feat(ansible): install agave and provision identity for solana-rpc

ansible/group_vars/sol_rpc.yml

@@ -2,7 +2,11 @@ solana_user: solana
 solana_group: solana
 solana_home: /var/lib/solana
 
+solana_install_script_url: https://release.anza.xyz/stable/install
+solana_active_release_bin_dir: "{{ solana_home }}/.local/share/solana/install/active_release/bin"
 solana_validator_bin: /opt/solana/bin/agave-validator
+solana_keygen_primary_bin: /opt/solana/bin/agave-keygen
+solana_keygen_fallback_bin: /opt/solana/bin/solana-keygen
 solana_rpc_service_name: solana-rpc
 
 solana_identity_path: /var/lib/solana/identity.json
@@ -10,7 +14,7 @@ solana_ledger_dir: /var/lib/solana/ledger
 solana_accounts_dir: /var/lib/solana/accounts
 solana_log_dir: /var/log/solana
 
-solana_rpc_bind_address: 10.10.0.2
+solana_rpc_bind_address: 127.0.0.1
 solana_rpc_port: 8899
 solana_rpc_pubsub_port: 8900
 solana_dynamic_port_range: "8000-8020"

ansible/playbooks/doc-rpc-sol-min.yml

@@ -70,6 +70,7 @@
         - { path: "{{ solana_ledger_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" }
         - { path: "{{ solana_accounts_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" }
         - { path: "{{ solana_log_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" }
+        - { path: "/opt/solana/bin", owner: "root", group: "root", mode: "0755" }
 
     - name: Deploy tmux config (Ctrl+a prefix)
       ansible.builtin.copy:
@@ -125,6 +126,47 @@
         path: "{{ solana_validator_bin }}"
       register: solana_validator_bin_stat
 
+    - name: Install Agave toolchain for solana user when validator missing
+      ansible.builtin.shell: |
+        set -euo pipefail
+        sh -c "$(curl -sSfL {{ solana_install_script_url }})"
+      become_user: "{{ solana_user }}"
+      environment:
+        HOME: "{{ solana_home }}"
+      when: not solana_validator_bin_stat.stat.exists
+
+    - name: Link Agave binaries into /opt/solana/bin
+      ansible.builtin.shell: |
+        set -euo pipefail
+        if [ ! -d "{{ solana_active_release_bin_dir }}" ]; then
+          echo "Active release bin dir missing: {{ solana_active_release_bin_dir }}" >&2
+          exit 1
+        fi
+        for bin in "{{ solana_active_release_bin_dir }}"/*; do
+          name="$(basename "$bin")"
+          ln -sfn "$bin" "/opt/solana/bin/$name"
+        done
+      when: not solana_validator_bin_stat.stat.exists
+
+    - name: Re-check validator binary after install
+      ansible.builtin.stat:
+        path: "{{ solana_validator_bin }}"
+      register: solana_validator_bin_stat
+
+    - name: Ensure identity key exists
+      ansible.builtin.shell: |
+        set -euo pipefail
+        KEYGEN="{{ solana_keygen_primary_bin }}"
+        if [ ! -x "$KEYGEN" ]; then
+          KEYGEN="{{ solana_keygen_fallback_bin }}"
+        fi
+        "$KEYGEN" new --no-passphrase -o "{{ solana_identity_path }}"
+      become_user: "{{ solana_user }}"
+      environment:
+        HOME: "{{ solana_home }}"
+      args:
+        creates: "{{ solana_identity_path }}"
+
     - name: Check identity key exists
       ansible.builtin.stat:
         path: "{{ solana_identity_path }}"