consensys.web3signer

Ansible Role: Web3Signer

Description

This Ansible role installs, configures, and runs Web3Signer, an open-source signing service.

Supported Platforms
Dependencies
Role Variables
Configure Signing Keys
Example Playbook
License
Author Information

Supported Platforms

* Debian
* Ubuntu
* Redhat (CentOS/Fedora)
* Amazon

Dependencies

JDK 11 or higher
PostgreSQL database if slashing protection is enabled for eth2

Role Variables

You can override all variables stored in the defaults/main.yml file. Most of these are configuration options. For more details, check the Web3Signer docs.

Name	Default Value	Description
web3signer_version	`develop`	Version to install
web3signer_user	`web3signer`	OS user to create and run Web3Signer
web3signer_group	`web3signer`	OS group
web3signer_app_home	`/opt/web3signer`	App installation location
web3signer_config_path	`/etc/web3signer`	Location of the config file
web3signer_log_path	`/var/log/web3signer`	Location of log files
web3signer_log_filename	`web3signer.log`	Name of the log file
web3signer_data_home	`/data/web3signer`	Location for persistent data, keys in subfolder
web3signer_db_verify_connection	`True`	Enables checking if the database is available
web3signer_db_host		Host of the PostgreSQL database
web3signer_db_name		Name of the PostgreSQL database
web3signer_db_username		User for the PostgreSQL database
web3signer_db_password		Password for the PostgreSQL database user
web3signer_flyway_version	`7.3.0`	Flyway CLI version for migration
web3signer_service_name	`web3signer`	Name of the systemd service
web3signer_config_filename	`web3signer.yml`	Name of the config file
web3signer_command	`eth2`	Web3Signer command (supported: `eth1`, `eth2`, `filecoin`)
web3signer_keys	`[]`	Specify keys for configuration
web3signer_logging	`INFO`	Logging levels: OFF, FATAL, WARN, INFO, DEBUG, TRACE, ALL
web3signer_http_listen_host	`127.0.0.1`	Host for HTTP to listen on
web3signer_http_listen_port	`9000`	Port for HTTP to listen on
web3signer_http_host_allowlist	['127.0.0.1']	Allowed hostnames for HTTP access
web3signer_metrics_enabled	`False`	Set to start the metrics exporter
web3signer_metrics_host	`127.0.0.1`	Host for metrics exporter
web3signer_metrics_port	`9001`	Port for metrics exporter
web3signer_metrics_categories	['HTTP', 'SIGNING', 'FILECOIN', 'JVM', 'PROCESS', 'ETH2_SLASHING_PROTECTION']	Metrics categories to track
web3signer_metrics_host_allowlist	['127.0.0.1']	Allowed hostnames for metrics access
web3signer_idle_connection_timeout_seconds	`30`	Time to wait before terminating idle connections
web3signer_swagger_ui_enabled	`False`	Enable Swagger UI
web3signer_tls_keystore_file		Path to the PKCS#12 keystore for TLS
web3signer_tls_keystore_password_file		File path for the keystore password
web3signer_tls_allow_any_client		If set, any client can connect
web3signer_tls_known_client_file		File with authorized client fingerprints
web3signer_tls_allow_ca_clients		Allows clients authorized by CA to connect
web3signer_log4j_config_file	undefined	Custom log4j configuration file
web3_signer_additional_configuration	`{}`	Additional configurations for the config file

Configure Signing Keys

Signing keys must be provided as a parameter web3signer_keys in a map format. The key name is used as the filename for the key. Currently, it supports unencrypted keys, with plans for added support soon.

web3signer_keys:
  key1:
    type: 'file-raw'
    keyType: 'BLS'
    privateKey: '0x6eeb32dd0fe010051825e3ef402b1a7c66fd6daa9c61eb351c5d760684de8e6a'

Example Playbook

Here’s an example playbook to install PostgreSQL, Java, and Web3Signer on a single VM.

- name: Web3Signer Installation
  hosts: web3signer
  remote_user: vagrant
  vars:
    web3signer_http_listen_host: '0.0.0.0'
    web3signer_db_host: 'localhost'
    web3signer_db_name: 'web3signer'
    web3signer_db_username: 'web3signer'
    web3signer_db_password: 'somepassword'
    web3signer_keys:
      key1:
        type: 'file-raw'
        keyType: 'BLS'
        privateKey: '0x6eeb32dd0fe010051825e3ef402b1a7c66fd6daa9c61eb351c5d760684de8e6a'
    postgresql_hba_entries:
      - { type: local, database: all, user: postgres, auth_method: trust }
      - { type: host, database: web3signer, user: web3signer, address: localhost, auth_method: password }
    postgresql_users:
      - name: 'web3signer'
        password: 'somepassword'
    postgresql_databases:
      - name: 'web3signer'

  roles:
    - role: geerlingguy.postgresql
      become: True
    - role: lean_delivery.java
      become: True
    - role: consensys.web3signer

License

Apache

Author Information

Consensys, 2020

Informazioni sul progetto

Web3Signer is an open-source signing service developed under the Apache 2.0 license and written in Java.

role web3signer blockchain ethereum enterprise crypto

Installa

ansible-galaxy install consensys.web3signer

GitHub repository

3 stelle

6 fork

1 problemi aperti

Licenza

Unknown

Download

10k

Proprietario

Consensys

Consensys is the software engineering leader of the blockchain space. Our full-stack Ethereum products help developers build next-generation networks.