Skip to content

Latest commit

 

History

History
61 lines (48 loc) · 2.95 KB

README.md

File metadata and controls

61 lines (48 loc) · 2.95 KB

Block Producer Ansible Playbook

This playbook is designed to make remote management of EOS nodes a breeze.

Currently deploy_bp.yml will install system dependencies, create a docker container running nodeos, and put an nginx TLS reverse proxy in front of it.

Tested using Ansible 2.3.2.0 deploying to Ubuntu 16.04.

Pre-reqs

  1. Ansible >=2.3.2
  2. An Ubuntu install you can access over the internet (VM, VPS, etc).

To Use

  1. Define an inventory e.g. "dev.nodes". (NOTE: your inventory group "dev" must match /group_vars/dev/)
[dev]
hacktildawn ansible_host=19.210.57.102 ansible_connection=ssh ansible_user=ubuntu
  1. Create group_vars/dev/vault.yml and put secrets (e.g. producer keypair) into it. (NOTE: This example vault file has throwaway keys. Always encrypt and never put your vault in version control.)
---
vault_public_block_signing_key: EOS5EYm5qF42P9nvGi6Hej7ouDtEz2WRwxvgbSWE1RZM6kCbGryac
vault_private_block_signing_key: 5HyUavRk3QLcD2uyjNpzQpS4DaZgyVHgm7pwiUoBxQDUBowZsXM
  1. Encrypt your vault file with a high entropy passphrase.
ansible-vault encrypt group_vars/dev/vault.yml
  1. Save your vault passphrase somewhere safe like a password manager.

  2. Run the deploy_bp.yml playbook.

  • --ask-vault-pass [prompts for vault password]
  • -i INVENTORY_FILE [defines inventory of servers]
  • -e EXTRAS [override any playbook vars by passing space delimited key=value]
  • --key-file [required if using ssh key authentication]
ansible-playbook --ask-vault-pass -vvv -i dev.nodes -e "target=hacktildawn" --key-file ~/.ssh/hacktildawn.pem deploy_bp.yml

Playbook vars (Can be passed to -e)

  • host_data_dir [defaults to: /data] the volume to be mounted on the host system.
  • eosio_container_data_dir [defaults to: /opt/eosio/bin/data-dir] the data directory to be mounted on the container. Contains config.ini and genesis.json.
  • container_http_port [defaults to: 8888] The port to expose to the host system for http requests.
  • container_p2p_port [defaults to: 9876] The port to expose to the host system for p2p requests.
  • docker_hub_image [defaults to: eosio/eos] The docker image to use for the container.
  • image_tag [defaults to: dawn-v4.0.0] The docker image tag or version to use.
  • eosio_network_name [defaults to: hacktildawn] A nickname for the network. Used to retrieve the appropriate genesis.json file.
  • agent_name [defaults to: EOS Detroit] A nickname for your nodeos.
  • producer_name [defaults to: eosiodetroit] The name of your producer account.
  • p2p_server_address [defaults to: hacktildawn.eosdetroit.com] The domain name for your node p2p connection. Should be kept secret on main nets.
  • domain_name [defaults to: hacktildawn.eosdetroit.com] The domain name for your https connection (API node).
  • letsencrypt_email [defaults to: rob@eosdetroit.com] The email address to use for letsencrypt.
  • p2p_peers [] A list of peers to connect to.

TODO

  • Allow a node "type" to be specified (producer, api, storage, etc.)