Skip to content

add --prepare command to bootstrap remote servers#135

Open
ch4r10t33r wants to merge 4 commits intomainfrom
improvements
Open

add --prepare command to bootstrap remote servers#135
ch4r10t33r wants to merge 4 commits intomainfrom
improvements

Conversation

@ch4r10t33r
Copy link
Contributor

@ch4r10t33r ch4r10t33r commented Mar 16, 2026

Summary

  • Adds a --prepare flag to spin-node.sh (ansible mode only) that verifies and installs the prerequisites every remote host needs before a lean-quickstart deployment can run
  • Runs ansible/playbooks/prepare.yml against all remote hosts (all:!localhost) in the inventory — --node is not required
  • Only --sshKey and --useRoot are honoured; all other flags are ignored

What gets installed

Tool Why
python3 Ansible requires Python on managed nodes and cannot self-bootstrap it
Docker CE + Compose plugin Every node client and the full observability stack runs as a Docker container
yq The common role hard-fails at every deploy if yq is absent on the remote

Usage

# Prepare all remote servers
NETWORK_DIR=ansible-devnet ./spin-node.sh --prepare --sshKey ~/.ssh/id_ed25519 --useRoot

# Then deploy as normal
NETWORK_DIR=ansible-devnet ./spin-node.sh --node all --generateGenesis --sshKey ~/.ssh/id_ed25519 --useRoot

Changes

  • parse-env.sh — new --prepare flag; bypasses the "node required" guard
  • spin-node.sh — early-exit prepare path inserted after deployment mode is resolved, before genesis setup
  • run-ansible.sh — routes prepare action to prepare.yml
  • ansible/playbooks/prepare.yml — new playbook; idempotent, skips already-installed tools
  • README.md — documents --prepare in the Args list, Scenarios section, and Ansible Deployment section

@ch4r10t33r
ansible: add --prepare command to bootstrap remote servers
ec4da7e 
Adds a new --prepare flag to spin-node.sh (ansible mode only) that
verifies and installs the three prerequisites every remote host needs
before a lean-quickstart deployment can run:

  - python3   (Ansible cannot self-bootstrap this)
  - Docker CE + Compose plugin (all clients run as containers)
  - yq        (common role hard-fails without it)

Changes:
  - parse-env.sh: add --prepare flag; bypass node-required guard
  - spin-node.sh: early-exit prepare path before genesis setup
  - run-ansible.sh: route prepare action to prepare.yml
  - ansible/playbooks/prepare.yml: new playbook targeting all:!localhost
  - README.md: document --prepare in Args, Scenarios, and Ansible sections
@ch4r10t33r
ansible: open and persist firewall ports in --prepare
1cc7ee2 
Extends the prepare playbook to configure ufw on each remote server:

- Reads quicPort (UDP), metricsPort (TCP), and apiPort/httpPort (TCP)
  per-host directly from validator-config.yaml on the Ansible controller,
  so only the ports actually configured for that node are opened
- Opens fixed observability ports on every host: 9090 (prometheus),
  9080 (promtail), 9098 (cadvisor), 9100 (node_exporter)
- Always allows SSH (22/tcp) before enabling ufw to prevent lockout
- Enables ufw with default deny incoming; rules are persisted to disk
  and survive reboots
- Prints ufw status verbose as part of the final summary

Also handles Lantern's httpPort field alongside the apiPort field used
by all other clients.
@ch4r10t33r ch4r10t33r marked this pull request as ready for review March 16, 2026 22:43
@ch4r10t33r ch4r10t33r changed the title ansible: add --prepare command to bootstrap remote servers add --prepare command to bootstrap remote servers Mar 16, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ch4r10t33r