From 9d8e55dd55b4054f7d8bb2e0c12e231350f5d80f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jakub=20Soko=C5=82owski?= Date: Thu, 11 Aug 2022 11:47:12 +0200 Subject: [PATCH] nimbus-geth: configure Auth RPC ports for Engine API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is required for communication with consensus layer nodes: https://geth.ethereum.org/docs/interface/consensus-clients Signed-off-by: Jakub SokoĊ‚owski --- ansible/group_vars/nimbus-geth-goerli.yml | 16 +++++++++++----- ansible/group_vars/nimbus-geth-mainnet.yml | 14 +++++++++----- ansible/group_vars/nimbus-geth-ropsten.yml | 7 ++++++- ansible/requirements.yml | 2 +- 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/ansible/group_vars/nimbus-geth-goerli.yml b/ansible/group_vars/nimbus-geth-goerli.yml index 87202c8..948aad0 100644 --- a/ansible/group_vars/nimbus-geth-goerli.yml +++ b/ansible/group_vars/nimbus-geth-goerli.yml @@ -8,8 +8,9 @@ geth_network_name: 'goerli' geth_sync_mode: 'full' geth_log_level_name: info geth_websocket_enabled: true -# Geth auth +# Geth auth & JWT token geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}' +geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}' # Allow connections from our VPN geth_websocket_origins: '*' # Memory settings @@ -25,6 +26,8 @@ geth_expo_source_data_path: '{{ geth_cont_vol }}/data' geth_port: 30303 geth_rpc_addr: '0.0.0.0' geth_rpc_port: 8545 +geth_authrpc_addr: '0.0.0.0' +geth_authrpc_port: 8551 geth_websocket_addr: '0.0.0.0' geth_websocket_port: 8546 geth_expo_cont_port: 9200 @@ -33,7 +36,10 @@ geth_expo_cont_port: 9200 open_ports_default_comment: 'Geth API' open_ports_default_chain: 'VPN' open_ports_list: - - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' } - - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.prater' } - - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.eth1' } - - { port: '{{ geth_rpc_port }}' , ipset: 'nimbus.eth1' } + - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' } + - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.eth1' } + - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.prater' } + - { port: '{{ geth_rpc_port }}', ipset: 'nimbus.eth1' } + - { port: '{{ geth_rpc_port }}', ipset: 'nimbus.prater' } + - { port: '{{ geth_authrpc_port }}', ipset: 'nimbus.eth1' } + - { port: '{{ geth_authrpc_port }}', ipset: 'nimbus.prater' } diff --git a/ansible/group_vars/nimbus-geth-mainnet.yml b/ansible/group_vars/nimbus-geth-mainnet.yml index e1be147..3a958bf 100644 --- a/ansible/group_vars/nimbus-geth-mainnet.yml +++ b/ansible/group_vars/nimbus-geth-mainnet.yml @@ -10,8 +10,9 @@ geth_network_name: 'mainnet' geth_sync_mode: 'snap' geth_log_level_name: info geth_websocket_enabled: true -# Geth auth +# Geth auth & JWT token geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}' +geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}' # Allow connections from our VPN geth_websocket_origins: '*' # Memory settings @@ -26,17 +27,20 @@ geth_expo_source_data_path: '{{ geth_cont_vol }}/data' geth_port: 30303 geth_rpc_addr: '0.0.0.0' geth_rpc_port: 8545 +geth_authrpc_addr: '0.0.0.0' +geth_authrpc_port: 8551 geth_websocket_addr: '0.0.0.0' geth_websocket_port: 8546 geth_expo_cont_port: 9200 # Open Ports -open_ports_default_comment: 'Geth Metrics' +open_ports_default_comment: 'Geth API' open_ports_default_chain: 'VPN' open_ports_list: - - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq' } - - { port: '{{ geth_rpc_port }}', ipset: 'rocket.prod' } + - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' } + - { port: '{{ geth_rpc_port }}', ipset: 'nimbus.mainnet' } - { port: '{{ geth_rpc_port }}', ipset: 'eth2.prod' } + - { port: '{{ geth_authrpc_port }}', ipset: 'nimbus.mainnet' } + - { port: '{{ geth_authrpc_port }}', ipset: 'eth2.prod' } - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.mainnet' } - - { port: '{{ geth_websocket_port }}', ipset: 'rocket.prod' } - { port: '{{ geth_websocket_port }}', ipset: 'eth2.prod' } diff --git a/ansible/group_vars/nimbus-geth-ropsten.yml b/ansible/group_vars/nimbus-geth-ropsten.yml index 018de26..0250b31 100644 --- a/ansible/group_vars/nimbus-geth-ropsten.yml +++ b/ansible/group_vars/nimbus-geth-ropsten.yml @@ -11,8 +11,9 @@ geth_websocket_enabled: true # Enable engine API geth_rcp_api: 'eth,net,web3,personal,admin,engine' geth_websocket_api: 'eth,net,web3,personal,admin,engine' -# Geth auth +# Geth auth & JWT token geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}' +geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}' # Allow connections from our VPN geth_websocket_origins: '*' # Memory settings @@ -28,6 +29,8 @@ geth_expo_source_data_path: '{{ geth_cont_vol }}/data' geth_port: 30303 geth_rpc_addr: '0.0.0.0' geth_rpc_port: 8545 +geth_authrpc_addr: '0.0.0.0' +geth_authrpc_port: 8551 geth_websocket_addr: '0.0.0.0' geth_websocket_port: 8546 geth_expo_cont_port: 9200 @@ -37,4 +40,6 @@ open_ports_default_comment: 'Geth API' open_ports_default_chain: 'VPN' open_ports_list: - { port: '{{ geth_expo_cont_port }}', ipset: 'metrics.hq', comment: 'Geth Metrics' } + - { port: '{{ geth_rpc_port }}', ipset: 'nimbus.ropsten' } + - { port: '{{ geth_authrpc_port }}', ipset: 'nimbus.ropsten' } - { port: '{{ geth_websocket_port }}', ipset: 'nimbus.ropsten' } diff --git a/ansible/requirements.yml b/ansible/requirements.yml index e6d0655..e279223 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -111,7 +111,7 @@ - name: infra-role-geth src: git@github.com:status-im/infra-role-geth.git - version: 6e2e211e198711ffeb67029ad4eb1e4996962c53 + version: fb1897650c9fe556143700eadadc2faeafa3ab13 scm: git - name: infra-role-geth-exporter