diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml index 2050bec..14659f9 100644 --- a/roles/docker/tasks/main.yaml +++ b/roles/docker/tasks/main.yaml @@ -7,6 +7,10 @@ - ca-certificates - curl - software-properties-common + retries: 3 + delay: 3 + register: docker_apt_common_result + until: docker_apt_common_result is succeeded - name: Add apt key for required repositories ansible.builtin.apt_key: @@ -32,6 +36,10 @@ - containerd.io - docker-buildx-plugin - docker-compose-plugin + retries: 3 + delay: 3 + register: docker_apt_result + until: docker_apt_result is succeeded - name: Restart docker ansible.builtin.systemd: diff --git a/roles/firewall/tasks/main.yml b/roles/firewall/tasks/main.yml index 0d9be1f..11f146e 100644 --- a/roles/firewall/tasks/main.yml +++ b/roles/firewall/tasks/main.yml @@ -9,6 +9,10 @@ - ufw - firewalld state: absent + retries: 3 + delay: 3 + register: firewall_remove_apt_result + until: firewall_remove_apt_result is succeeded - name: Install iptables ansible.builtin.apt: @@ -16,6 +20,10 @@ - iptables - iptables-persistent state: present + retries: 3 + delay: 3 + register: firewall_apt_result + until: firewall_apt_result is succeeded - name: Template restore file ansible.builtin.template: diff --git a/roles/geth/tasks/main.yaml b/roles/geth/tasks/main.yaml index f34b1da..80f11d0 100644 --- a/roles/geth/tasks/main.yaml +++ b/roles/geth/tasks/main.yaml @@ -4,12 +4,20 @@ pkg: - tar - gzip + retries: 3 + delay: 3 + register: geth_apt_result + until: geth_apt_result is succeeded - name: Download geth binary ansible.builtin.get_url: url: "https://gethstore.blob.core.windows.net/builds/geth-linux-amd64-{{- geth_version -}}.tar.gz" dest: &geth_dest /tmp/geth.zip mode: '0600' + retries: 3 + delay: 3 + register: geth_download_result + until: geth_download_result is succeeded - name: Unpack geth ansible.builtin.unarchive: diff --git a/roles/grafana_agent/tasks/main.yaml b/roles/grafana_agent/tasks/main.yaml index 3200103..9f99ab5 100644 --- a/roles/grafana_agent/tasks/main.yaml +++ b/roles/grafana_agent/tasks/main.yaml @@ -2,6 +2,10 @@ - name: Grafana Agent | Install grafana-agent ansible.builtin.apt: deb: "https://github.com/{{- grafana_agent_repository -}}/releases/download/v{{- grafana_agent_version -}}/grafana-agent-{{- grafana_agent_version -}}-1.amd64.deb" # noqa: yaml[line-length] + retries: 3 + delay: 5 + register: grafana_agent_install_result + until: grafana_agent_install_result is succeeded - name: Grafana Agent | Update CUSTOM_ARGS environment variables for grafana config ansible.builtin.lineinfile: diff --git a/roles/grafana_server/tasks/main.yaml b/roles/grafana_server/tasks/main.yaml index 642f777..8d2aa07 100644 --- a/roles/grafana_server/tasks/main.yaml +++ b/roles/grafana_server/tasks/main.yaml @@ -15,6 +15,9 @@ allow_downgrade: true allow_change_held_packages: true register: grafana_server_install + retries: 3 + delay: 3 + until: grafana_server_install is succeeded - name: Ensure grafana plugins dir exists ansible.builtin.file: diff --git a/roles/java/tasks/main.yaml b/roles/java/tasks/main.yaml index 0966ae1..cb5de1f 100644 --- a/roles/java/tasks/main.yaml +++ b/roles/java/tasks/main.yaml @@ -3,3 +3,7 @@ ansible.builtin.apt: name: - openjdk-17-jdk + retries: 3 + delay: 3 + register: java_install_result + until: java_install_result is succeeded diff --git a/roles/jenkins_master/defaults/main.yaml b/roles/jenkins_master/defaults/main.yaml index c039745..738aa14 100644 --- a/roles/jenkins_master/defaults/main.yaml +++ b/roles/jenkins_master/defaults/main.yaml @@ -3,3 +3,4 @@ jenkins_master_version: '2.452.4' jenkins_master_with_zfs: false jenkins_master_zfs_device: /dev/sdb +jenkins_master_permissive_script_security: false diff --git a/roles/jenkins_master/tasks/main.yaml b/roles/jenkins_master/tasks/main.yaml index a4b9da8..86b982f 100644 --- a/roles/jenkins_master/tasks/main.yaml +++ b/roles/jenkins_master/tasks/main.yaml @@ -30,6 +30,10 @@ ansible.builtin.apt: name: - openjdk-17-jdk + retries: 3 + delay: 3 + register: jenkins_java_install_result + until: jenkins_java_install_result is succeeded - name: Install Jenkins ansible.builtin.apt: @@ -38,6 +42,10 @@ notify: - "Reload systemd config" - "Restart jenkins" + retries: 3 + delay: 3 + register: jenkins_install_result + until: jenkins_install_result is succeeded - name: Create a directory if it does not exist @@ -48,7 +56,7 @@ - name: Copy jenkins.service.d config - ansible.builtin.copy: + ansible.builtin.template: src: 'etc/systemd/system/jenkins.service.d/override.conf' dest: '/etc/systemd/system/jenkins.service.d/override.conf' owner: 'root' diff --git a/roles/jenkins_master/files/etc/systemd/system/jenkins.service.d/override.conf b/roles/jenkins_master/templates/etc/systemd/system/jenkins.service.d/override.conf similarity index 62% rename from roles/jenkins_master/files/etc/systemd/system/jenkins.service.d/override.conf rename to roles/jenkins_master/templates/etc/systemd/system/jenkins.service.d/override.conf index cc14c50..90c48b3 100644 --- a/roles/jenkins_master/files/etc/systemd/system/jenkins.service.d/override.conf +++ b/roles/jenkins_master/templates/etc/systemd/system/jenkins.service.d/override.conf @@ -1,5 +1,5 @@ [Service] Environment="JAVA_OPTS=-Djava.awt.headless=true -Xms6144m -Xmx6144m" -Environment="JENKINS_OPTS=--sessionTimeout=10080 --sessionEviction=259200" +Environment="JENKINS_OPTS=--sessionTimeout=10080 --sessionEviction=259200{%- if jenkins_master_permissive_script_security %} -Dpermissive-script-security.enabled=true{%- endif -%}" Environment="JENKINS_HOME=/home/jenkins" TimeoutSec=900 diff --git a/roles/vega_caddy_server/tasks/install-caddy.yaml b/roles/vega_caddy_server/tasks/install-caddy.yaml index 41b811b..0240c2a 100644 --- a/roles/vega_caddy_server/tasks/install-caddy.yaml +++ b/roles/vega_caddy_server/tasks/install-caddy.yaml @@ -7,6 +7,10 @@ - debian-archive-keyring - apt-transport-https - curl + retries: 3 + delay: 3 + register: vega_caddy_server_common_install + until: vega_caddy_server_common_install is succeeded - name: CaddyserverV2 | Check if Go installed ansible.builtin.command: "go version" @@ -41,6 +45,10 @@ deb: "https://github.com/caddyserver/xcaddy/releases/download/v{{ vega_caddy_server_xcaddy_version }}/xcaddy_{{ vega_caddy_server_xcaddy_version }}_linux_amd64.deb" # noqa: yaml[line-length] update_cache: true state: present + retries: 3 + delay: 3 + register: vega_caddy_server_xcaddy_install + until: vega_caddy_server_xcaddy_install is succeeded - name: Check if caddy is installed ansible.builtin.command: "caddy version" @@ -52,8 +60,9 @@ - name: CaddyserverV2 | Compile caddy from sources ansible.builtin.command: | xcaddy build {{ vega_caddy_server_caddy_version }} \ - --output /usr/bin/caddy - --with github.com/caddyserver/replace-response + --output /usr/bin/caddy \ + --with github.com/caddyserver/replace-response \ + --with github.com/shift72/caddy when: (caddy_version.rc != 0) or (not vega_caddy_server_caddy_version in caddy_version.stdout) changed_when: (caddy_version.rc != 0) or (not vega_caddy_server_caddy_version in caddy_version.stdout) notify: "Restart caddy" diff --git a/roles/vega_common/tasks/dasel.yaml b/roles/vega_common/tasks/dasel.yaml index 0426f4a..6767967 100644 --- a/roles/vega_common/tasks/dasel.yaml +++ b/roles/vega_common/tasks/dasel.yaml @@ -4,3 +4,8 @@ url: "https://github.com/TomWright/dasel/releases/download/v{{- vega_common_dasel_version -}}/dasel_linux_amd64" dest: /usr/local/bin/dasel mode: '0755' + timeout: 30 + retries: 3 + delay: 3 + register: dasel_result + until: dasel_result is succeeded diff --git a/roles/vega_common/tasks/main.yaml b/roles/vega_common/tasks/main.yaml index 4bf949f..a9a4936 100644 --- a/roles/vega_common/tasks/main.yaml +++ b/roles/vega_common/tasks/main.yaml @@ -13,12 +13,20 @@ - gzip - tar - bzip2 + retries: 3 + delay: 3 + register: vega_common_install + until: vega_common_install is succeeded - name: Install Python and pip ansible.builtin.apt: pkg: - python3 - python3-pip + retries: 3 + delay: 3 + register: vega_common_python_install + until: vega_common_python_install is succeeded - name: Ensure group "vega" exists ansible.builtin.group: diff --git a/roles/vega_core/defaults/main.yaml b/roles/vega_core/defaults/main.yaml index 2fcc378..19c0e9d 100644 --- a/roles/vega_core/defaults/main.yaml +++ b/roles/vega_core/defaults/main.yaml @@ -6,11 +6,12 @@ vega_core_with_unsafe_reset_all: false vega_core_chain_id: "" vega_core_external_endpoint: "" # vega version used only once for genesis version in the vegavisor and for the maintenance stuff (/usr/local/bin/vega) +vega_core_download_repository: vegaprotocol vega_core_download_binary_version: v0.77.6 vega_core_with_data_node: false vega_core_with_block_explorer: false vega_core_validator_node: false -vega_core_vega_monitoring: false +vega_core_with_vega_monitoring: false vega_core_number_of_snapshots_to_keep: 240 vega_core_pprof_enabled: false vega_core_with_node_init: true @@ -61,3 +62,5 @@ vega_core_data_node_settings: {} vega_core_with_health_check: true vega_core_health_check_repository: "nebula-dex/vega-health-check" vega_core_health_check_version: "v0.2.0" + +vega_core_vegavisor_config: {} diff --git a/roles/vega_core/tasks/configuration.yaml b/roles/vega_core/tasks/configuration.yaml index 5c55e4b..4d5c6e4 100644 --- a/roles/vega_core/tasks/configuration.yaml +++ b/roles/vega_core/tasks/configuration.yaml @@ -86,14 +86,6 @@ group: vega mode: '0755' - - name: Visor config - ansible.builtin.template: - src: "home/vega/vegavisor_home/config.toml.j2" - dest: "/home/vega/vegavisor_home/config.toml" - owner: "vega" - group: "vega" - mode: "0664" - - name: Visor genesis config ansible.builtin.template: src: "home/vega/vegavisor_home/genesis/run-config.toml.j2" @@ -120,6 +112,15 @@ mode: '0755' +- name: Render visor config + ansible.builtin.template: + src: "home/vega/vegavisor_home/config.toml.j2" + dest: "/home/vega/vegavisor_home/config.toml" + owner: "vega" + group: "vega" + mode: "0664" + + - name: Data node config(template only) ansible.builtin.template: src: "home/vega/vega_home/config/data-node/config.toml.j2" diff --git a/roles/vega_core/tasks/get-binaries.yaml b/roles/vega_core/tasks/get-binaries.yaml index 7219cb5..c615f79 100644 --- a/roles/vega_core/tasks/get-binaries.yaml +++ b/roles/vega_core/tasks/get-binaries.yaml @@ -2,7 +2,7 @@ - name: Download vega binary ansible.builtin.get_url: force: true - url: "https://github.com/vegaprotocol/vega/releases/download/{{- vega_core_download_binary_version -}}/vega-linux-amd64.zip" + url: "https://github.com/{{- vega_core_download_repository -}}/vega/releases/download/{{- vega_core_download_binary_version -}}/vega-linux-amd64.zip" dest: &vega_dest /tmp/vega.zip mode: '0600' @@ -26,7 +26,7 @@ - name: Download visor binary ansible.builtin.get_url: force: true - url: "https://github.com/vegaprotocol/vega/releases/download/{{- vega_core_download_binary_version -}}/visor-linux-amd64.zip" + url: "https://github.com/{{- vega_core_download_repository -}}/vega/releases/download/{{- vega_core_download_binary_version -}}/visor-linux-amd64.zip" dest: &visor_dest /tmp/visor.zip mode: '0600' diff --git a/roles/vega_core/templates/home/vega/tendermint_home/config/config.toml.j2 b/roles/vega_core/templates/home/vega/tendermint_home/config/config.toml.j2 index 922b281..aaee3e2 100644 --- a/roles/vega_core/templates/home/vega/tendermint_home/config/config.toml.j2 +++ b/roles/vega_core/templates/home/vega/tendermint_home/config/config.toml.j2 @@ -435,7 +435,7 @@ peer_query_maj23_sleep_duration = "2s" # considerable amount of disk space. Set to false to ensure ABCI responses are # persisted. ABCI responses are required for /block_results RPC queries, and to # reindex events in the command-line tool. -discard_abci_responses = {{'false' if vega_core_vega_monitoring else 'true'}} +discard_abci_responses = {{'false' if vega_core_with_vega_monitoring or vega_core_with_block_explorer else 'true'}} ####################################################### ### Transaction Indexer Configuration Options ### diff --git a/roles/vega_core/templates/home/vega/vega_home/config/node/config.toml.j2 b/roles/vega_core/templates/home/vega/vega_home/config/node/config.toml.j2 index ed0a9b4..4eaa98c 100644 --- a/roles/vega_core/templates/home/vega/vega_home/config/node/config.toml.j2 +++ b/roles/vega_core/templates/home/vega/vega_home/config/node/config.toml.j2 @@ -97,8 +97,8 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }} [[Ethereum.EVMChainConfigs]] ChainID = "{{- evm_config.chain_id -}}" RPCEndpoint = "{{- evm_config.endpoint -}}" -{% endfor %} +{% endfor %} [Processor] Level = "Info" LogOrderSubmitDebug = true @@ -109,9 +109,6 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }} DevEnabled = false CrashAtHeight = 0 DebugCrashFile = "/tmp/snapshot.json" - [Processor.Ratelimit] - Requests = 500 - PerNBlocks = 10 [Logging] Environment = "dev" @@ -167,11 +164,7 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }} Level = "Debug" RetryRate = "10s" KeepHashesDurationForTestOnlyDoNotChange = "48h0m0s" - BlockchainQueueAllowlist = [{% if faucet_pubkey|default('') %} - # faucet - "{{ faucet_pubkey }}" -{% endif %}] - + BlockchainQueueAllowlist = [] [EvtForward.Ethereum] Level = "Debug" MaxEthereumBlocks = 10000 @@ -179,7 +172,6 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }} ChainID = "" SkipClientVerification = true HeartbeatIntervalForTestOnlyDoNotChange = "1h0m0s" - {% if vega_core_secondary_evm_endpoint | default("") != "" %} [[EvtForward.EVMBridges]] Level = "Info" @@ -188,7 +180,6 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }} ChainID = "{{- vega_core_secondary_evm_chain_id -}}" SkipClientVerification = true {% endif %} - [EvtForward.EthCall] Level = "Debug" PollEvery = "20s" @@ -202,7 +193,6 @@ MaxMemoryPercent = {{ 90 if vega_core_validator_node else 33 }} ApproxEthereumBlockTime = "15s" NodeVoteResendInterval = "10s" - [Banking] Level = "Info" diff --git a/roles/vega_core/templates/home/vega/vegavisor_home/config.toml.j2 b/roles/vega_core/templates/home/vega/vegavisor_home/config.toml.j2 index d95cd4f..780d9be 100644 --- a/roles/vega_core/templates/home/vega/vegavisor_home/config.toml.j2 +++ b/roles/vega_core/templates/home/vega/vegavisor_home/config.toml.j2 @@ -10,7 +10,7 @@ stopSignalTimeoutSeconds = 15 [autoInstall] enabled = true - repositoryOwner = "vegaprotocol" + repositoryOwner = "{{- vega_core_vegavisor_config['autoInstall.repositoryOwner']|default('vegaprotocol') -}}" repository = "vega" [autoInstall.asset] name = "vega-linux-amd64.zip" diff --git a/roles/vega_postgresql/tasks/postgresql.yaml b/roles/vega_postgresql/tasks/postgresql.yaml index 3b37bb3..6e93dcd 100644 --- a/roles/vega_postgresql/tasks/postgresql.yaml +++ b/roles/vega_postgresql/tasks/postgresql.yaml @@ -4,6 +4,10 @@ update_cache: true pkg: - python3-psycopg2 + retries: 3 + delay: 3 + register: vega_psql_common_install + until: vega_psql_common_install is succeeded # https://wiki.postgresql.org/wiki/Apt # https://stackoverflow.com/questions/71585303/how-can-i-manage-keyring-files-in-trusted-gpg-d-with-ansible-playbook-since-apt @@ -25,3 +29,7 @@ pkg: - "postgresql-{{- vega_postgresql_version -}}" - "postgresql-contrib-{{- vega_postgresql_version -}}" + retries: 3 + delay: 3 + register: vega_psql_install + until: vega_psql_install is succeeded diff --git a/roles/vega_postgresql/tasks/timescale.yaml b/roles/vega_postgresql/tasks/timescale.yaml index 3a38cb8..29c0b16 100644 --- a/roles/vega_postgresql/tasks/timescale.yaml +++ b/roles/vega_postgresql/tasks/timescale.yaml @@ -35,3 +35,7 @@ - "timescaledb-2-loader-postgresql-{{ vega_postgresql_version }}={{- vega_postgresql_timescaledb_version -}}*" notify: - "Restart postgresql" + retries: 3 + delay: 3 + register: vega_psql_timescaledb_install + until: vega_psql_timescaledb_install is succeeded diff --git a/roles/vega_zfs/tasks/main.yaml b/roles/vega_zfs/tasks/main.yaml index 055a853..65a4061 100644 --- a/roles/vega_zfs/tasks/main.yaml +++ b/roles/vega_zfs/tasks/main.yaml @@ -4,6 +4,10 @@ ansible.builtin.apt: pkg: - zfsutils-linux + retries: 3 + delay: 3 + register: vega_zfs_install + until: vega_zfs_install is succeeded - name: Ensure mountpoint exists when: vega_zfs_device != ""