From 258bf53d0e008ab6a0eb4c7fe82bf054f0015bf4 Mon Sep 17 00:00:00 2001 From: Barnabas Busa Date: Mon, 14 Oct 2024 13:27:58 +0200 Subject: [PATCH] fix lint, update images and secrets and add kurtosis config --- .../devnet-3/group_vars/all/all.sops.yaml | 5 +- .../devnet-3/group_vars/all/images.yaml | 2 +- ansible/playbook.yaml | 7 +- kurtosis/peerdas-deneb.yaml | 165 ++++++++++++++++++ terraform/kubernetes/chaos-mesh.tf | 64 +++++++ terraform/kubernetes/digitalocean.tf | 23 +-- 6 files changed, 250 insertions(+), 16 deletions(-) create mode 100644 kurtosis/peerdas-deneb.yaml create mode 100644 terraform/kubernetes/chaos-mesh.tf diff --git a/ansible/inventories/devnet-3/group_vars/all/all.sops.yaml b/ansible/inventories/devnet-3/group_vars/all/all.sops.yaml index 872da24..9ff0e79 100644 --- a/ansible/inventories/devnet-3/group_vars/all/all.sops.yaml +++ b/ansible/inventories/devnet-3/group_vars/all/all.sops.yaml @@ -12,6 +12,7 @@ secret_nginx_shared_basic_auth: name: ENC[AES256_GCM,data:bjlM,iv:DiOGlqfOfrDlt7X4OGY27OYlkDDEHguv+kg1zRhBek0=,tag:ZPlucwl2PNXeXcOc8PmCBQ==,type:str] password: ENC[AES256_GCM,data:CeX1jyv0KDK151kGStjh,iv:aXD2auKPfUAHolr2ucFNPr95ZrtfD6ucwJhGeGTwUF8=,tag:wVfTl+zuf5IqynDdvxNRNQ==,type:str] secret_ethstats: ENC[AES256_GCM,data:HIwmSTRE8lJq903D0Vig1PldLPJ6QVh9ZQ==,iv:XQ3L/Jn+1qeF6Qqmizu4iUsJXKGvoLovNtxlns2FIoI=,tag:JM98o3sPU2ZIDOif+y6rlg==,type:str] +ethstats_secret: ENC[AES256_GCM,data:YNW29Wk4E1L7fHskODVgrQqC1ieyuO60uQ==,iv:z5BJf2JzGIYIu+3yvU/Qog1lgcXdOYcP/y7xpS3xT/A=,tag:/UQECE5Ho4p6VWOjTu1bvA==,type:str] secret_genesis_mnemonic: ENC[AES256_GCM,data:ZgfN0UKNL1/1LfDuurC7vT36tYtf5pIqdVH4KDmh8m2qJjaSjLZN7WHIRCLH0F+6EdTP/BnqwDrVEJInOL447JqqWRuAqPgaAOE0wP9c6WtTFCE7zQShTc1gmWskBDHAX8EEEqxLn0gBqQu+NGlqx/kcTsr5VcihG3dX6vuXAIH4VNMywkscPNX3HLaNhrJxMPdR3rUECe3VTZE7cHpdOBt89TZb,iv:hUwVngpfwfoQS47+XEOF1/KnPvkWulvp5fvBMHxYzkI=,tag:Dd8dvLDqbr+WwotFPic8bA==,type:str] secret_mev_signingkey: ENC[AES256_GCM,data:7xug6L4MXETqWb7cmZS6BpAxBercs4mnJEg1NKp+LwZjCWl5pPAlTbfZASwXVBMo24Xoqi9/FbjeJML6WtaJ2Q==,iv:UGcVz81+wBNdb4cmkg9t4tSamqOaBUfWk6glh/6jUA8=,tag:W5Y00+vamA2tq2tEpAEhQA==,type:str] secret_mev_flood_private_key: ENC[AES256_GCM,data:2vVJ+N0XLer202Dc5J2HVjTEW6XUa+LpmhS/mo2brt+qzabraTSaD7d4P5rVqbovW+W5Je5FdDr4s7rScyn/RA==,iv:1qNfUVqJ9eebRmA4Ly59KFR9WmaQ8eelSvNLJAWCJ10=,tag:knDhqt3zak1OEsHi2nQ3oA==,type:str] @@ -33,8 +34,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-10-08T09:18:35Z" - mac: ENC[AES256_GCM,data:vQBDUimAf9ZAh9kRui5SFXFiXRJ9a4kXn4djeOxEGTKzknvur87d3j1FkWu56X8ze3FJFmgv/eLUVx9wDhskyD23XJwNogMvaEyGVApEpVJDFapGPkWnDljte5mxZXgQQZANNmLvl9N6HblX0hYv9pmFg855WpPLnXBPF8qyOOc=,iv:OyY4j5RTuk/840ovpMrlgcwypkTXSSzZ6ZKpKj3h49I=,tag:Tv0K1jvvMkU9Shx9SaaQ0Q==,type:str] + lastmodified: "2024-10-10T08:17:10Z" + mac: ENC[AES256_GCM,data:nl1A9NluPjY/D5HeXTUlOKpwjD/GB33knbUebYgfOWWe3LMXyCJ93R6Ns6lVRw2OCihJKCEmmAa0a/dM9lgjfDWHiJRDQOb40oCRFgL9ryQTXv+igfuvotFp5BF/Bb4VZmnmh2KFGt77RmiaMTm14WrzEEaGSsQEy3ushIYKKhU=,iv:vXKIhpb7m1EUL/LOR7zloFX2Qyedl8LUUMHd1X0oEh8=,tag:E9YHmkf3MipH1OwXQONg2g==,type:str] pgp: - created_at: "2023-09-28T11:48:21Z" enc: |- diff --git a/ansible/inventories/devnet-3/group_vars/all/images.yaml b/ansible/inventories/devnet-3/group_vars/all/images.yaml index 8e8f831..48b6044 100644 --- a/ansible/inventories/devnet-3/group_vars/all/images.yaml +++ b/ansible/inventories/devnet-3/group_vars/all/images.yaml @@ -2,7 +2,7 @@ default_ethereum_client_images: ### Consensus layer clients lighthouse: ethpandaops/lighthouse:unstable-8cf686f lodestar: ethpandaops/lodestar:peerDAS-513bccc - nimbus: ethpandaops/nimbus-eth2:pdsync-1927366 + nimbus: ethpandaops/nimbus-eth2:pdsync-fc8f3e0 prysm: ethpandaops/prysm-beacon-chain:peerDAS-ae626d5 prysm_validator: ethpandaops/prysm-validator:peerDAS-ae626d5 teku: ethpandaops/teku:nashatyrev-das-cefa2c5 diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index ff5c247..22a47c1 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -39,6 +39,9 @@ tags: [cl_bootnode] - role: ethpandaops.general.ethereum_testnet_config tags: [ethereum, eth_testnet_config, ethereum_testnet_config] + - role: ethpandaops.general.validator_keys + when: ethereum_node_cl_validator_enabled == true + tags: [ethereum, validator_keys] - role: ethpandaops.general.ethereum_node tags: [ethereum, ethereum_node] - role: ethpandaops.general.docker_nginx_proxy @@ -78,8 +81,8 @@ delegate_to: bootnode-1 run_once: true vars: - eth_inventory_web_container_networks: "{{ docker_networks_shared }}" - eth_inventory_web_container_env: + eth_inventory_web_container_networks: "{{ docker_networks_shared }}" # noqa var-naming[no-role-prefix] + eth_inventory_web_container_env: # noqa var-naming[no-role-prefix] VIRTUAL_HOST: "bootnode-1.{{ network_subdomain }}" VIRTUAL_PORT: "80" VIRTUAL_PATH: "/meta/api" diff --git a/kurtosis/peerdas-deneb.yaml b/kurtosis/peerdas-deneb.yaml new file mode 100644 index 0000000..a108918 --- /dev/null +++ b/kurtosis/peerdas-deneb.yaml @@ -0,0 +1,165 @@ +participants: +# Super nodes + - cl_type: prysm + cl_image: ethpandaops/prysm-beacon-chain:peerDAS + supernode: true + cl_extra_params: + - --minimum-peers-per-subnet=1 + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: lighthouse + cl_image: ethpandaops/lighthouse:unstable + supernode: true + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: teku + cl_image: ethpandaops/teku:nashatyrev-das + supernode: true + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: nimbus + cl_image: ethpandaops/nimbus-eth2:pdsync + supernode: true + cl_extra_params: + - --sync-light-client=no + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: lodestar + cl_image: ethpandaops/lodestar:peerDAS + supernode: true + cl_extra_params: + - --persistNetworkIdentity + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: grandine + cl_image: ethpandaops/grandine:hangleang-fix-negotiation-timeout + supernode: true + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 +# Full nodes + - cl_type: prysm + cl_image: ethpandaops/prysm-beacon-chain:peerDAS + cl_extra_params: + - --minimum-peers-per-subnet=1 + - --data-columns-withhold-count=64 + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: lighthouse + cl_image: ethpandaops/lighthouse:unstable + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: lodestar + cl_image: ethpandaops/lodestar:peerDAS + cl_extra_params: [--persistNetworkIdentity] + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: nimbus + cl_image: ethpandaops/nimbus-eth2:pdsync + cl_extra_params: + - --sync-light-client=no + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: teku + cl_image: ethpandaops/teku:nashatyrev-das + count: 3 + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 + - cl_type: grandine + cl_image: ethpandaops/grandine:hangleang-fix-negotiation-timeout + cl_min_cpu: 1000 + cl_min_mem: 1024 + cl_max_cpu: 4000 + cl_max_mem: 8096 + el_min_cpu: 1000 + el_min_mem: 1024 + el_max_cpu: 4000 + el_max_mem: 8096 +network_params: + eip7594_fork_epoch: 0 + eip7594_fork_version: "0x50000038" + genesis_delay: 1200 +snooper_enabled: true +global_log_level: debug +additional_services: + - dora + - goomy_blob + - prometheus_grafana +dora_params: + image: ethpandaops/dora:peerdas-as-deneb-column-view-latest + env: {"FRONTEND_SHOW_PEER_DAS_INFOS": "true", "FRONTEND_SHOW_SENSITIVE_PEER_INFOS": "true"} +ethereum_metrics_exporter_enabled: true \ No newline at end of file diff --git a/terraform/kubernetes/chaos-mesh.tf b/terraform/kubernetes/chaos-mesh.tf new file mode 100644 index 0000000..68be3cb --- /dev/null +++ b/terraform/kubernetes/chaos-mesh.tf @@ -0,0 +1,64 @@ + +resource "kubernetes_namespace" "chaos-mesh" { + metadata { + name = "chaos-mesh" + } +} + +resource "helm_release" "chaos-mesh" { + name = "chaos-mesh" + namespace = kubernetes_namespace.chaos-mesh.metadata[0].name + repository = "https://charts.chaos-mesh.org" + chart = "chaos-mesh" + version = "2.6.3" + depends_on = [kubernetes_namespace.chaos-mesh] + set { + name = "chaosDaemon.runtime" + value = "containerd" + } + set { + name = "chaosDaemon.socketPath" + value = "/run/containerd/containerd.sock" + } +} + +resource "kubernetes_service_account" "dashboard" { + metadata { + name = "account-cluster-manager-dashboard" + namespace = "default" + } + +} + +resource "kubernetes_cluster_role" "dashboard-role" { + metadata { + name = "role-account-cluster-manager-dashboard" + } + + rule { + api_groups = [""] + resources = ["namespaces", "pods"] + verbs = ["get", "list", "watch"] + } + rule { + api_groups = ["chaos-mesh.org"] + resources = ["*"] + verbs = ["get", "list", "watch", "create", "delete", "patch", "update"] + } +} + +resource "kubernetes_cluster_role_binding" "dashboard-role-binding" { + metadata { + name = "role-binding-account-cluster-manager-dashboard" + } + role_ref { + api_group = "rbac.authorization.k8s.io" + kind = "ClusterRole" + name = "role-account-cluster-manager-dashboard" + } + subject { + kind = "ServiceAccount" + name = "account-cluster-manager-dashboard" + namespace = "default" + } +} \ No newline at end of file diff --git a/terraform/kubernetes/digitalocean.tf b/terraform/kubernetes/digitalocean.tf index d7d8210..1d7d6a7 100644 --- a/terraform/kubernetes/digitalocean.tf +++ b/terraform/kubernetes/digitalocean.tf @@ -4,26 +4,27 @@ resource "digitalocean_vpc" "peerdas" { ip_range = "10.221.0.0/16" } -resource "digitalocean_project" "peerdas" { - name = "Peerdas-devnets" - description = "Peerdas-devnets testing infrastructure" - purpose = "Other" - environment = "Development" +variable "digitalocean_project_name" { + type = string + default = "Peerdas-devnets" +} + +data "digitalocean_project" "peerdas" { + name = var.digitalocean_project_name } resource "digitalocean_project_resources" "peerdas" { - project = digitalocean_project.peerdas.id + project = data.digitalocean_project.peerdas.id resources = [ digitalocean_kubernetes_cluster.peerdas.urn, ] } - resource "digitalocean_kubernetes_cluster" "peerdas" { name = local.cluster_name region = var.region - version = "1.31.1-do.0" + version = "1.31.1-do.3" vpc_uuid = digitalocean_vpc.peerdas.id tags = local.common_tags @@ -38,10 +39,10 @@ resource "digitalocean_kubernetes_cluster" "peerdas" { name = "${local.cluster_name}-default" size = "s-8vcpu-16gb-amd" # $320/month, list available options with `doctl compute size list` labels = {} - node_count = 15 + node_count = 1 auto_scale = true - max_nodes = 15 - min_nodes = 15 + max_nodes = 1 + min_nodes = 1 tags = concat(local.common_tags, ["default"]) } }