nimbus-geth: configure Auth RPC ports for Engine API

This is required for communication with consensus layer nodes: https://geth.ethereum.org/docs/interface/consensus-clients Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-08-11 11:47:12 +02:00 · 2022-08-11 11:47:12 +02:00 · 9d8e55dd55
parent 30ed658621
commit 9d8e55dd55
4 changed files with 27 additions and 12 deletions
--- a/ansible/group_vars/nimbus-geth-goerli.yml
+++ b/ansible/group_vars/nimbus-geth-goerli.yml
@ -8,8 +8,9 @@ geth_network_name: 'goerli'
 geth_sync_mode: 'full'
 geth_log_level_name: info
 geth_websocket_enabled: true
-# Geth auth
+# Geth auth & JWT token
 geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}'
+geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
 # Allow connections from our VPN
 geth_websocket_origins: '*'
 # Memory settings
@ -25,6 +26,8 @@ geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
 geth_port: 30303
 geth_rpc_addr: '0.0.0.0'
 geth_rpc_port: 8545
+geth_authrpc_addr: '0.0.0.0'
+geth_authrpc_port: 8551
 geth_websocket_addr: '0.0.0.0'
 geth_websocket_port: 8546
 geth_expo_cont_port: 9200
@ -33,7 +36,10 @@ geth_expo_cont_port: 9200
 open_ports_default_comment: 'Geth API'
 open_ports_default_chain: 'VPN'
 open_ports_list:
-  - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' }
-  - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.prater' }
-  - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.eth1' }
-  - { port: '{{ geth_rpc_port }}'      , ipset: 'nimbus.eth1' }
+  - { port: '{{ geth_expo_cont_port }}',  ipset: 'metrics.hq', comment: 'Geth Metrics' }
+  - { port: '{{ geth_websocket_port }}',  ipset: 'nimbus.eth1' }
+  - { port: '{{ geth_websocket_port }}',  ipset: 'nimbus.prater' }
+  - { port: '{{ geth_rpc_port }}',        ipset: 'nimbus.eth1' }
+  - { port: '{{ geth_rpc_port }}',        ipset: 'nimbus.prater' }
+  - { port: '{{ geth_authrpc_port }}',    ipset: 'nimbus.eth1' }
+  - { port: '{{ geth_authrpc_port }}',    ipset: 'nimbus.prater' }
--- a/ansible/group_vars/nimbus-geth-mainnet.yml
+++ b/ansible/group_vars/nimbus-geth-mainnet.yml
@ -10,8 +10,9 @@ geth_network_name: 'mainnet'
 geth_sync_mode: 'snap'
 geth_log_level_name: info
 geth_websocket_enabled: true
-# Geth auth
+# Geth auth & JWT token
 geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}'
+geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
 # Allow connections from our VPN
 geth_websocket_origins: '*'
 # Memory settings
@ -26,17 +27,20 @@ geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
 geth_port: 30303
 geth_rpc_addr: '0.0.0.0'
 geth_rpc_port: 8545
+geth_authrpc_addr: '0.0.0.0'
+geth_authrpc_port: 8551
 geth_websocket_addr: '0.0.0.0'
 geth_websocket_port: 8546
 geth_expo_cont_port: 9200

 # Open Ports
-open_ports_default_comment: 'Geth Metrics'
+open_ports_default_comment: 'Geth API'
 open_ports_default_chain: 'VPN'
 open_ports_list:
-  - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq' }
-  - { port: '{{ geth_rpc_port }}',       ipset: 'rocket.prod' }
+  - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' }
+  - { port: '{{ geth_rpc_port }}',       ipset: 'nimbus.mainnet' }
  - { port: '{{ geth_rpc_port }}',       ipset: 'eth2.prod' }
+  - { port: '{{ geth_authrpc_port }}',   ipset: 'nimbus.mainnet' }
+  - { port: '{{ geth_authrpc_port }}',   ipset: 'eth2.prod' }
  - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.mainnet' }
-  - { port: '{{ geth_websocket_port }}', ipset: 'rocket.prod' }
  - { port: '{{ geth_websocket_port }}', ipset: 'eth2.prod' }
--- a/ansible/group_vars/nimbus-geth-ropsten.yml
+++ b/ansible/group_vars/nimbus-geth-ropsten.yml
@ -11,8 +11,9 @@ geth_websocket_enabled: true
 # Enable engine API
 geth_rcp_api: 'eth,net,web3,personal,admin,engine'
 geth_websocket_api: 'eth,net,web3,personal,admin,engine'
-# Geth auth
+# Geth auth & JWT token
 geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}'
+geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
 # Allow connections from our VPN
 geth_websocket_origins: '*'
 # Memory settings
@ -28,6 +29,8 @@ geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
 geth_port: 30303
 geth_rpc_addr: '0.0.0.0'
 geth_rpc_port: 8545
+geth_authrpc_addr: '0.0.0.0'
+geth_authrpc_port: 8551
 geth_websocket_addr: '0.0.0.0'
 geth_websocket_port: 8546
 geth_expo_cont_port: 9200
@ -37,4 +40,6 @@ open_ports_default_comment: 'Geth API'
 open_ports_default_chain: 'VPN'
 open_ports_list:
  - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' }
+  - { port: '{{ geth_rpc_port }}',       ipset: 'nimbus.ropsten' }
+  - { port: '{{ geth_authrpc_port }}',   ipset: 'nimbus.ropsten' }
  - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.ropsten' }
--- a/ansible/requirements.yml
+++ b/ansible/requirements.yml
@ -111,7 +111,7 @@

 - name: infra-role-geth
  src: git@github.com:status-im/infra-role-geth.git
-  version: 6e2e211e198711ffeb67029ad4eb1e4996962c53
+  version: fb1897650c9fe556143700eadadc2faeafa3ab13
  scm: git

 - name: infra-role-geth-exporter