From 57c0c805c7a90906ce18b584c02154d3065b5cd0 Mon Sep 17 00:00:00 2001 From: Hector Sanjuan Date: Tue, 30 Jul 2019 15:49:18 +0200 Subject: [PATCH] Ansible moved to protocol/bifrost-infra We will re-publish public ansible roles once they have been tested and correctly reviewed. --- .gitmodules | 3 - ansible/README.md | 69 ---------------- ansible/bootstrappers.yml | 16 ---- ansible/bootstrappers_initial_ssh_keys.yml | 7 -- ansible/gateways.yml | 13 ---- ansible/gateways_deploy_ipfs_bin.yml | 6 -- .../bootstrappers/group_vars/all.yml | 78 ------------------- .../host_vars/earth.i.ipfs.io.yml | 5 -- .../host_vars/mercury.i.ipfs.io.yml | 5 -- .../host_vars/neptune.i.ipfs.io.yml | 5 -- .../host_vars/pluto.i.ipfs.io.yml | 5 -- .../host_vars/saturn.i.ipfs.io.yml | 7 -- .../host_vars/uranus.i.ipfs.io.yml | 5 -- .../host_vars/venus.i.ipfs.io.yml | 5 -- ansible/inventories/bootstrappers/hosts | 20 ----- .../inventories/gateways/group_vars/all.yml | 18 ----- .../gateway-bank2-mrs1.dwebops.net.yml | 1 - ansible/inventories/gateways/hosts | 21 ----- ansible/inventories/gateways/hosts-stage | 2 - .../inventories/preloaders/group_vars/all.yml | 13 ---- .../host_vars/node0.preload.ipfs.io.yml | 1 - .../host_vars/node1.preload.ipfs.io.yml | 2 - ansible/inventories/preloaders/hosts | 3 - ansible/preloaders.yml | 19 ----- ansible/roles/geerlingguy.docker | 1 - .../go-ipfs-deploy-bin/files/etc/rsyslog.conf | 16 ---- .../files/etc/rsyslog.d/42-ipfs.conf | 6 -- .../go-ipfs-deploy-bin/handlers/main.yml | 11 --- .../roles/go-ipfs-deploy-bin/tasks/build.yml | 34 -------- .../go-ipfs-deploy-bin/tasks/logging.yml | 41 ---------- .../roles/go-ipfs-deploy-bin/tasks/main.yml | 31 -------- .../templates/etc/logrotate.d/ipfs.j2 | 7 -- .../etc/systemd/system/ipfs.service.j2 | 19 ----- .../files/dockerfiles/Dockerfile | 6 -- .../files/dockerfiles/container_daemon | 74 ------------------ .../go-ipfs-deploy-docker/tasks/build.yml | 34 -------- .../go-ipfs-deploy-docker/tasks/main.yml | 57 -------------- .../netdata_conf_gateways/files/web_log.conf | 10 --- .../netdata_conf_gateways/handlers/main.yml | 5 -- .../netdata_conf_gateways/tasks/main.yml | 11 --- .../files/conf.d/0-ssl.conf | 51 ------------ .../files/conf.d/1-ws-upstream.conf | 3 - .../nginx_conf_bootstrappers/files/nginx.conf | 71 ----------------- .../sites-enabled/1-libp2p-websocket.conf | 11 --- .../handlers/main.yml | 5 -- .../nginx_conf_bootstrappers/tasks/main.yml | 6 -- .../tasks/nginx_conf.yml | 41 ---------- .../tasks/nginx_docker.yml | 22 ------ .../templates/1-libp2p.conf.j2 | 21 ----- .../nginx_conf_bootstrappers/vars/vars.yml | 8 -- .../nginx_conf_gateways/handlers/main.yml | 5 -- .../roles/nginx_conf_gateways/tasks/main.yml | 15 ---- .../files/conf.d/node-exporter-upstream.conf | 4 - .../files/sites-enabled/1-node-exporter.conf | 21 ----- ansible/roles/node_exporter/tasks/main.yml | 16 ---- ansible/roles/node_exporter/tasks/nginx.yml | 21 ----- .../roles/python-dependencies/tasks/main.yml | 10 --- .../roles/ssh-keys/files/public_keys/gmasgras | 1 - .../roles/ssh-keys/files/public_keys/kubuxu | 1 - .../roles/ssh-keys/files/public_keys/mburns | 1 - .../roles/ssh-keys/files/public_keys/protocol | 1 - .../roles/ssh-keys/files/public_keys/raulk | 1 - .../roles/ssh-keys/files/public_keys/sanjuan | 1 - .../roles/ssh-keys/files/public_keys/stongo | 1 - ansible/roles/ssh-keys/files/public_keys/vyzo | 1 - ansible/roles/ssh-keys/tasks/main.yml | 20 ----- 66 files changed, 1051 deletions(-) delete mode 100644 ansible/README.md delete mode 100644 ansible/bootstrappers.yml delete mode 100644 ansible/bootstrappers_initial_ssh_keys.yml delete mode 100644 ansible/gateways.yml delete mode 100644 ansible/gateways_deploy_ipfs_bin.yml delete mode 100644 ansible/inventories/bootstrappers/group_vars/all.yml delete mode 100644 ansible/inventories/bootstrappers/host_vars/earth.i.ipfs.io.yml delete mode 100644 ansible/inventories/bootstrappers/host_vars/mercury.i.ipfs.io.yml delete mode 100644 ansible/inventories/bootstrappers/host_vars/neptune.i.ipfs.io.yml delete mode 100644 ansible/inventories/bootstrappers/host_vars/pluto.i.ipfs.io.yml delete mode 100644 ansible/inventories/bootstrappers/host_vars/saturn.i.ipfs.io.yml delete mode 100644 ansible/inventories/bootstrappers/host_vars/uranus.i.ipfs.io.yml delete mode 100644 ansible/inventories/bootstrappers/host_vars/venus.i.ipfs.io.yml delete mode 100644 ansible/inventories/bootstrappers/hosts delete mode 100644 ansible/inventories/gateways/group_vars/all.yml delete mode 100644 ansible/inventories/gateways/host_vars/gateway-bank2-mrs1.dwebops.net.yml delete mode 100644 ansible/inventories/gateways/hosts delete mode 100644 ansible/inventories/gateways/hosts-stage delete mode 100644 ansible/inventories/preloaders/group_vars/all.yml delete mode 100644 ansible/inventories/preloaders/host_vars/node0.preload.ipfs.io.yml delete mode 100644 ansible/inventories/preloaders/host_vars/node1.preload.ipfs.io.yml delete mode 100644 ansible/inventories/preloaders/hosts delete mode 100644 ansible/preloaders.yml delete mode 160000 ansible/roles/geerlingguy.docker delete mode 100644 ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.conf delete mode 100644 ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.d/42-ipfs.conf delete mode 100644 ansible/roles/go-ipfs-deploy-bin/handlers/main.yml delete mode 100644 ansible/roles/go-ipfs-deploy-bin/tasks/build.yml delete mode 100644 ansible/roles/go-ipfs-deploy-bin/tasks/logging.yml delete mode 100644 ansible/roles/go-ipfs-deploy-bin/tasks/main.yml delete mode 100644 ansible/roles/go-ipfs-deploy-bin/templates/etc/logrotate.d/ipfs.j2 delete mode 100644 ansible/roles/go-ipfs-deploy-bin/templates/etc/systemd/system/ipfs.service.j2 delete mode 100644 ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/Dockerfile delete mode 100755 ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/container_daemon delete mode 100644 ansible/roles/go-ipfs-deploy-docker/tasks/build.yml delete mode 100644 ansible/roles/go-ipfs-deploy-docker/tasks/main.yml delete mode 100644 ansible/roles/netdata_conf_gateways/files/web_log.conf delete mode 100644 ansible/roles/netdata_conf_gateways/handlers/main.yml delete mode 100644 ansible/roles/netdata_conf_gateways/tasks/main.yml delete mode 100644 ansible/roles/nginx_conf_bootstrappers/files/conf.d/0-ssl.conf delete mode 100644 ansible/roles/nginx_conf_bootstrappers/files/conf.d/1-ws-upstream.conf delete mode 100644 ansible/roles/nginx_conf_bootstrappers/files/nginx.conf delete mode 100644 ansible/roles/nginx_conf_bootstrappers/files/sites-enabled/1-libp2p-websocket.conf delete mode 100644 ansible/roles/nginx_conf_bootstrappers/handlers/main.yml delete mode 100644 ansible/roles/nginx_conf_bootstrappers/tasks/main.yml delete mode 100644 ansible/roles/nginx_conf_bootstrappers/tasks/nginx_conf.yml delete mode 100644 ansible/roles/nginx_conf_bootstrappers/tasks/nginx_docker.yml delete mode 100644 ansible/roles/nginx_conf_bootstrappers/templates/1-libp2p.conf.j2 delete mode 100644 ansible/roles/nginx_conf_bootstrappers/vars/vars.yml delete mode 100644 ansible/roles/nginx_conf_gateways/handlers/main.yml delete mode 100644 ansible/roles/nginx_conf_gateways/tasks/main.yml delete mode 100644 ansible/roles/node_exporter/files/conf.d/node-exporter-upstream.conf delete mode 100644 ansible/roles/node_exporter/files/sites-enabled/1-node-exporter.conf delete mode 100644 ansible/roles/node_exporter/tasks/main.yml delete mode 100644 ansible/roles/node_exporter/tasks/nginx.yml delete mode 100644 ansible/roles/python-dependencies/tasks/main.yml delete mode 100644 ansible/roles/ssh-keys/files/public_keys/gmasgras delete mode 100644 ansible/roles/ssh-keys/files/public_keys/kubuxu delete mode 100644 ansible/roles/ssh-keys/files/public_keys/mburns delete mode 100644 ansible/roles/ssh-keys/files/public_keys/protocol delete mode 100644 ansible/roles/ssh-keys/files/public_keys/raulk delete mode 100644 ansible/roles/ssh-keys/files/public_keys/sanjuan delete mode 100644 ansible/roles/ssh-keys/files/public_keys/stongo delete mode 100644 ansible/roles/ssh-keys/files/public_keys/vyzo delete mode 100644 ansible/roles/ssh-keys/tasks/main.yml diff --git a/.gitmodules b/.gitmodules index 1e3c6df..56ffd68 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1,6 +1,3 @@ [submodule "secrets_secure"] path = secrets_secure url = git@github.com:protocol/infrastructure-secrets.git -[submodule "ansible/roles/geerlingguy.docker"] - path = ansible/roles/geerlingguy.docker - url = git@github.com:geerlingguy/ansible-role-docker.git diff --git a/ansible/README.md b/ansible/README.md deleted file mode 100644 index 3f23e95..0000000 --- a/ansible/README.md +++ /dev/null @@ -1,69 +0,0 @@ -# Manage IPFS Infrastructure with Ansible - -This repository contains the Ansible playbooks and roles for managing IPFS infrastructure: bootstrappers, gateways, preloaders. - -## Getting Started - -We use ansible >=2.8.0 which can be installed via `brew` in OSX or any Linux distro's package manger. - - -## Usage - -Ansible can be used to run one-off (ad-hoc) modules or to run entire playbooks (collections of inventories and roles). - -### Running ad-hoc commands - -To get the number of container restarts from all bootstrap hosts in the inventory by runnning an one-off command: - -```shell -# -b to run the command via sudo. -u ubuntu specifies the user on the remote host -cd ansible -ansible -i inventories/bootstrappers/hosts bootstrappers -m shell -a "docker inspect go-ipfs | grep RestartCount" -u ubuntu -b -``` - -### Running playbooks - -#### Playbooks - -Playbooks are YML files defining what roles to run on a group of hosts. - -```shell -# bootstrappers.yml ---- -- hosts: bootstrappers - become: yes - remote_user: "{{ deploy_user }}" - roles: - - role: ssh-keys - ssh_user: "{{ deploy_user }}" - - role: geerlingguy.docker - docker_install_compose: false - - role: python-dependencies - - role: nginx_conf_bootstrappers - - role: node_exporter - version: "v0.18.1" - - role: go-ipfs-deploy-docker - vars_files: - - ../secrets_secure/vault.yml -``` - -#### Variables and secrets -Variables that apply to all hosts in an inventory are stored in `inventories//group_vars/all.yml` while host-specific vars should go in `inventories//hosts_vars/hostname.fqdn.yml` - - -Secrets are stored in `secrets_secure/vault.yml` which is basically an encrypted YAML file containing var definitions. The vault file needs to be specified in the playbook definition under `var_files` in order for Ansible to read variables from it. A vault password also needs to be specified at run-time either via `--vault-password-file` or `--ask-vault-pass`. - -In order to edit the vault, run: `ansible-vault edit secrets_secure/vault.yml` - -The password can be found in 1Password under `Ansible vault password` - - -To run an entire playbook on all hosts in a group: -```shell -ansible-playbook -i inventories/bootstrappers/hosts -v --vault-password-file=./vault_password bootstrappers.yml -``` - -Use `--limit hostname.fqdn` to run an entire playbook on a specific host in a group: -```shell -ansible-playbook -i inventories/bootstrappers/hosts -v --vault-password-file=./vault_password --limit neptune.i.ipfs.io bootstrappers.yml -``` diff --git a/ansible/bootstrappers.yml b/ansible/bootstrappers.yml deleted file mode 100644 index 4551578..0000000 --- a/ansible/bootstrappers.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- hosts: bootstrappers - become: yes - remote_user: "{{ deploy_user }}" - roles: - - role: ssh-keys - ssh_user: "{{ deploy_user }}" - - role: geerlingguy.docker - docker_install_compose: false - - role: python-dependencies - - role: nginx_conf_bootstrappers - - role: node_exporter - version: "v0.18.1" - - role: go-ipfs-deploy-docker - vars_files: - - ../secrets_secure/vault.yml diff --git a/ansible/bootstrappers_initial_ssh_keys.yml b/ansible/bootstrappers_initial_ssh_keys.yml deleted file mode 100644 index c2430ec..0000000 --- a/ansible/bootstrappers_initial_ssh_keys.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -- hosts: bootstrappers - become: false - remote_user: root - roles: - - role: ssh-keys - ssh_user: "{{ deploy_user }}" diff --git a/ansible/gateways.yml b/ansible/gateways.yml deleted file mode 100644 index b2ef86f..0000000 --- a/ansible/gateways.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -- hosts: gateways - become: false - roles: - - role: ssh-keys - ssh_user: "{{ deploy_user }}" - - role: nginx_conf_gateways - - role: python-dependencies - - role: geerlingguy.docker - docker_install_compose: false - - role: netdata_conf_gateways - vars_files: - - ../secrets_secure/vault.yml diff --git a/ansible/gateways_deploy_ipfs_bin.yml b/ansible/gateways_deploy_ipfs_bin.yml deleted file mode 100644 index 177cfe7..0000000 --- a/ansible/gateways_deploy_ipfs_bin.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- hosts: gateways - become: false - serial: 2 - roles: - - role: go-ipfs-deploy-bin diff --git a/ansible/inventories/bootstrappers/group_vars/all.yml b/ansible/inventories/bootstrappers/group_vars/all.yml deleted file mode 100644 index 3803bdf..0000000 --- a/ansible/inventories/bootstrappers/group_vars/all.yml +++ /dev/null @@ -1,78 +0,0 @@ ---- -ansible_connection: ssh -deploy_user: ubuntu -ansible_python_interpreter: "/usr/bin/python3" - -go_ipfs_version: "8d9728" -#go_ipfs_version: "ad030d" - -go_ipfs_dir: "/ipfs/ipfs_docker" -go_ipfs_repo: "{{ go_ipfs_dir }}/repo" - -go_ipfs_env: - # IPFS_CONFIG_Swarm_ConnMgr_Type: "basic" - # IPFS_CONFIG_Reprovider_Interval: "\"0\"" #needs to be a quoted string - # IPFS_CONFIG_Swarm_ConnMgr_HighWater: "2000" - # IPFS_CONFIG_Swarm_ConnMgr_GracePeriod: "49s" - IPFS_CONFIG_Identity_PrivKey: "{{ ipfs_private_key }}" - IPFS_CONFIG_Identity_PeerID: "{{ ipfs_peer_id }}" - #IPFS_CONFIG_Addresses_API: "/ip4/0.0.0.0/tcp/5001" - IPFS_CONFIG_Addresses_Swarm: | - [ - /ip4/0.0.0.0/tcp/4001, - /ip6/::/tcp/4001, - /ip4/127.0.0.1/tcp/8081/ws - ] - IPFS_CONFIG_Swarm_AddrFilters: | - [ - /ip6/fc98:424c:b433:d7e2:7ee3:9541:73ff:2cdb/ipcidr/128, - /ip6/fce3:c53b:c3c5:2f54:8bb0:b6d9:898e:f140/ipcidr/128, - /ip6/fcfe:eab4:e49c:940f:8b29:35a4:8ea8:b01a/ipcidr/128, - /ip6/fc4e:5427:3cd0:cc4c:4770:25bb:a682:d06c/ipcidr/128, - /ip6/fc3d:9a4e:3c96:2fd2:1afa:18fe:8dd2:b602/ipcidr/128, - /ip6/fcd8:a4e5:3af7:557e:72e5:f9d1:a599:e329/ipcidr/128, - /ip6/fc29:9fda:3b73:c1d2:9302:31e3:964c:144c/ipcidr/128, - /ip6/fcdf:a296:afe3:7118:4135:cc0b:ff92:4585/ipcidr/128, - /ip6/fc15:e5a1:3c3:4262:d27a:9435:10ff:2e7a/ipcidr/128, - /ip6/fc8f:dcbf:74b9:b3b9:5305:7816:89ac:53f3/ipcidr/128, - /ip6/fce5:18b5:e3c6:ad87:465d:c4f7:ac7f:6aad/ipcidr/128, - /ip6/fc17:1cec:c39d:dbc2:9e3c:25ef:62de:9ade/ipcidr/128, - /ip6/fc8e:8f5c:fb22:15ca:3159:db43:68c7:09da/ipcidr/128, - /ip6/fcff:8b53:1616:7ba7:335b:d1c2:12de:8b4c/ipcidr/128, - /ip6/fc0e:8abd:c19c:9bbb:9b96:b293:b823:f00a/ipcidr/128, - /ip4/10.0.0.0/ipcidr/8, - /ip4/100.64.0.0/ipcidr/10, - /ip4/169.254.0.0/ipcidr/16, - /ip4/172.16.0.0/ipcidr/12, - /ip4/192.0.0.0/ipcidr/24, - /ip4/192.0.0.0/ipcidr/29, - /ip4/192.0.0.8/ipcidr/32, - /ip4/192.0.0.170/ipcidr/32, - /ip4/192.0.0.171/ipcidr/32, - /ip4/192.0.2.0/ipcidr/24, - /ip4/192.168.0.0/ipcidr/16, - /ip4/198.18.0.0/ipcidr/15, - /ip4/198.51.100.0/ipcidr/24, - /ip4/203.0.113.0/ipcidr/24, - /ip4/240.0.0.0/ipcidr/4 - ] - IPFS_CONFIG_Datastore_BloomFilterSize: "524288" - IPFS_CONFIG_Datastore_StorageGCWatermark: "90" - IPFS_CONFIG_Datastore_StorageMax: "60G" - IPFS_CONFIG_Discovery_MDNS_Enabled: "false" - IPFS_CONFIG_Ipns_ResolveCacheSize: "0" - IPFS_CONFIG_Reprovider_Interval: "" - IPFS_CONFIG_Reprovider_Strategy: "" - IPFS_CONFIG_Swarm_ConnMgr_GracePeriod: "1m" - IPFS_CONFIG_Swarm_ConnMgr_LowWater: "1500" - IPFS_CONFIG_Swarm_ConnMgr_HighWater: "2000" - IPFS_CONFIG_Swarm_DisableNatPortMap: "true" - IPFS_CONFIG_Swarm_EnableRelayHop: "false" - IPFS_CONFIG_Swarm_EnableAutoNATService: "true" - IPFS_CONFIG_Swarm_EnableAutoRelay: "false" - IPFS_LOGGING: ERROR - IPFS_PATH: /data/ipfs - -go_ipfs_cmd: "daemon --enable-gc --enable-pubsub-experiment --enable-namesys-pubsub --migrate=true" - -#go_ipfs_doker_options: diff --git a/ansible/inventories/bootstrappers/host_vars/earth.i.ipfs.io.yml b/ansible/inventories/bootstrappers/host_vars/earth.i.ipfs.io.yml deleted file mode 100644 index e67c854..0000000 --- a/ansible/inventories/bootstrappers/host_vars/earth.i.ipfs.io.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -ipfs_private_key: "{{ vault_earth_ipfs_private_key }}" -ipfs_peer_id: "QmSoLer265NRgSp2LA3dPaeykiS1J6DifTC88f5uVQKNAd" - -libp2p_fqdn: ams-1.bootstrap.libp2p.io diff --git a/ansible/inventories/bootstrappers/host_vars/mercury.i.ipfs.io.yml b/ansible/inventories/bootstrappers/host_vars/mercury.i.ipfs.io.yml deleted file mode 100644 index bae58ed..0000000 --- a/ansible/inventories/bootstrappers/host_vars/mercury.i.ipfs.io.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -ipfs_private_key: "{{ vault_mercury_ipfs_private_key }}" -ipfs_peer_id: "QmSoLMeWqB7YGVLJN3pNLQpmmEk35v6wYtsMGLzSr5QBU3" - -libp2p_fqdn: lon-1.bootstrap.libp2p.io diff --git a/ansible/inventories/bootstrappers/host_vars/neptune.i.ipfs.io.yml b/ansible/inventories/bootstrappers/host_vars/neptune.i.ipfs.io.yml deleted file mode 100644 index cd11d8c..0000000 --- a/ansible/inventories/bootstrappers/host_vars/neptune.i.ipfs.io.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -ipfs_private_key: "{{ vault_neptune_ipfs_private_key }}" -ipfs_peer_id: "QmSoLnSGccFuZQJzRadHn95W2CrSFmZuTdDWP8HXaHca9z" - -libp2p_fqdn: sfo-2.bootstrap.libp2p.io diff --git a/ansible/inventories/bootstrappers/host_vars/pluto.i.ipfs.io.yml b/ansible/inventories/bootstrappers/host_vars/pluto.i.ipfs.io.yml deleted file mode 100644 index 84eec7f..0000000 --- a/ansible/inventories/bootstrappers/host_vars/pluto.i.ipfs.io.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -ipfs_private_key: "{{ vault_pluto_ipfs_private_key }}" -ipfs_peer_id: "QmSoLPppuBtQSGwKDZT2M73ULpjvfd3aZ6ha4oFGL1KrGM" - -libp2p_fqdn: sfo-3.bootstrap.libp2p.io diff --git a/ansible/inventories/bootstrappers/host_vars/saturn.i.ipfs.io.yml b/ansible/inventories/bootstrappers/host_vars/saturn.i.ipfs.io.yml deleted file mode 100644 index 9fa2669..0000000 --- a/ansible/inventories/bootstrappers/host_vars/saturn.i.ipfs.io.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -ipfs_private_key: "{{ vault_saturn_ipfs_private_key }}" -ipfs_peer_id: "QmSoLSafTMBsPKadTEgaXctDQVcqN88CNLHXMkTNwMKPnu" - -libp2p_fqdn: sgp-1.bootstrap.libp2p.io -ansible_ssh_user: root -deploy_user: root diff --git a/ansible/inventories/bootstrappers/host_vars/uranus.i.ipfs.io.yml b/ansible/inventories/bootstrappers/host_vars/uranus.i.ipfs.io.yml deleted file mode 100644 index aa1effa..0000000 --- a/ansible/inventories/bootstrappers/host_vars/uranus.i.ipfs.io.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -ipfs_private_key: "{{ vault_uranus_ipfs_private_key }}" -ipfs_peer_id: "QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm" - -libp2p_fqdn: nyc-1.bootstrap.libp2p.io diff --git a/ansible/inventories/bootstrappers/host_vars/venus.i.ipfs.io.yml b/ansible/inventories/bootstrappers/host_vars/venus.i.ipfs.io.yml deleted file mode 100644 index 473562d..0000000 --- a/ansible/inventories/bootstrappers/host_vars/venus.i.ipfs.io.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -ipfs_private_key: "{{ vault_venus_ipfs_private_key }}" -ipfs_peer_id: "QmSoLV4Bbm51jM9C4gDYZQ9Cy3U6aXMJDAbzgu2fzaDs64" - -libp2p_fqdn: nyc-2.bootstrap.libp2p.io diff --git a/ansible/inventories/bootstrappers/hosts b/ansible/inventories/bootstrappers/hosts deleted file mode 100644 index a555a7a..0000000 --- a/ansible/inventories/bootstrappers/hosts +++ /dev/null @@ -1,20 +0,0 @@ -[bootstrappers] -earth.i.ipfs.io -#ams-1.bootstrap.libp2p.io - -mercury.i.ipfs.io -#lon-1.bootstrap.libp2p.io - -pluto.i.ipfs.io -#sfo-3.bootstrap.libp2p.io - -saturn.i.ipfs.io -#sgp-1.bootstrap.libp2p.io - -uranus.i.ipfs.io -#nyc-1.bootstrap.libp2p.io - -venus.i.ipfs.io -#nyc-2.bootstrap.libp2p.io - -neptune.i.ipfs.io diff --git a/ansible/inventories/gateways/group_vars/all.yml b/ansible/inventories/gateways/group_vars/all.yml deleted file mode 100644 index d6b4893..0000000 --- a/ansible/inventories/gateways/group_vars/all.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -ansible_connection: ssh -ansible_ssh_user: root -ansible_python_interpreter: "/usr/bin/python3" -deploy_user: root - -go_ipfs_version: "v0.4.22-rc1" - -go_ipfs_cmd: "daemon --enable-gc --enable-namesys-pubsub --migrate=true" - -go_ipfs_systemd_env: - - IPFS_PATH=/home/ipfs/.ipfs - - IPFS_LOGGING=ERROR - - IPFS_LOGGING_FMT=nocolor - - ÌPFS_FD_MAX=10000 - - LIBP2P_SWARM_FD_LIMIT=5000 - -go_ipfs_debug_log: /var/log/ipfs diff --git a/ansible/inventories/gateways/host_vars/gateway-bank2-mrs1.dwebops.net.yml b/ansible/inventories/gateways/host_vars/gateway-bank2-mrs1.dwebops.net.yml deleted file mode 100644 index ed97d53..0000000 --- a/ansible/inventories/gateways/host_vars/gateway-bank2-mrs1.dwebops.net.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/inventories/gateways/hosts b/ansible/inventories/gateways/hosts deleted file mode 100644 index 08e5de0..0000000 --- a/ansible/inventories/gateways/hosts +++ /dev/null @@ -1,21 +0,0 @@ -[gateways] -gateway-bank1-ams1.dwebops.net -gateway-bank1-ewr1.dwebops.net -gateway-bank1-fra2.dwebops.net -gateway-bank1-mrs1.dwebops.net -gateway-bank1-nrt1.dwebops.net -gateway-bank1-ord1.dwebops.net -gateway-bank1-sin1.dwebops.net -gateway-bank1-sjc1.dwebops.net -gateway-bank2-ams1.dwebops.net -gateway-bank2-ewr1.dwebops.net -gateway-bank2-fra2.dwebops.net -gateway-bank2-mrs1.dwebops.net -gateway-bank2-nrt1.dwebops.net -gateway-bank2-ord1.dwebops.net -gateway-bank2-sin1.dwebops.net -gateway-bank2-sjc1.dwebops.net - -#grafana.locotorp.info -#netdata.locotorp.info -#prometheus.locotorp.info \ No newline at end of file diff --git a/ansible/inventories/gateways/hosts-stage b/ansible/inventories/gateways/hosts-stage deleted file mode 100644 index 6cc07b4..0000000 --- a/ansible/inventories/gateways/hosts-stage +++ /dev/null @@ -1,2 +0,0 @@ -[gateways] -gateway-bank1-stage.dwebops.net \ No newline at end of file diff --git a/ansible/inventories/preloaders/group_vars/all.yml b/ansible/inventories/preloaders/group_vars/all.yml deleted file mode 100644 index dc3acea..0000000 --- a/ansible/inventories/preloaders/group_vars/all.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -ansible_connection: ssh -deploy_user: root -ansible_python_interpreter: "/usr/bin/python3" - -go_ipfs_version: "v0.4.22-rc1" - -go_ipfs_systemd_env: - - IPFS_PATH=/home/ipfs/.ipfs - - IPFS_LOGGING=WARNING - - IPFS_LOGGING_FMT=nocolor - -go_ipfs_debug_log: /var/log/ipfs diff --git a/ansible/inventories/preloaders/host_vars/node0.preload.ipfs.io.yml b/ansible/inventories/preloaders/host_vars/node0.preload.ipfs.io.yml deleted file mode 100644 index ed97d53..0000000 --- a/ansible/inventories/preloaders/host_vars/node0.preload.ipfs.io.yml +++ /dev/null @@ -1 +0,0 @@ ---- diff --git a/ansible/inventories/preloaders/host_vars/node1.preload.ipfs.io.yml b/ansible/inventories/preloaders/host_vars/node1.preload.ipfs.io.yml deleted file mode 100644 index fe12a8b..0000000 --- a/ansible/inventories/preloaders/host_vars/node1.preload.ipfs.io.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -go_ipfs_version: "8d9728" diff --git a/ansible/inventories/preloaders/hosts b/ansible/inventories/preloaders/hosts deleted file mode 100644 index ad61c73..0000000 --- a/ansible/inventories/preloaders/hosts +++ /dev/null @@ -1,3 +0,0 @@ -[preloaders] -node0.preload.ipfs.io -node1.preload.ipfs.io diff --git a/ansible/preloaders.yml b/ansible/preloaders.yml deleted file mode 100644 index f9f8185..0000000 --- a/ansible/preloaders.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- hosts: preloaders - remote_user: "{{ deploy_user }}" - roles: - - role: ssh-keys - ssh_user: "{{ deploy_user }}" - - role: geerlingguy.docker - docker_install_compose: false - - role: python-dependencies - vars_files: - - ../secrets_secure/vault.yml - -- hosts: preloaders - serial: 1 - remote_user: "{{ deploy_user }}" - roles: - - role: go-ipfs-deploy-bin - vars_files: - - ../secrets_secure/vault.yml diff --git a/ansible/roles/geerlingguy.docker b/ansible/roles/geerlingguy.docker deleted file mode 160000 index 5afc0f8..0000000 --- a/ansible/roles/geerlingguy.docker +++ /dev/null @@ -1 +0,0 @@ -Subproject commit 5afc0f8ab487e31047c3c1f7013f66025aeb1cdd diff --git a/ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.conf b/ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.conf deleted file mode 100644 index 55a1105..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.conf +++ /dev/null @@ -1,16 +0,0 @@ -module(load="imuxsock") # provides support for local system logging -module(load="imklog" permitnonkernelfacility="on") - -$RepeatedMsgReduction on - -$FileOwner syslog -$FileGroup adm -$FileCreateMode 0640 -$DirCreateMode 0755 -$Umask 0022 -$PrivDropToUser syslog -$PrivDropToGroup syslog - -$WorkDirectory /var/spool/rsyslog - -$IncludeConfig /etc/rsyslog.d/*.conf \ No newline at end of file diff --git a/ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.d/42-ipfs.conf b/ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.d/42-ipfs.conf deleted file mode 100644 index 783dc61..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/files/etc/rsyslog.d/42-ipfs.conf +++ /dev/null @@ -1,6 +0,0 @@ -if $programname == 'ipfs' then /var/log/ipfs - -# Uncomment the following to stop logging anything that matches the last rule. -# Doing this will stop logging kernel generated UFW log messages to the file -# normally containing kern.* messages (eg, /var/log/kern.log) -& stop \ No newline at end of file diff --git a/ansible/roles/go-ipfs-deploy-bin/handlers/main.yml b/ansible/roles/go-ipfs-deploy-bin/handlers/main.yml deleted file mode 100644 index ba0342b..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/handlers/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: "Restart_IPFS" - systemd: - name: ipfs - state: restarted - daemon_reload: yes - -- name: "Restart_RSYSLOG" - systemd: - name: rsyslog - state: restarted diff --git a/ansible/roles/go-ipfs-deploy-bin/tasks/build.yml b/ansible/roles/go-ipfs-deploy-bin/tasks/build.yml deleted file mode 100644 index 0f5d90a..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/tasks/build.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: fetch GIT repo - block: - - name: fetch GIT repo - become: no - git: - repo: "git@github.com:ipfs/go-ipfs.git" - force: yes - update: yes - dest: "/tmp/go-ipfs/{{ go_ipfs_version }}" - version: '{{ go_ipfs_version }}' - rescue: - - name: RESCUE - remove GIT repo dir - file: - state: absent - path: "/tmp/go-ipfs/{{ go_ipfs_version }}" - - name: RESCUE - retry fetch GIT repo - become: no - git: - repo: "git@github.com:ipfs/go-ipfs.git" - force: yes - update: yes - dest: "/tmp/go-ipfs/{{ go_ipfs_version }}" - version: '{{ go_ipfs_version }}' - - -- name: Build base image - become: no - docker_image: - name: "go-ipfs-ansible:{{ go_ipfs_version }}" - build: - path: "/tmp/go-ipfs/{{ go_ipfs_version }}" - pull: yes - source: build diff --git a/ansible/roles/go-ipfs-deploy-bin/tasks/logging.yml b/ansible/roles/go-ipfs-deploy-bin/tasks/logging.yml deleted file mode 100644 index 830134c..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/tasks/logging.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -# logrotate won't run parent directory has insecure permissions (It's world writable or writable by group which is not "root") -- name: set correct /var/log permissions for logrotate - file: - path: /var/log - owner: root - group: root - state: directory - mode: '0775' - -- name: set permissions for ipfs log file - file: - path: /var/log/ipfs - state: touch - owner: syslog - group: root - mode: '0664' - modification_time: preserve - access_time: preserve - -- name: copy ipfs rsyslogd config - copy: - src: "etc/rsyslog.conf" - dest: "/etc/rsyslog.conf" - force: yes - notify: - - "Restart_RSYSLOG" - -- name: copy ipfs rsyslogd config - copy: - src: "etc/rsyslog.d/42-ipfs.conf" - dest: "/etc/rsyslog.d/42-ipfs.conf" - force: yes - notify: - - "Restart_RSYSLOG" - -- name: copy ipfs logrotate config - template: - src: "etc/logrotate.d/ipfs.j2" - dest: "/etc/logrotate.d/ipfs" - force: yes diff --git a/ansible/roles/go-ipfs-deploy-bin/tasks/main.yml b/ansible/roles/go-ipfs-deploy-bin/tasks/main.yml deleted file mode 100644 index 09418be..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/tasks/main.yml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- include: logging.yml - -- name: copy ipfs service unit definition - template: - src: "etc/systemd/system/ipfs.service.j2" - dest: "/etc/systemd/system/ipfs.service" - force: yes - notify: - - "Restart_IPFS" - - -- name: build go-ipfs Docker image - include_tasks: - file: build.yml - apply: - delegate_to: localhost - -- name: copy linux binary from Docker container - shell: "/usr/local/bin/docker run -v /tmp/:/opt/mount --rm --entrypoint cp go-ipfs-ansible:{{ go_ipfs_version }} /usr/local/bin/ipfs /opt/mount/ipfs.{{ go_ipfs_version }}" - args: - creates: "/tmp/ipfs.{{ go_ipfs_version }}" - delegate_to: localhost - -- name: copy go-ipfs binary - copy: - src: "/tmp/ipfs.{{ go_ipfs_version }}" - dest: /usr/local/bin/ipfs - force: yes - notify: - - "Restart_IPFS" diff --git a/ansible/roles/go-ipfs-deploy-bin/templates/etc/logrotate.d/ipfs.j2 b/ansible/roles/go-ipfs-deploy-bin/templates/etc/logrotate.d/ipfs.j2 deleted file mode 100644 index 8a4a8c6..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/templates/etc/logrotate.d/ipfs.j2 +++ /dev/null @@ -1,7 +0,0 @@ -{{ go_ipfs_debug_log }} { - daily - missingok - rotate 2 - compress - copytruncate -} \ No newline at end of file diff --git a/ansible/roles/go-ipfs-deploy-bin/templates/etc/systemd/system/ipfs.service.j2 b/ansible/roles/go-ipfs-deploy-bin/templates/etc/systemd/system/ipfs.service.j2 deleted file mode 100644 index 1deec82..0000000 --- a/ansible/roles/go-ipfs-deploy-bin/templates/etc/systemd/system/ipfs.service.j2 +++ /dev/null @@ -1,19 +0,0 @@ -[Unit] -Description=IPFS daemon -After=network.target - -[Service] -User=ipfs -Group=ipfs -{% for env_config in go_ipfs_systemd_env %} -Environment="{{ env_config }}" -{% endfor %} -ExecStart=/usr/local/bin/ipfs daemon --enable-gc --enable-namesys-pubsub --migrate=true -Restart=on-failure -LimitNOFILE=infinity -StandardOutput=syslog+console -StandardError=syslog+console -SyslogIdentifier=ipfs - -[Install] -WantedBy=multi-user.target diff --git a/ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/Dockerfile b/ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/Dockerfile deleted file mode 100644 index 6be8ac0..0000000 --- a/ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/Dockerfile +++ /dev/null @@ -1,6 +0,0 @@ -ARG GO_IPFS_VERSION -FROM go-ipfs-ansible:$GO_IPFS_VERSION - -RUN wget -q -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 \ - && chmod +x /usr/local/bin/jq -COPY container_daemon /usr/local/bin/start_ipfs diff --git a/ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/container_daemon b/ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/container_daemon deleted file mode 100755 index 394fb1e..0000000 --- a/ansible/roles/go-ipfs-deploy-docker/files/dockerfiles/container_daemon +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/sh -set -e - -envToConfig() { - ipfsPrefix="IPFS_CONFIG" - configFile="$IPFS_PATH/config" - configFileTmp="$(mktemp)" - - # remove newlines from ENV values - awk 'END { for (name in ENVIRON) { - if ( name ~ /^IPFS_CONFIG*/) { - val=ENVIRON[name] - gsub("\n", "",val) - print name"="val; - } - } - }' < /dev/null | - - while IFS='=' read -r name value - do - case "$name" in - "$ipfsPrefix"*) - parsedName=${name#$ipfsPrefix*} - jsonName=${parsedName//_/.} - case "$value" in - [*) - # sanitize string containing list for jq consumption by removing spaces, brackets - arr=$(echo "$value" |tr -d '[] ') - # transform comma delimited string into json array - jsonValue=$(jq -nr --arg value "$arr" '$value|split(",")') - ;; - *) - # ensure value is valid json - jsonValue=$(jq -nr --argjson value "${value}" '$value|tojson' 2>/dev/null || jq -nr --arg value "${value}" '$value|tojson' 2>/dev/null) - ;; - esac - - jqStr="$(printf '%s = %s' "$jsonName" "$jsonValue")" - # replace value in config file - jq --arg jqStr "$jqStr" ".| $jqStr" < "$configFile" > "$configFileTmp" && mv "$configFileTmp" "$configFile" - ;; - esac - done -} - - -user=ipfs -repo="$IPFS_PATH" - -if [ `id -u` -eq 0 ]; then - echo "Changing user to $user" - # ensure folder is writable - su-exec "$user" test -w "$repo" || chown -R -- "$user" "$repo" - # restart script with new privileges - exec su-exec "$user" "$0" "$@" -fi - -# 2nd invocation with regular user -ipfs version - -if [ -e "$repo/config" ]; then - echo "Found IPFS fs-repo at $repo" -else - case "$IPFS_PROFILE" in - "") INIT_ARGS="" ;; - *) INIT_ARGS="--profile=$IPFS_PROFILE" ;; - esac - ipfs init $INIT_ARGS - ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001 - ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080 -fi - -envToConfig -exec ipfs "$@" diff --git a/ansible/roles/go-ipfs-deploy-docker/tasks/build.yml b/ansible/roles/go-ipfs-deploy-docker/tasks/build.yml deleted file mode 100644 index 2d4cbf3..0000000 --- a/ansible/roles/go-ipfs-deploy-docker/tasks/build.yml +++ /dev/null @@ -1,34 +0,0 @@ ---- -- name: fetch GIT repo - become: no - run_once: true - git: - repo: "git@github.com:ipfs/go-ipfs.git" - force: yes - update: yes - dest: "/tmp/go-ipfs/{{ go_ipfs_version }}" - version: '{{ go_ipfs_version }}' - register: code_update - -- name: Build base image - become: no - run_once: true - docker_image: - name: "go-ipfs-ansible:{{ go_ipfs_version }}" - build: - path: "/tmp/go-ipfs/{{ go_ipfs_version }}" - pull: yes - source: build - -- name: Build final image with build args - become: no - run_once: true - docker_image: - name: "go-ipfs:{{ go_ipfs_version }}" - build: - path: "{{ role_path }}/files/dockerfiles/" - pull: no - args: - GO_IPFS_VERSION: "{{ go_ipfs_version }}" - source: build - register: docker_ipfs diff --git a/ansible/roles/go-ipfs-deploy-docker/tasks/main.yml b/ansible/roles/go-ipfs-deploy-docker/tasks/main.yml deleted file mode 100644 index f1ba5cf..0000000 --- a/ansible/roles/go-ipfs-deploy-docker/tasks/main.yml +++ /dev/null @@ -1,57 +0,0 @@ ---- -- name: build go-ipfs Docker image - include_tasks: - file: build.yml - apply: - delegate_to: localhost - -- name: Archive image - delegate_to: localhost - run_once: true - become: no - docker_image: - name: "go-ipfs" - tag: "{{ go_ipfs_version }}" - archive_path: "/tmp/go-ipfs-{{ go_ipfs_version }}.tar" - source: local - when: docker_ipfs.changed - -- name: copy docker image to server - copy: - src: "/tmp/go-ipfs-{{ go_ipfs_version }}.tar" - dest: "/tmp/go-ipfs-{{ go_ipfs_version }}.tar" - force: yes - -- name: Load image from archive - docker_image: - name: "go-ipfs" - tag: "{{ go_ipfs_version }}" - load_path: "/tmp/go-ipfs-{{ go_ipfs_version }}.tar" - source: load - -- name: Creates ipfs repo dir - file: - path: "{{ go_ipfs_repo }}" - state: directory - owner: "{{ deploy_user }}" - group: users - mode: '0775' - -- name: Start go-ipfs container - docker_container: - name: "go-ipfs" - network_mode: host - state: started - restart_policy : always - image: "go-ipfs:{{ go_ipfs_version }}" - command: "{{ go_ipfs_cmd }}" - user: ipfs - env: "{{ go_ipfs_env }}" - log_driver: json-file - log_options: - max-size: 100m - max-file: 2 - comparisons: - env: strict - volumes: - - "{{ go_ipfs_repo }}:/data/ipfs" diff --git a/ansible/roles/netdata_conf_gateways/files/web_log.conf b/ansible/roles/netdata_conf_gateways/files/web_log.conf deleted file mode 100644 index 2191269..0000000 --- a/ansible/roles/netdata_conf_gateways/files/web_log.conf +++ /dev/null @@ -1,10 +0,0 @@ -nginx_log: - name : 'nginx_log' - path : '/var/log/nginx/access.log' - categories: - ipfs: '^/ipfs/' - ipns: '^/ipns/' - api : '^/api/' - blog: '^/blog/' - refs: '^/refs/' - histogram: [10,50,100,300,1000,5000,15000,30000,60000,120000,180000,300000,600000] \ No newline at end of file diff --git a/ansible/roles/netdata_conf_gateways/handlers/main.yml b/ansible/roles/netdata_conf_gateways/handlers/main.yml deleted file mode 100644 index cb679b1..0000000 --- a/ansible/roles/netdata_conf_gateways/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: "Restart_Netdata" - systemd: - state: restarted - name: netdata diff --git a/ansible/roles/netdata_conf_gateways/tasks/main.yml b/ansible/roles/netdata_conf_gateways/tasks/main.yml deleted file mode 100644 index 1719193..0000000 --- a/ansible/roles/netdata_conf_gateways/tasks/main.yml +++ /dev/null @@ -1,11 +0,0 @@ ---- -- name: "copy web_log config" - copy: - force: yes - src: "web_log.conf" - dest: "/opt/netdata/etc/netdata/python.d/web_log.conf" - mode: 0644 - owner: root - group: root - notify: - - "Restart_Netdata" diff --git a/ansible/roles/nginx_conf_bootstrappers/files/conf.d/0-ssl.conf b/ansible/roles/nginx_conf_bootstrappers/files/conf.d/0-ssl.conf deleted file mode 100644 index 2fcab92..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/files/conf.d/0-ssl.conf +++ /dev/null @@ -1,51 +0,0 @@ -# Based on intermediate profile of Mozilla SSL Configuration Generator -# See https://mozilla.github.io/server-side-tls/ssl-config-generator -# -# PLEASE keep this config and documentation up-to-date! -# -# Last updated from Mozilla: 2015-08-28 -# -# Changes: -# - use Google's DNS resolvers -# -# Steps to produce cert, key, and trustchain files: -# -# 1. Generate dhparam: -# openssl dhparam -out secrets/wikipedia-on-ipfs.org.dhparam.pem 2048 -# -# 2. Obtain lets-encrypt-x3-cross-signed.pem and isrgrootx1.pem -# -# 3. Fetch the certificate and key from the certs host: -# scp 'root@earth.i.ipfs.io:/root/.caddy/acme/acme-v02.api.letsencrypt.org/sites/wikipedia-on-ipfs.org/*.{crt,key}' secrets/ -# -# 4. Build trustchains: -# cat lets-encrypt-x3-cross-signed.pem >> secrets/wikipedia-on-ipfs.org.crt -# cat isrgrootx1.pem >> secrets/wikipedia-on-ipfs.org.trustchain.crt -# cat lets-encrypt-x3-cross-signed.pem >> secrets/wikipedia-on-ipfs.org.trustchain.crt -# -# Also see: https://www.digitalocean.com/community/tutorials/openssl-essentials-working-with-ssl-certificates-private-keys-and-csrs - -# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate -# XXX: ssl_certificate and ssl_certificate_key are defined in the respective vhosts. - -# session tickets -ssl_session_timeout 1d; -ssl_session_cache shared:SSL:50m; - -# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits -# XXX: ssl_dhparam is defined in the respective vhosts. - -# modern configuration. tweak to your needs. -ssl_protocols TLSv1 TLSv1.1 TLSv1.2; -ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK'; -ssl_prefer_server_ciphers on; - -# OCSP Stapling --- -# fetch OCSP records from URL in ssl_certificate and cache them -ssl_stapling on; -ssl_stapling_verify on; - -## verify chain of trust of OCSP response using Root CA and Intermediate certs -# XXX: ssl_trusted_certificate is defined in the respective vhosts. - -resolver 8.8.8.8 8.8.4.4; \ No newline at end of file diff --git a/ansible/roles/nginx_conf_bootstrappers/files/conf.d/1-ws-upstream.conf b/ansible/roles/nginx_conf_bootstrappers/files/conf.d/1-ws-upstream.conf deleted file mode 100644 index 97ac1ca..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/files/conf.d/1-ws-upstream.conf +++ /dev/null @@ -1,3 +0,0 @@ -upstream ws_bootstrap { - server 127.0.0.1:8081; -} diff --git a/ansible/roles/nginx_conf_bootstrappers/files/nginx.conf b/ansible/roles/nginx_conf_bootstrappers/files/nginx.conf deleted file mode 100644 index 01daf7d..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/files/nginx.conf +++ /dev/null @@ -1,71 +0,0 @@ -user nginx; -worker_processes 1; -pid /var/run/nginx.pid; - -events { - worker_connections 10240; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - server_names_hash_bucket_size 64; - - log_format mtail '$server_name $remote_addr - $remote_user [$time_local] ' - '"$request" $status $bytes_sent $request_time ' - '"$http_referer" "$http_user_agent" "$sent_http_content_type" upstream="$upstream_addr"'; - - access_log off; - error_log /var/log/nginx/error.log warn; - - sendfile on; - #tcp_nopush on; - - keepalive_timeout 65; - - # based off html5-boilerplate - gzip on; - gzip_comp_level 5; - gzip_min_length 256; - gzip_proxied any; - gzip_vary on; - gzip_types - application/atom+xml - application/javascript - application/x-javascript - application/json - application/ld+json - application/manifest+json - application/rss+xml - application/vnd.geo+json - application/vnd.ms-fontobject - application/x-font-ttf - application/x-web-app-manifest+json - application/xhtml+xml - application/xml - font/opentype - image/bmp - image/svg+xml - image/x-icon - image/jpeg - image/png - text/cache-manifest - text/css - text/plain - text/vcard - text/vnd.rim.location.xloc - text/vtt - text/x-component - text/x-cross-domain-policy; - # text/html is always compressed by gzip module - - proxy_next_upstream error; - proxy_buffering off; - proxy_buffer_size 4k; - proxy_temp_path /tmp/nginx; - proxy_hide_header Access-Control-Allow-Headers; - proxy_hide_header Access-Control-Expose-Headers; - - include /etc/nginx/conf.d/*.conf; -} \ No newline at end of file diff --git a/ansible/roles/nginx_conf_bootstrappers/files/sites-enabled/1-libp2p-websocket.conf b/ansible/roles/nginx_conf_bootstrappers/files/sites-enabled/1-libp2p-websocket.conf deleted file mode 100644 index bc16246..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/files/sites-enabled/1-libp2p-websocket.conf +++ /dev/null @@ -1,11 +0,0 @@ -location / { - proxy_set_header Host $host; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - proxy_set_header Sec-WebSocket-Key $http_sec_websocket_key; - proxy_set_header Sec-WebSocket-Extensions $http_sec_websocket_extensions; - proxy_set_header Sec-WebSocket-Version $http_sec_websocket_version; - proxy_pass http://ws_bootstrap; - proxy_pass_header Server; - proxy_read_timeout 60s; -} \ No newline at end of file diff --git a/ansible/roles/nginx_conf_bootstrappers/handlers/main.yml b/ansible/roles/nginx_conf_bootstrappers/handlers/main.yml deleted file mode 100644 index 19df3b3..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: "Restart_Nginx" - docker_container: - name: "nginx-ansible" - restart: yes diff --git a/ansible/roles/nginx_conf_bootstrappers/tasks/main.yml b/ansible/roles/nginx_conf_bootstrappers/tasks/main.yml deleted file mode 100644 index 0b08f56..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/tasks/main.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- name: include vars - include_vars: "vars.yml" - -- include: nginx_conf.yml -- include: nginx_docker.yml diff --git a/ansible/roles/nginx_conf_bootstrappers/tasks/nginx_conf.yml b/ansible/roles/nginx_conf_bootstrappers/tasks/nginx_conf.yml deleted file mode 100644 index a09eef8..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/tasks/nginx_conf.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Creates nginx dirs - file: - path: "{{ item }}" - state: directory - with_items: - - "{{ nginx_conf_path }}" - - "{{ nginx_conf_path }}/sites-enabled" - - "{{ nginx_confd_location }}" - - "{{ nginx_certs_location }}" - - "{{ nginx_logs_location }}" - -- name: "copy SSL certs" - no_log: true - copy: - force: yes - dest: "{{ nginx_certs_location }}/{{ item.location }}" - content: "{{ item.content }}" - with_items: - - { location: "bootstrap.libp2p.io.crt", content: "{{ vault_star_bootstrap_libp2p_io_cert }}"} - - { location: "bootstrap.libp2p.io.key", content: "{{ vault_star_bootstrap_libp2p_io_key }}"} - - { location: "bootstrap.libp2p.io.dhparam.pem", content: "{{ vault_star_bootstrap_libp2p_io_dhparam }}"} - - { location: "bootstrap.libp2p.io.trustchain.crt", content: "{{ vault_star_bootstrap_libp2p_io_trustchain }}"} - notify: - - "Restart_Nginx" - -- name: sync nginx configs - become: yes - copy: - src: "{{ role_path }}/files/" - dest: "{{ nginx_conf_path }}/" - notify: - - "Restart_Nginx" - -- name: copy nginx server config - template: - src: "1-libp2p.conf.j2" - dest: "{{ nginx_confd_location }}/1-libp2p.conf" - force: yes - notify: - - "Restart_Nginx" diff --git a/ansible/roles/nginx_conf_bootstrappers/tasks/nginx_docker.yml b/ansible/roles/nginx_conf_bootstrappers/tasks/nginx_docker.yml deleted file mode 100644 index ff8f7a2..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/tasks/nginx_docker.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Start nginx container - docker_container: - name: "nginx-ansible" - #name: "nginx" - image: "nginx:{{ nginx_docker_version }}" - network_mode: host - state: started - restart_policy : always - log_driver: json-file - log_options: - max-size: 100m - max-file: 2 - volumes: - - "{{ nginx_conf_path }}/nginx.conf:/etc/nginx/nginx.conf:ro" - - "{{ nginx_conf_path }}/passwd:/etc/nginx/passwd:ro" - - "{{ nginx_conf_path }}/sites-enabled:/etc/nginx/sites-enabled:ro" - - "{{ nginx_confd_location }}:/etc/nginx/conf.d:ro" - - "{{ nginx_certs_location }}:/etc/nginx/certs:ro" - - "{{ nginx_logs_location }}:/var/log/nginx" - - "{{ nginx_html_location }}:/usr/share/nginx/html:ro" - - "{{ nginx_tmp_location }}:/tmp/nginx" diff --git a/ansible/roles/nginx_conf_bootstrappers/templates/1-libp2p.conf.j2 b/ansible/roles/nginx_conf_bootstrappers/templates/1-libp2p.conf.j2 deleted file mode 100644 index 18d074e..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/templates/1-libp2p.conf.j2 +++ /dev/null @@ -1,21 +0,0 @@ -server { - server_name {{ libp2p_fqdn }}; - access_log /var/log/nginx/access.log mtail; - - listen 443 ssl; - listen [::]:443 ssl; - ssl_certificate /etc/nginx/certs/bootstrap.libp2p.io.crt; - ssl_certificate_key /etc/nginx/certs/bootstrap.libp2p.io.key; - ssl_dhparam /etc/nginx/certs/bootstrap.libp2p.io.dhparam.pem; - ssl_trusted_certificate /etc/nginx/certs/bootstrap.libp2p.io.trustchain.crt; - - # HSTS (ngx_http_headers_module is required) - # 31536000 seconds = 12 months, as advised by hstspreload.org - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; - - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; - add_header 'Access-Control-Allow-Headers' 'X-Requested-With, Range, Content-Range, X-Chunked-Output, X-Stream-Output' always; - add_header 'Access-Control-Expose-Headers' 'Content-Range, X-Chunked-Output, X-Stream-Output' always; - include /etc/nginx/sites-enabled/*.conf; -} \ No newline at end of file diff --git a/ansible/roles/nginx_conf_bootstrappers/vars/vars.yml b/ansible/roles/nginx_conf_bootstrappers/vars/vars.yml deleted file mode 100644 index 9a5df36..0000000 --- a/ansible/roles/nginx_conf_bootstrappers/vars/vars.yml +++ /dev/null @@ -1,8 +0,0 @@ -nginx_conf_path: "/opt/ansible/nginx" -nginx_confd_location: "{{ nginx_conf_path }}/conf.d" -nginx_certs_location: "{{ nginx_conf_path }}/certs" -nginx_logs_location: "{{ nginx_conf_path }}/logs" -nginx_html_location: "{{ nginx_conf_path }}/html" -nginx_tmp_location: "{{ nginx_conf_path }}/tmp" - -nginx_docker_version: 1.12.2 diff --git a/ansible/roles/nginx_conf_gateways/handlers/main.yml b/ansible/roles/nginx_conf_gateways/handlers/main.yml deleted file mode 100644 index ed1accc..0000000 --- a/ansible/roles/nginx_conf_gateways/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- name: "Restart_Nginx" - systemd: - state: restarted - name: nginx diff --git a/ansible/roles/nginx_conf_gateways/tasks/main.yml b/ansible/roles/nginx_conf_gateways/tasks/main.yml deleted file mode 100644 index 32b9fc8..0000000 --- a/ansible/roles/nginx_conf_gateways/tasks/main.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -- name: "copy SSL certs" - # no_log: true - copy: - force: yes - dest: "/etc/nginx/{{ item.location }}" - mode: 0644 - owner: root - group: root - content: "{{ item.content }}" - with_items: - - { location: "websites.crt", content: "{{ vault_gateway_websites_cert }}"} - - { location: "websites.key", content: "{{ vault_gateway_websites_key }}"} - notify: - - "Restart_Nginx" diff --git a/ansible/roles/node_exporter/files/conf.d/node-exporter-upstream.conf b/ansible/roles/node_exporter/files/conf.d/node-exporter-upstream.conf deleted file mode 100644 index b9210c9..0000000 --- a/ansible/roles/node_exporter/files/conf.d/node-exporter-upstream.conf +++ /dev/null @@ -1,4 +0,0 @@ -upstream node-metrics { - server 127.0.0.1:9100; - keepalive 64; -} diff --git a/ansible/roles/node_exporter/files/sites-enabled/1-node-exporter.conf b/ansible/roles/node_exporter/files/sites-enabled/1-node-exporter.conf deleted file mode 100644 index 14a09c3..0000000 --- a/ansible/roles/node_exporter/files/sites-enabled/1-node-exporter.conf +++ /dev/null @@ -1,21 +0,0 @@ -location = /debug/node { - return 301 /debug/node/; -} - -location ~ /debug/node/(?.*) { - proxy_set_header Host $host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_pass http://node-metrics/$ndpath$is_args$args; - proxy_http_version 1.1; - - proxy_pass_request_headers on; - proxy_set_header Connection "keep-alive"; - - proxy_store off; - - auth_basic "Restricted Content"; - auth_basic_user_file /etc/nginx/passwd/.httpasswd-node-exporter; -} \ No newline at end of file diff --git a/ansible/roles/node_exporter/tasks/main.yml b/ansible/roles/node_exporter/tasks/main.yml deleted file mode 100644 index f7070d3..0000000 --- a/ansible/roles/node_exporter/tasks/main.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: Start node_exporter container - docker_container: - name: "node_exporter" - image: "prom/node-exporter:{{ version }}" - #network_mode: host - state: started - published_ports: - - 127.0.0.1:9100:9100 - restart_policy : always - log_driver: json-file - log_options: - max-size: 100m - max-file: 2 - -- include: nginx.yml diff --git a/ansible/roles/node_exporter/tasks/nginx.yml b/ansible/roles/node_exporter/tasks/nginx.yml deleted file mode 100644 index c35ef94..0000000 --- a/ansible/roles/node_exporter/tasks/nginx.yml +++ /dev/null @@ -1,21 +0,0 @@ ---- -- name: "copy httpasswd" - no_log: true - copy: - force: yes - dest: "{{ nginx_conf_path }}/passwd/.httpasswd-node-exporter" - mode: 0644 - owner: root - group: root - content: "admin:{PLAIN}{{ vault_node_exporter_password }}" - notify: - - "Restart_Nginx" - -- name: copy nginx configs - become: yes - copy: - src: "{{ role_path }}/files/" - dest: "{{ nginx_conf_path }}/" - force: yes - notify: - - "Restart_Nginx" diff --git a/ansible/roles/python-dependencies/tasks/main.yml b/ansible/roles/python-dependencies/tasks/main.yml deleted file mode 100644 index b31283f..0000000 --- a/ansible/roles/python-dependencies/tasks/main.yml +++ /dev/null @@ -1,10 +0,0 @@ ---- -- name: install pip3 - apt: - name: python3-pip - update_cache: yes - force_apt_get: yes - -- name: install python Docker dependency - pip: - name: docker diff --git a/ansible/roles/ssh-keys/files/public_keys/gmasgras b/ansible/roles/ssh-keys/files/public_keys/gmasgras deleted file mode 100644 index a6c6edd..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/gmasgras +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDuTXotNHgU41qMau9CS1Kwv1v6eRQstdT6YJXDAO49132lJAKhGpsDepWuAK4iXWQdE2Cn7jFcHOMSxJpd3mmLObPPvajkIozGsE8lc0QanqAxM591XrXJ7fQdTCOFb0GaI0pB5eWpEFMwsosI7pPdbRp2No9X79ScvFd0ZlV+VYcHKuVQlW/sgen/rshJs1oiMHCIUxz1ok4E+ADg5uqVSsa44yitszRU/mi/ZQ0qj/B4kNYdwIQEJqHVB5Dc8rJgulhbyMYU4R6dNswcZPVOo0bVAEKBOdzVB9h4MBKoFupJX5xLegjDYvcGFr3VA+nQJSub7mmQl0rNviQpGdV gmas@Georges-MacBook-Pro-2.local diff --git a/ansible/roles/ssh-keys/files/public_keys/kubuxu b/ansible/roles/ssh-keys/files/public_keys/kubuxu deleted file mode 100644 index 897e237..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/kubuxu +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpebQMvIoun5RK3IZ/DaDgMqnLzgUCtwWlXMfxihGLO kubuxu \ No newline at end of file diff --git a/ansible/roles/ssh-keys/files/public_keys/mburns b/ansible/roles/ssh-keys/files/public_keys/mburns deleted file mode 100644 index ebad6ce..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/mburns +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE74wT0PuJXgcaaoimpqn1lHBZdaFJozsB8qVmIbIFf6 michael@protocol.ai diff --git a/ansible/roles/ssh-keys/files/public_keys/protocol b/ansible/roles/ssh-keys/files/public_keys/protocol deleted file mode 100644 index 0bb25e7..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/protocol +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPc37/go/dP7AFY3Kl0k4SDG6PI2GVLxny0g4TNuP7Xh \ No newline at end of file diff --git a/ansible/roles/ssh-keys/files/public_keys/raulk b/ansible/roles/ssh-keys/files/public_keys/raulk deleted file mode 100644 index 371562d..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/raulk +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqVRpIEOkB4lqeeL8jlvyu6pSho0Ieqyo7YL9YYZ71fBrhbPrhW3Xu3M7awXt0YXWW1xaw7YIOxKUyf0EeQ3bUSJ6HU+Rn1oZzxnqJgn+wzaHm3hApd9UqBkyMLiwV+c89w2t9JTT6aVuWjtj+jj+JJxBo/zgIVmaMgOpIj/ENuq15cutk3OSG3b71oGisaSW6ww4ZHnDgbVyL+w/C9r4uxLenAUG0itKG33lt8BY4CHv5vbxv2algzth4OyZzvUCcnd06Zg3tJx6jqG2+Okef65KTgbBGqWBHszFQh5gAsqS8qFjjn2znjaIHNE9KU+SQR5lVhyrBaNmVsBtJDbs5 \ No newline at end of file diff --git a/ansible/roles/ssh-keys/files/public_keys/sanjuan b/ansible/roles/ssh-keys/files/public_keys/sanjuan deleted file mode 100644 index 894df8b..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/sanjuan +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkrT6M13DOMf7ZhuXMNhtng8iVyG+c76KYUFq/m/0uQRMr6Naq1U8kfk+JQWq1ydNXaqy1J2gi8qFtg7TRC1MTuT5Y/YFdDdnDWrApjz0b/qE0vIQOvrlcGidFQASQNwnbYkLEEFrmgFYmLUWS9YfPKOuDfLPaY0gOG7xDMuzdev7c7ejE2up/+iFGfXHxHtwyxYhCGlEbgKJkB9qWonm0jFtfKVL9C93CD8E6VuqPJC6zcvsBTU6Jx3IwNHzkoFwvl3jsDC1SVpFy7SDKlGmlxurGTQG0B54Vp3tOcGp8fCM1DDf+0GMTp7tm6H15qrP6pktApPPx0RMK8r9m9m1T hsanjuan diff --git a/ansible/roles/ssh-keys/files/public_keys/stongo b/ansible/roles/ssh-keys/files/public_keys/stongo deleted file mode 100644 index bfbe9ed..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/stongo +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqwQQdJFGkageU7T+CqxuvuesjOyaUIRBaIeSyyi3Gh0fTh+oaLh16DMDAN59g36eieM/sfxh4hP//wiAFhBDZwFQ4xfmy6iqDWcat9tDwyV31jsshQe3iK3aMvya3tFB8r+rr5ThsDRVhGXYgm0NycLE+GDLsYAKAIHPldkqY6Sev/hUhIVj5X1wwq77yBBqTriracfaWvteW7HvnIieOVHeEbAPcyHsZX6Mn7mbzMW3dnRSHw0q4rIYdFGCXq8QgdTMDMxGz4E3GLSxT9jsh8IvHugywa9BpN2J9pbbA+Aj12HThhLmyf8x5O4+NzuwstBbRHHgPubCsR/9xl89Pw== stongo \ No newline at end of file diff --git a/ansible/roles/ssh-keys/files/public_keys/vyzo b/ansible/roles/ssh-keys/files/public_keys/vyzo deleted file mode 100644 index 16a9771..0000000 --- a/ansible/roles/ssh-keys/files/public_keys/vyzo +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILd7E1DL0zdcBsbzxBqHrx1ZsL8CoZ2kJ/ynIY4E8IgT vyzo@hackzen.org \ No newline at end of file diff --git a/ansible/roles/ssh-keys/tasks/main.yml b/ansible/roles/ssh-keys/tasks/main.yml deleted file mode 100644 index 65f6fbc..0000000 --- a/ansible/roles/ssh-keys/tasks/main.yml +++ /dev/null @@ -1,20 +0,0 @@ ---- -- name: Display all variables/facts known for a host - debug: - var: hostvars[inventory_hostname] - verbosity: 4 - -- name: Set up multiple authorized keys - authorized_key: - user: "{{ ssh_user }}" - state: present - key: '{{ item }}' - with_file: - - public_keys/gmasgras - - public_keys/kubuxu - - public_keys/mburns - - public_keys/protocol - - public_keys/sanjuan - - public_keys/stongo - - public_keys/vyzo - - public_keys/raulk