first working version running 2.30.0

https://github.com/ledgerwatch/erigon/releases/tag/v2.30.0

Signed-off-by: Jakub Sokołowski <jakub@status.im>

defaults/main.yml

@@ -0,0 +1,83 @@
+---
+erigon_service_name: 'erigon'
+erigon_service_path: '/docker/{{ erigon_service_name }}'
+erigon_compose_path: '{{ erigon_service_path }}/docker-compose.yml'
+
+# Container config
+erigon_cont_tag: 'v2.30.0'
+erigon_cont_image: 'thorax/erigon:{{ erigon_cont_tag }}'
+erigon_cont_name: '{{ erigon_service_name }}'
+erigon_cont_data_vol: '{{ erigon_service_path }}/data'
+erigon_cont_keys_vol: '{{ erigon_service_path }}/keys'
+erigon_cont_stop_grace_period: '1m'
+# Container memory limits
+erigon_cont_mem_ratio: 0.6
+erigon_cont_mem_limit: '{{ (ansible_memtotal_mb * erigon_cont_mem_ratio|float) | int }}'
+
+# Available: mainnet, goerli, sepolia, kiln
+erigon_network_name: 'mainnet'
+# Maximum number of untrusted peers that can connect
+erigon_max_peers: 50
+# Any additional flags you want to provide
+erigon_extra_flags: []
+# Custom bootnodes
+erigon_bootnodes: []
+# Log Levels: trace, debug, info, warning, error
+erigon_log_level: 'info'
+erigon_log_json: true
+# Peer discovery protocol
+erigon_v5disc_enabled: true
+# Mining settings
+erigon_miner_enabled: false
+# Enode address
+erigon_enode_file: '{{ erigon_cont_keys_vol }}/enode'
+
+# DevP2P Port
+erigon_port: 30303
+# Address to advertise
+erigon_public_addr: '{{ ansible_host }}'
+# Enable metrics
+erigon_metrics_enabled: true
+erigon_metrics_port: 6060
+# RPC port of administration
+erigon_rpc_enabled: true
+erigon_rpc_addr: '127.0.0.1'
+erigon_rpc_port: 8545
+# Available: admin, erigon, debug, eth, les, miner, net, personal, rpc, txpool, web3, engine
+erigon_rcp_api: 'eth,net,erigon,admin,engine'
+# useful for linking containers
+erigon_rpc_extra_vhost: 'erigon'
+erigon_rpc_vhosts:
+  - 'localhost'
+  - '{{ erigon_cont_name }}'
+  - '{{ erigon_rpc_extra_vhost }}'
+  - '{{ hostname }}'
+  - '{{ hostname }}.wg'
+  - '{{ ansible_local.wireguard.vpn_ip }}'
+# Wrapper for easier RPC usage
+erigon_rpc_wrapper: '{{ erigon_service_path }}/rpc.sh'
+
+# AuthRPC Engine API
+erigon_authrpc_enabled: true
+erigon_authrpc_addr: '127.0.0.1'
+erigon_authrpc_port: 8551
+erigon_authrpc_vhosts: '{{ erigon_rpc_vhosts }}'
+#erigon_authrpc_jwtsecret: '0x64charHexEncodedSecretToken'
+erigon_authrpc_jwtsecret_file: '{{ erigon_cont_vol }}/keys/jwtsecret'
+
+# Consul config
+erigon_consul_enabled: true
+erigon_consul_service_name: 'erigon-{{ erigon_network_name }}'
+erigon_consul_scope: 'main'
+erigon_consul_default_tags:
+  - 'erigon'
+  - 'scope:{{ erigon_consul_scope }}'
+  - '{{ env }}.{{ stage }}'
+  - '{{ erigon_network_name }}'
+erigon_consul_extra_tags: []
+erigon_consul_tags: '{{ erigon_consul_default_tags + erigon_consul_extra_tags }}'
+
+# general container management
+compose_recreate: 'smart'
+compose_state: 'present'
+compose_restart: false

handlers/main.yml

@@ -0,0 +1,3 @@
+---
+- name: Save iptables rules
+  shell: iptables-save > /etc/iptables/rules.v4

tasks/consul.yml

@@ -0,0 +1,46 @@
+---
+- name: Create Consul service definitions
+  include_role: name=consul-service
+  vars:
+    consul_config_name: '{{ erigon_cont_name }}'
+    consul_services:
+      - id:   '{{ erigon_cont_name }}'
+        name: '{{ erigon_consul_service_name }}'
+        tags: '{{ erigon_consul_tags }}'
+        port: '{{ erigon_port }}'
+        address: '{{ ansible_host }}'
+        meta:
+          node_addr: '{{ node_info.json.result.id }}'
+          node_enode: '{{ node_info.json.result.enode }}'
+        checks:
+          - id: '{{ erigon_cont_name }}-status'
+            type: tcp
+            tcp: '127.0.0.1:{{ erigon_port }}'
+
+      - id:   '{{ erigon_cont_name }}-rpc'
+        name: '{{ erigon_consul_service_name }}-rpc'
+        tags: '{{ erigon_consul_tags + ["rpc"] }}'
+        port: '{{ erigon_rpc_port }}'
+        address: '{{ ansible_local.wireguard.address }}'
+        meta:
+          url: 'http://{{ ansible_local.wireguard.address }}:{{ erigon_rpc_port }}'
+        checks:
+          - id: '{{ erigon_cont_name }}-rpc-status'
+            type: 'script'
+            script: '{{ erigon_rpc_wrapper }} eth_syncing'
+            timeout: '5s'
+            failures_before_critical: 3
+
+      - id:   '{{ erigon_cont_name }}-authrpc'
+        name: '{{ erigon_consul_service_name }}-authrpc'
+        tags: '{{ erigon_consul_tags + ["authrpc", "engine"] }}'
+        port: '{{ erigon_authrpc_port }}'
+        address: '{{ ansible_local.wireguard.address }}'
+        meta:
+          url: 'http://{{ ansible_local.wireguard.address }}:{{ erigon_authrpc_port }}'
+        checks:
+          - id: '{{ erigon_cont_name }}-authrpc-status'
+            type: 'tcp'
+            tcp: 'localhost:{{ erigon_authrpc_port }}'
+            failures_before_critical: 3
+

tasks/container.yml

@@ -0,0 +1,37 @@
+---
+- name: Create service directories
+  file:
+    path: '{{ item }}'
+    owner: dockremap
+    group: docker
+    state: directory
+  with_items:
+    - '{{ erigon_service_name }}'
+    - '{{ erigon_cont_data_vol }}'
+    - '{{ erigon_cont_keys_vol }}'
+
+- name: Create Docker Compose file
+  template:
+    src: 'docker-compose.yml.j2'
+    dest: '{{ erigon_compose_path }}'
+    owner: 'dockremap'
+    group: 'docker'
+    mode: 0640
+
+# Take into account additional docker-compose.yml files.
+- name: Find all Docker Compose files
+  find:
+    paths: '{{ erigon_service_path }}'
+    patterns: 'docker-compose*.yml'
+    recurse: false
+  register: erigon_all_compose
+
+- name: Create Docker containers
+  docker_compose:
+    project_src: '{{ erigon_service_path }}'
+    files: '{{ erigon_all_compose.files | map(attribute="path") | list }}'
+    state: '{{ compose_state }}'
+    restarted: '{{ compose_restart }}'
+    recreate: '{{ compose_recreate | default("smart") }}'
+    pull: true
+    build: false

tasks/firewall.yml

@@ -0,0 +1,14 @@
+---
+- name: Enable ports on firewall
+  iptables:
+    comment: '{{ erigon_cont_name }} {{ item }}'
+    jump: 'ACCEPT'
+    chain: 'SERVICES'
+    source: '0.0.0.0/0'
+    protocol: '{{ item }}'
+    destination_port: '{{ erigon_port | string }}'
+  with_items:
+    - tcp
+    - udp
+  notify:
+    - Save iptables rules

tasks/main.yml

@@ -0,0 +1,7 @@
+---
+- import_tasks: container.yml
+- import_tasks: firewall.yml
+- import_tasks: wrappers.yml
+- import_tasks: save_enode.yml
+- import_tasks: consul.yml
+  when: erigon_consul_enabled

tasks/save_enode.yml

@@ -0,0 +1,25 @@
+---
+- name: 'Wait for JSON RPC port to respond'
+  wait_for:
+    host: 'localhost'
+    port: '{{ erigon_rpc_port }}'
+    delay: 20
+    connect_timeout: 20
+    timeout: 120
+    state: drained
+
+- name: 'Query JSON RPC for enode address'
+  uri:
+    url: http://{{ erigon_rpc_addr }}:{{ erigon_rpc_port }}/
+    method: POST
+    body: '{"id": 1, "method": "admin_nodeInfo"}'
+    body_format: json
+    return_content: yes
+  register: node_info
+
+- name: 'Save enode address: {{ erigon_enode_file }}'
+  copy:
+    dest: '{{ erigon_enode_file }}'
+    content: '{{ node_info.json.result.enode }}'
+    owner: 
+    mode: 0644

tasks/wrappers.yml

@@ -0,0 +1,8 @@
+---
+- name: Create JSON RPC wrapper script
+  template:
+    src: 'rpc.sh.j2'
+    dest: '{{ erigon_rpc_wrapper }}'
+    owner: 'root'
+    group: 'docker'
+    mode: 0750

templates/docker-compose.yml.j2

@@ -0,0 +1,58 @@
+---
+version: '3.7'
+services:
+  erigon:
+    container_name: '{{ erigon_cont_name }}'
+    image: '{{ erigon_cont_image }}'
+    user: root
+    restart: 'always'
+    stop_grace_period: '{{ erigon_cont_stop_grace_period }}'
+    deploy:
+      resources:
+        limits:
+          memory: '{{ erigon_cont_mem_limit }}m'
+    ports:
+      - '{{ erigon_port }}:{{ erigon_port }}/tcp'
+      - '{{ erigon_port }}:{{ erigon_port }}/udp'
+      - '{{ erigon_metrics_port }}:{{ erigon_metrics_port }}/tcp'
+      - '{{ erigon_rpc_addr }}:{{ erigon_rpc_port }}:{{ erigon_rpc_port }}/tcp'
+      - '{{ erigon_authrpc_addr }}:{{ erigon_authrpc_port }}:{{ erigon_authrpc_port }}/tcp'
+    volumes:
+      - '{{ erigon_cont_data_vol }}:/data:rw'
+      - '{{ erigon_cont_keys_vol }}:/keys:rw'
+    entrypoint: '/usr/local/bin/erigon'
+    command: |
+      --chain={{ erigon_network_name }}
+      --v5disc={{ erigon_v5disc_enabled | bool | to_json }}
+      --mine={{ erigon_miner_enabled | bool | to_json }}
+      --metrics={{ erigon_metrics_enabled | bool | to_json }}
+{% if erigon_metrics_enabled %}
+      --metrics.addr=0.0.0.0
+      --metrics.port={{ erigon_metrics_port }}
+{% endif %}
+{% if erigon_rpc_enabled %}
+      --http
+      --http.addr=0.0.0.0
+      --http.port={{ erigon_rpc_port }}
+      --http.vhosts={{ erigon_rpc_vhosts | sort | join(",") }}
+      --http.api={{ erigon_rcp_api }}
+{% endif %}
+{% if erigon_authrpc_enabled %}
+      --authrpc.addr=0.0.0.0
+      --authrpc.port={{ erigon_authrpc_port }}
+      --authrpc.vhosts={{ erigon_authrpc_vhosts | sort | join(",") }}
+      --authrpc.jwtsecret=/keys/jwtsecret
+{% endif %}
+{% if (erigon_bootnodes|length) > 0 %}
+      --bootnodes="{{ erigon_bootnodes | sort | join(',') }}"
+{% endif %}
+      --log.console.json={{ erigon_log_json | bool | to_json }}
+      --log.console.verbosity={{ erigon_log_level }}
+      --maxpeers={{ erigon_max_peers }}
+      --port={{ erigon_port }}
+      --nat=extip:{{ erigon_public_addr }}
+      --allow-insecure-unlock
+      --datadir=/data
+{% for extra_flag in erigon_extra_flags %}
+      {{ extra_flag }}
+{% endfor %}

templates/rpc.sh.j2

@@ -0,0 +1,32 @@
+#!/usr/bin/env bash
+# vim: set ft=sh:
+set -euo pipefail
+
+URL="http://{{ erigon_rpc_addr }}:{{ erigon_rpc_port }}/"
+
+METHOD="$1"
+shift
+
+if [[ -z "${METHOD}" ]]; then
+    echo "No method specified!" >&2
+    exit 1
+fi
+if [[ -n "${@}" ]]; then
+    PARAMS=$(printf '%s,' "${@}")
+    PARAMS="${@%%,}"
+else
+    PARAMS=''
+fi
+
+PAYLOAD="{
+  \"id\": 1,
+  \"jsonrpc\": \"2.0\",
+  \"method\": \"${METHOD}\",
+  \"params\": [${PARAMS}]
+}"
+
+curl -s -X POST \
+    -H "Content-type:application/json" \
+    --data "${PAYLOAD}" \
+    "${URL}" | \
+    jq -e '., if .error != null then null|halt_error(2) else halt end'