From 2f7c7eb70fdc408666bd9c17c7d14bb00b9d81e9 Mon Sep 17 00:00:00 2001 From: parithosh Date: Wed, 22 Apr 2026 15:51:34 +0200 Subject: [PATCH] block devnet 1 --- .../devnet-1/group_vars/all/00-defaults.yaml | 1 + .../devnet-1/group_vars/all/all.sops.yaml | 197 +++++++++++ .../devnet-1/group_vars/all/all.yaml | 309 ++++++++++++++++++ .../devnet-1/group_vars/all/images.yaml | 54 +++ .../devnet-1/group_vars/bootnode.sops.yaml | 158 +++++++++ .../devnet-1/group_vars/bootnode.yaml | 175 ++++++++++ .../devnet-1/group_vars/dns_server.yaml | 84 +++++ .../devnet-1/group_vars/ethereum_node.yaml | 92 ++++++ .../inventories/devnet-1/group_vars/geth.yaml | 87 +++++ .../devnet-1/group_vars/nethermind.yaml | 97 ++++++ .../devnet-1/group_vars/prysm.yaml | 71 ++++ .../inventories/devnet-1/group_vars/xatu.yaml | 91 ++++++ .../devnet-1/group_vars/xatu_sentry.yaml | 1 + .../inventories/devnet-1/host_vars/localhost | 2 + terraform/devnet-1/nodes.tf | 18 +- 15 files changed, 1425 insertions(+), 12 deletions(-) create mode 120000 ansible/inventories/devnet-1/group_vars/all/00-defaults.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/all/all.sops.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/all/all.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/all/images.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/bootnode.sops.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/bootnode.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/dns_server.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/ethereum_node.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/geth.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/nethermind.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/prysm.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/xatu.yaml create mode 100644 ansible/inventories/devnet-1/group_vars/xatu_sentry.yaml create mode 100644 ansible/inventories/devnet-1/host_vars/localhost diff --git a/ansible/inventories/devnet-1/group_vars/all/00-defaults.yaml b/ansible/inventories/devnet-1/group_vars/all/00-defaults.yaml new file mode 120000 index 0000000..aa09835 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/all/00-defaults.yaml @@ -0,0 +1 @@ +../../../../group_vars/all/defaults.yaml \ No newline at end of file diff --git a/ansible/inventories/devnet-1/group_vars/all/all.sops.yaml b/ansible/inventories/devnet-1/group_vars/all/all.sops.yaml new file mode 100644 index 0000000..a8a018a --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/all/all.sops.yaml @@ -0,0 +1,197 @@ +secret_zerossl: + ACME_EAB_KID: ENC[AES256_GCM,data:UAbtTHRnXHispR1iQr/5eQMV7JMk5g==,iv:WkDvniP4a1cjpRTQqT0MnJo9UkIp+iwJ3NPSTb8sFsU=,tag:yXavQCYBVJsPHwmm2WbwSg==,type:str] + ACME_EAB_HMAC_KEY: ENC[AES256_GCM,data:V7U8TluhY0y550IjMfubUgHSFCdxqS109TwWjSGx818J2So5zrTJR0TWzRl1bH4/9MyqCpEtTLHzLlL0j7I4XzgNvrm8qjpeNw3yRa94eyWH5EJT8VI=,iv:Evd5W8ORLtUa3sSl6XeaqY69p0FAmpiFmjXDlP+XbUY=,tag:A34c1/jnfKSFjuDf/2stYA==,type:str] +secret_prometheus_remote_write: + username: ENC[AES256_GCM,data:yousdWI9alFk79gFvw==,iv:M5hUbtMlC+YM9uRaoid5UGdvfikaKjhGOrdUMuPjwAk=,tag:akNY7IX/h9ohN/8LPXHSSQ==,type:str] + password: ENC[AES256_GCM,data:wo4EZfdVFqSfCLyFxkZVhT05pTy4ZzOibzh1Jidm0rgkWVPI,iv:NW8hMqcUDsb/r0NlQ9mm7PdxK9+Mxn7WDD3OpJpvLpA=,tag:GbwF9WZU4xhcxdriNHElhA==,type:str] +secret_loki: + endpoint: ENC[AES256_GCM,data:fgNKy2JFJ+eWraqSN8mmrMD2qua/od9Ai4KkWt0BaqJuJeNbkisVERcjZXL/OFZK0eJqNVzQh+w=,iv:3hdFH0Y+33EXpCMoEhQHMj1cwxn2EMFOdPj2YwJZAhg=,tag:H6KbRsCGIC0axq4qFfP++A==,type:str] + username: ENC[AES256_GCM,data:el1o6j+dsKgErJ2vqQ==,iv:/5in3YdE+PGQyEd4Mf8JfCAGUdiXGCYgj9+E3wvwiTA=,tag:9QwnOCxu9W22w6u1W/09pA==,type:str] + password: ENC[AES256_GCM,data:jQQAcsmsQLB+T8kLZCq/U94EkMjAIBfP7YoEEZ+20GNWnjfY,iv:oT3Xv7mL55nWl/ysJFvtca+IAE73ahDtuwI4wcS4P60=,tag:daEzi4A8RV8mxC9HiycYsw==,type:str] +secret_nginx_shared_basic_auth: + name: ENC[AES256_GCM,data:O7L3,iv:DiOGlqfOfrDlt7X4OGY27OYlkDDEHguv+kg1zRhBek0=,tag:KuOX20lI/iYZOORFraiISw==,type:str] + password: ENC[AES256_GCM,data:HyMDeoK5s6JDfsJ7j5Gg,iv:yvC4WWOOJvVeegWl0uj2P8yxcfBgNrvYSm5xUB5qux8=,tag:XoZbXpvLtUJPVoEaV3ltsg==,type:str] +secret_ethstats: ENC[AES256_GCM,data:vO/gY2iluciwksE=,iv:WHYxXgQ2LdLGMKxvagmT3UhmQl/dRucpyhYzZxHvLHc=,tag:NX4Lkg6SPPusRx/zHGn00w==,type:str] +secret_bootnodoor_seed: ENC[AES256_GCM,data:BHEqdTiCm+FUFNZz14z6n9MCK5pYzwE2HoULRNXyYoBmYVyUkob2a2OSXIQRNbTrjmSxV/RerP1Bk3MMVJhsog==,iv:s72eKKB+wdpSrb5LIkEvhxI7fYOlzn5fxTiJLFqseFw=,tag:aGIzv1SUCxxI24T7Mv/vng==,type:str] +secret_genesis_mnemonic: ENC[AES256_GCM,data:zRxUC65Kt1b8DM4QPyEJ/u0Uhp2ftMcJVtacbXRrOCUGm+gy0n+VH199hVxvviouJQkbv5FiJYiFjwjJ/yFX5ajPgOqanjRpBfEfwwD2Drtafaw/mWT7pSILHlo7oI18+bGIWjXve5mpUSuAC7jiaufDVROvSa6bcew0Ogbp5pzbFJBFFim3LFjyC1uSRO7JbRoK4cUl1CxnaCUaC/3GKz4l/fIe,iv:EaQilsQbnswzCqkWSK9G/R3wwmMRDwWZDjdZQ1fUZRk=,tag:2kWU1BNG/B82qzmNxmwIjQ==,type:str] +secret_mev_coinbase_secret_key: ENC[AES256_GCM,data:TYLALYjoxOyyrpPoJ/gBvXO2vMdbbFqrI0gyZAJ7MHgI7SMmb7qTfDzakHmOASZ5ezJXfOMWqy0zBqQwymLhzA==,iv:MNJfTjd3pfAW9tR8WUEcp5BOcjjBTQFRoAN+NkC+VAA=,tag:dlR3sMxJb9he8xZn3FcD6w==,type:str] +secret_mev_builder_tx_signing_key: ENC[AES256_GCM,data:Tr01nA3sls3AhttJga/ndK+nMjZSiyMIE3zafwsEZjZt9aETG+zEnkcAK5y9P1aq2N1UZ/KMOF0BPNbgCtOddw==,iv:tBmNG6Esy/3HFCiNZIggEb2Xlgc5MEwS4mVgQpcuSyc=,tag:2mfyvSzaMvCqeIFQGV7NMA==,type:str] +secret_mev_optimistic_relay_secret_key: ENC[AES256_GCM,data:S+hUZla9PQRe22mOoT4qy839Slvej86L2SduROkh3JlMDlnQDtAODv1nRI48JaXT2pBrr5cK7zYSaFICuU6+3w==,iv:9LupHVxZ+DMqY4ZAV8tGcjUuXSvjW8aroJ6HG8psauk=,tag:acL6x1VMrbh0XbXtrQk++g==,type:str] +secret_mev_relay_secret_key: ENC[AES256_GCM,data:jnk2Bp3kMu4XBAfe3cJ8iJ061Lq2UDoE5OLiGss1kmmh1W9x/7PVDRH/y6ysL2kS8vbIlTNPtsK8oRQk7MMXLQ==,iv:2QmzoczmbyFyB4UnmvoZDeAEXjIzXnFBY+acmVA6Ins=,tag:RwjvzIB8l2V5F912IAicvQ==,type:str] +secret_mev_flood_private_key: ENC[AES256_GCM,data:LYJDMo2JUMH5TnRJ/DiTpeF+u5oKTRJzpLwNte1QA84e8JNtKlehUDH5XX+rzoyOI3edHm4gwZ5oIeziY1STJA==,iv:1qNfUVqJ9eebRmA4Ly59KFR9WmaQ8eelSvNLJAWCJ10=,tag:2YTI3l+1z9sO2Gr7Csd4aw==,type:str] +secret_mev_flood_user_key: ENC[AES256_GCM,data:KKnBt1BEnBR/Cl9B7FljzV3kJOW9Gmp7DJ46xc1EkUZmWn1f8F4QLhgsyK34FKBKSCmDMCQoctwirAKTG/Vlsw==,iv:efkOBcrGeGJwT91SR+2wFI/fpnWASQeqjH3MJSIQBAA=,tag:1f+bkUNLh8kMsxO5qNQo+Q==,type:str] +secret_xatu_sentry: + server_address: ENC[AES256_GCM,data:XzLdQ+6JRMe77fQJUJC8pGsVCKB6L4JuQfyTBb84hW9UXrHJ3umII0yQeg==,iv:ITMxKGxTVHDVPYhphwfRtt++DSMrwP5jOPD+/3q8Oig=,tag:cUjDFe+1uFv+tPAPYVnSZQ==,type:str] + user: ENC[AES256_GCM,data:H/ee8GvkSYtyTzY=,iv:Jjhtt5V0LXcNdS5PjBmYMDLJndPZUd4HPn2pSw4BM34=,tag:vo08KX4A2ic4IqpcBRHRZg==,type:str] + password: ENC[AES256_GCM,data:6bR/AjXadfHRZyBGlFcgiBnUQMc2xTjFcpgFZg6vxw==,iv:r6FsNBMe6nPCoQ7NuUzSljgKgdvp540kkOD+ApPSmdM=,tag:Df0RYt75FlB2NFakqViJ2g==,type:str] + event_ingester_auth: ENC[AES256_GCM,data:xD1uqYrRdB+TU7Fqbs+fENWiInVD1HOdVjxppQHhh7jRl+dU9HlJpD60nswd611EyHbWheTnlY1lRMO6Damz0ut9,iv:bKNxaPz+Xj5bIidQlaJrQXaDtT/I0lfBBY3zFfvMCAg=,tag:G1qOLehH6Wm9aI6a2ShqCQ==,type:str] + coordinator_secret: ENC[AES256_GCM,data:f4y7Ck0Z2zpOo8bHuS/w7Bhk6/6+DIvFXctMhjaMBYWLiwEY,iv:gQG7HBaDQPz0huJH2fq4y8HOGN3JwceJET/spgL5GXk=,tag:2guBo0MRKOMKOhpyjYL0VA==,type:str] +secret_cert_encryption_psk: ENC[AES256_GCM,data:WXK5OSHqbAPXxWRwxDV4vSkWLd+KBMJMZuEPFUKE,iv:w45No4rBDjT+kGooIoHGikjJQjwWQ9dyNBzL/NBo7XE=,tag:9Unr8yDbWpCOINcCW/frSg==,type:str] +secret_dora_api_key: ENC[AES256_GCM,data:RGBJ+xkv1WscCVO/Rd9/XZdOZatYCtSAKm/8yKVkwVr+fu0EB9LY7EG8fkw=,iv:YkgdX3hW+P53br6/uiNmmq4/qAyQ0/QrXSPgOjaMbVY=,tag:b/B9OBzYyWfJ5NemKpv2eQ==,type:str] +tx_fuzz_blobs_privkey: ENC[AES256_GCM,data:lYDYBAfPdtgovoGtmz7c4lUfiqxr2N0Sp1dkMWn115+TJYBzfpsMdfBl88PfAibFfHwhMhKwpvKTyHSeUzX2xw==,iv:qTk22/lpJyWFycayBupQp0sBaw2E2oq7peWypQh+0Ic=,tag:JhQPq8s3ueLEfL2FJGH+wA==,type:str] +tx_fuzz_txs_privkey: ENC[AES256_GCM,data:5oacWB7naaDLkIihcBK8E2AKPk9OWLz0AJ7ZLKmpTQkstF/idYkjm6GzmaX0LVGxND0DlUO/fcydtY+UFVQoyw==,iv:gHO+ttqzJCbRBCUvmlsTVNQK6vpnGXamIag63HS/fas=,tag:Ub7xqXrx9tYU2ytk/XtJCQ==,type:str] +goomy_private_key: ENC[AES256_GCM,data:cpKpCZPZOZ/oA4zSFJaIutD/H5SUOHLBS/qyKL+5ZOMOvaDVmI3zY3GiQl149LB3tya6Rg2rEQSABxR1fz8c5w==,iv:Ibm4sLvU+tNk7EqaSPs/2CRLU1yLlNDgSWjR+uNPrvQ=,tag:sOvyhcNsNv2Zj/7waeZBBA==,type:str] +nethermind_seq_api_key: ENC[AES256_GCM,data:C6dHJX02l+m0zVYH691GUyKZgRs=,iv:tNCA6W6hJm1PybTE2piAhfUjDKCqQWeN2FQfgiayJC0=,tag:VZiwt+DgR+nfWXdzZjGnxw==,type:str] +nethermind_seq_server: ENC[AES256_GCM,data:wEIM2pUqK+I3rf42maFTr05r8cOJWjnpPQ==,iv:2Iu5nQAjRmxqkOF2Pueup+Kiwd34sfTxWY8aFv0pea0=,tag:VrfL6pUITsKJPgSue/XXJw==,type:str] +nethermind_push_gateway: ENC[AES256_GCM,data:ScReyCHKHx2/8Yo3epSAsb3MykmlIrGkUegaV5+21aboPCgU+VbUOBfvqaTWpcQN3OjXH+euQj1bHL1etGk1qvjzm2sp/P9oqbHRU827nbejkk5SKEeC4q79U7QyQTbUJ1Z9paX1sYZysMDUf2LUb9r/wHhB7bknQYKnHBAg0Li7qw5T5o1yatJoDqfahe4R1Q==,iv:WuQDvBvS2zjEB805HYkq5TQ/H8baF23vyMP9JbdqCao=,tag:jTOnfh2+ZmWIXQBzIpIVCQ==,type:str] +tysm_secret_key: ENC[AES256_GCM,data:MuvclVLaNVZ+7vRumg==,iv:XGBLMISj2wL7MQznXnVggjudiaw6Ff4i3wGt37/EKqA=,tag:ib5t0B5qa1FD6Ff8xYIFwQ==,type:str] +tempo_grpc_url: ENC[AES256_GCM,data:ltAVTGgrqhUBXdAZe7D1HvdXK72YIORL/x4DYHgX911s+X8IZM9/guRqE1I/ZYSzNrQX0qON3/TrNSjpG1BUpkK9M0SLzqE4EKhaOOQonJRLunnufZVrZIDhXSMaGQhZcjsHQCV8,iv:4mzqA4Ck1g91+tST5oTSnTepikjOCWKJrV04Rsp/8Ts=,tag:MgjQUb+lR1SIU2d8KpvOew==,type:str] +tempo_grpcs_url: ENC[AES256_GCM,data:jEozAoMPs0sU9HczD2E784PQ4Ycg8YQd6NN6LXtu+TEDFVAXwrxv+HgeEhLYDt5g1+ZjX4yA8WAMpgoSjQLHnm5hkpMCzz+GYK+hvHOZEH5Mr0tP9mkGBKTgRTuq/BG+HNDwuPiH,iv:/hirSsl1ahFSDmx/jTk96F3WMDXMs9XXbDjzB0cpTS8=,tag:ZLYOTkk3D7HWinBFP/WwJw==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2026-04-14T15:28:55Z" + mac: ENC[AES256_GCM,data:przW7fwrQIt5kr111or1teORfyi+JCHWdHi/sP+lWRrwUlKQgKMtlzTGTW6HpDY9w91IoKjbcE+eif7jp9so/3ZaFCUF3JoBMaSMxm3p8tplN8QuNuE1MglasQ5g8c0EtnNWNsdheSm8Nm4rmevJWo+pSkQJ89wIsxAqsxjo4II=,iv:ltLeCoAP3me6K0dZn0QhHqVX4DZ5mCaXSUyRSqnz1C8=,tag:wLUYmIBoJLI98C5Atz2B3A==,type:str] + pgp: + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA32GcoRiZf6pAQ/+IKGAjEyWVLJbeKn+HXSWSx/ftofr+q6SawtUO7BZgUp8 + BpQuYK7/LZlsZ4Bq83/WZj0CgXDTZoVjxAoXgv1+If7tv0+tFg9l9tIuc4gAfOTn + DotvDygMRkY/kYWz+Pr+desDhma1YVxEglr/xFGmzM4v+u4Dd+ShAbwmnUsWHO0K + yucZyxIk2BeNVs0880u3pYmWwJNXckyS83kBZSP5SX+xbGpRgviGNnpk0kaYYGIr + SmAwoQi7NxVdkMd6XROV/rdL+xLjUBLPsIbVEDTqIVU6b1U7dUA6lNdKeDdqUt8B + VGpRa9AqN2HR49RnXXS56rDM2fZexVSjP6Tlc/2312zRiJzyRQhZQ/IiV84Qj0hF + KMb2nTszQr4QbhTFHD7dexnu21zQdwp1risJG9aJnBTcI/hzFiq52S8K3PDqEdlb + 50tuPoC0oG6AXXdfLycIc0VGhTSyNFr+N4VhToyRmGeP0CrUxe3XkwFiJiXxZH06 + tS/eNU5XNQ/w56sE2VVDip7OrPBwwDgiM+NaRC6lFRWKgndFmLDk9svzKzikjUCx + KrGqNQtBDUGvwTecDUXT3Ra6gZ3ibhUsyBnk1W14clm21n8ABdSOF84KgWq0rlHd + BsqIsbEqQuVdZ9i0pQO8i5YTsZU16/hV/o+U2bFlWnG0UnJDx6ubzWDX11rmvKHS + XAHTlLR/yto4S/I13bJvPG2R0hNBbvB3ZHHALnfS5lH/MuQXz6YCod7XmPcFfuKs + KJMKXusRuInXVbWWwHHKHx+GFnh/XJ/HXCx07amHyusWBWXjPqlIwKQcf1G2 + =Ko+N + -----END PGP MESSAGE----- + fp: 80DB2B4EF6CA4D9829C280605636BC0E08138A24 + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA87Wber4r4dGAQ/+JMA/0QWhmj9p4ib+o6BpC5UwBC8t3uKc+Nx3RtH1tbfu + mS4SgJNu6KR+exsH6Q3wsqxANmVKK6JjZXTiaHB2so/mT5FDctlimPbjpeqg8tcU + gec3e3jmh/QiFiIWWBy/kxORSvuQtcM8Fu5TyZiNYkV5mSmNN8YSzExjeAlOAkK1 + efBMIuoBS0QaRZqQuoqzqqnnP50FFGP9wi21FBi+ZPS2s8webYKMRoo5KySWKRh6 + PCFJ3ikJ+4n+Ln3Wq+KiWIVwzNWL9J/9bqDpIyKcA3niCvo6MGdq57AIFMV97BVs + HJ+GAKsfkZOqfASp4CEpQHZpWwc5D1T1sbq/OrPVwvKRkbcvqMM/hsqBJ9NTjR1l + 9trYk2XHr4mqYmrIsIHJCooxFyvScRsn7PA2ZSSfloLSyTZ0XaV6ueRagEN/2ny2 + 5OsSRVkCwctWWfXChj9ZGBbq+mDohobiNR09JGWrP6Xs9kHk1gvS7MgA7pbXMuad + RcKsdDFzu+Twz6nOajoBgeRl+atUmwY65e0T9wEqyCgRpBtkcK4IkblIixgVcDmb + w3GScohqQ+ehEcjTubAS5FiMs5+1B41oLtKQCooXoyfxTalwBtjaxdD+Em+nIVX7 + IiN6RpA5xcLvJyqB35LBdJinBtR24hB1S1zFJa6K7bPg8/tnfck56f3vftJZtIrS + UQEKBviA8UUfHn+oE7Gbt1ucoekkHI99smRG7rl3tWs2To6aXXD6dIHQHOwL52Qi + 3XohfZf2q4u/8a+uvwqHXNzihPDTIYNLbkjiQKrYGNsdUg== + =PTSf + -----END PGP MESSAGE----- + fp: 69F66EEA7AE36CCB77DDB8CA1BC39532FB4A2DBD + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4hw3nPn82LyAQ//RpGs30EaSeC/rLuhGak5Yy40CZ+4R9pT/AHrizRIZxz6 + 5EodGYnRBzvX6i0Aik/M3mEHRSwIMwCfdF/tCpnjMp9exE1nu9ob32nrFtJnuRTP + E58tFRyf7Ib/1f8zMQNdId1kxtV2FY+H7fzBxrJNhiJLmpUSqzSORrPX80+ttT82 + tAxTRlk3+pYy/sgHsI4ADbGWbQUaYqxlYYbChyshT79cLlwJDqteIh83E/37Xu4s + byGdJKtzdM3PPzlhbSVvS1IGpp3xShO0/+t05Ubvk4hiJ2WKGWQjoHsNoAIsnHIR + IJX1VWAWNpiohzfuHcCPTChMHTCtINZAiCvlWfgXwMcX3ADZH0B4Gsi6rIeGb3L0 + fHk2nYdbO7i3wQrzD9qtLA0487gd8ZKh7bkxioAdzT8t7PrZpohYn6vxIYKnoRvM + FFH5RyFrGcIdxPIVQxECZcdwjWIKN1wH6KenEGe7HHAUrJH0unbr/Sbs8vEEMUFQ + vxG937vzQROVturJRdx3IE2Lzw6BrBYaGErnurVM5Po6b7jCAUwUIb82+/DYOzUY + fImO5tPWLPdSNfwdZTergdklmHPFgUt+tS0qFj9VTfLBxQmX2Dqh8WeipJxK57tD + KG7fuPk4iAVJB+oV03OQz4m/fHlMT7l3AuPnxhdkmRDIA5L4mrsqU7Zseq/OKEDS + UQEuHkX+QVDIBM/qp2UM17c9y/4W3/5FAw+R2ArZqBfjzKOTZ+LjhDNC6EDj4nmy + 1Y7BNS1dQuMBMendZrvEkDlEf7fi3o4ATCCLv6rzX4+2OQ== + =zNow + -----END PGP MESSAGE----- + fp: D1002590180DE371BCB455EAEFCD4ACD0B4D3F6E + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw01qfIBwY0JARAAq1NTq8zuUTFoJHzkq8y1hiSod0c5Qm2p0pCijIhdHmAD + f0VUcrNbvIx6LPZWI2fhGIYwoJgQrFxQCG9a/aYYzFHhcihPJwADI1TqPZ8b2D2/ + HKLQJW2AVokvppYkLXS+KOlEEHiOmLwzbGL5fkvwAWlzEt9x3PVUH14TCcWXfuqk + 1xz4I7gXfD/Ql23pIhRzaqENpT8bXplAEMh1jEc32inCQoNbUppA+B5Xt1Ox5XVG + kl3PW16wBM0+pNN4oQjMHZfQiiJBMxr44e8ZSeYWaSjBr8jVPshp3pUq3e93JmC0 + pD4NVtnITQpIyziKyA61qKmkwC6X/g6Zn4qEcwjtvhQqs1SIH2Yu5SNOHrfpQF7P + G8UoH5gX91L3ImuvDC4wxW8eDy5bMYqi7Pxy7u+Q5fTCN2VJAvDAyGwlO76kbKZQ + wGBzGNvJNE8BM4JyJRwPq0+TmQuM4wdZvtQ0M6ddJ1rqMB6Sz3GbTg1XIAU8/q5c + rFFZNrXpZH4PkMf2kOmU5eDKWCZa3c+HrLvkgYZxo66EFcbAUHajnTqdoEX1FaD/ + cDyl1GDw8VMzbBmqA6Ad0CJ12xxDalI7us6/6fS42vO8cwhsc3Kc9KQR/qWGLfqK + I48D5KkjzzQbgb0Yh0Qt2CNu+ooSmbVxiQm1JplfnCFZIMIEhPu+L0QxnxCF09vS + UQEe1uI5Pu/LRLR/HnxD80IQ/Kz2pgqzcezmYLtQXgO3tyfeO9kRz0hciNpBsGPT + Fx21MILxKR5ypjOyspEtt7gEvhQiCy8ixc58hj+STDeH6w== + =V6Be + -----END PGP MESSAGE----- + fp: B9F81F327CF5346860E85269D7AF98F214C59E4E + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAwDFOgk9tOQ+AQgAlRsVXPLBgH5iGDZ2RVI2Tz8vR26UoWTWtuj6ptpDR2F/ + BDMy6tohnRQiXXDHUgTm0otJaTAPNsw+90ryD1UXuGlzfYJv5tpTTTfywLEyhHtv + 5Y8T3bq7QwUFgM9e4LHVqt15b7ReJi9xkR/FoBH/4lh6NqE8Z6eD+BNszwR20aVC + u0dUwHPrROl6moPZIEvSwMPhCGbI5ZO2S6g+iGCsXNOLtCNtSVQw9Czf8JKMlCpD + EiyQOOwTjZZ6sGj7wDvxZdyW0K5LH7fsHms8V5+Pzpk+gLs9QKhYL3xa4KJg5Tg9 + 2rdqdfNQcECivtQH2wgVwPikQe5BzUx31cYwAvp/P9JcAbvqgXUG30AUrwojSi7d + RhfRVACpmUUoc+FsBjdUDux6GXkdkoIOxsJ3kPg37nJiwCzq3uXJptwoykjy+Por + rMTp5fr7JCMMAzC+mLyrpvr3Z77EffAEgULbTck= + =xfyc + -----END PGP MESSAGE----- + fp: 0600D41E1313E31016F7C55BF597BC0C5F22D1A2 + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz4a8AV36xppAQ//THNYUTc2CaY317l+48yibj89XMdC3O9S3XWIi0yQ88DT + MEYUA8j74oJwIBRX9H44nTpL0Jfbg4KqhdPSaS/ZXtgcxTrs3aym008C1Auf974D + OGWEG29ZavXiLj9N+Qy4k3jTGhXjyjp8qpis/wpR/yhLGRrFjorkNkJ0xf6bHBVg + DNpQSGfyY5cBSLCOSb51pZXJ1PBmWwKoIhtpZuFeV9OoayN42kDNTQdC1v+PICYK + PqHLcRB5e6mayPDmZu7YAzFui4yeTSpR/FDP54ckQuIZxN+Pw66n8ocRme/T/Mhz + H2o7RNwtGxgDRYyAz2puag+WFFZoo7tfbSXykSFEFBBQrP6OoQ3ZS5BuxuGSrwNS + GQ/AnzPHL4FfTBMz8tEfeOfwBWTiiZ0IVvEKa0YmGk7d3mlMGul08o5nTfgxI3W2 + YNp7E5TTEgpCfRHBUtH3hMIRwU0ecjTuM91/9kF8Up1UlDRABJ7DsQXZpEcH+SYG + XTLrhl0aHgrxSSmFv3I6JuiSuYQBpfmug6Ed9GJWrwMNFlr1QkblNIF1WEVbaQ6k + j37XL5VOe70tTM0FL3rqYCCuDKoJ2eUHGvJ2cjPekDxhQ/4ps8HwevG2v/oYY7VY + 7eSkC8QWs6JlWPZZJet5hmhRP2BF7LflqaPyAfyrR85kLH/ldS87A6kcIP2QDB/S + XAHKuYj9EjVjEBDjTIz0K2+ctHUR9TikwGan7lq5zFDdxVw6Qs46pGwP2FuXslSs + XK8WKviNRZ99UHHYpKAf3j8ztsKBaVlrM0f/ZUXsmIvPQIaHfLcqK/gmW76O + =Wzuw + -----END PGP MESSAGE----- + fp: 29C50D01122FDE78E257482DAA497EB2610A8435 + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxYzhHRfYJYtAQ//QHZYI5KPXJIeodQqPFJl8L/LnPa6ycOoNXuBngsYNBw3 + mT12bU/+zhiQd39Sh2xRhGGh3sK0SCCfarH/rjMhG/G+7hobFITh+jYMNuJO9kNd + SBii1HyvuwOkqSIYdVToiAKvmAXHQqAjNNCaHT2FBKZQSxq7eMC9/7GBEVBxiYlC + Xw9LoAAf6vrSJq/7nxokkAFYBwjH6H06lv0cOiCNuci3oKzE64toAo4zSwcj9yzQ + hFI4Q+Er62Ep8fMRxsy9NkxZNgLruPzssGxa/n4jk9t7fF9EQmyoeRVLUxNvr+w3 + W7sol2sxTupj2Bxtz9SH4h3Ubuey4HwyM5mD8n/euU+K1pO5aPBGf2oz1fbK3D0K + 9czZpSS/ehWjeytpjJCAmL6m2rRtd1IM29Bt9RNnRaL2hqUwliNVXfo2TKsilp0i + WL0f0ZpDElc9ttxWOFBir8fCCMFw6Oe/zoicEkxC7/W4iPyLTyHFZAlio2cBiV0I + 9dTtUQbKW1Yav30Y4Wg2SqlOEUXki5KkZ+GyWNRwVLePh3Ec0MbcXQRREesK0goq + pUV42dpAV52b5svPndZa8AJZe3RFbqIcFb08UNsDwFSN/ZGLH8geu+X7ROdq8XxN + yclqoVUv7Aq65kgaSqFszSYEG2+hoNVYpdYI/OTYFa7r7922fhqQSvPPUhm3JtDS + XAHE3c57G66vrGGwnO5J7Sy6DVS3TpFNONq0untKm9lj6M6QiME4P/tT9UIq5Uca + S0mO0LwZPogjfBgE1bFcUfk6I6Awo/6QupkKyqC7PWgsXnK0E1iJyN79Sukt + =cfzI + -----END PGP MESSAGE----- + fp: 9BE537027CB7467923E240FF2AED09371C121F91 + - created_at: "2025-10-27T13:25:35Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DjS7VXZx9i8YSAQdAkcV1Mg7BYz1ISw2x8guADkVnYfZbcY1dxqt4M2QidkIw + Uws9+CDwZfSJSddGvcFkFTSUMKqjW2zY0zL12i+H8ixluWM6rJ2U49OnjAd7chip + 1GYBCQIQkV5CNAErwKJ7hD7y1Io4TGvsuRkYsm0L4CwR/9sy/T63eKHMqerVsRoN + 2FtEFaTV2Xc1iPq78GEJmBSsR8sZI1+EnAlZ0HRz1FUYsuL3/zRQnu2fucKkJBIs + axCTPk8EX80= + =8dXI + -----END PGP MESSAGE----- + fp: F93098C3D8ED15D0924A6DDAEB4E93A88660C55B + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/ansible/inventories/devnet-1/group_vars/all/all.yaml b/ansible/inventories/devnet-1/group_vars/all/all.yaml new file mode 100644 index 0000000..e49ac64 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/all/all.yaml @@ -0,0 +1,309 @@ +# ░██████╗░██╗░░░░░░█████╗░██████╗░░█████╗░██╗░░░░░  ██╗░░░██╗░█████╗░██████╗░░██████╗ +# ██╔════╝░██║░░░░░██╔══██╗██╔══██╗██╔══██╗██║░░░░░  ██║░░░██║██╔══██╗██╔══██╗██╔════╝ +# ██║░░██╗░██║░░░░░██║░░██║██████╦╝███████║██║░░░░░  ╚██╗░██╔╝███████║██████╔╝╚█████╗░ +# ██║░░╚██╗██║░░░░░██║░░██║██╔══██╗██╔══██║██║░░░░░  ░╚████╔╝░██╔══██║██╔══██╗░╚═══██╗ +# ╚██████╔╝███████╗╚█████╔╝██████╦╝██║░░██║███████╗  ░░╚██╔╝░░██║░░██║██║░░██║██████╔╝ +# ░╚═════╝░╚══════╝░╚════╝░╚═════╝░╚═╝░░╚═╝╚══════╝  ░░░╚═╝░░░╚═╝░░╚═╝╚═╝░░╚═╝╚═════╝░ + +domain: ethpandaops.io +network_subdomain: "{{ ethereum_network_name }}.{{ domain }}" +network_server_subdomain: "srv.{{ network_subdomain }}" +server_fqdn: "{{ inventory_hostname }}.{{ network_server_subdomain }}" +network_iteration: "{{ ethereum_network_name.split('-')[1:] | join('-') }}" + +ethereum_network_id: >- + {{ (lookup('file', eth_testnet_config_local_dir_src + '/genesis.json') | from_json).config.chainId }} +ethereum_network_deposit_contract: >- + {{ lookup('file', eth_testnet_config_local_dir_src + '/deposit_contract.txt') }} +ethereum_network_deposit_contract_block: >- + {{ lookup('file', eth_testnet_config_local_dir_src + '/deposit_contract_block.txt') }} + +ethereum_node_rpc_prefix: "rpc-" # prefix for rpc URLs +ethereum_node_beacon_prefix: "bn-" # prefix for beacon URLs +ethereum_node_rcp_hostname: "{{ ethereum_node_rpc_prefix }}{{ server_fqdn }}" +ethereum_node_beacon_hostname: "{{ ethereum_node_beacon_prefix }}{{ server_fqdn }}" + +primary_bootnode: bootnode-1 + +### Checkpoint sync specific for Ansible & Kubernetes +checkpoint_sync_node: "{{ primary_bootnode }}" +ethereum_node_cl_checkpoint_sync_enabled: true + +checkpoint_sync_url: https://checkpoint-sync.{{ ethereum_network_name }}.{{ domain }} +# checkpoint_sync_url: https://{{ secret_nginx_shared_basic_auth.name }}:{{ secret_nginx_shared_basic_auth.password }}@{{ ethereum_node_beacon_prefix }}{{ checkpoint_sync_node }}.{{ ethereum_network_name }}.{{ domain }} # noqa: yaml[line-length] +checkpoint_sync_url_kube: https://@{{ ethereum_node_beacon_prefix }}{{ checkpoint_sync_node }}.{{ ethereum_network_name }}.{{ domain }} + +# ██████╗░░█████╗░██╗░░░░░███████╗  ██╗░░░██╗░█████╗░██████╗░░██████╗ +# ██╔══██╗██╔══██╗██║░░░░░██╔════╝  ██║░░░██║██╔══██╗██╔══██╗██╔════╝ +# ██████╔╝██║░░██║██║░░░░░█████╗░░  ╚██╗░██╔╝███████║██████╔╝╚█████╗░ +# ██╔══██╗██║░░██║██║░░░░░██╔══╝░░  ░╚████╔╝░██╔══██║██╔══██╗░╚═══██╗ +# ██║░░██║╚█████╔╝███████╗███████╗  ░░╚██╔╝░░██║░░██║██║░░██║██████╔╝ +# ╚═╝░░╚═╝░╚════╝░╚══════╝╚══════╝  ░░░╚═╝░░░╚═╝░░╚═╝╚═╝░░╚═╝╚═════╝░ + +# role: ethpandaops.general.ethereum_genesis +ethereum_genesis_generator_container_image: "{{ default_tooling_images.ethereum_genesis_generator }}" +ethereum_genesis_generator_version: "{{ ethereum_genesis_generator_container_image.split(':')[-1] }}" +ethereum_genesis_network_seed: "blob-devnet-1" +ethereum_genesis_chain_id: "70{{ 99999999 | random(start=10000000, seed=ethereum_genesis_network_seed) }}" +ethereum_genesis_fork_version_suffix: "{{ 999999 | random(start=100000, seed=ethereum_genesis_network_seed) }}" +ethereum_genesis_generator_output_dir: "../network-configs/{{ network_iteration }}" +ethereum_genesis_timestamp: "{{ lookup('ansible.builtin.pipe', '{{ ethereum_genesis_timestamp_relative_cmd[ansible_system] }}') }}" +ethereum_genesis_timedelay: 60 +ethereum_genesis_timestamp_relative_cmd: + Linux: "date +%s -d '+45 minutes'" + Darwin: "date -v +45M +%s" +shadowfork_height: 0 +ethereum_genesis_mnemonic: "{{ secret_genesis_mnemonic }}" +ethereum_genesis_generator_config_files: + cl/config.yaml: "{{ lookup('ansible.builtin.url', 'https://raw.githubusercontent.com/ethpandaops/ethereum-genesis-generator/v{{ethereum_genesis_generator_version}}/config-example/cl/config.yaml', split_lines=false) }}" # noqa yaml[line-length] + cl/mnemonics.yaml: "{{ lookup('ansible.builtin.url', 'https://raw.githubusercontent.com/ethpandaops/ethereum-genesis-generator/v{{ethereum_genesis_generator_version}}/config-example/cl/mnemonics.yaml', split_lines=false) }}" # noqa yaml[line-length] + el/genesis-config.yaml: "{{ lookup('ansible.builtin.url', 'https://raw.githubusercontent.com/ethpandaops/ethereum-genesis-generator/v{{ethereum_genesis_generator_version}}/config-example/el/genesis-config.yaml', split_lines=false) }}" # noqa yaml[line-length] + values.env: |- + export CHAIN_ID="{{ ethereum_genesis_chain_id }}" + export EL_AND_CL_MNEMONIC="{{ ethereum_genesis_mnemonic }}" + export NUMBER_OF_VALIDATORS=3200 + export ELECTRA_FORK_VERSION="0x60{{ ethereum_genesis_fork_version_suffix }}" + export FULU_FORK_VERSION="0x70{{ ethereum_genesis_fork_version_suffix }}" + export GENESIS_TIMESTAMP={{ ethereum_genesis_timestamp }} + export GENESIS_DELAY={{ ethereum_genesis_timedelay }} + export WITHDRAWAL_TYPE=0x02 + export MIN_EPOCHS_FOR_DATA_COLUMN_SIDECARS_REQUESTS=256 + export EL_PREMINE_ADDRS='{"0x9a97ee9d32a0d68406e32b34c92afb81ce2bc467": {"balance": "100000ETH"}, "0x107781Bc6FA8f66B843f4216fd6D5862D3aa4fcd": {"balance": "100000ETH"}}' + +ethereum_genesis_validator_keys_output_dir: "{{ ansible_inventory_sources[0] | dirname }}/files/validator_keys" +ethereum_genesis_validator_bls_change_execution_address: "{{ ethereum_node_cl_validator_fee_recipient }}" +ethereum_genesis_validator_keyranges: >- + {%- set ns = namespace() -%} + {%- set ns.ethereum_genesis_validator_keyranges = {} -%} + {%- for host in groups['all'] -%} + {%- if hostvars[host].validator_start is defined and hostvars[host].validator_end is defined -%} + {%- set v = {'start': hostvars[host].validator_start, 'end': hostvars[host].validator_end} -%} + {%- set _ = ns.ethereum_genesis_validator_keyranges.update({host: v}) -%} + {%- endif -%} + {%- endfor -%} + {{ ns.ethereum_genesis_validator_keyranges }} + +# role: ethpandaops.general.bootstrap +bootstrap_default_user_authorized_keys_plain: + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbboxOo0jyL3DNxqZ6UTEnZPEzPDPnujEYaClqNWSLWkphczHKAnJPkrwbAWB4JbJKjsAJ5kn53f10KPnUyZvJ5Jn8Rpf7RM7+56MYaBg84gVoA2KeIYxUa7h8neY7J61Galp0c6cOK+hp1lPsoiBSdCW/Rtbv6ALCcVe+4+uCW5FRoJcNRJfGRLRnjh1pw57HQw9O55mf319s4rVUq4umznQ0CciEx3rVMtXf4xjIZDZAhNpGaBh8AtHauaMZCOGociAIquYYqoSQnnmnOBiduRa5OkvGZomgybNQivlYboDeF6sQ71KVzRXSI+mxCYbSp246lqSdQtQsjFA54NYl/qWgAql0uqCqsZidW+XBjquyItRl2Rfzzy5Fk/gMOAJXHQYp4POfgFbqtxjWpfnuOKqW/1IGWcIt2g016effUqGgj/oePX0g+duFdszSKK773rJBySgafFF6XWNqagrLmE4LUGC+6P3oxzYTSFGeUVA21OayL+K40XPpJti5zns= # devops-eth2-shared" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWh9NW66VD4BPKETNyZeZrGN1f7G6dkihW3eAc7cbJPFQGIpnWc2tGq5o13vWW+SoCh16nkYM2oak+PJQxXYTiQnrMJSmSFd7E0DmdcoKadGJEnfosrH++aOZf/eVLe5q3E9NQFVSdOPo1MCRRTuZxPkuMxS6QikW3otWrA3F2vFgmYyki3Cy8huQzHKUZGicividYcUSFTydR2L0oWUNve3FyqMQQQPnfaJ1RvrkeGtdhRSAxa6L0jzgRK7fjpUyhKOofr7kCKARGELRRiB9QikRAoHU2/D/2jtJjKlTCJxArzXyDF2IcQCco+5Oe9x4c7Xch32dbscJSmjaAvsxRnu7GEFCS7b6kKGvwcoq5vJzvp3RBBR7Mosxv6pcM/q7Z4RhXOFVFFiPVl1dqkqSPkUrHwg8LtWOxC+GAl36vxhHLdDEV/RhbSAzO6SfYEWYGH1w7u4oiy2XAT2cNCO0j0tSHS5chX+d7TzwAbBE2HuPL84GVGHZG875hmiE+Dok= # github-actions-ci" +bootstrap_default_user_authorized_keys_github_all: + - barnabasbusa + - parithosh + - samcm + - savid + - skylenet + - pk910 + - mattevans + - qu0b + - bharath-123 + - healthykim + +bootstrap_default_user_authorized_keys_github: > + {{ + (bootstrap_default_user_authorized_keys_github_all | default([])) + + (bootstrap_default_user_authorized_keys_github_team_el | default([])) + + (bootstrap_default_user_authorized_keys_github_team_cl | default([])) + }} + +node_exporter_container_image: "{{ default_tooling_images.node_exporter }}" +prometheus_container_image: "{{ default_tooling_images.prometheus }}" +vector_container_image: "{{ default_tooling_images.vector }}" +json_rpc_snooper_container_image: "{{ default_tooling_images.json_rpc_snooper }}" + +# role: ethpandaops.general.ethereum_node +ethereum_node_images_always_pull: true +ethereum_node_metrics_exporter_enabled: true +ethereum_node_xatu_sentry_enabled: true +ethereum_node_cl_validator_enabled: "{{ validator_start is defined and validator_end is defined }}" +ethereum_node_cl_validator_fee_recipient: "0xf97e180c050e5Ab072211Ad2C213Eb5AEE4DF134" +ethereum_node_cl_ports_p2p_tcp: 9000 +ethereum_node_cl_ports_p2p_udp: 9000 +ethereum_node_cl_ports_http_beacon: 5052 +ethereum_node_cl_ports_metrics: 5054 +ethereum_node_el_ports_p2p_tcp: 30303 +ethereum_node_el_ports_p2p_udp: 30303 +ethereum_node_el_ports_http_rpc: 8545 +ethereum_node_el_ports_ws_rpc: 8546 +ethereum_node_el_ports_engine: 8551 +ethereum_node_el_ports_metrics: 6060 +ethereum_node_ipv6_enabled: true +ethereum_node_skip_cleanup: true +ethereum_node_docker_watchtower_enabled: true +ethereum_node_docker_watchtower_containers_list: + - execution + - beacon + - validator + - xatu-sentry + - external-block-builder +docker_watchtower_container_additional_args: + - --interval=900 + - --stop-timeout=300s + - --include-restarting +ethereum_node_json_rpc_snooper_engine_enabled: true +ethereum_node_json_rpc_snooper_engine_name: "snooper-engine" +ethereum_node_json_rpc_snooper_engine_port: 8561 +ethereum_node_json_rpc_snooper_engine_public_port: 8961 +ethereum_node_json_rpc_snooper_engine_container_volumes: + - /data/execution-auth.secret:/jwt.hex:ro +ethereum_node_json_rpc_snooper_engine_container_env: + SNOOPER_API_PORT: "{{ ethereum_node_json_rpc_snooper_engine_public_port | quote }}" + SNOOPER_API_AUTH: "{{ secret_nginx_shared_basic_auth.name }}:{{ secret_nginx_shared_basic_auth.password }}" + SNOOPER_JWT_SECRET: /jwt.hex + SNOOPER_VERBOSE: "true" + SNOOPER_XATU_ENABLED: "true" + SNOOPER_XATU_NAME: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + SNOOPER_XATU_NETWORK_NAME: "{{ ethereum_network_name }}" + SNOOPER_XATU_NETWORK_ID: "{{ ethereum_network_id }}" + SNOOPER_XATU_OUTPUTS: "xatu:{{ secret_xatu_sentry.server_address }}" + SNOOPER_XATU_TLS: "true" + SNOOPER_XATU_HEADERS: "authorization=Basic {{ (secret_xatu_sentry.user + ':' + secret_xatu_sentry.password) | b64encode }}" + SNOOPER_XATU_MAX_QUEUE_SIZE: "51200" + SNOOPER_XATU_MAX_EXPORT_BATCH_SIZE: "32" + SNOOPER_XATU_WORKERS: "3" + +# role: ethpandaops.general.generate_kubernetes_config +gen_kubernetes_config_dora_execution_snooper_port: 8961 +gen_kubernetes_config_dora_frontend_rainbowkit_id: "15fe4ab4d5c0bcb6f0dc7c398301ff0e" +gen_kubernetes_config_dora_execution_endpoints_url: "https://raw.githubusercontent.com/ethpandaops/blob-devnets/refs/heads/master/kubernetes/{{ network_iteration }}/dora/endpoints-el.yaml" +gen_kubernetes_config_dora_consensus_endpoints_url: "https://raw.githubusercontent.com/ethpandaops/blob-devnets/refs/heads/master/kubernetes/{{ network_iteration }}/dora/endpoints-cl.yaml" +gen_kubernetes_config_dora_api_secret: "{{ secret_dora_api_key }}" + +# role: ethpandaops.general.xatu_sentry +xatu_sentry_container_image: "{{ default_tooling_images.xatu_sentry }}" +xatu_sentry_config_name: "{{ ethereum_network_name }}-{{ inventory_hostname }}" +xatu_sentry_config_server_address: "{{ secret_xatu_sentry.server_address }}" +xatu_sentry_config_server_auth_user: "{{ secret_xatu_sentry.user }}" +xatu_sentry_config_server_auth_password: "{{ secret_xatu_sentry.password }}" +xatu_sentry_config_network_name_override: "{{ ethereum_network_name }}" + +# role: ethpandaops.general.ethereum_metrics_exporter +ethereum_metrics_exporter_container_image: "{{ default_tooling_images.ethereum_metrics_exporter }}" +ethereum_metrics_exporter_container_user: root +ethereum_metrics_exporter_container_volumes: + - "{{ ethereum_metrics_exporter_dir_config }}:/config:ro" + - /var/run/docker.sock:/var/run/docker.sock:ro + - /data:/data:ro +ethereum_metrics_exporter_config: | + consensus: + enabled: true + url: "{{ ethereum_metrics_exporter_cl_endpoint }}" + name: "consensus-client" + execution: + enabled: true + url: "{{ ethereum_metrics_exporter_el_endpoint }}" + name: "execution-client" + modules: + - "eth" + - "net" + - "web3" + - "txpool" + docker: + enabled: true + endpoint: "unix:///var/run/docker.sock" + interval: "10s" + containers: + - name: "execution" + type: "execution" + filesystem: + enabled: true + volumes: + - name: "*" + monitor: true + - path: "/execution-auth.jwt" + monitor: false + - path: "/network-config" + monitor: false + - name: "beacon" + type: "consensus" + filesystem: + enabled: true + volumes: + - name: "*" + monitor: true + - path: "/execution-auth.jwt" + monitor: false + - path: "/network-config" + monitor: false + +# role: eth_testnet_config +eth_testnet_config_dir: /data/ethereum-network-config/metadata +eth_testnet_config_local_dir_enabled: true +eth_testnet_config_local_dir_src: "{{ ethereum_genesis_generator_output_dir }}/metadata/" + +# role: gen_basic_auth_nginx +gen_basic_auth_nginx_name: "{{ secret_nginx_shared_basic_auth.name }}" +gen_basic_auth_nginx_password: "{{ secret_nginx_shared_basic_auth.password }}" +docker_nginx_proxy_container_image: "{{ default_tooling_images.nginx_proxy }}" +docker_nginx_proxy_docker_gen_container_image: "{{ default_tooling_images.nginx_proxy_gen }}" +docker_nginx_proxy_acme_companion_container_image: "{{ default_tooling_images.nginx_proxy_acme }}" + +# role: ethpandaops.general.docker_nginx_proxy +docker_nginx_proxy_container_name: nginx-proxy +docker_nginx_proxy_default_email: "certs@{{ domain }}" +docker_nginx_proxy_docker_gen_container_name: nginx-proxy-gen +docker_nginx_proxy_docker_gen_container_env: + RESOLVERS: "1.1.1.1" +docker_nginx_proxy_acme_companion_enabled: false +docker_nginx_proxy_acme_companion_container_name: nginx-proxy-acme +docker_nginx_proxy_acme_companion_container_env: + DEFAULT_EMAIL: "{{ docker_nginx_proxy_default_email }}" + NGINX_PROXY_CONTAINER: "{{ docker_nginx_proxy_container_name }}" + NGINX_DOCKER_GEN_CONTAINER: "{{ docker_nginx_proxy_docker_gen_container_name }}" + ACME_CA_URI: https://acme.zerossl.com/v2/DV90 + ACME_EAB_KID: "{{ secret_zerossl.ACME_EAB_KID }}" + ACME_EAB_HMAC_KEY: "{{ secret_zerossl.ACME_EAB_HMAC_KEY }}" +docker_nginx_proxy_container_networks: "{{ docker_networks_shared }}" +docker_nginx_proxy_docker_gen_container_networks: "{{ docker_networks_shared }}" +docker_nginx_proxy_acme_companion_container_networks: "{{ docker_networks_shared }}" +docker_nginx_proxy_acme_monitor_container_networks: "{{ docker_networks_shared }}" +docker_nginx_proxy_acme_monitor_enabled: false +docker_nginx_proxy_datadir: /opt/nginx-proxy +docker_nginx_proxy_container_volumes: + - "{{ docker_nginx_proxy_datadir }}/conf:/etc/nginx/conf.d" + - "{{ docker_nginx_proxy_datadir }}/vhost:/etc/nginx/vhost.d" + - "{{ docker_nginx_proxy_datadir }}/certs:/etc/nginx/certs:ro" + - html:/usr/share/nginx/html + - "{{ docker_nginx_proxy_datadir }}/htpasswd:/etc/nginx/htpasswd:ro" +docker_nginx_proxy_cert_loader_container_image: "{{ default_tooling_images.nginx_proxy_cert_loader }}" +docker_nginx_proxy_cert_linker_container_image: "{{ default_tooling_images.nginx_proxy_cert_linker }}" +docker_nginx_proxy_cert_loader_container_networks: "{{ docker_networks_shared }}" +docker_nginx_proxy_cert_linker_container_networks: "{{ docker_networks_shared }}" +docker_nginx_proxy_wildcard_cert: "{{ network_server_subdomain }}" +docker_nginx_proxy_wildcard_cert_url: "http://cert.{{ network_server_subdomain }}/{{ network_server_subdomain }}-latest.tar.enc" +docker_nginx_proxy_wildcard_cert_psk: "{{ secret_cert_encryption_psk }}" + +# role: ethpandaops.general.vector +vector_config: | + [sources.in] + type = "docker_logs" + exclude_containers = [ + "{{ vector_container_name }}", + "ethereum-metrics-exporter", + "nginx-proxy", + "node_exporter", + "prometheus", + "snooper-", + ] + + [sinks.out] + type = "loki" + inputs = ["in"] + out_of_order_action = "accept" + labels.forwarder = "vector" + labels.instance = "{{ inventory_hostname }}" + labels.network = "{{ ethereum_network_name }}" + labels.testnet = "{{ ethereum_network_name }}" + labels.ingress_user = "{{ secret_loki.username }}" + labels.container_name = "{{ '{{ container_name }}' }}" + {%- if ethereum_node_el is defined +%} + labels.ethereum_el = "{{ ethereum_node_el }}" + {%- endif +%} + {%- if ethereum_node_cl is defined +%} + labels.ethereum_cl = "{{ ethereum_node_cl }}" + {%- endif +%} + encoding.codec = "json" + endpoint = "{{ secret_loki.endpoint }}" + auth.strategy = "basic" + auth.user = "{{ secret_loki.username }}" + auth.password = "{{ secret_loki.password }}" diff --git a/ansible/inventories/devnet-1/group_vars/all/images.yaml b/ansible/inventories/devnet-1/group_vars/all/images.yaml new file mode 100644 index 0000000..a73d6e9 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/all/images.yaml @@ -0,0 +1,54 @@ +default_ethereum_client_images: + ### Consensus layer clients + prysm: ethpandaops/prysm-beacon-chain:healthykim-sparse-02a88df + prysm_validator: ethpandaops/prysm-validator:healthykim-sparse-02a88df + ### Execution layer clients + geth: ethpandaops/geth:healthykim-bs-cell-blobpool-sparse-v2-6bbcbe6 + nethermind: ethpandaops/nethermind:sparse-blob-pool-c3ce7b8 + +default_tooling_images: + mev_boost: ethpandaops/mev-boost:develop + mev_builder: ethpandaops/reth-rbuilder:develop + mev_relay: ethpandaops/mev-boost-relay:main + xatu_sentry: ethpandaops/xatu:latest + xatu_cannon: ethpandaops/xatu:latest + xatu_mimicry: ethpandaops/xatu:latest + xatu_cl_mimicry: ethpandaops/xatu:latest + xatu_relay_monitor: ethpandaops/xatu:latest + ethereum_metrics_exporter: ethpandaops/ethereum-metrics-exporter:latest + tx_fuzz: ethpandaops/tx-fuzz:latest + forkmon: skylenet/nodemonitor:darkmode + forky: ethpandaops/forky:latest + fauceth: skylenet/fauceth:fix_fee_estimation + powfaucet: pk910/powfaucet:v2-stable + homepage: ethpandaops/ethereum-testnet-homepage:latest + checkpointz: ethpandaops/checkpointz:latest + blockscout: blockscout/blockscout:latest + blockscout_frontend: docker.ethquokkaops.io/gh/blockscout/frontend:latest + beacon_metrics_gazer: dapplion/beacon-metrics-gazer:latest + eth_fauceth: chainflag/eth-faucet:latest + blobscan: blossomlabs/blobscan:latest + blobscan_indexer: blossomlabs/blobscan-indexer:latest + dora: ethpandaops/dora:master-latest + dugtrio: ethpandaops/dugtrio:latest + ethereum_genesis_generator: ethpandaops/ethereum-genesis-generator:5.2.3 + tracoor: ethpandaops/tracoor:latest + ncli: status-im/nimbus-eth2:unstable + lcli: ethpandaops/lighthouse:unstable + zcli: electra + assertoor: ethpandaops/assertoor:master-latest + erpc: docker.ethquokkaops.io/gh/erpc/erpc:0.0.49 + prometheus: prom/prometheus:v2.40.7 + node_exporter: prom/node-exporter:v1.5.0 + cl_bootnode: protolambda/eth2-bootnode:cleanup + json_rpc_snooper: ethpandaops/rpc-snooper:0.0.16 + nginx_proxy: nginx:alpine + nginx_proxy_gen: nginxproxy/docker-gen + nginx_proxy_acme: nginxproxy/acme-companion + nginx_proxy_cert_loader: ethpandaops/debian-docker:latest + nginx_proxy_cert_linker: nginxproxy/docker-gen + vector: timberio/vector:0.46.1-alpine + spamoor: ethpandaops/spamoor:master-latest + blobber: ethpandaops/blobber:latest + syncoor_web: docker.ethquokkaops.io/gh/ethpandaops/syncoor-web:master + syncoor_server: docker.ethquokkaops.io/gh/ethpandaops/syncoor:master diff --git a/ansible/inventories/devnet-1/group_vars/bootnode.sops.yaml b/ansible/inventories/devnet-1/group_vars/bootnode.sops.yaml new file mode 100644 index 0000000..cd4ba32 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/bootnode.sops.yaml @@ -0,0 +1,158 @@ +cl_bootnode_privkey: ENC[AES256_GCM,data:ywhGk8vFMF6ishOKGWMfSn0IxJttDiSBqaHgserxIamQvRMzJPcmMvAStVfMZB7XBHGyiWLy9vvDFhhQzBiocg==,iv:iEHtpLwDBPbJ3Ny/ZZLf+jX2nWunP21VhgU5D6fiSyQ=,tag:d2jUPi/+szwu4fkG1UuYKA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2025-01-31T05:18:36Z" + mac: ENC[AES256_GCM,data:OvHF2KM4DeBqRrBC2bhcpCrUbW2mwIvt+6+nwXld/qoDhgTxT8DBXGAfFY9wE172uElnV6O2bHGfgwCVX121Jg6d1rYzvcXrXuLaaTqLCTjy3xAkE0GrjJpXDAzhghsY95NU+n3u5Rz+49SffK/sR/dqRyNsASsW64eTzdMvXng=,iv:5di/nwLQieMrIxn6IEOP1UcJjick+X1l0kLka2e/72w=,tag:7jfPRLfWT2WiwllOfvxtEA==,type:str] + pgp: + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA32GcoRiZf6pARAAjH+IB4Omi4oRDCts8pOiPZpqGLhtexR36+2Wbgf850w5 + iHfN3I1jp/x+LhMkHF7OTjsUVCf27Q+NlAy5kv/Ptgf8Ks52N1rLzway5g+ssRWB + 7BwrRdNWvrBPVrQ3tXgHJlUyY4GfpkVFTHBZ0SP4g9VL1Ym7fK7n850XzbeNGJRx + LVXKrL8BqFa6Yunc4QP8megBAZTFLktUBPwZfSycs6aZKixRDiad/cb4JWXk2wl/ + byiFcYb1GynJbcLxjRdPqbkAk9EeDObXIatudLtNKB/iHnGst0KozBOwNHXD0v5N + 9kjJ++FlMHy205cMkUQj/ZVZgUgPhg2EOUvtUNOh160PIDqoDVQAcdKahjvgSF4h + sM0FPEigOu4qUncv9ckPjiyzT/vQPH3ZwDri1OMeOtpsBIx64kPZkx7w6Z60RaNQ + E9qa8tc/h4Co2NftEY9z6au5n9QN8J+b8z46DCbCKvfMRXffcUNZc9AcqeQ0add3 + I3xzdynbuQKbLLj2MRrBatrv+x1goEddXGXDfDaKmrYQJomsppYHuf2WOcamRLaW + Fx3FkMNnbcTzsGJQHHvRglOWacMeeSedQb55WePZUPO8P4im+vkihhqOX9J7Pufq + h7LNhub+IACZ02Tqrc8x53SsWSw9BDE67PpAPfhIopUrosUdy/dKRxYVWHFlpLjS + UQGmHup2nSh0C32VGJa5RdpFW6vTsgigKLS8nxULQMJ/9hxLrfpIRXLlVMxK89wk + bE5b1RsyNJ6UNXy5vI4gDmXpyXd7H5/QRDxPzLrf4WiipA== + =tx9b + -----END PGP MESSAGE----- + fp: 80DB2B4EF6CA4D9829C280605636BC0E08138A24 + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA87Wber4r4dGAQ//T+tC6M6C2NaDxpjRdsB2/+6bj9YhUIFL4EhDgasNYybW + ewY3/zTwfcVdWaz7hNup6NaYqkGlVTGLGEeGLD8LsKN1QXSQD+jrkVO3kbJ8juZf + hABQbOplI/x5IFz63qvid1A16xuxURCclo6GjL/Z8tpLjU/QYx5Y+jI7sXXeymxC + m9sg79pYBMyKyF4WoSJ7ftrIkwE93rEGJPjTQ76kismwV/RNf3dWIiypSLC6xdXD + d9DfCzN26iYK1GCONqYRDgOnHkvpFWvxXaUw6vmNm7uUUzRn/9x1mUJixL6GoY+9 + vTp6Qw4v534QjRAwG1G4lpv2GzliyKV6QI7AvhVoup3BzQBHnIUf7P3so0Ug33qK + cw2YvaNZosEuFFjaHUl+8Q+FIYXSc/ctG61eCeraqNnzToBzsb2P6uk2UDspy0Dk + lKTsqCyvW5GIPhVgAa8zBY24IEB85QfqWOdifZioRDbvl3x+IBozcTHwv8BxCoxm + p1VejU7lTlaEKt8QiQgi/ox1SRAQaMtICaG4uGBdLqb9fQxfolBZbNPfOlSSsTCn + DepMfCG31l2tuQQVUTo821fqsmQR9/zG3pzM3qgz+C8BPzovR6zronVASPoSNLvP + Pgk1S9N5/skbQ4jSqBiVyoyddkmEgHXlRsENueaj4Mobzoi9PX0PLjDAx911k+HS + UQHcYCMo6RecBliX4xFJ+Eu7h75QVgTe0o0ZeJnIzng9qfSX9qbpz5q7l1JtsWPV + 5P3tIxwWRrOoUhM35DGJNYsshFXx/jVZLQRB9hxxkJGekg== + =P8j2 + -----END PGP MESSAGE----- + fp: 69F66EEA7AE36CCB77DDB8CA1BC39532FB4A2DBD + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMA4hw3nPn82LyAQ/+KXu4QcH7jEK0FOIkpPgFAKAxgTr7iodgHnyMF2orvyT4 + Kns5IKt9REOgbhZ6fKx07lcf3HUPe3rMPJ13Xy2dG8lRc3ucul/L7q2OR7+9vOVt + EC+AIokjSzEkyDtIvWXFArP20qmEyThcMWJWY531VTdrXtv2RhyH3hBwBFWpweMr + B3N5WCVcr90retI3k0dCgbiz7CK4tlUortc8fTQJtwo3FGbO3spojFMqf4DkU4ag + PGEhsWHPY6RyoxBQCFR2yWGWuV7ZSpF3KoKQBDYlXzSpBG82N96OppbqDl59P3KN + LGKSRIsvq4UNR+dge9jtOdkealEVfo4VSjDAfOx8ceUAUn6MAGSAvyK3xqd5AFc4 + rBTMavg2rNqfrJsHuSlnVstqi+WOd+c6JnEZHwyqHPGxUHzjUOjpO/u1cmkJk4+J + KhbeZwNlNsHpA0V3olYgZHOmyCya6y9IOhB5HJrNzKYbUwzIaEXygc1/AMvzNDye + d/xUI0p3BHglra8tC3FUStsO5WJnplc41YlcteQrWaI/lsh4FQFMhpBBRTYyXMDC + JZGGcS+VejZGh55kmMfVjc9jy1S6WcOQrYFk58ZYcW4M2/6xHVnI9u0RVI8pDNLb + sdiDF+NMMmpZfx7Bu51K4tzoW2zZeoYgkY7sf3feDEsQ1Fa8m1GzAqpmnnOaknDS + UQEZG9MTHeZNdAYIHpcX72L702w0VLx+w9WJSbt/HBYpdDPdfiHe4r1SWhlWBDHo + obhPTmQyl9BP77gRvv7YaVnbd1OzHyugVY9mXcPexKV76A== + =bvyI + -----END PGP MESSAGE----- + fp: D1002590180DE371BCB455EAEFCD4ACD0B4D3F6E + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAw01qfIBwY0JAQ/+JlPvzxbn8hp8QXmtxy18SsKYXxBQ4VAXpOsOgsKkqPXD + sGjeJtVGPal0u3avizQzuua+4wOD+3FLHM4Pyo0sgpIm5LG50shyerIC2qVnChBB + boxsy/qeYk7XYq7zgXAhoo9PE5rQX2jC+AZ28QOfP7K6g1yewJqLVuyS3uUt2HoI + r+EBHrict4RPd6klAhPNN+z813+kGP/ySkoqfkObFz25qorXk9YGqoQW+tfX5XCg + Ows2iX+/0m/u5SX30fTVnzbBnxabDerTQj5XPycdhWVR+YBeDIsTd1PxCk+xKrqr + CP4lXEcXkbuiOD8bCZ0Nfias9F/G4sYMYD4y+LMKe3yNcQ5VP5+JYCiBucl8OdTc + r75PxyciQZy6a8sctXQtG3HOuPNvDVi+OSIyFQ09HHYCC4y0j6yfW7YYP5Tv6vMm + yXy0lT/tc4IIEfFxHBQyNWNN6xZlHW0TBe+s0RQ2cnbAdKk9imfnhRF6+3KF0nsJ + WYXk5yShxxW3S1ujm4C+LZFv6bAZz1RN7krNFbeaMNZJkx6Yf9sVzZIOdcxik0oN + LDvnTuxXRLEBBGEgOBIbvVQHQGDZzdHmbaXlpKnnV3iEL9sjXl+qBVXIwzp+D5Nc + UM3WbuDs6LIr+O6XWqMZrhz+HSH2dKi8If72+DkCB+8HNZWNYLiWe8sqA/kEzt3S + UQGPRo12reWMKimS7gmCZSFmCkhAxzvbYdJP8ToTmxFKbCTxsItLnHoCbSD4S94W + tnwa5hhxezaxP1uvGFUfwvHPXMma9ChbFnZL1l2wuFaVUg== + =nxty + -----END PGP MESSAGE----- + fp: B9F81F327CF5346860E85269D7AF98F214C59E4E + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQEMAwDFOgk9tOQ+AQf/S3r7EsW1J1wcBKkrWws4xazvLUrkOPV7Pev4quKpSHG2 + d9pr45IFFW3zgqjqBpUzCzo+a9wXM2/IzHYe44wQSHmmhzXijmFARZ0TXMgtiAg+ + EJUdwrbhglemA0s1WPlRyGIBdVvkfUWFpb9EGMqsB9gqGo/JNmTyUiG3+47e8iUf + JTp2RbmdCSvDY78QiDF7r31Tw4Rrn+ep4FTMyUw/XY7539mz4D6/6pX01Tb7tGxV + V8yzYchD9kg3R3Jwgq2UcU9f9yGDa9epmo0qDfwb+ECpv1SsS41VSkGk9/KDTjr0 + 8LuhrsUg8S4ZCHVfEuOrs+s1RBq2tJU+esKXB9/sJNJRAWqYRPTSIy4Ytq7zT0DO + dATxseHf3gAhP9eBlKyBDvFcNPDp+Lhs7akJndrRm/8n/s3GvEJJAej3ur9ETOTI + 4BYMwVrwQkwtwGmrZXT+iXh1 + =sklM + -----END PGP MESSAGE----- + fp: 0600D41E1313E31016F7C55BF597BC0C5F22D1A2 + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAz4a8AV36xppARAAhikgDq91xe/hHoTK+nJjxjPe7HnabWcvaYSElOTcJdT4 + R2z8fgJJ8SRn+XSFIZZbufPChxhAga5L+KlO3d+9ifvHttDZ/wKPitMfUne1M9mX + SR+NcK1tKJn5iQJ9Bxx50l7u/ZFTnvDHfis37NDQnrU3osEQmefc+zc/YHfDtXYb + LU3HVqlSzciNpKLrJtYi1Y6l8BFgnnzxMyfUAn7gL16K6xh4wUxUOvesiQPltXRQ + bkEGvAakdOg6x9LBN8w9o2d0mV1/WADPKjPgyF2Rrgv7gU0ZpU2qracvUaIvCqfG + vg5Tj34NZAqc1Gaa7Y1tuRyijLJPT2FR0EH3Qd9SBvEeyAMjgQ1wbPuvwVioNpqg + sjXKALKL2O1RIPT2FTcbsPHUMlUyWU5J4HZ5sbTeZGDcYt9Izk7C1wJMvH1922iC + FUobJ52hAkUr05ensTqp36nbvU/7MIFiOB7uO4ro12UV90SyIPDZgjXBZYzAER8B + ggX56/zzjQyUzfA8z2NWzSj21WY45d3e+rXKU7MIlmvlqG21jyIN7nizzCQkQxIm + 8kwEAuPJHS2nDbewA2dgWF4uTCPq9BH1QWYD4az4bxtuuF56O2C/zIN6m90UmLoU + U840pAg4jq7EWiDSr9Y8Bop2E3rXnY8bKHvoj8ouLH2CE3M6ozC08qxORKCg20LS + UQGLDqG3LoDHmupHH5OBw7GdWg4mhnfn1fXW/3mvXeC6+lY43BGxHBeJV6MIXFDn + winRBpyrrOpf7JyDa6evUuhrYzckgiatZjLYPKUqXdyVuQ== + =QKuz + -----END PGP MESSAGE----- + fp: 29C50D01122FDE78E257482DAA497EB2610A8435 + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAxYzhHRfYJYtAQ/5AXwnZoyGM43yGkK1zVhO9JBz3B/ZhOHtReRbQCHoET6P + Mi9KuzuDWbXLq90z0dKMY1vDTJCHOThsQiqiR4LVJCiFHuDdgCpkVBGA+aoA8QgZ + DdynxVKXbaIQRC3Cc1rDe/lFDfsMeibebsCgxX3rWytho75DvkPVgKqakCk6qZJp + Z3wD0MH7DWps1A+fB+Q+W+n6uZFxIJ8OtPVdSU4H7FZ42WkxZZ3xxygJsVYzUdT2 + 7qWqArs3K7HRTO2Tx0kssGUo0IYTvrYwWSJjDyqQCe5hATzqY7ailzttiWNtM7Tl + XCkwb+QpvAkTFVwFdI+meZEVgme//+ZM+5slTg2ACALG+diwzDwca5EQtKheMdN5 + BBrQuh08Mnz5QJA3mLtvRFpYeogaTb82EaoXvm+BlydUKrdL+kuuK9AoeF2CvYuy + or1zc2nrfeTCRWRtWlfeJxdBkNMkxnVFwnhik5jvQmCnKZdZboWZIiTO5ABeRpCz + peh7dwLIK92GPLHWYsvKjGsINuDxawpX4iOCJSgg1JlzDp/Qim5hjCaTcrfUXXOl + WNK5gUt56Ij8Uk0GEmRhECgmKEuByLEpOKYeG0nLBopkNxKWd8RUvK8GCx+nlb+s + 7KmlrzvpqqLpXFJ5u0PjiRiw0dOJhSahwK+yROE8qQh3nVsJlnWDnjvcfh1g2BnS + UQH8UO8RDIVvocBWXnNYXAoSbv2UVE10HxphyAmMmgXB4Su2M4yXajMg6TlWtkZq + tHX+uD/SdA44VImJmsdE4AwP+yODWSYgj98ziSLWAKTPBA== + =Gc8d + -----END PGP MESSAGE----- + fp: 9BE537027CB7467923E240FF2AED09371C121F91 + - created_at: "2025-09-16T09:19:21Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4DjS7VXZx9i8YSAQdA+QaCeWae6exqCLoTbViPC5MHCVuc5FHuJBfgKpTDzBcw + z666dWfo9PmP7os82CM0gvMSEwoKihm0z8Khux3yGGQFXgQlTavPCsmnEOBtqntH + 1FsBCQIQq8ASFMaLcLuUJQi4Jn7B4LJJt692Venh5ajhah5uOet0IHLxaTsYxpTL + VDFruyur7UAz73in3NcDKQsdsVly/1YvAqUDUNQZCR46JD1a6inxBvNSy8nn + =kExY + -----END PGP MESSAGE----- + fp: F93098C3D8ED15D0924A6DDAEB4E93A88660C55B + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/ansible/inventories/devnet-1/group_vars/bootnode.yaml b/ansible/inventories/devnet-1/group_vars/bootnode.yaml new file mode 100644 index 0000000..37b5db2 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/bootnode.yaml @@ -0,0 +1,175 @@ +ethereum_cl_bootnode: "{{ hostvars[primary_bootnode]['bootnodoor_fact_enr'] }}" +ethereum_el_bootnode: "{{ hostvars[primary_bootnode]['bootnodoor_fact_enode'] }}" + +# role: eth_inventory_web +eth_inventory_web_container_networks: "{{ docker_networks_shared }}" +eth_inventory_web_container_env: + VIRTUAL_HOST: "{{ server_fqdn }}" + VIRTUAL_PORT: "80" + VIRTUAL_PATH: "/meta/api" + VIRTUAL_DEST: "/" + LETSENCRYPT_HOST: "{{ server_fqdn }}" + +# role: ethpandaops.general.bootnodoor +bootnodoor_privkey: >- + {{ + (secret_bootnodoor_seed ~ ':' ~ ethereum_genesis_chain_id|string) + | hash('sha256') + }} +bootnodoor_set_facts: true +bootnodoor_el_enabled: true +bootnodoor_cl_enabled: true + +bootnodoor_container_name: "bootnodoor" +bootnodoor_container_image: "ethpandaops/bootnodoor:master" +bootnodoor_container_networks: "{{ docker_networks_shared }}" +bootnodoor_p2p_port: 9010 +bootnodoor_ui_port: 8004 +bootnodoor_enr_ip: "{{ ansible_host }}" + +bootnodoor_el_config: /network-config/genesis.json +bootnodoor_el_genesis_hash: /network-config/deposit_contract_block_hash.txt +bootnodoor_cl_config: /network-config/config.yaml +bootnodoor_cl_gvr: /network-config/genesis_validators_root.txt +bootnodoor_container_volumes_extra: + - "{{ eth_testnet_config_dir }}:/network-config:ro" + +bootnodoor_container_command_extra_args: [] +bootnodoor_container_env: + VIRTUAL_HOST: "bootnodoor-{{ server_fqdn }}" + VIRTUAL_PORT: "{{ bootnodoor_ui_port | string }}" + LETSENCRYPT_HOST: "bootnodoor-{{ server_fqdn }}" + +# role: ethpandaops.general.ethereum_node +ethereum_node_el: geth +ethereum_node_cl: lighthouse +ethereum_node_cl_validator_enabled: false + +# role: ethpandaops.general.lighthouse +lighthouse_container_name: beacon +lighthouse_validator_container_name: validator +lighthouse_container_image: "{{ default_ethereum_client_images.lighthouse }}" +lighthouse_container_env: + VIRTUAL_HOST: "{{ ethereum_node_beacon_hostname }}" + VIRTUAL_PORT: "{{ ethereum_node_cl_ports_http_beacon | string }}" + LETSENCRYPT_HOST: "{{ ethereum_node_beacon_hostname }}" +lighthouse_container_volumes: + - "{{ lighthouse_datadir }}:/data" + - "{{ lighthouse_auth_jwt_path }}:/execution-auth.jwt:ro" + - "{{ eth_testnet_config_dir }}:/network-config:ro" +lighthouse_container_command_extra_args: + - --testnet-dir=/network-config + - --enable-partial-columns + - >- + --boot-nodes={{ + ( + ( + groups['bootnode'] + | map('extract', hostvars, ['ethereum_node_fact_cl_enr']) + | select('defined') + | list + ) + + + ( + groups['bootnode'] + | map('extract', hostvars, ['bootnodoor_fact_enr']) + | select('defined') + | list + ) + ) + | join(',') + }} + +# role: ethpandaops.general.geth +geth_container_name: execution +geth_container_image: "{{ default_ethereum_client_images.geth }}" +geth_container_env: + VIRTUAL_HOST: "{{ ethereum_node_rcp_hostname }}" + VIRTUAL_PORT: "{{ ethereum_node_el_ports_http_rpc | string }}" + LETSENCRYPT_HOST: "{{ ethereum_node_rcp_hostname }}" +geth_container_volumes: + - "{{ geth_datadir }}:/data" + - "{{ geth_auth_jwt_path }}:/execution-auth.jwt:ro" + - "{{ eth_testnet_config_dir }}:/network-config:ro" +geth_container_command_extra_args: + - --override.genesis=/network-config/genesis.json + - --http.api=eth,net,web3,debug,admin + - --http.vhosts=* + - --networkid={{ ethereum_network_id }} + - --syncmode=full + - --gcmode=archive + - --state.scheme=hash + - >- + --bootnodes={{ + ( + ( + groups['bootnode'] + | map('extract', hostvars, ['ethereum_node_fact_el_enode']) + | select('defined') + | list + ) + + + ( + groups['bootnode'] + | map('extract', hostvars, ['bootnodoor_fact_enode']) + | select('defined') + | list + ) + ) + | join(',') + }} + +# role: ethpandaops.general.prometheus +prometheus_remote_push_url: https://victoriametrics-public.analytics.production.platform.ethpandaops.io/insert/1/prometheus +prometheus_remote_write_username: "{{ secret_prometheus_remote_write.username }}" +prometheus_remote_write_password: "{{ secret_prometheus_remote_write.password }}" +prometheus_config: | + global: + scrape_interval: 30s + evaluation_interval: 30s + scrape_timeout: 10s + external_labels: + instance: "{{ inventory_hostname }}" + ip_address: "{{ ansible_host }}" + network: "{{ ethereum_network_name }}" + testnet: "{{ ethereum_network_name }}" + execution_client: "{{ ethereum_node_el }}" + consensus_client: "{{ ethereum_node_cl }}" + supernode: "{{ ethereum_node_cl_supernode_enabled | bool | default(false) }}" + remote_write: + - queue_config: + batch_send_deadline: 5s + max_backoff: 500ms + max_samples_per_send: 500 + min_backoff: 50ms + max_shards: 100 + url: {{ prometheus_remote_push_url }} + remote_timeout: 10s + basic_auth: + username: {{ prometheus_remote_write_username }} + password: {{ prometheus_remote_write_password }} + scrape_configs: + - job_name: "prometheus" + metrics_path: "/metrics" + static_configs: + - targets: ["localhost:9090"] + labels: + instance: "{{ inventory_hostname }}" + - job_name: "node" + metrics_path: "/metrics" + static_configs: + - targets: ["172.17.0.1:9100"] + labels: + instance: "{{ inventory_hostname }}" + - job_name: "exporter" + metrics_path: "/metrics" + static_configs: + - targets: ["ethereum-metrics-exporter:9090"] + labels: + instance: "{{ inventory_hostname }}" + - job_name: "consensus_node" + metrics_path: "/metrics" + static_configs: + - targets: ["{{ vars[ethereum_node_cl + '_container_name'] }}:{{ ethereum_node_cl_ports_metrics }}"] + labels: + instance: "{{ inventory_hostname }}" diff --git a/ansible/inventories/devnet-1/group_vars/dns_server.yaml b/ansible/inventories/devnet-1/group_vars/dns_server.yaml new file mode 100644 index 0000000..ce30f85 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/dns_server.yaml @@ -0,0 +1,84 @@ +# role: ethpandaops.general.dns_server +dns_server_disable_systemd_resolved: true +dns_server_is_master: "{{ inventory_hostname == primary_bootnode }}" +dns_server_acme_zone: "{{ network_server_subdomain }}" + +# One or more master IPs (for slaves to pull from / accept NOTIFY from) +dns_server_master: "{{ ([hostvars[primary_bootnode].ansible_host] + if (groups.get('bootnode') is defined and primary_bootnode in groups['bootnode']) + else []) | list }}" + +# All slave IPs (for master's also-notify / allow-transfer) +dns_server_slave: "{{ (groups.get('bootnode', []) | difference([primary_bootnode])) + | map('extract', hostvars, 'ansible_host') + | list }}" + +dns_server_zones: + - zone: "{{ network_server_subdomain }}" + content: | + $TTL 120 + @ IN SOA {{ server_fqdn }}. zonemaster.{{ domain }}. ( + 00000000000000 ; Serial + 2H ; Refresh + 1H ; Retry + 1W ; Expire + 5m ) ; NX (TTL Negativ Cache) + IN NS {{ server_fqdn }}. + {# extra NS for each secondary, if their FQDNs are known #} + {% for h in groups['bootnode'] | sort if h != primary_bootnode %} + {% if hostvars[h].server_fqdn is defined %} + IN NS {{ hostvars[h].server_fqdn }}. + {% endif %} + {% endfor %} + + ; certificates + cert IN A {{ hostvars[primary_bootnode]['ansible_host'] }} + + ; bootnodes + {% for host in groups['bootnode'] | sort %} + {{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + {{ ethereum_node_beacon_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + bootnodoor-{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + {% if hostvars[host]['ipv6'] is defined %} + {{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} + {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} + {{ ethereum_node_beacon_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} + {% endif %} + {% endfor %} + + ; ethereum_nodes + {% for host in groups['ethereum_node'] | sort %} + {{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + {{ ethereum_node_beacon_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + {% if hostvars[host]['ipv6'] is defined %} + {{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} + {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} + {{ ethereum_node_beacon_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} + {% endif %} + {% endfor %} + + ; mev-relay + {% for host in groups.get('mev_relay', []) | sort %} + {{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + {% if hostvars[host]['ipv6'] is defined %} + {{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} + {% endif %} + {% endfor %} + +# role: ethpandaops.general.wildcard_cert_issuer +wildcard_cert_issuer_enabled: "{{ inventory_hostname == primary_bootnode }}" +wildcard_cert_issuer_base_domain: "{{ network_server_subdomain }}" +wildcard_cert_issuer_acme_directory: "https://acme.zerossl.com/v2/DV90" +wildcard_cert_issuer_acme_eab_kid: "{{ secret_zerossl.ACME_EAB_KID }}" +wildcard_cert_issuer_acme_eab_hmac_key: "{{ secret_zerossl.ACME_EAB_HMAC_KEY }}" +wildcard_cert_issuer_email: "ssl@ethpandaops.io" +wildcard_cert_issuer_publish_port: 8080 +wildcard_cert_issuer_publish_psk: "{{ secret_cert_encryption_psk }}" +wildcard_cert_issuer_container_env: + VIRTUAL_HOST: "cert.{{ network_server_subdomain }}" + VIRTUAL_PORT: "8080" + HTTPS_METHOD: "nohttps" +wildcard_cert_issuer_container_networks: "{{ docker_networks_shared }}" +wildcard_cert_issuer_rfc2136_server: "172.17.0.1" # dns container runs on host network diff --git a/ansible/inventories/devnet-1/group_vars/ethereum_node.yaml b/ansible/inventories/devnet-1/group_vars/ethereum_node.yaml new file mode 100644 index 0000000..e4bd256 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/ethereum_node.yaml @@ -0,0 +1,92 @@ +ethereum_cl_bootnodes: + - "{{ hostvars[primary_bootnode]['bootnodoor_fact_enr'] }}" + - "{{ hostvars[primary_bootnode]['ethereum_node_fact_cl_enr'] }}" + - "{{ hostvars['lighthouse-geth-super-1']['ethereum_node_fact_cl_enr'] }}" + - "{{ hostvars['lighthouse-geth-super-2']['ethereum_node_fact_cl_enr'] }}" + - "{{ hostvars['lighthouse-nimbusel-full-1']['ethereum_node_fact_cl_enr'] }}" + - "{{ hostvars['lighthouse-nimbusel-full-2']['ethereum_node_fact_cl_enr'] }}" + + +ethereum_el_bootnodes: + - "{{ hostvars[primary_bootnode]['bootnodoor_fact_enode'] }}" + - "{{ hostvars[primary_bootnode]['ethereum_node_fact_el_enode'] }}" + +ethereum_node_xatu_sentry_enabled: true + +# role: ethpandaops.general.brakebear +brakebear_download_speed: "{{ ethereum_node_cl_supernode_enabled | ternary('1000Mbps', '100Mbps') }}" +brakebear_upload_speed: "{{ ethereum_node_cl_supernode_enabled | ternary('1000Mbps', '50Mbps') }}" +brakebear_config: | + log_level: "info" + docker_containers: + - name: "execution" + download_rate: {{ brakebear_download_speed }} + upload_rate: {{ brakebear_upload_speed }} + latency: 80ms + exclusions: + private-networks: true + docker-networks: + names: ["*"] + - name: "beacon" + download_rate: {{ brakebear_download_speed }} + upload_rate: {{ brakebear_upload_speed }} + latency: 80ms + exclusions: + private-networks: true + docker-networks: + names: ["*"] + +# role: ethpandaops.general.prometheus +prometheus_remote_push_url: https://victoriametrics-public.analytics.production.platform.ethpandaops.io/insert/1/prometheus +prometheus_remote_write_username: "{{ secret_prometheus_remote_write.username }}" +prometheus_remote_write_password: "{{ secret_prometheus_remote_write.password }}" +prometheus_config: | + global: + scrape_interval: 30s + evaluation_interval: 30s + scrape_timeout: 10s + external_labels: + instance: "{{ inventory_hostname }}" + ip_address: "{{ ansible_host }}" + network: "{{ ethereum_network_name }}" + testnet: "{{ ethereum_network_name }}" + execution_client: "{{ ethereum_node_el }}" + consensus_client: "{{ ethereum_node_cl }}" + supernode: "{{ ethereum_node_cl_supernode_enabled | bool | default(false) }}" + remote_write: + - queue_config: + batch_send_deadline: 5s + max_backoff: 500ms + max_samples_per_send: 500 + min_backoff: 50ms + max_shards: 100 + url: {{ prometheus_remote_push_url }} + remote_timeout: 10s + basic_auth: + username: {{ prometheus_remote_write_username }} + password: {{ prometheus_remote_write_password }} + scrape_configs: + - job_name: "prometheus" + metrics_path: "/metrics" + static_configs: + - targets: ["localhost:9090"] + labels: + instance: "{{ inventory_hostname }}" + - job_name: "node" + metrics_path: "/metrics" + static_configs: + - targets: ["172.17.0.1:9100"] + labels: + instance: "{{ inventory_hostname }}" + - job_name: "exporter" + metrics_path: "/metrics" + static_configs: + - targets: ["ethereum-metrics-exporter:9090"] + labels: + instance: "{{ inventory_hostname }}" + - job_name: "consensus_node" + metrics_path: "/metrics" + static_configs: + - targets: ["{{ vars[ethereum_node_cl + '_container_name'] }}:{{ ethereum_node_cl_ports_metrics }}"] + labels: + instance: "{{ inventory_hostname }}" diff --git a/ansible/inventories/devnet-1/group_vars/geth.yaml b/ansible/inventories/devnet-1/group_vars/geth.yaml new file mode 100644 index 0000000..8184b0b --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/geth.yaml @@ -0,0 +1,87 @@ +# role: ethpandaops.general.bootstrap +bootstrap_default_user_authorized_keys_github_team_el: + - mariusVanDerWijden + - lightclient + - rjl493456442 + - jrhea + +# role: ethpandaops.general.ethereum_node +ethereum_node_el: geth + +# role: ethpandaops.general.geth +geth_container_name: execution +geth_container_image: "{{ default_ethereum_client_images.geth }}" +geth_container_volumes: + - "{{ geth_datadir }}:/data" + - "{{ geth_auth_jwt_path }}:/execution-auth.jwt:ro" + - "{{ eth_testnet_config_dir }}:/network-config:ro" +geth_container_env: + VIRTUAL_HOST: "{{ ethereum_node_rcp_hostname }}" + VIRTUAL_PORT: "{{ ethereum_node_el_ports_http_rpc | string }}" + LETSENCRYPT_HOST: "{{ ethereum_node_rcp_hostname }}" +geth_container_command_extra_args: + - --override.genesis=/network-config/genesis.json + - --http.api=eth,net,web3,debug,admin,txpool + - --http.vhosts=* + - --networkid={{ ethereum_network_id }} + - --syncmode=full + - --bootnodes={{ ethereum_el_bootnodes | join(',') }} + +geth_container_pull: true + +prometheus_config: | + global: + scrape_interval: 30s + evaluation_interval: 30s + scrape_timeout: 10s + external_labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + ip_address: "{{ ansible_host }}" + network: "{{ ethereum_network_name }}" + testnet: "{{ ethereum_network_name }}" + execution_client: "{{ ethereum_node_el }}" + consensus_client: "{{ ethereum_node_cl }}" + supernode: "{{ ethereum_node_cl_supernode_enabled | bool | default(false) }}" + remote_write: + - queue_config: + batch_send_deadline: 5s + max_backoff: 500ms + max_samples_per_send: 500 + min_backoff: 50ms + max_shards: 100 + url: {{ prometheus_remote_push_url }} + remote_timeout: 10s + basic_auth: + username: {{ prometheus_remote_write_username }} + password: {{ prometheus_remote_write_password }} + scrape_configs: + - job_name: "prometheus" + metrics_path: "/metrics" + static_configs: + - targets: ["localhost:9090"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "node" + metrics_path: "/metrics" + static_configs: + - targets: ["172.17.0.1:9100"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "exporter" + metrics_path: "/metrics" + static_configs: + - targets: ["ethereum-metrics-exporter:9090"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "consensus_node" + metrics_path: "/metrics" + static_configs: + - targets: ["{{ vars[ethereum_node_cl + '_container_name'] }}:{{ ethereum_node_cl_ports_metrics }}"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "execution" + metrics_path: "/debug/metrics/prometheus" + static_configs: + - targets: ["execution:{{ ethereum_node_el_ports_metrics }}"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" diff --git a/ansible/inventories/devnet-1/group_vars/nethermind.yaml b/ansible/inventories/devnet-1/group_vars/nethermind.yaml new file mode 100644 index 0000000..606f932 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/nethermind.yaml @@ -0,0 +1,97 @@ +# role: ethpandaops.general.bootstrap +bootstrap_default_user_authorized_keys_github_team_el: + - MarekM25 + - kamilchodola + - LukaszRozmej + - marcindsobczak + - asdacap + - rubo + - smartprogrammer93 + - cbermudez97 + - flcl42 + - stdevMac + +# role: ethpandaops.general.ethereum_node +ethereum_node_el: nethermind +# role: ethpandaops.general.nethermind +nethermind_container_name: execution +nethermind_container_image: "{{ default_ethereum_client_images.nethermind }}" +nethermind_container_env: + VIRTUAL_HOST: "{{ ethereum_node_rcp_hostname }}" + VIRTUAL_PORT: "{{ ethereum_node_el_ports_http_rpc | string }}" + LETSENCRYPT_HOST: "{{ ethereum_node_rcp_hostname }}" +nethermind_container_entrypoint: + - /nethermind/nethermind +nethermind_container_volumes: + - "{{ nethermind_datadir }}:/data" + - "{{ nethermind_auth_jwt_path }}:/execution-auth.jwt:ro" + - "{{ eth_testnet_config_dir }}:/network-config:ro" +nethermind_container_command_extra_args: + - --Init.ChainSpecPath=/network-config/chainspec.json + - --JsonRpc.EnabledModules=Eth,Subscribe,Trace,TxPool,Web3,Personal,Proof,Net,Parity,Health,Rpc,Debug,Admin + - --Discovery.Bootnodes={{ ethereum_el_bootnodes | join(',') }} + - --Pruning.Mode=None + - --config=none + - --log=DEBUG + - --Seq.MinLevel=Info + - --Seq.ServerUrl={{ nethermind_seq_server }} + - --Seq.ApiKey={{ nethermind_seq_api_key }} + - --Metrics.PushGatewayUrl={{ nethermind_push_gateway }} +nethermind_container_pull: true + +prometheus_config: | + global: + scrape_interval: 30s + evaluation_interval: 30s + scrape_timeout: 10s + external_labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + ip_address: "{{ ansible_host }}" + network: "{{ ethereum_network_name }}" + testnet: "{{ ethereum_network_name }}" + execution_client: "{{ ethereum_node_el }}" + consensus_client: "{{ ethereum_node_cl }}" + supernode: "{{ ethereum_node_cl_supernode_enabled | bool | default(false) }}" + remote_write: + - queue_config: + batch_send_deadline: 5s + max_backoff: 500ms + max_samples_per_send: 500 + min_backoff: 50ms + max_shards: 100 + url: {{ prometheus_remote_push_url }} + remote_timeout: 10s + basic_auth: + username: {{ prometheus_remote_write_username }} + password: {{ prometheus_remote_write_password }} + scrape_configs: + - job_name: "prometheus" + metrics_path: "/metrics" + static_configs: + - targets: ["localhost:9090"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "node" + metrics_path: "/metrics" + static_configs: + - targets: ["172.17.0.1:9100"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "exporter" + metrics_path: "/metrics" + static_configs: + - targets: ["ethereum-metrics-exporter:9090"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "consensus_node" + metrics_path: "/metrics" + static_configs: + - targets: ["{{ vars[ethereum_node_cl + '_container_name'] }}:{{ ethereum_node_cl_ports_metrics }}"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" + - job_name: "execution" + metrics_path: "/metrics" + static_configs: + - targets: ["execution:{{ ethereum_node_el_ports_metrics }}"] + labels: + instance: "{{ ethereum_network_name }}-{{ inventory_hostname }}" diff --git a/ansible/inventories/devnet-1/group_vars/prysm.yaml b/ansible/inventories/devnet-1/group_vars/prysm.yaml new file mode 100644 index 0000000..2915ef1 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/prysm.yaml @@ -0,0 +1,71 @@ +# role: ethpandaops.general.bootstrap +bootstrap_default_user_authorized_keys_github_team_cl: + - kasey + - terencechain + - potuz + - nisdas + - prestonvanloon + - rkapka + - nalepae + - james-prysm + - marcopolo + - aarshkshah1992 + +# role: validator_keys +validator_keys_sync_files: + - src: "{{ inventory_dir }}/files/validator_keys/prysm_wallet_pass.txt" + dest: "{{ prysm_validator_datadir }}/wallet_pass.txt" + - src: "{{ inventory_dir }}/files/validator_keys/{{ inventory_hostname }}/prysm/direct/accounts/all-accounts.keystore.json" + dest: "{{ prysm_validator_datadir }}/wallet/direct/accounts/all-accounts.keystore.json" + - src: "{{ inventory_dir }}/files/validator_keys/{{ inventory_hostname }}/prysm/keymanageropts.json" + dest: "{{ prysm_validator_datadir }}/wallet/direct/keymanageropts.json" + +validator_bls_sync_files: + - src: "{{ inventory_dir }}/files/validator_keys/{{ inventory_hostname }}/change_operations.json" + dest: "{{ prysm_validator_datadir }}/change_operations.json" + owner: prysm + group: prysm + +# role: ethpandaops.general.ethereum_node +ethereum_node_cl: prysm +prysm_container_tty: true +prysm_pprof_enabled: true +prysm_validator_container_tty: true +# role: ethpandaops.general.prysm +prysm_container_name: beacon +prysm_validator_container_name: validator +prysm_container_image: "{{ default_ethereum_client_images.prysm }}" +prysm_container_env: + VIRTUAL_HOST: "{{ ethereum_node_beacon_hostname }}" + VIRTUAL_PORT: "{{ ethereum_node_cl_ports_http_beacon | string }}" + LETSENCRYPT_HOST: "{{ ethereum_node_beacon_hostname }}" + GOLOG_LOG_LEVEL: "pubsub=debug" +prysm_container_volumes: + - "{{ prysm_datadir }}:/data" + - "{{ prysm_auth_jwt_path }}:/execution-auth.jwt:ro" + - "{{ eth_testnet_config_dir }}:/network-config:ro" +prysm_container_entrypoint: + - /app/cmd/beacon-chain/beacon-chain +prysm_container_command_extra_args: >- + {{ prysm_container_command_extra_simple_args + prysm_container_command_extra_bootnode_args }} +prysm_container_command_extra_simple_args: + - --grpc-gateway-corsdomain=* + - --chain-config-file=/network-config/config.yaml + - --genesis-state=/network-config/genesis.ssz + - --contract-deployment-block={{ ethereum_network_deposit_contract_block }} + - --min-sync-peers=1 + - --verbosity=debug + - --subscribe-all-subnets +prysm_container_command_extra_bootnode_args: >- + {{ ethereum_cl_bootnodes | map('regex_replace', '^', '--bootstrap-node=') | list }} + +prysm_validator_container_image: "{{ default_ethereum_client_images.prysm_validator }}" +prysm_validator_container_volumes: + - "{{ prysm_validator_datadir }}:/validator-data" + - "{{ eth_testnet_config_dir }}:/network-config:ro" +prysm_validator_container_entrypoint: + - /app/cmd/validator/validator +prysm_validator_container_command_extra_args: + - --chain-config-file=/network-config/config.yaml + - --graffiti={{ ansible_hostname }} +prysm_validator_datadir: /data/prysm-validator diff --git a/ansible/inventories/devnet-1/group_vars/xatu.yaml b/ansible/inventories/devnet-1/group_vars/xatu.yaml new file mode 100644 index 0000000..60bb3d8 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/xatu.yaml @@ -0,0 +1,91 @@ +# role: ethpandaops.general.xatu_sentry +xatu_sentry_config_name: "{{ ethereum_network_name }}-{{ inventory_hostname }}" +xatu_sentry_config_server_address: "{{ secret_xatu_sentry.server_address }}" +xatu_sentry_config_server_auth_user: "{{ secret_xatu_sentry.user }}" +xatu_sentry_config_server_auth_password: "{{ secret_xatu_sentry.password }}" +xatu_sentry_config_network_name_override: "{{ ethereum_network_name }}" +xatu_sentry_container_networks: "{{ docker_networks_shared }}" +xatu_sentry_container_image: "{{ default_tooling_images.xatu_sentry }}" + +ethereum_node_xatu_sentry_enabled: true + +xatu_sentry_container_command: + - sentry + - --config=/config.yaml + +xatu_sentry_config: + logging: "info" + metricsAddr: ":9090" + name: "{{ xatu_sentry_config_name }}" + ntpServer: time.google.com + ethereum: + beaconNodeAddress: http://{{ vars[ethereum_node_cl + '_container_name'] }}:{{ ethereum_node_cl_ports_http_beacon }} + overrideNetworkName: "{{ xatu_sentry_config_network_name_override }}" + beaconSubscriptions: + - attestation + - block + - block_gossip + - chain_reorg + - finalized_checkpoint + - head + - voluntary_exit + - contribution_and_proof + - blob_sidecar + - data_column_sidecar + attestationData: + enabled: false + beaconCommittees: + enabled: true + forkChoice: + enabled: false + proposerDuty: + enabled: true + outputs: + - config: + address: "{{ xatu_sentry_config_server_address }}" + headers: + authorization: "Basic {{ (xatu_sentry_config_server_auth_user + ':' + xatu_sentry_config_server_auth_password) | b64encode }}" + maxExportBatchSize: 32 + maxQueueSize: 1000000 + workers: 5 + tls: true + filter: + eventNames: + - BEACON_API_ETH_V1_EVENTS_UNKNOWN + - BEACON_API_ETH_V1_BEACON_COMMITTEE + - BEACON_API_ETH_V1_EVENTS_BLOB_SIDECAR + - BEACON_API_ETH_V1_EVENTS_BLOCK + - BEACON_API_ETH_V1_EVENTS_BLOCK_V2 + - BEACON_API_ETH_V1_EVENTS_BLOCK_GOSSIP + - BEACON_API_ETH_V1_EVENTS_CHAIN_REORG + - BEACON_API_ETH_V1_EVENTS_CHAIN_REORG_V2 + - BEACON_API_ETH_V1_EVENTS_DATA_COLUMN_SIDECAR + - BEACON_API_ETH_V1_EVENTS_FINALIZED_CHECKPOINT + - BEACON_API_ETH_V1_EVENTS_FINALIZED_CHECKPOINT_V2 + - BEACON_API_ETH_V1_EVENTS_HEAD + - BEACON_API_ETH_V1_EVENTS_HEAD_V2 + - BEACON_API_ETH_V1_EVENTS_VOLUNTARY_EXIT + - BEACON_API_ETH_V1_EVENTS_VOLUNTARY_EXIT_V2 + - BEACON_API_ETH_V1_EVENTS_CONTRIBUTION_AND_PROOF + - BEACON_API_ETH_V1_EVENTS_CONTRIBUTION_AND_PROOF_V2 + - BEACON_API_ETH_V1_VALIDATOR_ATTESTATION_DATA + - MEMPOOL_TRANSACTION + - MEMPOOL_TRANSACTION_V2 + - BEACON_API_ETH_V2_BEACON_BLOCK + - BEACON_API_ETH_V2_BEACON_BLOCK_V2 + name: grpc-general + type: xatu + - config: + address: "{{ xatu_sentry_config_server_address }}" + headers: + authorization: "Basic {{ (xatu_sentry_config_server_auth_user + ':' + xatu_sentry_config_server_auth_password) | b64encode }}" + maxExportBatchSize: 128 + maxQueueSize: 1000000 + workers: 10 + tls: true + filter: + eventNames: + - BEACON_API_ETH_V1_EVENTS_ATTESTATION + - BEACON_API_ETH_V1_EVENTS_ATTESTATION_V2 + name: grpc-attestation + type: xatu diff --git a/ansible/inventories/devnet-1/group_vars/xatu_sentry.yaml b/ansible/inventories/devnet-1/group_vars/xatu_sentry.yaml new file mode 100644 index 0000000..a656615 --- /dev/null +++ b/ansible/inventories/devnet-1/group_vars/xatu_sentry.yaml @@ -0,0 +1 @@ +ethereum_node_xatu_sentry_enabled: true diff --git a/ansible/inventories/devnet-1/host_vars/localhost b/ansible/inventories/devnet-1/host_vars/localhost new file mode 100644 index 0000000..e187c8f --- /dev/null +++ b/ansible/inventories/devnet-1/host_vars/localhost @@ -0,0 +1,2 @@ +ansible_connection: local +ansible_python_interpreter: "{{ ansible_playbook_python }}" diff --git a/terraform/devnet-1/nodes.tf b/terraform/devnet-1/nodes.tf index 2d5c676..998030a 100644 --- a/terraform/devnet-1/nodes.tf +++ b/terraform/devnet-1/nodes.tf @@ -23,19 +23,13 @@ ######################################################################################## variable "nodes" { - type = any description = "List of node definitions for the devnet" default = [ - { name = "bootnode", count = 1, cloud = "hetzner" }, - { name = "mev-relay", count = 1, cloud = "hetzner", size = "cx53", supernode = true }, - { name = "lighthouse-geth-super", count = 2, cloud = "hetzner", validator_start = 0, validator_end = 8 }, - { name = "lighthouse-besu-super", count = 2, cloud = "hetzner", validator_start = 8, validator_end = 16 }, - { name = "prysm-nethermind-super", count = 2, cloud = "hetzner", validator_start = 16, validator_end = 24 }, - { name = "prysm-reth-super", count = 2, cloud = "hetzner", validator_start = 24, validator_end = 32 }, - { name = "lighthouse-erigon-full", count = 2, cloud = "hetzner", validator_start = 32, validator_end = 40 }, - { name = "lighthouse-nimbusel-full", count = 2, cloud = "hetzner", validator_start = 40, validator_end = 48 }, - { name = "prysm-geth-full", count = 2, cloud = "hetzner", validator_start = 48, validator_end = 56 }, - { name = "prysm-besu-full", count = 2, cloud = "hetzner", validator_start = 56, validator_end = 64 }, - { name = "teku-geth-super", count = 2, cloud = "hetzner", validator_start = 64, validator_end = 72 }, + { name = "bootnode", count = 1, cloud = "digitalocean", region = "ams3" }, + + { name = "prysm-geth", count = 22, cloud = "digitalocean", validator_start = 0, validator_end = 220, region = "ams3" }, + { name = "prysm-geth-super", count = 3, cloud = "digitalocean", validator_start = 220, validator_end = 1600, supernode = true, region = "ams3" }, + { name = "prysm-nethermind", count = 22, cloud = "digitalocean", validator_start = 1600, validator_end = 1820, region = "blr1" }, + { name = "prysm-nethermind-super", count = 3, cloud = "digitalocean", validator_start = 1820, validator_end = 3200, supernode = true, region = "blr1" }, ] }