Skip to content

add --prepare command to bootstrap remote servers#135

Merged
ch4r10t33r merged 6 commits intomainfrom
improvements
Mar 18, 2026
Merged

add --prepare command to bootstrap remote servers#135
ch4r10t33r merged 6 commits intomainfrom
improvements

Conversation

@ch4r10t33r
Copy link
Contributor

@ch4r10t33r ch4r10t33r commented Mar 16, 2026

Summary

  • Adds a --prepare flag to spin-node.sh (ansible mode only) that verifies and installs the prerequisites every remote host needs before a lean-quickstart deployment can run
  • Runs ansible/playbooks/prepare.yml against all remote hosts (all:!localhost) in the inventory — --node is not required
  • Only --sshKey and --useRoot are honoured; all other flags are ignored

What gets installed

Tool Why
python3 Ansible requires Python on managed nodes and cannot self-bootstrap it
Docker CE + Compose plugin Every node client and the full observability stack runs as a Docker container
yq The common role hard-fails at every deploy if yq is absent on the remote

Usage

# Prepare all remote servers
NETWORK_DIR=ansible-devnet ./spin-node.sh --prepare --sshKey ~/.ssh/id_ed25519 --useRoot

# Then deploy as normal
NETWORK_DIR=ansible-devnet ./spin-node.sh --node all --generateGenesis --sshKey ~/.ssh/id_ed25519 --useRoot

Changes

  • parse-env.sh — new --prepare flag; bypasses the "node required" guard
  • spin-node.sh — early-exit prepare path inserted after deployment mode is resolved, before genesis setup
  • run-ansible.sh — routes prepare action to prepare.yml
  • ansible/playbooks/prepare.yml — new playbook; idempotent, skips already-installed tools
  • README.md — documents --prepare in the Args list, Scenarios section, and Ansible Deployment section

@ch4r10t33r
ansible: add --prepare command to bootstrap remote servers
ec4da7e 
Adds a new --prepare flag to spin-node.sh (ansible mode only) that
verifies and installs the three prerequisites every remote host needs
before a lean-quickstart deployment can run:

  - python3   (Ansible cannot self-bootstrap this)
  - Docker CE + Compose plugin (all clients run as containers)
  - yq        (common role hard-fails without it)

Changes:
  - parse-env.sh: add --prepare flag; bypass node-required guard
  - spin-node.sh: early-exit prepare path before genesis setup
  - run-ansible.sh: route prepare action to prepare.yml
  - ansible/playbooks/prepare.yml: new playbook targeting all:!localhost
  - README.md: document --prepare in Args, Scenarios, and Ansible sections
@ch4r10t33r
ansible: open and persist firewall ports in --prepare
1cc7ee2 
Extends the prepare playbook to configure ufw on each remote server:

- Reads quicPort (UDP), metricsPort (TCP), and apiPort/httpPort (TCP)
  per-host directly from validator-config.yaml on the Ansible controller,
  so only the ports actually configured for that node are opened
- Opens fixed observability ports on every host: 9090 (prometheus),
  9080 (promtail), 9098 (cadvisor), 9100 (node_exporter)
- Always allows SSH (22/tcp) before enabling ufw to prevent lockout
- Enables ufw with default deny incoming; rules are persisted to disk
  and survive reboots
- Prints ufw status verbose as part of the final summary

Also handles Lantern's httpPort field alongside the apiPort field used
by all other clients.
@ch4r10t33r ch4r10t33r marked this pull request as ready for review March 16, 2026 22:43
@ch4r10t33r ch4r10t33r changed the title ansible: add --prepare command to bootstrap remote servers add --prepare command to bootstrap remote servers Mar 16, 2026
@ch4r10t33r ch4r10t33r requested a review from g11tech March 17, 2026 15:54
g11tech
g11tech previously approved these changes Mar 17, 2026
View reviewed changes
@ch4r10t33r ch4r10t33r added the enhancement New feature or request label Mar 17, 2026
@ch4r10t33r ch4r10t33r requested a review from g11tech March 17, 2026 22:40
@ch4r10t33r ch4r10t33r merged commit db6e3f0 into main Mar 18, 2026
8 checks passed
@ch4r10t33r ch4r10t33r deleted the improvements branch March 18, 2026 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@g11tech g11tech g11tech approved these changes

Assignees

No one assigned

Labels

enhancement New feature or request

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ch4r10t33r @g11tech