-
Notifications
You must be signed in to change notification settings - Fork 5
/
nimbus.mainnet.yml
172 lines (156 loc) · 7.46 KB
/
nimbus.mainnet.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
---
# Beacon nodes are held on /data so we can't bind it.
bootstrap__extra_volume_path: '/docker'
bootstrap__extra_volume_bind_path: null
# SWAP
swap_file_size_mb: 2048
# Go-Ethereum
geth_service_name: 'geth-{{ geth_network_name }}'
geth_service_path: '/docker/{{ geth_service_name }}'
geth_network_name: 'mainnet'
geth_cont_name: '{{ geth_service_name }}-node'
geth_cont_vol: '{{ geth_service_path }}/node'
geth_sync_mode: 'snap'
geth_log_level_name: 'info'
geth_account_pass: '{{lookup("bitwarden", "nimbus/geth", field="password")}}'
geth_authrpc_jwtsecret: '{{lookup("bitwarden", "nimbus/jwt-token")}}'
# Memory settings¬
geth_cont_mem_ratio: 0.15
geth_cache_size: '{{ (ansible_memtotal_mb * 0.05|float) | int }}'
# Ports
geth_port: 30303
geth_rpc_addr: '0.0.0.0'
geth_rpc_port: 8545
geth_authrpc_addr: '127.0.0.1'
geth_authrpc_port: 8551
# Geth metrics¬
geth_expo_service_name: '{{ geth_service_name }}'
geth_expo_source_cont_name: '{{ geth_cont_name }}'
geth_expo_source_data_path: '{{ geth_cont_vol }}/data'
geth_expo_cont_port: 9400
# Nimbus Beacon Node
beacon_node_network: 'mainnet'
beacon_node_repo_branch: '{{ node_name_to_branch_map.get(node.branch, node.branch) }}'
# We map short names to branches to avoid too long service names.
node_name_to_branch_map:
libp2p: 'nim-libp2p-auto-bump-unstable'
# TODO Drop this once all nodes have an number.
service_number: '{{ node.get("num", False) | ternary(("-%02d"|format(node.get("num", 0))), "") }}'
beacon_node_service_name: 'beacon-node-{{ beacon_node_network }}-{{ node.branch | mandatory }}{{ service_number }}'
beacon_node_service_path: '/data/{{ beacon_node_service_name }}'
beacon_node_era_dir_path: '{{ nimbus_era_files_timer_path }}'
# Ports
beacon_node_discovery_port: '{{ 9000 + idx }}'
beacon_node_listening_port: '{{ 9000 + idx }}'
beacon_node_metrics_port: '{{ 9200 + idx }}'
beacon_node_rest_port: '{{ beacon_node_rest_port_base + idx }}'
beacon_node_rest_port_base: 9300
beacon_node_rest_address: '0.0.0.0'
beacon_node_max_peers: '{{ node.get("max_peers", 320) }}'
# Firewall
beacon_node_firewall_libp2p_open: '{{ node.get("open_libp2p_ports", true) }}'
# Builds
beacon_node_build_frequency: '*-*-* {{ 12 + idx }}:00:00'
# Tuning
beacon_node_cores_per_node: '{{ (ansible_processor_vcpus / nodes_layout[hostname]|length) | round(0, "ceil") | int }}'
beacon_node_threads: '{{ (node.branch == "libp2p") | ternary(1, beacon_node_cores_per_node) }}'
# FIXME: Temporary test to debug REST API timeout issues.
# https://github.com/status-im/nimbus-eth2/issues/5838
#beacon_node_rest_allow_origin: '{{ "*" if node.get("public_api") else "" }}'
beacon_node_history_retention: '{{ "archive" if node.get("public_api") else node.get("history", "prune") }}'
# Monitoring
beacon_node_validator_monitor_auto: true
beacon_node_validator_monitor_details: '{{ node.public_api is not defined or not node.public_api }}'
# Mainnet validators run on a separate fleet.
beacon_node_dist_validators_enabled: false
# Bootnodes should subscribe to all subnets
beacon_node_subscribe_all: true
beacon_node_extra_flags: '{{ node.extra_flags if node.extra_flags is defined else [] }}'
# Light client data
beacon_node_light_client_data_enabled: '{{ (node.public_api is defined and node.public_api) }}'
beacon_node_light_client_data_serve: true
beacon_node_light_client_data_import_mode: 'full'
# Execution layer Enginer API
beacon_node_exec_layer_jwt_secret: '{{ geth_authrpc_jwtsecret }}'
beacon_node_exec_layer_urls_local_geth: ['http://localhost:{{ geth_authrpc_port|string }}']
beacon_node_exec_layer_urls_all: '{{ beacon_node_exec_layer_urls_discovered_geth + beacon_node_exec_layer_urls_local_geth }}'
beacon_node_exec_layer_urls_auto: |-
{{ (data_center in ["he-eu-hel1", "ih-eu-mda1"])
| ternary(
beacon_node_exec_layer_urls_local_geth,
beacon_node_exec_layer_urls_discovered_geth
) }}
beacon_node_exec_layer_urls: |-
{{ beacon_node_exec_layer_urls_all if inventory_hostname_short == "linux-01"
else (idx % 2 == 0) | ternary(beacon_node_exec_layer_urls_all, []) }}
# Reduce Consul alerts sensitivity
beacon_node_consul_success_before_passing: 5
beacon_node_consul_failures_before_warning: 10
beacon_node_consul_failures_before_critical: 20
# Periodic resync to save space
beacon_node_resync_enabled: true
beacon_node_resync_timer_enabled: '{{ (idx % 2 == 1) and not node.get("public_api") }}'
beacon_node_resync_timer_frequency: 'monthly'
beacon_node_resync_timer_random_delay_sec: 604800 # 7 days
beacon_node_resync_timer_trusted_api_url: >-
{{ "http://stable-small-01.aws-eu-central-1a.nimbus.mainnet.wg:9300"
if idx == 0 else "http://localhost:"+(beacon_node_rest_port_base|string) }}
# ERA files geneartion.
nimbus_era_files_timer_enabled: '{{ (nodes_layout[hostname]|length) > 1 }}'
nimbus_era_files_timer_path: '/data/era'
nimbus_era_files_network: '{{ beacon_node_network }}'
# FIXME: Not pretty, since hardcoded, but the simplest way to do it right now.
nimbus_era_files_db_path: '/data/beacon-node-{{ beacon_node_network }}-stable-01/data/db'
nimbus_era_files_nclidb_path: '/data/beacon-node-{{ beacon_node_network }}-stable-01/repo/build/ncli_db'
# Open Ports
open_ports_default_comment: 'Nimbus REST API'
open_ports_default_chain: 'VPN'
open_ports_list:
- { port: '9300:9310', ipset: '{{ env }}.{{ stage }}' }
- { port: '9400', ipset: 'metrics.hq', comment: 'Geth Exporter' }
- { port: '{{ smart_metrics_listen_port }}', ipset: 'metrics.hq', comment: 'SMART Metrics' }
- { port: '{{ geth_authrpc_port }}', ipset: 'nimbus.mainnet', comment: 'Geth RPC' }
# Split by hostname for more central location
nodes_layout:
# AWS --------------------------------------------------------------
'stable-small-01.aws-eu-central-1a.nimbus.mainnet':
- { branch: 'stable', history: 'archive' }
'stable-small-02.aws-eu-central-1a.nimbus.mainnet':
- { branch: 'stable', history: 'archive' }
# Innova Hosting ---------------------------------------------------
'linux-01.ih-eu-mda1.nimbus.mainnet': # Frankenstein host, all nodes use one Geth.
- { branch: 'stable', num: 1 }
- { branch: 'testing', num: 1, open_libp2p_ports: false }
- { branch: 'unstable', num: 1, public_api: true }
- { branch: 'unstable', num: 2 }
'linux-02.ih-eu-mda1.nimbus.mainnet':
- { branch: 'stable', num: 1 }
- { branch: 'testing', num: 1, public_api: true }
- { branch: 'unstable', num: 1, open_libp2p_ports: false }
- { branch: 'unstable', num: 2 }
'linux-03.ih-eu-mda1.nimbus.mainnet':
- { branch: 'stable', num: 1, max_peers: 10000 }
- { branch: 'testing', num: 1 }
- { branch: 'unstable', num: 1 }
- { branch: 'unstable', num: 2 }
'linux-04.ih-eu-mda1.nimbus.mainnet':
- { branch: 'stable', num: 1 }
- { branch: 'testing', num: 1 }
- { branch: 'unstable', num: 1 }
- { branch: 'unstable', num: 2 }
'linux-05.ih-eu-mda1.nimbus.mainnet':
- { branch: 'stable', num: 1 }
- { branch: 'testing', num: 1 }
- { branch: 'unstable', num: 1 }
- { branch: 'unstable', num: 2 }
'linux-06.ih-eu-mda1.nimbus.mainnet':
- { branch: 'stable', num: 1 }
- { branch: 'testing', num: 1 }
- { branch: 'unstable', num: 1 }
- { branch: 'unstable', num: 2 }
'linux-07.ih-eu-mda1.nimbus.mainnet':
- { branch: 'stable', num: 1 }
- { branch: 'libp2p', num: 1 }
- { branch: 'libp2p', num: 2 }
- { branch: 'libp2p', num: 3, extra_flags: ['--enable-yamux=true'] }
- { branch: 'libp2p', num: 4, extra_flags: ['--enable-yamux=true'] }