infra-status/ansible/group_vars/status.yml

---
swap_file_size_mb: 2048

# Nim-Waku
nim_waku_cont_tag: 'deploy-status-{{ stage }}'
nim_waku_cont_name: 'nim-waku'
nim_waku_log_level: 'debug'
nim_waku_dns4_domain_name: '{{ dns_entry }}'
# Protocols
nim_waku_protocols_enabled: ['relay', 'filter', 'lightpush', 'store']
# Node Key
nim_waku_node_key: '{{lookup("bitwarden", "fleets/status/"+stage+"/nodekeys", field=hostname)}}'
# Ports
nim_waku_p2p_tcp_port: 30303
nim_waku_p2p_udp_port: 30303
nim_waku_websock_port: 443
nim_waku_metrics_port: 8008
nim_waku_rpc_tcp_port: 8545
nim_waku_rpc_tcp_addr: 0.0.0.0
# Limits
nim_waku_p2p_max_connections: 150
# SQLite store
nim_waku_sqlite_store: true
nim_waku_sqlite_retention_time: '{{ (stage == "test") | ternary(1209600, 2592000) }}' # 14 or 30 days
# DNS Discovery
nim_waku_dns_disc_enabled: true
nim_waku_dns_disc_url: 'enrtree://AOGECG2SPND25EEFMAJ5WF3KSGJNSGV356DSTL2YVLLZWIV6SAYBM@{{ stage }}.nodes.status.im'
# Discovery V5
nim_waku_disc_v5_enabled: true
nim_waku_disc_v5_enr_auto_update: true
nim_waku_disc_v5_port: 9000
# Websockets
nim_waku_websocket_enabled: true
nim_waku_websocket_secure_enabled: true
nim_waku_websocket_domain: '{{ dns_entry }}'
nim_waku_websocket_ssl_dir: '/etc/letsencrypt'
nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'
nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'
# Consul Service
nim_waku_consul_success_before_passing: '{{ (stage == "prod") | ternary(2, 4) }}'
nim_waku_consul_failures_before_warning: '{{ (stage == "prod") | ternary(2, 4) }}'
nim_waku_consul_failures_before_critical: '{{ (stage == "prod") | ternary(4, 8) }}'

# Peer connecting
waku_peers_rpc_port: '{{ nim_waku_rpc_tcp_port }}'
waku_peers_rpc_timeout: 20
waku_peers_rpc_retries: 5
waku_peers_consul_services:
  - { name: '{{ nim_waku_cont_name }}', env: '{{ env }}',  stage: '{{ stage }}' }
  # Temporarily disabled bridge. https://github.com/status-im/infra-status/issues/14
  #- { name: 'nim-waku-bridge',          env: '{{ env }}',  stage: '{{ stage }}' }

# LetsEncrypt via Certbot
certbot_docker_enabled: true
certbot_admin_email: 'devops@status.im'
certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']
certbot_certs:
  - domains: [ '{{ nim_waku_websocket_domain }}' ]

# Open LibP2P Ports
open_ports_default_comment: '{{ nim_waku_cont_name }}'
open_ports_default_protocol: 'tcp'
open_ports_default_chain: 'SERVICES'
open_ports_list:
  - { port: '80', comment: 'Certbot verification' }
  - { port: '{{ nim_waku_p2p_tcp_port }}' }
  - { port: '{{ nim_waku_p2p_udp_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
  - { port: '{{ nim_waku_websock_port }}' }
  - { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }
  - { port: '{{ nim_waku_rpc_tcp_port }}', chain: 'VPN', ipset: '{{ env }}.{{ stage }}' }
configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`---`
status: lowe SWAP file size to 2 GB Default of 4 GB is too big. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-07-11 13:51:15 +00:00			`swap_file_size_mb: 2048`

			`# Nim-Waku`
configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`nim_waku_cont_tag: 'deploy-status-{{ stage }}'`
			`nim_waku_cont_name: 'nim-waku'`
status: change log level to debug Previously the log level flag was ignored: https://github.com/status-im/nwaku/pull/1272 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-10-18 10:47:09 +00:00			`nim_waku_log_level: 'debug'`
configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`nim_waku_dns4_domain_name: '{{ dns_entry }}'`
			`# Protocols`
			`nim_waku_protocols_enabled: ['relay', 'filter', 'lightpush', 'store']`
status: specify node keys from BitWarden https://github.com/status-im/infra-status/issues/1 In order to make sure we can re-create the hosts with the same address. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-11 17:32:35 +00:00			`# Node Key`
			`nim_waku_node_key: '{{lookup("bitwarden", "fleets/status/"+stage+"/nodekeys", field=hostname)}}'`
configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`# Ports`
			`nim_waku_p2p_tcp_port: 30303`
			`nim_waku_p2p_udp_port: 30303`
status: enable native websocket port https://github.com/status-im/infra-status/issues/13 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-22 14:11:52 +00:00			`nim_waku_websock_port: 443`
configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`nim_waku_metrics_port: 8008`
			`nim_waku_rpc_tcp_port: 8545`
			`nim_waku_rpc_tcp_addr: 0.0.0.0`
			`# Limits`
			`nim_waku_p2p_max_connections: 150`
feat: config for sqlite-only store (#8) 2022-06-20 09:55:39 +00:00			`# SQLite store`
			`nim_waku_sqlite_store: true`
status: set 30 days of retention for prod fleet https://github.com/status-im/infra-status/issues/19 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-09-21 09:39:20 +00:00			`nim_waku_sqlite_retention_time: '{{ (stage == "test") \| ternary(1209600, 2592000) }}' # 14 or 30 days`
status: use DNS discovery, connect to given stage https://github.com/status-im/infra-status/issues/17 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-09-15 12:43:31 +00:00			`# DNS Discovery`
			`nim_waku_dns_disc_enabled: true`
			`nim_waku_dns_disc_url: 'enrtree://AOGECG2SPND25EEFMAJ5WF3KSGJNSGV356DSTL2YVLLZWIV6SAYBM@{{ stage }}.nodes.status.im'`
enable Discovery V5 for all status nodes Issue: https://github.com/status-im/infra-status/issues/6 Depends: https://github.com/status-im/infra-role-nim-waku/commit/1e5367c8 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-18 11:15:34 +00:00			`# Discovery V5`
			`nim_waku_disc_v5_enabled: true`
			`nim_waku_disc_v5_enr_auto_update: true`
			`nim_waku_disc_v5_port: 9000`
status: enable native websocket port https://github.com/status-im/infra-status/issues/13 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-22 14:11:52 +00:00			`# Websockets`
			`nim_waku_websocket_enabled: true`
			`nim_waku_websocket_secure_enabled: true`
			`nim_waku_websocket_domain: '{{ dns_entry }}'`
			`nim_waku_websocket_ssl_dir: '/etc/letsencrypt'`
			`nim_waku_websocket_ssl_cert: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/fullchain.pem'`
			`nim_waku_websocket_ssl_key: '/etc/letsencrypt/live/{{ nim_waku_websocket_domain }}/privkey.pem'`
status: raise thresholds for alerts and recovery Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-05-24 19:20:17 +00:00			`# Consul Service`
			`nim_waku_consul_success_before_passing: '{{ (stage == "prod") \| ternary(2, 4) }}'`
status: change log level to debug Previously the log level flag was ignored: https://github.com/status-im/nwaku/pull/1272 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-10-18 10:47:09 +00:00			`nim_waku_consul_failures_before_warning: '{{ (stage == "prod") \| ternary(2, 4) }}'`
			`nim_waku_consul_failures_before_critical: '{{ (stage == "prod") \| ternary(4, 8) }}'`
add infra-role-waku-peers to connect peers The logic was extracted to a separate role and Python script: - https://github.com/status-im/infra-role-waku-peers - https://github.com/status-im/infra-repos/commit/f3084d4e - https://github.com/status-im/infra-role-nim-waku/commit/b8b64c0e - https://github.com/status-im/infra-status/issues/4 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-10 16:26:44 +00:00
waku-peers: use new variable names, add timer Hourly timer avoids the need to have to re-run Ansible frequently. https://github.com/status-im/infra-role-waku-peers/commit/895d6f07 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-06-22 11:22:10 +00:00			`# Peer connecting`
			`waku_peers_rpc_port: '{{ nim_waku_rpc_tcp_port }}'`
waku-peers: bump timeout to 20 seconds and 5 retries Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-06-23 12:31:12 +00:00			`waku_peers_rpc_timeout: 20`
			`waku_peers_rpc_retries: 5`
use new format of specifying service for waku-peers https://github.com/status-im/infra-role-waku-peers/commit/be28c829 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-07-26 19:21:28 +00:00			`waku_peers_consul_services:`
			`- { name: '{{ nim_waku_cont_name }}', env: '{{ env }}', stage: '{{ stage }}' }`
status: disable connecting to bridge instance Supposed to be a temproary fix for performance issues: https://github.com/status-im/infra-status/issues/14 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-30 18:28:38 +00:00			`# Temporarily disabled bridge. https://github.com/status-im/infra-status/issues/14`
			`#- { name: 'nim-waku-bridge', env: '{{ env }}', stage: '{{ stage }}' }`
waku-peers: use new variable names, add timer Hourly timer avoids the need to have to re-run Ansible frequently. https://github.com/status-im/infra-role-waku-peers/commit/895d6f07 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-06-22 11:22:10 +00:00
status: enable native websocket port https://github.com/status-im/infra-status/issues/13 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-22 14:11:52 +00:00			`# LetsEncrypt via Certbot`
			`certbot_docker_enabled: true`
			`certbot_admin_email: 'devops@status.im'`
status: fix certbot stopping nim-waku container Otherwise it can't use ports 80 and 443. Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-29 15:37:19 +00:00			`certbot_containers_to_stop: ['{{ nim_waku_cont_name }}']`
status: enable native websocket port https://github.com/status-im/infra-status/issues/13 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-22 14:11:52 +00:00			`certbot_certs:`
			`- domains: [ '{{ nim_waku_websocket_domain }}' ]`

configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`# Open LibP2P Ports`
			`open_ports_default_comment: '{{ nim_waku_cont_name }}'`
			`open_ports_default_protocol: 'tcp'`
			`open_ports_default_chain: 'SERVICES'`
			`open_ports_list:`
status: enable native websocket port https://github.com/status-im/infra-status/issues/13 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-22 14:11:52 +00:00			`- { port: '80', comment: 'Certbot verification' }`
configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`- { port: '{{ nim_waku_p2p_tcp_port }}' }`
			`- { port: '{{ nim_waku_p2p_udp_port }}', protocol: 'udp' }`
enable Discovery V5 for all status nodes Issue: https://github.com/status-im/infra-status/issues/6 Depends: https://github.com/status-im/infra-role-nim-waku/commit/1e5367c8 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-18 11:15:34 +00:00			`- { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }`
status: enable native websocket port https://github.com/status-im/infra-status/issues/13 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-08-22 14:11:52 +00:00			`- { port: '{{ nim_waku_websock_port }}' }`
configure nodes on status.prod fleet https://github.com/status-im/infra-status/issues/1 Signed-off-by: Jakub Sokołowski <jakub@status.im> 2022-03-09 12:49:00 +00:00			`- { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }`
			`- { port: '{{ nim_waku_rpc_tcp_port }}', chain: 'VPN', ipset: '{{ env }}.{{ stage }}' }`