Merge pull request #28 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner5

fix: Route all consensus traffic to the docker port.
2025-12-06 10:59:56 +00:00 · 2024-08-13 13:57:35 +02:00 · 2024-08-13 13:56:28 +02:00 · 2024-08-13 13:36:58 +02:00 · 2024-08-13 13:32:10 +02:00 · 2024-08-12 17:33:38 +02:00
3 changed files with 27 additions and 10 deletions
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@ -49,6 +49,14 @@
    source: "{{ loadbalancer_ip | mandatory }}"
    jump: ACCEPT
 - name: Allow consensus port traffic from any IP
  when: enable_consensus
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    destination_port: "{{ consensus_port }}"
    jump: ACCEPT
 - name: Set default policy to DROP
  ansible.builtin.iptables:
    chain: INPUT
--- a/tasks/provision.yml
+++ b/tasks/provision.yml
@ -38,7 +38,7 @@
  when: vars[item] == ""
  with_items: "{{ en_required_variables }}"
- name: Copy main configs
+- name: Create main configs
  ansible.builtin.template:
    src: '{{ item.src }}'
    dest: '{{ item.dest }}'
@ -51,7 +51,7 @@
    - src: "templates/postgres.env.j2"
      dest: "{{ configuration_directory }}/postgres.env"
- name: Copy restore script
+- name: Create restore script
  register: restore_dump_script
  ansible.builtin.template:
    src: 'templates/restore_dump.sh.j2'
@ -64,7 +64,7 @@
  when: enable_monitoring and ( vars[item] == "" )
  with_items: "{{ monitoring_required_variables }}"
- name: Copy monitoring configs
+- name: Create monitoring configs
  when: enable_monitoring
  ansible.builtin.template:
    src: '{{ item.src }}'
@ -76,7 +76,7 @@
    - src: "templates/vmagent-config.yml.j2"
      dest: "{{ configuration_directory }}/vmagent-config.yml"
- name: Copy main configs
+- name: Create consensus config
  when: enable_consensus
  ansible.builtin.template:
    src: "templates/consensus_config.yaml.j2"
@ -88,7 +88,7 @@
  ansible.builtin.copy:
    src: "{{ consensus_secrets_file }}"
    dest: "{{ configuration_directory }}/consensus_secrets.yaml"
-    decrypt: yes
+    decrypt: true
    mode: '0600'
 - name: Run docker-compose without monitoring
--- a/templates/docker-compose.yaml.j2
+++ b/templates/docker-compose.yaml.j2
@ -8,10 +8,13 @@ services:
      - "--log.level=INFO"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
-      - "--entrypoints.web.address=:80"
+      - "--entryPoints.web.address=:80"
-      - "--entrypoints.external_node_health.address=:3080"
+      - "--entryPoints.external_node_health.address=:3080"
 {% if enable_consensus %}
      - "--entryPoints.external_node_consensus.address=:{{ consensus_port }}"
 {% endif %}
 {% if enable_tls %}
-      - "--entrypoints.websecure.address=:443"
+      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.en_resolver.acme.tlschallenge=true"
      - "--certificatesresolvers.en_resolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.email={{ acme_email }}"
@ -76,6 +79,12 @@ services:
 {% if enable_basic_auth %}
      - "traefik.http.routers.external_node_main.middlewares=external_node_auth"
      - "traefik.http.middlewares.external_node_auth.basicauth.users={{ basic_auth_secret }}"
 {% endif %}
 {% if enable_consensus %}
      - "traefik.tcp.services.external_node_consensus.loadbalancer.server.port={{ consensus_port }}"
      - "traefik.tcp.routers.external_node_consensus.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.external_node_consensus.entrypoints=external_node_consensus"
      - "traefik.tcp.routers.external_node_consensus.service=external_node_consensus"
 {% endif %}
    expose:
      - {{ rpc_http_port }}
@ -101,7 +110,7 @@ services:
      RUST_LOG: {{ rust_log }}
 {% if enable_consensus %}
      EN_CONSENSUS_CONFIG_PATH: /etc/consensus_config.yaml
-      EN_CONSENSUS_SECRETS_PATH: /run/secrets/consensus_secrets.yaml
+      EN_CONSENSUS_SECRETS_PATH: /run/secrets/consensus_secrets
 {% endif %}
    healthcheck:
      test: [ "CMD", "curl", "-f", "http://localhost:{{ healthcheck_port }}/health" ]
@ -112,7 +121,7 @@ services:
    volumes:
      - "{{ storage_directory }}/db:/db"
 {% if enable_consensus %}
-      - "consensus_config.yaml:/etc/consensus_config.yaml"
+      - "{{ configuration_directory }}/consensus_config.yaml:/etc/consensus_config.yaml"
 {% endif %}
    env_file:
      - "external_node.env"
Author	SHA1	Message	Date
Yury Akudovich	6a3c8cb263	Merge pull request #28 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner5 fix: Route all consensus traffic to the docker port.	2024-08-13 13:57:35 +02:00
Yury Akudovich	ed4feb99bc	fix: Route all consensus traffic to the docker port.	2024-08-13 13:56:28 +02:00
Yury Akudovich	605525c7ba	Merge pull request #27 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner4 feat: Add traefik configuration for consensus TCP port, open it in firewall	2024-08-13 13:36:58 +02:00
Yury Akudovich	5bdeb0fcfa	feat: Add traefik configuration for consensus TCP port, open it in firewall	2024-08-13 13:32:10 +02:00
Yury Akudovich	bf186104d4	Merge pull request #26 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner3 fix: Correct path and file names for consensus	2024-08-12 17:33:38 +02:00
Yury Akudovich	493e5ceffc	fix: Correct path and file names for consensus	2024-08-12 17:31:25 +02:00
Yury Akudovich	7a77daacf3	Merge pull request #25 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner2 fix: Correct task names	2024-08-12 17:10:16 +02:00
Yury Akudovich	8290a1cd9b	Yaml lint	2024-08-12 15:32:48 +02:00
Yury Akudovich	191ebeced5	fix: Correct task names	2024-08-12 14:55:50 +02:00