nuriel77 / iri-playbook Goto Github PK

View Code? Open in Web Editor NEW

105.0 8.0 24.0 5.16 MB

IOTA IRI Fullnode Installation Playbook

License: MIT License

Shell 71.31% Python 28.69%

ansible iota-prom-exporter iota-iri iota-pm iota-core

iri-playbook's Introduction

IOTA IRI Fullnode Ansible Playbook

This playbook will install and configure the IOTA full node. In addition:

Install and configure iota-pm: a GUI to view/manage peers
Password protected, HTTPS accessible dashboards
Run all services as systemd controlled processes (unprivileged users)
Alerting and notifications
Configure firewalls
iric configuration tool
HAProxy for Wallet/API connections
Monitoring for IRI + Graphs amazing work of Chris Holliday

For installation see Getting Started Quickly

Documentation at Wiki

Screenshots Monitoring

Requirements

Requirements can be found here

Installation for Development

Enter the branch you are testing on and run the installer:

BRANCH="dev-branch"; GIT_OPTIONS="-b $BRANCH" bash <(curl -s "https://raw.githubusercontent.com/nuriel77/iri-playbook/$BRANCH/fullnode_install.sh")

Please feel free to contribute.

iri-playbook's People

Contributors

Stargazers

Watchers

iri-playbook's Issues

iota:password line wasn't commented out

I was getting a 401 error from iota-pm and when I checked, the line in in the init config has the iota:password part uncommented, meaning you'd need to use authentication with curl, which the setup wasn't using.

Selecting "cancel" on the remove neighbors screen still asks to remove a neighbor

Description

When viewing the "remove neighbors" screen, selecting "cancel" leads to a prompt asking the user to confirm removal of the first neighbor in the list.

Steps to reproduce

Start iric
Use arrow keys to select "Neighbors"
Use arrow keys to select "Remove neighbors"
Press right arrow key twice to select "Cancel" and press return/enter

Screenshots

Containerize?

It would be nice if this were to be containerized.

Idea - add in Nelson GUI?

It would be nice to have the GUI part of Nelson available via the Playbook too: https://github.com/SemkoDev/nelson.gui

Not sure if installing it directly would mess up the existing config.

Add multipe nodes.

Hi!
Is it possible to monitor multiple nodes?

migration doesn't work

Hi there,

I have downloaded the database from before the snapshot and run bash <(curl -s https://x-vps.com/get_iri_rc.sh)

The output is

******************************************
Welcome to IOTA IRI Upgrade to 1.4.2.4_RC!
******************************************

What is this script going to do?

  1. Check the distribution (Ubuntu or CentOS)
  2. Check if you want to compile the jar yourself or download a precompiled one.
  3. Stop IRI
  4. Download or pre-compile the jar (which will install maven as it is a requirement)
  5. Copy the resulting jar to the target directory and create a symbolic link
  6. Configure the IRI configuration files (version and set RESCAN_DB = true).
  7. Restart IRI
  8. Remove the RESCAN_DB = true (it is needed once)

By pressing 'y' you agree to upgrade to 1.4.2.4_RC and keep the existing database.
In addition, note that this script will only work with installations done by
the iri-playbook.
Do you wish to proceed? [y/N] y

Do you want to download the pre-compiled source from Nuriel's server? Otherwise the jar will compile on your server.
Click 'y' to download the pre-compiled source from Nuriel. Any other key to compile it on your server (CTRL-C to exit now).y
Stopping current IRI. This might take a moment...
Download pre-compiled iri-1.4.2.4_RC.jar ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 60.3M  100 60.3M    0     0   102M      0 --:--:-- --:--:-- --:--:--  102M
Creating symbolic link from /var/lib/iri/target/iri-1.4.2.4_RC.jar to /var/lib/iri/target/iri-1.4.2.4.jar
Setting new version in config files
Downloading iri-1.4.2.2-to-1.4.2.4_RC-db-migration-tool.jar ...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 60.3M  100 60.3M    0     0  2519k      0  0:00:24  0:00:24 --:--:--  9.9M
Applying database migration ...
05/03 12:14:32.654 [main] INFO  com.iota.iri.IRI - Welcome to IRI 1.4.2.2-to-1.4.2.4_RC-db-migration-tool
05/03 12:14:54.467 [main] INFO  c.i.i.s.r.RocksDBPersistenceProvider - Initializing Database Backend... 
05/03 12:14:54.488 [main] ERROR com.iota.iri.IRI - Exception during IOTA node initialisation: 
java.lang.NullPointerException: null
	at com.iota.iri.storage.rocksDB.RocksDBPersistenceProvider.initDB(RocksDBPersistenceProvider.java:458) ~[iri_migrate_tool.jar:na]
	at com.iota.iri.storage.rocksDB.RocksDBPersistenceProvider.init(RocksDBPersistenceProvider.java:76) ~[iri_migrate_tool.jar:na]
	at com.iota.iri.storage.Tangle.init(Tangle.java:26) ~[iri_migrate_tool.jar:na]
	at com.iota.iri.Iota.init(Iota.java:107) ~[iri_migrate_tool.jar:na]
	at com.iota.iri.IRI.main(IRI.java:71) ~[iri_migrate_tool.jar:na]
05/03 12:14:54.490 [Shutdown Hook] INFO  com.iota.iri.IRI - Shutting down IOTA node, please hold tight...

I then run java -jar /var/lib/iri/target/iri_migrate_tool.jar -p 14265 which is starting the rescan now.

Install iri-playbook on the Ubuntu (18.04.1) stopped at loss package

Hi,

I just tried to install the playbook on a Ubuntu 18.04.1 (Bionic Beaver) use

bash <(curl -s https://raw.githubusercontent.com/nuriel77/iri-playbook/master/fullnode_install.sh)

, it stopped at

Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package expect-dev
E: Unable to locate package tcl

Do I missing same command before fullnode_install.sh ?

Broken link for JDK

Hi there is jdk broken link
Now in iri.yaml
http://download.oracle.com/otn-pub/java/jdk/8u181-b13/96a7b8442fe848ef90c96a2fad6ed6d1/jdk-8u181-linux-x64.tar.gz
this file has been removed from oracle repositories.

now you can find this
http://download.oracle.com/otn-pub/java/jdk/8u191-b12/2787e4a523244c269598db4e85c51e0c/jdk-8u191-linux-x64.tar.gz

issue with ansible playbook

when i follow the wiki ansible playbook is failing with the following error


The error appears to have been in '/opt/iri-playbook/roles/iri/tasks/main.yml': line 1, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- import_tasks: role.yml
  ^ here


The error appears to have been in '/opt/iri-playbook/roles/iri/tasks/main.yml': line 1, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- import_tasks: role.yml
  ^ here

the only changes i did is the ngix password

ERROR! no action detected in task. When running full node monitoring only

I get the following error when executing the full node monitoring only command. I had iri, nelson and peer manager already installed. Using Ubuntu 17.04 and latests version of everything as far as I know.

:/opt/iri-playbook$ ansible-playbook -i inventory -v site.yml --skip-tags=iotapm_npm --tags=iri_firewalld,iri_ufw,iotapm_deps,monitoring_role

Using /etc/ansible/ansible.cfg as config file

ERROR! no action detected in task. This often indicates a misspelled module name, or incorrect module path.

The error appears to have been in '/opt/iri-playbook/roles/iri/tasks/main.yml': line 1, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- import_tasks: role.yml
  ^ here


The error appears to have been in '/opt/iri-playbook/roles/iri/tasks/main.yml': line 1, column 3, but may
be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:


- import_tasks: role.yml
  ^ here

Installation Problem

I get this error and the monitors are not accessable :/

TASK [monitoring : Wait max 30 seconds for grafana nginx port to become available] ****************************************************************************************************************************
ok: [localhost] => {"changed": false, "elapsed": 0, "path": null, "port": 3000, "search_regex": null, "state": "started"}

TASK [monitoring : create prometheus datasource in grafana] ***************************************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "connection": "close", "content": "{\"message\":\"Basic auth failed\"}", "content_length": "31", "content_type": "application/json; charset=UTF-8", "date": "Mon, 18 Dec 2017 15:11:17 GMT", "json": {"message": "Basic auth failed"}, "msg": "Status code was not [200, 409]: HTTP Error 401: Unauthorized", "redirected": false, "status": 401, "url": "http://localhost:3000/api/datasources"}
        to retry, use: --limit @/opt/iri-playbook/site.retry

PLAY RECAP ****************************************************************************************************************************************************************************************************
localhost                  : ok=58   changed=26   unreachable=0    failed=1

iric update failed

TASK [iri : Install some packages] **********************************************************************************************************************************************************
failed: [localhost] (item=[u'maven', u'jq', u'ufw', u'wget', u'lsof', u'curl', u'pv', u'nano', u'sysstat', u'htop', u'pastebinit', u'openssl', u'bsdmainutils', u'whiptail']) => {"changed": false, "item": ["maven", "jq", "ufw", "wget", "lsof", "curl", "pv", "nano", "sysstat", "htop", "pastebinit", "openssl", "bsdmainutils", "whiptail"], "msg": "Failed to update apt cache: W:The repository 'http://asi-fs-n.contabo.net/ubuntu xenial-updates Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., W:The repository 'http://asi-fs-n.contabo.net/ubuntu xenial-backports Release' does not have a Release file., W:Data from such a repository can't be authenticated and is therefore potentially dangerous to use., W:See apt-secure(8) manpage for repository creation and user configuration details., W:An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://asi-fs-n.contabo.net/ubuntu xenial InRelease: Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?), W:An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://ppa.launchpad.net/ansible/ansible/ubuntu xenial InRelease: Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?), W:An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://deb.nodesource.com/node_8.x xenial InRelease: At least one invalid signature was encountered., W:An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://packagecloud.io/grafana/stable/debian jessie InRelease: At least one invalid signature was encountered., W:Failed to fetch http://asi-fs-n.contabo.net/ubuntu/dists/xenial/InRelease Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?), W:Failed to fetch http://ppa.launchpad.net/ansible/ansible/ubuntu/dists/xenial/InRelease Clearsigned file isn't valid, got 'NODATA' (does the network require authentication?), W:Failed to fetch https://deb.nodesource.com/node_8.x/dists/xenial/InRelease At least one invalid signature was encountered., W:Failed to fetch https://packagecloud.io/grafana/stable/debian/dists/jessie/InRelease At least one invalid signature was encountered., E:Failed to fetch http://asi-fs-n.contabo.net/ubuntu/dists/xenial-updates/main/binary-amd64/Packages Write error - write (28: No space left on device), E:Failed to fetch http://asi-fs-n.contabo.net/ubuntu/dists/xenial-backports/main/binary-amd64/Packages Write error - write (28: No space left on device), E:Failed to fetch http://security.ubuntu.com/ubuntu/dists/xenial-security/main/binary-amd64/Packages Error writing to output file - write (28: No space left on device) Error writing to file - write (28: No space left on device) [IP: 2001:67c:1360:8001::21 80], W:Some index files failed to download. They have been ignored, or old ones used instead."}
to retry, use: --limit @/opt/iri-playbook/site.retry

PLAY RECAP **********************************************************************************************************************************************************************************
localhost : ok=1 changed=0 unreachable=0 failed=1

Updating IRIC failed!!! Check output above for errors. Press ENTER to return to menu.

Updating Nelson does not trigger a restart of the service

Running the documented procedure for updating nelson does not trigger service restart.

[root@iota-node01 iri-playbook]# ansible-playbook -i inventory -v site.yml --tags=nelson_npm -e "nelson_enabled=true"
Using /etc/ansible/ansible.cfg as config file
 [WARNING]: Ignoring invalid attribute: sudo

 [WARNING]: Ignoring invalid attribute: false_when


PLAY [fullnode] *****************************************************************************************************************************************************************************************************************************

TASK [Gathering Facts] **********************************************************************************************************************************************************************************************************************
ok: [localhost]

TASK [nelson : Stop any active nelson service] **********************************************************************************************************************************************************************************************
skipping: [localhost] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [nelson : Remove current nelson package] ***********************************************************************************************************************************************************************************************
skipping: [localhost] => {"changed": false, "skip_reason": "Conditional result was False"}

TASK [nelson : Install nelson package] ******************************************************************************************************************************************************************************************************
changed: [localhost] => {"changed": true}

PLAY RECAP **********************************************************************************************************************************************************************************************************************************
localhost                  : ok=2    changed=1    unreachable=0    failed=0

Add pre-install selection menu

When running the installer for the first time provide a select menu where the user can select/unselect some components such as Nelson, Field, Haproxy, configuration options for iota-prom-exporter etc.

Provide sane defaults if the user just wishes for a default installation.

Node not working

Was anyone of you able to get a working full node with iri-playbook?
I tried this on Ubuntu Server 17.10, Ubuntu Server 17.04 and also Ubuntu Server 16.04.3. But same problem on every installation:
https://i.imgur.com/qQGXoUx.png
Sent TX always stays at 1. Doesn't matter if "normal" neighbors or swarm nodes.
Any explanation or problem solving for that? Portforwarding is fine.

Wrong URL

iri-playbook/roles/iri/files/iric

Line 229 in 56feda9

 wget "https://github.com/iotaledger/iri/releases/download/v${IRI_LATEST_CLEAN}/iri-${IRI_LATEST}-RELEASE.jar" -O "$TFILE" 

Already integrated nelson?

Hi,

Nelson.cli is in the wild. Maybe still alpha/beta/gamma/delta. But it is working and adding nodes. So if it is not part of your project yet then add it please. :)

Michael

ssh

hi,
I am using ssh port 12488
no connection after first rebot on centos-7-x86_64-minimal and ubuntu-16.04-x86_64-minimal host

ist the oneclick script using only default ports for the firewall configuration

Multiple issues on CentOS 7.4

Hi,

Thanks for creating this playbook and writing this tutorial!

I have multiple issues with your playbook.

My machine:

Operating System: CentOS Linux 7 (Core)
centos-release-7-4.1708.el7.centos.x86_64
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0-693.11.1.el7.x86_64
Architecture: x86-64

First error:

TASK [iotapm : allow iotapm nginx port via selinux seport] **************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "failed": true, "msg": "This module requires policycoreutils-python"}

I had to install policycoreutils-python because the script doesn't do it.

Second error:
If SELinux is disabled, any tasks related to it fails. (SELinux is disabled by default by my VPS provider).
I enabled it.

Third error:

TASK [monitoring : create prometheus datasource in grafana] *************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "connection": "close", "content": "{\"message\":\"Invalid username or password\"}", "content_length": "42", "content_type": "application/json; charset=UTF-8", "date": "Wed, 13 Dec 2017 08:56:16 GMT", "failed": true, "json": {"message": "Invalid username or password"}, "msg": "Status code was not [200, 409]: HTTP Error 401: Unauthorized", "redirected": false, "status": 401, "url": "http://localhost:3000/api/datasources"}

I tried to hardcode my password into the script, it still doesn't work :/

Customized SSH port is not allowed on ufw

Description: Customized SSH port is not allowed on ufw. The default 22 port is allowed on ufw, while the ssh port has been customized beforehand. This issue seems to me to be a crucial one as you cannot log in to your server account with SSH client after installation.

Steps to reproduce the issue:

Log in to your server account with a SSH client
Customize SSH port from 22 to something else
sudo systemctl restart ssh
Run the installer following https://iri-playbook.readthedocs.io/en/master/getting-started-quickly.html#run-the-installer

Expected result:
The port should be allowed on ufw based on your customization on step 2.

Actual result:
Port 22 is allowed on ufw, you're logged out from SSH and cannot log in with SSH again.

ERROR! No action detected in task

When running playbook I get:
ERROR! No action detected in task

The offending line appears to be:

import_tasks: role.yml tags

Playbook Error

Hi There,

Thanks for creating this, however i found issue just after inputting IOTA Peer Manager password. I used the http://iri-playbook.readthedocs.io/en/master/getting-started-quickly.html.

Here is the message i got:

`Please enter the password with which you will connect to IOTA Peer Mananger
Use a stong password!!! Not 'hello123' or 'iota8181', you get the point ;)
Password: ************
Please repeat: ************
Running playbook...
/usr/bin/unbuffer: 4: exec: tclsh8.6: not found
ERROR! The playbook exited with failure(s). A log has been save here '/tmp/iri-playbook-201801280820.log'

Cheers

Error on installation

I'm getting following error message while installation.

TASK [monitoring : create iota exporter dashboard in grafana] **************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "connection": "close", "content": "{\"message\":\"Invalid alert data. Cannot save dashboard\"}", "content_length": "55", "content_type": "application/json", "date": "Thu, 08 Mar 2018 20:40:39 GMT", "json": {"message": "Invalid alert data. Cannot save dashboard"}, "msg": "Status code was not [200, 412]: HTTP Error 500: Internal Server Error", "redirected": false, "status": 500, "url": "http://localhost:3000/api/dashboards/db"}
        to retry, use: --limit @/opt/iri-playbook/site.retry

PLAY RECAP *****************************************************************************************************************************************
localhost                  : ok=102  changed=2    unreachable=0    failed=1

ERROR! The playbook exited with failure(s). A log has been save here '/tmp/iri-playbook-201803082136.log'
You have new mail in /var/mail/root

Issue on the Ubuntu Zesty Scaleway image

Hi,

I just tried to install the playbook on a Ubuntu Zesty image on Scaleway, it stopped at
TASK [iri : ensure ufw started]
and it actually locked me out of the server. I can't connect anymore via SSH.

ssh: connect to host ***** port 22: Operation timed out

Looks like the script messed up the firewall configuration.

Grafana didn´t get data after a time

Hi,
first thanks for you great iri-playbook. I have installed it on a vps with 16GB RAM and 6 Cores on Ubuntu 16.04. The installation went very well. IRI and Iota-PM runs very stable. I have problem with grafana. Grafana gets data for a little time (1-x hours) from iri. After 1-x hours, there didnt flow any data from iri to grafana. CPU, Memory, etc will get data. Cant find the problem. Do you can help?

Valle

Iptables

TASK [iri : allow iri tcp port in firewall] *******************************************************************************************************************************
fatal: [localhost]: FAILED! => {"changed": false, "msg": "ERROR: initcaps\n[Errno 2] iptables v1.6.0: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.\n\n"}
to retry, use: --limit @/opt/iri-playbook/site.retry

Uninstaller (Feature Request)

Your installer script does so much that I don't have an overview of it. Therefore, an uninstall script would be useful if you want to restore the original.

Great Project