support configuration of Auth RPC for Engine API

This is required for communication with consensus layer nodes: https://geth.ethereum.org/docs/interface/consensus-clients Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-08-11 11:42:02 +02:00 · 2022-08-11 11:42:02 +02:00 · fb1897650c
parent 6e2e211e19
commit fb1897650c
4 changed files with 37 additions and 2 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -50,6 +50,14 @@ geth_websocket_port: '{{ geth_rpc_port + 1 | int }}'
 geth_websocket_api: 'eth,net,web3,personal,admin,engine'
 geth_websocket_origins: 'localhost'

+# Engine API
+geth_authrpc_enabled: true
+geth_authrpc_addr: '127.0.0.1'
+geth_authrpc_port: 8551
+geth_authrpc_vhosts: '{{ geth_rpc_vhosts }}'
+geth_authrpc_jwtsecret: '{{ geth_service_name | password_hash("sha512", (inventory_hostname|hash("sha1"))[0:16], rounds=5000) }}'
+geth_authrpc_jwtsecret_file: '{{ geth_cont_vol }}/keys/jwtsecret'
+
 # Sync mode: full, fast, light, snap
 geth_sync_mode: 'light'
 # Maximum number of untrusted peers that can connect
--- a/tasks/consul.yml
+++ b/tasks/consul.yml
@ -29,6 +29,19 @@
            timeout: '5s'
            failures_before_critical: 3

+      - id:   '{{ geth_cont_name }}-authrpc'
+        name: '{{ geth_consul_service_name }}-authrpc'
+        tags: '{{ geth_consul_tags + ["authrpc", "engine"] }}'
+        port: '{{ geth_authrpc_port }}'
+        address: '{{ ansible_local.wireguard.address }}'
+        meta:
+          url: 'http://{{ ansible_local.wireguard.address }}:{{ geth_authrpc_port }}'
+        checks:
+          - id: '{{ geth_cont_name }}-authrpc-status'
+            type: 'tcp'
+            tcp: 'localhost:{{ geth_authrpc_port }}'
+            failures_before_critical: 3
+
      - id:   '{{ geth_cont_name }}-ws'
        name: '{{ geth_consul_service_name }}-ws'
        tags: '{{ geth_consul_tags + ["websocket"] }}'
--- a/tasks/generate.yml
+++ b/tasks/generate.yml
@ -99,5 +99,12 @@
  copy:
    dest: '{{ geth_account_addr_file }}'
    content: '{{ geth_account_addr | mandatory }}'
-    owner: dockremap
-    group: docker
+    owner: 'dockremap'
+    group: 'docker'
+
+- name: Geth | Create JWT secret file
+  copy:
+    dest: '{{ geth_authrpc_jwtsecret_file }}'
+    content: '{{ geth_authrpc_jwtsecret | mandatory }}'
+    owner: 'dockremap'
+    group: 'docker'
--- a/templates/docker-compose.yml.j2
+++ b/templates/docker-compose.yml.j2
@ -16,6 +16,7 @@ services:
      - '{{ geth_metrics_port }}:{{ geth_metrics_port }}/tcp'
      - '{{ geth_websocket_addr }}:{{ geth_websocket_port }}:{{ geth_websocket_port }}/tcp'
      - '{{ geth_rpc_addr }}:{{ geth_rpc_port }}:{{ geth_rpc_port }}/tcp'
+      - '{{ geth_authrpc_addr }}:{{ geth_authrpc_port }}:{{ geth_authrpc_port }}/tcp'
    labels:
      # These are just for documentation
      org.ethereum.geth.network_name: '{{ geth_network_name }}'
@ -70,6 +71,12 @@ services:
      --ws.api={{ geth_websocket_api }}
      --ws.origins='{{ geth_websocket_origins }}'
 {% endif %}
+{% if geth_authrpc_enabled %}
+      --authrpc.addr=0.0.0.0
+      --authrpc.port={{ geth_authrpc_port }}
+      --authrpc.vhosts={{ geth_authrpc_vhosts | join(",") }}
+      --authrpc.jwtsecret=/keys/jwtsecret
+{% endif %}
 {% if (geth_bootnodes|length) > 0 %}
      --bootnodes="{{ geth_bootnodes | join(',') }}"
 {% endif %}