Commit Graph

56 Commits

Author SHA1 Message Date
Jakub Sokołowski fbb1ee69d9
consul: update token paths in BitWarden
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-02-09 00:24:07 +01:00
Jakub Sokołowski d74ff169ef
wireguard: bump role and add Consul ACL token
Part of effort to lock down Consul ACLs:
https://github.com/status-im/infra-hq/issues/70

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-02-08 20:51:45 +01:00
Jakub Sokołowski cdf63cba43
consul: add mandatory agent ACL token
https://github.com/status-im/infra-hq/issues/70

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-02-08 11:58:55 +01:00
Jakub Sokołowski a6d673366a
all: lowe logrotate count to 48, bump bootstrap
Also remove `delaycompress` from logrotate config.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-31 17:09:28 +01:00
Jakub Sokołowski 667fd3184e
builds: add libp2p metrics flags
This is done instead of this PR:
https://github.com/status-im/infra-role-beacon-node-linux/pull/3/files

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-05 19:38:23 +01:00
Jakub Sokołowski 237da365e7
bootstrap: add missing admin pass for macos hosts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-04 20:55:08 +01:00
Jakub Sokołowski 9c8b0f6185
users: give tanguy sudo permissions
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-04 15:35:30 +01:00
Jakub Sokołowski 7aa5d2d420
add all users to admin group on MacOS hosts
This fixes SSH access issue, since only admin group members can have
remote access to the host:
https://www.vinnie.work/blog/2020-12-26-why-so-hard-osx-ssh-access/

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-10-13 13:34:56 +02:00
Jakub Sokołowski 018e1f3b78
enable beacon_node_rpc_enabled for all hosts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-10-04 17:53:07 +02:00
Jakub Sokołowski 3673ff3577
bootstrap: add zahary to extra users
Instead of adding him via default users:
https://github.com/status-im/infra-role-bootstrap-linux/commit/d6a6c129

This fixes addition to Windows host as well.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-09-20 16:21:09 +02:00
Jakub Sokołowski 28b69ccc69
fix bootstrap root password secret, bump roles
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-08-26 20:19:00 +02:00
Jakub Sokołowski 2a781d70e8
firewall: remove obsolete settings for open-ports
We now call `open-ports` role inside of `beacon-node` roles.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-08-23 16:51:26 +02:00
Jakub Sokołowski e0d70f46f3
prater/pyrmont: add config for REST API port
https://github.com/status-im/infra-role-beacon-node-linux/pull/1

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-08-23 16:46:05 +02:00
Jakub Sokołowski 5d36d3ad3e
firewall: use new IP sets and iptables chains
https://github.com/status-im/infra-hq/issues/69
https://github.com/status-im/infra-role-bootstrap-linux/commit/92d8923b
https://github.com/status-im/infra-role-wireguard/commit/8394639e

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-08-11 19:54:36 +02:00
Jakub Sokołowski 3e32ec1ba9
migrate bootstrap secrets to BitWarden
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-07-28 12:02:03 +02:00
Jakub Sokołowski a9dfaa12a3
give extra users admin rights on the windows hosts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-06-28 18:02:45 +02:00
Jakub Sokołowski a99a6d0fc6
refactor to distribute validators via beacon-node role
This way we can deploy multiple nodes on the same host.
https://github.com/status-im/infra-nimbus/issues/52

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-06-28 16:43:27 +02:00
cheatfate 3a3d52a156 Add cheatfate's SSH account. 2021-06-22 13:02:33 +02:00
Jakub Sokołowski f4a20bc128
fix password format used for root
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-06-11 11:18:10 +02:00
Tanguy Cizain cae0195d03 add tanguy's key
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-06-11 11:15:35 +02:00
Jakub Sokołowski e50e7f7764
drop legacy beacon_node_web3_url variable
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-05-06 15:40:38 +02:00
Zahary Karadjov b03dbdb5c6
Increase the --max-peers count on all fleet nodes
This setting is recommended due to the high-number of validators
attached to each node which requires maintaining healthy peer
counts on a larger number of gossip topics. For now, we don't
bother specifying a lower value on the servers running a lower
number of validators in order to simplify the implementation.
2021-03-23 17:53:58 +08:00
Jakub Sokołowski db5ec2f497
bootstrap: provide Consul encryption key from infra-pass
Related: https://github.com/status-im/infra-role-bootstrap/commit/0d40f81d

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-03-22 11:12:49 +01:00
Jakub Sokołowski d8b643fd74
add SSH users to systemd-journal group
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-02-08 12:36:14 +01:00
Jakub Sokołowski 26a31c5d63
use 8000+ UIDs for extra SSH users to not clash with core
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-01-26 12:11:33 +01:00
Jakub Sokołowski 6e138997e2
re-enable sending logs to logstash
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-01-20 19:27:04 +01:00
Jakub Sokołowski 2132851b16
use bootstrap__active_extra_users variable
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-01-14 14:01:57 +01:00
Jakub Sokołowski 65f0d944d8
bump max logs for logrotate to 72
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-26 21:30:32 +01:00
Jakub Sokołowski 996e2df2e8
make docker log files contain only container messages
See: https://github.com/status-im/infra-nimbus/issues/26

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-26 19:06:08 +01:00
Jakub Sokołowski 796c7ce292
bump count of logrotate files to keep to 24
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-26 18:30:05 +01:00
Jakub Sokołowski 21a41cb1ed
drop unused variables, don't re-create containers every time
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-20 16:45:51 +01:00
Jakub Sokołowski 1caaddb924
remove to old medalla fleet
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-20 14:51:31 +01:00
Jakub Sokołowski 20bb18553a
add ssh access for giovanni
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-10 12:26:45 +01:00
Jakub Sokołowski 4cd82e895b
drop bootstrap__extra_volume_path, it clashes with new default
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-02 18:47:12 +01:00
Ștefan Talpalaru d88720874d
halve the number of containers (#15)
* halve the number of containers

and cleanup some vars

* dedicate some slaves to testnet2

* use list slices for hosts
2020-06-26 22:37:59 +02:00
Jakub Sokołowski e0ddfa98fd
all: stop disabling watchtower cleanup
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-06-10 13:01:28 +02:00
Jakub Sokołowski 01088fd433
drop Adam and Igor from users
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-04-14 10:43:03 +02:00
Jakub Sokołowski b3e320e064
deploy 2GB swap files on Nimbus hosts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-03-26 19:04:59 +01:00
kdeme 1dd328307b Add my public ssh key 2020-03-09 23:17:16 +01:00
Jakub Sokołowski 03b6fbe91b
update bootstrap extra volume var name
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-02-26 16:30:45 +01:00
Jakub Sokołowski fcd17845b8
nimbus-stats: port to use systemd timer, fix consul query
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-02-19 11:51:09 +01:00
Dmitriy Ryajov 9091772f37
add ssh key for dryajov
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-02-18 16:07:56 +01:00
Jakub Sokołowski 7ed2ec39dc
beacon-nodes: match new cont_recreate and cont_state settings
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-02-10 14:12:57 +01:00
Jakub Sokołowski 24a87596b4
log-dash: configure Kibana dashboard
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-02-05 13:39:43 +01:00
Jakub Sokołowski e91fb002bf
we now have Consul so we can re enable tinc
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-01-29 23:17:10 +01:00
Jakub Sokołowski 52321e8ca3
mount extra volume at /docker
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-01-28 22:19:01 +01:00
Jakub Sokołowski c825c4595b
add zahary user
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-01-28 21:13:15 +01:00
Jakub Sokołowski 14b623c4b4
port fleet to AWS EC2
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-01-27 16:46:53 +01:00
Jakub Sokołowski aeb4345600
disable watchtower cleanup flag
Otherwise watchtower throws image removal errors like:
Error: No such image: sha256:abdc

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-01-23 13:29:47 +01:00
Jakub Sokołowski 0f426e1b51
make yglukhov user inactive
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-01-22 21:23:37 +01:00