infra-nimbus/ansible/group_vars/nimbus.holesky.yml

180 lines
9.4 KiB
YAML
Raw Normal View History

---
# Ports used for all 3 EL nodes as they are mutually exclusive.
2024-10-01 11:39:43 +00:00
exec_layer_p2p_port: '{{ 30303 + 3*idx|int + 1 }}'
exec_layer_rpc_port: '{{ 8545 + idx|int + 1 }}'
exec_layer_authrpc_port: '{{ 8551 + idx|int + 1 }}'
exec_layer_metrics_port: '{{ 6060 + idx|int + 1 }}'
# Go-Ethereum ------------------------------------------------------------------
geth_service_name: 'geth-{{ geth_network_name }}-{{ "%02d"|format(idx|int+1) }}'
geth_service_path: '/docker/{{ geth_service_name }}'
geth_network_name: 'holesky'
geth_cont_name: '{{ geth_service_name }}-node'
geth_cont_vol: '{{ geth_service_path }}/node'
geth_sync_mode: 'full'
geth_log_level_name: 'info'
# Geth auth & JWT token
geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}'
geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
# Memory settings
geth_cont_mem_ratio: 0.2
# Ports
geth_rpc_enabled: true
geth_websocket_enabled: false
geth_rpc_addr: '0.0.0.0'
geth_authrpc_addr: '0.0.0.0'
geth_port: '{{ exec_layer_p2p_port }}'
geth_rpc_port: '{{ exec_layer_rpc_port }}'
geth_authrpc_port: '{{ exec_layer_authrpc_port }}'
geth_metrics_port: '{{ exec_layer_metrics_port }}'
# Geth metrics¬
geth_expo_service_name: '{{ geth_service_name }}'
geth_expo_source_cont_name: '{{ geth_cont_name }}'
geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
geth_expo_cont_port: '{{ 9400 + (idx|int) + 1 }}'
# Erigon -----------------------------------------------------------------------
erigon_network_name: 'holesky'
erigon_service_name: 'erigon-{{ erigon_network_name }}-{{ "%02d"|format(idx|int+1) }}'
erigon_prune: 'hrtc' # TODO: Possibly wrong, verify.
erigon_log_level: 'info'
erigon_cont_mem_ratio: 0.15
erigon_max_peers: 20
erigon_miner_enabled: true
erigon_mining_private_key: '{{lookup("bitwarden", "nimbus/wallet/testnets", field="private-key")}}'
# Ports
erigon_metrics_enabled: true
erigon_rpc_addr: '0.0.0.0'
erigon_authrpc_addr: '0.0.0.0'
erigon_port: '{{ exec_layer_p2p_port }}'
erigon_p2p_allowed_ports: ['{{ erigon_port }}', '{{ erigon_port|int + 1 }}']
erigon_rpc_port: '{{ exec_layer_rpc_port }}'
erigon_metrics_port: '{{ exec_layer_metrics_port }}'
erigon_authrpc_port: '{{ exec_layer_authrpc_port }}'
erigon_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
# Nethermind -------------------------------------------------------------------
nethermind_network_name: 'holesky'
nethermind_service_name: 'nethermind-{{ nethermind_network_name }}-{{ "%02d"|format(idx|int+1) }}'
nethermind_service_path: '/docker/{{ nethermind_service_name }}'
nethermind_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}'
nethermind_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
nethermind_sync_mode: 'snap'
nethermind_port: '{{ exec_layer_p2p_port }}'
nethermind_rpc_port: '{{ exec_layer_rpc_port }}'
nethermind_authrpc_port: '{{ exec_layer_authrpc_port }}'
nethermind_metrics_port: '{{ exec_layer_metrics_port }}'
# Beacon Nodes -----------------------------------------------------------------
beacon_node_service_name: 'beacon-node-{{ beacon_node_network }}-{{ node.branch }}'
beacon_node_network: 'holesky'
beacon_node_repo_branch: '{{ node_name_to_branch_map.get(node.branch, node.branch) }}'
# Tuning
beacon_node_history_retention: '{{ "archive" if node.get("public_api") else node.get("history", "prune") }}'
beacon_node_extra_flags: '{{ node.extra_flags if node.extra_flags is defined else {} }}'
# We map short names to branches to avoid too long service names.
node_name_to_branch_map:
libp2p: 'nim-libp2p-auto-bump-unstable'
chronos: 'nim-chronos-auto-bump-unstable'
# Builds
beacon_node_update_frequency: '*-*-* {{ "%02d" | format(idx * 2) }}:00:00'
beacon_node_update_build_nim_flags: '-d:noSignalHandler {{ node.get("nim_flags", "") }}'
beacon_node_update_build_targets: ['nimbus_beacon_node', 'ncli_db']
# Monitoring
beacon_node_validator_monitor_auto: true
beacon_node_validator_monitor_details: >-
{{ (node.public_api is not defined or not node.public_api)
and (node.end is defined and (node.end - node.start) < 10) }}
# Execution layer Enginer API
beacon_node_exec_layer_urls: ['http://localhost:{{ exec_layer_authrpc_port }}']
beacon_node_exec_layer_jwt_secret: '{{ geth_authrpc_jwtsecret | mandatory }}'
# Suggests it to the Execution Layer client.
beacon_node_suggested_fee_recipient: '{{lookup("bitwarden", "nimbus/wallet/testnets", field="address")}}'
# Windows service user
beacon_node_service_user_pass: '{{lookup("bitwarden", "nimbus/windows", field="password")}}'
# MEV Payload Builder
beacon_node_payload_builder_enabled: '{{ node.get("payload_builder", false) }}'
beacon_node_payload_builder_url: 'https://boost-relay-holesky.flashbots.net/'
# Light client data
beacon_node_light_client_data_enabled: '{{ (node.public_api is defined and node.public_api) }}'
beacon_node_light_client_data_serve: true
beacon_node_light_client_data_import_mode: 'full'
# Validators from nimbus-private repo¬
beacon_node_dist_validators_enabled: '{{ node.start is defined and node.end is defined }}'
beacon_node_dist_validators_start: '{{ node.get("vc", false) | ternary(0, node.start) | mandatory }}'
beacon_node_dist_validators_end: '{{ node.get("vc", false) | ternary(0, node.end) | mandatory }}'
# Ports
beacon_node_rest_port_base: 9300
beacon_node_rest_port: '{{ beacon_node_rest_port_base + idx|int + 1 }}'
beacon_node_discovery_port: '{{ 9000 + idx|int + 1 }}'
beacon_node_listening_port: '{{ 9000 + idx|int + 1 }}'
beacon_node_metrics_port: '{{ 9200 + idx|int + 1 }}'
beacon_node_rest_address: '0.0.0.0'
# Reduce Consul alerts sensitivity
beacon_node_consul_check_disabled: '{{ node.get("public_api", false) }}'
beacon_node_consul_check_interval: '60s'
beacon_node_consul_check_timeout: '10s'
beacon_node_consul_success_before_passing: '{{ 60 if not node.get("public_api") else 1 }}' # 1h or 60s for public API
beacon_node_consul_failures_before_warning: '{{ 360 if not node.get("public_api") else 1440 }}' # 6h or 24h for public API
beacon_node_consul_failures_before_critical: '{{ 720 if not node.get("public_api") else 2880 }}' # 12h or 48h for public API
# Validator Client -------------------------------------------------------------
validator_client_service_name: 'validator-client-{{ validator_client_network }}-{{ node.branch }}'
validator_client_service_enabled: '{{ node.get("vc", false) }}'
validator_client_network: '{{ beacon_node_network }}'
validator_client_log_level: 'INFO'
validator_client_beacon_node_url: 'http://127.0.0.1:{{ beacon_node_rest_port }}'
# Builds
validator_client_build_repo_branch: '{{ beacon_node_repo_branch }}'
validator_client_build_frequency: 'daily'
# Ports
validator_client_metrics_port: '{{ 8108 + idx|int + 1 }}'
validator_client_keymanager_port: '{{ 5052 + idx|int + 1 }}'
# Suggests it to the Execution Layer client and the builder network.
validator_client_suggested_fee_recipient: '{{lookup("bitwarden", "nimbus/wallet/testnets", field="address")}}'
# Keymanager
validator_client_keymanager_enabled: true
validator_client_keymanager_token: '{{lookup("bitwarden", "nimbus/keymanager", field="token")}}'
# Validators Distribution
validator_client_dist_validators_enabled: '{{ node.start is defined and node.end is defined }}'
validator_client_dist_validators_start: '{{ (not node.get("vc", false)) | ternary(0, node.start) | mandatory }}'
validator_client_dist_validators_end: '{{ (not node.get("vc", false)) | ternary(0, node.end) | mandatory }}'
# ERA files geneartion ---------------------------------------------------------
nimbus_era_files_timer_enabled: '{{ (nodes_layout[inventory_hostname]|length) > 1 }}'
nimbus_era_files_timer_path: '/data/era'
nimbus_era_files_network: '{{ beacon_node_network }}'
nimbus_era_files_db_path: '/data/beacon-node-{{ beacon_node_network }}-unstable/data/db'
nimbus_era_files_nclidb_path: '/data/beacon-node-{{ beacon_node_network }}-unstable/repo/build/ncli_db'
2024-10-01 11:39:43 +00:00
# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true
# Open Ports -------------------------------------------------------------------
2024-10-01 11:39:43 +00:00
host_el_type: '{{ ansible_hostname|split("-")|first }}'
open_ports_list:
2024-10-01 11:39:43 +00:00
nginx:
- { port: 443, comment: 'Nginx' }
exec-node:
- { port: '30304-30314', comment: '{{ host_el_type }} LibP2P', protocol: 'tcp' }
- { port: '30304-30314', comment: '{{ host_el_type }} Discovery', protocol: 'udp' }
- { port: '6061-6064', comment: '{{ host_el_type }} Metrics', ipset: 'hq.metrics', iifname: 'wg0' }
- { port: '9401-9404', comment: '{{ host_el_type }} Exporter', ipset: 'hq.metrics', iifname: 'wg0' }
2024-10-01 11:39:43 +00:00
beacon-node:
- { port: '9001-9004', comment: 'Beacon Node LibP2P', protocol: 'tcp' }
- { port: '9001-9004', comment: 'Beacon Node Discovery', protocol: 'udp' }
- { port: '9201-9204', comment: 'Beacon Node Metrics', ipset: 'hq.metrics', iifname: 'wg0' }
2024-10-01 11:39:43 +00:00
- { port: '9301-9304', comment: 'Beacon Node REST API', ipset: '{{ env }}.{{ stage }}', iifname: 'wg0' }
validator-client:
- { port: '5053-5056', comment: 'Validator Client REST API', ipset: '{{ env }}.{{ stage }}', iifname: 'wg0' }
- { port: '8109-8112', comment: 'Validator Client Metrics', ipset: 'hq.metrics', iifname: 'wg0' }
# Fleet layout can be found in: ansible/vars/layout/holesky.yml