infra-nimbus

Commit Graph

Author	SHA1	Message	Date
Jakub Sokołowski	24020d0962	all: reduce MTR report cycle from 10 to 1 We have received a complaint from InnovaHosting about them being hit by about 150 ICMP `ttl1` packets/s on their routers, causing excess CPU usage. https://client.innovahosting.net/viewticket.php?tid=532874&c=8gALx9vm By using `tcpdump` I have identified that `mtr` by default pings the target 10 times, which means that the default value of `-c`/`--report-cycles` is 10, although this is not documented in the manual. We can see this when calling `mtr github.com` and watching with `tcpdump`: ``` > sudo tcpdump -v -i eno1 icmp and src 185.181.230.78 and dst github.com \| grep 'ttl 1,' tcpdump: listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes 19:54:53.981243 IP (tos 0x0, ttl 1, id 37119, offset 0, flags [none], proto ICMP (1), length 64) ...(8 packets omitted)... 19:55:03.025460 IP (tos 0x0, ttl 1, id 38226, offset 0, flags [none], proto ICMP (1), length 64) ``` We don't need to run the test 10 times to get a result for our metric. Related to: https://github.com/status-im/infra-role-bootstrap-linux/commit/ea22bdfe Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-11-20 21:07:17 +01:00
kdeme	ce37186651	all: update SSH key for kim This one is from a YubiKey. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-11-07 18:48:05 +01:00
Jakub Sokołowski	10dd722e29	all: grant admin rights to kim Necessary to run 'perf'. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-11-07 16:19:24 +01:00
Jakub Sokołowski	c1be589960	all: add debug tools like gdb and perf Also allow use of 'perf' without root. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-11-07 12:48:05 +01:00
Jakub Sokołowski	a6dc16830d	all: grant SSH access to ujscale, mumar@status Necessary to look at full Nimbus Prater logs. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-10-31 14:04:26 +01:00
Jakub Sokołowski	bd9d7cc752	all: prevent SPAM Nimbus logs from reaching Logstash Depends on: https://github.com/status-im/infra-role-bootstrap-linux/commit/20609731 https://github.com/status-im/infra-role-bootstrap-linux/commit/98816e2a Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-10-24 16:13:01 +02:00
Jakub Sokołowski	63de71f759	all: remove SSH access for tanguy Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-10-12 18:00:59 +02:00
Jakub Sokołowski	5e12025aa6	all: grant admin ot Dustin user Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-09-29 10:52:36 +02:00
Daniil Sobol	b9373b7889	all: grant SSH access to daniil@status.im Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-09-11 09:41:05 +02:00
Jakub Sokołowski	5f151fb828	all: grant admin rights to cheatfate user Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-06-21 16:50:17 +02:00
Jakub Sokołowski	a270f4044c	all: get Consul certificates from BitWarden Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-05-16 12:14:38 +02:00
Jakub Sokołowski	4ea58aeda7	deploy SMART metrics to all metal hosts Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-03-18 18:02:58 +01:00
Jakub Sokołowski	fc236d0132	remove SSH access from mamy, miran, s1fr0 Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-02-17 16:35:09 +01:00
Nikola K	2c3a01e1fe	add crypt1d as new nimbus devops Signed-off-by: Jakub Sokołowski <jakub@status.im>	2023-01-13 10:46:17 +01:00
Jakub Sokołowski	d63bd18938	give SSH access to p1ge0nh8er and s1fr0 For debugging issues with Geth Websocket port for Nim-Waku. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-10-14 15:54:55 +02:00
Jakub Sokołowski	4017674931	add systemd-journal groups to all users by default https://github.com/status-im/infra-role-bootstrap-linux/commit/d85963fa Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-10-14 15:01:31 +02:00
Jakub Sokołowski	30ed658621	grant SSH access to etan@status.im Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-08-11 13:06:36 +02:00
Jakub Sokołowski	6702c50f38	bootstrap: give miran sudo permissions Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-07-04 09:32:53 +02:00
Jakub Sokołowski	2dd96fdc36	drop giovanni from active users Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-06-14 10:12:01 +02:00
narimiran	bf1cc4a5a0	users: add miran	2022-06-10 15:33:19 +02:00
Jakub Sokołowski	32835c38b4	ci-slave-metal: remove SSH access from Stefan Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-03-31 20:02:18 +02:00
Jakub Sokołowski	70bf75d1de	drop deprecated JSON-RPC API port from all nodes Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-03-22 18:58:19 +01:00
Jakub Sokołowski	968c174ba0	bootstrap: add extra IP to SSHGuard whitelist Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-03-11 11:45:07 +01:00
Jakub Sokołowski	fbb1ee69d9	consul: update token paths in BitWarden Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-02-09 00:24:07 +01:00
Jakub Sokołowski	d74ff169ef	wireguard: bump role and add Consul ACL token Part of effort to lock down Consul ACLs: https://github.com/status-im/infra-hq/issues/70 Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-02-08 20:51:45 +01:00
Jakub Sokołowski	cdf63cba43	consul: add mandatory agent ACL token https://github.com/status-im/infra-hq/issues/70 Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-02-08 11:58:55 +01:00
Jakub Sokołowski	a6d673366a	all: lowe logrotate count to 48, bump bootstrap Also remove `delaycompress` from logrotate config. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-01-31 17:09:28 +01:00
Jakub Sokołowski	667fd3184e	builds: add libp2p metrics flags This is done instead of this PR: https://github.com/status-im/infra-role-beacon-node-linux/pull/3/files Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-01-05 19:38:23 +01:00
Jakub Sokołowski	237da365e7	bootstrap: add missing admin pass for macos hosts Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-01-04 20:55:08 +01:00
Jakub Sokołowski	9c8b0f6185	users: give tanguy sudo permissions Signed-off-by: Jakub Sokołowski <jakub@status.im>	2022-01-04 15:35:30 +01:00
Jakub Sokołowski	7aa5d2d420	add all users to admin group on MacOS hosts This fixes SSH access issue, since only admin group members can have remote access to the host: https://www.vinnie.work/blog/2020-12-26-why-so-hard-osx-ssh-access/ Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-10-13 13:34:56 +02:00
Jakub Sokołowski	018e1f3b78	enable beacon_node_rpc_enabled for all hosts Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-10-04 17:53:07 +02:00
Jakub Sokołowski	3673ff3577	bootstrap: add zahary to extra users Instead of adding him via default users: https://github.com/status-im/infra-role-bootstrap-linux/commit/d6a6c129 This fixes addition to Windows host as well. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-09-20 16:21:09 +02:00
Jakub Sokołowski	28b69ccc69	fix bootstrap root password secret, bump roles Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-08-26 20:19:00 +02:00
Jakub Sokołowski	2a781d70e8	firewall: remove obsolete settings for open-ports We now call `open-ports` role inside of `beacon-node` roles. Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-08-23 16:51:26 +02:00
Jakub Sokołowski	e0d70f46f3	prater/pyrmont: add config for REST API port https://github.com/status-im/infra-role-beacon-node-linux/pull/1 Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-08-23 16:46:05 +02:00
Jakub Sokołowski	5d36d3ad3e	firewall: use new IP sets and iptables chains https://github.com/status-im/infra-hq/issues/69 https://github.com/status-im/infra-role-bootstrap-linux/commit/92d8923b https://github.com/status-im/infra-role-wireguard/commit/8394639e Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-08-11 19:54:36 +02:00
Jakub Sokołowski	3e32ec1ba9	migrate bootstrap secrets to BitWarden Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-07-28 12:02:03 +02:00
Jakub Sokołowski	a9dfaa12a3	give extra users admin rights on the windows hosts Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-06-28 18:02:45 +02:00
Jakub Sokołowski	a99a6d0fc6	refactor to distribute validators via beacon-node role This way we can deploy multiple nodes on the same host. https://github.com/status-im/infra-nimbus/issues/52 Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-06-28 16:43:27 +02:00
cheatfate	3a3d52a156	Add cheatfate's SSH account.	2021-06-22 13:02:33 +02:00
Jakub Sokołowski	f4a20bc128	fix password format used for root Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-06-11 11:18:10 +02:00
Tanguy Cizain	cae0195d03	add tanguy's key Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-06-11 11:15:35 +02:00
Jakub Sokołowski	e50e7f7764	drop legacy beacon_node_web3_url variable Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-05-06 15:40:38 +02:00
Zahary Karadjov	b03dbdb5c6	Increase the --max-peers count on all fleet nodes This setting is recommended due to the high-number of validators attached to each node which requires maintaining healthy peer counts on a larger number of gossip topics. For now, we don't bother specifying a lower value on the servers running a lower number of validators in order to simplify the implementation.	2021-03-23 17:53:58 +08:00
Jakub Sokołowski	db5ec2f497	bootstrap: provide Consul encryption key from infra-pass Related: https://github.com/status-im/infra-role-bootstrap/commit/0d40f81d Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-03-22 11:12:49 +01:00
Jakub Sokołowski	d8b643fd74	add SSH users to systemd-journal group Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-02-08 12:36:14 +01:00
Jakub Sokołowski	26a31c5d63	use 8000+ UIDs for extra SSH users to not clash with core Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-01-26 12:11:33 +01:00
Jakub Sokołowski	6e138997e2	re-enable sending logs to logstash Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-01-20 19:27:04 +01:00
Jakub Sokołowski	2132851b16	use bootstrap__active_extra_users variable Signed-off-by: Jakub Sokołowski <jakub@status.im>	2021-01-14 14:01:57 +01:00

1 2

79 Commits