consensys.tessera
Ansible Role: Tessera
Description
This repository includes an Ansible playbook to install Tessera on a physical server.
Table of Contents
Prerequisites
- Java JDK version 11 or higher
- Build tools to compile libsodium
Role Variables
Variables are defined in defaults/main.yml. You can modify these by editing the file, using command-line options, or adding variables in your playbook. Most variables control the settings for Tessera's configuration file, which you can find in the documentation.
Recommended Required Role Variables
The table below lists essential variables you should use. If you want to see all variables that can be adjusted, check the full list.
| Name | Default | Required? |
|---|---|---|
| tessera_version | unset | Yes |
| run_with_besu | false | Yes, if running with Besu. Otherwise, leave unset or set to false for GoQuorum. |
| server_configs | unset | Yes. If left unset, a default config suitable for development will be used. Check templates/config.json.j2. |
| peers | unset | Yes. If left unset, the default will connect to itself. Check templates/config.json.j2. |
| public_key | unset | Public key needed. |
| config_details | unset | Details for secure or non-secure inline key pairs. |
| jdbc_url | Set to tessera_config_dir/db | Yes. Defaults to tessera_config_dir/db as a local file. |
| jdbc_username | "sa" | Yes. Make sure to update this. |
| jdbc_password | "" | Yes. Ensure this is changed. |
| default_log_level | INFO | No. Can be set to 'DEBUG' if needed. |
Full List of Role Variables
| Name | Default | Description |
|---|---|---|
| tessera_version | unset | The version of Tessera to install. Must be specified for the role to work. |
| tessera_user | tessera | The system user that will run Tessera. |
| tessera_group | tessera | Group for the user. |
| tessera_download_url | Predefined | URL for downloading Tessera tar file. |
| enclave_download_url | Predefined | URL for downloading Enclave tar file. |
| azure_key_vault_download_url | Predefined | URL for downloading Azure Key Vault tar file. |
| aws_key_vault_download_url | Predefined | URL for downloading AWS Key Vault tar file. |
| hashicorp_key_vault_download_url | Predefined | URL for downloading Hashicorp Key Vault tar file. |
| libsodium_download_url | Predefined | URL for downloading Libsodium tar.gz file. |
| tessera_base_dir | /opt/tessera | Base directory for Tessera and its dependencies. |
| tessera_install_dir | /opt/tessera/tessera-{{ tessera_version }} | Installation directory for Tessera. |
| tessera_config_dir | /etc/tessera | Configuration directory for Tessera. |
| tessera_log_dir | /var/log/tessera | Log directory for Tessera. |
| tessera_libsodium_dir | /opt/tessera/libsodium | Directory for Libsodium installation. |
| default_log_level | INFO | Log level for Tessera. |
| jdbc_url | --- | JDBC connection URL. |
| jdbc_username | "sa" | JDBC username. |
| jdbc_password | "" | JDBC password. |
| disable_peer_discovery | false | If true, limits communication to the peers listed in the config file. |
| use_whitelist | false | If true, restricts connection to Tessera to specified peers. |
| run_with_besu | false | Set to true if running Tessera with Besu instead of GoQuorum. |
| bootstrap_mode | false | If true, the node acts as a bootstrap for other nodes. |
| server_configs | [] | Refer to docs for details. |
| peers | [] | List of peers to connect to. |
| public_key | "" | Public key for Tessera. |
| config_details | "" | Details for secure or non-secure inline key pairs. |
| private_key_path | "" | Path to the private key. |
| public_key_path | "" | Path to the public key. |
| private_key | "" | Private key for Tessera. |
| aws_secret_manager | false | Set to true if using AWS Secrets Manager. |
| aws_region | us-east-1 | Specifies the desired AWS region for Secrets Manager. |
| aws_SecretsManager_PublicKeyId | "" | AWS Secrets Manager Public Key ID. |
| aws_SecretsManager_PrivateKeyId | "" | AWS Secrets Manager Private Key ID. |
| azure_key_vault | false | Set to true if using Azure Key Vault. |
| azure_Vault_PrivateKeyId | "" | Azure Private Key ID. |
| azure_Vault_PublicKeyId | "" | Azure Public Key ID. |
| azure_Vault_PublicKeyVersion | "" | Azure Public Key Version. |
| azure_Vault_PrivateKeyVersion | "" | Azure Private Key Version. |
| hashicorp_vault | false | Set to true if using Hashicorp Vault. |
| vault_url | "https://localhost:8200" | URL for the vault. |
| tls_KeyStorePath | "" | Path to TLS Key Store. |
| tls_TrustStorePath | "" | Path to Trust Store. |
| app_role_Path | not-default | |
| hashicorp_vaultSecretEngineName | "" | Vault Secret Engine Name. |
| hashicorp_vaultSecretName | "" | Secret Name in Hashicorp Vault. |
| hashicorp_vaultSecretVersion | "" | Version of the secret in Hashicorp Vault. |
| hashicorp_vaultPrivateKeyId | "" | Private Key ID in Hashicorp Vault. |
| hashicorp_vaultPublicKeyId | "" | Public Key ID in Hashicorp Vault. |
| enable_remoteKeyValidation | false | Ensures that a remote node owns the advertised public keys. |
| enable_privacyEnhancements | false | Enables Party Protection (PP) and Private State Validation (PSV). |
| enable_multiplePrivateStates | false | Enables Multiple Private States feature. |
| always_send_to | [] | Comma-separated list of public keys to receive every transaction sent through the node. This allows configuration of a node that receives a copy of every transaction, even if not specified as a party to it. |
| symmetric_cipher | "AES/GCM/NoPadding" | |
| elliptic_curve | "secp256r1" | |
| nonce_length | "24" | |
| shared_key_length | "32" |
Example Usage
- Install role from Ansible Galaxy
ansible-galaxy install consensys.tessera
Create the requirements.yml with required variables
- hosts: localhost
connection: local
force_handlers: True
roles:
- role: consensys.tessera
vars:
besu_version: 21.10.2
tessera_version: 21.10.0
config_details: '["data":{"bytes":"Wl+...........tA="},"type":"unlocked"}]'
public_key: BUL.....3Bo=
Note: The config_details and public_key shown above are for demonstration purposes in a development environment only. They should NOT be used in production. Refer to the Tessera documentation for information on generating new keys and using Vault services.
Note: The above command is suitable for development environments only. You will likely need to specify your own peers and server_config based on your needs.
- Install role from GitHub
ansible-galaxy install git+https://github.com/consensys/ansible-role-tessera.git
Create requirements.yml for the GitHub installed role
- hosts: localhost
connection: local
force_handlers: True
roles:
- role: ansible-role-tessera
vars:
besu_version: 21.10.2
tessera_version: 21.10.0
config_details: '["data":{"bytes":"Wl+...........tA="},"type":"unlocked"}]'
public_key: BUL.....3Bo=
- Run the setup with:
ansible-playbook -v requirements.yml -vvv
License
Apache License
Author Information
ConsenSys, 2021
Informazioni sul progetto
Tessera is a private transaction manager for an Ethereum client like GoQuourm or Besu
Installa
ansible-galaxy install consensys.tesseraLicenza
apache-2.0
Download
90
Proprietario
Consensys is the software engineering leader of the blockchain space. Our full-stack Ethereum products help developers build next-generation networks.