Note: you don't need the access key and secret key set, if you are running ansible on an Amazon AMI instance with the proper IAM permissions set.
## Running the playbook
## Running the playbooks
The playbook is locked down to only run if the environment variable `TF_VAR_TESTNET_NAME` is populated. This is a precaution so you don't accidentally run the playbook on all your servers.
The playbooks are locked down to only run if the environment variable `TF_VAR_TESTNET_NAME` is populated. This is a precaution so you don't accidentally run the playbook on all your servers.
The variable `TF_VAR_TESTNET_NAME` contains the testnet name which ansible translates into an ansible group. If you used Terraform to create the servers, it was the testnet name used there.
If the playbook cannot connect to the servers because of public key denial, your SSH Agent is not set up properly. Alternatively you can add the SSH key to ansible using the `--private-key` option.
If you need to connect to the nodes as root but your local username is different, use the ansible option `-u root` to tell ansible to connect to the servers and authenticate as the root user.
If you secured your server and you need to `sudo` for root access, use the the `-b` or `--become` option to tell ansible to sudo to root after connecting to the server. In the Terraform-DigitalOcean example, if you created the ec2-user (or if you are simply on Amazon AWS), you need to add the options `-u ec2-user -b` to ansible to tell it to connect as the ec2-user and then sudo to root to run the playbook.
By default ansible installs the tendermint and basecoin binary versions defined in its [default variables](#Default variables). If you build your own version of the binaries, you can tell ansible to install that instead.
By default ansible installs the tendermint, basecoin or ethermint binary versions defined in its [default variables](#Default variables). If you build your own version of the binaries, you can tell ansible to install that instead.
```
GOPATH="<yourgopath>"
go get -u github.com/tendermint/tendermint/cmd/tendermint
go get -u github.com/tendermint/basecoin/cmd/basecoin
go get -u github.com/tendermint/ethermint/cmd/basecoin
Alternatively you can change the variable settings in `group_vars/all`.
@ -168,22 +173,30 @@ Alternatively you can change the variable settings in `group_vars/all`.
There are few extra playbooks to make life easier managing your servers.
* install.yml - the all-in-one playbook to install and configure tendermint + basecoin
* reset.yml - stop the application, reset the configuration (blockchain), then start the application again
* stop.yml - stop the application
* start.yml - start the application
* restart.yml - restart the application
* install-tendermint-core.yml - Only install the tendermint application. This is only useful if you are developing your own ABCI.
* install-basecoin.yml - Install tendermint and basecoin applications.
* install-ethermint.yml - Install tendermint and ethermint applications.
* reset.yml - Stop the application, reset the configuration and data, then start the application again. You need to pass `-e service=<servicename>`, like `-e service=basecoin`. It will restart the underlying tendermint application too.
* restart.yml - Restart a service on all nodes. You need to pass `-e service=<servicename>`, like `-e service=basecoin`. It will restart the underlying tendermint application too.
* stop.yml - Stop the application. You need to pass `-e service=<servicename>`.
* start.yml - Start the application. You need to pass `-e service=<servicename>`.
* stop-basecoin.yml - Stop the basecoin and tendermint applications.
* start-basecoin.yml - Start the basecoin and tendermint applications.
* stop-ethermint.yml - Stop the ethermint and tendermint applications.
* start-ethermint.yml - Start the ethermint and tendermint applications.
The roles are self-sufficient under the `roles/` folder.
* install-tendermint - install the tendermint application. It can install release packages or custom-compiled binaries.
* install-basecoin - install the basecoin application. It can install release packages or custom-compiled binaries.
* cleanupconfig - delete all tendermint and basecoin configuration.
* config - configure tendermint and basecoin
* stop - stop the application.
* start - start the application.
* install-ethermint - install the ethermint application. It can install release packages or custom-compiled binaries.
* cleanupconfig - delete all tendermint configuration and data.
* config - configure the tendermint application
* stop - stop an application. Requires the `service` parameter set.
* start - start an application. Requires the `service` parameter set.
## Default variables
Default variables are documented under `group_vars/all`.
Default variables are documented under `group_vars/all`. You can the parameters there to deploy a previously created genesis.json file (instead of dynamically creating it) or if you want to deploy custom built binaries instead of deploying a released version.
## tendermint_log_file stores the path to the tendermint application log
##
#tendermint_log_file: /var/log/tendermint.log
## tendermint_genesis_file contains the path and filename to a previously generated genesis.json. If undefined, the json file is dynamically generated.
##
#tendermint_genesis_file: "<undefined>"
###
### Basecoin installation
###
@ -45,9 +49,9 @@
## Details of the linux user the basecoin app uses
##
#basecoin_user: basecoin
#basecoin_group: basecoin
#basecoin_home: /var/lib/basecoin
#basecoin_user: tendermint
#basecoin_group: tendermint
#basecoin_home: /etc/tendermint
## basecoin_log_file stores the path to the basecoin application log
DigitalOcean uses the root user by default on its droplets. This is fine as long as SSH keys are used. However some people still would like to disable root and use an alternative user to connect to the droplets - then `sudo` from there.
There is a way to do this with Terraform but it requires SSH agent running on the machine where terraform is run, with one of the SSH keys of the droplets added to the agent. (This will be neede for ansible too, so it's worth setting it up here. Check out the [ansible](https://github.com/tendermint/tools/tree/master/ansible) page for more information.)
After setting up the SSH key, uncomment the `provider` block under `cluster/main.tf` and run `terraform apply` to create your droplets. Terraform will create a user called `ec2-user` and move the SSH keys over, this way disabling SSH login for root. It also adds the `ec2-user` to the sudoers file, so after logging in as ec2-user you can `sudo` to `root`.
DigitalOcean announced firewalls but the current version of Terraform (0.9.6 as of this writing) does not support it yet. Fortunately it is quite easy to set it up through the web interface (and not that bad through the [RESTful API](https://developers.digitalocean.com/documentation/v2/#firewalls) either). When adding droplets to a firewall rule, you can add tags, so it's enough to define the testnet name. It is not necessary to add the nodes one-by-one. Also, the firewall rule "remembers" the testnet name tag so if you change the servers but keep the name, the firewall rules will still apply.
# What's next
After setting up the nodes, head over to the [ansible folder](https://github.com/tendermint/tools) to set up tendermint and basecoin.
After setting up the nodes, head over to the [ansible folder](https://github.com/tendermint/tools/tree/master/ansible) to set up tendermint and basecoin.