kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 28 Pull Requests 4 Projects 2 Activity

Merge branch 'feature/15-parity' into 'master'

Browse Source 
Set up Parity nodes

See merge request !4
This commit is contained in:
Basti 2017-05-11 15:48:24 +00:00
commit 4f7ee6fd3b
21 changed files with 639 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
data_bags/credentials/parity.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "parity",
"testnet_password": {
"encrypted_data": "nPYzGCz9YkH7DyyYqEVzXMTK2Wim25jgP7NvO3epMR+J9Xu3vBG2kiQ6Wx0D\ngxM7\n",
"iv": "CuLNb2eNcBuoI1NuHf6j0g==\n",
"version": 1,
"cipher": "aes-256-cbc"
},
"mainnet_password": {
"encrypted_data": "PqmxQnvGKVEs0/YuZB1M2VO45Zk3Hqg9bXsgrX5wvM9bFXPjg9/xv7AK215d\n3FrZEFiV9PNyqbfjTcCpPkkdbDEvuJ8n/+mnFshEH+7+T+I=\n",
"iv": "HjNL7eKlDwWE37ZTVa62rA==\n",
"version": 1,
"cipher": "aes-256-cbc"
}
}

3
environments/development.json
View File

@ -6,5 +6,8 @@
"default_attributes": { "default_attributes": {
}, },
"override_attributes": { "override_attributes": {
"kosmos-parity": {
"debian_package_dir": "/vagrant"
}
} }
} }

3
nodes/dev.kosmos.org.json
View File

@ -12,7 +12,8 @@
"5apps-hubot::xmpp_botka", "5apps-hubot::xmpp_botka",
"kosmos-ipfs", "kosmos-ipfs",
"kosmos-mastodon", "kosmos-mastodon",
"kosmos-mastodon::nginx" "kosmos-mastodon::nginx",
"role[parity]"
], ],
"normal": { "normal": {
"postgresql": { "postgresql": {

7
roles/parity.rb Normal file
View File

@ -0,0 +1,7 @@
name 'parity'
run_list %w(
recipe[kosmos-parity::from_package]
recipe[kosmos-parity::node_dev]
recipe[kosmos-parity::node_testnet]
)

4
site-cookbooks/kosmos-parity/CHANGELOG.md Normal file
View File

@ -0,0 +1,4 @@
# kosmos-parity CHANGELOG
## 0.1.0
- [Greg Karékinian] - Initial release of kosmos-parity

52
site-cookbooks/kosmos-parity/README.md Normal file
View File

@ -0,0 +1,52 @@
# kosmos-parity Cookbook
This cookbook installs [Parity](https://parity.io/) nodes
## Requirements
### Platforms
- Ubuntu
### Chef
- Chef 12.1 or later
## Attributes
### kosmos-parity::default
<table>
<tr>
<th>Key</th>
<th>Type</th>
<th>Description</th>
<th>Default</th>
</tr>
<tr>
<td><tt>['kosmos-parity']['home_path']</tt></td>
<td>String</td>
<td>The parity user's home path</td>
<td><tt>/home/parity</tt></td>
</tr>
</table>
## Usage
### kosmos-parity::default
### kosmos-parity::node_dev
Sets up a parity node running on the dev chain on port 8545 (behind nginx, with
HTTPS)
### kosmos-parity::node_testnet
Sets up a parity node running on the testnet chain on port 8546 (behind nginx,
with HTTPS)
## License and Authors
Authors:
* Greg Karékinian

7
site-cookbooks/kosmos-parity/attributes/default.rb Normal file
View File

@ -0,0 +1,7 @@
node.default['kosmos-parity']['home_path'] = "/home/parity"
node.default['kosmos-parity']['version'] = "1.6.6"
node.default['kosmos-parity']['package_checksum'] = '7fd51ded7a367774e62c965088ffd15ad0fa42251005d448eb700cbf5db8df24'
node.default['kosmos-parity']['package_version'] = '1.7.0'
node.default['kosmos-parity']['package_timestamp'] = '1493999009'
node.default['kosmos-parity']['debian_package_dir'] = Chef::Config[:file_cache_path]
node.default['kosmos-parity']['hostname'] = "parity.kosmos.org"

15
site-cookbooks/kosmos-parity/metadata.rb Normal file
View File

@ -0,0 +1,15 @@
name 'kosmos-parity'
maintainer 'Kosmos'
maintainer_email 'mail@kosmos.org'
license 'All rights reserved'
description 'Installs/Configures kosmos-parity'
long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
version '0.1.0'
gem 'toml'
depends 'ark'
depends 'build-essential'
depends 'kosmos-nginx'
depends 'firewall'
depends 'backup'

6
site-cookbooks/kosmos-parity/recipes/backup.rb Normal file
View File

@ -0,0 +1,6 @@
return if node.chef_environment == "development"
# Backup the local directory
node.override["backup"]["archives"]["parity"] = ["#{node['kosmos-parity']['home_path']}/.local/share/io.parity.ethereum/**/keys"]
include_recipe "backup"

69
site-cookbooks/kosmos-parity/recipes/create_package_from_github.rb Normal file
View File

@ -0,0 +1,69 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: create_package_from_github
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
include_recipe 'kosmos-parity::user'
include_recipe 'build-essential'
package %w(git libssl-dev pkg-config libudev-dev)
gem_package 'fpm' do
version '1.8.1'
end
rust_version = '1.17.0'
architecture = node['kernel']['machine']
rust_canonical_basename = "rust-#{rust_version}-#{architecture}-unknown-linux-gnu"
rust_path = "/usr/local/rust_#{rust_version}"
url = "https://static.rust-lang.org/dist/#{rust_canonical_basename}.tar.gz"
ark "rust_#{rust_version}" do
url url
path "/usr/local"
action :put
notifies :run, "execute[install rust]", :immediately
end
execute "install rust" do
command "./install.sh"
cwd "#{rust_path}"
action :nothing
end
parity_revision = "0d8920347a72fc50e82b540855eba94c8bbb2c0f"
git "/home/parity/parity" do
repository "https://github.com/paritytech/parity.git"
revision parity_revision
user "parity"
group "parity"
notifies :run, "execute[build parity]", :immediately
end
execute "build parity" do
cwd "/home/parity/parity"
environment "HOME" => "/home/parity"
command "cargo build --release"
action :nothing
user "parity"
group "parity"
notifies :run, "execute[copy parity]", :immediately
end
execute "copy parity" do
command "cp /home/parity/parity/target/release/parity /usr/bin/"
action :run
notifies :run, "execute[create package]", :immediately
end
timestamp = Time.now.strftime('%s')
parity_version = node['kosmos-parity']['package_version']
execute "create package" do
cwd node['kosmos-parity']['debian_package_dir']
command "fpm -s dir -t deb -n parity -v #{parity_version}-#{timestamp} -p parity_#{parity_version}-#{timestamp}.deb /usr/bin/parity"
action :nothing
end

25
site-cookbooks/kosmos-parity/recipes/default.rb Normal file
View File

@ -0,0 +1,25 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: default
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
include_recipe 'kosmos-parity::user'
parity_version = node['kosmos-parity']['version']
parity_package_path = "#{Chef::Config[:file_cache_path]}/parity_#{parity_version}_amd64.deb"
remote_file parity_package_path do
source "https://d1h4xl4cr1h0mo.cloudfront.net/v#{parity_version}/x86_64-unknown-linux-gnu/parity_#{parity_version}_amd64.deb"
checksum node['kosmos-parity']['checksum']
mode 0750
notifies :install, "dpkg_package[parity]", :immediately
end
dpkg_package "parity" do
source parity_package_path
end
include_recipe "kosmos-parity::backup"

29
site-cookbooks/kosmos-parity/recipes/from_package.rb Normal file
View File

@ -0,0 +1,29 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: default
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
include_recipe 'kosmos-parity::user'
parity_version = node['kosmos-parity']['package_version']
package_timestamp = node['kosmos-parity']['package_timestamp']
parity_filename = "parity_#{parity_version}-#{package_timestamp}.deb"
parity_package_path = "#{Chef::Config[:file_cache_path]}/#{parity_filename}"
remote_file parity_package_path do
source "https://dl.5apps.com/#{parity_filename}"
checksum node['kosmos-parity']['checksum']
mode 0750
notifies :install, "dpkg_package[parity]", :immediately
end
dpkg_package "parity" do
source parity_package_path
version "#{parity_version}-#{package_timestamp}"
end
include_recipe "kosmos-parity::backup"

40
site-cookbooks/kosmos-parity/recipes/letsencrypt.rb Normal file
View File

@ -0,0 +1,40 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: letsencrypt
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
include_recipe "kosmos-base::letsencrypt"
hostname = node['kosmos-parity']['hostname']
directory "/var/www/#{hostname}/.well-known/acme-challenge" do
owner node["nginx"]["user"]
group node["nginx"]["group"]
action :create
recursive true
end
template "#{node['nginx']['dir']}/sites-available/#{hostname}" do
source 'nginx_conf_parity_letsencrypt.erb'
owner 'www-data'
mode 0640
variables server_name: hostname,
ssl_cert: "/etc/letsencrypt/live/#{hostname}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{hostname}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site "#{hostname}" do
action :enable
end
execute "letsencrypt cert for #{hostname}" do
command "./certbot-auto certonly --webroot --agree-tos --email ops@5apps.com --webroot-path /var/www/#{hostname} -d #{hostname} -n"
cwd "/usr/local/certbot"
not_if { File.exist? "/etc/letsencrypt/live/#{hostname}/fullchain.pem" }
notifies :reload, "service[nginx]", :delayed
end

57
site-cookbooks/kosmos-parity/recipes/node_dev.rb Normal file
View File

@ -0,0 +1,57 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: node_dev
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
# Sets up a parity node running on the dev chain on port 8545 (behind nginx,
# with HTTPS)
rpc_proxy_port = 8545
rpc_port = 18545
dapps_port = 8180
parity_node "dev" do
password "parityparity"
config parity: {
chain: "dev",
no_download: true, # Don't Download Updates
},
network: {
port: 30303,
warp: true,
},
rpc: {
port: rpc_port,
cors: "*",
apis: ["web3", "net", "traces", "rpc", "eth"],
hosts: ["all"],
},
dapps: {
port: dapps_port,
},
ui: {
disable: true,
},
websockets: {
disable: true,
},
mining: {
reseal_min_period: 0,
}
rpc_proxy_port rpc_proxy_port
end
# The firewall_rule doesn't appear to work inside a resource, that's why we're
# doing it here
unless node.chef_environment == "development"
include_recipe 'firewall'
firewall_rule "parity_dev" do
port rpc_proxy_port
protocol :tcp
command :allow
end
end

56
site-cookbooks/kosmos-parity/recipes/node_mainnet.rb Normal file
View File

@ -0,0 +1,56 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: node_mainnet
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
# Sets up a parity node running on the mainnet chain on port 8547 (behind
# nginx, with HTTPS)
rpc_proxy_port = 8547
rpc_port = 18547
dapps_port = 8182
credentials = Chef::EncryptedDataBagItem.load('credentials', 'parity')
parity_node "mainnet" do
password credentials["mainnet_password"]
config parity: {
chain: "homestead",
no_download: true, # Don't Download Updates
},
network: {
port: 30305,
warp: true,
},
rpc: {
port: rpc_port,
cors: "*",
apis: ["web3", "net", "traces", "rpc", "eth"],
hosts: ["all"],
},
dapps: {
port: dapps_port,
},
ui: {
disable: true,
},
websockets: {
disable: true,
}
rpc_proxy_port rpc_proxy_port
end
# The firewall_rule doesn't appear to work inside a resource, that's why we're
# doing it here
unless node.chef_environment == "development"
include_recipe 'firewall'
firewall_rule "parity_mainnet" do
port rpc_proxy_port
protocol :tcp
command :allow
end
end

56
site-cookbooks/kosmos-parity/recipes/node_testnet.rb Normal file
View File

@ -0,0 +1,56 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: node_testnet
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
# Sets up a parity node running on the testnet chain on port 8546 (behind
# nginx, with HTTPS)
rpc_proxy_port = 8546
rpc_port = 18546
dapps_port = 8181
credentials = Chef::EncryptedDataBagItem.load('credentials', 'parity')
parity_node "testnet" do
password credentials["testnet_password"]
config parity: {
chain: "testnet",
no_download: true, # Don't Download Updates
},
network: {
port: 30304,
warp: true,
},
rpc: {
port: rpc_port,
cors: "*",
apis: ["web3", "net", "traces", "rpc", "eth"],
hosts: ["all"],
},
dapps: {
port: dapps_port,
},
ui: {
disable: true,
},
websockets: {
disable: true,
}
rpc_proxy_port rpc_proxy_port
end
# The firewall_rule doesn't appear to work inside a resource, that's why we're
# doing it here
unless node.chef_environment == "development"
include_recipe 'firewall'
firewall_rule "parity_testnet" do
port rpc_proxy_port
protocol :tcp
command :allow
end
end

20
site-cookbooks/kosmos-parity/recipes/user.rb Normal file
View File

@ -0,0 +1,20 @@
#
# Cookbook Name:: kosmos-parity
# Recipe:: user
#
# Copyright 2017, Kosmos
#
# All rights reserved - Do Not Redistribute
#
group "parity" do
gid 72748
end
user "parity" do
system true
manage_home true
comment "parity user"
uid 72748
gid 72748
end

118
site-cookbooks/kosmos-parity/resources/node.rb Normal file
View File

@ -0,0 +1,118 @@
require 'toml'
provides :parity_node
property :name, String, name_property: true, required: true
property :config, Hash, required: true
property :password, String, required: true
property :rpc_proxy_port, Integer
action :enable do
node_name = name
parity_service = "parity_#{node_name}"
base_path = "#{node['kosmos-parity']['home_path']}/.local/share/io.parity.ethereum/#{node_name}"
config_path = "#{base_path}/config.toml"
config[:parity][:base_path] = base_path
config[:account] = {}
config[:account][:password] = ["#{base_path}/password"]
directory base_path do
recursive true
owner "parity"
group "parity"
end
%w(chains keys).each do |subfolder|
directory "#{base_path}/#{subfolder}" do
recursive true
owner "parity"
group "parity"
end
end
password_path = "#{base_path}/password"
file password_path do
content password
owner "parity"
group "parity"
mode 0640
end
ruby_block "generate config" do
block do
parity_account_list = Mixlib::ShellOut.new(
"parity account list --chain #{config[:parity][:chain]} --base-path #{base_path}",
user: "parity"
)
parity_account_list.run_command
parity_account = parity_account_list.stdout.strip.gsub(/[(\[|\])]/, '')
if parity_account.empty?
parity_account_create = Mixlib::ShellOut.new(
"parity account new --chain #{config[:parity][:chain]} --base-path #{base_path} --password #{base_path}/password",
user: "parity"
)
parity_account_create.run_command
parity_account = parity_account_create.stdout.strip
end
config[:account][:unlock] = [parity_account]
file "config" do
path config_path
content TOML::Generator.new(config).body
owner "parity"
group "parity"
mode 0640
notifies :restart, "service[#{parity_service}]", :delayed
end
end
end
execute "systemctl daemon-reload" do
command "systemctl daemon-reload"
action :nothing
end
template "/lib/systemd/system/#{parity_service}.service" do
source "parity.systemd.service.erb"
variables config_file: config_path
notifies :run, "execute[systemctl daemon-reload]", :delayed
notifies :restart, "service[#{parity_service}]", :delayed
end
service parity_service do
action [:enable, :start]
end
if rpc_proxy_port
unless node.chef_environment == "development"
include_recipe "kosmos-parity::letsencrypt"
end
include_recipe "kosmos-nginx"
hostname = node['kosmos-parity']['hostname']
template "#{node['nginx']['dir']}/sites-available/#{parity_service}" do
source 'nginx_conf_parity.erb'
owner 'www-data'
mode 0640
variables internal_port: config[:rpc][:port],
external_port: rpc_proxy_port,
parity_service: parity_service,
server_name: hostname,
ssl_cert: "/etc/letsencrypt/live/#{hostname}/fullchain.pem",
ssl_key: "/etc/letsencrypt/live/#{hostname}/privkey.pem"
notifies :reload, 'service[nginx]', :delayed
end
nginx_site "#{parity_service}" do
action :enable
end
end
end

34
site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity.erb Normal file
View File

@ -0,0 +1,34 @@
# Generated by Chef
upstream _<%= @parity_service %> {
server localhost:<%= @internal_port %>;
}
server {
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
listen <%= @external_port %> ssl http2;
<% else -%>
listen <%= @external_port %>;
<% end -%>
server_name <%= @server_name %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @parity_service %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @parity_service %>.error.log warn;
location /.well-known {
root "/var/www/<%= @parity_service %>";
}
location / {
# Increase number of buffers. Default is 8
proxy_buffers 1024 8k;
proxy_pass http://_<%= @parity_service %>;
proxy_http_version 1.1;
}
<% if File.exist?(@ssl_cert) && File.exist?(@ssl_key) -%>
ssl_certificate <%= @ssl_cert %>;
ssl_certificate_key <%= @ssl_key %>;
<% end -%>
}

13
site-cookbooks/kosmos-parity/templates/default/nginx_conf_parity_letsencrypt.erb Normal file
View File

@ -0,0 +1,13 @@
# Generated by Chef
server {
listen 80; # For Let's Encrypt
server_name <%= @server_name %>;
access_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.access.log json;
error_log <%= node[:nginx][:log_dir] %>/<%= @server_name %>.error.log warn;
location /.well-known {
root "/var/www/<%= @server_name %>";
}
}

11
site-cookbooks/kosmos-parity/templates/default/parity.systemd.service.erb Normal file
View File

@ -0,0 +1,11 @@
[Unit]
Description=Parity Daemon (<%= @environment %>)
After=network.target
[Service]
ExecStart=/usr/bin/parity --config <%= @config_file %> $ARGS
User=parity
Group=parity
[Install]
WantedBy=default.target