zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3983 Commits
183 Branches
291 MiB
Tree: c793a72ac5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c793a72ac5'
${ noResults }
tendermint/docs/terraform-and-ansible.md

147 lines
5.6 KiB
Raw Normal View History

moar
7 years ago
style fixes/typos/etc from PR review
7 years ago
moar
7 years ago
Switch ports 466xx to 266xx (#1735) * Switch ports 466xx to be 266xx This is done so the default ports aren't in the linux kernel's default ephemeral port range. * Update ABCI import * Bump cache on circleci * Get more verbose output for debugging * Bump abci dependency * Fix accidental change of a block header's hash * pin abci release
7 years ago
moar
7 years ago
Switch ports 466xx to 266xx (#1735) * Switch ports 466xx to be 266xx This is done so the default ports aren't in the linux kernel's default ephemeral port range. * Update ABCI import * Bump cache on circleci * Get more verbose output for debugging * Bump abci dependency * Fix accidental change of a block header's hash * pin abci release
7 years ago
moar
7 years ago
 
  1. # Terraform & Ansible

  2. 

  3. Automated deployments are done using
  4. [Terraform](https://www.terraform.io/) to create servers on Digital
  5. Ocean then [Ansible](http://www.ansible.com/) to create and manage
  6. testnets on those servers.
  7. 

  8. ## Install

  9. 

  10. NOTE: see the [integration bash
  11. script](https://github.com/tendermint/tendermint/blob/develop/networks/remote/integration.sh)
  12. that can be run on a fresh DO droplet and will automatically spin up a 4
  13. node testnet. The script more or less does everything described below.
  14. 

  15. -   Install [Terraform](https://www.terraform.io/downloads.html) and
  16.     [Ansible](http://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html)
  17.     on a Linux machine.
  18. -   Create a [DigitalOcean API
  19.     token](https://cloud.digitalocean.com/settings/api/tokens) with read
  20.     and write capability.
  21. -   Install the python dopy package (`pip install dopy`)
  22. -   Create SSH keys (`ssh-keygen`)
  23. -   Set environment variables:
  24. 

  25. ```    
  26. export DO_API_TOKEN="abcdef01234567890abcdef01234567890"
  27. export SSH_KEY_FILE="$HOME/.ssh/id_rsa.pub"
  28. ```
  29. 

  30. These will be used by both `terraform` and `ansible`.
  31. 

  32. ### Terraform

  33. 

  34. This step will create four Digital Ocean droplets. First, go to the
  35. correct directory:
  36. 

  37.     cd $GOPATH/src/github.com/tendermint/tendermint/networks/remote/terraform
  38. 

  39. then:
  40. 

  41.     terraform init
  42.     terraform apply -var DO_API_TOKEN="$DO_API_TOKEN" -var SSH_KEY_FILE="$SSH_KEY_FILE"
  43. 

  44. and you will get a list of IP addresses that belong to your droplets.
  45. 

  46. With the droplets created and running, let's setup Ansible.
  47. 

  48. ### Ansible

  49. 

  50. The playbooks in [the ansible
  51. directory](https://github.com/tendermint/tendermint/tree/master/networks/remote/ansible)
  52. run ansible roles to configure the sentry node architecture. You must
  53. switch to this directory to run ansible
  54. (`cd $GOPATH/src/github.com/tendermint/tendermint/networks/remote/ansible`).
  55. 

  56. There are several roles that are self-explanatory:
  57. 

  58. First, we configure our droplets by specifying the paths for tendermint
  59. (`BINARY`) and the node files (`CONFIGDIR`). The latter expects any
  60. number of directories named `node0, node1, ...` and so on (equal to the
  61. number of droplets created). For this example, we use pre-created files
  62. from [this
  63. directory](https://github.com/tendermint/tendermint/tree/master/docs/examples).
  64. To create your own files, use either the `tendermint testnet` command or
  65. review [manual deployments](./deploy-testnets.md).
  66. 

  67. Here's the command to run:
  68. 

  69.     ansible-playbook -i inventory/digital_ocean.py -l sentrynet config.yml -e BINARY=$GOPATH/src/github.com/tendermint/tendermint/build/tendermint -e CONFIGDIR=$GOPATH/src/github.com/tendermint/tendermint/docs/examples
  70. 

  71. Voila! All your droplets now have the `tendermint` binary and required
  72. configuration files to run a testnet.
  73. 

  74. Next, we run the install role:
  75. 

  76.     ansible-playbook -i inventory/digital_ocean.py -l sentrynet install.yml
  77. 

  78. which as you'll see below, executes
  79. `tendermint node --proxy_app=kvstore` on all droplets. Although we'll
  80. soon be modifying this role and running it again, this first execution
  81. allows us to get each `node_info.id` that corresponds to each
  82. `node_info.listen_addr`. (This part will be automated in the future). In
  83. your browser (or using `curl`), for every droplet, go to IP:26657/status
  84. and note the two just mentioned `node_info` fields. Notice that blocks
  85. aren't being created (`latest_block_height` should be zero and not
  86. increasing).
  87. 

  88. Next, open `roles/install/templates/systemd.service.j2` and look for the
  89. line `ExecStart` which should look something like:
  90. 

  91.     ExecStart=/usr/bin/tendermint node --proxy_app=kvstore
  92. 

  93. and add the `--p2p.persistent_peers` flag with the relevant information
  94. for each node. The resulting file should look something like:
  95. 

  96.     [Unit]
  97.     Description={{service}}
  98.     Requires=network-online.target
  99.     After=network-online.target
  100. 

  101.     [Service]
  102.     Restart=on-failure
  103.     User={{service}}
  104.     Group={{service}}
  105.     PermissionsStartOnly=true
  106.     ExecStart=/usr/bin/tendermint node --proxy_app=kvstore --p2p.persistent_peers=167b80242c300bf0ccfb3ced3dec60dc2a81776e@165.227.41.206:26656,3c7a5920811550c04bf7a0b2f1e02ab52317b5e6@165.227.43.146:26656,303a1a4312c30525c99ba66522dd81cca56a361a@159.89.115.32:26656,b686c2a7f4b1b46dca96af3a0f31a6a7beae0be4@159.89.119.125:26656
  107.     ExecReload=/bin/kill -HUP $MAINPID
  108.     KillSignal=SIGTERM
  109. 

  110.     [Install]
  111.     WantedBy=multi-user.target
  112. 

  113. Then, stop the nodes:
  114. 

  115.     ansible-playbook -i inventory/digital_ocean.py -l sentrynet stop.yml
  116. 

  117. Finally, we run the install role again:
  118. 

  119.     ansible-playbook -i inventory/digital_ocean.py -l sentrynet install.yml
  120. 

  121. to re-run `tendermint node` with the new flag, on all droplets. The
  122. `latest_block_hash` should now be changing and `latest_block_height`
  123. increasing. Your testnet is now up and running :)
  124. 

  125. Peek at the logs with the status role:
  126. 

  127.     ansible-playbook -i inventory/digital_ocean.py -l sentrynet status.yml
  128. 

  129. ### Logging

  130. 

  131. The crudest way is the status role described above. You can also ship
  132. logs to Logz.io, an Elastic stack (Elastic search, Logstash and Kibana)
  133. service provider. You can set up your nodes to log there automatically.
  134. Create an account and get your API key from the notes on [this
  135. page](https://app.logz.io/#/dashboard/data-sources/Filebeat), then:
  136. 

  137.     yum install systemd-devel || echo "This will only work on RHEL-based systems."
  138.     apt-get install libsystemd-dev || echo "This will only work on Debian-based systems."
  139. 

  140.     go get github.com/mheese/journalbeat
  141.     ansible-playbook -i inventory/digital_ocean.py -l sentrynet logzio.yml -e LOGZIO_TOKEN=ABCDEFGHIJKLMNOPQRSTUVWXYZ012345
  142. 

  143. ### Cleanup

  144. 

  145. To remove your droplets, run:
  146. 

  147.     terraform destroy -var DO_API_TOKEN="$DO_API_TOKEN" -var SSH_KEY_FILE="$SSH_KEY_FILE"