support configuration of Auth RPC for Engine API
This is required for communication with consensus layer nodes: https://geth.ethereum.org/docs/interface/consensus-clients Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
6e2e211e19
commit
fb1897650c
|
@ -50,6 +50,14 @@ geth_websocket_port: '{{ geth_rpc_port + 1 | int }}'
|
||||||
geth_websocket_api: 'eth,net,web3,personal,admin,engine'
|
geth_websocket_api: 'eth,net,web3,personal,admin,engine'
|
||||||
geth_websocket_origins: 'localhost'
|
geth_websocket_origins: 'localhost'
|
||||||
|
|
||||||
|
# Engine API
|
||||||
|
geth_authrpc_enabled: true
|
||||||
|
geth_authrpc_addr: '127.0.0.1'
|
||||||
|
geth_authrpc_port: 8551
|
||||||
|
geth_authrpc_vhosts: '{{ geth_rpc_vhosts }}'
|
||||||
|
geth_authrpc_jwtsecret: '{{ geth_service_name | password_hash("sha512", (inventory_hostname|hash("sha1"))[0:16], rounds=5000) }}'
|
||||||
|
geth_authrpc_jwtsecret_file: '{{ geth_cont_vol }}/keys/jwtsecret'
|
||||||
|
|
||||||
# Sync mode: full, fast, light, snap
|
# Sync mode: full, fast, light, snap
|
||||||
geth_sync_mode: 'light'
|
geth_sync_mode: 'light'
|
||||||
# Maximum number of untrusted peers that can connect
|
# Maximum number of untrusted peers that can connect
|
||||||
|
|
|
@ -29,6 +29,19 @@
|
||||||
timeout: '5s'
|
timeout: '5s'
|
||||||
failures_before_critical: 3
|
failures_before_critical: 3
|
||||||
|
|
||||||
|
- id: '{{ geth_cont_name }}-authrpc'
|
||||||
|
name: '{{ geth_consul_service_name }}-authrpc'
|
||||||
|
tags: '{{ geth_consul_tags + ["authrpc", "engine"] }}'
|
||||||
|
port: '{{ geth_authrpc_port }}'
|
||||||
|
address: '{{ ansible_local.wireguard.address }}'
|
||||||
|
meta:
|
||||||
|
url: 'http://{{ ansible_local.wireguard.address }}:{{ geth_authrpc_port }}'
|
||||||
|
checks:
|
||||||
|
- id: '{{ geth_cont_name }}-authrpc-status'
|
||||||
|
type: 'tcp'
|
||||||
|
tcp: 'localhost:{{ geth_authrpc_port }}'
|
||||||
|
failures_before_critical: 3
|
||||||
|
|
||||||
- id: '{{ geth_cont_name }}-ws'
|
- id: '{{ geth_cont_name }}-ws'
|
||||||
name: '{{ geth_consul_service_name }}-ws'
|
name: '{{ geth_consul_service_name }}-ws'
|
||||||
tags: '{{ geth_consul_tags + ["websocket"] }}'
|
tags: '{{ geth_consul_tags + ["websocket"] }}'
|
||||||
|
|
|
@ -99,5 +99,12 @@
|
||||||
copy:
|
copy:
|
||||||
dest: '{{ geth_account_addr_file }}'
|
dest: '{{ geth_account_addr_file }}'
|
||||||
content: '{{ geth_account_addr | mandatory }}'
|
content: '{{ geth_account_addr | mandatory }}'
|
||||||
owner: dockremap
|
owner: 'dockremap'
|
||||||
group: docker
|
group: 'docker'
|
||||||
|
|
||||||
|
- name: Geth | Create JWT secret file
|
||||||
|
copy:
|
||||||
|
dest: '{{ geth_authrpc_jwtsecret_file }}'
|
||||||
|
content: '{{ geth_authrpc_jwtsecret | mandatory }}'
|
||||||
|
owner: 'dockremap'
|
||||||
|
group: 'docker'
|
||||||
|
|
|
@ -16,6 +16,7 @@ services:
|
||||||
- '{{ geth_metrics_port }}:{{ geth_metrics_port }}/tcp'
|
- '{{ geth_metrics_port }}:{{ geth_metrics_port }}/tcp'
|
||||||
- '{{ geth_websocket_addr }}:{{ geth_websocket_port }}:{{ geth_websocket_port }}/tcp'
|
- '{{ geth_websocket_addr }}:{{ geth_websocket_port }}:{{ geth_websocket_port }}/tcp'
|
||||||
- '{{ geth_rpc_addr }}:{{ geth_rpc_port }}:{{ geth_rpc_port }}/tcp'
|
- '{{ geth_rpc_addr }}:{{ geth_rpc_port }}:{{ geth_rpc_port }}/tcp'
|
||||||
|
- '{{ geth_authrpc_addr }}:{{ geth_authrpc_port }}:{{ geth_authrpc_port }}/tcp'
|
||||||
labels:
|
labels:
|
||||||
# These are just for documentation
|
# These are just for documentation
|
||||||
org.ethereum.geth.network_name: '{{ geth_network_name }}'
|
org.ethereum.geth.network_name: '{{ geth_network_name }}'
|
||||||
|
@ -70,6 +71,12 @@ services:
|
||||||
--ws.api={{ geth_websocket_api }}
|
--ws.api={{ geth_websocket_api }}
|
||||||
--ws.origins='{{ geth_websocket_origins }}'
|
--ws.origins='{{ geth_websocket_origins }}'
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
{% if geth_authrpc_enabled %}
|
||||||
|
--authrpc.addr=0.0.0.0
|
||||||
|
--authrpc.port={{ geth_authrpc_port }}
|
||||||
|
--authrpc.vhosts={{ geth_authrpc_vhosts | join(",") }}
|
||||||
|
--authrpc.jwtsecret=/keys/jwtsecret
|
||||||
|
{% endif %}
|
||||||
{% if (geth_bootnodes|length) > 0 %}
|
{% if (geth_bootnodes|length) > 0 %}
|
||||||
--bootnodes="{{ geth_bootnodes | join(',') }}"
|
--bootnodes="{{ geth_bootnodes | join(',') }}"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue