135 lines
4.6 KiB
YAML
135 lines
4.6 KiB
YAML
---
|
|
# Connect biscayne to DoubleZero multicast via laconic-mia-sw01
|
|
#
|
|
# Establishes a GRE tunnel to the nearest DZ hybrid device and subscribes
|
|
# to jito-shredstream and bebop multicast groups.
|
|
#
|
|
# Usage:
|
|
# ansible-playbook playbooks/connect-doublezero-multicast.yml
|
|
# ansible-playbook playbooks/connect-doublezero-multicast.yml --check # dry-run
|
|
|
|
- name: Connect biscayne to DoubleZero multicast
|
|
hosts: biscayne
|
|
gather_facts: false
|
|
|
|
vars:
|
|
dz_multicast_groups:
|
|
- jito-shredstream
|
|
- bebop
|
|
|
|
tasks:
|
|
# ------------------------------------------------------------------
|
|
# Pre-checks
|
|
# ------------------------------------------------------------------
|
|
- name: Verify doublezerod service is running
|
|
ansible.builtin.systemd:
|
|
name: doublezerod
|
|
state: started
|
|
check_mode: true
|
|
register: dz_service
|
|
failed_when: dz_service.status.ActiveState != "active"
|
|
|
|
- name: Get doublezero identity address
|
|
ansible.builtin.command:
|
|
cmd: doublezero address
|
|
register: dz_address
|
|
changed_when: false
|
|
|
|
- name: Verify doublezero identity matches expected pubkey
|
|
ansible.builtin.assert:
|
|
that:
|
|
- dz_address.stdout | trim == dz_identity
|
|
fail_msg: >-
|
|
DZ identity mismatch: got '{{ dz_address.stdout | trim }}',
|
|
expected '{{ dz_identity }}'
|
|
|
|
- name: Check current DZ connection status
|
|
ansible.builtin.command:
|
|
cmd: "doublezero -e {{ dz_environment }} status"
|
|
register: dz_status
|
|
changed_when: false
|
|
failed_when: false
|
|
|
|
- name: Fail if already connected (tunnel is up)
|
|
ansible.builtin.fail:
|
|
msg: >-
|
|
DoubleZero tunnel is already connected. To reconnect, first
|
|
disconnect manually with: doublezero -e {{ dz_environment }} disconnect
|
|
when: "'connected' in dz_status.stdout | lower"
|
|
|
|
# ------------------------------------------------------------------
|
|
# Create access pass
|
|
# ------------------------------------------------------------------
|
|
- name: Create DZ access pass for multicast subscriber
|
|
ansible.builtin.command:
|
|
cmd: >-
|
|
doublezero -e {{ dz_environment }} access-pass set
|
|
--accesspass-type solana-multicast-subscriber
|
|
--client-ip {{ client_ip }}
|
|
--user-payer {{ dz_identity }}
|
|
--solana-validator {{ validator_identity }}
|
|
--tenant {{ dz_tenant }}
|
|
register: dz_access_pass
|
|
changed_when: "'created' in dz_access_pass.stdout | lower or 'updated' in dz_access_pass.stdout | lower"
|
|
|
|
- name: Show access pass result
|
|
ansible.builtin.debug:
|
|
var: dz_access_pass.stdout_lines
|
|
|
|
# ------------------------------------------------------------------
|
|
# Connect to DZ multicast
|
|
# ------------------------------------------------------------------
|
|
- name: Connect to DoubleZero multicast via {{ dz_device }}
|
|
ansible.builtin.command:
|
|
cmd: >-
|
|
doublezero -e {{ dz_environment }} connect multicast
|
|
{% for group in dz_multicast_groups %}
|
|
--subscribe {{ group }}
|
|
{% endfor %}
|
|
--device {{ dz_device }}
|
|
--client-ip {{ client_ip }}
|
|
register: dz_connect
|
|
changed_when: true
|
|
|
|
- name: Show connect result
|
|
ansible.builtin.debug:
|
|
var: dz_connect.stdout_lines
|
|
|
|
# ------------------------------------------------------------------
|
|
# Post-checks
|
|
# ------------------------------------------------------------------
|
|
- name: Verify tunnel status is connected
|
|
ansible.builtin.command:
|
|
cmd: "doublezero -e {{ dz_environment }} status"
|
|
register: dz_post_status
|
|
changed_when: false
|
|
failed_when: "'connected' not in dz_post_status.stdout | lower"
|
|
|
|
- name: Show tunnel status
|
|
ansible.builtin.debug:
|
|
var: dz_post_status.stdout_lines
|
|
|
|
- name: Verify routes are installed
|
|
ansible.builtin.command:
|
|
cmd: "doublezero -e {{ dz_environment }} routes"
|
|
register: dz_routes
|
|
changed_when: false
|
|
|
|
- name: Show installed routes
|
|
ansible.builtin.debug:
|
|
var: dz_routes.stdout_lines
|
|
|
|
- name: Check multicast group membership
|
|
ansible.builtin.command:
|
|
cmd: "doublezero -e {{ dz_environment }} status"
|
|
register: dz_multicast_status
|
|
changed_when: false
|
|
|
|
- name: Connection summary
|
|
ansible.builtin.debug:
|
|
msg: >-
|
|
DoubleZero multicast connected via {{ dz_device }}.
|
|
Subscribed groups: {{ dz_multicast_groups | join(', ') }}.
|
|
Next step: request allowlist access from group owners
|
|
(see docs/doublezero-multicast-access.md).
|