jleony/ansible-en-role
1
0
Fork 1
mirror of https://github.com/matter-labs/ansible-en-role.git synced 2025-12-06 10:59:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: jleony:v3.3.0
Branches Tags
jleony:main jleony:fix-lint-jobs
jleony:v4.1.0 jleony:v4.0.0 jleony:v3.15.0 jleony:v3.14.0 jleony:v3.13.0 jleony:v3.12.0 jleony:v3.11.0 jleony:v3.10.2 jleony:v3.10.1 jleony:v3.10.0 jleony:v3.9.0 jleony:v3.8.1 jleony:v3.8.0 jleony:v3.7.2 jleony:v3.7.1 jleony:v3.7.0 jleony:v3.6.1 jleony:v3.6.0 jleony:v3.5.0 jleony:v3.4.1 jleony:v3.4.0 jleony:v3.3.1 jleony:v3.3.0 jleony:v3.2.0 jleony:v3.1.0 jleony:v3.0.0 jleony:v2.1.0 jleony:v2.0.0 jleony:v1.1.0 jleony:v1.0.0
..
compare: jleony:v3.8.0
Branches Tags
jleony:main jleony:fix-lint-jobs
jleony:v4.1.0 jleony:v4.0.0 jleony:v3.15.0 jleony:v3.14.0 jleony:v3.13.0 jleony:v3.12.0 jleony:v3.11.0 jleony:v3.10.2 jleony:v3.10.1 jleony:v3.10.0 jleony:v3.9.0 jleony:v3.8.1 jleony:v3.8.0 jleony:v3.7.2 jleony:v3.7.1 jleony:v3.7.0 jleony:v3.6.1 jleony:v3.6.0 jleony:v3.5.0 jleony:v3.4.1 jleony:v3.4.0 jleony:v3.3.1 jleony:v3.3.0 jleony:v3.2.0 jleony:v3.1.0 jleony:v3.0.0 jleony:v2.1.0 jleony:v2.0.0 jleony:v1.1.0 jleony:v1.0.0

29 Commits
v3.3.0 ... v3.8.0

Author SHA1 Message Date
Yury Akudovich
605525c7ba Merge pull request #27 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner4 
feat: Add traefik configuration for consensus TCP port, open it in firewall
 2024-08-13 13:36:58 +02:00
Yury Akudovich
5bdeb0fcfa feat: Add traefik configuration for consensus TCP port, open it in 
firewall
 2024-08-13 13:32:10 +02:00
Yury Akudovich
bf186104d4 Merge pull request #26 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner3 
fix: Correct path and file names for consensus
 2024-08-12 17:33:38 +02:00
Yury Akudovich
493e5ceffc fix: Correct path and file names for consensus 2024-08-12 17:31:25 +02:00
Yury Akudovich
7a77daacf3 Merge pull request #25 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner2 
fix: Correct task names
 2024-08-12 17:10:16 +02:00
Yury Akudovich
8290a1cd9b Yaml lint 2024-08-12 15:32:48 +02:00
Yury Akudovich
191ebeced5 fix: Correct task names 2024-08-12 14:55:50 +02:00
Yury Akudovich
0cdbf98bf1 Merge pull request #24 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner 
feat: Add consensus support
 2024-08-12 14:30:47 +02:00
Yury Akudovich
ce94f307e7 Secure file permissions 2024-08-12 14:22:26 +02:00
Yury Akudovich
9a8b0af6c3 feat: Add consensus support 2024-08-12 14:18:32 +02:00
Igor Borodin
7500e2b2da Merge pull request #23 from cooganb/fix-sepolia-pgs-url 
chore: Provides updated URL for sepolia testnet dump access
 2024-07-04 15:01:50 +02:00
cooganb
ace0df965b Provides updated URL for sepolia testnet dump access 2024-07-03 14:01:29 -04:00
Igor Borodin
e8d79755da Merge pull request #22 from matter-labs/betterdetach 
fix: Better handle detached docker command
 2024-06-05 14:40:15 +02:00
artmakh
160f497294 fix: Better handle detached docker command 2024-06-05 18:52:59 +07:00
Artem Makhortov
cdf5deb718 Merge pull request #21 from matter-labs/upgradeto24.6.0 
feat: update external node version to 24.6.0
 2024-06-05 17:01:49 +07:00
artmakh
cbf199a152 feat: update external node version to 24.6.0 2024-06-05 16:57:40 +07:00
Igor Borodin
c8a8c1b76c Merge pull request #19 from matter-labs/update_en_version 
feat: update external node version to 24.0.0
 2024-05-06 12:43:39 +02:00
otani
7fcf8ab7b6 feat: update external node version 2024-05-06 13:41:45 +03:00
Yury Akudovich
2c04aabc1a Merge pull request #18 from matter-labs/ya-fix-traefik 
fix: Change traefik vmagent config to ip
 2024-04-19 12:03:58 +02:00
Yury Akudovich
875c50be71 fix: Move traefik to ip 2024-04-19 12:01:55 +02:00
Yury Akudovich
135adfdeb6 Merge pull request #17 from matter-labs/ya-bump 
feat: Bump external_node and vmagent versions
 2024-04-19 10:51:51 +02:00
Yury Akudovich
0ed6245a1d feat: Bump external_node and vmagent versions 2024-04-19 10:24:43 +02:00
Artem Makhortov
a240fac3ec Merge pull request #16 from matter-labs/fix-testnet-snapshot-bucket 
chore(docs): Fix and de-uglify links to EN snapshots
 2024-04-18 20:12:47 +07:00
hatemosphere
eed88e8b72 chore(docs): Fix and reformat links to snapshots 2024-04-18 15:10:17 +02:00
Igor Borodin
47edb8a161 Merge pull request #15 from matter-labs/snapshot-docs-fix 
chore(docs): Minor fixes
 2024-04-17 15:19:25 +02:00
Igor Borodin
d5c66009cb Merge branch 'main' into snapshot-docs-fix 2024-04-17 15:14:56 +02:00
hatemosphere
437b174a25 chore(docs): Minor fixes 2024-04-17 15:11:59 +02:00
Aleksandr Stepanov
842af18f5c Merge pull request #14 from matter-labs/fix-unset-var 
fix: Fixed unset variable external_node_raw_docker_tag
 2024-04-02 18:23:01 +03:00
Oleksandr Stepanov
7f2102550b fix: Fixed unset variable external_node_raw_docker_tag 2024-04-02 18:21:27 +03:00
8 changed files with 91 additions and 18 deletions
Expand all files Collapse all files

12
README.md
View File

@ -100,8 +100,7 @@ Basic auth secret can be generated by `htpasswd` and `sed` for interpolation:
Skip this step if you are recovering from a snapshot! Skip this step if you are recovering from a snapshot!
* [Era Mainnet latest dump](https://storage.googleapis.com/zksync-era-mainnet-external-node-backups/external_node_latest.pgdump) * [Era Mainnet latest dump](https://storage.googleapis.com/zksync-era-mainnet-external-node-backups/external_node_latest.pgdump)
* [Era Sepolia Testnet latest dump](https://storage.googleapis.com/zksync-era-boojnet-external-node-snapshots/external_node_latest.pgdump) * [Era Sepolia Testnet latest dump](https://storage.googleapis.com/zksync-era-testnet-sepolia-external-node-backups/external_node_latest.pgdump)
* [Era Goerli Testnet latest dump](https://storage.googleapis.com/zksync-era-testnet-external-node-backups/external_node_latest.pgdump)
Downloaded dump file should be placed into `{{ storage_directory }}/pg_backups` directory (`/usr/src/en/pg_backups` by default) Downloaded dump file should be placed into `{{ storage_directory }}/pg_backups` directory (`/usr/src/en/pg_backups` by default)
@ -124,13 +123,18 @@ vm_auth_password
## Snapshots Recovery ## Snapshots Recovery
example config enabling recovery from a snapshot Example config enabling recovery from a snapshot:
```yaml ```yaml
- enable_snapshots_recovery: true - enable_snapshots_recovery: true
- snapshots_bucket_base_url: "zksync-era-mainnet-external-node-snapshots" - snapshots_bucket_base_url: "snapshots-bucket-name"
``` ```
Snapshot buckets:
* Era Mainnet: `zksync-era-mainnet-external-node-snapshots`
* Era Sepolia Testnet: `zksync-era-boojnet-external-node-snapshots`
## Example Playbook ## Example Playbook
```yaml ```yaml

11
defaults/main.yml
View File

@ -11,8 +11,9 @@ docker_compose_version: "v2.23.0"
# Versions of External Node and 3rd party components # Versions of External Node and 3rd party components
traefik_version: 2.11 traefik_version: 2.11
postgres_version: 14 postgres_version: 14
external_node_version: 21.0.2 external_node_version: 24.16.0
vmagent_version: 1.95.1 external_node_raw_docker_tag: ""
vmagent_version: 1.100.1
cadvisor_version: 0.47.2 cadvisor_version: 0.47.2
postgres_exporter_version: 0.15.0 postgres_exporter_version: 0.15.0
@ -72,6 +73,12 @@ force_pg_restore: false
enable_snapshots_recovery: false enable_snapshots_recovery: false
snapshots_bucket_base_url: "" snapshots_bucket_base_url: ""
# https://github.com/matter-labs/zksync-era/blob/main/docs/guides/external-node/09_decentralization.md
enable_consensus: false
consensus_secrets_file: ""
consensus_port: 3054
consensus_outbound: []
# External Node and database options # External Node and database options
database_name: "" database_name: ""
database_username: "" database_username: ""

2
example_playbooks/mainnet_with_snapshots_recovery/requirements.yml
View File

@ -5,7 +5,7 @@ roles:
version: "7.1.0" version: "7.1.0"
- name: external_node - name: external_node
src: https://github.com/matter-labs/ansible-en-role src: https://github.com/matter-labs/ansible-en-role
version: "v3.0.0" version: "v3.3.0"
collections: collections:
- name: community.general - name: community.general

8
tasks/firewall.yml
View File

@ -49,6 +49,14 @@
source: "{{ loadbalancer_ip | mandatory }}" source: "{{ loadbalancer_ip | mandatory }}"
jump: ACCEPT jump: ACCEPT
- name: Allow consensus port traffic from any IP
when: enable_consensus
ansible.builtin.iptables:
chain: INPUT
protocol: tcp
destination_port: "{{ consensus_port }}"
jump: ACCEPT
- name: Set default policy to DROP - name: Set default policy to DROP
ansible.builtin.iptables: ansible.builtin.iptables:
chain: INPUT chain: INPUT

27
tasks/provision.yml
View File

@ -38,7 +38,7 @@
when: vars[item] == "" when: vars[item] == ""
with_items: "{{ en_required_variables }}" with_items: "{{ en_required_variables }}"
- name: Copy main configs - name: Create main configs
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
dest: '{{ item.dest }}' dest: '{{ item.dest }}'
@ -51,7 +51,7 @@
- src: "templates/postgres.env.j2" - src: "templates/postgres.env.j2"
dest: "{{ configuration_directory }}/postgres.env" dest: "{{ configuration_directory }}/postgres.env"
- name: Copy restore script - name: Create restore script
register: restore_dump_script register: restore_dump_script
ansible.builtin.template: ansible.builtin.template:
src: 'templates/restore_dump.sh.j2' src: 'templates/restore_dump.sh.j2'
@ -64,7 +64,7 @@
when: enable_monitoring and ( vars[item] == "" ) when: enable_monitoring and ( vars[item] == "" )
with_items: "{{ monitoring_required_variables }}" with_items: "{{ monitoring_required_variables }}"
- name: Copy monitoring configs - name: Create monitoring configs
when: enable_monitoring when: enable_monitoring
ansible.builtin.template: ansible.builtin.template:
src: '{{ item.src }}' src: '{{ item.src }}'
@ -76,23 +76,38 @@
- src: "templates/vmagent-config.yml.j2" - src: "templates/vmagent-config.yml.j2"
dest: "{{ configuration_directory }}/vmagent-config.yml" dest: "{{ configuration_directory }}/vmagent-config.yml"
- name: Create consensus config
when: enable_consensus
ansible.builtin.template:
src: "templates/consensus_config.yaml.j2"
dest: "{{ configuration_directory }}/consensus_config.yaml"
mode: '0644'
- name: Decrypt consensus_secrets
when: enable_consensus
ansible.builtin.copy:
src: "{{ consensus_secrets_file }}"
dest: "{{ configuration_directory }}/consensus_secrets.yaml"
decrypt: true
mode: '0600'
- name: Run docker-compose without monitoring - name: Run docker-compose without monitoring
when: not enable_monitoring when: not enable_monitoring
ansible.builtin.shell: ansible.builtin.shell:
cmd: nohup docker compose -f docker-compose.yaml up -d & cmd: nohup docker compose -f docker-compose.yaml up -d </dev/null >/dev/null 2>&1 &
chdir: "{{ configuration_directory }}" chdir: "{{ configuration_directory }}"
changed_when: false changed_when: false
- name: Run docker-compose with monitoring - name: Run docker-compose with monitoring
when: enable_monitoring and (not restore_dump_script.changed) when: enable_monitoring and (not restore_dump_script.changed)
ansible.builtin.shell: ansible.builtin.shell:
cmd: nohup docker compose -f monitoring.yaml -f docker-compose.yaml up -d & cmd: nohup docker compose -f monitoring.yaml -f docker-compose.yaml up -d </dev/null >/dev/null 2>&1 &
chdir: "{{ configuration_directory }}" chdir: "{{ configuration_directory }}"
changed_when: false changed_when: false
- name: Run docker-compose with monitoring with recreation - name: Run docker-compose with monitoring with recreation
when: enable_monitoring and restore_dump_script.changed when: enable_monitoring and restore_dump_script.changed
ansible.builtin.shell: ansible.builtin.shell:
cmd: nohup docker compose -f monitoring.yaml -f docker-compose.yaml up -d --force-recreate & cmd: nohup docker compose -f monitoring.yaml -f docker-compose.yaml up -d --force-recreate </dev/null >/dev/null 2>&1 &
chdir: "{{ configuration_directory }}" chdir: "{{ configuration_directory }}"
changed_when: false changed_when: false

9
templates/consensus_config.yaml.j2 Normal file
View File

@ -0,0 +1,9 @@
server_addr: '0.0.0.0:3054'
public_addr: '{{ ansible_default_ipv4.address }}:{{ consensus_port }}'
max_payload_size: 5000000
gossip_dynamic_inbound_limit: 100
gossip_static_outbound:
{% for item in consensus_outbound %}
- key: {{ item.key }}
addr: {{ item.addr }}
{% endfor %}

37
templates/docker-compose.yaml.j2
View File

@ -8,10 +8,13 @@ services:
- "--log.level=INFO" - "--log.level=INFO"
- "--providers.docker=true" - "--providers.docker=true"
- "--providers.docker.exposedbydefault=false" - "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80" - "--entryPoints.web.address=:80"
- "--entrypoints.external_node_health.address=:3080" - "--entryPoints.external_node_health.address=:3080"
{% if enable_consensus %}
- "--entryPoints.external_node_consensus.address=:{{ consensus_port }}"
{% endif %}
{% if enable_tls %} {% if enable_tls %}
- "--entrypoints.websecure.address=:443" - "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.en_resolver.acme.tlschallenge=true" - "--certificatesresolvers.en_resolver.acme.tlschallenge=true"
- "--certificatesresolvers.en_resolver.acme.storage=/letsencrypt/acme.json" - "--certificatesresolvers.en_resolver.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.myresolver.acme.email={{ acme_email }}" - "--certificatesresolvers.myresolver.acme.email={{ acme_email }}"
@ -76,12 +79,20 @@ services:
{% if enable_basic_auth %} {% if enable_basic_auth %}
- "traefik.http.routers.external_node_main.middlewares=external_node_auth" - "traefik.http.routers.external_node_main.middlewares=external_node_auth"
- "traefik.http.middlewares.external_node_auth.basicauth.users={{ basic_auth_secret }}" - "traefik.http.middlewares.external_node_auth.basicauth.users={{ basic_auth_secret }}"
{% endif %}
{% if enable_consensus %}
- "traefik.tcp.services.external_node_consensus.loadbalancer.server.port={{ consensus_port }}"
- "traefik.tcp.routers.external_node_consensus.entrypoints=external_node_consensus"
- "traefik.tcp.routers.external_node_consensus.service=external_node_consensus"
{% endif %} {% endif %}
expose: expose:
- {{ rpc_http_port }} - {{ rpc_http_port }}
- {{ rpc_ws_port }} - {{ rpc_ws_port }}
- {{ healthcheck_port }} - {{ healthcheck_port }}
- {{ metrics_port }} - {{ metrics_port }}
{% if enable_consensus %}
- {{ consensus_port }}
{% endif %}
environment: environment:
ZKSYNC_HOME: "/" ZKSYNC_HOME: "/"
EN_STATE_CACHE_PATH: /db/state_keeper EN_STATE_CACHE_PATH: /db/state_keeper
@ -96,6 +107,10 @@ services:
EN_MAX_BLOCKS_PER_TREE_BATCH: 200 EN_MAX_BLOCKS_PER_TREE_BATCH: 200
MISC_LOG_FORMAT: json MISC_LOG_FORMAT: json
RUST_LOG: {{ rust_log }} RUST_LOG: {{ rust_log }}
{% if enable_consensus %}
EN_CONSENSUS_CONFIG_PATH: /etc/consensus_config.yaml
EN_CONSENSUS_SECRETS_PATH: /run/secrets/consensus_secrets
{% endif %}
healthcheck: healthcheck:
test: [ "CMD", "curl", "-f", "http://localhost:{{ healthcheck_port }}/health" ] test: [ "CMD", "curl", "-f", "http://localhost:{{ healthcheck_port }}/health" ]
interval: 1m interval: 1m
@ -104,10 +119,24 @@ services:
start_period: 1m start_period: 1m
volumes: volumes:
- "{{ storage_directory }}/db:/db" - "{{ storage_directory }}/db:/db"
{% if enable_consensus %}
- "{{ configuration_directory }}/consensus_config.yaml:/etc/consensus_config.yaml"
{% endif %}
env_file: env_file:
- "external_node.env" - "external_node.env"
- "postgres.env" - "postgres.env"
{% if enable_snapshots_recovery %}
command: command:
{% if enable_snapshots_recovery %}
- --enable-snapshots-recovery - --enable-snapshots-recovery
{% endif %} {% endif %}
{% if enable_consensus %}
- --enable-consensus
secrets:
- consensus_secrets
{% endif %}
{% if enable_consensus %}
secrets:
consensus_secrets:
file: consensus_secrets.yaml
{% endif %}

3
templates/vmagent-config.yml.j2
View File

@ -33,7 +33,8 @@ scrape_configs:
- job_name: traefik - job_name: traefik
static_configs: static_configs:
- targets: - targets:
- "traefik:8080" # traefik uses network host, so docker DNS wouldn't work.
- "127.0.0.1:8080"
relabel_configs: relabel_configs:
- source_labels: [instance] - source_labels: [instance]
target_label: instance target_label: instance