net/ plumbing to manage LetsEncrypt TLS certificates (#4985)

automerge

ci/testnet-deploy.sh

@@ -27,6 +27,7 @@ maybeHashesPerTick=
 maybeStakeNodesInGenesisBlock=
 maybeExternalPrimordialAccountsFile=
 maybeLamports=
+maybeLetsEncryptDomainName=
 
 usage() {
   exitcode=0
@@ -77,6 +78,9 @@ Deploys a CD testnet
                         - If set, will skip software update deployment
    --skip-remote-log-retrieval
                         - If set, will not fetch logs from remote nodes
+   --letsencrypt [dns name]
+                        - Attempt to generate a TLS certificate using this DNS name
+
    Note: the SOLANA_METRICS_CONFIG environment variable is used to configure
          metrics
 EOF
@@ -106,6 +110,9 @@ while [[ -n $1 ]]; do
     elif [[ $1 = --skip-remote-log-retrieval ]]; then
       fetchLogs=false
       shift 1
+    elif [[ $1 = --letsencrypt ]]; then
+      maybeLetsEncryptDomainName="$2"
+      shift 2
     else
       usage "Unknown long option: $1"
     fi
@@ -342,7 +349,10 @@ if ! $skipStart; then
       # shellcheck disable=SC2206 # Do not want to quote $maybeHashesPerTick
       args+=($maybeHashesPerTick)
     fi
-
+    if [[ -n $maybeLetsEncryptDomainName ]]; then
+      # shellcheck disable=SC2206 # Do not want to quote $maybeLetsEncryptDomainName
+      args+=($maybeLetsEncryptDomainName)
+    fi
     if $reuseLedger; then
       args+=(-r)
     fi
@@ -371,7 +381,6 @@ if ! $skipStart; then
       args+=($maybeLamports)
     fi
 
-    # shellcheck disable=SC2086 # Don't want to double quote the $maybeXYZ variables
     time net/net.sh "${args[@]}"
   ) || ok=false
 

ci/testnet-manager.sh

@@ -336,7 +336,8 @@ deploy() {
     (
       set -x
       ci/testnet-deploy.sh -p edge-testnet-solana-com -C ec2 -z us-west-1a \
-        -t "$CHANNEL_OR_TAG" -n 3 -c 0 -u -P -a eipalloc-0ccd4f2239886fa94 \
+        -t "$CHANNEL_OR_TAG" -n 3 -c 0 -u -P \
+        -a eipalloc-0ccd4f2239886fa94 --letsencrypt edge.testnet.solana.com \
         ${skipCreate:+-e} \
         ${skipStart:+-s} \
         ${maybeStop:+-S} \
@@ -362,7 +363,8 @@ deploy() {
       set -x
       NO_VALIDATOR_SANITY=1 \
         ci/testnet-deploy.sh -p beta-testnet-solana-com -C ec2 -z us-west-1a \
-          -t "$CHANNEL_OR_TAG" -n 3 -c 0 -u -P -a eipalloc-0f286cf8a0771ce35 \
+          -t "$CHANNEL_OR_TAG" -n 3 -c 0 -u -P \
+          -a eipalloc-0f286cf8a0771ce35 --letsencrypt beta.testnet.solana.com \
           ${skipCreate:+-e} \
           ${skipStart:+-s} \
           ${maybeStop:+-S} \
@@ -393,7 +395,8 @@ deploy() {
 
       # shellcheck disable=SC2068
       ci/testnet-deploy.sh -p testnet-solana-com -C ec2 ${EC2_ZONE_ARGS[@]} \
-        -t "$CHANNEL_OR_TAG" -n "$EC2_NODE_COUNT" -c 0 -u -P -f -a eipalloc-0fa502bf95f6f18b2 \
+        -t "$CHANNEL_OR_TAG" -n "$EC2_NODE_COUNT" -c 0 -u -P -f \
+        -a eipalloc-0fa502bf95f6f18b2 --letsencrypt testnet.solana.com \
         ${skipCreate:+-e} \
         ${maybeSkipStart:+-s} \
         ${maybeStop:+-S} \
@@ -473,7 +476,8 @@ deploy() {
       NO_VALIDATOR_SANITY=1 \
         ci/testnet-deploy.sh -p tds-solana-com -C gce ${GCE_ZONE_ARGS[0]} \
           -t "$CHANNEL_OR_TAG" -n "$GCE_NODE_COUNT" -c 1 -P -u \
-          -a tds-solana-com --hashes-per-tick auto \
+          -a tds-solana-com --letsencrypt tds.solana.com \
+          --hashes-per-tick auto \
           ${skipCreate:+-e} \
           ${skipStart:+-s} \
           ${maybeStop:+-S} \