Merge pull request #30 from matter-labs/fix-snapshot-conf

feat: Bump default EN version, fix snapshot recovery config
dedup
2025-12-06 10:59:56 +00:00 · 2024-10-02 17:23:55 +02:00 · 2024-10-02 17:21:47 +02:00 · 2024-10-02 17:18:15 +02:00 · 2024-08-13 13:57:35 +02:00 · 2024-08-13 13:56:28 +02:00
3 changed files with 21 additions and 7 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -11,7 +11,7 @@ docker_compose_version: "v2.23.0"
 # Versions of External Node and 3rd party components
 traefik_version: 2.11
 postgres_version: 14
-external_node_version: 24.16.0
+external_node_version: 24.26.0
 external_node_raw_docker_tag: ""
 vmagent_version: 1.100.1
 cadvisor_version: 0.47.2
--- a/tasks/firewall.yml
+++ b/tasks/firewall.yml
@ -49,6 +49,14 @@
    source: "{{ loadbalancer_ip | mandatory }}"
    jump: ACCEPT

+- name: Allow consensus port traffic from any IP
+  when: enable_consensus
+  ansible.builtin.iptables:
+    chain: INPUT
+    protocol: tcp
+    destination_port: "{{ consensus_port }}"
+    jump: ACCEPT
+
 - name: Set default policy to DROP
  ansible.builtin.iptables:
    chain: INPUT
--- a/templates/docker-compose.yaml.j2
+++ b/templates/docker-compose.yaml.j2
@ -8,10 +8,13 @@ services:
      - "--log.level=INFO"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
-      - "--entrypoints.web.address=:80"
-      - "--entrypoints.external_node_health.address=:3080"
+      - "--entryPoints.web.address=:80"
+      - "--entryPoints.external_node_health.address=:3080"
+{% if enable_consensus %}
+      - "--entryPoints.external_node_consensus.address=:{{ consensus_port }}"
+{% endif %}
 {% if enable_tls %}
-      - "--entrypoints.websecure.address=:443"
+      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.en_resolver.acme.tlschallenge=true"
      - "--certificatesresolvers.en_resolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.email={{ acme_email }}"
@ -76,6 +79,12 @@ services:
 {% if enable_basic_auth %}
      - "traefik.http.routers.external_node_main.middlewares=external_node_auth"
      - "traefik.http.middlewares.external_node_auth.basicauth.users={{ basic_auth_secret }}"
+{% endif %}
+{% if enable_consensus %}
+      - "traefik.tcp.services.external_node_consensus.loadbalancer.server.port={{ consensus_port }}"
+      - "traefik.tcp.routers.external_node_consensus.rule=HostSNI(`*`)"
+      - "traefik.tcp.routers.external_node_consensus.entrypoints=external_node_consensus"
+      - "traefik.tcp.routers.external_node_consensus.service=external_node_consensus"
 {% endif %}
    expose:
      - {{ rpc_http_port }}
@ -118,9 +127,6 @@ services:
      - "external_node.env"
      - "postgres.env"
    command:
-{% if enable_snapshots_recovery %}
-      - --enable-snapshots-recovery
-{% endif %}
 {% if enable_consensus %}
      - --enable-consensus
    secrets:
Author	SHA1	Message	Date
Igor Borodin	dde435ca95	Merge pull request #30 from matter-labs/fix-snapshot-conf feat: Bump default EN version, fix snapshot recovery config	2024-10-02 17:23:55 +02:00
hatemosphere	8d085aa960	dedup	2024-10-02 17:21:47 +02:00
hatemosphere	b85a7d5c65	feat: Bump default EN version, fix snapshot recovery config	2024-10-02 17:18:15 +02:00
Yury Akudovich	6a3c8cb263	Merge pull request #28 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner5 fix: Route all consensus traffic to the docker port.	2024-08-13 13:57:35 +02:00
Yury Akudovich	ed4feb99bc	fix: Route all consensus traffic to the docker port.	2024-08-13 13:56:28 +02:00
Yury Akudovich	605525c7ba	Merge pull request #27 from matter-labs/ya-zkd-1817-upgrade-external-nodes-on-hetzner4 feat: Add traefik configuration for consensus TCP port, open it in firewall	2024-08-13 13:36:58 +02:00
Yury Akudovich	5bdeb0fcfa	feat: Add traefik configuration for consensus TCP port, open it in firewall	2024-08-13 13:32:10 +02:00