trade/trade-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(ansible): install agave and provision identity for solana-rpc

Browse Source
This commit is contained in:
u1
2026-02-06 23:44:10 +01:00
parent 887c39a676
commit 287188b1c5
3 changed files with 73 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ansible/group_vars/sol_rpc.yml
View File

@@ -2,7 +2,11 @@ solana_user: solana
solana_group: solana solana_group: solana
solana_home: /var/lib/solana solana_home: /var/lib/solana
solana_install_script_url: https://release.anza.xyz/stable/install
solana_active_release_bin_dir: "{{ solana_home }}/.local/share/solana/install/active_release/bin"
solana_validator_bin: /opt/solana/bin/agave-validator solana_validator_bin: /opt/solana/bin/agave-validator
solana_keygen_primary_bin: /opt/solana/bin/agave-keygen
solana_keygen_fallback_bin: /opt/solana/bin/solana-keygen
solana_rpc_service_name: solana-rpc solana_rpc_service_name: solana-rpc
solana_identity_path: /var/lib/solana/identity.json solana_identity_path: /var/lib/solana/identity.json
@@ -10,7 +14,7 @@ solana_ledger_dir: /var/lib/solana/ledger
solana_accounts_dir: /var/lib/solana/accounts solana_accounts_dir: /var/lib/solana/accounts
solana_log_dir: /var/log/solana solana_log_dir: /var/log/solana
solana_rpc_bind_address: 10.10.0.2 solana_rpc_bind_address: 127.0.0.1
solana_rpc_port: 8899 solana_rpc_port: 8899
solana_rpc_pubsub_port: 8900 solana_rpc_pubsub_port: 8900
solana_dynamic_port_range: "8000-8020" solana_dynamic_port_range: "8000-8020"

42
ansible/playbooks/doc-rpc-sol-min.yml
View File

@@ -70,6 +70,7 @@
- { path: "{{ solana_ledger_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" } - { path: "{{ solana_ledger_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" }
- { path: "{{ solana_accounts_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" } - { path: "{{ solana_accounts_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" }
- { path: "{{ solana_log_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" } - { path: "{{ solana_log_dir }}", owner: "{{ solana_user }}", group: "{{ solana_group }}", mode: "0750" }
- { path: "/opt/solana/bin", owner: "root", group: "root", mode: "0755" }
- name: Deploy tmux config (Ctrl+a prefix) - name: Deploy tmux config (Ctrl+a prefix)
ansible.builtin.copy: ansible.builtin.copy:
@@ -125,6 +126,47 @@
path: "{{ solana_validator_bin }}" path: "{{ solana_validator_bin }}"
register: solana_validator_bin_stat register: solana_validator_bin_stat
- name: Install Agave toolchain for solana user when validator missing
ansible.builtin.shell: |
set -euo pipefail
sh -c "$(curl -sSfL {{ solana_install_script_url }})"
become_user: "{{ solana_user }}"
environment:
HOME: "{{ solana_home }}"
when: not solana_validator_bin_stat.stat.exists
- name: Link Agave binaries into /opt/solana/bin
ansible.builtin.shell: |
set -euo pipefail
if [ ! -d "{{ solana_active_release_bin_dir }}" ]; then
echo "Active release bin dir missing: {{ solana_active_release_bin_dir }}" >&2
exit 1
fi
for bin in "{{ solana_active_release_bin_dir }}"/*; do
name="$(basename "$bin")"
ln -sfn "$bin" "/opt/solana/bin/$name"
done
when: not solana_validator_bin_stat.stat.exists
- name: Re-check validator binary after install
ansible.builtin.stat:
path: "{{ solana_validator_bin }}"
register: solana_validator_bin_stat
- name: Ensure identity key exists
ansible.builtin.shell: |
set -euo pipefail
KEYGEN="{{ solana_keygen_primary_bin }}"
if [ ! -x "$KEYGEN" ]; then
KEYGEN="{{ solana_keygen_fallback_bin }}"
fi
"$KEYGEN" new --no-passphrase -o "{{ solana_identity_path }}"
become_user: "{{ solana_user }}"
environment:
HOME: "{{ solana_home }}"
args:
creates: "{{ solana_identity_path }}"
- name: Check identity key exists - name: Check identity key exists
ansible.builtin.stat: ansible.builtin.stat:
path: "{{ solana_identity_path }}" path: "{{ solana_identity_path }}"

26
doc/etap-006-agave-install-identity-start.md Normal file
View File

@@ -0,0 +1,26 @@
# Etap 006: Instalacja Agave + identity + start `solana-rpc`
Cel etapu: domknąć bootstrap uruchomienia `solana-rpc` jako `solana` przez:
1. instalację binarki `agave-validator`,
2. wygenerowanie `identity.json` (jeśli brak),
3. start usługi `solana-rpc` i test endpointu RPC.
## Zakres
- Rozszerzyć playbook o zadania instalacyjne Agave (idempotentnie).
- Dodać provisioning `identity` jako użytkownik `solana`.
- Utrzymać bezpieczny start: usługa uruchamiana tylko przy komplecie prereq.
- Wykonać testy powdrożeniowe (`systemd`, port, JSON-RPC).
## Założenia
- Bootstrap używa domyślnego bind `127.0.0.1` (bez publicznej ekspozycji RPC).
- Produkcyjny bind na WG IP i hardening sieciowy będzie osobnym etapem.
## Kryteria akceptacji
- `agave-validator` istnieje pod `/opt/solana/bin/agave-validator`.
- `identity` istnieje pod `/var/lib/solana/identity.json` (owner `solana`).
- `systemctl is-active solana-rpc` zwraca `active`.
- Endpoint `http://127.0.0.1:8899` odpowiada na JSON-RPC.