Merge pull request #24 from ehh-why-its-so-hard/enable-services

feat: add retries to apt and url_get modules
vegaprotocol · Nov 11, 2024 · 68e7bc4 · 68e7bc4
2 parents 8ee6d64 + ba4009c
commit 68e7bc4
Show file tree

Hide file tree

Showing 21 changed files with 105 additions and 29 deletions.
diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml
@@ -7,6 +7,10 @@
       - ca-certificates
       - curl
       - software-properties-common
+  retries: 3
+  delay: 3
+  register: docker_apt_common_result
+  until: docker_apt_common_result is succeeded
 
 - name: Add apt key for required repositories
   ansible.builtin.apt_key:
@@ -32,6 +36,10 @@
       - containerd.io
       - docker-buildx-plugin
       - docker-compose-plugin
+  retries: 3
+  delay: 3
+  register: docker_apt_result
+  until: docker_apt_result is succeeded
 
 - name: Restart docker
   ansible.builtin.systemd:

diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml
@@ -9,13 +9,21 @@
       - ufw
       - firewalld
     state: absent
+  retries: 3
+  delay: 3
+  register: firewall_remove_apt_result
+  until: firewall_remove_apt_result is succeeded
 
 - name: Install iptables
   ansible.builtin.apt:
     pkg:
       - iptables
       - iptables-persistent
     state: present
+  retries: 3
+  delay: 3
+  register: firewall_apt_result
+  until: firewall_apt_result is succeeded
 
 - name: Template restore file
   ansible.builtin.template:

diff --git a/roles/geth/tasks/main.yaml b/roles/geth/tasks/main.yaml
@@ -4,12 +4,20 @@
     pkg:
       - tar
       - gzip
+  retries: 3
+  delay: 3
+  register: geth_apt_result
+  until: geth_apt_result is succeeded
 
 - name: Download geth binary
   ansible.builtin.get_url:
     url: "https://gethstore.blob.core.windows.net/builds/geth-linux-amd64-{{- geth_version -}}.tar.gz"
     dest: &geth_dest /tmp/geth.zip
     mode: '0600'
+  retries: 3
+  delay: 3
+  register: geth_download_result
+  until: geth_download_result is succeeded
 
 - name: Unpack geth
   ansible.builtin.unarchive:

diff --git a/roles/grafana_agent/tasks/main.yaml b/roles/grafana_agent/tasks/main.yaml
@@ -2,6 +2,10 @@
 - name: Grafana Agent | Install grafana-agent
   ansible.builtin.apt:
     deb: "https://github.com/{{- grafana_agent_repository -}}/releases/download/v{{- grafana_agent_version -}}/grafana-agent-{{- grafana_agent_version -}}-1.amd64.deb" # noqa: yaml[line-length]
+  retries: 3
+  delay: 5
+  register: grafana_agent_install_result
+  until: grafana_agent_install_result is succeeded
 
 - name: Grafana Agent | Update CUSTOM_ARGS environment variables for grafana config
   ansible.builtin.lineinfile:

diff --git a/roles/grafana_server/tasks/main.yaml b/roles/grafana_server/tasks/main.yaml
@@ -15,6 +15,9 @@
         allow_downgrade: true
         allow_change_held_packages: true
       register: grafana_server_install
+      retries: 3
+      delay: 3
+      until: grafana_server_install is succeeded
 
     - name: Ensure grafana plugins dir exists
       ansible.builtin.file:

diff --git a/roles/java/tasks/main.yaml b/roles/java/tasks/main.yaml
@@ -3,3 +3,7 @@
   ansible.builtin.apt:
     name:
       - openjdk-17-jdk
+  retries: 3
+  delay: 3
+  register: java_install_result
+  until: java_install_result is succeeded
diff --git a/roles/jenkins_master/defaults/main.yaml b/roles/jenkins_master/defaults/main.yaml
@@ -3,3 +3,4 @@ jenkins_master_version: '2.452.4'
 
 jenkins_master_with_zfs: false
 jenkins_master_zfs_device: /dev/sdb
+jenkins_master_permissive_script_security: false
diff --git a/roles/jenkins_master/tasks/main.yaml b/roles/jenkins_master/tasks/main.yaml
@@ -30,6 +30,10 @@
   ansible.builtin.apt:
     name:
       - openjdk-17-jdk
+  retries: 3
+  delay: 3
+  register: jenkins_java_install_result
+  until: jenkins_java_install_result is succeeded
 
 - name: Install Jenkins
   ansible.builtin.apt:
@@ -38,6 +42,10 @@
   notify:
     - "Reload systemd config"
     - "Restart jenkins"
+  retries: 3
+  delay: 3
+  register: jenkins_install_result
+  until: jenkins_install_result is succeeded
 
 
 - name: Create a directory if it does not exist
@@ -48,7 +56,7 @@
 
 
 - name: Copy jenkins.service.d config
-  ansible.builtin.copy:
+  ansible.builtin.template:
     src: 'etc/systemd/system/jenkins.service.d/override.conf'
     dest: '/etc/systemd/system/jenkins.service.d/override.conf'
     owner: 'root'

diff --git a/...md/system/jenkins.service.d/override.conf → ...md/system/jenkins.service.d/override.conf b/...md/system/jenkins.service.d/override.conf → ...md/system/jenkins.service.d/override.conf
@@ -1,5 +1,5 @@
 [Service]
 Environment="JAVA_OPTS=-Djava.awt.headless=true -Xms6144m -Xmx6144m"
-Environment="JENKINS_OPTS=--sessionTimeout=10080 --sessionEviction=259200"
+Environment="JENKINS_OPTS=--sessionTimeout=10080 --sessionEviction=259200{%- if jenkins_master_permissive_script_security %}  -Dpermissive-script-security.enabled=true{%- endif -%}"
 Environment="JENKINS_HOME=/home/jenkins"
 TimeoutSec=900
diff --git a/roles/vega_caddy_server/tasks/install-caddy.yaml b/roles/vega_caddy_server/tasks/install-caddy.yaml
@@ -7,6 +7,10 @@
       - debian-archive-keyring
       - apt-transport-https
       - curl
+  retries: 3
+  delay: 3
+  register: vega_caddy_server_common_install
+  until: vega_caddy_server_common_install is succeeded
 
 - name: CaddyserverV2 | Check if Go installed
   ansible.builtin.command: "go version"
@@ -41,6 +45,10 @@
     deb: "https://github.com/caddyserver/xcaddy/releases/download/v{{ vega_caddy_server_xcaddy_version }}/xcaddy_{{ vega_caddy_server_xcaddy_version }}_linux_amd64.deb" # noqa: yaml[line-length]
     update_cache: true
     state: present
+  retries: 3
+  delay: 3
+  register: vega_caddy_server_xcaddy_install
+  until: vega_caddy_server_xcaddy_install is succeeded
 
 - name: Check if caddy is installed
   ansible.builtin.command: "caddy version"
@@ -52,8 +60,9 @@
 - name: CaddyserverV2 | Compile caddy from sources
   ansible.builtin.command: |
     xcaddy build {{ vega_caddy_server_caddy_version }} \
-      --output /usr/bin/caddy
-      --with github.com/caddyserver/replace-response
+      --output /usr/bin/caddy \
+      --with github.com/caddyserver/replace-response \
+      --with github.com/shift72/caddy
   when: (caddy_version.rc != 0) or (not vega_caddy_server_caddy_version in caddy_version.stdout)
   changed_when: (caddy_version.rc != 0) or (not vega_caddy_server_caddy_version in caddy_version.stdout)
   notify: "Restart caddy"

diff --git a/roles/vega_common/tasks/dasel.yaml b/roles/vega_common/tasks/dasel.yaml
@@ -4,3 +4,8 @@
     url: "https://github.com/TomWright/dasel/releases/download/v{{- vega_common_dasel_version -}}/dasel_linux_amd64"
     dest: /usr/local/bin/dasel
     mode: '0755'
+    timeout: 30
+  retries: 3
+  delay: 3
+  register: dasel_result
+  until: dasel_result is succeeded
diff --git a/roles/vega_common/tasks/main.yaml b/roles/vega_common/tasks/main.yaml
@@ -13,12 +13,20 @@
       - gzip
       - tar
       - bzip2
+  retries: 3
+  delay: 3
+  register: vega_common_install
+  until: vega_common_install is succeeded
 
 - name: Install Python and pip
   ansible.builtin.apt:
     pkg:
       - python3
       - python3-pip
+  retries: 3
+  delay: 3
+  register: vega_common_python_install
+  until: vega_common_python_install is succeeded
 
 - name: Ensure group "vega" exists
   ansible.builtin.group:

diff --git a/roles/vega_core/defaults/main.yaml b/roles/vega_core/defaults/main.yaml
@@ -6,11 +6,12 @@ vega_core_with_unsafe_reset_all: false
 vega_core_chain_id: ""
 vega_core_external_endpoint: ""
 # vega version used only once for genesis version in the vegavisor and for the maintenance stuff (/usr/local/bin/vega)
+vega_core_download_repository: vegaprotocol
 vega_core_download_binary_version: v0.77.6
 vega_core_with_data_node: false
 vega_core_with_block_explorer: false
 vega_core_validator_node: false
-vega_core_vega_monitoring: false
+vega_core_with_vega_monitoring: false
 vega_core_number_of_snapshots_to_keep: 240
 vega_core_pprof_enabled: false
 vega_core_with_node_init: true
@@ -61,3 +62,5 @@ vega_core_data_node_settings: {}
 vega_core_with_health_check: true
 vega_core_health_check_repository: "nebula-dex/vega-health-check"
 vega_core_health_check_version: "v0.2.0"
+
+vega_core_vegavisor_config: {}
diff --git a/roles/vega_core/tasks/configuration.yaml b/roles/vega_core/tasks/configuration.yaml
@@ -86,14 +86,6 @@
         group: vega
         mode: '0755'
 
-    - name: Visor config
-      ansible.builtin.template:
-        src: "home/vega/vegavisor_home/config.toml.j2"
-        dest: "/home/vega/vegavisor_home/config.toml"
-        owner: "vega"
-        group: "vega"
-        mode: "0664"
-
     - name: Visor genesis config
       ansible.builtin.template:
         src: "home/vega/vegavisor_home/genesis/run-config.toml.j2"
@@ -120,6 +112,15 @@
         mode: '0755'
 
 
+- name: Render visor config
+  ansible.builtin.template:
+    src: "home/vega/vegavisor_home/config.toml.j2"
+    dest: "/home/vega/vegavisor_home/config.toml"
+    owner: "vega"
+    group: "vega"
+    mode: "0664"
+
+
 - name: Data node config(template only)
   ansible.builtin.template:
     src: "home/vega/vega_home/config/data-node/config.toml.j2"

diff --git a/roles/vega_core/tasks/get-binaries.yaml b/roles/vega_core/tasks/get-binaries.yaml
@@ -2,7 +2,7 @@
 - name: Download vega binary
   ansible.builtin.get_url:
     force: true
-    url: "https://github.com/vegaprotocol/vega/releases/download/{{- vega_core_download_binary_version -}}/vega-linux-amd64.zip"
+    url: "https://github.com/{{- vega_core_download_repository -}}/vega/releases/download/{{- vega_core_download_binary_version -}}/vega-linux-amd64.zip"
     dest: &vega_dest /tmp/vega.zip
     mode: '0600'
 
@@ -26,7 +26,7 @@
 - name: Download visor binary
   ansible.builtin.get_url:
     force: true
-    url: "https://github.com/vegaprotocol/vega/releases/download/{{- vega_core_download_binary_version -}}/visor-linux-amd64.zip"
+    url: "https://github.com/{{- vega_core_download_repository -}}/vega/releases/download/{{- vega_core_download_binary_version -}}/visor-linux-amd64.zip"
     dest: &visor_dest /tmp/visor.zip
     mode: '0600'
 

diff --git a/roles/vega_core/templates/home/vega/tendermint_home/config/config.toml.j2 b/roles/vega_core/templates/home/vega/tendermint_home/config/config.toml.j2
@@ -435,7 +435,7 @@ peer_query_maj23_sleep_duration = "2s"
 # considerable amount of disk space. Set to false to ensure ABCI responses are
 # persisted. ABCI responses are required for /block_results RPC queries, and to
 # reindex events in the command-line tool.
-discard_abci_responses = {{'false' if vega_core_vega_monitoring else 'true'}}
+discard_abci_responses = {{'false' if vega_core_with_vega_monitoring or vega_core_with_block_explorer else 'true'}}
 
 #######################################################
 ###   Transaction Indexer Configuration Options     ###

diff --git a/roles/vega_core/templates/home/vega/vega_home/config/node/config.toml.j2 b/roles/vega_core/templates/home/vega/vega_home/config/node/config.toml.j2
@@ -97,8 +97,8 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }}
   [[Ethereum.EVMChainConfigs]]
     ChainID = "{{- evm_config.chain_id -}}"
     RPCEndpoint = "{{- evm_config.endpoint -}}"
-{% endfor %}
 
+{% endfor %}
 [Processor]
   Level = "Info"
   LogOrderSubmitDebug = true
@@ -109,9 +109,6 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }}
     DevEnabled = false
     CrashAtHeight = 0
     DebugCrashFile = "/tmp/snapshot.json"
-  [Processor.Ratelimit]
-    Requests = 500
-    PerNBlocks = 10
 
 [Logging]
   Environment = "dev"
@@ -167,19 +164,14 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }}
   Level = "Debug"
   RetryRate = "10s"
   KeepHashesDurationForTestOnlyDoNotChange = "48h0m0s"
-  BlockchainQueueAllowlist = [{% if faucet_pubkey|default('') %}
-    # faucet
-    "{{ faucet_pubkey }}"
-{% endif %}]
-
+  BlockchainQueueAllowlist = []
   [EvtForward.Ethereum]
     Level = "Debug"
     MaxEthereumBlocks = 10000
     PollEventRetryDuration = "20s"
     ChainID = ""
     SkipClientVerification = true
     HeartbeatIntervalForTestOnlyDoNotChange = "1h0m0s"
-
 {% if vega_core_secondary_evm_endpoint | default("") != "" %}
   [[EvtForward.EVMBridges]]
     Level = "Info"
@@ -188,7 +180,6 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }}
     ChainID = "{{- vega_core_secondary_evm_chain_id -}}"
     SkipClientVerification = true
 {% endif %}
-
   [EvtForward.EthCall]
     Level = "Debug"
     PollEvery = "20s"
@@ -202,7 +193,6 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }}
   ApproxEthereumBlockTime = "15s"
   NodeVoteResendInterval = "10s"
 
-
 [Banking]
   Level = "Info"
 

diff --git a/roles/vega_core/templates/home/vega/vegavisor_home/config.toml.j2 b/roles/vega_core/templates/home/vega/vegavisor_home/config.toml.j2
@@ -10,7 +10,7 @@ stopSignalTimeoutSeconds = 15
 
 [autoInstall]
   enabled = true
-  repositoryOwner = "vegaprotocol"
+  repositoryOwner = "{{- vega_core_vegavisor_config['autoInstall.repositoryOwner']|default('vegaprotocol') -}}"
   repository = "vega"
   [autoInstall.asset]
     name = "vega-linux-amd64.zip"

diff --git a/roles/vega_postgresql/tasks/postgresql.yaml b/roles/vega_postgresql/tasks/postgresql.yaml
@@ -4,6 +4,10 @@
     update_cache: true
     pkg:
       - python3-psycopg2
+  retries: 3
+  delay: 3
+  register: vega_psql_common_install
+  until: vega_psql_common_install is succeeded
 
 # https://wiki.postgresql.org/wiki/Apt
 # https://stackoverflow.com/questions/71585303/how-can-i-manage-keyring-files-in-trusted-gpg-d-with-ansible-playbook-since-apt
@@ -25,3 +29,7 @@
     pkg:
       - "postgresql-{{- vega_postgresql_version -}}"
       - "postgresql-contrib-{{- vega_postgresql_version -}}"
+  retries: 3
+  delay: 3
+  register: vega_psql_install
+  until: vega_psql_install is succeeded
diff --git a/roles/vega_postgresql/tasks/timescale.yaml b/roles/vega_postgresql/tasks/timescale.yaml
@@ -35,3 +35,7 @@
       - "timescaledb-2-loader-postgresql-{{ vega_postgresql_version }}={{- vega_postgresql_timescaledb_version -}}*"
   notify:
     - "Restart postgresql"
+  retries: 3
+  delay: 3
+  register: vega_psql_timescaledb_install
+  until: vega_psql_timescaledb_install is succeeded
diff --git a/roles/vega_zfs/tasks/main.yaml b/roles/vega_zfs/tasks/main.yaml
@@ -4,6 +4,10 @@
   ansible.builtin.apt:
     pkg:
       - zfsutils-linux
+  retries: 3
+  delay: 3
+  register: vega_zfs_install
+  until: vega_zfs_install is succeeded
 
 - name: Ensure mountpoint exists
   when: vega_zfs_device != ""
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,3 +3,4 @@ jenkins_master_version: '2.452.4'

		jenkins_master_with_zfs: false
		jenkins_master_zfs_device: /dev/sdb
		jenkins_master_permissive_script_security: false