Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adapt to new polkadot binaries split #41

Merged
merged 4 commits into from
Aug 9, 2023
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/molecule.yml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ jobs:
with:
channel: latest/stable
- name: Setup Python modules
run: pip3 install yamllint ansible ansible-lint molecule molecule-plugins[docker] molecule-lxd docker
run: pip3 install PyYAML==5.3.1 yamllint ansible ansible-lint molecule molecule-plugins[docker] molecule-lxd docker
- name: Run molecule
run: molecule test --all
working-directory: "${{ github.repository }}/${{ inputs.role-path }}"
2 changes: 1 addition & 1 deletion galaxy.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ namespace: parity
name: chain

# The version of the collection. Must be compatible with semantic versioning
version: 1.4.0
version: 1.5.0

# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
Expand Down
2 changes: 1 addition & 1 deletion roles/key_inject/tasks/inject.yml
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@

- name: Inject | Check {{ item.type }} key results
ansible.builtin.debug:
msg: "Key {{ key_inject_pub_key }} ({{ item.type }}, {{ tem.scheme | default('sr25519') }}) is {{ 'NOT ' if not key_inject_uri.json.result else '' }}present in keystore"
msg: "Key {{ key_inject_pub_key }} ({{ item.type }}, {{ item.scheme | default('sr25519') }}) is {{ 'NOT ' if not key_inject_uri.json.result else '' }}present in keystore"
changed_when: not key_inject_uri.json.result

- name: Inject | Inject {{ item.type }} keys
Expand Down
10 changes: 10 additions & 0 deletions roles/node/defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,16 @@ node_binary_release_key_id: 9D4B2B6EB8F97156D19669A9FF0812D491B96798
# GPG signature URL. When left empty, binary verification will not be executed
node_binary_signature: ""

# Set it to true if Polkadot uses separate binaries: https://github.com/paritytech/polkadot/pull/7337
node_separate_binary: false
# List of binders to download if node_separate_binary is True.
BulatSaif marked this conversation as resolved.
Show resolved Hide resolved
# The first element is the main binary, and the rest are auxiliary binaries.
node_separate_binary_list:
- polkadot
- polkadot-prepare-worker
- polkadot-execute-worker


### Node preferences
# You can redefine any variables from playbooks directly
# Values from the "_node_profiles" are used by default
Expand Down
7 changes: 7 additions & 0 deletions roles/node/tasks/100-tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,13 @@
msg: "The 'node_binary' variable can't be empty!"
when: node_binary == ''

- name: Test | Check if separate binary
ansible.builtin.fail:
msg: "If 'node_separate_binary' is True, 'node_binary' and 'node_binary_signature' should end with '/'"
when:
- node_separate_binary
- not node_binary.endswith('/')

- name: Test | Check if node_binary_signature is a URL
ansible.builtin.fail:
msg: "The 'node_binary_signature' variable must be a URL!"
Expand Down
89 changes: 83 additions & 6 deletions roles/node/tasks/400-binary.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,9 @@
ansible.builtin.set_fact:
_node_temp_binary_file: "{{ _node_temp_dir.path }}/{{ node_app_name }}"

- name: Binary | Download binary
- name: Binary | Download main binary
ansible.builtin.get_url:
url: "{{ node_binary }}"
url: "{{ node_binary }}{{ node_separate_binary_list[0] if node_separate_binary else ''}}"
dest: "{{ _node_temp_binary_file }}"
mode: 0755
owner: "root"
Expand All @@ -25,16 +25,40 @@
check_mode: false
changed_when: false

- name: Binary | Download auxiliary binaries
ansible.builtin.get_url:
url: "{{ node_binary }}{{ item }}"
dest: "{{ _node_temp_dir.path }}"
mode: 0755
owner: "root"
group: "root"
timeout: 30
headers:
PRIVATE-TOKEN: "{{ node_binary_download_private_token }}"
check_mode: false
changed_when: false
when: node_separate_binary
loop: "{{ node_separate_binary_list[1:] }}"

- name: Binary | GPG signature verification
block:

- name: Binary | Download GPG signature
- name: Binary | Download GPG signature for main binary
ansible.builtin.get_url:
url: "{{ node_binary_signature }}"
url: "{{ node_binary_signature }}{{ node_separate_binary_list[0] + '.asc' if node_separate_binary else ''}}"
dest: "{{ _node_temp_dir.path }}/{{ node_app_name }}.asc"
check_mode: false
changed_when: false

- name: Binary | Download GPG signature for auxiliary binaries
ansible.builtin.get_url:
url: "{{ node_binary_signature }}{{ item }}.asc"
dest: "{{ _node_temp_dir.path }}/{{ item }}.asc"
check_mode: false
changed_when: false
when: node_separate_binary
loop: "{{ node_separate_binary_list[1:] }}"

- name: Binary | Import release GPG public key
ansible.builtin.command: |
{{ _node_binary_gpg_binary }} --keyserver hkps://keyserver.ubuntu.com --receive-keys {{ node_binary_release_key_id }}
Expand All @@ -43,14 +67,24 @@
failed_when: _node_keyout.rc != 0
check_mode: false

- name: Binary | Verify GPG signature
- name: Binary | Verify GPG signature for main binary
ansible.builtin.command: |
{{ _node_binary_gpg_binary }} --verify {{ _node_temp_dir.path }}/{{ node_app_name }}.asc
register: _node_verifyout
check_mode: false
changed_when: false
failed_when: _node_verifyout.rc != 0

- name: Binary | Verify GPG signature for auxiliary binaries
ansible.builtin.command: |
{{ _node_binary_gpg_binary }} --verify {{ _node_temp_dir.path }}/{{ item }}.asc
register: _node_verifyout
check_mode: false
changed_when: false
failed_when: _node_verifyout.rc != 0
when: node_separate_binary
loop: "{{ node_separate_binary_list[1:] }}"

when: node_binary_signature != ''

- name: Binary | Check new version
Expand Down Expand Up @@ -93,9 +127,39 @@
path: "{{ _node_binary_file | dirname }}"
register: _node_binary_path_stat

- name: Binary | Migration between versions
block:
- name: Binary | Check new version
ansible.builtin.command: "{{ _node_temp_binary_file }} --help"
register: _node_new_help
check_mode: false
changed_when: false
- name: Binary | Setup supported flags
ansible.builtin.set_fact:
_node_legacy_rpc_flags_supported: "{{ '--ws-port' in _node_new_help.stdout }}"
_node_separate_binary_supported: "{{ '--workers-path' in _node_new_help.stdout }}"
- name: Binary | Check new rpc flags
ansible.builtin.fail:
msg: "ERROR: RPC flag --ws-port {{ 'IS' if _node_legacy_rpc_flags_supported else 'NOT' }} supported. 'node_legacy_rpc_flags' should be set to {{ _node_legacy_rpc_flags_supported }}"
when:
# XOR (skip fail if both true or both false)
- node_legacy_rpc_flags or _node_legacy_rpc_flags_supported
- not (node_legacy_rpc_flags and _node_legacy_rpc_flags_supported)

- name: Binary | Check new worker flags
ansible.builtin.fail:
msg: >
ERROR: node flag --workers-path {{ 'IS' if _node_separate_binary_supported else 'NOT' }} supported.
'node_separate_binary' should be set to {{ _node_separate_binary_supported }},
you may also need to update the 'node_binary' and 'node_separate_binary_list' variables.
when:
# XOR (skip fail if both true or both false)
- node_separate_binary or _node_separate_binary_supported
- not (node_separate_binary and _node_separate_binary_supported)

# We don't need checking of hashes. The copy module does it itself.
# If you have the same binary file you will see a green check in the check mode.
- name: Binary | Copy new binary
- name: Binary | Copy new main binary
ansible.builtin.copy:
src: "{{ _node_temp_binary_file }}"
dest: "{{ _node_binary_file }}"
Expand All @@ -106,6 +170,19 @@
notify: restart service {{ node_handler_id }}
ignore_errors: "{{ not _node_binary_path_stat.stat.exists }}"

- name: Binary | Copy new auxiliary binaries
ansible.builtin.copy:
src: "{{ _node_temp_dir.path }}/{{ item }}"
dest: "{{ _node_binary_path }}/{{ item }}"
remote_src: yes
mode: 0755
owner: "{{ node_user }}"
group: "{{ node_user }}"
notify: restart service {{ node_handler_id }}
ignore_errors: "{{ not _node_binary_path_stat.stat.exists }}"
when: node_separate_binary
loop: "{{ node_separate_binary_list[1:] }}"

- name: Binary | Block
block:

Expand Down
Loading