configure remote_write for prometheus. move secrets out of inventory …

…and into vault

.gitignore

@@ -1,3 +1,6 @@
 inventory*
 !inventory.yml.sample
-.DS_Store
+.DS_Store
+private/*
+vault.yml
+ansible.cfg

group_vars/all/vars.yml

@@ -0,0 +1,38 @@
+admin_users: "{{ vault_admin_users }}"
+grafana_cloud_prometheus_url: "{{ vault_grafana_cloud_prometheus_url }}"
+grafana_cloud_prometheus_username: "{{ vault_grafana_cloud_prometheus_username }}"
+grafana_cloud_prometheus_password: "{{ vault_grafana_cloud_prometheus_password }}"
+grafana_cloud_promtail_username: "{{ vault_grafana_cloud_promtail_username }}"
+grafana_cloud_promtail_apikey: "{{ vault_grafana_cloud_promtail_apikey }}"
+
+users:
+  - username: 'pokt'
+moniker: "SDL-POKT-1"
+seeds: "03b74fa3c68356bb40d58ecc10129479b159a145@seed1.mainnet.pokt.network:20656,64c91701ea98440bc3674fdb9a99311461cdfd6f@seed2.mainnet.pokt.network:21656,0057ee693f3ce332c4ffcb499ede024c586ae37b@seed3.mainnet.pokt.network:22856,9fd99b89947c6af57cd0269ad01ecb99960177cd@seed4.mainnet.pokt.network:23856,f2a4d0ec9d50ea61db18452d191687c899c3ca42@seed5.mainnet.pokt.network:24856,f2a9705924e8d0e11fed60484da2c3d22f7daba8@seed6.mainnet.pokt.network:25856,582177fd65dd03806eeaa2e21c9049e653672c7e@seed7.mainnet.pokt.network:26856,2ea0b13ab823986cfb44292add51ce8677b899ad@seed8.mainnet.pokt.network:27856,a5f4a4cd88db9fd5def1574a0bffef3c6f354a76@seed9.mainnet.pokt.network:28856,d4039bd71d48def9f9f61f670c098b8956e52a08@seed10.mainnet.pokt.network:29856,5c133f07ed296bb9e21e3e42d5f26e0f7d2b2832@poktseed100.chainflow.io:26656,[email protected]:26656"
+persistent_peers: ""
+MaxNumInboundPeers: 30
+MaxNumOutboundPeers: 10
+UnconditionalPeerIDs: ""
+PexReactor: "true"  # yes it's weird to quote a bool but it's necessary for this to parse properly  
+go_version: '1.19'
+pokt_user: 'pokt'
+pokt_user_dir: "/home/{{ pokt_user }}"
+monitor_user: 'monitor'
+monitor_user_dir: "/home/{{ monitor_user }}"
+custom_port_prefix: 55
+repo: 'https://github.com/pokt-network/pocket-core'
+pokt_release_tag: 'BETA-0.9.0'
+path: '/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/go/bin:{{ pokt_user_dir }}/go/bin'
+
+account_address: "{{ vault_account_address }}"
+raw_private_key: "{{ vault_raw_private_key }}" 
+account_passphrase: "{{ vault_account_passphrase }}"
+# note that the key in the vault is NOT the mainnet signer, in the interest of preventing double signing problems
+# run ~/pokt/install_validator_key.sh as pokt user to install the mainnet validator signer key
+
+genesis_url: 'https://raw.githubusercontent.com/pokt-network/pocket-network-genesis/master/mainnet/genesis.json'
+genesis_hash: 'sha256:83e411fe6298d83963f2ebf5af3ef65b49dd029a6eb1a04db31a08b244f3d414'
+snapshot_url: 'https://snapshot.nodes.pokt.network/latest.tar.gz'
+expose_public_ip: true
+
+ethereum_rpc_uri: 'https://fixme'

inventory.yml.sample

@@ -1,38 +1,7 @@
 all:
-    hosts: 
-      sdl_pokt:
-        ansible_host: 192.168.31.37
-    vars: 
-      ansible_user: someuser
-      ansible_port: 22
-      admin_users:
-        - username: 'admin1'
-          sshpublickey: 'ssh-ed25519 xxxx admin1@adminhost'
-        - username: 'admin2'
-          sshpublickey: 'ssh-ed25519 xxxx admin2@adminhost'
-      users:
-        - username: 'pokt'
-
-    moniker: "your_moniker"
-    p2p_port: 26656
-    external_ip_addr: FIXME
-    seeds: "03b74fa3c68356bb40d58ecc10129479b159a145@seed1.mainnet.pokt.network:20656,64c91701ea98440bc3674fdb9a99311461cdfd6f@seed2.mainnet.pokt.network:21656,0057ee693f3ce332c4ffcb499ede024c586ae37b@seed3.mainnet.pokt.network:22856,9fd99b89947c6af57cd0269ad01ecb99960177cd@seed4.mainnet.pokt.network:23856,f2a4d0ec9d50ea61db18452d191687c899c3ca42@seed5.mainnet.pokt.network:24856,f2a9705924e8d0e11fed60484da2c3d22f7daba8@seed6.mainnet.pokt.network:25856,582177fd65dd03806eeaa2e21c9049e653672c7e@seed7.mainnet.pokt.network:26856,2ea0b13ab823986cfb44292add51ce8677b899ad@seed8.mainnet.pokt.network:27856,a5f4a4cd88db9fd5def1574a0bffef3c6f354a76@seed9.mainnet.pokt.network:28856,d4039bd71d48def9f9f61f670c098b8956e52a08@seed10.mainnet.pokt.network:29856,5c133f07ed296bb9e21e3e42d5f26e0f7d2b2832@poktseed100.chainflow.io:26656,[email protected]:26656"
-    persistent_peers: ""
-    MaxNumInboundPeers: 30
-    MaxNumOutboundPeers: 10
-    UnconditionalPeerIDs: ""
-    PexReactor: "true"  # yes it's weird to quote a bool but it's necessary for this to parse properly
-    go_version: '1.19'
-    pokt_user: 'pokt'
-    pokt_user_dir: "/home/{{ pokt_user }}"
-    custom_port_prefix: 55
-    repo: 'https://github.com/pokt-network/pocket-core'
-    pokt_release_tag: 'RC-0.8.3'
-    path: '/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin:/usr/local/go/bin:{{ pokt_user_dir }}/go/bin'
-    passphrase: 'supersecretpassphrase'
-    raw_private_key: 'rawsecretkey'
-    pokt_address: 'acct_addr'
-    genesis_url: 'https://raw.githubusercontent.com/pokt-network/pocket-network-genesis/master/mainnet/genesis.json'
-    genesis_hash: 'sha256:83e411fe6298d83963f2ebf5af3ef65b49dd029a6eb1a04db31a08b244f3d414'
-    snapshot_url: 'https://link.us1.storjshare.io/raw/jwfbmq6ar3vsyzeqkconsiz24sja/pocket-public-blockchains/pocket-network-data-0026-rc-0.6.3.6.tar'
-
+  hosts: 
+    sdl_pokt:
+      ansible_host: 192.168.31.37
+  vars: 
+    ansible_user: admin
+    ansible_port: 22

roles/monitor/tasks/configure_monitoring.yml

@@ -1,4 +1,8 @@
 ---
+- name: Debug monitoring
+  debug: 
+    msg: "{{ hostvars[inventory_hostname] }}"
+
 - name: Create monitoring user
   user:
     name: "{{ monitor_user }}"

roles/monitor/templates/prometheus.yml.j2

@@ -15,7 +15,7 @@ scrape_configs:
     metrics_path: /metrics
     static_configs:
       - targets:
-          - '10.10.60.100:8083'   # prometheus port controlled in pocket config.json, doesn't seem to report anything useful
+          - '10.10.60.100:8083'                         # prometheus port controlled in pocket config.json
           #- '10.10.60.100:{{custom_port_prefix}}660'   # prometheus port for tendermint in pocket config.json
   - job_name: tendermint
     metrics_path: /metrics
@@ -27,3 +27,14 @@ scrape_configs:
     static_configs:
       - targets:
           - '10.10.60.100:9100'   # node exporter
+
+remote_write: 
+- url: {{ grafana_cloud_prometheus_url }}
+  basic_auth: 
+    username: {{ grafana_cloud_prometheus_username }}
+    password: {{ grafana_cloud_prometheus_password }}
+  name: drop_expensive
+  #write_relabel_configs:
+  #  - source_labels: [__name__]
+  #    regex: expensive.*
+  #    action: drop

roles/pokt_dev/tasks/configure_pokt.yml

@@ -11,7 +11,7 @@
 - name: Import keypair
   become: yes
   become_user: "pokt" 
-  command: "pocket accounts import-raw --pwd-encrypt {{ passphrase }} {{ raw_private_key }}"
+  command: "pocket accounts import-raw --pwd-encrypt {{ account_passphrase }} {{ raw_private_key }}"
   environment:
         PATH: "{{ path }}"
         GOPATH: "{{ pokt_user_dir }}/go"
@@ -35,7 +35,7 @@
 - name: Create validator
   become: yes
   become_user: "pokt" 
-  command: "pocket accounts set-validator --pwd {{ passphrase }} {{ pokt_address }}"
+  command: "pocket accounts set-validator --pwd {{ account_passphrase }} {{ account_address }}"
   environment:
         PATH: "{{ path }}"
         GOPATH: "{{ pokt_user_dir }}/go"