packer provisioner

.circleci/config.yml

@@ -2,6 +2,7 @@ version: 2.1
 orbs:
   go: gotest/[email protected]
   aws-cli: circleci/[email protected]
+  packer: salaxander/[email protected]
 
 executors:
   golang:
@@ -277,6 +278,11 @@ jobs:
       - install-deps
       - prepare
       - run: make calibnet
+      - run: mkdir linux-calibnet && mv lotus lotus-miner lotus-worker linux-calibnet
+      - persist_to_workspace:
+          root: "."
+          paths:
+            - linux-calibnet
   build-lotus-soup:
     description: |
       Compile `lotus-soup` Testground test plan
@@ -583,6 +589,22 @@ jobs:
               docker push $<<parameters.account-url>>/<<parameters.repo>>:${tag}
             done
 
+  publish-packer:
+    description: build and push AWS IAM and DigitalOcean droplet.
+    executor:
+      name: packer/default
+      packer-version: 1.6.6
+    steps:
+      - checkout
+      - attach_workspace:
+          at: "."
+      - packer/build:
+          template: tools/packer/lotus.pkr.hcl
+          args: "-var ci_workspace_bins=./linux -var lotus_network=mainnet -var git_tag=$CIRCLE_TAG"
+      - packer/build:
+          template: tools/packer/lotus.pkr.hcl
+          args: "-var ci_workspace_bins=./linux-calibnet -var lotus_network=calibrationnet -var git_tag=$CIRCLE_TAG"
+
 workflows:
   version: 2.1
   ci:
@@ -683,3 +705,15 @@ workflows:
           path: .
           repo: lotus-dev
           tag: '${CIRCLE_SHA1:0:8}'
+      - publish-packer:
+          requires:
+            - build-all
+            - build-ntwk-calibration
+          filters:
+            branches:
+              ignore:
+                - /.*/
+            tags:
+              only:
+                - /^v\d+\.\d+\.\d+$/
+

tools/packer/etc/motd

@@ -0,0 +1,57 @@
+Your lotus node is up and running!
+
+This image contains the two most important pieces of the lotus filecoin suite, the
+daemon and the miner. The daemon is is configured to download a snapshot and start
+running. In fact, by the time you read this, the daemon may already be in sync.
+Go ahead and make sure everything is working correctly with the following commands.
+
+
+
+To check if the daemon is running:
+
+     systemctl status lotus-daemon
+
+
+
+To check if the daemon is in sync:
+
+    lotus sync status
+
+    **note: When starting lotus for the first time, it will download a chain snapshot.
+            This is a large download and will take several minutes to complete. During
+            this time, the lotus API will not be up yet. Give it time! You can see
+	    progress by looking at the systemd journal.
+
+
+To check if the daemon is connecting to other lotus nodes:
+
+    lotus net peers
+
+
+
+No wallets are crated by default. You can view, create, and delete wallets with
+the lotus command. On this image, lotus is running as the user `fc`.
+Be careful, now. Don't delete a wallet with funds!
+
+    sudo -E -u fc lotus wallet list
+    sudo -E -u fc lotus wallet new bls
+
+
+
+The lotus miner is also installed, but it's not running by default. If you have no
+special disk or worker requirements, you can initialize the lotus-miner repo like this:
+
+    sudo -E -u fc lotus-miner init -o <wallet_you_created_before>
+
+
+
+You only need to do this once, after which, you can enable and start the miner.
+
+    sudo systemctl enable lotus-miner
+    sudo systemctl start lotus-miner
+
+
+
+For more information, see             https://docs.filecoin.io/
+Found a bug? let us know!             https://github.com/filecoin-project/lotus
+Chat with us on slack!                https://filecoinproject.slack.com/archives/CEGN061C5

tools/packer/homedir/bashrc

@@ -0,0 +1,5 @@
+PS1="[\h \w] ⨎ "
+
+export PROMT_DIRTRIM=1
+export LOTUS_PATH=/var/lib/lotus
+export LOTUS_MINER_PATH=/var/lib/lotus-miner

tools/packer/lotus.pkr.hcl

@@ -0,0 +1,100 @@
+variable "ci_workspace_bins" {
+  type = string
+  default = "./linux"
+}
+
+variable "lotus_network" {
+  type = string
+  default = "mainnet"
+}
+
+variable "git_tag" {
+  type = string
+  default = ""
+}
+
+locals {
+  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
+} 
+
+source "amazon-ebs" "lotus" {
+  ami_name      = "lotus-${var.lotus_network}-${var.git_tag}-${local.timestamp}"
+  ami_regions = [
+    "us-east-1",
+    "us-west-2",
+  ]
+  ami_groups = [
+    # This causes the ami to be publicly-accessable.
+    "all",
+  ]
+  ami_description = "Lotus Filecoin AMI"
+  launch_block_device_mappings {
+    device_name = "/dev/sda1"
+    volume_size = 100
+    delete_on_termination = true
+  }
+
+  instance_type = "t2.micro"
+  source_ami_filter {
+    filters = {
+      name = "ubuntu-minimal/images/*ubuntu-focal-20.04-amd64-minimal*"
+      root-device-type = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners = ["099720109477"]
+  }
+  ssh_username = "ubuntu"
+}
+
+source "digitalocean" "lotus" {
+  droplet_name = "lotus-${var.lotus_network}"
+  size = "s-1vcpu-1gb"
+  region = "nyc3"
+  image = "ubuntu-20-04-x64"
+  snapshot_name = "lotus-${var.lotus_network}-${var.git_tag}-${local.timestamp}"
+  ssh_username = "root"
+}
+
+build {
+  sources = [
+    "source.amazon-ebs.lotus",
+    "source.digitalocean.lotus",
+  ]
+
+  # Lotus software (from CI workspace)
+  provisioner "file" {
+    source = "${var.ci_workspace_bins}/lotus"
+    destination = "lotus"
+  }
+  provisioner "file" {
+    source = "${var.ci_workspace_bins}/lotus-miner"
+    destination = "lotus-miner"
+  }
+  # First run script
+  provisioner "file" {
+    source = "./tools/packer/scripts/${var.lotus_network}/lotus-init.sh"
+    destination = "lotus-init.sh"
+  }
+  # Systemd service units.
+  provisioner "file" {
+    source = "./tools/packer/systemd/lotus-daemon.service"
+    destination = "lotus-daemon.service"
+  }
+  provisioner "file" {
+    source = "./tools/packer/systemd/lotus-miner.service"
+    destination = "lotus-miner.service"
+  }
+  provisioner "file" {
+    source = "./tools/packer/etc/motd"
+    destination = "motd"
+  }
+  provisioner "file" {
+    source = "./tools/packer/homedir/bashrc"
+    destination = ".bashrc"
+  }
+  # build it.
+  provisioner "shell" {
+    script = "./tools/packer/setup.sh"
+  }
+}

tools/packer/scripts/calibrationnet/lotus-init.sh

@@ -0,0 +1,20 @@
+#!/usr/bin/env bash
+
+# This script sets up an initial configuraiton for the lotus daemon and miner
+# It will only run once.
+
+GATE="$LOTUS_PATH"/date_initialized
+
+# Don't init if already initialized.
+if [ -f "GATE" ]; then
+	echo lotus already initialized.
+	exit 0
+fi
+
+# Not importing snapshot on calibrationnet.
+#
+# echo importing minimal snapshot
+# lotus daemon --import-snapshot https://fil-chain-snapshots-fallback.s3.amazonaws.com/mainnet/minimal_finality_stateroots_latest.car --halt-after-import
+
+# Block future inits
+date > "$GATE"

tools/packer/scripts/mainnet/lotus-init.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# This script sets up an initial configuraiton for the lotus daemon and miner
+# It will only run once.
+
+GATE="$LOTUS_PATH"/date_initialized
+
+# Don't init if already initialized.
+if [ -f "GATE" ]; then
+	echo lotus already initialized.
+	exit 0
+fi
+
+echo importing minimal snapshot
+lotus daemon --import-snapshot https://fil-chain-snapshots-fallback.s3.amazonaws.com/mainnet/minimal_finality_stateroots_latest.car --halt-after-import
+
+# Block future inits
+date > "$GATE"

tools/packer/setup.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+
+# This script is executed by packer to setup the image.
+# When this script is run, packer will have already copied binaries into the home directory of
+# whichever user it has access too. This script is executed from within the home directory of that
+# user. Bear in mind that different cloud providers, and different images on the same cloud
+# provider will have a different initial user account.
+
+set -x
+
+# Become root, if we aren't already.
+# Docker images will already be root. AMIs will have an SSH user account.
+UID=$(id -u)
+if [ x$UID != x0 ]
+then
+	printf -v cmd_str '%q ' "$0" "$@"
+	exec sudo su -c "$cmd_str"
+fi
+
+MANAGED_BINS=( lotus lotus-miner lotus-init.sh )
+MANAGED_FILES=(
+  /lib/systemd/system/lotus-daemon.service
+	/lib/systemd/system/lotus-miner.service
+	/etc/motd
+)
+
+# install libs.
+apt update
+apt -y install libhwloc15 ocl-icd-libopencl1
+ln -s /usr/lib/x86_64-linux-gnu/libhwloc.so.15 /usr/lib/x86_64-linux-gnu/libhwloc.so.5
+
+# Create lotus user
+useradd -c "lotus system account" -r fc
+install -o fc -g fc -d /var/lib/lotus
+install -o fc -g fc -d /var/lib/lotus-miner
+
+# Install software
+for i in "${MANAGED_BINS[@]}"
+do
+	install -o root -g root -m 755 -t /usr/local/bin $i
+	rm $i
+done
+
+# Install systemd and other files.
+# Because packer doesn't copy files with root permisison,
+# files are in the home directory of the ssh user. Copy
+# these files into the right position.
+for i in "${MANAGED_FILES[@]}"
+do
+	fn=$(basename $i)
+	install -o root -g root -m 644 $fn $i
+	rm $fn
+done
+
+# Enable services
+systemctl daemon-reload
+systemctl enable lotus-daemon

tools/packer/systemd/lotus-daemon.service

@@ -0,0 +1,17 @@
+[Unit]
+Description=Lotus Daemon
+After=network.target
+
+[Service]
+User=fc
+Group=fc
+ExecStartPre=/usr/local/bin/lotus-init.sh
+ExecStart=/usr/local/bin/lotus daemon
+ExecStop=/usr/local/bin/lotus daemon stop
+Environment=LOTUS_PATH=/var/lib/lotus
+Restart=always
+RestartSec=30
+TimeoutSec=infinity
+
+[Install]
+WantedBy=multi-user.target

tools/packer/systemd/lotus-miner.service

@@ -0,0 +1,15 @@
+[Unit]
+Description=Lotus Miner
+After=network.target
+
+[Service]
+User=fc
+Group=fc
+ExecStart=/usr/local/bin/lotus-miner run
+Environment=LOTUS_PATH=/var/lib/lotus
+Environment=LOTUS_MINER_PATH=/var/lib/lotus-miner
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=multi-user.target