181 lines
7.6 KiB
YAML
181 lines
7.6 KiB
YAML
---
|
|
# Beacon nodes are held on /data so we can't bind it.
|
|
bootstrap__extra_volume_path: '/docker'
|
|
bootstrap__extra_volume_bind_path: null
|
|
|
|
# SWAP
|
|
swap_file_size_mb: 2048
|
|
|
|
# Go-Ethereum
|
|
geth_service_name: 'geth-{{ geth_network_name }}'
|
|
geth_service_path: '/docker/{{ geth_service_name }}'
|
|
geth_network_name: 'mainnet'
|
|
geth_cont_name: '{{ geth_service_name }}-node'
|
|
geth_cont_vol: '{{ geth_service_path }}/node'
|
|
geth_sync_mode: 'snap'
|
|
geth_log_level_name: 'info'
|
|
geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}'
|
|
geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
|
|
# Memory settings¬
|
|
geth_cont_mem_ratio: 0.15
|
|
geth_cache_size: '{{ (ansible_memtotal_mb * 0.05|float) | int }}'
|
|
# Ports
|
|
geth_port: 30303
|
|
geth_rpc_addr: '0.0.0.0'
|
|
geth_rpc_port: 8545
|
|
geth_authrpc_addr: '127.0.0.1'
|
|
geth_authrpc_port: 8551
|
|
# Geth metrics¬
|
|
geth_expo_service_name: '{{ geth_service_name }}'
|
|
geth_expo_source_cont_name: '{{ geth_cont_name }}'
|
|
geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
|
|
geth_expo_cont_port: 9400
|
|
|
|
# Nimbus Beacon Node
|
|
beacon_node_network: 'mainnet'
|
|
beacon_node_repo_branch: '{{ node_name_to_branch_map.get(node.branch, node.branch) }}'
|
|
# We map short names to branches to avoid too long service names.
|
|
node_name_to_branch_map:
|
|
libp2p: 'nim-libp2p-auto-bump-unstable'
|
|
# TODO Drop this once all nodes have an number.
|
|
service_number: '{{ node.get("num", False) | ternary(("-%02d"|format(node.get("num", 0))), "") }}'
|
|
beacon_node_service_name: 'beacon-node-{{ beacon_node_network }}-{{ node.branch | mandatory }}{{ service_number }}'
|
|
beacon_node_service_path: '/data/{{ beacon_node_service_name }}'
|
|
beacon_node_era_dir_path: '{{ nimbus_era_files_timer_path }}'
|
|
# Ports
|
|
beacon_node_discovery_port: '{{ 9000 + idx }}'
|
|
beacon_node_listening_port: '{{ 9000 + idx }}'
|
|
beacon_node_metrics_port: '{{ 9200 + idx }}'
|
|
beacon_node_rest_port: '{{ beacon_node_rest_port_base + idx }}'
|
|
beacon_node_rest_port_base: 9300
|
|
beacon_node_rest_address: '0.0.0.0'
|
|
beacon_node_max_peers: '{{ node.get("max_peers", 320) }}'
|
|
# Firewall
|
|
beacon_node_firewall_libp2p_open: '{{ node.get("open_libp2p_ports", true) }}'
|
|
# Builds
|
|
beacon_node_build_frequency: '*-*-* {{ 12 + idx }}:00:00'
|
|
# Tuning
|
|
beacon_node_cores_per_node: '{{ (ansible_processor_vcpus / nodes_layout[hostname]|length) | round(0, "ceil") | int }}'
|
|
beacon_node_threads: '{{ (node.branch == "libp2p") | ternary(1, beacon_node_cores_per_node) }}'
|
|
beacon_node_rest_allow_origin: '{{ "*" if node.get("public_api") else "" }}'
|
|
beacon_node_history_retention: '{{ "archive" if node.get("public_api") else node.get("history", "prune") }}'
|
|
# Monitoring
|
|
beacon_node_validator_monitor_auto: true
|
|
beacon_node_validator_monitor_details: '{{ node.public_api is not defined or not node.public_api }}'
|
|
# Mainnet validators run on a separate fleet.
|
|
beacon_node_dist_validators_enabled: false
|
|
# Bootnodes should subscribe to all subnets
|
|
beacon_node_subscribe_all: true
|
|
beacon_node_extra_flags: '{{ node.extra_flags if node.extra_flags is defined else [] }}'
|
|
# Light client data
|
|
beacon_node_light_client_data_enabled: '{{ (node.public_api is defined and node.public_api) }}'
|
|
beacon_node_light_client_data_serve: true
|
|
beacon_node_light_client_data_import_mode: 'full'
|
|
# Execution layer Enginer API
|
|
beacon_node_exec_layer_jwt_secret: '{{ geth_authrpc_jwtsecret }}'
|
|
beacon_node_exec_layer_urls_local_geth: ['http://localhost:{{ geth_authrpc_port|string }}']
|
|
beacon_node_exec_layer_urls_auto: |-
|
|
{{ (data_center in ["he-eu-hel1", "ih-eu-mda1"])
|
|
| ternary(
|
|
beacon_node_exec_layer_urls_local_geth,
|
|
beacon_node_exec_layer_urls_discovered_geth
|
|
) }}
|
|
beacon_node_exec_layer_urls: |-
|
|
{{ beacon_node_exec_layer_urls_auto if inventory_hostname_short == "linux-01"
|
|
else (idx % 2 == 0) | ternary(beacon_node_exec_layer_urls_auto, []) }}
|
|
|
|
# Reduce Consul alerts sensitivity
|
|
beacon_node_consul_success_before_passing: 5
|
|
beacon_node_consul_failures_before_warning: 10
|
|
beacon_node_consul_failures_before_critical: 20
|
|
|
|
# Periodic resync to save space
|
|
beacon_node_resync_enabled: true
|
|
beacon_node_resync_timer_enabled: '{{ (idx % 2 == 1) and not node.get("public_api") }}'
|
|
beacon_node_resync_timer_frequency: 'monthly'
|
|
beacon_node_resync_timer_random_delay_sec: 604800 # 7 days
|
|
beacon_node_resync_timer_trusted_api_url: >-
|
|
{{ "http://stable-small-01.aws-eu-central-1a.nimbus.mainnet.wg:9300"
|
|
if idx == 0 else "http://localhost:"+(beacon_node_rest_port_base|string) }}
|
|
|
|
# ERA files geneartion.
|
|
nimbus_era_files_timer_enabled: '{{ (nodes_layout[hostname]|length) > 1 }}'
|
|
nimbus_era_files_timer_path: '/data/era'
|
|
nimbus_era_files_network: '{{ beacon_node_network }}'
|
|
# FIXME: Not pretty, since hardcoded, but the simplest way to do it right now.
|
|
nimbus_era_files_db_path: '/data/beacon-node-{{ beacon_node_network }}-stable-01/data/db'
|
|
nimbus_era_files_nclidb_path: '/data/beacon-node-{{ beacon_node_network }}-stable-01/repo/build/ncli_db'
|
|
|
|
# Open Ports
|
|
open_ports_default_comment: 'Nimbus REST API'
|
|
open_ports_default_chain: 'VPN'
|
|
open_ports_list:
|
|
- { port: '9300:9310', ipset: '{{ env }}.{{ stage }}' }
|
|
- { port: '9400', ipset: 'metrics.hq', comment: 'Geth Exporter' }
|
|
- { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq', comment: 'SMART Metrics' }
|
|
|
|
# Split by hostname for more central location
|
|
nodes_layout:
|
|
# AWS --------------------------------------------------------------
|
|
'stable-small-01.aws-eu-central-1a.nimbus.mainnet':
|
|
- { branch: 'stable', history: 'archive' }
|
|
|
|
'stable-small-02.aws-eu-central-1a.nimbus.mainnet':
|
|
- { branch: 'stable', history: 'archive' }
|
|
|
|
# Innova Hosting ---------------------------------------------------
|
|
'linux-01.ih-eu-mda1.nimbus.mainnet': # Frankenstein host, all nodes use one Geth.
|
|
- { branch: 'stable', num: 1 }
|
|
- { branch: 'stable', num: 2 }
|
|
- { branch: 'testing', num: 1, open_libp2p_ports: false }
|
|
- { branch: 'testing', num: 2 }
|
|
- { branch: 'unstable', num: 1, public_api: true }
|
|
- { branch: 'unstable', num: 2 }
|
|
|
|
'linux-02.ih-eu-mda1.nimbus.mainnet':
|
|
- { branch: 'stable', num: 1 }
|
|
- { branch: 'stable', num: 2 }
|
|
- { branch: 'testing', num: 1, public_api: true }
|
|
- { branch: 'testing', num: 2 }
|
|
- { branch: 'unstable', num: 1, open_libp2p_ports: false }
|
|
- { branch: 'unstable', num: 2 }
|
|
|
|
'linux-03.ih-eu-mda1.nimbus.mainnet':
|
|
- { branch: 'stable', num: 1, max_peers: 10000 }
|
|
- { branch: 'stable', num: 2 }
|
|
- { branch: 'testing', num: 1 }
|
|
- { branch: 'testing', num: 2 }
|
|
- { branch: 'unstable', num: 1 }
|
|
- { branch: 'unstable', num: 2 }
|
|
|
|
'linux-04.ih-eu-mda1.nimbus.mainnet':
|
|
- { branch: 'stable', num: 1 }
|
|
- { branch: 'stable', num: 2 }
|
|
- { branch: 'testing', num: 1 }
|
|
- { branch: 'testing', num: 2 }
|
|
- { branch: 'unstable', num: 1 }
|
|
- { branch: 'unstable', num: 2 }
|
|
|
|
'linux-05.ih-eu-mda1.nimbus.mainnet':
|
|
- { branch: 'stable', num: 1 }
|
|
- { branch: 'stable', num: 2 }
|
|
- { branch: 'testing', num: 1 }
|
|
- { branch: 'testing', num: 2 }
|
|
- { branch: 'unstable', num: 1 }
|
|
- { branch: 'unstable', num: 2 }
|
|
|
|
'linux-06.ih-eu-mda1.nimbus.mainnet': # Doesn't exist yet.
|
|
- { branch: 'stable', num: 1 }
|
|
- { branch: 'stable', num: 2 }
|
|
- { branch: 'testing', num: 1 }
|
|
- { branch: 'testing', num: 2 }
|
|
- { branch: 'unstable', num: 1 }
|
|
- { branch: 'unstable', num: 2 }
|
|
|
|
'linux-07.ih-eu-mda1.nimbus.mainnet': # Doesn't exist yet.
|
|
- { branch: 'stable', num: 1 }
|
|
- { branch: 'libp2p', num: 1 }
|
|
- { branch: 'libp2p', num: 2 }
|
|
- { branch: 'libp2p', num: 3, extra_flags: ['--enable-yamux=true'] }
|
|
- { branch: 'libp2p', num: 4, extra_flags: ['--enable-yamux=true'] }
|