status-im
/
infra-nimbus
mirror of https://github.com/status-im/infra-nimbus.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

fluffy: migrate to nftables 

Referenced issue: https://github.com/status-im/infra-misc/issues/301

Signed-off-by: markoburcul <marko@status.im>
This commit is contained in:
markoburcul 2024-10-10 16:35:02 +02:00 committed by Marko Burčul
parent 27b10bd710
commit daa4469823
4 changed files with 42 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/fluffy.yml
View File

@ -27,3 +27,13 @@
with_sequence: start=1 end=32 with_sequence: start=1 end=32
loop_control: loop_control:
loop_var: index loop_var: index
- name: Configure Nimbus Portal Bridge
become: true
vars_files: portal-bridge.yml
hosts:
- metal-01.ih-eu-mda1.nimbus.fluffy
roles:
- { role: infra-role-open-ports, tags: open-ports }
- { role: infra-role-nimbus-fluffy, tags: nimbus-fluffy }
- { role: infra-role-portal-bridge, tags: portal-bridge }

26
ansible/group_vars/nimbus.fluffy.yml
View File

@ -22,9 +22,27 @@ nimbus_fluffy_consul_check_timeout: '10s'
nimbus_fluffy_consul_success_before_passing: 30 nimbus_fluffy_consul_success_before_passing: 30
nimbus_fluffy_consul_failures_before_warning: 1440 nimbus_fluffy_consul_failures_before_warning: 1440
nimbus_fluffy_consul_failures_before_critical: 2880 nimbus_fluffy_consul_failures_before_critical: 2880
# Portal Bridge
portal_bridge_fluffy_rpc_port: 19900
portal_bridge_fluffy_listening_port: 19100
portal_bridge_fluffy_metrics_port: 19200
portal_bridge_service_name: 'nimbus-portal-bridge-history'
portal_bridge_command: 'history'
portal_bridge_latest: true
portal_bridge_backfill: true
portal_bridge_audit: true
portal_bridge_era1_dir: '/era'
portal_bridge_web3_url: 'http://linux-02.ih-eu-mda1.nimbus.mainnet.wg:8545'
portal_bridge_portal_rpc_url: 'http://127.0.0.1:{{ portal_bridge_fluffy_rpc_port }}'
# Open Ports # Migrated to NFTables from IPTables.
open_ports_default_comment: 'SMART Metrics' # https://github.com/status-im/infra-misc/issues/301
open_ports_default_chain: 'VPN' bootstrap__firewall_nftables: true
# Open Ports -------------------------------------------------------------------
open_ports_list: open_ports_list:
- { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq' } nimbus-fluffy:
- { comment: 'Nimbus Fluffy', port: '{{ nimbus_fluffy_listening_port }}', protocol: 'udp' }
- { comment: 'Nimbus Fluffy Metrics', port: '9201-9232', ipset: 'metrics.hq', iifname: 'wg0', protocol: 'tcp' }
smart-metrics:
- { comment: 'SMART Metrics', port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq', iifname: 'wg0' }

20
ansible/portal.yml
View File

@ -1,20 +0,0 @@
---
- name: verify ansible versions
hosts: all
tags: always
become: false
run_once: true
gather_facts: false
tasks:
- local_action: command ./roles.py --check
changed_when: false
- name: Configure Nimbus Portal Bridge
become: true
vars_files: portal-bridge.yml
hosts:
- metal-01.ih-eu-mda1.nimbus.fluffy
roles:
- { role: infra-role-open-ports, tags: open-ports }
- { role: infra-role-nimbus-fluffy, tags: nimbus-fluffy }
- { role: infra-role-portal-bridge, tags: portal-bridge }

25
ansible/vars/portal-bridge.yml
View File

@ -1,26 +1,15 @@
--- ---
# Portal Bridge
portal_bridge_service_name: 'nimbus-portal-bridge-history'
portal_bridge_command: 'history'
portal_bridge_latest: true
portal_bridge_backfill: true
portal_bridge_audit: true
portal_bridge_era1_dir: '/era'
portal_bridge_web3_url: 'http://linux-02.ih-eu-mda1.nimbus.mainnet.wg:8545'
portal_bridge_portal_rpc_url: 'http://127.0.0.1:{{ nimbus_fluffy_rpc_port }}'
# Fluffy Node # Fluffy Node
nimbus_fluffy_service_name: 'nimbus-portal-bridge-fluffy' nimbus_fluffy_service_name: 'nimbus-portal-bridge-fluffy'
nimbus_fluffy_network: 'mainnet' nimbus_fluffy_network: 'mainnet'
nimbus_fluffy_repo_branch: 'master' nimbus_fluffy_repo_branch: 'master'
nimbus_fluffy_storage_capacity: 0 nimbus_fluffy_storage_capacity: 0
nimbus_fluffy_rpc_port: 19900 nimbus_fluffy_rpc_port: '{{ portal_bridge_fluffy_rpc_port }}'
nimbus_fluffy_metrics_port: 19200 nimbus_fluffy_metrics_port: '{{ portal_bridge_fluffy_metrics_port }}'
nimbus_fluffy_listening_port: 19100 nimbus_fluffy_listening_port: '{{ portal_bridge_fluffy_listening_port }}'
# Open Ports # Open Ports -------------------------------------------------------------------
open_ports_default_comment: 'Nimbus Portal Fluffy'
open_ports_default_chain: 'VPN'
open_ports_list: open_ports_list:
- { port: '{{ nimbus_fluffy_metrics_port }}', ipset: 'metrics.hq' } nimbus-portal:
- { port: '{{ nimbus_fluffy_listening_port }}', chain: 'SERVICES' } - { comment: 'Nimbus Portal', port: '{{ portal_bridge_fluffy_listening_port }}', protocol: 'udp' }
- { comment: 'Nimbus Portal Metrics', port: '{{ portal_bridge_fluffy_metrics_port }}', ipset: 'metrics.hq', iifname: 'wg0', protocol: 'tcp' }