diff --git a/.gitignore b/.gitignore index 6bf6e4a..7883c5e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ /.chef/encrypted_data_bag_secret +.chef/chef_guid /.bundle/ /.vagrant/ +/.kitchen /nodes/vagrant-node.json diff --git a/clients/rsk-testnet-1.json b/clients/rsk-testnet-1.json new file mode 100644 index 0000000..827cf39 --- /dev/null +++ b/clients/rsk-testnet-1.json @@ -0,0 +1,4 @@ +{ + "name": "rsk-testnet-1", + "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0JU46rCyLGOi5OdeeE2M\nobUUxO+Jqd9t9bP75Pyj0uH8WaxNv1PIdWZJiR+fcE+draBV86/YLxHzOFvsnMi+\nE/qgeXLKErGtTSb12mWq0gYv/wz9uqRbtcsv40gpu2BtNv9ycdXYACB/s0ipnuUO\nX/os4YHDvWV1cshwzgsQ87ad7OdT/Nldggtp4go60TkBi49VaftiJzYqVm1ey3xz\nd7+EsQWqhQHAac6POEuPjwNuM2valf/8+nI4Uday/CiFrDDV1SffRG30sd4rJF15\nh1S1Kxyetr72EmQwIGbJuDJL7eUU7blXjg6UtTxDDsl6rYUO5s/j7wZLoFhmC854\npQIDAQAB\n-----END PUBLIC KEY-----\n" +} \ No newline at end of file diff --git a/nodes/rsk-testnet-1.json b/nodes/rsk-testnet-1.json new file mode 100644 index 0000000..dddf579 --- /dev/null +++ b/nodes/rsk-testnet-1.json @@ -0,0 +1,53 @@ +{ + "name": "rsk-testnet-1", + "normal": { + "knife_zero": { + "host": "10.1.1.136" + } + }, + "automatic": { + "fqdn": "rsk-testnet-1", + "os": "linux", + "os_version": "5.4.0-1026-kvm", + "hostname": "rsk-testnet-1", + "ipaddress": "192.168.122.196", + "roles": [ + + ], + "recipes": [ + "kosmos-base", + "kosmos-base::default", + "apt::default", + "timezone_iii::default", + "timezone_iii::debian", + "ntp::default", + "ntp::apparmor", + "kosmos-base::systemd_emails", + "apt::unattended-upgrades", + "kosmos-base::firewall", + "kosmos-postfix::default", + "postfix::default", + "postfix::_common", + "postfix::_attributes", + "postfix::sasl_auth", + "hostname::default" + ], + "platform": "ubuntu", + "platform_version": "20.04", + "cloud": null, + "chef_packages": { + "ohai": { + "version": "16.13.0", + "ohai_root": "/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/ohai-16.13.0/lib/ohai" + }, + "chef": { + "version": "16.13.16", + "chef_root": "/opt/chef/embedded/lib/ruby/gems/2.7.0/gems/chef-16.13.16/lib", + "chef_effortless": null + } + } + }, + "run_list": [ + "recipe[kosmos-base]" + ] +} \ No newline at end of file diff --git a/site-cookbooks/kosmos_rsk/.delivery/project.toml b/site-cookbooks/kosmos_rsk/.delivery/project.toml new file mode 100644 index 0000000..3496f78 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/.delivery/project.toml @@ -0,0 +1,32 @@ +# Delivery for Local Phases Execution +# +# This file allows you to execute test phases locally on a workstation or +# in a CI pipeline. The delivery-cli will read this file and execute the +# command(s) that are configured for each phase. You can customize them +# by just modifying the phase key on this file. +# +# By default these phases are configured for Cookbook Workflow only +# + +[local_phases] +unit = "echo skipping unit phase." +lint = "chef exec cookstyle" +# foodcritic has been deprecated in favor of cookstyle so we skip the syntax +# phase now. +syntax = "echo skipping syntax phase. Use lint phase instead." +provision = "chef exec kitchen create" +deploy = "chef exec kitchen converge" +smoke = "chef exec kitchen verify" +# The functional phase is optional, you can define it by uncommenting +# the line below and running the command: `delivery local functional` +# functional = "" +cleanup = "chef exec kitchen destroy" + +# Remote project.toml file +# +# Instead of the local phases above, you may specify a remote URI location for +# the `project.toml` file. This is useful for teams that wish to centrally +# manage the behavior of the `delivery local` command across many different +# projects. +# +# remote_file = "https://url/project.toml" \ No newline at end of file diff --git a/site-cookbooks/kosmos_rsk/.gitignore b/site-cookbooks/kosmos_rsk/.gitignore new file mode 100644 index 0000000..f1e57b8 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/.gitignore @@ -0,0 +1,25 @@ +.vagrant +*~ +*# +.#* +\#*# +.*.sw[a-z] +*.un~ + +# Bundler +Gemfile.lock +gems.locked +bin/* +.bundle/* + +# test kitchen +.kitchen/ +kitchen.local.yml + +# Chef Infra +Berksfile.lock +.zero-knife.rb +Policyfile.lock.json + +.idea/ + diff --git a/site-cookbooks/kosmos_rsk/Berksfile b/site-cookbooks/kosmos_rsk/Berksfile new file mode 100644 index 0000000..34fea21 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/Berksfile @@ -0,0 +1,3 @@ +source 'https://supermarket.chef.io' + +metadata diff --git a/site-cookbooks/kosmos_rsk/CHANGELOG.md b/site-cookbooks/kosmos_rsk/CHANGELOG.md new file mode 100644 index 0000000..8f3ba6e --- /dev/null +++ b/site-cookbooks/kosmos_rsk/CHANGELOG.md @@ -0,0 +1,7 @@ +# kosmos_rsk CHANGELOG + +This file is used to list changes made in each version of the kosmos_rsk cookbook. + +## 0.1.0 + +Initial release. diff --git a/site-cookbooks/kosmos_rsk/LICENSE b/site-cookbooks/kosmos_rsk/LICENSE new file mode 100644 index 0000000..080dee9 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/LICENSE @@ -0,0 +1,3 @@ +Copyright 2021 The Authors + +All rights reserved, do not redistribute. diff --git a/site-cookbooks/kosmos_rsk/README.md b/site-cookbooks/kosmos_rsk/README.md new file mode 100644 index 0000000..18cafc8 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/README.md @@ -0,0 +1,3 @@ +# kosmos_rsk + +Configures/deploys RSK-related software. diff --git a/site-cookbooks/kosmos_rsk/attributes/default.rb b/site-cookbooks/kosmos_rsk/attributes/default.rb new file mode 100644 index 0000000..48cc220 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/attributes/default.rb @@ -0,0 +1,2 @@ +node.default['rskj']['version'] = '2.2.0~focal' +node.default['rskj']['network'] = 'testnet' diff --git a/site-cookbooks/kosmos_rsk/chefignore b/site-cookbooks/kosmos_rsk/chefignore new file mode 100644 index 0000000..cc170ea --- /dev/null +++ b/site-cookbooks/kosmos_rsk/chefignore @@ -0,0 +1,115 @@ +# Put files/directories that should be ignored in this file when uploading +# to a Chef Infra Server or Supermarket. +# Lines that start with '# ' are comments. + +# OS generated files # +###################### +.DS_Store +ehthumbs.db +Icon? +nohup.out +Thumbs.db +.envrc + +# EDITORS # +########### +.#* +.project +.settings +*_flymake +*_flymake.* +*.bak +*.sw[a-z] +*.tmproj +*~ +\#* +REVISION +TAGS* +tmtags +.vscode +.editorconfig + +## COMPILED ## +############## +*.class +*.com +*.dll +*.exe +*.o +*.pyc +*.so +*/rdoc/ +a.out +mkmf.log + +# Testing # +########### +.circleci/* +.codeclimate.yml +.delivery/* +.foodcritic +.kitchen* +.mdlrc +.overcommit.yml +.rspec +.rubocop.yml +.travis.yml +.watchr +.yamllint +azure-pipelines.yml +Dangerfile +examples/* +features/* +Guardfile +kitchen.yml* +mlc_config.json +Procfile +Rakefile +spec/* +test/* + +# SCM # +####### +.git +.gitattributes +.gitconfig +.github/* +.gitignore +.gitkeep +.gitmodules +.svn +*/.bzr/* +*/.git +*/.hg/* +*/.svn/* + +# Berkshelf # +############# +Berksfile +Berksfile.lock +cookbooks/* +tmp + +# Bundler # +########### +vendor/* +Gemfile +Gemfile.lock + +# Policyfile # +############## +Policyfile.rb +Policyfile.lock.json + +# Documentation # +############# +CODE_OF_CONDUCT* +CONTRIBUTING* +documentation/* +TESTING* +UPGRADING* + +# Vagrant # +########### +.vagrant +Vagrantfile diff --git a/site-cookbooks/kosmos_rsk/kitchen.yml b/site-cookbooks/kosmos_rsk/kitchen.yml new file mode 100644 index 0000000..2723336 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/kitchen.yml @@ -0,0 +1,52 @@ +--- +driver: + name: dokken + pull_platform_image: false + pull_chef_image: false + memory_limit: 2147483648 # 2GB + volumes: + # saves the apt archieves outside of the container + - /var/cache/apt/archives/:/var/cache/apt/archives/ + ## The forwarded_port port feature lets you connect to ports on the VM guest via + ## localhost on the host. + ## see also: https://www.vagrantup.com/docs/networking/forwarded_ports + # network: + # - ["forwarded_port", { guest: 4444, host: 4444 }] + +transport: + name: dokken + +provisioner: + name: dokken + clean_dokken_sandbox: false + # You may wish to disable always updating cookbooks in CI or other testing environments. + # For example: + # always_update_cookbooks: <%= !ENV['CI'] %> + # always_update_cookbooks: false + + ## product_name and product_version specifies a specific Chef product and version to install. + ## see the Chef documentation for more details: https://docs.chef.io/workstation/config_yml_kitchen/ + # product_name: chef + # product_version: 16 + +verifier: + name: inspec + +platforms: + - name: ubuntu-20.04 + driver: + image: dokken/ubuntu-20.04 + privileged: true + pid_one_command: /usr/lib/systemd/systemd + intermediate_instructions: + # prevent APT from deleting the APT folder + - RUN rm /etc/apt/apt.conf.d/docker-clean + +suites: + - name: rskj + run_list: + - recipe[kosmos_rsk::rskj] + verifier: + inspec_tests: + - test/integration/rskj + attributes: diff --git a/site-cookbooks/kosmos_rsk/metadata.rb b/site-cookbooks/kosmos_rsk/metadata.rb new file mode 100644 index 0000000..b5cd6c7 --- /dev/null +++ b/site-cookbooks/kosmos_rsk/metadata.rb @@ -0,0 +1,11 @@ +name 'kosmos_rsk' +maintainer 'Kosmos Developers' +maintainer_email 'ops@kosmos.org' +license 'MIT' +description 'Installs/configures RSK and related software' +version '0.1.0' +chef_version '>= 15.0' +issues_url 'https://gitea.kosmos.org/kosmos/chef/issues' +source_url 'https://gitea.kosmos.org/kosmos/chef' + +depends 'firewall' diff --git a/site-cookbooks/kosmos_rsk/recipes/rskj.rb b/site-cookbooks/kosmos_rsk/recipes/rskj.rb new file mode 100644 index 0000000..0ec4a5d --- /dev/null +++ b/site-cookbooks/kosmos_rsk/recipes/rskj.rb @@ -0,0 +1,39 @@ +# +# Cookbook:: kosmos_rsk +# Recipe:: rskj +# + +group 'rsk' do + gid 888 +end + +user 'rsk' do + uid 888 + gid 888 + home '/var/lib/rsk' + shell '/sbin/nologin' +end + +apt_repository 'rskj' do + uri 'ppa:rsksmart/rskj' + key '5EED9995C84A49BC02D4F507DF10691F518C7BEA' +end + +apt_package 'rskj' do + response_file 'rskj-preseed.cfg.erb' + response_file_variables network: node['rskj']['network'] + options '--assume-yes' + version node['rskj']['version'] +end + +service "rsk" do + action [:enable, :start] +end + +include_recipe 'firewall' + +firewall_rule 'rskj' do + port [4444,50505] + protocol :tcp + command :allow +end diff --git a/site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb b/site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb new file mode 100644 index 0000000..d0b825b --- /dev/null +++ b/site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb @@ -0,0 +1,6 @@ +#_preseed_V1 +# Do you agree to the terms of the applicable licenses? +rskj shared/accepted-rsk-license-v1-1 boolean true +# Choose a configuration environment to run your node. +# Choices: mainnet, testnet, regtest +rskj shared/config select <%= @network %> diff --git a/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb b/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb new file mode 100644 index 0000000..503dcaf --- /dev/null +++ b/site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb @@ -0,0 +1,23 @@ +# InSpec test for recipe kosmos_rsk::rskj + +# The Chef InSpec reference, with examples and extensive documentation, can be +# found at https://docs.chef.io/inspec/resources/ + +describe user('rsk') do + it { should exist } +end + +describe package('rskj') do + it { should be_installed } + its('version') { should eq '2.2.0~focal' } +end + +describe service('rsk') do + it { should be_enabled } + it { should be_installed } + it { should be_running } +end + +describe port(4444) do + it { should be_listening } +end