From 892b41dbe05efa24813bc64309e84b9bc0f1500a Mon Sep 17 00:00:00 2001 From: ktechmidas Date: Wed, 18 Jun 2025 07:57:07 +0300 Subject: [PATCH 1/3] fix: zerossl in fast mode --- .github/workflows/devnet-deploy.yml | 199 ++++++++++++++++++++++++++ ansible/roles/dashmate/tasks/main.yml | 26 ++++ 2 files changed, 225 insertions(+) create mode 100644 .github/workflows/devnet-deploy.yml diff --git a/.github/workflows/devnet-deploy.yml b/.github/workflows/devnet-deploy.yml new file mode 100644 index 00000000..4b737e05 --- /dev/null +++ b/.github/workflows/devnet-deploy.yml @@ -0,0 +1,199 @@ +name: Deploy Devnet From Scratch + +on: + workflow_dispatch: + inputs: + devnet_name: + description: "Devnet name (e.g., devnet-latte, devnet-mocha)" + required: true + type: string + default: "devnet-latte" + masternode_amd_count: + description: "Number of AMD masternodes" + required: false + type: number + default: 1 + masternode_arm_count: + description: "Number of ARM masternodes" + required: false + type: number + default: 1 + hp_masternode_amd_count: + description: "Number of HP AMD masternodes" + required: false + type: number + default: 5 + hp_masternode_arm_count: + description: "Number of HP ARM masternodes" + required: false + type: number + default: 5 + platform_version: + description: "Platform version to deploy (e.g., 2.0.0-rc.16)" + required: true + type: string + default: "2.0.0-rc.16" + dashd_version: + description: "Dash Core version (e.g., 22.1.0)" + required: true + type: string + default: "22.1.0" + main_domain: + description: "Main domain for the network" + required: false + type: string + default: "networks.dash.org" + create_eip: + description: "Create Elastic IPs for nodes" + required: false + type: boolean + default: false + +jobs: + deploy: + name: Deploy Devnet + runs-on: ubuntu-latest + + steps: + - name: Checkout dash-network-deploy + uses: actions/checkout@v4 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install dependencies + run: | + npm ci + python -m pip install --upgrade pip + pip install ansible + + - name: Install Ansible roles + run: | + ansible-galaxy install -r ansible/requirements.yml + + - name: Set up SSH Keys + run: | + mkdir -p ~/.ssh + + # GitHub deploy key for cloning configs + echo "${{ secrets.EVO_APP_DEPLOY_KEY }}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + + # Server SSH key for connecting to nodes + echo "${{ secrets.DEPLOY_SERVER_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + + # SSH config + cat > ~/.ssh/config << 'EOL' + Host github.com + IdentityFile ~/.ssh/id_ed25519 + StrictHostKeyChecking no + + Host * + IdentityFile ~/.ssh/id_rsa + User ubuntu + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + EOL + + chmod 600 ~/.ssh/config + + # Clone network configs + - name: Clone network configs + run: | + rm -rf networks + git clone git@github.com:dashpay/dash-network-configs.git networks + + # Generate network configuration using bin/generate + - name: Generate network configuration + run: | + # Generate the configs using the official tool + ./bin/generate ${{ github.event.inputs.devnet_name }} \ + ${{ github.event.inputs.masternode_amd_count }} \ + ${{ github.event.inputs.masternode_arm_count }} \ + ${{ github.event.inputs.hp_masternode_amd_count }} \ + ${{ github.event.inputs.hp_masternode_arm_count }} + + # Update the generated config with the correct versions and domain + sed -i "s/dashmate_version: .*/dashmate_version: ${{ github.event.inputs.platform_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml + sed -i "s/drive_image: dashpay\/drive:[^ ]*/drive_image: dashpay\/drive:${{ github.event.inputs.platform_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml + sed -i "s/dapi_image: dashpay\/dapi:[^ ]*/dapi_image: dashpay\/dapi:${{ github.event.inputs.platform_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml + sed -i "s/dashd_image: dashpay\/dashd:[^ ]*/dashd_image: dashpay\/dashd:${{ github.event.inputs.dashd_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml + sed -i "s/main_domain: .*/main_domain: ${{ github.event.inputs.main_domain }}/" networks/${{ github.event.inputs.devnet_name }}.yml + + # Update tfvars with domain and EIP settings + sed -i "s/main_domain = .*/main_domain = \"${{ github.event.inputs.main_domain }}\"/" networks/${{ github.event.inputs.devnet_name }}.tfvars + sed -i "s/create_eip = .*/create_eip = ${{ github.event.inputs.create_eip }}/" networks/${{ github.event.inputs.devnet_name }}.tfvars + + echo "Generated network config:" + head -20 networks/${{ github.event.inputs.devnet_name }}.yml + echo "" + echo "Generated terraform config:" + cat networks/${{ github.event.inputs.devnet_name }}.tfvars + + # Configure AWS credentials + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: us-west-2 + + # Run Terraform deployment using bin/deploy + - name: Run Terraform deployment + run: | + ./bin/deploy -i --github ${{ github.event.inputs.devnet_name }} + + # Wait for instances to be ready + - name: Wait for instances to be ready + run: | + echo "Waiting 60 seconds for instances to fully initialize..." + sleep 60 + + # Run initial Ansible deployment + - name: Run initial Ansible deployment + env: + ANSIBLE_HOST_KEY_CHECKING: "false" + run: | + ./bin/deploy -p ${{ github.event.inputs.devnet_name }} + + # Commit and push network configuration + - name: Commit and push network configuration + run: | + cd networks + git config user.name "GitHub Actions" + git config user.email "actions@github.com" + + git add ${{ github.event.inputs.devnet_name }}.yml ${{ github.event.inputs.devnet_name }}.tfvars ${{ github.event.inputs.devnet_name }}.inventory + + if git diff --cached --quiet; then + echo "No changes to commit" + else + git commit -m "Deploy ${{ github.event.inputs.devnet_name }} with platform ${{ github.event.inputs.platform_version }} + + 🤖 Generated with [GitHub Actions](https://github.com/dashpay/dash-network-deploy/actions) + + Co-Authored-By: GitHub Actions " + git push origin main + fi + + # Output deployment information + - name: Output deployment information + run: | + echo "## Deployment Summary" + echo "Network: ${{ github.event.inputs.devnet_name }}" + echo "Platform Version: ${{ github.event.inputs.platform_version }}" + echo "Dash Core Version: ${{ github.event.inputs.dashd_version }}" + echo "Domain: ${{ github.event.inputs.main_domain }}" + echo "" + echo "## Node Counts" + echo "Masternodes (AMD): ${{ github.event.inputs.masternode_amd_count }}" + echo "Masternodes (ARM): ${{ github.event.inputs.masternode_arm_count }}" + echo "HP Masternodes (AMD): ${{ github.event.inputs.hp_masternode_amd_count }}" + echo "HP Masternodes (ARM): ${{ github.event.inputs.hp_masternode_arm_count }}" + echo "" + echo "## Services" + cd terraform/aws + terraform output -raw services_output || echo "Services output not available" \ No newline at end of file diff --git a/ansible/roles/dashmate/tasks/main.yml b/ansible/roles/dashmate/tasks/main.yml index 9e845b69..89bde547 100644 --- a/ansible/roles/dashmate/tasks/main.yml +++ b/ansible/roles/dashmate/tasks/main.yml @@ -285,6 +285,32 @@ - dashmate_zerossl_id_result is defined - dashmate_zerossl_id_result.stdout != 'null' +# Fast mode: Get ZeroSSL certificate ID from existing config if available +- name: Get ZeroSSL certificate ID from config (fast mode) + ansible.builtin.command: "{{ dashmate_cmd }} config get platform.gateway.ssl.providerConfigs.zerossl.id" + become: true + become_user: dashmate + args: + chdir: '{{ dashmate_cwd }}' + register: dashmate_zerossl_id_result_fast + changed_when: dashmate_zerossl_id_result_fast.rc == 0 + failed_when: false + when: + - skip_dashmate_image_update | default(false) + - dashmate_platform_enable + - dashmate_platform_gateway_ssl_provider == 'zerossl' + +- name: Set ZeroSSL certificate ID from config (fast mode) + ansible.builtin.set_fact: + dashmate_zerossl_config_certificate_id: "{{ dashmate_zerossl_id_result_fast.stdout }}" + when: + - skip_dashmate_image_update | default(false) + - dashmate_platform_enable + - dashmate_platform_gateway_ssl_provider == 'zerossl' + - dashmate_zerossl_id_result_fast is defined + - dashmate_zerossl_id_result_fast.rc == 0 + - dashmate_zerossl_id_result_fast.stdout != 'null' + - name: Check if existing dashmate config exists ansible.builtin.stat: path: '{{ dashmate_config_dir }}/config.json' From b6356c091f97eee174c99c13be94d34a03645ee3 Mon Sep 17 00:00:00 2001 From: ktechmidas Date: Wed, 18 Jun 2025 08:00:00 +0300 Subject: [PATCH 2/3] Remove devnet-deploy.yml from tracking (keep local copy) --- .github/workflows/devnet-deploy.yml | 199 ---------------------------- 1 file changed, 199 deletions(-) delete mode 100644 .github/workflows/devnet-deploy.yml diff --git a/.github/workflows/devnet-deploy.yml b/.github/workflows/devnet-deploy.yml deleted file mode 100644 index 4b737e05..00000000 --- a/.github/workflows/devnet-deploy.yml +++ /dev/null @@ -1,199 +0,0 @@ -name: Deploy Devnet From Scratch - -on: - workflow_dispatch: - inputs: - devnet_name: - description: "Devnet name (e.g., devnet-latte, devnet-mocha)" - required: true - type: string - default: "devnet-latte" - masternode_amd_count: - description: "Number of AMD masternodes" - required: false - type: number - default: 1 - masternode_arm_count: - description: "Number of ARM masternodes" - required: false - type: number - default: 1 - hp_masternode_amd_count: - description: "Number of HP AMD masternodes" - required: false - type: number - default: 5 - hp_masternode_arm_count: - description: "Number of HP ARM masternodes" - required: false - type: number - default: 5 - platform_version: - description: "Platform version to deploy (e.g., 2.0.0-rc.16)" - required: true - type: string - default: "2.0.0-rc.16" - dashd_version: - description: "Dash Core version (e.g., 22.1.0)" - required: true - type: string - default: "22.1.0" - main_domain: - description: "Main domain for the network" - required: false - type: string - default: "networks.dash.org" - create_eip: - description: "Create Elastic IPs for nodes" - required: false - type: boolean - default: false - -jobs: - deploy: - name: Deploy Devnet - runs-on: ubuntu-latest - - steps: - - name: Checkout dash-network-deploy - uses: actions/checkout@v4 - - - name: Set up Node.js - uses: actions/setup-node@v4 - with: - node-version: '20' - - - name: Install dependencies - run: | - npm ci - python -m pip install --upgrade pip - pip install ansible - - - name: Install Ansible roles - run: | - ansible-galaxy install -r ansible/requirements.yml - - - name: Set up SSH Keys - run: | - mkdir -p ~/.ssh - - # GitHub deploy key for cloning configs - echo "${{ secrets.EVO_APP_DEPLOY_KEY }}" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - - # Server SSH key for connecting to nodes - echo "${{ secrets.DEPLOY_SERVER_KEY }}" > ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - # SSH config - cat > ~/.ssh/config << 'EOL' - Host github.com - IdentityFile ~/.ssh/id_ed25519 - StrictHostKeyChecking no - - Host * - IdentityFile ~/.ssh/id_rsa - User ubuntu - StrictHostKeyChecking no - UserKnownHostsFile=/dev/null - EOL - - chmod 600 ~/.ssh/config - - # Clone network configs - - name: Clone network configs - run: | - rm -rf networks - git clone git@github.com:dashpay/dash-network-configs.git networks - - # Generate network configuration using bin/generate - - name: Generate network configuration - run: | - # Generate the configs using the official tool - ./bin/generate ${{ github.event.inputs.devnet_name }} \ - ${{ github.event.inputs.masternode_amd_count }} \ - ${{ github.event.inputs.masternode_arm_count }} \ - ${{ github.event.inputs.hp_masternode_amd_count }} \ - ${{ github.event.inputs.hp_masternode_arm_count }} - - # Update the generated config with the correct versions and domain - sed -i "s/dashmate_version: .*/dashmate_version: ${{ github.event.inputs.platform_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml - sed -i "s/drive_image: dashpay\/drive:[^ ]*/drive_image: dashpay\/drive:${{ github.event.inputs.platform_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml - sed -i "s/dapi_image: dashpay\/dapi:[^ ]*/dapi_image: dashpay\/dapi:${{ github.event.inputs.platform_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml - sed -i "s/dashd_image: dashpay\/dashd:[^ ]*/dashd_image: dashpay\/dashd:${{ github.event.inputs.dashd_version }}/" networks/${{ github.event.inputs.devnet_name }}.yml - sed -i "s/main_domain: .*/main_domain: ${{ github.event.inputs.main_domain }}/" networks/${{ github.event.inputs.devnet_name }}.yml - - # Update tfvars with domain and EIP settings - sed -i "s/main_domain = .*/main_domain = \"${{ github.event.inputs.main_domain }}\"/" networks/${{ github.event.inputs.devnet_name }}.tfvars - sed -i "s/create_eip = .*/create_eip = ${{ github.event.inputs.create_eip }}/" networks/${{ github.event.inputs.devnet_name }}.tfvars - - echo "Generated network config:" - head -20 networks/${{ github.event.inputs.devnet_name }}.yml - echo "" - echo "Generated terraform config:" - cat networks/${{ github.event.inputs.devnet_name }}.tfvars - - # Configure AWS credentials - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: us-west-2 - - # Run Terraform deployment using bin/deploy - - name: Run Terraform deployment - run: | - ./bin/deploy -i --github ${{ github.event.inputs.devnet_name }} - - # Wait for instances to be ready - - name: Wait for instances to be ready - run: | - echo "Waiting 60 seconds for instances to fully initialize..." - sleep 60 - - # Run initial Ansible deployment - - name: Run initial Ansible deployment - env: - ANSIBLE_HOST_KEY_CHECKING: "false" - run: | - ./bin/deploy -p ${{ github.event.inputs.devnet_name }} - - # Commit and push network configuration - - name: Commit and push network configuration - run: | - cd networks - git config user.name "GitHub Actions" - git config user.email "actions@github.com" - - git add ${{ github.event.inputs.devnet_name }}.yml ${{ github.event.inputs.devnet_name }}.tfvars ${{ github.event.inputs.devnet_name }}.inventory - - if git diff --cached --quiet; then - echo "No changes to commit" - else - git commit -m "Deploy ${{ github.event.inputs.devnet_name }} with platform ${{ github.event.inputs.platform_version }} - - 🤖 Generated with [GitHub Actions](https://github.com/dashpay/dash-network-deploy/actions) - - Co-Authored-By: GitHub Actions " - git push origin main - fi - - # Output deployment information - - name: Output deployment information - run: | - echo "## Deployment Summary" - echo "Network: ${{ github.event.inputs.devnet_name }}" - echo "Platform Version: ${{ github.event.inputs.platform_version }}" - echo "Dash Core Version: ${{ github.event.inputs.dashd_version }}" - echo "Domain: ${{ github.event.inputs.main_domain }}" - echo "" - echo "## Node Counts" - echo "Masternodes (AMD): ${{ github.event.inputs.masternode_amd_count }}" - echo "Masternodes (ARM): ${{ github.event.inputs.masternode_arm_count }}" - echo "HP Masternodes (AMD): ${{ github.event.inputs.hp_masternode_amd_count }}" - echo "HP Masternodes (ARM): ${{ github.event.inputs.hp_masternode_arm_count }}" - echo "" - echo "## Services" - cd terraform/aws - terraform output -raw services_output || echo "Services output not available" \ No newline at end of file From 779f51fe57b04c8a05b3c318b2b88da70e62c3f8 Mon Sep 17 00:00:00 2001 From: ktechmidas Date: Wed, 18 Jun 2025 08:44:14 +0300 Subject: [PATCH 3/3] chore: dont use ssm --- ansible/roles/dashmate/tasks/ssl/zerossl.yml | 95 ++------------------ 1 file changed, 8 insertions(+), 87 deletions(-) diff --git a/ansible/roles/dashmate/tasks/ssl/zerossl.yml b/ansible/roles/dashmate/tasks/ssl/zerossl.yml index 698b33f7..991c5504 100644 --- a/ansible/roles/dashmate/tasks/ssl/zerossl.yml +++ b/ansible/roles/dashmate/tasks/ssl/zerossl.yml @@ -4,7 +4,6 @@ ansible.builtin.set_fact: dashmate_zerossl_keys_path: "{{ dashmate_config_dir }}/{{ dash_network_name }}/platform/gateway/ssl" dashmate_zerossl_config_path: "platform.gateway.ssl.providerConfigs.zerossl" - dashmate_zerossl_ssm_path: "/network-deploy/{{ dash_network_name }}/{{ inventory_hostname }}/zerossl" dashmate_zerossl_csr_file_name: "csr.pem" dashmate_zerossl_private_key_file_name: "private.key" dashmate_zerossl_bundle_file_name: "bundle.crt" @@ -19,14 +18,12 @@ # Set certificate ID to dashmate config -- name: Check SSM parameter store for ZeroSSL certificate ID - delegate_to: localhost - become: false +- name: Get ZeroSSL certificate ID from network config ansible.builtin.set_fact: - dashmate_zerossl_ssm_certificate_id: "{{ lookup('aws_ssm', '{{ dashmate_zerossl_ssm_path }}-id', on_missing='skip') }}" + dashmate_zerossl_certificate_id: "{{ (hp_masternodes[inventory_hostname]['zerossl_certificate_id'] | default('')) if hp_masternodes is defined and inventory_hostname in (hp_masternodes | default({})) else '' }}" -- name: Set ZeroSSL certificate ID to dashmate config from SSM if not set - ansible.builtin.command: "{{ dashmate_cmd }} config set {{ dashmate_zerossl_config_path }}.id {{ dashmate_zerossl_ssm_certificate_id }}" +- name: Set ZeroSSL certificate ID to dashmate config if not set + ansible.builtin.command: "{{ dashmate_cmd }} config set {{ dashmate_zerossl_config_path }}.id {{ dashmate_zerossl_certificate_id }}" become: true become_user: dashmate args: @@ -34,32 +31,11 @@ register: dashmate_zerossl_id changed_when: dashmate_zerossl_id.rc == 0 when: - - dashmate_zerossl_ssm_certificate_id != '' + - dashmate_zerossl_certificate_id != '' - dashmate_zerossl_config_certificate_id is not defined -# Copy ZeroSSL files if they are not present - -- name: Check that ZeroSSL CSR and private key files exist - ansible.builtin.stat: - path: '{{ dashmate_zerossl_keys_path }}/{{ dashmate_zerossl_private_key_file_name }}' - register: zero_ssl_files - -- name: Get ZeroSSL CSR and private key from SSM - ansible.builtin.copy: - dest: '{{ dashmate_zerossl_keys_path }}/{{ item }}' - content: "{{ lookup('aws_ssm', '{{ dashmate_zerossl_ssm_path }}-{{ item }}', on_missing='skip') }}" - owner: '{{ dashmate_user }}' - group: '{{ dashmate_group }}' - mode: "0644" - loop: - - '{{ dashmate_zerossl_private_key_file_name }}' - - '{{ dashmate_zerossl_csr_file_name }}' - when: > - not zero_ssl_files.stat.exists and - dashmate_zerossl_ssm_certificate_id != '' - # Create a new ZeroSSL certificate if it is not present -# or download bundle if it's not exist +# or download bundle if it doesn't exist - name: Check that ZeroSSL bundle file exists ansible.builtin.stat: @@ -75,60 +51,5 @@ register: dashmate_obtain changed_when: dashmate_obtain.rc == 0 when: > - dashmate_zerossl_ssm_certificate_id == '' or - not zero_ssl_bundle_file.stat.exists - -# Save new ZeroSSL information to SSM - -- name: Get new ZeroSSL certificate ID from dashmate config - ansible.builtin.command: "{{ dashmate_cmd }} config get {{ dashmate_zerossl_config_path }}.id" - become: true - become_user: dashmate - args: - chdir: '{{ dashmate_cwd }}' - register: dashmate_zerossl_id - changed_when: dashmate_zerossl_id.rc == 0 - when: dashmate_obtain is defined and dashmate_obtain.changed - -- name: Set new ZeroSSL certificate ID from config - ansible.builtin.set_fact: - dashmate_zerossl_config_certificate_id: "{{ dashmate_zerossl_id.stdout }}" - when: dashmate_obtain is defined and dashmate_obtain.changed - -- name: Update ZeroSSL certificate ID in AWS SSM parameter store - delegate_to: localhost - become: false - community.aws.ssm_parameter: - name: '{{ dashmate_zerossl_ssm_path }}-id' - value: '{{ dashmate_zerossl_config_certificate_id }}' - when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id - -- name: Read new generated ZeroSSL private key file to variable - ansible.builtin.slurp: - src: '{{ dashmate_zerossl_keys_path }}/{{ dashmate_zerossl_private_key_file_name }}' - register: dashmate_zerossl_private_key_file - when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id - -- name: Read new generated ZeroSSL CSR file to variable - ansible.builtin.slurp: - src: '{{ dashmate_zerossl_keys_path }}/{{ dashmate_zerossl_csr_file_name }}' - register: dashmate_zerossl_csr_file - when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id - -- name: Set new generated ZeroSSL CSR and private key files - ansible.builtin.set_fact: - dashmate_zerossl_files: - - name: "{{ dashmate_zerossl_private_key_file_name }}" - content: '{{ dashmate_zerossl_private_key_file.content | b64decode }}' - - name: "{{ dashmate_zerossl_csr_file_name }}" - content: '{{ dashmate_zerossl_csr_file.content | b64decode }}' - when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id - -- name: Update ZeroSSL private key and CSR files in AWS SSM parameter store - delegate_to: localhost - become: false - community.aws.ssm_parameter: - name: '{{ dashmate_zerossl_ssm_path }}-{{ item.name }}' - value: '{{ item.content }}' - loop: '{{ dashmate_zerossl_files }}' - when: dashmate_zerossl_ssm_certificate_id != dashmate_zerossl_config_certificate_id + dashmate_zerossl_certificate_id == '' or + not zero_ssl_bundle_file.stat.exists \ No newline at end of file