feat: migrate to new template

.tool-versions

@@ -1,8 +1,8 @@
 age 1.2.1
 helm 3.15.3
 sops 3.8.1
-shellcheck 0.10.0
-python 3.12.1
+shellcheck 0.11.0
+python 3.12.12
 awscli 2.22.26
 yq 4.44.6
 terraform 1.9.0

ansible/ansible.cfg

@@ -1,26 +1,37 @@
 [defaults]
 ansible_managed      = Ansible managed. Don't change this file manually. Template info: {{{{ (template_fullpath | replace(playbook_dir,'')) }}}}
-stdout_callback      = yaml
-inventory            = inventories/devnet-3/inventory.ini
+stdout_callback      = default
+result_format        = yaml
+inventory            = inventories/devnet-4/inventory.ini
 roles_path           = vendor/roles/:roles
 collections_path     = vendor/collections
-forks                = 50
+forks                = 100
 timeout              = 60
 retry_files_enabled  = False
 host_key_checking    = False
 vars_plugins_enabled = host_group_vars,community.sops.sops
-
+vars_plugin_stage    = inventory
+strategy             = mitogen_free
+strategy_plugins     = vendor/mitogen-0.3.43/ansible_mitogen/plugins/strategy
 
 # Persist facts locally so that they can be used within multiple runs
 fact_caching            = jsonfile
 # Keep facts forever
 fact_caching_timeout    = 0
 # Where to store the fact cache
-fact_caching_connection = tmp/devnet-3/
+fact_caching_connection = tmp/devnet-4/
 
 [inventory]
 enable_plugins = script, yaml, ini
 
 [ssh_connection]
 ssh_args   = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
 pipelining = true
+
+[mitogen]
+# Optional: Adjust the size of the connection pool (default is 16)
+# Increase if you have many hosts
+# mitogen_pool_size = 32
+
+# Optional: Use fork isolation for better module compatibility (default is fork)
+# mitogen_task_isolation = fork

ansible/group_vars/all/defaults.yaml

@@ -59,6 +59,8 @@ docker_daemon_options:
   "log-opts":
       "max-size": "500m"
       "max-file": "8"
+  "registry-mirrors": ["https://docker-cache.ethquokkaops.io","https://docker.ethquokkaops.io/gh"]
+  "features": { "containerd-snapshotter": false } # This is a temp fix for a docker 29 in combinations with our pull through cache, can be safely removed once the cache is working again with docker 29+
 
 # role: ethpandaops.general.prometheus
 prometheus_container_networks: "{{ docker_networks_shared }}"

ansible/requirements.yaml

@@ -2,15 +2,15 @@ roles:
   - name: gantsign.oh-my-zsh
     version: "2.7.0"
   - name: geerlingguy.docker
-    version: "6.0.3"
+    version: "8.0.0"
   - name: geerlingguy.firewall
     version: "2.5.0"
   - src: geerlingguy.pip
-    version: "3.0.3"
+    version: "3.1.2"
   - name: robertdebock.fail2ban
     version: "4.2.3"
   - name: gantsign.golang
-    version: "3.4.0"
+    version: "3.5.0"
 
 collections:
   - name: ansible.posix

setup.sh

@@ -9,9 +9,9 @@ asdf plugin add age https://github.com/threkk/asdf-age.git || true
 asdf plugin add shellcheck https://github.com/luizm/asdf-shellcheck.git || true
 asdf plugin add sops https://github.com/feniix/asdf-sops.git || true
 asdf plugin add terraform https://github.com/asdf-community/asdf-hashicorp.git || true
-asdf plugin-add helm https://github.com/Antiarchitect/asdf-helm.git || true
-asdf plugin-add python || true
-asdf plugin-add yq https://github.com/sudermanjr/asdf-yq.git || true
+asdf plugin add helm https://github.com/Antiarchitect/asdf-helm.git || true
+asdf plugin add python || true
+asdf plugin add yq https://github.com/sudermanjr/asdf-yq.git || true
 asdf plugin add awscli || true
 
 asdf install

terraform/devnet-4/ansible_inventory.tmpl

@@ -0,0 +1,91 @@
+localhost
+
+[all:vars]
+ethereum_network_name=${ethereum_network_name}
+
+%{ for gid, group in groups ~}
+[${replace(gid, "-", "_")}]
+%{ for key, host in hosts ~}
+%{ if host.group == gid ~}
+${host.hostname} ansible_host=${host.ip} ipv6=${host.ipv6} cloud=${host.cloud} cloud_region=${host.region} arch=${host.arch} ethereum_node_cl_supernode_enabled=${title(host.supernode)} %{ if tonumber(host.validator_end) > 0 }validator_start=${host.validator_start} validator_end=${host.validator_end}%{ endif }
+%{ endif ~}
+%{ endfor ~}
+%{ if gid == "lighthouse-reth" ~}
+%{ for key, host in hosts ~}
+%{ if host.group == "mev-relay" ~}
+${host.hostname}
+%{ endif ~}
+%{ endfor ~}
+%{ endif ~}
+
+%{ endfor ~}
+
+%{ if !contains(keys(groups), "lighthouse-reth") ~}
+[lighthouse_reth]
+%{ for key, host in hosts ~}
+%{ if host.group == "mev-relay" ~}
+${host.hostname}
+%{ endif ~}
+%{ endfor ~}
+%{ endif ~}
+
+# Consensus client groups
+
+%{ for cl in ["lighthouse", "lodestar", "nimbus", "teku", "prysm", "grandine"] ~}
+[${cl}:children]
+%{ for gid, group in groups ~}
+%{ if split("-", gid)[0] == "${cl}" ~}
+${replace(gid, "-", "_")}
+%{ endif ~}
+%{ endfor ~}
+%{ if cl == "lighthouse" && contains(keys(groups), "mev-relay") ~}
+mev_relay
+%{ endif ~}
+%{ endfor ~}
+
+# Execution client groups
+
+%{ for el in ["besu", "ethereumjs", "geth", "nethermind", "erigon", "reth", "nimbusel", "ethrex"] ~}
+[${el}:children]
+%{ for gid, group in groups ~}
+%{ if split("-", gid)[0] != "bootnode" && split("-", gid)[0] != "mev" ~}
+%{ if length(split("-", gid)) >= 2 && split("-", gid)[1] == "${el}" ~}
+${replace(gid, "-", "_")}
+%{ endif ~}
+%{ endif ~}
+%{ endfor ~}
+%{ if el == "reth" && contains(keys(groups), "mev-relay") ~}
+mev_relay
+%{ endif ~}
+%{ endfor ~}
+
+# Global groups
+
+[consensus_node:children]
+%{ for x,y in merge( { for gid, group in groups : split("-", gid)[0] => true... if split("-", gid)[0] != "bootnode" && split("-", gid)[0] != "mev" } )   ~}
+${x}
+%{ endfor ~}
+
+[execution_node:children]
+%{ for x,y in merge( { for gid, group in groups : split("-", gid)[1] => true... if split("-", gid)[0] != "bootnode" && split("-", gid)[0] != "mev" && length(split("-", gid)) >= 2 } )   ~}
+${x}
+%{ endfor ~}
+
+[ethereum_node:children]
+consensus_node
+execution_node
+
+%{ if contains(keys(groups), "bootnode") ~}
+[dns_server:children]
+bootnode
+%{ endif ~}
+
+[mev_boost:children]
+consensus_node
+
+[arm]
+%{ for key, host in hosts ~}
+%{ if can(regex("arm", key)) ~}
+${host.hostname}
+%{ endif ~}
+%{ endfor ~}

terraform/devnet-4/cloudflare.tf

@@ -0,0 +1,60 @@
+
+////////////////////////////////////////////////////////////////////////////////////////
+//                                   DNS NAMES
+////////////////////////////////////////////////////////////////////////////////////////
+
+data "cloudflare_zone" "default" {
+  name = "ethpandaops.io"
+}
+
+locals {
+  # Combine bootnodes from both providers
+  bootnodes = merge(
+    {
+      for vm in local.digitalocean_vms : vm.id => {
+        name     = vm.name
+        has_ipv6 = vm.ipv6
+        ipv4     = digitalocean_droplet.main[vm.id].ipv4_address
+        ipv6     = try(digitalocean_droplet.main[vm.id].ipv6_address, null)
+      } if can(regex("bootnode", vm.name))
+    },
+    {
+      for vm in local.hcloud_vms : vm.id => {
+        name     = vm.name
+        has_ipv6 = vm.ipv6_enabled
+        ipv4     = hcloud_server.main[vm.id].ipv4_address
+        ipv6     = try(hcloud_server.main[vm.id].ipv6_address, null)
+      } if can(regex("bootnode", vm.name))
+    }
+  )
+}
+
+resource "cloudflare_record" "server_record_v4" {
+  for_each = local.bootnodes
+  zone_id  = data.cloudflare_zone.default.id
+  name     = "${each.value.name}.${var.ethereum_network}"
+  type     = "A"
+  value    = each.value.ipv4
+  proxied  = false
+  ttl      = 120
+}
+
+resource "cloudflare_record" "server_record_v6" {
+  for_each = { for k, v in local.bootnodes : k => v if v.has_ipv6 }
+  zone_id  = data.cloudflare_zone.default.id
+  name     = "${each.value.name}.${var.ethereum_network}"
+  type     = "AAAA"
+  value    = each.value.ipv6
+  proxied  = false
+  ttl      = 120
+}
+
+resource "cloudflare_record" "server_record_ns" {
+  for_each = local.bootnodes
+  zone_id  = data.cloudflare_zone.default.id
+  name     = "srv.${var.ethereum_network}"
+  type     = "NS"
+  value    = "${each.value.name}.${var.ethereum_network}.${data.cloudflare_zone.default.name}"
+  proxied  = false
+  ttl      = 120
+}