feat(validators): chain_xion

ansible_collections/validators/galaxy.yml

@@ -9,7 +9,7 @@ namespace: binarybuilders
 name: validators
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 1.0.1
+version: 1.1.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

ansible_collections/validators/roles/chain_xion/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+chain_xion_alloy_config_path: /root/.local/share/alloy
+chain_xion_vmalert_config_path: /root/.local/share/vmalert

ansible_collections/validators/roles/chain_xion/handlers/main.yml

@@ -0,0 +1,23 @@
+---
+- name: Restart xiond-{{ chain_xion_network }}
+  ansible.builtin.systemd_service:
+    name: xiond-{{ chain_xion_network }}
+    state: restarted
+
+- name: Restart cosmos-validator-watcher-{{ chain_xion_chain_id }}
+  ansible.builtin.systemd_service:
+    name: cosmos-validator-watcher-{{ chain_xion_chain_id }}
+    state: restarted
+
+- name: Restart alloy
+  ansible.builtin.systemd_service:
+    name: alloy
+    daemon_reload: true
+    state: restarted
+
+- name: Restart vmalert
+  ansible.builtin.systemd_service:
+    name: vmalert
+    daemon_reload: true
+    state: restarted
+  delegate_to: observability

ansible_collections/validators/roles/chain_xion/tasks/cosmos-validator-watcher.yml

@@ -0,0 +1,52 @@
+---
+- name: Cosmos-validator-watcher | Set mainnet vars
+  when: chain_xion_network == "mainnet"
+  ansible.builtin.set_fact:
+    quadlet_command:
+      - --http-addr :{{ chain_xion_watcher_prometheus_port }}
+      - --node http://localhost:{{ chain_xion_xiond_rpc_port }}
+      - --validator 636D3F847A47A01472489C28224702AA6F50F49A:{{ chain_xion_chain_id }}
+
+- name: Cosmos-validator-watcher | Quadlet container file
+  containers.podman.podman_container:
+    name: cosmos-validator-watcher-{{ chain_xion_chain_id }}
+    image: "{{ chain_xion_cosmos_validator_watcher_image }}"
+    state: quadlet
+    command: "{{ quadlet_command }}"
+    network: host
+    label:
+      app: xion-{{ chain_xion_chain_id }}
+    quadlet_options:
+      - |
+
+        [Unit]
+        Description=cosmos-validator-watcher for {{ chain_xion_chain_id }}
+        After=network-online.target
+        Wants=network-online.target
+
+        [Service]
+        Restart=always
+        RestartSec=3
+        TimeoutStartSec=900
+
+        [Install]
+        WantedBy=default.target
+  notify: Restart cosmos-validator-watcher-{{ chain_xion_chain_id }}
+
+- name: Cosmos-validator-watcher | Add sudoers file
+  ansible.builtin.copy:
+    dest: "/etc/sudoers.d/{{ chain_xion_user }}-cosmos-validator-watcher-{{ chain_xion_network }}"
+    content: |
+      {{ chain_xion_user }} ALL=(ALL) NOPASSWD: /usr/bin/systemctl start cosmos-validator-watcher-{{ chain_xion_network }}.service
+      {{ chain_xion_user }} ALL=(ALL) NOPASSWD: /usr/bin/systemctl stop cosmos-validator-watcher-{{ chain_xion_network }}.service
+      {{ chain_xion_user }} ALL=(ALL) NOPASSWD: /usr/bin/systemctl restart cosmos-validator-watcher-{{ chain_xion_network }}.service
+      {{ chain_xion_user }} ALL=(ALL) NOPASSWD: /usr/bin/systemctl status cosmos-validator-watcher-{{ chain_xion_network }}.service
+    mode: "0440"
+    validate: /usr/sbin/visudo -cf %s
+
+- name: Cosmos-validator-watcher | Enable systemd service
+  ansible.builtin.systemd:
+    name: cosmos-validator-watcher-{{ chain_xion_chain_id }}
+    enabled: true
+    state: started
+    daemon_reload: true

ansible_collections/validators/roles/chain_xion/tasks/main.yml

@@ -0,0 +1,68 @@
+---
+- name: Install required packages
+  ansible.builtin.apt:
+    name:
+      - aria2
+      - build-essential
+      - git
+      - make
+      - lz4
+      - gcc
+    state: present
+
+- name: Create user
+  ansible.builtin.user:
+    name: "{{ chain_xion_user }}"
+    group: users
+    system: true
+    create_home: true
+    state: present
+
+- name: Add user to systemd-journal group
+  ansible.builtin.user:
+    name: "{{ chain_xion_user }}"
+    groups: systemd-journal
+    append: true
+
+- name: Create directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    recurse: true
+    mode: "0700"
+    owner: "{{ chain_xion_user }}"
+    group: users
+  loop:
+    - "/home/{{ chain_xion_user }}/go/bin"
+
+- name: Install Go
+  ansible.builtin.include_role:
+    name: install_go
+
+- name: Xiond | Binary
+  ansible.builtin.include_tasks: xiond-binary.yml
+
+- name: Xiond | configuration
+  ansible.builtin.include_tasks: xiond-configuration.yml
+
+- name: Cosmos-validator-watcher
+  ansible.builtin.include_tasks: cosmos-validator-watcher.yml
+  tags:
+    - cosmos-validator-watcher
+
+- name: Validator-observability
+  ansible.builtin.include_role:
+    name: binarybuilders.validators.observability
+  vars:
+    observability_alerts: "{{ chain_xion_alerts }}"
+    observability_chain_id: "{{ chain_xion_chain_id }}"
+    observability_prometheus_sdk_prometheus_port: "{{ chain_xion_xiond_prometheus_port }}"
+    observability_prometheus_watcher_prometheus_port: "{{ chain_xion_watcher_prometheus_port }}"
+
+- name: Deploy justfile
+  ansible.builtin.template:
+    src: justfile.j2
+    dest: /home/{{ chain_xion_user }}/justfile
+    owner: "{{ chain_xion_user }}"
+    group: users
+    mode: "0644"

ansible_collections/validators/roles/chain_xion/tasks/xiond-binary.yml

@@ -0,0 +1,148 @@
+---
+- name: Xiond | Check if cosmovisor wanted version is installed
+  ansible.builtin.shell: |
+    source /home/{{ install_go_user }}/.bash_profile
+    cosmovisor version
+  args:
+    executable: /bin/bash
+  register: check_cosmovisor
+  failed_when: false
+  changed_when: false
+
+- name: Xiond | Install cosmovisor {{ chain_xion_cosmovisor_version }}
+  when: chain_xion_cosmovisor_version not in check_cosmovisor.stderr
+  ansible.builtin.shell:
+    cmd: |
+      source ~/.bash_profile
+      go install cosmossdk.io/tools/cosmovisor/cmd/cosmovisor@{{ chain_xion_cosmovisor_version }}
+  args:
+    executable: /bin/bash
+  become: true
+  become_user: "{{ chain_xion_user }}"
+  changed_when: true
+
+- name: Xiond | Check if cosmovisor is already initiated
+  ansible.builtin.stat:
+    path: /home/{{ chain_xion_user }}/.xiond/cosmovisor/config.toml
+  register: cosmovisor_init
+
+- name: Xiond | .bash_profile
+  ansible.builtin.blockinfile:
+    path: /home/{{ chain_xion_user }}/.bash_profile
+    marker: "# {mark} ANSIBLE MANAGED BLOCK - Cosmovisor"
+    block: |
+      export DAEMON_NAME=xiond
+      export DAEMON_HOME=$HOME/.xiond
+      export DAEMON_ALLOW_DOWNLOAD_BINARIES=false
+      export DAEMON_LOG_BUFFER_SIZE=512
+      export DAEMON_RESTART_AFTER_UPGRADE=true
+      export UNSAFE_SKIP_BACKUP=true
+
+- name: Fish config
+  ansible.builtin.copy:
+    dest: ~/.config/fish/conf.d/xion.fish
+    content: |
+      set -x DAEMON_NAME xiond
+      set -x DAEMON_HOME $HOME/.xiond
+      set -x DAEMON_ALLOW_DOWNLOAD_BINARIES false
+      set -x DAEMON_LOG_BUFFER_SIZE 512
+      set -x DAEMON_RESTART_AFTER_UPGRADE true
+      set -x UNSAFE_SKIP_BACKUP true
+    mode: "644"
+  become: true
+  become_user: "{{ chain_xion_user }}"
+
+- name: Xiond | Ensure Xiond repository is present
+  ansible.builtin.git:
+    repo: https://github.com/burnt-labs/xion.git
+    dest: "/home/{{ chain_xion_user }}/xiond"
+    version: "tags/{{ chain_xion_xiond_version }}"
+  become: true
+  become_user: "{{ chain_xion_user }}"
+  register: repo_cloned
+
+- name: Xiond | Build and install
+  when: repo_cloned.changed # noqa: no-handler
+  ansible.builtin.shell:
+    chdir: /home/{{ chain_xion_user }}/xiond
+    cmd: |
+      source ~/.bash_profile
+      make install
+  args:
+    executable: /bin/bash
+  become: true
+  become_user: "{{ chain_xion_user }}"
+  changed_when: true
+  notify: Restart xiond-{{ chain_xion_network }}
+
+- name: Xiond | Initialize Cosmovisor
+  when: not cosmovisor_init.stat.exists # noqa: no-handler
+  ansible.builtin.shell:
+    cmd: |
+      set -o pipefail
+      source ~/.bash_profile
+      cosmovisor init $HOME/go/bin/xiond
+  args:
+    executable: /bin/bash
+  become: true
+  become_user: "{{ chain_xion_user }}"
+  changed_when: true
+
+- name: Xiond | Create cosmovisor update directories
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    recurse: true
+    mode: "0700"
+    owner: "{{ chain_xion_user }}"
+    group: users
+  become: true
+  become_user: "{{ chain_xion_user }}"
+  loop:
+    - /home/{{ chain_xion_user }}/.xiond/cosmovisor/upgrades/{{ chain_xion_xiond_upgrade_name }}
+    - /home/{{ chain_xion_user }}/.xiond/cosmovisor/upgrades/{{ chain_xion_xiond_upgrade_name }}/bin
+
+- name: Xiond | Copy binary to cosmovisor update directory
+  ansible.builtin.copy:
+    src: /home/{{ chain_xion_user }}/go/bin/xiond
+    dest: /home/{{ chain_xion_user }}/.xiond/cosmovisor/upgrades/{{ chain_xion_xiond_upgrade_name }}/bin/xiond
+    mode: "755"
+    remote_src: true
+  become: true
+  become_user: "{{ chain_xion_user }}"
+
+- name: Xiond | Create systemd service file
+  ansible.builtin.copy:
+    dest: /etc/systemd/system/xiond-{{ chain_xion_network }}.service
+    content: |
+      [Unit]
+      Description=xiond-{{ chain_xion_network }} (Validator)
+      After=network.target
+
+      [Service]
+      Type=simple
+      ExecStart=/home/{{ chain_xion_user }}/go/bin/cosmovisor run start
+      User={{ chain_xion_user }}
+      Group=users
+      Restart=always
+      RestartSec=3
+      TimeoutStartSec=900
+      LimitNOFILE=1400000
+      Environment="DAEMON_NAME=xiond"
+      Environment="DAEMON_HOME=/home/{{ chain_xion_user }}/.xiond"
+      Environment="DAEMON_LOG_BUFFER_SIZE=512"
+      Environment="DAEMON_ALLOW_DOWNLOAD_BINARIES=false"
+      Environment="DAEMON_RESTART_AFTER_UPGRADE=true"
+      Environment="UNSAFE_SKIP_BACKUP=true"
+
+      [Install]
+      WantedBy=multi-user.target
+    mode: "0644"
+  notify: Restart xiond-{{ chain_xion_network }}
+
+- name: Xiond | Enable systemd service
+  ansible.builtin.systemd:
+    name: xiond-{{ chain_xion_network }}
+    enabled: true
+    state: started
+    daemon_reload: true