Prepare to install Veriscope on a given Shyft Network chain

a) Configure your Veriscope Servers with Terraform Output values

Ansible inventory file

When the Terraform apply procedure is completed, run the following commands from the root directory (~/veriscope) to auto-configure your veriscope-nodes.yaml file (aka "Ansible inventory file"):

# Save the Terraform output in Json format to a specific file, e.g. 'terraform_instances_test_output.json'
terraform -chdir=infra/terraform/instances output -json > infra/terraform/instances/terraform_instances_test_output.json
# Run the following script which accepts a Terraform output file in Json format and outputs an ansible inventory file
# python3 infra/terraform/scripts/parse_tf_output.py <path/to/terraform_output.json> <path/to/ansible-inventory.yaml>
python3 infra/terraform/scripts/parse_tf_output.py infra/terraform/instances/terraform_instances_test_output.json infra/configure/inventory/veriscope-nodes.yaml

You must add your Trust Anchor account(s) and corresponding private key(s) to the Ansible inventory file. The steps above will not take care of this!

Example 1. Sample veriscope-nodes.yaml file
all:
  hosts:
  children:
    web:
      hosts:
        foo-001.my-custom-domain.com:
          private_ip: 10.10.10.10
          trust_anchor_pk: db3906947188edfe196fe01d3e161ef82722daec9e3259323997c4e877b20cb4
          trust_anchor_account: "0xe33bC570112172E2D64e8233d02454BBA56B67A2"
          ssh_secret_name: /owner/env/instances/foo-001.my-custom-domain.com
          nm_host: foo-001-nm.my-custom-domain.com
        bar-002.my-custom-domain.com:
          private_ip: 10.10.10.11
          trust_anchor_pk: db3906947188edfe196fe01d3e161ef82706947188edfe196fe01d3e161ef827
          trust_anchor_account: "0x67A212172E2D64e8233de33bC570102454BBA56B"
          ssh_secret_name: /owner/env/instances/bar-002.my-custom-domain.com
          nm_host: bar-002-nm.my-custom-domain.com
    nethermind:
      hosts:
        foo-001-nm.my-custom-domain.com:
          private_ip: 10.10.10.12
          ssh_secret_name: /owner/env/instances/foo-001-nm.my-custom-domain.com
        bar-002-nm.my-custom-domain.com:
          private_ip: 10.10.10.13
          ssh_secret_name: /owner/env/instances/bar-002-nm.my-custom-domain.com
  vars:
    # Whether to print debug messages to the screen while running the playbooks. NOTE: It may print secret information too. So, please use with caution.
    debug: true

    env: dev

    # Identify a chain to deploy to - choose from the list of directory names in chains/
    # One of 'veriscope_testnet', 'fed_testnet', 'fed_mainnet'
    veriscope_target: veriscope_testnet

    # Owner of the veriscope nodes. The value must be equal to the value of the Owner tag in the Terraform variables file (.tfvars file).
    # If each node has a different owner, this can be moved to hosts: section and specified per node.
    owner: foobar

    # The details of the TA dashboard (PHP Laravel app) admin user. Required values are
    # firstname, lastname, email and password. password is optional. If not provided, it
    # will be auto-generated and stored in infra/configure/playbooks/credentials/ta_dashboard_admin_pwd/<host-name>
    ta_dashboard_admin_user:
      firstname: Krishna
      lastname: Vasudeva
      email: [email protected]
      # optional password
      # password: mysupersecretpassword that doesn't start with a number!

    # Use this list to specify which apps to perform update (re-install) on beyond the copying
    # the new version of the code during a node update.
    apps_to_update:
      - api
      - dashboard

    # Use this dict to specify the keys and values for changes to TA API config changes
    ta_api_config_changes:
      HTTP: http://{{ nm_host }}:8545
      WS: ws://{{ nm_host }}:8545
  • trust_anchor_pk stands for Trust Anchor Private Key

  • owner must be equal to the value of the Owner tag in the Terraform variables file (.tfvars file). If each node has a different owner, this can be moved to hosts: section and specified per node.

  • There are two components (machines) to each Versicope Server: web (or web_instances) and nethermind (or nm_instances)

b) Download SSH Keys onto Veriscope Server

Before moving to the final step, run the following command to download the SSH keys for your Veriscope Server(s):

From the root of the repository (~/veriscope), run the following command:

ansible-playbook -i infra/configure/inventory/veriscope-nodes.yaml infra/configure/playbooks/prep/get-ssh-key-for-nodes.yaml

c) Take note of how to SSH into Veriscope Server (from the Bastion prompt)

SSH in Versicope Server web instance

Configure and enter the following from the Bastion prompt:

ssh -i ~/.ssh/<web_instances:private_fqdn>.pem veris@<web_instances:private_fqdn>

For example,

ssh -i ~/.ssh/shyft-onboarding-testnet.veriscope.net.pem [email protected]

SSH in Versicope Server Nethermind instance

Configure and enter the following from the Bastion prompt:

ssh -i ~/.ssh/<nm_instances:private_fqdn>.pem veris@<nm_instances:private_fqdn>

For example,

ssh -i ~/.ssh/shyft-onboarding-testnet-nm.veriscope.net.pem [email protected]