Configure and operate a basic cloud-native service: running anything from cypto blockchain clients to the immense app store of open-source (Apache, CNCF and beyond) services.
Systemd, installation of the docker engine or a Kubernetes cluster.
| var | description | default |
|---|---|---|
| setup_mode | infrastructure provisioning setup mode (container, k8s, systemd, install) |
undefined |
| name | name of service to deploy | required |
| command | Command and arguments to execute on startup | required |
| user | service user to setup | <operatoring-user> |
| group | service group to setup | <operatoring-user> |
| config | configuration files associated with the service to mount | {} |
| config_env | environment variables to set within the service runtime | {} |
| ports | listening port information for a service | {} |
| data_dirs | directory mappings to store service runtime/operational data | {} |
| host_data_dir | host directory for general deployment operations | `` |
| cpus | CPU resources each deployed service can use (either percentage for systemd or cores for containers) | 100 |
| memory | available memory resources each deployed service can use | 1G |
| restart_policy | service restart policy | unless-stopped |
| uninstall | whether to remove installed service and artifacts | false |
| var | description | default |
|---|---|---|
| image | service container image to deploy | |
| network_mode | container network to attach (more info) | bridge |
| var | description | default |
|---|---|---|
| binary_url | URL of the binary file to download | |
| binary_file_name_override | Override the binary file name after moving it to the destination directory | |
| binary_strip_components | Strip NUMBER leading components/directories from file names on extraction | 0 |
| destination_directory | directory where the binary file will be placed after downloading/extracting | /usr/local/bin |
| systemd | custom service type & unit, service and install properties | {} |
| systemd.enable_accounting | enable systemd resource accounting (CPU, Memory, IO, Tasks, IP) | true |
To authorize access to the target Kubernetes cluster, set the following environment variables:
export KUBECONFIG=<path-to-the-kubeconfig-file>
export KUBE_CONTEXT=<context-within-the-kubeconfig-to-use>| var | description | default |
|---|---|---|
| helm_chart_path | path to Helm chart to use for the service deployment/release | ../../helm |
| helm_namespace | Kubernetes namespace to deploy to | default |
| helm_values_path | file to load Helm chart values (see here for available values) | values.yml |
roles:
- name: ansible-role-systemd
url: git+https://github.com/O1ahmad/ansible-role-systemd.git
# ansible-galaxy install git+https://github.com/O1ahmad/ansible-role-systemd.git
collections:
- name: community.docker- Launch a Wireguard client which establishes a secure peer tunnel connection:
- name: Configure WireGuard VPN
hosts: VPNServers
remote_user: devops
become: true
roles:
- role: basic-service
vars:
setup_mode: systemd
name: wireguard
user: wireguard
binary_url: https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-1.0.20210424.tar.xz
binary_file_name_override: wireguard
command: >
/usr/local/bin/wg-quick up wg0
cpus: 50
memory: 1G
config:
wg0.conf:
destinationPath: /etc/wireguard/wg0.conf
data: |
[Interface]
PrivateKey = <Your-Private-Key>
Address = 10.0.0.1/24
ListenPort = 51820
[Peer]
PublicKey = <Peer-Public-Key>
Endpoint = <Peer-Public-IP>:51820
AllowedIPs = 10.0.0.2/32
ports:
wireguard:
ingressPort: 51820
servicePort: 51820
systemd:
enable_accounting: true
service_properties:
ExecStop: /usr/local/bin/wg-quick down wg0
Restart: on-failure- Provision an Ethereum execution and consensus client connected to the Sepolia testnet and monitor with the XATU service
- name: Configure Ethereum execution layer clients
hosts: EthereumSepolia
become: true
roles:
- role: basic-service
vars:
setup_mode: systemd
name: reth
user: ubuntu
binary_url: https://github.com/paradigmxyz/reth/releases/download/v1.1.4/reth-v1.1.4-x86_64-unknown-linux-gnu.tar.gz
binary_file_name_override: reth
command: >
/usr/local/bin/reth node --full --chain=sepolia --http --http.addr 0.0.0.0 --http.api "admin,debug,eth,net,txpool,web3,rpc,reth,ots,flashbots,miner" --metrics 0.0.0.0:8085
cpus: 50
memory: 5G
config:
reth.toml:
destinationPath: /home/ubuntu/reth.toml
data: |
# add configuration values
- name: Configure Ethereum consensus layer clients
hosts: EthereumSepolia
become: true
roles:
- role: basic-service
vars:
setup_mode: systemd
name: lighthouse
user: ubuntu
binary_url: https://github.com/sigp/lighthouse/releases/download/v6.0.0/lighthouse-v6.0.0-x86_64-unknown-linux-gnu.tar.gz
binary_file_name_override: lighthouse
command: >
lighthouse bn --network sepolia --checkpoint-sync-url https://checkpoint-sync.sepolia.ethpandaops.io/
--execution-endpoint http://localhost:8551 --execution-jwt /home/ahmad/.local/share/reth/sepolia/jwt.hex
--http --http-address 0.0.0.0
--metrics --metrics-address 0.0.0.0 --metrics-port 8086
cpus: 50
memory: 5G
- name: Configure XATU server for analytics
hosts: EthereumSepolia
become: true
roles:
- role: basic-service
vars:
setup_mode: container
name: xatu-server
image: ethpandaops/xatu:latest
command: sentry --preset ethpandaops --beacon-node-url=http://localhost:5052 --output-authorization="Basic <redacted>"
cpus: 0.5
memory: 5g
network_mode: host- Install a tool (e.g.
curl):
- name: Install curl tool
hosts: all
become: true
roles:
- role: basic-service
vars:
setup_mode: install
name: curl
binary_url: https://github.com/moparisthebest/static-curl/releases/download/v8.12.1/curl-amd64
binary_strip_components: 1
binary_file_name_override: curlMIT
This Ansible role was created in 2023 by O1.IO.
🏆 always happy to help & donations are always welcome 💸
-
ETH (Ethereum): 0x652eD9d222eeA1Ad843efec01E60C29bF2CF6E4c
-
BTC (Bitcoin): 3E8gMxwEnfAAWbvjoPVqSz6DvPfwQ1q8Jn
-
ATOM (Cosmos): cosmos19vmcf5t68w6ug45mrwjyauh4ey99u9htrgqv09