From 9a8b0af6c38c22cf9361bf494dbde4098bb349eb Mon Sep 17 00:00:00 2001 From: Yury Akudovich Date: Mon, 12 Aug 2024 14:18:32 +0200 Subject: [PATCH 1/2] feat: Add consensus support --- defaults/main.yml | 8 +++++++- tasks/provision.yml | 14 ++++++++++++++ templates/consensus_config.yaml.j2 | 9 +++++++++ templates/docker-compose.yaml.j2 | 23 ++++++++++++++++++++++- 4 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 templates/consensus_config.yaml.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 36b118b..a6a8603 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -11,7 +11,7 @@ docker_compose_version: "v2.23.0" # Versions of External Node and 3rd party components traefik_version: 2.11 postgres_version: 14 -external_node_version: 24.6.0 +external_node_version: 24.16.0 external_node_raw_docker_tag: "" vmagent_version: 1.100.1 cadvisor_version: 0.47.2 @@ -73,6 +73,12 @@ force_pg_restore: false enable_snapshots_recovery: false snapshots_bucket_base_url: "" +# https://github.com/matter-labs/zksync-era/blob/main/docs/guides/external-node/09_decentralization.md +enable_consensus: false +consensus_secrets_file: "" +consensus_port: 3054 +consensus_outbound: [] + # External Node and database options database_name: "" database_username: "" diff --git a/tasks/provision.yml b/tasks/provision.yml index cbeca23..8602c3c 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -76,6 +76,20 @@ - src: "templates/vmagent-config.yml.j2" dest: "{{ configuration_directory }}/vmagent-config.yml" +- name: Copy main configs + when: enable_consensus + ansible.builtin.template: + src: "templates/consensus_config.yaml.j2" + dest: "{{ configuration_directory }}/consensus_config.yaml" + mode: '0644' + +- name: Decrypt consensus_secrets + when: enable_consensus + ansible.builtin.copy: + src: "{{ consensus_secrets_file }}" + dest: "{{ configuration_directory }}/consensus_secrets.yaml" + decrypt: yes + - name: Run docker-compose without monitoring when: not enable_monitoring ansible.builtin.shell: diff --git a/templates/consensus_config.yaml.j2 b/templates/consensus_config.yaml.j2 new file mode 100644 index 0000000..39f0f76 --- /dev/null +++ b/templates/consensus_config.yaml.j2 @@ -0,0 +1,9 @@ +server_addr: '0.0.0.0:3054' +public_addr: '{{ ansible_default_ipv4.address }}:{{ consensus_port }}' +max_payload_size: 5000000 +gossip_dynamic_inbound_limit: 100 +gossip_static_outbound: +{% for item in consensus_outbound %} + - key: {{ item.key }} + addr: {{ item.addr }} +{% endfor %} diff --git a/templates/docker-compose.yaml.j2 b/templates/docker-compose.yaml.j2 index cdcb46b..df240fa 100644 --- a/templates/docker-compose.yaml.j2 +++ b/templates/docker-compose.yaml.j2 @@ -82,6 +82,9 @@ services: - {{ rpc_ws_port }} - {{ healthcheck_port }} - {{ metrics_port }} +{% if enable_consensus %} + - {{ consensus_port }} +{% endif %} environment: ZKSYNC_HOME: "/" EN_STATE_CACHE_PATH: /db/state_keeper @@ -96,6 +99,10 @@ services: EN_MAX_BLOCKS_PER_TREE_BATCH: 200 MISC_LOG_FORMAT: json RUST_LOG: {{ rust_log }} +{% if enable_consensus %} + EN_CONSENSUS_CONFIG_PATH: /etc/consensus_config.yaml + EN_CONSENSUS_SECRETS_PATH: /run/secrets/consensus_secrets.yaml +{% endif %} healthcheck: test: [ "CMD", "curl", "-f", "http://localhost:{{ healthcheck_port }}/health" ] interval: 1m @@ -104,10 +111,24 @@ services: start_period: 1m volumes: - "{{ storage_directory }}/db:/db" +{% if enable_consensus %} + - "consensus_config.yaml:/etc/consensus_config.yaml" +{% endif %} env_file: - "external_node.env" - "postgres.env" -{% if enable_snapshots_recovery %} command: +{% if enable_snapshots_recovery %} - --enable-snapshots-recovery {% endif %} +{% if enable_consensus %} + - --enable-consensus + secrets: + - consensus_secrets +{% endif %} + +{% if enable_consensus %} +secrets: + consensus_secrets: + file: consensus_secrets.yaml +{% endif %} From ce94f307e725963d37311b446a49faaae90ef016 Mon Sep 17 00:00:00 2001 From: Yury Akudovich Date: Mon, 12 Aug 2024 14:22:26 +0200 Subject: [PATCH 2/2] Secure file permissions --- tasks/provision.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/provision.yml b/tasks/provision.yml index 8602c3c..ee935ea 100644 --- a/tasks/provision.yml +++ b/tasks/provision.yml @@ -89,6 +89,7 @@ src: "{{ consensus_secrets_file }}" dest: "{{ configuration_directory }}/consensus_secrets.yaml" decrypt: yes + mode: '0600' - name: Run docker-compose without monitoring when: not enable_monitoring