-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathTaskfile.yml
More file actions
319 lines (270 loc) · 9.58 KB
/
Taskfile.yml
File metadata and controls
319 lines (270 loc) · 9.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
version: "3"
vars:
TERRAFORM: "tofu"
TERRAFORM_DIR: ./terraform
ANSIBLE_DIR: ./ansible
SCRIPTS_DIR: "{{.ANSIBLE_DIR}}/scripts"
ROOT_SCRIPTS_DIR: "./scripts"
ANSIBLE_INVENTORY: "{{.ANSIBLE_DIR}}/inventory/hosts.yml"
ANSIBLE_PLAYBOOK: "{{.ANSIBLE_DIR}}/playbooks/provision.yml"
ANSIBLE_USER:
sh: |
if [ -n "${ANSIBLE_USER:-}" ]; then
printf '%s\n' "${ANSIBLE_USER}"
else
user_from_tf="$(cd {{.TERRAFORM_DIR}} >/dev/null 2>&1 && {{.TERRAFORM}} output -raw ansible_user 2>/dev/null || true)"
if [ -n "${user_from_tf}" ]; then
printf '%s\n' "${user_from_tf}"
else
printf '%s\n' "root"
fi
fi
tasks:
# OpenTofu (Infrastructure)
tf:init:
desc: Initialize Terraform
dir: "{{.TERRAFORM_DIR}}"
cmds:
- "{{.TERRAFORM}} init"
tf:plan:
desc: Plan Terraform changes
dir: "{{.TERRAFORM_DIR}}"
cmds:
- "{{.TERRAFORM}} plan"
tf:apply:
desc: Apply Terraform configuration
dir: "{{.TERRAFORM_DIR}}"
cmds:
- "{{.TERRAFORM}} apply -auto-approve"
tf:destroy:
desc: Destroy Terraform infrastructure
prompt: "Destroy Terraform infrastructure? Type yes to continue:"
dir: "{{.TERRAFORM_DIR}}"
cmds:
- "{{.TERRAFORM}} destroy"
tf:output:
desc: Show Terraform outputs
dir: "{{.TERRAFORM_DIR}}"
cmds:
- "{{.TERRAFORM}} output"
# Ansible (Playbooks & inventory)
ansible:inventory:generate:
desc: Generate Ansible inventory from Terraform outputs
cmds:
- "{{.SCRIPTS_DIR}}/generate-ansible-inventory.sh"
ansible:inventory:show:
desc: Display current Ansible inventory
cmds:
- cat "{{.ANSIBLE_INVENTORY}}"
ansible:inventory:ping:
desc: Test Ansible connectivity to hosts
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible eth-validator-vm -i inventory/hosts.yml -m ping
ansible:bootstrap:
desc: Bootstrap fresh VM (run FIRST on new VM)
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/bootstrap_vm.yml -i inventory/hosts.yml
ansible:bootstrap-check:
desc: Run bootstrap playbook in check mode
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/bootstrap_vm.yml -i inventory/hosts.yml --check
ansible:deploy:
desc: Deploy Ethereum validator (main deployment)
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/deploy_validator.yml -i inventory/hosts.yml
ansible:logs:
desc: Tail local Ansible log output
cmds:
- tail -f /tmp/ansible.log
ansible:deploy-check:
desc: Run deployment playbook in check mode
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/deploy_validator.yml -i inventory/hosts.yml --check
ansible:deploy-verbose:
desc: Run deployment with verbose output
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/deploy_validator.yml -i inventory/hosts.yml -vvv
ansible:deploy-tags:
desc: Run deployment with specific tags (usage - task ansible:deploy-tags -- TAG={setup, nethermind, nimbus or services })
dir: "{{.ANSIBLE_DIR}}"
vars:
CLI_TAG: '{{join " " .CLI_ARGS}}'
cmds:
- |
set +x
TAG_VALUE="{{.TAG}}"
if [ -z "$TAG_VALUE" ] && [ -n "${TAG:-}" ]; then
TAG_VALUE="${TAG}"
fi
if [ -z "$TAG_VALUE" ] && [ -n "{{.CLI_TAG}}" ]; then
TAG_VALUE="{{.CLI_TAG}}"
fi
if [ -z "$TAG_VALUE" ]; then
echo "Error: TAG variable required. Example: task ansible:deploy-tags -- TAG=nimbus"
exit 1
fi
set -x
ansible-playbook playbooks/deploy_validator.yml -i inventory/hosts.yml --tags "$TAG_VALUE"
ansible:start:
desc: Start validator services
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/start_services.yml -i inventory/hosts.yml
ansible:stop:
desc: Stop validator services
prompt: "Stop validator services? (yes/no)"
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/stop_services.yml -i inventory/hosts.yml
ansible:restart:
desc: Gracefully restart validator services (stop → start with health checks)
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/restart_services.yml -i inventory/hosts.yml
ansible:update-validator:
desc: Update validator service configuration (graffiti, fee recipient, etc.)
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/update_validator_config.yml -i inventory/hosts.yml
ansible:validate:
desc: Validate deployment and check validator health
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/validate.yml -i inventory/hosts.yml
ansible:kms-setup:
desc: Setup KMS-encrypted key infrastructure
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/setup_kms_keys.yml -i inventory/hosts.yml
ansible:kms-setup-check:
desc: Run KMS setup playbook in check mode
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/setup_kms_keys.yml -i inventory/hosts.yml --check
ansible:staking-deposit:
desc: Install EthStaker deposit-cli and generate validator mnemonic
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/setup_deposit_cli.yml -i inventory/hosts.yml
ansible:upload-keys:
desc: Encrypt and upload validator keys to GCS (run after key generation)
dir: "{{.ANSIBLE_DIR}}"
cmds:
- ansible-playbook playbooks/upload_validator_keys.yml -i inventory/hosts.yml
ansible:upload-passwords:
desc: Encrypt and upload keystore passwords to GCS
cmds:
- "{{.SCRIPTS_DIR}}/upload-keystore-password.sh"
# Project scripts
scripts:provision:
desc: Run local provisioning helper script
cmds:
- "{{.ROOT_SCRIPTS_DIR}}/provision.sh"
scripts:check-health:
desc: Check validator health via helper script
cmds:
- "{{.ROOT_SCRIPTS_DIR}}/check-health.sh"
scripts:start-validator:
desc: Start validator using helper script
cmds:
- "{{.ROOT_SCRIPTS_DIR}}/start-validator.sh"
# Validator (Service orchestration)
validator:start:
desc: Start validator services via Ansible
cmds:
- task: ansible:start
validator:stop:
desc: Stop validator services via Ansible
prompt: "Stop validator services on the remote host? (yes/no)"
cmds:
- task: ansible:stop
validator:restart:
desc: Restart validator services via Ansible
cmds:
- task: ansible:restart
validator:upload-keys:
desc: Encrypt and upload validator keys to GCS
cmds:
- task: ansible:upload-keys
validator:deploy:infra:
desc: Provision Terraform infrastructure (init → plan → apply)
cmds:
- task: tf:init
- task: tf:plan
- task: tf:apply
validator:deploy:bootstrap:
desc: Generate inventory and bootstrap validator VM
cmds:
- task: ansible:inventory:generate
- task: ansible:bootstrap
validator:deploy:services:
desc: Deploy Ethereum validator services
cmds:
- task: ansible:deploy
validator:deploy:keys:
desc: Generate keys, encrypt with KMS, upload to GCS (with passwords), and reload validator
cmds:
- task: ansible:staking-deposit
- task: ansible:upload-keys
- task: ansible:upload-passwords
- task: ansible:kms-setup
- task: ansible:deploy-tags
vars: { TAG: "nimbus" }
- task: ansible:restart
validator:deploy:finalize:
desc: Run post-deployment validation checks
cmds:
- task: ansible:validate
validator:logs-execution:
desc: Stream execution client (Nethermind) logs
cmds:
- ssh {{.ANSIBLE_USER}}@$(cd {{.TERRAFORM_DIR}} && tofu output -raw vm_external_ip) 'sudo journalctl -fu execution'
validator:logs-consensus:
desc: Stream consensus client (Nimbus) logs
cmds:
- ssh {{.ANSIBLE_USER}}@$(cd {{.TERRAFORM_DIR}} && tofu output -raw vm_external_ip) 'sudo journalctl -fu consensus'
validator:logs:
desc: Stream validator client logs
cmds:
- ssh {{.ANSIBLE_USER}}@$(cd {{.TERRAFORM_DIR}} && tofu output -raw vm_external_ip) 'sudo journalctl -fu validator'
validator:logs-all:
desc: Stream combined validator service logs (execution, consensus, validator)
cmds:
- ssh {{.ANSIBLE_USER}}@$(cd {{.TERRAFORM_DIR}} && tofu output -raw vm_external_ip) 'sudo journalctl -u execution -u consensus -u validator -f'
validator:logs-error:
desc: Search for errors in validator service logs (last 1 hour)
cmds:
- ssh {{.ANSIBLE_USER}}@$(cd {{.TERRAFORM_DIR}} && tofu output -raw vm_external_ip) 'sudo journalctl -u execution -u consensus -u validator --since "1 hour ago" | grep -i error'
validator:deploy:all:
desc: Provision infra, configure validator, upload keys, reload validator, and validate
cmds:
- task: validator:deploy:infra
- task: validator:deploy:bootstrap
- task: validator:deploy:services
- task: validator:deploy:keys
- task: validator:deploy:finalize
# Management (Server: Access, logs, cleanup)
vm:ssh:
desc: SSH into the validator VM
cmds:
- ssh {{.ANSIBLE_USER}}@$(cd {{.TERRAFORM_DIR}} && tofu output -raw vm_external_ip)
vm:logs:kms:
desc: Stream KMS key decryption/cleanup logs
cmds:
- ssh {{.ANSIBLE_USER}}@$(cd {{.TERRAFORM_DIR}} && tofu output -raw vm_external_ip) 'sudo journalctl -t validator-keys -f'
vm:clean:
desc: Remove generated inventory backups and temporary data
cmds:
- find {{.ANSIBLE_DIR}}/inventory -name "*.backup.*" -type f -delete
- echo "Cleaned up inventory backups"
# Help
default:
desc: Show available tasks
cmds:
- task --list