Update deployment bridge (#37)

* Removed obsolete upgradable-wo-parity. * Renamed deployment-bridge/bridge-nodejs to deployment-bridge/oracle * Renamed deployment-bridge to deployment. * Added linting to readme. * Added linting. * Migrated circle-ci to 2.1 * Revert "Migrated circle-ci to 2.1" 2ce36b1934c02e2c6900884ac932d6bfdbffc3cb * Ansible-linting only bugs. * Updated readme, finished ansible-lint. * Fixed CI error. * Verbose. * Using differnt docker. * Linting only bugs. * Revert "Added linting to readme." b5890b884750fe8a7ebe4c1c1361b2a60b1690f9 * Added readme for merging.
2019-05-10 14:04:20 +02:00 · 2019-05-10 14:04:20 +02:00 · 48efc618e4
commit 48efc618e4
parent fe7fbd688f
72 changed files with 24 additions and 785 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -8,6 +8,12 @@ jobs:
      - run: git submodule update --init
      - run: yarn
      - run: yarn run lint
  ansible-lint:
    docker:
      - image: particlekit/ansible-lint
    steps:
      - checkout
      - run: ./deployment/lint.sh
  test:
    docker:
      - image: circleci/node:10.15
@ -25,3 +31,4 @@ workflows:
    jobs:
      - lint
      - test
      - ansible-lint
--- a/README.md
+++ b/README.md
@ -48,10 +48,16 @@ To install dependencies:
 `yarn install`
-Running linter for all projects:
+Running linter for all JS projects:
 `yarn lint`
 Running linter for all Ansible playbooks:
 - [ansible-lint](https://github.com/ansible/ansible-lint) is required
 `yarn ansible-lint`
 Running tests for all projects:
 `yarn test`
--- a/deployment-bridge/upgradable-wo-parity/.gitignore
+++ b/deployment-bridge/upgradable-wo-parity/.gitignore
@ -1,5 +0,0 @@
 hosts.yml
 *.retry
 temp
 test.js
 output.txt
--- a/deployment-bridge/upgradable-wo-parity/DETAILS.md
+++ b/deployment-bridge/upgradable-wo-parity/DETAILS.md
@ -1,119 +0,0 @@
 Bridge-specific parameters should be stored in `group_vars/$BRIDGE_NAME.yml` so that they can be easily reused by selecting suitable bridge name in `hosts.yml`. However, for one-time testing purposes, these parameters can also be set directly in `hosts.yml` alongside other node-specific parametrs.
 ## Details of the authority node setup
 Installation consists of 2 parts:
 ### 1. Preparing
 1. A new user without sudo access is created. By default it's named `bridgeuser`, but can be controlled by `service_user` variable in `authority_node.yml`
 2. UFW is configured to allow inbound tcp connections only on ssh port (`22` by default)
 3. Syslog forwarding to remote server is setup by placing a config file in `/etc/rsyslog.d/tls-client.conf` file. This is done only if `syslog_server_port` is not empty
 4. Binaries and configuration files will be stored in the bridgeuser's home directory in `poa-bridge` folder, with the following structure:
 ```
 poa-bridge/
 └── bridge/
    ├── bridge*
    ├── config.toml
    ├── db.toml
    ├── password.txt
    └── keys/
       └── home-keystore.json
 ```
 here `*` means executable file, `/` means folder. Parity binary is downloaded both to home-node folder and foreign-node folder in case different versions might be required.
 ### 2. Setting up bridge service
 1. Bridge binary is downloaded from url specified in `bridge_bin_url` variable (default value is set in `roles/bridge/defaults/main.yml`). Binary's sha256-checksum is validated against the value from `bridge_bin_sha256`. So when changing default version **both** `bridge_bin_url` and `bridge_bin_sha256` should be updated
 2. Bridge `config.toml` is created based on `roles/bridge/templates/bridge.service.j2`, example:
 ```
 keystore = "keys"
 [home]
 account = "0x006E27B6A72E1f34C626762F3C4761547Aff1421"
 required_confirmations = 0
 poll_interval = 2
 rpc_host = "https://sokol.poa.network"
 rpc_port = 443
 password = "password.txt"
 [foreign]
 account = "0x006E27B6A72E1f34C626762F3C4761547Aff1421"
 required_confirmations = 0
 poll_interval = 2
 rpc_host = "https://kovan.infura.io/mew"
 rpc_port = 443
 password = "password.txt"
 [authorities]
 accounts = []
 required_signatures = 1
 [transactions]
 deposit_relay = { gas = 3000000, gas_price = 1000000000 }
 withdraw_relay = { gas = 3000000, gas_price = 1000000000 }
 withdraw_confirm = { gas = 3000000, gas_price = 1000000000 }
 ```
 3. Database `db.toml` file is created based on `roles/bridge/db.toml.j2`, example (in this case it will be the same for all newly-created nodes):
 ```
 home_contract_address = "0xad1dae0320717a288912ff7bae766ac87e7d14a5"
 foreign_contract_address = "0xfd03be9947cbecb14a1ae8729936e23af7a0b50b"
 checked_deposit_relay = 1768893
 checked_withdraw_relay = 6715777
 checked_withdraw_confirm = 6715777
 ```
 **OR** `db.toml` can be copied from local machine, in this case `db_toml_location` variable should be set in `hosts.yml` to absolute path of the file
 4. Bridge service is installed for `systemd` so that it auto-start on startup and auto-restarts if bridge process fails. Example of `/etc/systemd/system/bridge.service`
 ```
 [Unit]
 Description=bridge
 After=network.target
 [Service]
 User=bridgeuser
 Group=bridgeuser
 WorkingDirectory=/home/bridgeuser/poa-bridge/bridge
 Environment=RUST_LOG=info
 ExecStart=/home/bridgeuser/poa-bridge/bridge/bridge --config /home/bridgeuser/poa-bridge/bridge/config.toml --database /home/bridgeuser/poa-bridge/bridge/db.toml
 Restart=always
 RestartSec=3
 [Install]
 WantedBy=multi-user.target
 ```
 By default, restart delay is 3 seconds, this can be controlled by `restart_delay_sec` variable
 5. Logs are stored in `/var/log/syslog`. If you provided `syslog_server_port` variable (in format `host:port`) in `hosts.yml` during installation, logs from syslog will be duplicated to a central syslog server for analysis and monitoring
 ## Useful commands
 1. Restart services:
 ```
 sudo systemctl restart bridge
 ```
 Replace `restart` with `start` or `stop` if needed
 2. Get quick status of a service:
 ```
 sudo systemctl status bridge
 ```
 note if it's reported `active`, `running` or `dead`
 3. Tail bridge logs from `/var/log/syslog`:
 ```
 tail -F /var/log/syslog | grep bridge
 ```
 4. Relogin as bridge user (user without sudo access for running bridge):
 ```
 sudo -i -u bridgeuser
 ```
 to go back
 ```
 exit
 ```
 ## URLs of bridge precompiled binary
 Update `bridge_bin_url` and `bridge_bin_sha256` from `roles/bridge/defaults/main.yml`
--- a/deployment-bridge/upgradable-wo-parity/NEW-BRIDGE.md
+++ b/deployment-bridge/upgradable-wo-parity/NEW-BRIDGE.md
@ -1,48 +0,0 @@
 ## How to create group_vars file for a new bridge deployment
 If you deployed a new bridge and want it to be preconfigured for the future, you need to create an `.yml` file in `group_vars/` folder of this playbook.
 Basically, you can use `sokol-kovan.yml` as a template:
 ```
 ### home side rpc
 home_rpc_url: https://sokol.poa.network
 home_rpc_port: 443
 ### foreign side rpc
 foreign_rpc_url: https://kovan.infura.io/mew
 foreign_rpc_port: 443
 ### bridge configs
 bridge_deposit_relay_gas:    3000000
 bridge_withdraw_relay_gas:   3000000
 bridge_withdraw_confirm_gas: 3000000
 bridge_deposit_relay_gas_price:    1000000000
 bridge_withdraw_relay_gas_price:   1000000000
 bridge_withdraw_confirm_gas_price: 1000000000
 bridge_authorities_requires_signatures: 1
 bridge_home_required_confirmations: 0
 bridge_foreign_required_confirmations: 0
 bridge_home_contract_address: "0x98f7b68C0Ef6A7DA0Bb0E786144A87bfEcc5cbD1"
 bridge_foreign_contract_address: "0x5c29759020Fa2251B6481A3Ac1Ee507Ddbdc075c"
 bridge_home_contract_deploy: 2213129
 bridge_foreign_contract_deploy: 7066466
 bridge_home_poll_interval: 4
 bridge_foreign_poll_interval: 3
 bridge_home_default_gas_price: 1000000000
 bridge_foreign_gas_price_oracle_url: https://gasprice.poa.network
 bridge_foreign_gas_price_timeout: 10
 bridge_foreign_gas_price_speed: fast #other possible values: slow, standard, instant
 bridge_foreign_default_gas_price: 21000000000
 ```
 Let's examine available options:
 * `*_rpc_url`: url of the rpc endpoint of the home-side of the bridge
 * `*_rpc_port`: port to use (for https use 443)
 * `bridge_*` options are directly related to the values in `config.toml` and `db.toml`, see `roles/bridge/templates/config.toml.j2` and `roles/bridge/templates/db.toml.j2` for more details.
--- a/deployment-bridge/upgradable-wo-parity/README.md
+++ b/deployment-bridge/upgradable-wo-parity/README.md
@ -1,49 +0,0 @@
 ## Deploying bridge authority node
 ### Prerequisites
 1. Launch an Ubuntu 16.04 server on your favourite hosting provider and note its IP address. You should setup ssh access to your node via public+private keys (using passwords is less secure). When creating the node, set a meaningful `hostname` that can identify you (e.g. `validator-0x...`).
 2. On your local machine install
    * Python 2 (v2.6-v2.7)/Python3 (v3.5+)
    * Ansible v2.3+
    * Git
 ### Preparing configuration file
 1. Clone this repository and go to `upgradable-wo-parity` folder
 ```
 git clone https://github.com/poanetwork/deployment-bridge.git
 cd upgradable-wo-parity
 ```
 2. Create file `hosts.yml` from `hosts.yml.template`
 ```
 cp hosts.yml.template hosts.yml
 ```
 This file contains parameters specific to your node, so you need to edit it and replace/provide missing values. Let's review the parameters:
 * `core-foundation` - name of the bridge you want to deploy. Unless deploying a custom bridge, you don't need to change this line
 * `192.0.2.1` - replace with your node's IP address
 * `ansible_user` - user to ssh into your node. Usually it's either `ubuntu` or `root`
 * `ansible_python_interpreter` - path to python interpreter on your node. With Ubuntu 16.04 this should work with default value, however if running the playbook you get an error that `python3` is not found, try changing this to `/usr/bin/python`
 * `signer_keyfile` - copy json content (`'{...}'`) of authority's keystore file
 * `signer_password` - set this to authority's password
 * `syslog_server_port` - set this to `server:port` of syslog server (should be provided to you)
 If you're a new validator joining an existing bridge setup, you may want to additionally set the following parameters in `hosts.yml`:
 * `last_checked_deposit_relay`
 * `last_checked_withdraw_relay`
 * `last_checked_withdraw_confirm`
 If set, these values overwrite initial block numbers in `db.toml`, so that your node won't be re-processing transactions that are already processed by existing validators. You should get exact values from other validators before running the playbook.
 ### Installing the node
 1. If ssh user can't execute `sudo` without password, you will need to add `--ask-become-pass` option below (without `[]` brackets) and provide sudo password when prompted by the playbook.
 2. Run the playbook
 ```
 ansible-playbook -i hosts.yml [--ask-become-pass] authority-node.yml
 ```
 3. Playbook should complete without errors
 ## Setup details
 To get more details about the setup, [go here](./DETAILS.md)
 ## Changes required for new bridges
 To prepare configuration files for a newly deployed bridg, [go here](./NEW-BRIDGE.md)
--- a/deployment-bridge/upgradable-wo-parity/ansible.cfg
+++ b/deployment-bridge/upgradable-wo-parity/ansible.cfg
@ -1,2 +0,0 @@
 [ssh_connection]
 pipelining = True
--- a/deployment-bridge/upgradable-wo-parity/authority-node.yml
+++ b/deployment-bridge/upgradable-wo-parity/authority-node.yml
@ -1,17 +0,0 @@
 ---
 - hosts: all
  become: yes
  gather_facts: no
  # vars:
  #   home_signer_address: "0x{{ (signer_keyfile|from_json).address }}"
  #   home_signer_keyfile: '{{ signer_keyfile }}'
  #   home_signer_password: "{{ signer_password }}"
  #   foreign_signer_address: "{{ home_signer_address }}"
  #   foreign_signer_keyfile: '{{ home_signer_keyfile }}'
  #   foreign_signer_password: "{{ home_signer_password }}"
  #   bridge_home_password_file: "password.txt"
  #   bridge_foreign_password_file: "password.txt"
  roles:
    - backward-compatibility
    - authority-preconf
    - bridge
--- a/deployment-bridge/upgradable-wo-parity/group_vars/all.yml
+++ b/deployment-bridge/upgradable-wo-parity/group_vars/all.yml
@ -1,6 +0,0 @@
 ### global settings
 base_path: "/home/{{ service_user }}/poa-bridge"
 become_method: sudo
 service_user: bridgeuser
--- a/deployment-bridge/upgradable-wo-parity/group_vars/core-foundation.yml
+++ b/deployment-bridge/upgradable-wo-parity/group_vars/core-foundation.yml
@ -1,32 +0,0 @@
 ### home side rpc
 home_rpc_url: https://core.poa.network
 home_rpc_port: 443
 ### foreign side rpc
 foreign_rpc_url: https://mainnet.infura.io/metamask
 foreign_rpc_port: 443
 ### bridge configs
 bridge_deposit_relay_gas:    250000
 bridge_withdraw_relay_gas:   300000
 bridge_withdraw_confirm_gas: 300000
 bridge_authorities_requires_signatures: 2
 bridge_home_required_confirmations: 8
 bridge_foreign_required_confirmations: 8
 bridge_home_contract_address: "0xB87b6077D59B01Ab9fa8cd5A1A21D02a4d60D358"
 bridge_foreign_contract_address: "0xd819E948b14cA6AAD2b7Ffd333cCDf732b129EeD"
 bridge_home_contract_deploy: 2477327
 bridge_foreign_contract_deploy: 5578725
 bridge_home_poll_interval: 4
 bridge_foreign_poll_interval: 10
 bridge_home_default_gas_price: 1000000000
 bridge_foreign_gas_price_oracle_url: https://gasprice.poa.network
 bridge_foreign_gas_price_timeout: 10
 bridge_foreign_gas_price_speed: fast #other possible values: slow, standard, instant
 bridge_foreign_default_gas_price: 21000000000
--- a/deployment-bridge/upgradable-wo-parity/group_vars/sokol-kovan.yml
+++ b/deployment-bridge/upgradable-wo-parity/group_vars/sokol-kovan.yml
@ -1,25 +0,0 @@
 ### home side rpc
 home_rpc_url: https://sokol.poa.network
 home_rpc_port: 443
 ### foreign side rpc
 foreign_rpc_url: https://kovan.infura.io/mew
 foreign_rpc_port: 443
 ### bridge configs
 bridge_deposit_relay_gas:    3000000
 bridge_withdraw_relay_gas:   3000000
 bridge_withdraw_confirm_gas: 3000000
 bridge_authorities_requires_signatures: 1
 bridge_home_required_confirmations: 0
 bridge_foreign_required_confirmations: 0
 bridge_home_contract_address: "0x98f7b68C0Ef6A7DA0Bb0E786144A87bfEcc5cbD1"
 bridge_foreign_contract_address: "0x5c29759020Fa2251B6481A3Ac1Ee507Ddbdc075c"
 bridge_home_contract_deploy: 2213129
 bridge_foreign_contract_deploy: 7066466
 bridge_home_poll_interval: 4
 bridge_foreign_poll_interval: 3
--- a/deployment-bridge/upgradable-wo-parity/hosts.yml.template
+++ b/deployment-bridge/upgradable-wo-parity/hosts.yml.template
@ -1,13 +0,0 @@
 ---
 core-foundation:
  hosts:
    192.0.2.1:
      ansible_user: ubuntu
      ansible_python_interpreter: "/usr/bin/python3"
      signer_keyfile: ''
      signer_password: ""
      syslog_server_port: ""        # this value should be provided to you
      # last_checked_deposit_relay: 1       # optional value, consult README
      # last_checked_withdraw_relay: 1      # optional value, consult README
      # last_checked_withdraw_confirm: 1    # optional value, consult README
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/defaults/main.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/defaults/main.yml
@ -1,7 +0,0 @@
 ###### Accepts the following parametrs:
 #
 # syslog_server_port           server:port to forward syslog to (port is required, commonly port is 514)
 #
 ---
 syslog_server_port: ""
 custom_ssh_port: ""
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/handlers/main.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/handlers/main.yml
@ -1,20 +0,0 @@
 ---
 - name: restart ufw
  service:
    name: ufw
    state: restarted
 - name: restart chrony
  service:
    name: chrony
    state: restarted
 - name: restart rsyslog
  service:
    name: rsyslog
    state: restarted
 - name: restart sshd
  service:
    name: sshd
    state: restarted
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/create-user.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/create-user.yml
@ -1,5 +0,0 @@
 ---
 - name: Preconf.Create user
  user:
    name: "{{ service_user }}"
    shell: "/bin/bash"
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/main.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/main.yml
@ -1,28 +0,0 @@
 ---
 - name: Check if remote computer is listening on standard ssh port
  become: no
  wait_for: port="{{ ansible_port | default(22) }}" state="started" host="{{ inventory_hostname }}" connect_timeout="3" timeout="4"
  delegate_to: "localhost"
  ignore_errors: "yes"
  register: port_used
 - name: Set inventory ansible_port to custom
  set_fact: ansible_port="{{ custom_ssh_port }}"
  when: port_used.state is undefined
 - name: Preconf - setup UFW firewall
  import_tasks: ufw.yml
 - name: Preconf - sshd
  import_tasks: sshd.yml
  when: custom_ssh_port != ""  and custom_ssh_port != ansible_port | default(22)
 - name: Preconf - create user
  import_tasks: create-user.yml
 - name: Preconf - configure syslog forwarding
  import_tasks: syslog-forward.yml
  when: syslog_server_port != ""
 - name: Preconf - run handlers immediately
  meta: flush_handlers
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/sshd.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/sshd.yml
@ -1,33 +0,0 @@
 - name: Save old SSH port to variable
  set_fact:
    old_port: "{{ ansible_port | default(22) }}"
 - name: Setup new SSH port
  lineinfile:
    dest: "/etc/ssh/sshd_config"
    regexp: "^Port"
    line: "Port {{ custom_ssh_port }}"
  notify: restart sshd
 - name: Preconf - run handlers immediately
  meta: flush_handlers
 - name: Doublecheck if computer is listening custom SSH port before removing old port access
  become: no
  wait_for: port="{{ custom_ssh_port }}" state="started" host="{{ inventory_hostname }}" connect_timeout="3" timeout="4" 
  delegate_to: "localhost" 
  register: port_used
 - name: Preconf.UFW - remove default ssh access
  ufw:
    delete: yes
    rule: "allow"
    port: "{{ old_port }}"
    proto: "tcp"
  when: port_used is defined and old_port!=custom_ssh_port
  notify:
    - restart ufw
 - name: Set inventory ansible_port to custom
  set_fact: ansible_port="{{ custom_ssh_port }}"
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/syslog-forward.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/syslog-forward.yml
@ -1,27 +0,0 @@
 ---
 - name: Preconf.Syslog forward - apt install rsyslog-gnutls package
  apt:
    name: rsyslog-gnutls
    state: present
    update_cache: yes
 - name: Preconf.Syslog forward - download papertrail CA
  get_url:
    url: "https://papertrailapp.com/tools/papertrail-bundle.pem"
    checksum: "md5:ba3b40a34ec33ac0869fa5b17a0c80fc"
    dest: "/etc/papertrail-bundle.pem"
    mode: 0644
    owner: root
    group: root
  notify:
    - restart rsyslog
 - name: Preconf.Syslog forward - create client config
  template:
    src: "rsyslog-tls-client.conf.j2"
    dest: "/etc/rsyslog.d/tls-client.conf"
    mode: 0644
    owner: root
    group: root
  notify:
    - restart rsyslog
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/ufw.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/ufw.yml
@ -1,47 +0,0 @@
 # to verify ufw configuration run:
 # sudo ufw status verbose
 ---
 - name: UFW
  block:
    - name: Preconf.UFW - install ufw
      package:
        name: ufw
        state: present
    - name: Preconf.UFW - clean old rules
      ufw:
        state: reset
    - name: Preconf.UFW - configure defaults
      ufw:
        direction: "{{ item.direction }}"
        policy: "{{ item.policy }}"
      with_items:
        - direction: "incoming"
          policy: "deny"
        - direction: "outgoing"
          policy: "allow"
    - name: Preconf.UFW - allow ssh access
      ufw:
        rule: "allow"
        port: "{{ ansible_port | default(22) }}"
        proto: "tcp"
    - name: Preconf.UFW - allow custom port access
      ufw:
        rule: "allow"
        port: "{{ custom_ssh_port }}"
        proto: "tcp"
      when: custom_ssh_port!="" and  custom_ssh_port!=(ansible_port|default(22))
    - name: Preconf.UFW - disable logging
      ufw:
        logging: off
    - name: Preconf.UFW - enable ufw to start on boot
      ufw:
        state: enabled
      notify:
        - restart ufw
--- a/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/templates/rsyslog-tls-client.conf.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/authority-preconf/templates/rsyslog-tls-client.conf.j2
@ -1,6 +0,0 @@
 $DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem
 $ActionSendStreamDriver gtls
 $ActionSendStreamDriverMode 1
 $ActionSendStreamDriverAuthMode x509/name
 $ActionSendStreamDriverPermittedPeer *.papertrailapp.com
 *.*    @@{{ syslog_server_port }}
--- a/deployment-bridge/upgradable-wo-parity/roles/backward-compatibility/tasks/main.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/backward-compatibility/tasks/main.yml
@ -1,15 +0,0 @@
 ---
 - name: BC - set home and foreign variables from signer
  block:
    - set_fact:
        home_signer_address: "0x{{ (signer_keyfile|from_json).address }}"
        home_signer_keyfile: '{{ signer_keyfile }}'
        home_signer_password: "{{ signer_password }}"
    - set_fact:
        foreign_signer_address: "{{ home_signer_address }}"
        foreign_signer_keyfile: '{{ home_signer_keyfile }}'
        foreign_signer_password: "{{ home_signer_password }}"
    - set_fact:
        bridge_home_password_file: "password.txt"
        bridge_foreign_password_file: "password.txt"
  when: signer_keyfile|default("") != "" or signer_password|default("") != ""
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/defaults/main.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/defaults/main.yml
@ -1,64 +0,0 @@
 ###### Accepts the following parametrs:
 #
 # bridge_path                             (*) path to the bridge folder (also used in templates)
 # bridge_bin_url                          (*) url from which to download bridge binary
 # bridge_bin_sha256                       (*) sha256 checksum of the binary
 # bridge_service_name                     (*) name to be used for bridge service
 # bridge_deposit_relay_gas                bridge config option (used only in templates)
 # bridge_withdraw_relay_gas               bridge config option (used only in templates)
 # bridge_withdraw_confirm_gas             bridge config option (used only in templates)
 # bridge_home_required_confirmations      bridge config option (used only in templates)
 # bridge_home_poll_interval               bridge config option (used only in templates)
 # bridge_home_request_timeout             bridge config option (used only in templates)
 # bridge_foreign_required_confirmations   bridge config option (used only in templates)
 # bridge_foreign_poll_interval            bridge config option (used only in templates)
 # bridge_foreign_request_timeout          bridge config option (used only in templates)
 # db_toml_location                        path to bridge db.toml **on local machine**
 # restart_delay_sec                       (*) delay in seconds between restarts of brige service. Set to 0 to omit this option (used only in templates)
 # bridge_keystore_folder                  (*) folder to store keystore files
 # bridge_home_password_file               (*) name of the file with password
 # bridge_foreign_password_file            (*) name of the file with password
 # home_rpc_url                            url of home-side rpc endpoint
 # foreign_rpc_url                         url of foreign-sode rpc endpoint
 # home_rpc_port                           port of home-side rpc endpoint
 # foreign_rpc_port                        port of foreign-side rpc endpoint
 #
 ---
 bridge_path: "{{ base_path }}/bridge"
 bridge_bin_url: "https://s3.amazonaws.com/poa-bridge-iterim/release-v0.3.0/bridge"
 bridge_bin_sha256: "4cfbba6f00fe6bbbd002b71ab4610c4bca06931496ee18fdbfd124d823b88bcb"
 bridge_service_name: "bridge"
 db_toml_location: ""
 home_rpc_port: 443
 foreign_rpc_port: 443
 restart_delay_sec: 2
 bridge_keystore_folder: "keys"
 bridge_home_password_file: "home-password.txt"
 bridge_foreign_password_file: "foreign-password.txt"
 # set to -1 to use bridge binary default values
 bridge_home_request_timeout: 360
 bridge_foreign_request_timeout: 360
 bridge_authorities: []
 # set to empty string to use default value
 bridge_home_gas_price_oracle_url: ""
 # set to -1 to use default value
 bridge_home_gas_price_timeout: -1
 # set to empty string to use default value
 bridge_home_gas_price_speed: ""
 # set to -1 to use default value
 bridge_home_default_gas_price: -1
 # set to empty string to use default value
 bridge_foreign_gas_price_oracle_url: ""
 # set to -1 to use default value
 bridge_foreign_gas_price_timeout: -1
 # set to empty string to use default value
 bridge_foreign_gas_price_speed: ""
 # set to -1 to use default value
 bridge_foreign_default_gas_price: -1
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/handlers/main.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/handlers/main.yml
@ -1,5 +0,0 @@
 ---
 - name: "restart {{ bridge_service_name }}"
  service:
    name: "{{ bridge_service_name }}"
    state: restarted
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/tasks/main.yml
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/tasks/main.yml
@ -1,128 +0,0 @@
 ---
 - name: "Bridge - create bridge folder"
  file:
    path: "{{ bridge_path }}"
    state: directory
    mode: 0700
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
 - name: "Bridge - download bridge binary"
  get_url:
    url: "{{ bridge_bin_url }}"
    checksum: "sha256:{{ bridge_bin_sha256 }}"
    dest: "{{ bridge_path }}/bridge"
    mode: "0700"
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
  notify:
    - restart {{ bridge_service_name }}
 - name: "Bridge - create keystore folder"
  file:
    path: "{{ bridge_path }}/{{ bridge_keystore_folder }}"
    state: directory
    mode: 0700
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
 # - name: "Bridge - create keystore files"
 #   template:
 #     src: "{{ item }}.j2"
 #     dest: "{{ bridge_path }}/{{ bridge_keystore_folder }}/{{ item }}"
 #   with_items:
 #     - foreign-keystore.json
 #     - home-keystore.json
 #   notify:
 #     - restart bridge
 - name: "Bridge - create home keystore file"
  template:
    src: "home-keystore.json.j2"
    dest: "{{ bridge_path }}/{{ bridge_keystore_folder }}/home-keystore.json"
    mode: 0600
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
  notify:
    - restart bridge
 - name: "Bridge - create home password file"
  template:
    src: "home-password.txt.j2"
    dest: "{{ bridge_path }}/{{ bridge_home_password_file }}"
    mode: 0600
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
  notify:
    - restart bridge
 - name: "Bridge - create foreign keystore file"
  template:
    src: "foreign-keystore.json.j2"
    dest: "{{ bridge_path }}/{{ bridge_keystore_folder }}/foreign-keystore.json"
    mode: 0600
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
  notify:
    - restart bridge
  when: home_signer_address != foreign_signer_address
 - name: "Bridge - create home password file"
  template:
    src: "foreign-password.txt.j2"
    dest: "{{ bridge_path }}/{{ bridge_foreign_password_file }}"
    mode: 0600
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
  notify:
    - restart bridge
  when: bridge_home_password_file != bridge_foreign_password_file
 - name: "Bridge - create bridge config"
  template:
    src: config.toml.j2
    dest: "{{ bridge_path }}/config.toml"
    mode: 0600
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
  notify:
    - restart bridge
 - name: "Bridge - create db.toml file from template"
  template:
    src: "db.toml.j2"
    dest: "{{ bridge_path }}/db.toml"
    mode: 0600
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
    force: no
  when: db_toml_location == ""
 - name: "Bridge - copy db.toml file from local machine"
  copy:
    src: "{{ db_toml_location }}"
    dest: "{{ bridge_path }}/db.toml"
    force: no
    owner: "{{ service_user }}"
    group: "{{ service_user }}"
    mode: 0600
  when: db_toml_location != ""
 - name: "Bridge - install bridge service"
  template:
    src: bridge.service.j2
    dest: /etc/systemd/system/{{ bridge_service_name }}.service
    owner: root
    group: root
    mode: 0644
  notify:
    - restart {{ bridge_service_name }}
 - name: "Bridge - enable bridge service to start at boot"
  command: "systemctl enable {{ bridge_service_name }}.service"
 - name: "Bridge - ensure bridge service is running"
  systemd:
    name: "{{ bridge_service_name }}.service"
    state: started
    enabled: yes
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/bridge.service.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/bridge.service.j2
@ -1,17 +0,0 @@
 [Unit]
 Description=bridge
 After=network.target
 [Service]
 User={{ service_user }}
 Group={{ service_user }}
 WorkingDirectory={{ bridge_path }}
 Environment=RUST_LOG=info
 ExecStart={{ bridge_path }}/bridge --config {{ bridge_path }}/config.toml --database {{ bridge_path }}/db.toml
 Restart=always
 {% if restart_delay_sec > 0 %}
 RestartSec={{ restart_delay_sec }}
 {% endif %}
 [Install]
 WantedBy=multi-user.target
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/config.toml.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/config.toml.j2
@ -1,57 +0,0 @@
 keystore = "{{ bridge_keystore_folder }}"
 [home]
 account = "{{ home_signer_address }}"
 required_confirmations = {{ bridge_home_required_confirmations }}
 poll_interval = {{ bridge_home_poll_interval }}
 {% if bridge_home_request_timeout > -1 %}
 request_timeout = {{ bridge_home_request_timeout }}
 {% endif %}
 rpc_host = "{{ home_rpc_url }}"
 rpc_port = {{ home_rpc_port }}
 password = "{{ bridge_home_password_file }}"
 {% if bridge_home_gas_price_oracle_url != "" %}
 gas_price_oracle_url = "{{ bridge_home_gas_price_oracle_url }}"
 {% if bridge_home_gas_price_timeout > -1 %}
 gas_price_timeout = {{ bridge_home_gas_price_timeout }}
 {% endif %}
 {% if bridge_home_gas_price_speed != "" %}
 gas_price_speed = "{{ bridge_home_gas_price_speed }}"
 {% endif %}
 {% endif %}
 {% if bridge_home_default_gas_price > -1 %}
 default_gas_price = {{ bridge_home_default_gas_price }}
 {% endif %}
 [foreign]
 account = "{{ foreign_signer_address }}"
 required_confirmations = {{ bridge_foreign_required_confirmations }}
 poll_interval = {{ bridge_foreign_poll_interval }}
 {% if bridge_foreign_request_timeout > -1 %}
 request_timeout = {{ bridge_foreign_request_timeout }}
 {% endif %}
 rpc_host = "{{ foreign_rpc_url }}"
 rpc_port = {{ foreign_rpc_port }}
 password = "{{ bridge_foreign_password_file }}"
 {% if bridge_foreign_gas_price_oracle_url != "" %}
 gas_price_oracle_url = "{{ bridge_foreign_gas_price_oracle_url }}"
 {% if bridge_foreign_gas_price_timeout > -1 %}
 gas_price_timeout = {{ bridge_foreign_gas_price_timeout }}
 {% endif %}
 {% if bridge_foreign_gas_price_speed != "" %}
 gas_price_speed = "{{ bridge_foreign_gas_price_speed }}"
 {% endif %}
 {% endif %}
 {% if bridge_foreign_default_gas_price > -1 %}
 default_gas_price = {{ bridge_foreign_default_gas_price }}
 {% endif %}
 [authorities]
 required_signatures = {{ bridge_authorities_requires_signatures }}
 [transactions]
 deposit_relay = { gas = {{ bridge_deposit_relay_gas }} }
 withdraw_relay = { gas = {{ bridge_withdraw_relay_gas }} }
 withdraw_confirm = { gas = {{ bridge_withdraw_confirm_gas }} }
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/db.toml.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/db.toml.j2
@ -1,5 +0,0 @@
 home_contract_address = "{{ bridge_home_contract_address }}"
 foreign_contract_address = "{{ bridge_foreign_contract_address }}"
 checked_deposit_relay = {{ last_checked_deposit_relay|default(bridge_home_contract_deploy) }}
 checked_withdraw_relay = {{ last_checked_withdraw_relay|default(bridge_foreign_contract_deploy) }}
 checked_withdraw_confirm = {{ last_checked_withdraw_confirm|default(bridge_foreign_contract_deploy) }}
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/foreign-keystore.json.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/foreign-keystore.json.j2
@ -1 +0,0 @@
 {{ (signer_keyfile|default("") != "") | ternary(foreign_signer_keyfile|to_json, foreign_signer_keyfile) }}
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/foreign-password.txt.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/foreign-password.txt.j2
@ -1 +0,0 @@
 {{ foreign_signer_password }}
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/home-keystore.json.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/home-keystore.json.j2
@ -1 +0,0 @@
 {{ (signer_keyfile|default("") != "") | ternary(home_signer_keyfile|to_json, home_signer_keyfile) }}
--- a/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/home-password.txt.j2
+++ b/deployment-bridge/upgradable-wo-parity/roles/bridge/templates/home-password.txt.j2
@ -1 +0,0 @@
 {{ home_signer_password }}
--- a/deployment-bridge/.gitignore
+++ b/deployment-bridge/.gitignore
--- a/deployment-bridge/README.md
+++ b/deployment-bridge/README.md
@ -15,6 +15,12 @@ The Rust bridge is not currently in production, but an Ansible playbook is devel
 The playbooks automatically install `Docker`, `docker-compose`, `Python`, `Git`and it dependencies (such as `curl`, `ca-certificates`, `apt-transport-https`, etc.). Install [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) to launch playbooks.
 ## Linting
 - [ansible-lint](https://github.com/ansible/ansible-lint) is required
 `yarn ansible-lint`
 ## Configuration
 Please see the [bridge-nodejs README](bridge-nodejs/README.md) for configuration and execution details. 
--- a/deployment/lint.sh
+++ b/deployment/lint.sh
@ -0,0 +1,3 @@
 #!/bin/bash
 cd $(dirname $0)
 ansible-lint -v -t bug ./oracle/roles/**
--- a/deployment-bridge/bridge-nodejs/.gitignore
+++ b/deployment-bridge/bridge-nodejs/.gitignore
--- a/deployment-bridge/bridge-nodejs/README.md
+++ b/deployment-bridge/bridge-nodejs/README.md
--- a/deployment-bridge/bridge-nodejs/ansible.cfg
+++ b/deployment-bridge/bridge-nodejs/ansible.cfg
--- a/deployment-bridge/bridge-nodejs/group_vars/dai.yml
+++ b/deployment-bridge/bridge-nodejs/group_vars/dai.yml
--- a/deployment-bridge/bridge-nodejs/group_vars/example.yml
+++ b/deployment-bridge/bridge-nodejs/group_vars/example.yml
--- a/deployment-bridge/bridge-nodejs/group_vars/wetc.yml
+++ b/deployment-bridge/bridge-nodejs/group_vars/wetc.yml
--- a/deployment-bridge/bridge-nodejs/hosts.yml.example
+++ b/deployment-bridge/bridge-nodejs/hosts.yml.example
--- a/deployment-bridge/bridge-nodejs/roles/dependencies/README.md
+++ b/deployment-bridge/bridge-nodejs/roles/dependencies/README.md
--- a/deployment-bridge/bridge-nodejs/roles/dependencies/defaults/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/dependencies/defaults/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/dependencies/files/daemon.json
+++ b/deployment-bridge/bridge-nodejs/roles/dependencies/files/daemon.json
--- a/deployment-bridge/bridge-nodejs/roles/dependencies/handlers/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/dependencies/handlers/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/dependencies/tasks/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/dependencies/tasks/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/jumpbox/README.md
+++ b/deployment-bridge/bridge-nodejs/roles/jumpbox/README.md
--- a/deployment-bridge/bridge-nodejs/roles/jumpbox/defaults/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/jumpbox/defaults/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/jumpbox/tasks/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/jumpbox/tasks/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/logging/README.md
+++ b/deployment-bridge/bridge-nodejs/roles/logging/README.md
--- a/deployment-bridge/bridge-nodejs/roles/logging/defaults/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/logging/defaults/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/logging/tasks/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/logging/tasks/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/logging/templates/30-docker.conf.j2
+++ b/deployment-bridge/bridge-nodejs/roles/logging/templates/30-docker.conf.j2
--- a/deployment-bridge/bridge-nodejs/roles/logging/templates/35-remote-logging.conf.j2
+++ b/deployment-bridge/bridge-nodejs/roles/logging/templates/35-remote-logging.conf.j2
--- a/deployment-bridge/bridge-nodejs/roles/logging/templates/docker-logs.j2
+++ b/deployment-bridge/bridge-nodejs/roles/logging/templates/docker-logs.j2
--- a/deployment-bridge/bridge-nodejs/roles/post_config/README.md
+++ b/deployment-bridge/bridge-nodejs/roles/post_config/README.md
--- a/deployment-bridge/bridge-nodejs/roles/post_config/defaults/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/post_config/defaults/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/post_config/tasks/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/post_config/tasks/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/post_config/templates/key.j2
+++ b/deployment-bridge/bridge-nodejs/roles/post_config/templates/key.j2
--- a/deployment-bridge/bridge-nodejs/roles/pre_config/README.md
+++ b/deployment-bridge/bridge-nodejs/roles/pre_config/README.md
--- a/deployment-bridge/bridge-nodejs/roles/pre_config/defaults/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/pre_config/defaults/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/pre_config/tasks/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/pre_config/tasks/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/pre_config/templates/.env.j2
+++ b/deployment-bridge/bridge-nodejs/roles/pre_config/templates/.env.j2
--- a/deployment-bridge/bridge-nodejs/roles/repo/README.md
+++ b/deployment-bridge/bridge-nodejs/roles/repo/README.md
--- a/deployment-bridge/bridge-nodejs/roles/repo/defaults/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/repo/defaults/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/repo/tasks/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/repo/tasks/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/servinstall/README.md
+++ b/deployment-bridge/bridge-nodejs/roles/servinstall/README.md
--- a/deployment-bridge/bridge-nodejs/roles/servinstall/defaults/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/servinstall/defaults/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/servinstall/tasks/main.yml
+++ b/deployment-bridge/bridge-nodejs/roles/servinstall/tasks/main.yml
--- a/deployment-bridge/bridge-nodejs/roles/servinstall/templates/poabridge.j2
+++ b/deployment-bridge/bridge-nodejs/roles/servinstall/templates/poabridge.j2
--- a/deployment-bridge/bridge-nodejs/site.yml
+++ b/deployment-bridge/bridge-nodejs/site.yml
--- a/package.json
+++ b/package.json
@ -15,6 +15,7 @@
  ],
  "scripts": {
    "lint": "yarn wsrun --exclude bridge-ui lint",
    "ansible-lint": "./deployment/lint.sh",
    "test": "yarn wsrun --exclude bridge-ui test"
  }
 }
		`@ -1 +0,0 @@`
			`{{ (signer_keyfile\|default("") != "") \| ternary(foreign_signer_keyfile\|to_json, foreign_signer_keyfile) }}`