diff --git a/data_bags/credentials/nbxplorer.json b/data_bags/credentials/nbxplorer.json new file mode 100644 index 0000000..fe06b23 --- /dev/null +++ b/data_bags/credentials/nbxplorer.json @@ -0,0 +1,10 @@ +{ + "id": "nbxplorer", + "postgresql_password": { + "encrypted_data": "FhJPANkxVT08Xf/8SJEj/lilgebkXA4hH4QfDsDb7DX/\n", + "iv": "zyK2uS4Gz9NOkJBB\n", + "auth_tag": "MsybhzFGaOSm66clfoHDsw==\n", + "version": 3, + "cipher": "aes-256-gcm" + } +} \ No newline at end of file diff --git a/nodes/postgres-2.json b/nodes/postgres-2.json index 2ddf554..32655ee 100644 --- a/nodes/postgres-2.json +++ b/nodes/postgres-2.json @@ -22,6 +22,7 @@ "kosmos_postgresql::primary", "kosmos_postgresql::firewall", "kosmos-bitcoin::lndhub-go_pg_db", + "kosmos-bitcoin::nbxplorer_pg_db", "kosmos_drone::pg_db", "kosmos_gitea::pg_db", "kosmos-mastodon::pg_db", diff --git a/nodes/rsk-mainnet-2.json b/nodes/rsk-mainnet-2.json index 5d6017a..1528a72 100644 --- a/nodes/rsk-mainnet-2.json +++ b/nodes/rsk-mainnet-2.json @@ -8,19 +8,19 @@ "automatic": { "fqdn": "rsk-mainnet-2", "os": "linux", - "os_version": "5.4.0-1075-kvm", + "os_version": "5.4.0-1084-kvm", "hostname": "rsk-mainnet-2", "ipaddress": "192.168.122.208", "roles": [ - "rskj_mainnet", - "kvm_guest" + "kvm_guest", + "rskj_mainnet" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos_rsk::rskj", "kosmos_rsk::nginx", - "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -70,4 +70,4 @@ "role[kvm_guest]", "role[rskj_mainnet]" ] -} +} \ No newline at end of file diff --git a/nodes/rsk-testnet-3.json b/nodes/rsk-testnet-3.json index e9b0cf4..b9f6616 100644 --- a/nodes/rsk-testnet-3.json +++ b/nodes/rsk-testnet-3.json @@ -8,19 +8,19 @@ "automatic": { "fqdn": "rsk-testnet-3", "os": "linux", - "os_version": "5.4.0-1075-kvm", + "os_version": "5.4.0-1084-kvm", "hostname": "rsk-testnet-3", "ipaddress": "192.168.122.231", "roles": [ - "rskj_testnet", - "kvm_guest" + "kvm_guest", + "rskj_testnet" ], "recipes": [ "kosmos-base", "kosmos-base::default", + "kosmos_kvm::guest", "kosmos_rsk::rskj", "kosmos_rsk::nginx", - "kosmos_kvm::guest", "apt::default", "timezone_iii::default", "timezone_iii::debian", @@ -70,4 +70,4 @@ "role[kvm_guest]", "role[rskj_testnet]" ] -} +} \ No newline at end of file diff --git a/roles/postgresql_primary.rb b/roles/postgresql_primary.rb index 9854b01..5f3f2bd 100644 --- a/roles/postgresql_primary.rb +++ b/roles/postgresql_primary.rb @@ -4,6 +4,7 @@ run_list %w( kosmos_postgresql::primary kosmos_postgresql::firewall kosmos-bitcoin::lndhub-go_pg_db + kosmos-bitcoin::nbxplorer_pg_db kosmos_drone::pg_db kosmos_gitea::pg_db kosmos-mastodon::pg_db diff --git a/site-cookbooks/kosmos-bitcoin/attributes/default.rb b/site-cookbooks/kosmos-bitcoin/attributes/default.rb index 2e82464..ab5c630 100644 --- a/site-cookbooks/kosmos-bitcoin/attributes/default.rb +++ b/site-cookbooks/kosmos-bitcoin/attributes/default.rb @@ -103,10 +103,12 @@ node.default['dotnet']['ms_packages_src_url'] = "https://packages.microsoft.com/ node.default['dotnet']['ms_packages_src_checksum'] = "4df5811c41fdded83eb9e2da9336a8dfa5594a79dc8a80133bd815f4f85b9991" node.default['nbxplorer']['repo'] = 'https://github.com/dgarage/NBXplorer' -node.default['nbxplorer']['revision'] = 'v2.3.58' +node.default['nbxplorer']['revision'] = 'v2.3.60' node.default['nbxplorer']['source_dir'] = '/opt/nbxplorer' node.default['nbxplorer']['config_path'] = "/home/#{node['bitcoin']['username']}/.nbxplorer/Main/settings.config" node.default['nbxplorer']['port'] = '24445' +node.default['nbxplorer']['postgres']['database'] = 'nbxplorer' +node.default['nbxplorer']['postgres']['user'] = 'nbxplorer' node.default['btcpay']['repo'] = 'https://github.com/btcpayserver/btcpayserver' node.default['btcpay']['revision'] = 'v1.7.5' diff --git a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb index 648414d..c88d7ec 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/btcpay.rb @@ -11,7 +11,7 @@ git node['btcpay']['source_dir'] do repository node['btcpay']['repo'] revision node['btcpay']['revision'] action :sync - notifies :stop, "systemd_unit[btcpayserver.service]", :immediately + notifies :stop, "service[btcpayserver]", :immediately notifies :run, 'bash[build_btcpay]', :immediately end @@ -22,7 +22,7 @@ bash 'build_btcpay' do ./build.sh EOH action :nothing - notifies :restart, "systemd_unit[btcpayserver.service]", :delayed + notifies :restart, "service[btcpayserver]", :delayed end directory "/home/#{node['bitcoin']['username']}/.btcpayserver" do @@ -58,7 +58,7 @@ template node['btcpay']['config_path'] do postgres_user: node['btcpay']['postgres']['user'], postgres_password: credentials['postgres_password'], lnd_admin_macaroon_path: lnd_admin_macaroon_path - notifies :restart, "systemd_unit[btcpayserver.service]", :delayed + notifies :restart, "service[btcpayserver]", :delayed end directory '/run/btcpayserver' do @@ -67,6 +67,13 @@ directory '/run/btcpayserver' do mode '0640' end +if node["nbxplorer"]["postgres"] + nbxplorer_credentials = Chef::EncryptedDataBagItem.load('credentials', 'nbxplorer') + nbxpg_user = node["nbxplorer"]["postgres"]["user"] + nbxpg_database = node["nbxplorer"]["postgres"]["database"] + nbxpg_connect = "User ID=#{nbxpg_user};Password=#{nbxplorer_credentials['postgresql_password']};Database=#{nbxpg_database};Host=pg.kosmos.local;Port=5432;Application Name=btcpayserver;MaxPoolSize=80" +end + systemd_unit 'btcpayserver.service' do content({ Unit: { @@ -80,6 +87,7 @@ systemd_unit 'btcpayserver.service' do Group: node['bitcoin']['usergroup'], Type: 'simple', WorkingDirectory: node['btcpay']['source_dir'], + Environment: defined?(nbxpg_connect) ? "'BTCPAY_EXPLORERPOSTGRES=#{nbxpg_connect}'" : '', ExecStart: "#{node['btcpay']['source_dir']}/run.sh --conf=#{node['btcpay']['config_path']}", PIDFile: '/run/btcpayserver/btcpayserver.pid', Restart: 'on-failure', @@ -94,7 +102,11 @@ systemd_unit 'btcpayserver.service' do }) verify false triggers_reload true - action [:create, :enable, :start] + action [:create] +end + +service "btcpayserver" do + action [:enable, :start] end firewall_rule "BTCPay API private access" do diff --git a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb index d771ede..5675b35 100644 --- a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb +++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer.rb @@ -7,11 +7,16 @@ build_essential include_recipe "git" +credentials = Chef::EncryptedDataBagItem.load('credentials', 'nbxplorer') +bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin') +postgres_user = node["nbxplorer"]["postgres"]["user"] +postgres_database = node["nbxplorer"]["postgres"]["database"] + git node['nbxplorer']['source_dir'] do repository node['nbxplorer']['repo'] revision node['nbxplorer']['revision'] action :sync - notifies :stop, "systemd_unit[nbxplorer.service]", :immediately + notifies :stop, "service[nbxplorer]", :immediately notifies :run, 'bash[build_nbxplorer]', :immediately end @@ -21,8 +26,6 @@ bash 'build_nbxplorer' do action :nothing end -bitcoin_credentials = Chef::EncryptedDataBagItem.load('credentials', 'bitcoin') - directory "/home/#{node['bitcoin']['username']}/.nbxplorer" do owner node['bitcoin']['username'] group node['bitcoin']['usergroup'] @@ -54,6 +57,12 @@ directory '/run/nbxplorer' do mode '0640' end +env = { + NBXPLORER_POSTGRES: "User ID=#{postgres_user};Password=#{credentials['postgresql_password']};Database=#{postgres_database};Host=pg.kosmos.local;Port=5432;Application Name=nbxplorer;MaxPoolSize=20", + NBXPLORER_AUTOMIGRATE: "1", + NBXPLORER_NOMIGRATEEVTS: "1" +} + systemd_unit 'nbxplorer.service' do content({ Unit: { @@ -66,7 +75,9 @@ systemd_unit 'nbxplorer.service' do User: node['bitcoin']['username'], Group: node['bitcoin']['usergroup'], Type: 'simple', - ExecStart: "/usr/bin/dotnet '#{node['nbxplorer']['source_dir']}/NBXplorer/bin/Release/netcoreapp3.1/NBXplorer.dll' -c #{node['nbxplorer']['config_path']} --noauth", + WorkingDirectory: node['nbxplorer']['source_dir'], + Environment: env.map{|k, v| "'#{k}=#{v}'"}.join(' '), + ExecStart: "#{node['nbxplorer']['source_dir']}/run.sh -c #{node['nbxplorer']['config_path']} --noauth", PIDFile: '/run/nbxplorer/nbxplorer.pid', Restart: 'on-failure', PrivateTmp: true, @@ -80,5 +91,9 @@ systemd_unit 'nbxplorer.service' do }) verify false triggers_reload true - action [:create, :enable, :start] + action [:create] +end + +service "nbxplorer" do + action [:enable, :start] end diff --git a/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb new file mode 100644 index 0000000..5c4e893 --- /dev/null +++ b/site-cookbooks/kosmos-bitcoin/recipes/nbxplorer_pg_db.rb @@ -0,0 +1,19 @@ +# +# Cookbook Name:: kosmos-bitcoin +# Recipe:: nbxplorer-go_pg_db +# + +credentials = data_bag_item('credentials', 'nbxplorer') + +postgres_user = node['nbxplorer']['postgres']['user'] +postgres_db = node['nbxplorer']['postgres']['database'] + +postgresql_user postgres_user do + action :create + password credentials['postgresql_password'] +end + +postgresql_database postgres_db do + owner postgres_user + action :create +end diff --git a/site-cookbooks/kosmos_rsk/Berksfile b/site-cookbooks/kosmos_rsk/Berksfile index 34fea21..8206ad0 100644 --- a/site-cookbooks/kosmos_rsk/Berksfile +++ b/site-cookbooks/kosmos_rsk/Berksfile @@ -1,3 +1,5 @@ source 'https://supermarket.chef.io' +cookbook 'kosmos-nginx', path: '../../site-cookbooks/kosmos-nginx' + metadata diff --git a/site-cookbooks/kosmos_rsk/CHANGELOG.md b/site-cookbooks/kosmos_rsk/CHANGELOG.md index 6c75b43..d8aca13 100644 --- a/site-cookbooks/kosmos_rsk/CHANGELOG.md +++ b/site-cookbooks/kosmos_rsk/CHANGELOG.md @@ -2,6 +2,11 @@ This file is used to list changes made in each version of the kosmos_rsk cookbook. +## 0.3.0 + +* Bump rskj version +* Fix tests + ## 0.2.0 Add nginx recipe to configure public API access. diff --git a/site-cookbooks/kosmos_rsk/README.md b/site-cookbooks/kosmos_rsk/README.md index 18cafc8..4ab209a 100644 --- a/site-cookbooks/kosmos_rsk/README.md +++ b/site-cookbooks/kosmos_rsk/README.md @@ -1,3 +1,14 @@ # kosmos_rsk -Configures/deploys RSK-related software. +Configures/deploys RSKj and related software. + +## Testing + +With a Docker daemon running: + +```bash +kitchen create +kitchen converge +kitchen verify +kitchen destroy +``` diff --git a/site-cookbooks/kosmos_rsk/attributes/default.rb b/site-cookbooks/kosmos_rsk/attributes/default.rb index 562ca5d..63efc04 100644 --- a/site-cookbooks/kosmos_rsk/attributes/default.rb +++ b/site-cookbooks/kosmos_rsk/attributes/default.rb @@ -1,2 +1,2 @@ -node.default['rskj']['version'] = '4.1.0~focal' +node.default['rskj']['version'] = '4.2.0~focal' node.default['rskj']['network'] = 'testnet' diff --git a/site-cookbooks/kosmos_rsk/metadata.rb b/site-cookbooks/kosmos_rsk/metadata.rb index 23e7d33..6f0c24a 100644 --- a/site-cookbooks/kosmos_rsk/metadata.rb +++ b/site-cookbooks/kosmos_rsk/metadata.rb @@ -2,8 +2,8 @@ name 'kosmos_rsk' maintainer 'Kosmos Developers' maintainer_email 'ops@kosmos.org' license 'MIT' -description 'Installs/configures RSK and related software' -version '0.2.0' +description 'Installs/configures RSKj and related software' +version '0.3.0' chef_version '>= 15.0' issues_url 'https://gitea.kosmos.org/kosmos/chef/issues' source_url 'https://gitea.kosmos.org/kosmos/chef' diff --git a/site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb b/site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb index d0b825b..28c9efe 100644 --- a/site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb +++ b/site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb @@ -1,6 +1,6 @@ #_preseed_V1 # Do you agree to the terms of the applicable licenses? -rskj shared/accepted-rsk-license-v1-1 boolean true +rskj shared/accepted-rsk-license-v1-1 select true # Choose a configuration environment to run your node. # Choices: mainnet, testnet, regtest rskj shared/config select <%= @network %> diff --git a/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb b/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb index 503dcaf..a37cf79 100644 --- a/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb +++ b/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb @@ -9,7 +9,7 @@ end describe package('rskj') do it { should be_installed } - its('version') { should eq '2.2.0~focal' } + its('version') { should eq '4.2.0~focal' } end describe service('rsk') do