diff --git a/ansible/inventories/devnet-0/group_vars/all/all.sops.yaml b/ansible/inventories/devnet-0/group_vars/all/all.sops.yaml index cc4e2e0..556801c 100644 --- a/ansible/inventories/devnet-0/group_vars/all/all.sops.yaml +++ b/ansible/inventories/devnet-0/group_vars/all/all.sops.yaml @@ -12,6 +12,7 @@ secret_nginx_shared_basic_auth: name: ENC[AES256_GCM,data:O7L3,iv:DiOGlqfOfrDlt7X4OGY27OYlkDDEHguv+kg1zRhBek0=,tag:KuOX20lI/iYZOORFraiISw==,type:str] password: ENC[AES256_GCM,data:HyMDeoK5s6JDfsJ7j5Gg,iv:yvC4WWOOJvVeegWl0uj2P8yxcfBgNrvYSm5xUB5qux8=,tag:XoZbXpvLtUJPVoEaV3ltsg==,type:str] secret_ethstats: ENC[AES256_GCM,data:vO/gY2iluciwksE=,iv:WHYxXgQ2LdLGMKxvagmT3UhmQl/dRucpyhYzZxHvLHc=,tag:NX4Lkg6SPPusRx/zHGn00w==,type:str] +secret_bootnodoor_seed: ENC[AES256_GCM,data:A611+/dn9lT08iGrqgLNgqPpWGEyGf1usFFWM4P9uB0Twfryjk5bzBVFLcLPKzkhuj4DThToS8F3s4iCAmq/+Q==,iv:ic2cap4ynWi/IS6dkn3fkKgNTndnZCxTbBbIABpXgrA=,tag:1Jwqi77lNG3yXZ9RZnZe5g==,type:str] secret_genesis_mnemonic: ENC[AES256_GCM,data:zRxUC65Kt1b8DM4QPyEJ/u0Uhp2ftMcJVtacbXRrOCUGm+gy0n+VH199hVxvviouJQkbv5FiJYiFjwjJ/yFX5ajPgOqanjRpBfEfwwD2Drtafaw/mWT7pSILHlo7oI18+bGIWjXve5mpUSuAC7jiaufDVROvSa6bcew0Ogbp5pzbFJBFFim3LFjyC1uSRO7JbRoK4cUl1CxnaCUaC/3GKz4l/fIe,iv:EaQilsQbnswzCqkWSK9G/R3wwmMRDwWZDjdZQ1fUZRk=,tag:2kWU1BNG/B82qzmNxmwIjQ==,type:str] secret_mev_coinbase_secret_key: ENC[AES256_GCM,data:TYLALYjoxOyyrpPoJ/gBvXO2vMdbbFqrI0gyZAJ7MHgI7SMmb7qTfDzakHmOASZ5ezJXfOMWqy0zBqQwymLhzA==,iv:MNJfTjd3pfAW9tR8WUEcp5BOcjjBTQFRoAN+NkC+VAA=,tag:dlR3sMxJb9he8xZn3FcD6w==,type:str] secret_mev_builder_tx_signing_key: ENC[AES256_GCM,data:Tr01nA3sls3AhttJga/ndK+nMjZSiyMIE3zafwsEZjZt9aETG+zEnkcAK5y9P1aq2N1UZ/KMOF0BPNbgCtOddw==,iv:tBmNG6Esy/3HFCiNZIggEb2Xlgc5MEwS4mVgQpcuSyc=,tag:2mfyvSzaMvCqeIFQGV7NMA==,type:str] @@ -41,8 +42,8 @@ sops: azure_kv: [] hc_vault: [] age: [] - lastmodified: "2025-09-29T12:17:20Z" - mac: ENC[AES256_GCM,data:uADIBQaMWRk8OtH0RU5/5xvdaz9pFvHoBBMTUdTbtX+H7ly4IUCJ6AmryNnO3WBV719ikiZ5ofLcnN7+BTJLOjaDGxKR1OrpUvQNuhn8q0BVYkL1QB6QJeJnVf2p9ylEg6LpgAmFBaMkdndUyoVZcdvON13mIeBqhRg80MvwMg8=,iv:nImuyf6+ql6ixbQuEjCayBAt3vtvEDU7n/+/gmKvLK4=,tag:GSfy52+wzjSRdvUA+3iaGA==,type:str] + lastmodified: "2025-12-12T05:07:13Z" + mac: ENC[AES256_GCM,data:GCMJnneHuL+040VvJyp65IXdchCnWFyoiJgvKwcV3fPU8WNaMOuUEbDHK3wW6oZyEGeu0HlOQOuJwXacqb9iG5hG4aqN93uu/th0dRNEfJr0ij4lRU9Yrrx0t3kpzVYhLI7sPE82XwhbsOXSWlQIRl9PDQPtgudeEcARn2fSt68=,iv:vOD+PBlJqgEnzEPdhwrGHGEzJ5L6wM5HUY3I7Flleyw=,tag:NNJ9SfOkEAAv3R3r1n+rww==,type:str] pgp: - created_at: "2025-10-27T13:25:35Z" enc: |- diff --git a/ansible/inventories/devnet-0/group_vars/bootnode.yaml b/ansible/inventories/devnet-0/group_vars/bootnode.yaml index 52bf55b..ca3f6ca 100644 --- a/ansible/inventories/devnet-0/group_vars/bootnode.yaml +++ b/ansible/inventories/devnet-0/group_vars/bootnode.yaml @@ -1,4 +1,5 @@ -ethereum_cl_bootnode: "{{ hostvars[primary_bootnode]['cl_bootnode_fact_enr'] }}" +ethereum_cl_bootnode: "{{ hostvars[primary_bootnode]['bootnodoor_fact_enr'] }}" +ethereum_el_bootnode: "{{ hostvars[primary_bootnode]['bootnodoor_fact_enode'] }}" # role: eth_inventory_web eth_inventory_web_container_networks: "{{ docker_networks_shared }}" @@ -9,6 +10,36 @@ eth_inventory_web_container_env: VIRTUAL_DEST: "/" LETSENCRYPT_HOST: "{{ server_fqdn }}" +# role: ethpandaops.general.bootnodoor +bootnodoor_privkey: >- + {{ + (secret_bootnodoor_seed ~ ':' ~ ethereum_genesis_chain_id|string) + | hash('sha256') + }} +bootnodoor_set_facts: true +bootnodoor_el_enabled: true +bootnodoor_cl_enabled: true + +bootnodoor_container_name: "bootnodoor" +bootnodoor_container_image: "ethpandaops/bootnodoor:master" +bootnodoor_container_networks: "{{ docker_networks_shared }}" +bootnodoor_p2p_port: 9010 +bootnodoor_ui_port: 8004 +bootnodoor_enr_ip: "{{ ansible_host }}" + +bootnodoor_el_config: /network-config/genesis.json +bootnodoor_el_genesis_hash: /network-config/deposit_contract_block_hash.txt +bootnodoor_cl_config: /network-config/config.yaml +bootnodoor_cl_gvr: /network-config/genesis_validators_root.txt +bootnodoor_container_volumes_extra: + - "{{ eth_testnet_config_dir }}:/network-config:ro" + +bootnodoor_container_command_extra_args: [] +bootnodoor_container_env: + VIRTUAL_HOST: "bootnodoor-{{ server_fqdn }}" + VIRTUAL_PORT: "{{ bootnodoor_ui_port | string }}" + LETSENCRYPT_HOST: "bootnodoor-{{ server_fqdn }}" + # role: ethpandaops.general.ethereum_node ethereum_node_el: geth ethereum_node_cl: teku @@ -34,6 +65,25 @@ teku_container_command_extra_args: - --logging=info - --Xlog-include-p2p-warnings-enabled - --metrics-block-timing-tracking-enabled + - >- + --p2p-discovery-bootnodes={{ + ( + ( + groups['bootnode'] + | map('extract', hostvars, ['ethereum_node_fact_cl_enr']) + | select('defined') + | list + ) + + + ( + groups['bootnode'] + | map('extract', hostvars, ['bootnodoor_fact_enr']) + | select('defined') + | list + ) + ) + | join(',') + }} # role: ethpandaops.general.geth geth_container_name: execution @@ -50,7 +100,25 @@ geth_container_command_extra_args: - --syncmode=full - --gcmode=archive - --state.scheme=hash - + - >- + --bootnodes={{ + ( + ( + groups['bootnode'] + | map('extract', hostvars, ['ethereum_node_fact_el_enode']) + | select('defined') + | list + ) + + + ( + groups['bootnode'] + | map('extract', hostvars, ['bootnodoor_fact_enode']) + | select('defined') + | list + ) + ) + | join(',') + }} # role: ethpandaops.general.prometheus prometheus_remote_push_url: https://victoriametrics.ethdevops.io/insert/0/prometheus/api/v1/write diff --git a/ansible/inventories/devnet-0/group_vars/dns_server.yaml b/ansible/inventories/devnet-0/group_vars/dns_server.yaml index 9dac531..5d44f84 100644 --- a/ansible/inventories/devnet-0/group_vars/dns_server.yaml +++ b/ansible/inventories/devnet-0/group_vars/dns_server.yaml @@ -39,6 +39,7 @@ dns_server_zones: {{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} {{ ethereum_node_beacon_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} + bootnodoor-{{ hostvars[host]['inventory_hostname'] }} IN A {{ hostvars[host]['ansible_host'] }} {% if hostvars[host]['ipv6'] is defined %} {{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} {{ ethereum_node_rpc_prefix }}{{ hostvars[host]['inventory_hostname'] }} IN AAAA {{ hostvars[host]['ipv6'] }} diff --git a/ansible/inventories/devnet-0/group_vars/ethereum_node.yaml b/ansible/inventories/devnet-0/group_vars/ethereum_node.yaml index 19fd81e..c6c0e29 100644 --- a/ansible/inventories/devnet-0/group_vars/ethereum_node.yaml +++ b/ansible/inventories/devnet-0/group_vars/ethereum_node.yaml @@ -1,8 +1,9 @@ ethereum_cl_bootnodes: - - "{{ hostvars[primary_bootnode]['cl_bootnode_fact_enr'] }}" + - "{{ hostvars[primary_bootnode]['bootnodoor_fact_enr'] }}" - "{{ hostvars[primary_bootnode]['ethereum_node_fact_cl_enr'] }}" ethereum_el_bootnodes: + - "{{ hostvars[primary_bootnode]['bootnodoor_fact_enode'] }}" - "{{ hostvars[primary_bootnode]['ethereum_node_fact_el_enode'] }}" ethereum_node_xatu_sentry_enabled: true diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml index c42993c..bbae5a8 100644 --- a/ansible/playbook.yaml +++ b/ansible/playbook.yaml @@ -43,10 +43,10 @@ - hosts: bootnode become: true roles: - - role: ethpandaops.general.lighthouse_bootnode - tags: [lighthouse_bootnode, bootnode] - role: ethpandaops.general.ethereum_testnet_config tags: [ethereum, eth_testnet_config, ethereum_testnet_config] + - role: ethpandaops.general.bootnodoor + tags: [bootnodoor] - role: ethpandaops.general.validator_keys when: ethereum_node_cl_validator_enabled == true tags: [ethereum, validator_keys] diff --git a/terraform/devnet-0/firewall.tf b/terraform/devnet-0/firewall.tf index 178e584..a79f12b 100644 --- a/terraform/devnet-0/firewall.tf +++ b/terraform/devnet-0/firewall.tf @@ -30,7 +30,7 @@ resource "digitalocean_firewall" "main" { // Consensus layer p2p port inbound_rule { protocol = "tcp" - port_range = "9000-9002" + port_range = "9000-9001" source_addresses = ["0.0.0.0/0", "::/0"] } inbound_rule { @@ -39,13 +39,6 @@ resource "digitalocean_firewall" "main" { source_addresses = ["0.0.0.0/0", "::/0"] } - // Bootnode - inbound_rule { - protocol = "udp" - port_range = "9010" - source_addresses = ["0.0.0.0/0", "::/0"] - } - // Execution layer p2p Port inbound_rule { protocol = "tcp" @@ -112,6 +105,19 @@ resource "digitalocean_firewall" "bootnode" { port_range = "53" source_addresses = ["0.0.0.0/0", "::/0"] } + + // Bootnodoor P2P + inbound_rule { + protocol = "tcp" + port_range = "9010" + source_addresses = ["0.0.0.0/0", "::/0"] + } + inbound_rule { + protocol = "udp" + port_range = "9010" + source_addresses = ["0.0.0.0/0", "::/0"] + } + depends_on = [digitalocean_project_resources.droplets] } diff --git a/terraform/devnet-0/hetzner/firewall.tf b/terraform/devnet-0/hetzner/firewall.tf index 542d367..2c9cc95 100644 --- a/terraform/devnet-0/hetzner/firewall.tf +++ b/terraform/devnet-0/hetzner/firewall.tf @@ -134,6 +134,22 @@ resource "hcloud_firewall" "bootnode_firewall" { port = "53" source_ips = ["0.0.0.0/0", "::/0"] } + + // Bootnodoor P2P + rule { + description = "Allow Bootnodoor P2P port TCP" + direction = "in" + protocol = "tcp" + port = "9010" + source_ips = ["0.0.0.0/0", "::/0"] + } + rule { + description = "Allow Bootnodoor P2P port UDP" + direction = "in" + protocol = "udp" + port = "9010" + source_ips = ["0.0.0.0/0", "::/0"] + } } resource "hcloud_firewall" "mev_relay_firewall" {