--- # Beacon nodes are held on /data so we can't bind it. bootstrap__extra_volume_path: '/docker' bootstrap__extra_volume_bind_path: null # SWAP swap_file_size_mb: 2048 # Go-Ethereum geth_service_name: 'geth-{{ geth_network_name }}' geth_service_path: '/docker/{{ geth_service_name }}' geth_network_name: 'mainnet' geth_cont_name: '{{ geth_service_name }}-node' geth_cont_vol: '{{ geth_service_path }}/node' geth_sync_mode: 'snap' geth_log_level_name: 'info' geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}' geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}' # Memory settingsĀ¬ geth_cont_mem_ratio: 0.15 geth_cache_size: '{{ (ansible_memtotal_mb * 0.05|float) | int }}' # Ports geth_port: 30303 geth_rpc_addr: '0.0.0.0' geth_rpc_port: 8545 geth_authrpc_addr: '127.0.0.1' geth_authrpc_port: 8551 # Geth metricsĀ¬ geth_expo_service_name: '{{ geth_service_name }}' geth_expo_source_cont_name: '{{ geth_cont_name }}' geth_expo_source_data_path: '{{ geth_cont_vol }}/data' geth_expo_cont_port: 9400 # Nimbus Beacon Node beacon_node_network: 'mainnet' beacon_node_repo_branch: '{{ node_name_to_branch_map.get(node.branch, node.branch) }}' # We map short names to branches to avoid too long service names. node_name_to_branch_map: libp2p: 'nim-libp2p-auto-bump-unstable' # TODO Drop this once all nodes have an number. service_number: '{{ node.get("num", False) | ternary(("-%02d"|format(node.get("num", 0))), "") }}' beacon_node_service_name: 'beacon-node-{{ beacon_node_network }}-{{ node.branch | mandatory }}{{ service_number }}' beacon_node_service_path: '/data/{{ beacon_node_service_name }}' beacon_node_era_dir_path: '{{ nimbus_era_files_timer_path }}' # Ports beacon_node_discovery_port: '{{ 9000 + idx }}' beacon_node_listening_port: '{{ 9000 + idx }}' beacon_node_metrics_port: '{{ 9200 + idx }}' beacon_node_rest_port: '{{ beacon_node_rest_port_base + idx }}' beacon_node_rest_port_base: 9300 beacon_node_rest_address: '0.0.0.0' beacon_node_max_peers: '{{ node.get("max_peers", 320) }}' # Firewall beacon_node_firewall_libp2p_open: '{{ node.get("open_libp2p_ports", true) }}' # Builds beacon_node_update_build_targets: ['nimbus_beacon_node', 'ncli_db'] beacon_node_update_build: '{{ beacon_node_repo_branch != "stable" }}' beacon_node_update_frequency: '*-*-* {{ "%02d" | format(idx * 2) }}:00:00' # Tuning beacon_node_cores_per_node: '{{ (ansible_processor_vcpus / nodes_layout[hostname]|length) | round(0, "ceil") | int }}' beacon_node_threads: '{{ (node.branch == "libp2p") | ternary(1, beacon_node_cores_per_node) }}' # FIXME: Temporary test to debug REST API timeout issues. # https://github.com/status-im/nimbus-eth2/issues/5838 #beacon_node_rest_allow_origin: '{{ "*" if node.get("public_api") else "" }}' beacon_node_history_retention: '{{ "archive" if node.get("public_api") else node.get("history", "prune") }}' # Monitoring beacon_node_validator_monitor_auto: true beacon_node_validator_monitor_details: '{{ node.public_api is not defined or not node.public_api }}' # Mainnet validators run on a separate fleet. beacon_node_dist_validators_enabled: false # Excellent stress test and good service to the community. beacon_node_subscribe_all: true beacon_node_extra_flags: '{{ node.extra_flags if node.extra_flags is defined else {} }}' # Light client data beacon_node_light_client_data_enabled: '{{ (node.public_api is defined and node.public_api) }}' beacon_node_light_client_data_serve: true beacon_node_light_client_data_import_mode: 'full' # Execution layer Enginer API beacon_node_exec_layer_jwt_secret: '{{ geth_authrpc_jwtsecret }}' beacon_node_exec_layer_urls_local_geth: ['http://localhost:{{ geth_authrpc_port|string }}'] beacon_node_exec_layer_urls_all: '{{ beacon_node_exec_layer_urls_discovered_geth + beacon_node_exec_layer_urls_local_geth }}' beacon_node_exec_layer_urls_auto: |- {{ (data_center in ["he-eu-hel1", "ih-eu-mda1"]) | ternary( beacon_node_exec_layer_urls_local_geth, beacon_node_exec_layer_urls_discovered_geth ) }} beacon_node_exec_layer_urls: |- {{ beacon_node_exec_layer_urls_all if inventory_hostname_short == "linux-01" else (idx % 2 == 0) | ternary(beacon_node_exec_layer_urls_all, []) }} # Reduce Consul alerts sensitivity beacon_node_consul_check_disabled: '{{ node.get("public_api", false) }}' beacon_node_consul_check_interval: '60s' beacon_node_consul_check_timeout: '10s' beacon_node_consul_success_before_passing: '{{ 5 if node.get("public_api") else 60 }}' # 1h by default beacon_node_consul_failures_before_warning: 120 # 2h beacon_node_consul_failures_before_critical: 180 # 3h # Periodic resync to save space beacon_node_resync_enabled: true beacon_node_resync_timer_enabled: '{{ (idx % 2 == 1) and not node.get("public_api") }}' beacon_node_resync_timer_frequency: 'monthly' beacon_node_resync_timer_random_delay_sec: 604800 # 7 days beacon_node_resync_timer_trusted_api_url: >- {{ "http://stable-small-01.aws-eu-central-1a.nimbus.mainnet.wg:9300" if idx == 0 else "http://localhost:"+(beacon_node_rest_port_base|string) }} # ERA files geneartion. nimbus_era_files_timer_enabled: '{{ (nodes_layout[hostname]|length) > 1 }}' nimbus_era_files_timer_path: '/data/era' nimbus_era_files_network: '{{ beacon_node_network }}' # FIXME: Not pretty, since hardcoded, but the simplest way to do it right now. nimbus_era_files_db_path: '/data/beacon-node-{{ beacon_node_network }}-stable-01/data/db' nimbus_era_files_nclidb_path: '/data/beacon-node-{{ beacon_node_network }}-stable-01/repo/build/ncli_db' # Open Ports open_ports_default_comment: 'Nimbus REST API' open_ports_default_chain: 'VPN' open_ports_list: - { port: '80', chain: 'SERVICES', comment: 'Nginx' } - { port: '443', chain: 'SERVICES', comment: 'Nginx' } - { port: '9300:9310', ipset: '{{ env }}.{{ stage }}' } - { port: '9400', ipset: 'metrics.hq', comment: 'Geth Exporter' } - { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq', comment: 'SMART Metrics' } - { port: '{{ geth_authrpc_port }}', ipset: 'nimbus.mainnet', comment: 'Geth RPC' } - { port: '{{ geth_rpc_port }}', ipset: 'nimbus.fluffy', comment: 'Portal Bridge' } # Fleet layout can be found in: ansible/vars/layout/mainnet.yml