Update deployment bridge (#37)

* Removed obsolete upgradable-wo-parity.

* Renamed deployment-bridge/bridge-nodejs to deployment-bridge/oracle

* Renamed deployment-bridge to deployment.

* Added linting to readme.

* Added linting.

* Migrated circle-ci to 2.1

* Revert "Migrated circle-ci to 2.1"

2ce36b1934c02e2c6900884ac932d6bfdbffc3cb

* Ansible-linting only bugs.

* Updated readme, finished ansible-lint.

* Fixed CI error.

* Verbose.

* Using differnt docker.

* Linting only bugs.

* Revert "Added linting to readme."

b5890b884750fe8a7ebe4c1c1361b2a60b1690f9

* Added readme for merging.

.circleci/config.yml

@@ -8,6 +8,12 @@ jobs:
       - run: git submodule update --init
       - run: yarn
       - run: yarn run lint
+  ansible-lint:
+    docker:
+      - image: particlekit/ansible-lint
+    steps:
+      - checkout
+      - run: ./deployment/lint.sh
   test:
     docker:
       - image: circleci/node:10.15
@@ -25,3 +31,4 @@ workflows:
     jobs:
       - lint
       - test
+      - ansible-lint

README.md

@@ -48,10 +48,16 @@ To install dependencies:
 
 `yarn install`
 
-Running linter for all projects:
+Running linter for all JS projects:
 
 `yarn lint`
 
+Running linter for all Ansible playbooks:
+
+- [ansible-lint](https://github.com/ansible/ansible-lint) is required
+
+`yarn ansible-lint`
+
 Running tests for all projects:
 
 `yarn test`

deployment-bridge/upgradable-wo-parity/.gitignore

@@ -1,5 +0,0 @@
-hosts.yml
-*.retry
-temp
-test.js
-output.txt

deployment-bridge/upgradable-wo-parity/DETAILS.md

@@ -1,119 +0,0 @@
-Bridge-specific parameters should be stored in `group_vars/$BRIDGE_NAME.yml` so that they can be easily reused by selecting suitable bridge name in `hosts.yml`. However, for one-time testing purposes, these parameters can also be set directly in `hosts.yml` alongside other node-specific parametrs.
-
-## Details of the authority node setup
-Installation consists of 2 parts:
-
-### 1. Preparing
-1. A new user without sudo access is created. By default it's named `bridgeuser`, but can be controlled by `service_user` variable in `authority_node.yml`
-
-2. UFW is configured to allow inbound tcp connections only on ssh port (`22` by default)
-
-3. Syslog forwarding to remote server is setup by placing a config file in `/etc/rsyslog.d/tls-client.conf` file. This is done only if `syslog_server_port` is not empty
-
-4. Binaries and configuration files will be stored in the bridgeuser's home directory in `poa-bridge` folder, with the following structure:
-```
-poa-bridge/
-└── bridge/
-    ├── bridge*
-    ├── config.toml
-    ├── db.toml
-    ├── password.txt
-    └── keys/
-       └── home-keystore.json
-```
-here `*` means executable file, `/` means folder. Parity binary is downloaded both to home-node folder and foreign-node folder in case different versions might be required.
-
-### 2. Setting up bridge service
-1. Bridge binary is downloaded from url specified in `bridge_bin_url` variable (default value is set in `roles/bridge/defaults/main.yml`). Binary's sha256-checksum is validated against the value from `bridge_bin_sha256`. So when changing default version **both** `bridge_bin_url` and `bridge_bin_sha256` should be updated
-
-2. Bridge `config.toml` is created based on `roles/bridge/templates/bridge.service.j2`, example:
-```
-keystore = "keys"
-
-[home]
-account = "0x006E27B6A72E1f34C626762F3C4761547Aff1421"
-required_confirmations = 0
-poll_interval = 2
-rpc_host = "https://sokol.poa.network"
-rpc_port = 443
-password = "password.txt"
-
-[foreign]
-account = "0x006E27B6A72E1f34C626762F3C4761547Aff1421"
-required_confirmations = 0
-poll_interval = 2
-rpc_host = "https://kovan.infura.io/mew"
-rpc_port = 443
-password = "password.txt"
-
-[authorities]
-accounts = []
-required_signatures = 1
-
-[transactions]
-deposit_relay = { gas = 3000000, gas_price = 1000000000 }
-withdraw_relay = { gas = 3000000, gas_price = 1000000000 }
-withdraw_confirm = { gas = 3000000, gas_price = 1000000000 }
-```
-
-3. Database `db.toml` file is created based on `roles/bridge/db.toml.j2`, example (in this case it will be the same for all newly-created nodes):
-```
-home_contract_address = "0xad1dae0320717a288912ff7bae766ac87e7d14a5"
-foreign_contract_address = "0xfd03be9947cbecb14a1ae8729936e23af7a0b50b"
-checked_deposit_relay = 1768893
-checked_withdraw_relay = 6715777
-checked_withdraw_confirm = 6715777
-```
-**OR** `db.toml` can be copied from local machine, in this case `db_toml_location` variable should be set in `hosts.yml` to absolute path of the file
-
-4. Bridge service is installed for `systemd` so that it auto-start on startup and auto-restarts if bridge process fails. Example of `/etc/systemd/system/bridge.service`
-```
-[Unit]
-Description=bridge
-After=network.target
-
-[Service]
-User=bridgeuser
-Group=bridgeuser
-WorkingDirectory=/home/bridgeuser/poa-bridge/bridge
-Environment=RUST_LOG=info
-ExecStart=/home/bridgeuser/poa-bridge/bridge/bridge --config /home/bridgeuser/poa-bridge/bridge/config.toml --database /home/bridgeuser/poa-bridge/bridge/db.toml
-Restart=always
-RestartSec=3
-
-[Install]
-WantedBy=multi-user.target
-```
-By default, restart delay is 3 seconds, this can be controlled by `restart_delay_sec` variable
-
-5. Logs are stored in `/var/log/syslog`. If you provided `syslog_server_port` variable (in format `host:port`) in `hosts.yml` during installation, logs from syslog will be duplicated to a central syslog server for analysis and monitoring
-
-## Useful commands
-1. Restart services:
-```
-sudo systemctl restart bridge
-```
-Replace `restart` with `start` or `stop` if needed
-
-2. Get quick status of a service:
-```
-sudo systemctl status bridge
-```
-note if it's reported `active`, `running` or `dead`
-
-3. Tail bridge logs from `/var/log/syslog`:
-```
-tail -F /var/log/syslog | grep bridge
-```
-
-4. Relogin as bridge user (user without sudo access for running bridge):
-```
-sudo -i -u bridgeuser
-```
-to go back
-```
-exit
-```
-
-## URLs of bridge precompiled binary
-Update `bridge_bin_url` and `bridge_bin_sha256` from `roles/bridge/defaults/main.yml`

deployment-bridge/upgradable-wo-parity/NEW-BRIDGE.md

@@ -1,48 +0,0 @@
-## How to create group_vars file for a new bridge deployment
-
-If you deployed a new bridge and want it to be preconfigured for the future, you need to create an `.yml` file in `group_vars/` folder of this playbook.
-
-Basically, you can use `sokol-kovan.yml` as a template:
-```
-### home side rpc
-home_rpc_url: https://sokol.poa.network
-home_rpc_port: 443
-
-### foreign side rpc
-foreign_rpc_url: https://kovan.infura.io/mew
-foreign_rpc_port: 443
-
-### bridge configs
-bridge_deposit_relay_gas:    3000000
-bridge_withdraw_relay_gas:   3000000
-bridge_withdraw_confirm_gas: 3000000
-
-bridge_deposit_relay_gas_price:    1000000000
-bridge_withdraw_relay_gas_price:   1000000000
-bridge_withdraw_confirm_gas_price: 1000000000
-
-bridge_authorities_requires_signatures: 1
-
-bridge_home_required_confirmations: 0
-bridge_foreign_required_confirmations: 0
-
-bridge_home_contract_address: "0x98f7b68C0Ef6A7DA0Bb0E786144A87bfEcc5cbD1"
-bridge_foreign_contract_address: "0x5c29759020Fa2251B6481A3Ac1Ee507Ddbdc075c"
-bridge_home_contract_deploy: 2213129
-bridge_foreign_contract_deploy: 7066466
-
-bridge_home_poll_interval: 4
-bridge_foreign_poll_interval: 3
-
-bridge_home_default_gas_price: 1000000000
-
-bridge_foreign_gas_price_oracle_url: https://gasprice.poa.network
-bridge_foreign_gas_price_timeout: 10
-bridge_foreign_gas_price_speed: fast #other possible values: slow, standard, instant
-bridge_foreign_default_gas_price: 21000000000
-```
-
-Let's examine available options:
-* `*_rpc_url`: url of the rpc endpoint of the home-side of the bridge
-* `*_rpc_port`: port to use (for https use 443)
-* `bridge_*` options are directly related to the values in `config.toml` and `db.toml`, see `roles/bridge/templates/config.toml.j2` and `roles/bridge/templates/db.toml.j2` for more details.

deployment-bridge/upgradable-wo-parity/README.md

@@ -1,49 +0,0 @@
-## Deploying bridge authority node
-
-### Prerequisites
-1. Launch an Ubuntu 16.04 server on your favourite hosting provider and note its IP address. You should setup ssh access to your node via public+private keys (using passwords is less secure). When creating the node, set a meaningful `hostname` that can identify you (e.g. `validator-0x...`).
-
-2. On your local machine install
-    * Python 2 (v2.6-v2.7)/Python3 (v3.5+)
-    * Ansible v2.3+
-    * Git
-
-### Preparing configuration file
-1. Clone this repository and go to `upgradable-wo-parity` folder
-```
-git clone https://github.com/poanetwork/deployment-bridge.git
-cd upgradable-wo-parity
-```
-
-2. Create file `hosts.yml` from `hosts.yml.template`
-```
-cp hosts.yml.template hosts.yml
-```
-This file contains parameters specific to your node, so you need to edit it and replace/provide missing values. Let's review the parameters:
-* `core-foundation` - name of the bridge you want to deploy. Unless deploying a custom bridge, you don't need to change this line
-* `192.0.2.1` - replace with your node's IP address
-* `ansible_user` - user to ssh into your node. Usually it's either `ubuntu` or `root`
-* `ansible_python_interpreter` - path to python interpreter on your node. With Ubuntu 16.04 this should work with default value, however if running the playbook you get an error that `python3` is not found, try changing this to `/usr/bin/python`
-* `signer_keyfile` - copy json content (`'{...}'`) of authority's keystore file
-* `signer_password` - set this to authority's password
-* `syslog_server_port` - set this to `server:port` of syslog server (should be provided to you)
-
-If you're a new validator joining an existing bridge setup, you may want to additionally set the following parameters in `hosts.yml`:
-* `last_checked_deposit_relay`
-* `last_checked_withdraw_relay`
-* `last_checked_withdraw_confirm`
-If set, these values overwrite initial block numbers in `db.toml`, so that your node won't be re-processing transactions that are already processed by existing validators. You should get exact values from other validators before running the playbook.
-
-### Installing the node
-1. If ssh user can't execute `sudo` without password, you will need to add `--ask-become-pass` option below (without `[]` brackets) and provide sudo password when prompted by the playbook.
-2. Run the playbook
-```
-ansible-playbook -i hosts.yml [--ask-become-pass] authority-node.yml
-```
-3. Playbook should complete without errors
-
-## Setup details
-To get more details about the setup, [go here](./DETAILS.md)
-
-## Changes required for new bridges
-To prepare configuration files for a newly deployed bridg, [go here](./NEW-BRIDGE.md)

deployment-bridge/upgradable-wo-parity/ansible.cfg

@@ -1,2 +0,0 @@
-[ssh_connection]
-pipelining = True

deployment-bridge/upgradable-wo-parity/authority-node.yml

@@ -1,17 +0,0 @@
----
-- hosts: all
-  become: yes
-  gather_facts: no
-  # vars:
-  #   home_signer_address: "0x{{ (signer_keyfile|from_json).address }}"
-  #   home_signer_keyfile: '{{ signer_keyfile }}'
-  #   home_signer_password: "{{ signer_password }}"
-  #   foreign_signer_address: "{{ home_signer_address }}"
-  #   foreign_signer_keyfile: '{{ home_signer_keyfile }}'
-  #   foreign_signer_password: "{{ home_signer_password }}"
-  #   bridge_home_password_file: "password.txt"
-  #   bridge_foreign_password_file: "password.txt"
-  roles:
-    - backward-compatibility
-    - authority-preconf
-    - bridge

deployment-bridge/upgradable-wo-parity/group_vars/all.yml

@@ -1,6 +0,0 @@
-### global settings
-base_path: "/home/{{ service_user }}/poa-bridge"
-
-become_method: sudo
-
-service_user: bridgeuser

deployment-bridge/upgradable-wo-parity/group_vars/core-foundation.yml

@@ -1,32 +0,0 @@
-### home side rpc
-home_rpc_url: https://core.poa.network
-home_rpc_port: 443
-
-### foreign side rpc
-foreign_rpc_url: https://mainnet.infura.io/metamask
-foreign_rpc_port: 443
-
-### bridge configs
-bridge_deposit_relay_gas:    250000
-bridge_withdraw_relay_gas:   300000
-bridge_withdraw_confirm_gas: 300000
-
-bridge_authorities_requires_signatures: 2
-
-bridge_home_required_confirmations: 8
-bridge_foreign_required_confirmations: 8
-
-bridge_home_contract_address: "0xB87b6077D59B01Ab9fa8cd5A1A21D02a4d60D358"
-bridge_foreign_contract_address: "0xd819E948b14cA6AAD2b7Ffd333cCDf732b129EeD"
-bridge_home_contract_deploy: 2477327
-bridge_foreign_contract_deploy: 5578725
-
-bridge_home_poll_interval: 4
-bridge_foreign_poll_interval: 10
-
-bridge_home_default_gas_price: 1000000000
-
-bridge_foreign_gas_price_oracle_url: https://gasprice.poa.network
-bridge_foreign_gas_price_timeout: 10
-bridge_foreign_gas_price_speed: fast #other possible values: slow, standard, instant
-bridge_foreign_default_gas_price: 21000000000

deployment-bridge/upgradable-wo-parity/group_vars/sokol-kovan.yml

@@ -1,25 +0,0 @@
-### home side rpc
-home_rpc_url: https://sokol.poa.network
-home_rpc_port: 443
-
-### foreign side rpc
-foreign_rpc_url: https://kovan.infura.io/mew
-foreign_rpc_port: 443
-
-### bridge configs
-bridge_deposit_relay_gas:    3000000
-bridge_withdraw_relay_gas:   3000000
-bridge_withdraw_confirm_gas: 3000000
-
-bridge_authorities_requires_signatures: 1
-
-bridge_home_required_confirmations: 0
-bridge_foreign_required_confirmations: 0
-
-bridge_home_contract_address: "0x98f7b68C0Ef6A7DA0Bb0E786144A87bfEcc5cbD1"
-bridge_foreign_contract_address: "0x5c29759020Fa2251B6481A3Ac1Ee507Ddbdc075c"
-bridge_home_contract_deploy: 2213129
-bridge_foreign_contract_deploy: 7066466
-
-bridge_home_poll_interval: 4
-bridge_foreign_poll_interval: 3

deployment-bridge/upgradable-wo-parity/hosts.yml.template

@@ -1,13 +0,0 @@
----
-core-foundation:
-  hosts:
-    192.0.2.1:
-      ansible_user: ubuntu
-      ansible_python_interpreter: "/usr/bin/python3"
-      signer_keyfile: ''
-      signer_password: ""
-      syslog_server_port: ""        # this value should be provided to you
-
-      # last_checked_deposit_relay: 1       # optional value, consult README
-      # last_checked_withdraw_relay: 1      # optional value, consult README
-      # last_checked_withdraw_confirm: 1    # optional value, consult README

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/defaults/main.yml

@@ -1,7 +0,0 @@
-###### Accepts the following parametrs:
-#
-# syslog_server_port           server:port to forward syslog to (port is required, commonly port is 514)
-#
----
-syslog_server_port: ""
-custom_ssh_port: ""

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/handlers/main.yml

@@ -1,20 +0,0 @@
----
-- name: restart ufw
-  service:
-    name: ufw
-    state: restarted
-
-- name: restart chrony
-  service:
-    name: chrony
-    state: restarted
-
-- name: restart rsyslog
-  service:
-    name: rsyslog
-    state: restarted
-
-- name: restart sshd
-  service:
-    name: sshd
-    state: restarted

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/create-user.yml

@@ -1,5 +0,0 @@
----
-- name: Preconf.Create user
-  user:
-    name: "{{ service_user }}"
-    shell: "/bin/bash"

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/main.yml

@@ -1,28 +0,0 @@
----
-- name: Check if remote computer is listening on standard ssh port
-  become: no
-  wait_for: port="{{ ansible_port | default(22) }}" state="started" host="{{ inventory_hostname }}" connect_timeout="3" timeout="4"
-  delegate_to: "localhost"
-  ignore_errors: "yes"
-  register: port_used
-
-- name: Set inventory ansible_port to custom
-  set_fact: ansible_port="{{ custom_ssh_port }}"
-  when: port_used.state is undefined
-
-- name: Preconf - setup UFW firewall
-  import_tasks: ufw.yml
-
-- name: Preconf - sshd
-  import_tasks: sshd.yml
-  when: custom_ssh_port != ""  and custom_ssh_port != ansible_port | default(22)
-
-- name: Preconf - create user
-  import_tasks: create-user.yml
-
-- name: Preconf - configure syslog forwarding
-  import_tasks: syslog-forward.yml
-  when: syslog_server_port != ""
-
-- name: Preconf - run handlers immediately
-  meta: flush_handlers

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/sshd.yml

@@ -1,33 +0,0 @@
-- name: Save old SSH port to variable
-  set_fact:
-    old_port: "{{ ansible_port | default(22) }}"
-
-- name: Setup new SSH port
-  lineinfile:
-    dest: "/etc/ssh/sshd_config"
-    regexp: "^Port"
-    line: "Port {{ custom_ssh_port }}"
-  notify: restart sshd
-  
-- name: Preconf - run handlers immediately
-  meta: flush_handlers
-  
-- name: Doublecheck if computer is listening custom SSH port before removing old port access
-  become: no
-  wait_for: port="{{ custom_ssh_port }}" state="started" host="{{ inventory_hostname }}" connect_timeout="3" timeout="4" 
-  delegate_to: "localhost" 
-  register: port_used
-
-- name: Preconf.UFW - remove default ssh access
-  ufw:
-    delete: yes
-    rule: "allow"
-    port: "{{ old_port }}"
-    proto: "tcp"
-  when: port_used is defined and old_port!=custom_ssh_port
-  notify:
-    - restart ufw
-    
-- name: Set inventory ansible_port to custom
-  set_fact: ansible_port="{{ custom_ssh_port }}"
-  

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/syslog-forward.yml

@@ -1,27 +0,0 @@
----
-- name: Preconf.Syslog forward - apt install rsyslog-gnutls package
-  apt:
-    name: rsyslog-gnutls
-    state: present
-    update_cache: yes
-
-- name: Preconf.Syslog forward - download papertrail CA
-  get_url:
-    url: "https://papertrailapp.com/tools/papertrail-bundle.pem"
-    checksum: "md5:ba3b40a34ec33ac0869fa5b17a0c80fc"
-    dest: "/etc/papertrail-bundle.pem"
-    mode: 0644
-    owner: root
-    group: root
-  notify:
-    - restart rsyslog
-
-- name: Preconf.Syslog forward - create client config
-  template:
-    src: "rsyslog-tls-client.conf.j2"
-    dest: "/etc/rsyslog.d/tls-client.conf"
-    mode: 0644
-    owner: root
-    group: root
-  notify:
-    - restart rsyslog

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/tasks/ufw.yml

@@ -1,47 +0,0 @@
-# to verify ufw configuration run:
-# sudo ufw status verbose
-
----
-- name: UFW
-  block:
-    - name: Preconf.UFW - install ufw
-      package:
-        name: ufw
-        state: present
-
-    - name: Preconf.UFW - clean old rules
-      ufw:
-        state: reset
-
-    - name: Preconf.UFW - configure defaults
-      ufw:
-        direction: "{{ item.direction }}"
-        policy: "{{ item.policy }}"
-      with_items:
-        - direction: "incoming"
-          policy: "deny"
-        - direction: "outgoing"
-          policy: "allow"
-
-    - name: Preconf.UFW - allow ssh access
-      ufw:
-        rule: "allow"
-        port: "{{ ansible_port | default(22) }}"
-        proto: "tcp"
-    
-    - name: Preconf.UFW - allow custom port access
-      ufw:
-        rule: "allow"
-        port: "{{ custom_ssh_port }}"
-        proto: "tcp"
-      when: custom_ssh_port!="" and  custom_ssh_port!=(ansible_port|default(22))
-
-    - name: Preconf.UFW - disable logging
-      ufw:
-        logging: off
-
-    - name: Preconf.UFW - enable ufw to start on boot
-      ufw:
-        state: enabled
-      notify:
-        - restart ufw

deployment-bridge/upgradable-wo-parity/roles/authority-preconf/templates/rsyslog-tls-client.conf.j2

@@ -1,6 +0,0 @@
-$DefaultNetstreamDriverCAFile /etc/papertrail-bundle.pem
-$ActionSendStreamDriver gtls
-$ActionSendStreamDriverMode 1
-$ActionSendStreamDriverAuthMode x509/name
-$ActionSendStreamDriverPermittedPeer *.papertrailapp.com
-*.*    @@{{ syslog_server_port }}

deployment-bridge/upgradable-wo-parity/roles/backward-compatibility/tasks/main.yml

@@ -1,15 +0,0 @@
----
-- name: BC - set home and foreign variables from signer
-  block:
-    - set_fact:
-        home_signer_address: "0x{{ (signer_keyfile|from_json).address }}"
-        home_signer_keyfile: '{{ signer_keyfile }}'
-        home_signer_password: "{{ signer_password }}"
-    - set_fact:
-        foreign_signer_address: "{{ home_signer_address }}"
-        foreign_signer_keyfile: '{{ home_signer_keyfile }}'
-        foreign_signer_password: "{{ home_signer_password }}"
-    - set_fact:
-        bridge_home_password_file: "password.txt"
-        bridge_foreign_password_file: "password.txt"
-  when: signer_keyfile|default("") != "" or signer_password|default("") != ""

deployment-bridge/upgradable-wo-parity/roles/bridge/defaults/main.yml

@@ -1,64 +0,0 @@
-###### Accepts the following parametrs:
-#
-# bridge_path                             (*) path to the bridge folder (also used in templates)
-# bridge_bin_url                          (*) url from which to download bridge binary
-# bridge_bin_sha256                       (*) sha256 checksum of the binary
-# bridge_service_name                     (*) name to be used for bridge service
-# bridge_deposit_relay_gas                bridge config option (used only in templates)
-# bridge_withdraw_relay_gas               bridge config option (used only in templates)
-# bridge_withdraw_confirm_gas             bridge config option (used only in templates)
-# bridge_home_required_confirmations      bridge config option (used only in templates)
-# bridge_home_poll_interval               bridge config option (used only in templates)
-# bridge_home_request_timeout             bridge config option (used only in templates)
-# bridge_foreign_required_confirmations   bridge config option (used only in templates)
-# bridge_foreign_poll_interval            bridge config option (used only in templates)
-# bridge_foreign_request_timeout          bridge config option (used only in templates)
-# db_toml_location                        path to bridge db.toml **on local machine**
-# restart_delay_sec                       (*) delay in seconds between restarts of brige service. Set to 0 to omit this option (used only in templates)
-# bridge_keystore_folder                  (*) folder to store keystore files
-# bridge_home_password_file               (*) name of the file with password
-# bridge_foreign_password_file            (*) name of the file with password
-# home_rpc_url                            url of home-side rpc endpoint
-# foreign_rpc_url                         url of foreign-sode rpc endpoint
-# home_rpc_port                           port of home-side rpc endpoint
-# foreign_rpc_port                        port of foreign-side rpc endpoint
-#
----
-bridge_path: "{{ base_path }}/bridge"
-bridge_bin_url: "https://s3.amazonaws.com/poa-bridge-iterim/release-v0.3.0/bridge"
-bridge_bin_sha256: "4cfbba6f00fe6bbbd002b71ab4610c4bca06931496ee18fdbfd124d823b88bcb"
-bridge_service_name: "bridge"
-db_toml_location: ""
-
-home_rpc_port: 443
-foreign_rpc_port: 443
-
-restart_delay_sec: 2
-
-bridge_keystore_folder: "keys"
-bridge_home_password_file: "home-password.txt"
-bridge_foreign_password_file: "foreign-password.txt"
-
-# set to -1 to use bridge binary default values
-bridge_home_request_timeout: 360
-bridge_foreign_request_timeout: 360
-
-bridge_authorities: []
-
-# set to empty string to use default value
-bridge_home_gas_price_oracle_url: ""
-# set to -1 to use default value
-bridge_home_gas_price_timeout: -1
-# set to empty string to use default value
-bridge_home_gas_price_speed: ""
-# set to -1 to use default value
-bridge_home_default_gas_price: -1
-
-# set to empty string to use default value
-bridge_foreign_gas_price_oracle_url: ""
-# set to -1 to use default value
-bridge_foreign_gas_price_timeout: -1
-# set to empty string to use default value
-bridge_foreign_gas_price_speed: ""
-# set to -1 to use default value
-bridge_foreign_default_gas_price: -1

deployment-bridge/upgradable-wo-parity/roles/bridge/handlers/main.yml

@@ -1,5 +0,0 @@
----
-- name: "restart {{ bridge_service_name }}"
-  service:
-    name: "{{ bridge_service_name }}"
-    state: restarted

deployment-bridge/upgradable-wo-parity/roles/bridge/tasks/main.yml

@@ -1,128 +0,0 @@
----
-- name: "Bridge - create bridge folder"
-  file:
-    path: "{{ bridge_path }}"
-    state: directory
-    mode: 0700
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-
-- name: "Bridge - download bridge binary"
-  get_url:
-    url: "{{ bridge_bin_url }}"
-    checksum: "sha256:{{ bridge_bin_sha256 }}"
-    dest: "{{ bridge_path }}/bridge"
-    mode: "0700"
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-  notify:
-    - restart {{ bridge_service_name }}
-
-- name: "Bridge - create keystore folder"
-  file:
-    path: "{{ bridge_path }}/{{ bridge_keystore_folder }}"
-    state: directory
-    mode: 0700
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-
-# - name: "Bridge - create keystore files"
-#   template:
-#     src: "{{ item }}.j2"
-#     dest: "{{ bridge_path }}/{{ bridge_keystore_folder }}/{{ item }}"
-#   with_items:
-#     - foreign-keystore.json
-#     - home-keystore.json
-#   notify:
-#     - restart bridge
-
-- name: "Bridge - create home keystore file"
-  template:
-    src: "home-keystore.json.j2"
-    dest: "{{ bridge_path }}/{{ bridge_keystore_folder }}/home-keystore.json"
-    mode: 0600
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-  notify:
-    - restart bridge
-
-- name: "Bridge - create home password file"
-  template:
-    src: "home-password.txt.j2"
-    dest: "{{ bridge_path }}/{{ bridge_home_password_file }}"
-    mode: 0600
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-  notify:
-    - restart bridge
-
-- name: "Bridge - create foreign keystore file"
-  template:
-    src: "foreign-keystore.json.j2"
-    dest: "{{ bridge_path }}/{{ bridge_keystore_folder }}/foreign-keystore.json"
-    mode: 0600
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-  notify:
-    - restart bridge
-  when: home_signer_address != foreign_signer_address
-
-- name: "Bridge - create home password file"
-  template:
-    src: "foreign-password.txt.j2"
-    dest: "{{ bridge_path }}/{{ bridge_foreign_password_file }}"
-    mode: 0600
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-  notify:
-    - restart bridge
-  when: bridge_home_password_file != bridge_foreign_password_file
-
-- name: "Bridge - create bridge config"
-  template:
-    src: config.toml.j2
-    dest: "{{ bridge_path }}/config.toml"
-    mode: 0600
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-  notify:
-    - restart bridge
-
-- name: "Bridge - create db.toml file from template"
-  template:
-    src: "db.toml.j2"
-    dest: "{{ bridge_path }}/db.toml"
-    mode: 0600
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-    force: no
-  when: db_toml_location == ""
-
-- name: "Bridge - copy db.toml file from local machine"
-  copy:
-    src: "{{ db_toml_location }}"
-    dest: "{{ bridge_path }}/db.toml"
-    force: no
-    owner: "{{ service_user }}"
-    group: "{{ service_user }}"
-    mode: 0600
-  when: db_toml_location != ""
-
-- name: "Bridge - install bridge service"
-  template:
-    src: bridge.service.j2
-    dest: /etc/systemd/system/{{ bridge_service_name }}.service
-    owner: root
-    group: root
-    mode: 0644
-  notify:
-    - restart {{ bridge_service_name }}
-
-- name: "Bridge - enable bridge service to start at boot"
-  command: "systemctl enable {{ bridge_service_name }}.service"
-
-- name: "Bridge - ensure bridge service is running"
-  systemd:
-    name: "{{ bridge_service_name }}.service"
-    state: started
-    enabled: yes

deployment-bridge/upgradable-wo-parity/roles/bridge/templates/bridge.service.j2

@@ -1,17 +0,0 @@
-[Unit]
-Description=bridge
-After=network.target
-
-[Service]
-User={{ service_user }}
-Group={{ service_user }}
-WorkingDirectory={{ bridge_path }}
-Environment=RUST_LOG=info
-ExecStart={{ bridge_path }}/bridge --config {{ bridge_path }}/config.toml --database {{ bridge_path }}/db.toml
-Restart=always
-{% if restart_delay_sec > 0 %}
-RestartSec={{ restart_delay_sec }}
-{% endif %}
-
-[Install]
-WantedBy=multi-user.target

deployment-bridge/upgradable-wo-parity/roles/bridge/templates/config.toml.j2

@@ -1,57 +0,0 @@
-keystore = "{{ bridge_keystore_folder }}"
-
-[home]
-account = "{{ home_signer_address }}"
-required_confirmations = {{ bridge_home_required_confirmations }}
-poll_interval = {{ bridge_home_poll_interval }}
-{% if bridge_home_request_timeout > -1 %}
-request_timeout = {{ bridge_home_request_timeout }}
-{% endif %}
-rpc_host = "{{ home_rpc_url }}"
-rpc_port = {{ home_rpc_port }}
-password = "{{ bridge_home_password_file }}"
-
-{% if bridge_home_gas_price_oracle_url != "" %}
-gas_price_oracle_url = "{{ bridge_home_gas_price_oracle_url }}"
-{% if bridge_home_gas_price_timeout > -1 %}
-gas_price_timeout = {{ bridge_home_gas_price_timeout }}
-{% endif %}
-{% if bridge_home_gas_price_speed != "" %}
-gas_price_speed = "{{ bridge_home_gas_price_speed }}"
-{% endif %}
-{% endif %}
-{% if bridge_home_default_gas_price > -1 %}
-default_gas_price = {{ bridge_home_default_gas_price }}
-{% endif %}
-
-[foreign]
-account = "{{ foreign_signer_address }}"
-required_confirmations = {{ bridge_foreign_required_confirmations }}
-poll_interval = {{ bridge_foreign_poll_interval }}
-{% if bridge_foreign_request_timeout > -1 %}
-request_timeout = {{ bridge_foreign_request_timeout }}
-{% endif %}
-rpc_host = "{{ foreign_rpc_url }}"
-rpc_port = {{ foreign_rpc_port }}
-password = "{{ bridge_foreign_password_file }}"
-
-{% if bridge_foreign_gas_price_oracle_url != "" %}
-gas_price_oracle_url = "{{ bridge_foreign_gas_price_oracle_url }}"
-{% if bridge_foreign_gas_price_timeout > -1 %}
-gas_price_timeout = {{ bridge_foreign_gas_price_timeout }}
-{% endif %}
-{% if bridge_foreign_gas_price_speed != "" %}
-gas_price_speed = "{{ bridge_foreign_gas_price_speed }}"
-{% endif %}
-{% endif %}
-{% if bridge_foreign_default_gas_price > -1 %}
-default_gas_price = {{ bridge_foreign_default_gas_price }}
-{% endif %}
-
-[authorities]
-required_signatures = {{ bridge_authorities_requires_signatures }}
-
-[transactions]
-deposit_relay = { gas = {{ bridge_deposit_relay_gas }} }
-withdraw_relay = { gas = {{ bridge_withdraw_relay_gas }} }
-withdraw_confirm = { gas = {{ bridge_withdraw_confirm_gas }} }

deployment-bridge/upgradable-wo-parity/roles/bridge/templates/db.toml.j2

@@ -1,5 +0,0 @@
-home_contract_address = "{{ bridge_home_contract_address }}"
-foreign_contract_address = "{{ bridge_foreign_contract_address }}"
-checked_deposit_relay = {{ last_checked_deposit_relay|default(bridge_home_contract_deploy) }}
-checked_withdraw_relay = {{ last_checked_withdraw_relay|default(bridge_foreign_contract_deploy) }}
-checked_withdraw_confirm = {{ last_checked_withdraw_confirm|default(bridge_foreign_contract_deploy) }}

deployment-bridge/upgradable-wo-parity/roles/bridge/templates/foreign-keystore.json.j2

@@ -1 +0,0 @@
-{{ (signer_keyfile|default("") != "") | ternary(foreign_signer_keyfile|to_json, foreign_signer_keyfile) }}

deployment-bridge/upgradable-wo-parity/roles/bridge/templates/foreign-password.txt.j2

@@ -1 +0,0 @@
-{{ foreign_signer_password }}

deployment-bridge/upgradable-wo-parity/roles/bridge/templates/home-keystore.json.j2

@@ -1 +0,0 @@
-{{ (signer_keyfile|default("") != "") | ternary(home_signer_keyfile|to_json, home_signer_keyfile) }}

deployment-bridge/upgradable-wo-parity/roles/bridge/templates/home-password.txt.j2

@@ -1 +0,0 @@
-{{ home_signer_password }}

deployment/README.md

@@ -15,6 +15,12 @@ The Rust bridge is not currently in production, but an Ansible playbook is devel
 
 The playbooks automatically install `Docker`, `docker-compose`, `Python`, `Git`and it dependencies (such as `curl`, `ca-certificates`, `apt-transport-https`, etc.). Install [Ansible](https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html) to launch playbooks.
 
+## Linting
+
+- [ansible-lint](https://github.com/ansible/ansible-lint) is required
+
+`yarn ansible-lint`
+
 ## Configuration
 
 Please see the [bridge-nodejs README](bridge-nodejs/README.md) for configuration and execution details. 

deployment/lint.sh

@@ -0,0 +1,3 @@
+#!/bin/bash
+cd $(dirname $0)
+ansible-lint -v -t bug ./oracle/roles/**

package.json

@@ -15,6 +15,7 @@
   ],
   "scripts": {
     "lint": "yarn wsrun --exclude bridge-ui lint",
+    "ansible-lint": "./deployment/lint.sh",
     "test": "yarn wsrun --exclude bridge-ui test"
   }
 }