You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

177 lines
5.5 KiB

7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
7 years ago
  1. ---
  2. order: 3
  3. ---
  4. # Terraform & Ansible
  5. > Note: These commands/files are not being maintained by the tendermint team currently. Please use them carefully.
  6. Automated deployments are done using
  7. [Terraform](https://www.terraform.io/) to create servers on Digital
  8. Ocean then [Ansible](http://www.ansible.com/) to create and manage
  9. testnets on those servers.
  10. ## Install
  11. NOTE: see the [integration bash
  12. script](https://github.com/tendermint/tendermint/blob/master/networks/remote/integration.sh)
  13. that can be run on a fresh DO droplet and will automatically spin up a 4
  14. node testnet. The script more or less does everything described below.
  15. - Install [Terraform](https://www.terraform.io/downloads.html) and
  16. [Ansible](http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
  17. on a Linux machine.
  18. - Create a [DigitalOcean API
  19. token](https://cloud.digitalocean.com/settings/api/tokens) with read
  20. and write capability.
  21. - Install the python dopy package (`pip install dopy`)
  22. - Create SSH keys (`ssh-keygen`)
  23. - Set environment variables:
  24. ```
  25. export DO_API_TOKEN="abcdef01234567890abcdef01234567890"
  26. export SSH_KEY_FILE="$HOME/.ssh/id_rsa.pub"
  27. ```
  28. These will be used by both `terraform` and `ansible`.
  29. ## Terraform
  30. This step will create four Digital Ocean droplets. First, go to the
  31. correct directory:
  32. ```
  33. cd $GOPATH/src/github.com/tendermint/tendermint/networks/remote/terraform
  34. ```
  35. then:
  36. ```
  37. terraform init
  38. terraform apply -var DO_API_TOKEN="$DO_API_TOKEN" -var SSH_KEY_FILE="$SSH_KEY_FILE"
  39. ```
  40. and you will get a list of IP addresses that belong to your droplets.
  41. With the droplets created and running, let's setup Ansible.
  42. ## Ansible
  43. The playbooks in [the ansible
  44. directory](https://github.com/tendermint/tendermint/tree/master/networks/remote/ansible)
  45. run ansible roles to configure the sentry node architecture. You must
  46. switch to this directory to run ansible
  47. (`cd $GOPATH/src/github.com/tendermint/tendermint/networks/remote/ansible`).
  48. There are several roles that are self-explanatory:
  49. First, we configure our droplets by specifying the paths for tendermint
  50. (`BINARY`) and the node files (`CONFIGDIR`). The latter expects any
  51. number of directories named `node0, node1, ...` and so on (equal to the
  52. number of droplets created).
  53. To create the node files run:
  54. ```
  55. tendermint testnet
  56. ```
  57. Then, to configure our droplets run:
  58. ```
  59. ansible-playbook -i inventory/digital_ocean.py -l sentrynet config.yml -e BINARY=$GOPATH/src/github.com/tendermint/tendermint/build/tendermint -e CONFIGDIR=$GOPATH/src/github.com/tendermint/tendermint/networks/remote/ansible/mytestnet
  60. ```
  61. Voila! All your droplets now have the `tendermint` binary and required
  62. configuration files to run a testnet.
  63. Next, we run the install role:
  64. ```
  65. ansible-playbook -i inventory/digital_ocean.py -l sentrynet install.yml
  66. ```
  67. which as you'll see below, executes
  68. `tendermint node --proxy_app=kvstore` on all droplets. Although we'll
  69. soon be modifying this role and running it again, this first execution
  70. allows us to get each `node_info.id` that corresponds to each
  71. `node_info.listen_addr`. (This part will be automated in the future). In
  72. your browser (or using `curl`), for every droplet, go to IP:26657/status
  73. and note the two just mentioned `node_info` fields. Notice that blocks
  74. aren't being created (`latest_block_height` should be zero and not
  75. increasing).
  76. Next, open `roles/install/templates/systemd.service.j2` and look for the
  77. line `ExecStart` which should look something like:
  78. ```
  79. ExecStart=/usr/bin/tendermint node --proxy_app=kvstore
  80. ```
  81. and add the `--p2p.persistent_peers` flag with the relevant information
  82. for each node. The resulting file should look something like:
  83. ```
  84. [Unit]
  85. Description={{service}}
  86. Requires=network-online.target
  87. After=network-online.target
  88. [Service]
  89. Restart=on-failure
  90. User={{service}}
  91. Group={{service}}
  92. PermissionsStartOnly=true
  93. ExecStart=/usr/bin/tendermint node --proxy_app=kvstore --p2p.persistent_peers=167b80242c300bf0ccfb3ced3dec60dc2a81776e@165.227.41.206:26656,3c7a5920811550c04bf7a0b2f1e02ab52317b5e6@165.227.43.146:26656,303a1a4312c30525c99ba66522dd81cca56a361a@159.89.115.32:26656,b686c2a7f4b1b46dca96af3a0f31a6a7beae0be4@159.89.119.125:26656
  94. ExecReload=/bin/kill -HUP $MAINPID
  95. KillSignal=SIGTERM
  96. [Install]
  97. WantedBy=multi-user.target
  98. ```
  99. Then, stop the nodes:
  100. ```
  101. ansible-playbook -i inventory/digital_ocean.py -l sentrynet stop.yml
  102. ```
  103. Finally, we run the install role again:
  104. ```
  105. ansible-playbook -i inventory/digital_ocean.py -l sentrynet install.yml
  106. ```
  107. to re-run `tendermint node` with the new flag, on all droplets. The
  108. `latest_block_hash` should now be changing and `latest_block_height`
  109. increasing. Your testnet is now up and running :)
  110. Peek at the logs with the status role:
  111. ```
  112. ansible-playbook -i inventory/digital_ocean.py -l sentrynet status.yml
  113. ```
  114. ## Logging
  115. The crudest way is the status role described above. You can also ship
  116. logs to Logz.io, an Elastic stack (Elastic search, Logstash and Kibana)
  117. service provider. You can set up your nodes to log there automatically.
  118. Create an account and get your API key from the notes on [this
  119. page](https://app.logz.io/#/dashboard/data-sources/Filebeat), then:
  120. ```
  121. yum install systemd-devel || echo "This will only work on RHEL-based systems."
  122. apt-get install libsystemd-dev || echo "This will only work on Debian-based systems."
  123. go get github.com/mheese/journalbeat
  124. ansible-playbook -i inventory/digital_ocean.py -l sentrynet logzio.yml -e LOGZIO_TOKEN=ABCDEFGHIJKLMNOPQRSTUVWXYZ012345
  125. ```
  126. ## Cleanup
  127. To remove your droplets, run:
  128. ```
  129. terraform destroy -var DO_API_TOKEN="$DO_API_TOKEN" -var SSH_KEY_FILE="$SSH_KEY_FILE"
  130. ```