 30304,
--- a/site-cookbooks/kosmos-parity/recipes/user.rb
+++ b/site-cookbooks/kosmos-parity/recipes/user.rb
@ -0,0 +1,20 @@
+#
+# Cookbook Name:: kosmos-parity
+# Recipe:: user
+#
+# Copyright 2017, Kosmos
+#
+# All rights reserved - Do Not Redistribute
+#
+
+group "parity" do
+  gid 72748
+end
+
+user "parity" do
+  system true
+  manage_home true
+  comment "parity user"
+  uid 72748
+  gid 72748
+end
--- a/site-cookbooks/kosmos-parity/resources/node.rb
+++ b/site-cookbooks/kosmos-parity/resources/node.rb
@ -5,10 +5,9 @@ provides :parity_node
 property :name, String, name_property: true, required: true
 property :config, Hash, required: true
 property :password, String, required: true
+property :rpc_proxy_port, Integer

 action :enable do
-  include_recipe "kosmos-parity::default"
-
  node_name = name
  parity_service = "parity_#{node_name}"
  base_path = "#{node['kosmos-parity']['home_path']}/.local/share/io.parity.ethereum/#{name}"
@ -90,4 +89,31 @@ action :enable do
  service parity_service do
    action [:enable, :start]
  end
+
+  if rpc_proxy_port
+    unless node.chef_environment == "development"
+      include_recipe "kosmos-parity::letsencrypt"
+    end
+
+    include_recipe "kosmos-nginx"
+
+    hostname = node['kosmos-parity']['hostname']
+
+    template "#{node['nginx']['dir']}/sites-available/#{parity_service}" do
+      source 'nginx_conf_parity.erb'
+      owner 'www-data'
+      mode 0640
+      variables internal_port: config[:rpc][:port],
+                external_port: rpc_proxy_port,
+                parity_service: parity_service,
+                server_name:   hostname,
+                ssl_cert:      "/etc/letsencrypt/live/#{hostname}/fullchain.pem",
+                ssl_key:       "/etc/letsencrypt/live/#{hostname}/privkey.pem"
+      notifies :reload, 'service[nginx]', :delayed
+    end
+
+    nginx_site "#{parity_service}" do
+      action :enable
+    end
+  end
 end
--- a/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity.erb
+++ b/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity.erb
@ -0,0 +1,34 @@
+# Generated by Chef
+upstream _<%= @parity_service %> {
+  server   localhost:<%= @internal_port %>;
+}
+
+server {
+  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+  listen <%= @external_port %> ssl http2;
+  <% else -%>
+  listen <%= @external_port %>;
+  <% end -%>
+
+  server_name <%= @server_name %>;
+
+  access_log <%= node[:nginx][:log_dir] %>/<%= @parity_service %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @parity_service %>.error.log warn;
+
+  location /.well-known {
+    root "/var/www/<%= @parity_service %>";
+  }
+
+  location / {
+    # Increase number of buffers. Default is 8
+    proxy_buffers 1024 8k;
+
+    proxy_pass http://_<%= @parity_service %>;
+    proxy_http_version 1.1;
+   }
+
+  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+  <% end -%>
+}
--- a/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity_letsencrypt.erb
+++ b/site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity_letsencrypt.erb
@ -0,0 +1,21 @@
+# Generated by Chef
+server {
+  listen 80; # For Let's Encrypt
+  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+  listen <%= @external_port %> ssl http2;
+  <% end -%>
+
+  server_name <%= @server_name %>;
+
+  access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
+  error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
+
+  location /.well-known {
+    root "/var/www/<%= @server_name %>";
+  }
+
+  <% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
+  ssl_certificate <%= @ssl_cert %>;
+  ssl_certificate_key <%= @ssl_key %>;
+  <% end -%>
+}