Prepare to install Veriscope on a given Shyft Network chain

a) Configure your Veriscope Servers with Terraform Output values

Ansible inventory file

When the Terraform apply procedure is completed, run the following commands from the root directory (~/veriscope) to auto-configure your veriscope-nodes.yaml file (aka "Ansible inventory file"):

# Save the Terraform output in Json format to a specific file, e.g. 'terraform_output.json'
terraform -chdir=infra/terraform/instances output -json > infra/terraform/instances/terraform_output.json

When you generate the terraform_output.json, you can use the following command to auto-generate the veriscope-nodes.yaml file.

python3 infra/terraform/scripts/parse_tf_output.py
Run the following script which accepts a Terraform output file in Json format and outputs an ansible inventory file, python3 infra/terraform/scripts/parse_tf_output.py <path/to/terraform_output.json> <path/to/ansible-inventory.yaml> 
# You can also change the terraform_output.json to your custom.json
python3 infra/terraform/scripts/parse_tf_output.py --tf-output-path infra/terraform/instances/terraform_output.json --ansible-inventory-path infra/configure/inventory/veriscope-nodes.yaml

You must add your Trust Anchor account(s) and corresponding private key(s) to the Ansible inventory file. The steps above will not take care of this!
Example 1. Sample veriscope-nodes.yaml file
all:
  children:
    web:
      hosts:
        foo-001.my-custom-domain.com:
          private_ip: 10.10.10.10
          trust_anchors:
            - private_key: db3906947188edfe196fe01d3e161ef82722daec9e3259323997c4e877b20cb4
              address: "0xe33bC570112172E2D64e8233d02454BBA56B67A2"
              preferred_name: abc
          ssh_priv_key_secret_name: /owner/env/instances/foo-001.my-custom-domain.com
          nm_host: foo-001-nm.my-custom-domain.com
        bar-002.my-custom-domain.com:
          private_ip: 10.10.10.11
          trust_anchors:
            - private_key: db3906947188edfe196fe01d3e161ef82706947188edfe196fe01d3e161ef827
              address: "0x67A212172E2D64e8233de33bC570102454BBA56B"
              preferred_name: andy
            - private_key: db3906947188edfe196fe01d3e161ef82706947188edfe196fe01d3e161ef828
              address: "0x67A212172E2D64e8233de33bC570102454BBA57A"
              preferred_name: bar-002
          ssh_priv_key_secret_name: /owner/env/instances/bar-002.my-custom-domain.com
          nm_host: bar-002-nm.my-custom-domain.com
    nethermind:
      hosts:
        foo-001-nm.my-custom-domain.com:
          private_ip: 10.10.10.12
          ssh_priv_key_secret_name: /owner/env/instances/foo-001-nm.my-custom-domain.com
        bar-002-nm.my-custom-domain.com:
          private_ip: 10.10.10.13
          ssh_priv_key_secret_name: /owner/env/instances/bar-002-nm.my-custom-domain.com
  vars:
    # Mandatory. The source where TA DB secrets like TA DB user password and cluster info are stored.
    # Valid values are aws_secretsmanager, env_vars, azure_keyvault, gcp_secretsmanager, hashicorp_vault and ansible_vault.
    ta_db_secrets:
      source: aws_secretsmanager
      aws_region: us-east-1
      aws_profile: default

    # Whether to print debug messages to the screen while running the playbooks. NOTE: It may print secret information too. So, please use with caution.
    debug: false

    env: dev

    # Identify a chain to deploy to - choose from the list of directory names in chains/
    # One of 'veriscope_testnet', 'fed_testnet', 'fed_mainnet'
    veriscope_target: veriscope_testnet

    # Owner of the veriscope nodes. The value must be equal to the value of the Owner tag in the terraform variables file (.tfvars file).
    # If each node has a different owner, this can be moved to hosts: section and specified per node.
    owner: foobar

    # The details of the TA dashboard (PHP Laravel app) admin user. Required values are
    # firstname, lastname, email and password. password is optional. If not provided, it
    # will be auto-generated and stored in infra/configure/playbooks/credentials/ta_dashboard_admin_pwd/<host-name>
    ta_dashboard_admin_user:
      firstname: Krishna
      lastname: Vasudeva
      email: [email protected]
      # optional password
      password: mysupersecretpassword*!1

  • private_key stands for Trust Anchor Private Key

  • owner must be equal to the value of the Owner tag in the Terraform variables file (.tfvars file). If each node has a different owner, this can be moved to hosts: section and specified per node.

  • There are two components (machines) to each Versicope Server: web (or web_instances) and nethermind (or nm_instances)

b) Download SSH Keys onto Veriscope Server

Before moving to the final step, run the following command to download the SSH keys for your Veriscope Server(s):

From the root of the repository (~/veriscope), run the following command:

ansible-playbook -i infra/configure/inventory/veriscope-nodes.yaml infra/configure/playbooks/prep/get-ssh-key-for-nodes.yaml

c) Take note of how to SSH into Veriscope Server (from the Bastion prompt)

SSH in Versicope Server web instance

Configure and enter the following from the Bastion prompt:

ssh -i ~/.ssh/<web_instances:private_fqdn>.pem veris@<web_instances:private_fqdn>

For example,

ssh -i ~/.ssh/shyft-onboarding-testnet.veriscope.net.pem [email protected]

SSH in Versicope Server Nethermind instance

Configure and enter the following from the Bastion prompt:

ssh -i ~/.ssh/<nm_instances:private_fqdn>.pem veris@<nm_instances:private_fqdn>

For example,

ssh -i ~/.ssh/shyft-onboarding-testnet-nm.veriscope.net.pem [email protected]