Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lint step was enabled #64

Merged
merged 5 commits into from
Nov 27, 2023
Merged

lint step was enabled #64

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
999771c
lint step was enabled
Nov 24, 2023
12e42be
lint step was enabled
Nov 24, 2023
41297f5
fix ansible-lint issues
Nov 24, 2023
69f5655
fix ansible-lint issues
Nov 24, 2023
edb25f3
fix ansible-lint issues
Nov 24, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions .github/workflows/pr-secure-apt.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: check PR (secure_apt)

on:
pull_request:
paths:
- roles/secure_apt/**
- .github/**

jobs:
run-molecule-tests:
strategy:
fail-fast: false
matrix:
molecule-driver: [docker]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: secure_apt
molecule-driver: ${{ matrix.molecule-driver }}
18 changes: 18 additions & 0 deletions .github/workflows/pr-state-exporter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
name: check PR (state_exporter)

on:
pull_request:
paths:
- roles/state_exporter/**
- .github/**

jobs:
run-molecule-tests:
strategy:
fail-fast: false
matrix:
molecule-driver: [docker]
uses: ./.github/workflows/reusable-molecule.yml
with:
role-name: state_exporter
molecule-driver: ${{ matrix.molecule-driver }}
13 changes: 6 additions & 7 deletions .github/workflows/reusable-molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,12 @@ jobs:
if: ${{ env.MOLECULE_IS_PRESENT && inputs.molecule-driver == 'lxd' }}
run: |
pip3 install --no-cache-dir molecule-lxd
# enable and fix issues as separate PR
# - name: Run lint
# run: |
# set -e
# yamllint .
# ansible-lint
# working-directory: "${{ github.repository }}/roles/${{ inputs.role-name }}"
- name: Run lint
run: |
set -e
yamllint .
ansible-lint
working-directory: "${{ github.repository }}/roles/${{ inputs.role-name }}"
- name: Run molecule tests
if: ${{ env.MOLECULE_IS_PRESENT }}
run: molecule test --all
Expand Down
2 changes: 1 addition & 1 deletion galaxy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ namespace: paritytech
name: chain

# The version of the collection. Must be compatible with semantic versioning
version: 1.8.0
version: 1.8.1

# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
Expand Down
3 changes: 3 additions & 0 deletions roles/key_inject/.ansible-lint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
skip_list:
- name[casing]
33 changes: 33 additions & 0 deletions roles/key_inject/.yamllint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
---
# Based on ansible-lint config
extends: default

rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
colons:
max-spaces-after: -1
level: error
commas:
max-spaces-after: -1
level: error
comments: disable
comments-indentation: disable
document-start: disable
empty-lines:
max: 3
level: error
hyphens:
level: error
indentation: disable
key-duplicates: enable
line-length: disable
new-line-at-end-of-file: disable
new-lines:
type: unix
trailing-spaces: disable
truthy: disable
5 changes: 3 additions & 2 deletions roles/key_inject/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,9 @@
subkey_path: 'https://releases.parity.io/substrate/x86_64-debian%3Astretch/v3.0.0/subkey/subkey'
---
subkey_path: https://releases.parity.io/substrate/x86_64-debian%3Astretch/v3.0.0/subkey/subkey

# Parachain key injection variables
key_inject_parachain_rpc_port: 9955
key_inject_parachain_scheme: "sr25519"
key_inject_parachain_scheme: sr25519
# key_inject_parachain_aura_private_key=

# Relay chain key injection variables
Expand Down
19 changes: 9 additions & 10 deletions roles/key_inject/tasks/check_session_key.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,32 @@
---
- name: Check session key | Generate session
ansible.builtin.set_fact:
key_inject_session_key: "0x\
{% for key in key_inject_relay_chain_key_list %}\
{{ (key.priv_key | parity.chain.subkey_inspect(scheme=(key.scheme | default('sr25519')) )).publicKey.replace('0x','') }}\
{% endfor %}"
key_inject_session_key: "0x{% for key in key_inject_relay_chain_key_list %}{{ (key.priv_key | parity.chain.subkey_inspect(scheme=(key.scheme | default('sr25519')))).publicKey.replace('0x',
'') }}{% endfor %}"

- name: Check session key | Run rpc
ansible.builtin.uri:
url: "http://127.0.0.1:{{ key_inject_relay_chain_rpc_port }}"
url: http://127.0.0.1:{{ key_inject_relay_chain_rpc_port }}
method: POST
body:
jsonrpc: "2.0"
method: "author_hasSessionKeys"
method: author_hasSessionKeys
params: ["{{ key_inject_session_key }}"]
id: 1
body_format: json
headers:
Content-Type: 'application/json'
Content-Type: application/json
use_proxy: false
changed_when: false
check_mode: false
register: key_inject_has_session_keys

- name: Check session key | Debug
debug:
ansible.builtin.debug:
msg: "RPC call failed: {{ key_inject_has_session_keys.json }}"
when: key_inject_has_session_keys.json.result is not defined

- name: Check session key | Check
ansible.builtin.debug:
msg: "Session Key {{ key_inject_session_key }} is {{ 'NOT ' if not key_inject_has_session_keys.json.result else '' }}present in keystore"
changed_when: not key_inject_has_session_keys.json.result
msg: Session Key {{ key_inject_session_key }} is {{ 'NOT ' if not key_inject_has_session_keys.json.result else '' }}present in keystore
changed_when: not key_inject_has_session_keys.json.result
22 changes: 11 additions & 11 deletions roles/key_inject/tasks/inject.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,23 @@
---
- name: Inject keys
tags: [key-inject, key_inject]
block:
- name: Inject | Setting {{ item.type }} pub keys
ansible.builtin.set_fact:
key_inject_pub_key: "{{ (item.priv_key |
parity.chain.subkey_inspect(scheme=(item.scheme | default('sr25519')) )).publicKey }}"
key_inject_pub_key: "{{ (item.priv_key | parity.chain.subkey_inspect(scheme=(item.scheme | default('sr25519')))).publicKey }}"

- name: Inject | Check {{ item.type }} key
ansible.builtin.uri:
url: "http://127.0.0.1:{{ item.rpc_port | default(key_inject_relay_chain_rpc_port) }}"
url: http://127.0.0.1:{{ item.rpc_port | default(key_inject_relay_chain_rpc_port) }}
method: POST
body:
jsonrpc: "2.0"
method: "author_hasKey"
method: author_hasKey
params: ["{{ key_inject_pub_key }}", "{{ item.type }}"]
id: 1
body_format: json
headers:
Content-Type: 'application/json'
Content-Type: application/json
use_proxy: false
changed_when: false
check_mode: false
Expand All @@ -28,21 +29,22 @@

- name: Inject | Check {{ item.type }} key results
ansible.builtin.debug:
msg: "Key {{ key_inject_pub_key }} ({{ item.type }}, {{ item.scheme | default('sr25519') }}) is {{ 'NOT ' if not key_inject_uri.json.result else '' }}present in keystore"
msg: Key {{ key_inject_pub_key }} ({{ item.type }}, {{ item.scheme | default('sr25519') }}) is {{ 'NOT ' if not key_inject_uri.json.result else '' }}present
in keystore
changed_when: not key_inject_uri.json.result

- name: Inject | Inject {{ item.type }} keys
ansible.builtin.uri:
url: "http://127.0.0.1:{{ item.rpc_port | default(key_inject_relay_chain_rpc_port) }}"
url: http://127.0.0.1:{{ item.rpc_port | default(key_inject_relay_chain_rpc_port) }}
method: POST
body:
jsonrpc: "2.0"
method: "author_insertKey"
method: author_insertKey
params: ["{{ item.type }}", "{{ item.priv_key }}", "{{ key_inject_pub_key }}"]
id: 1
body_format: json
headers:
Content-Type: 'application/json'
Content-Type: application/json
use_proxy: false
changed_when: true
notify: Restart service
Expand All @@ -53,5 +55,3 @@
ansible.builtin.debug:
var: key_inject_uri
when: not ansible_check_mode

tags: ['key-inject', 'key_inject']
50 changes: 24 additions & 26 deletions roles/key_inject/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,28 +1,26 @@
- block:
---
- tags: [key-inject, key_inject]
block:
- name: Parachain keys
ansible.builtin.include_tasks: inject.yml
loop:
- rpc_port: "{{ key_inject_parachain_rpc_port }}"
scheme: "{{ key_inject_parachain_scheme }}"
type: aura
priv_key: "{{ key_inject_parachain_aura_private_key }}"
loop_control:
label: Parachain {{ item.type }} key
when: key_inject_parachain_aura_private_key is defined

- name: Relaychain keys
ansible.builtin.include_tasks: inject.yml
loop: "{{ key_inject_relay_chain_key_list }}"
loop_control:
label: Relaychain {{ item.type }} key
when: key_inject_relay_chain_key_list is defined

- name: Parachain keys
ansible.builtin.include_tasks: inject.yml
loop:
- rpc_port: "{{ key_inject_parachain_rpc_port }}"
scheme: "{{ key_inject_parachain_scheme }}"
type: "aura"
priv_key: "{{ key_inject_parachain_aura_private_key }}"
loop_control:
label: "Parachain {{ item.type }} key"
when: key_inject_parachain_aura_private_key is defined

- name: Relaychain keys
ansible.builtin.include_tasks: inject.yml
loop: "{{ key_inject_relay_chain_key_list }}"
loop_control:
label: "Relaychain {{ item.type }} key"
when: key_inject_relay_chain_key_list is defined

- name: Check session key is present
ansible.builtin.include_tasks: check_seesion_key.yml
when:
- key_inject_relay_chain_key_list is defined
- key_inject_check_session_key

tags: ['key-inject', 'key_inject']
- name: Check session key is present
ansible.builtin.include_tasks: check_seesion_key.yml
when:
- key_inject_relay_chain_key_list is defined
- key_inject_check_session_key
4 changes: 4 additions & 0 deletions roles/nginx/.ansible-lint
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
skip_list:
- name[casing]
- name[template]
4 changes: 2 additions & 2 deletions roles/nginx/defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
nginx_letsencrypt_email: "devops-team@parity.io"
---
nginx_letsencrypt_email: devops-team@parity.io
nginx_letsencrypt_mock: false
nginx_dhparam_size: 4096
nginx_worker_rlimit_nofile: 30000
# requests per second
nginx_max_request_rate: 2
nginx_burst_request_rate: 5


# print extended data about clients
nginx_log_extended_enable: false

Expand Down
7 changes: 3 additions & 4 deletions roles/nginx/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,7 @@
---

- name: reload nginx config
ansible.builtin.systemd:
name: "nginx"
name: nginx
state: reloaded
enabled: yes
daemon_reload: yes
enabled: true
daemon_reload: true
2 changes: 1 addition & 1 deletion roles/nginx/molecule/default/converge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,6 @@
tasks:
- name: converge | deploy nginx without wipe
ansible.builtin.include_role:
name: "nginx"
name: nginx
vars:
nginx_remove_enable: false
13 changes: 7 additions & 6 deletions roles/nginx/molecule/default/group_vars/all.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,30 +1,31 @@
---
## Molecule
ansible_user: root

nginx_letsencrypt_mock: true
nginx_dhparam_size: 1024
nginx_sites:
- template: site-rpc.j2
domain: "a.rpc.lan"
domain: a.rpc.lan
ssl_issuer: letsencrypt
params:
rpc_port: 9933
rpc_ws_port: 9944
- template: site-rpc.j2
domain: "b.rpc.lan"
domain: b.rpc.lan
ssl_issuer: manual
ssl_manual_cert_file: "test1.pem"
ssl_manual_cert_file: test1.pem
params:
rpc_port: 9933
rpc_ws_port: 9944
- template: site-connect.j2
domain: "c.rpc.lan"
domain: c.rpc.lan
ssl_issuer: letsencrypt
params:
connect_port: 9944
- template: site-connect.j2
domain: "d.rpc.lan"
domain: d.rpc.lan
ssl_issuer: manual
ssl_manual_cert_file: "test2.pem"
ssl_manual_cert_file: test2.pem
params:
connect_port: 9944
14 changes: 7 additions & 7 deletions roles/nginx/molecule/default/molecule.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,26 +9,26 @@ platforms:
source:
alias: debian/bullseye/amd64
# DOCKER
image: "paritytech/debian11:latest"
image: paritytech/debian11:latest
command: ${MOLECULE_DOCKER_COMMAND:-""}
# need this for systemctl to work in Docker
privileged: true
# to pull image from docker hub uncomment this
pre_build_image: true
etc_hosts:
'a.rpc.lan': '127.0.0.1'
'b.rpc.lan': '127.0.0.1'
'c.rpc.lan': '127.0.0.1'
'd.rpc.lan': '127.0.0.1'
a.rpc.lan: 127.0.0.1
b.rpc.lan: 127.0.0.1
c.rpc.lan: 127.0.0.1
d.rpc.lan: 127.0.0.1

provisioner:
name: ansible
options:
D: True
D: true
config_options:
defaults:
callbacks_enabled: timer
verifier:
name: ansible
options:
D: True
D: true
Loading
Loading