Add new RSK testnet VM

AGENTS.md

@@ -0,0 +1,41 @@
+# AGENTS.md
+
+Welcome, AI Agent! This file contains essential context and rules for interacting with the Kosmos Chef repository. Read this carefully before planning or executing any changes.
+
+## 🏢 Project Overview
+This repository contains the infrastructure automation code used by Kosmos to provision and configure bare metal servers (KVM hosts) and Ubuntu virtual machines (KVM guests). 
+
+We use **Chef Infra**, managed locally via **Knife Zero** (agentless Chef), and **Berkshelf** for dependency management.
+
+## 📂 Directory Structure & Rules
+
+* **`site-cookbooks/`**: 🟢 **EDITABLE.** This directory contains all custom, internal cookbooks written specifically for Kosmos services (e.g., `kosmos-postgresql`, `kosmos_gitea`, `kosmos-mastodon`). *Active development happens here.*
+* **`cookbooks/`**: 🔴 **DO NOT EDIT.** This directory contains third-party/community cookbooks that are vendored. These are managed by Berkshelf. Modifying them directly will result in lost changes.
+* **`roles/`**: 🟢 **EDITABLE.** Contains Chef roles written in Ruby (e.g., `base.rb`, `kvm_guest.rb`, `postgresql_primary.rb`). These define run-lists and role-specific default attributes for servers.
+* **`environments/`**: Contains Chef environment definitions (like `production.rb`).
+* **`data_bags/`**: Contains data bag configurations, often encrypted. Be cautious and do not expose secrets. (Note: Agents should not manage data bag secrets directly unless provided the `.chef/encrypted_data_bag_secret`).
+* **`nodes/`**: Contains JSON state files for bootstrapped nodes. *Agents typically do not edit these directly unless cleaning up a deleted node.*
+* **`Berksfile`**: Defines community cookbook dependencies.
+* **`Vagrantfile` / `.kitchen/`**: Used for local virtualization and integration testing.
+
+## 🛠️ Tooling & Workflows
+
+1. **Dependency Management (Berkshelf)**
+   If a new community cookbook is required:
+   - Add it to the `Berksfile` at the root.
+   - Instruct the user to run `berks install` and `berks vendor cookbooks/ --delete` (or run it via the `bash` tool if permitted).
+
+2. **Provisioning (Knife Zero)**
+   - Bootstrapping and converging nodes is done using `knife zero`. 
+   - *Example:* `knife zero converge name:server-name.kosmos.org`
+
+3. **Code Style & Conventions**
+   - Chef recipes, resources, and roles are written in **Ruby**. 
+   - Follow standard Chef and Ruby (RuboCop) idioms. Look at neighboring files in `site-cookbooks/` or `roles/` to match formatting and naming conventions.
+
+## 🚨 Core Directives for AI Agents
+
+1. **Infrastructure as Code**: Manual server configurations are highly discouraged. All changes must be codified in a cookbook or role.
+2. **Test Safety Nets**: Look for `.kitchen.yml` within specific `site-cookbooks/<name>` to understand if local integration tests are available.
+3. **No Assumptions**: Do not assume standard test commands. Check `README.md` and repository config files first.
+4. **Secret Handling**: Avoid hardcoding passwords or API keys in recipes or roles. Assume sensitive information is managed via Chef `data_bags`.

clients/rsk-testnet-6.json

@@ -0,0 +1,4 @@
+{
+  "name": "rsk-testnet-6",
+  "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1p4+F536/peA4XWMJtm\njggPl6yJb42V5bg3kDa8SHoIoQgXn59d3BclZ1Oz2+JhFd3Rrn4FN3Z1wzGpP+gA\nnxQOfgRG1ucahh7Nxaw3IdoHm7r/EdEOc9FrxvGJ+09YnmLfzn4iVQpsUiOiNVS7\n0LXtMXYtsjD+o6BTbOhGU8FMmGhMhQfXFVgoDdTiM/Q62zPw8Vtpa3yFpFJAu+dA\n+mm5h5W6FnaWJXM2arn3PxDOt+JQSWp5PYG4goU1FFreU9iFuoeGEfLy8unlbbXt\ne96QhNuCkOA15xqta0Z3oL7IlXWns7dLgZYlpZT9zaExIs3AEDaQcleacQPzXKSG\nswIDAQAB\n-----END PUBLIC KEY-----\n"
+}

nodes/rsk-testnet-6.json

@@ -0,0 +1,60 @@
+{
+  "name": "rsk-testnet-6",
+  "normal": {
+    "knife_zero": {
+      "host": "10.1.1.20"
+    }
+  },
+  "automatic": {
+    "fqdn": "rsk-testnet-6",
+    "os": "linux",
+    "os_version": "6.8.0-107-generic",
+    "hostname": "rsk-testnet-6",
+    "ipaddress": "192.168.122.231",
+    "roles": [
+      "base",
+      "kvm_guest",
+      "rskj_testnet"
+    ],
+    "recipes": [
+      "kosmos-base",
+      "kosmos-base::default",
+      "kosmos_kvm::guest",
+      "kosmos_rsk::rskj",
+      "apt::default",
+      "timezone_iii::default",
+      "timezone_iii::debian",
+      "kosmos-base::journald_conf",
+      "kosmos-base::systemd_emails",
+      "apt::unattended-upgrades",
+      "kosmos-base::firewall",
+      "kosmos-postfix::default",
+      "postfix::default",
+      "postfix::_common",
+      "postfix::_attributes",
+      "postfix::sasl_auth",
+      "hostname::default",
+      "kosmos_rsk::firewall",
+      "firewall::default"
+    ],
+    "platform": "ubuntu",
+    "platform_version": "24.04",
+    "cloud": null,
+    "chef_packages": {
+      "chef": {
+        "version": "18.10.17",
+        "chef_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/chef-18.10.17/lib",
+        "chef_effortless": null
+      },
+      "ohai": {
+        "version": "18.2.13",
+        "ohai_root": "/opt/chef/embedded/lib/ruby/gems/3.1.0/gems/ohai-18.2.13/lib/ohai"
+      }
+    }
+  },
+  "run_list": [
+    "role[base]",
+    "role[kvm_guest]",
+    "role[rskj_testnet]"
+  ]
+}

site-cookbooks/kosmos_rsk/Berksfile

@@ -1,5 +1,8 @@
 source 'https://supermarket.chef.io'
 
-cookbook 'kosmos-nginx', path: '../../site-cookbooks/kosmos-nginx'
+cookbook 'kosmos_openresty', path: '../../site-cookbooks/kosmos_openresty'
+cookbook 'kosmos-base', path: '../../site-cookbooks/kosmos-base'
+cookbook 'openresty', path: '../../site-cookbooks/openresty'
+cookbook 'kosmos-postfix', path: '../../site-cookbooks/kosmos-postfix'
 
 metadata

site-cookbooks/kosmos_rsk/attributes/default.rb

@@ -1,4 +1,4 @@
-node.default['rskj']['version'] = '7.0.0~jammy'
+node.default['rskj']['version'] = '9.0.1~noble'
 node.default['rskj']['network'] = 'testnet'
 
 node.default['rskj']['nginx']['domain'] = nil

site-cookbooks/kosmos_rsk/kitchen.yml

@@ -34,9 +34,9 @@ verifier:
   name: inspec
 
 platforms:
-  - name: ubuntu-22.04
+  - name: ubuntu-24.04
     driver:
-      image: dokken/ubuntu-22.04
+      image: dokken/ubuntu-24.04
       privileged: true
       pid_one_command: /usr/lib/systemd/systemd
       intermediate_instructions:

site-cookbooks/kosmos_rsk/metadata.rb

@@ -3,7 +3,7 @@ maintainer 'Kosmos Developers'
 maintainer_email 'ops@kosmos.org'
 license 'MIT'
 description 'Installs/configures RSKj and related software'
-version '0.4.0'
+version '0.5.0'
 chef_version '>= 18.2'
 issues_url 'https://gitea.kosmos.org/kosmos/chef/issues'
 source_url 'https://gitea.kosmos.org/kosmos/chef'

site-cookbooks/kosmos_rsk/recipes/rskj.rb

@@ -20,10 +20,19 @@ apt_repository 'rskj' do
 end
 
 apt_package 'openjdk-17-jdk'
+apt_package 'debconf-utils'
+
+execute 'preseed-rskj-license' do
+  command 'echo "rskj shared/accepted-rsk-license-v1-1 boolean true" | debconf-set-selections'
+  not_if 'debconf-get-selections | grep -q "shared/accepted-rsk-license-v1-1.*true"'
+end
+
+execute 'preseed-rskj-config' do
+  command "echo \"rskj shared/config select #{node['rskj']['network']}\" | debconf-set-selections"
+  not_if "debconf-get-selections | grep -q \"shared/config.*#{node['rskj']['network']}\""
+end
 
 apt_package 'rskj' do
-  response_file 'rskj-preseed.cfg.erb'
-  response_file_variables network: node['rskj']['network']
   options '--assume-yes'
   version node['rskj']['version']
 end

site-cookbooks/kosmos_rsk/templates/rskj-preseed.cfg.erb

@@ -1,6 +1,6 @@
 #_preseed_V1
 # Do you agree to the terms of the applicable licenses?
-rskj shared/accepted-rsk-license-v1-1 select true
+rskj shared/accepted-rsk-license-v1-1 boolean true
 # Choose a configuration environment to run your node.
 # Choices: mainnet, testnet, regtest
 rskj shared/config select <%= @network %>

site-cookbooks/kosmos_rsk/test/integration/rskj/rskj_test.rb

@@ -9,7 +9,7 @@ end
 
 describe package('rskj') do
   it { should be_installed }
-  its('version') { should eq '7.0.0~jammy' }
+  its('version') { should eq '9.0.1~noble' }
 end
 
 describe service('rsk') do