service: move config flags to separate TOML file

This can be useful in the future to expose config. It also makes it easier to run service by hand when debugging. Signed-off-by: Jakub Sokołowski <jakub@status.im>
2024-05-12 15:43:36 +02:00 · 2024-05-12 15:43:36 +02:00 · 03f284d6c7
parent 9017cbb0c4
commit 03f284d6c7
6 changed files with 121 additions and 64 deletions
--- a/README.md
+++ b/README.md
@ -49,6 +49,7 @@ There's also a [container monitor service](./MONITOR.md).
 ```yaml
 nim_waku_monitor_enabled: true
 ```
+Most non-sensitive configuration resides in `conf/config.toml` file in service directory.

 # Management

--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -1,7 +1,10 @@
 ---
 beacon_node_service_name: 'beacon-node-{{ beacon_node_network }}-{{ beacon_node_repo_branch }}'
 beacon_node_service_path: '/data/{{ beacon_node_service_name }}'
+
 beacon_node_data_path: '{{ beacon_node_service_path }}/data'
+beacon_node_config_path: '{{ beacon_node_service_path }}/conf'
+beacon_node_config_file_path: '{{ beacon_node_config_path }}/config.toml'
 beacon_node_repo_path: '{{ beacon_node_service_path }}/repo'
 beacon_node_bin_path: '{{ beacon_node_service_path }}/bin'
 beacon_node_logs_link: '{{ beacon_node_service_path }}/logs'
@ -11,6 +14,8 @@ beacon_node_secrets_path: '{{ beacon_node_data_path }}/secrets'
 beacon_node_validators_path: '{{ beacon_node_data_path }}/validators'
 beacon_node_binary_path: '{{ beacon_node_bin_path }}/nimbus_beacon_node'

+# Ability to prevernt restarts after service changes.
+beacon_node_service_restart: true
 # Should be: nextPowerOfTwo(number_of_validators + 1024)
 beacon_node_service_nofile_limit: 16384
 beacon_node_user: 'nimbus'
@ -44,9 +49,6 @@ beacon_node_resync_timer_frequency: 'weekly'
 beacon_node_resync_timer_random_delay_sec: 86400 # day
 #beacon_node_resync_timer_trusted_api_url: ~

-# Ability to prevernt restarts after service changes.
-beacon_node_service_restart: true
-
 beacon_node_repo_url: 'https://github.com/status-im/nimbus-eth2'
 beacon_node_repo_branch: 'stable'

@ -58,7 +60,7 @@ beacon_node_sync_light_client: false
 beacon_node_subscribe_all: false
 beacon_node_doppelganger_detection: true
 beacon_node_doppelganger_exit_code: 129
-beacon_node_extra_flags: []
+beacon_node_extra_flags: {} # {agent-string: 'Taxation is theft.'}

 # Validator Monitoring
 beacon_node_validator_monitor_auto: false
--- a/tasks/config.yml
+++ b/tasks/config.yml
@ -8,6 +8,7 @@
    mode:  '{{ item.mode }}'
  with_items:
    - { path: '{{ beacon_node_service_path }}',    mode: '0750' }
+    - { path: '{{ beacon_node_config_dir }}',      mode: '0755' }
    - { path: '{{ beacon_node_era_dir_path }}',    mode: '0775' }
    - { path: '{{ beacon_node_secrets_path }}',    mode: '0700' }
    - { path: '{{ beacon_node_validators_path }}', mode: '0700' }
@ -49,3 +50,12 @@
    mode:    0775
  with_fileglob:
    - 'templates/scripts/*'
+
+- name: Create node config
+  template:
+    src:     'config.toml.j2'
+    dest:    '{{ beacon_node_config_file_path }}'
+    owner:   '{{ beacon_node_user }}'
+    group:   '{{ beacon_node_group }}'
+    mode:    0664
+  register: beacon_node_config_file
--- a/tasks/service.yml
+++ b/tasks/service.yml
@ -20,6 +20,7 @@
    daemon_reload: true
    state: |-
      {{ (
-        beacon_node_service_definition.changed and
+        beacon_node_config_file.changed or
+        beacon_node_service_definition.changed or
        beacon_node_service_restart
      ) | ternary("restarted", "started") }}
--- a/templates/beacon-node.service.j2
+++ b/templates/beacon-node.service.j2
@ -19,71 +19,13 @@ SyslogLevel=debug
 Restart=on-failure
 RestartPreventExitStatus={{ beacon_node_doppelganger_exit_code }}
 ExecStart={{ beacon_node_binary_path }} \
-    --network={{ beacon_node_network }} \
-    --data-dir={{ beacon_node_data_path }} \
-    --secrets-dir={{ beacon_node_secrets_path }} \
-    --validators-dir={{ beacon_node_validators_path }} \
-    --era-dir={{ beacon_node_era_dir_path }} \
-    --history={{ beacon_node_history_retention }} \
-{% if beacon_node_exec_layer_urls|length == 0 %}
-    --no-el=true \
-{% else %}
-{% for url in beacon_node_exec_layer_urls | mandatory %}
-    --el={{ url | mandatory }} \
-{% endfor %}
-{% endif %}
 {% if beacon_node_exec_layer_jwt_secret is defined %}
    --jwt-secret={{ beacon_node_exec_layer_jwt_secret_path | mandatory }} \
 {% endif %}
 {% if beacon_node_suggested_fee_recipient is defined %}
    --suggested-fee-recipient={{ beacon_node_suggested_fee_recipient | mandatory }} \
 {% endif %}
-{% if beacon_node_payload_builder_enabled %}
-    --payload-builder={{ beacon_node_payload_builder_enabled | to_json }} \
-    --payload-builder-url={{ beacon_node_payload_builder_url | mandatory }} \
-{% endif %}
-    --log-format={{ beacon_node_log_format }} \
-    --log-level={{ beacon_node_log_level }} \
-    --nat=extip:{{ beacon_node_public_address }} \
-    --tcp-port={{ beacon_node_listening_port }} \
-    --udp-port={{ beacon_node_discovery_port }} \
-    --max-peers={{ beacon_node_max_peers }} \
-    --netkey-file={{ beacon_node_netkey_path }} \
-    --insecure-netkey-password=true \
-    --sync-light-client={{ beacon_node_sync_light_client | to_json }} \
-    --subscribe-all-subnets={{ beacon_node_subscribe_all | to_json }} \
-    --doppelganger-detection={{ beacon_node_doppelganger_detection | to_json }} \
-    --num-threads={{ beacon_node_threads }} \
-    --rest={{ beacon_node_rest_enabled | to_json }} \
-{% if beacon_node_rest_enabled %}
-    --rest-address={{ beacon_node_rest_address }} \
-    --rest-port={{ beacon_node_rest_port }} \
-{% if beacon_node_rest_allow_origin != '' %}
-    --rest-allow-origin="{{ beacon_node_rest_allow_origin }}" \
-{% endif %}
-    --rest-max-body-size={{ beacon_node_rest_max_body_size | mandatory }} \
-    --rest-max-headers-size={{ beacon_node_rest_max_headers_size | mandatory }} \
-{% endif %}
-    --metrics={{ beacon_node_metrics_enabled | to_json }} \
-{% if beacon_node_metrics_enabled %}
-    --metrics-address={{ beacon_node_metrics_address }} \
-    --metrics-port={{ beacon_node_metrics_port }} \
-{% endif %}
-    --validator-monitor-auto={{ beacon_node_validator_monitor_auto | to_json }} \
-    --validator-monitor-details={{ beacon_node_validator_monitor_details | to_json }} \
-{% for pubkey in beacon_node_validator_monitor_pubkeys %}
-    --validator-monitor-pubkey={{ pubkey }} \
-{% endfor %}
-{% if beacon_node_light_client_data_enabled %}
-    --light-client-data-serve={{ beacon_node_light_client_data_serve | to_json }} \
-    --light-client-data-import-mode={{ beacon_node_light_client_data_import_mode }} \
-{% if beacon_node_light_client_data_max_periods >= 0 %}
-    --light-client-data-max-periods={{ beacon_node_light_client_data_max_periods }} \
-{% endif %}
-{% endif %}
-{% for extra_flag in beacon_node_extra_flags %}
-    {{ extra_flag }}{{ " \\" if not loop.last else "" }}
-{% endfor %}
+    --config-file={{ beacon_node_config_path }}

 [Install]
 WantedBy=multi-user.target
--- a/templates/config.toml.j2
+++ b/templates/config.toml.j2
@ -0,0 +1,101 @@
+# Hostname: {{ dns_entry }}
+
+## WARNING: Do not put sensitive configuration here. Use service definition.
+
+### General
+network = {{ beacon_node_network | to_json }}
+history = {{ beacon_node_history_retention | to_json }}
+num-threads = {{ beacon_node_threads }}
+sync-light-client = {{ beacon_node_sync_light_client | to_json }}
+subscribe-all-subnets = {{ beacon_node_subscribe_all | to_json }}
+
+### Logs
+log-format = {{ beacon_node_log_format | to_json }}
+log-level = {{ beacon_node_log_level | to_json }}
+
+### Network
+nat = "extip:{{ beacon_node_public_address }}"
+tcp-port = {{ beacon_node_listening_port }}
+udp-port = {{ beacon_node_discovery_port }}
+max-peers = {{ beacon_node_max_peers }}
+
+### Exec Layer
+{% if beacon_node_exec_layer_urls|length == 0 %}
+no-el = true
+{% else %}
+{% if beacon_node_exec_layer_urls %}
+el = [
+{% for url in beacon_node_exec_layer_urls | mandatory %}
+  {{ url | mandatory | to_json }},
+{% endfor %}]
+{% else %}
+el = []
+{% endif %}
+{% endif %}
+
+### Dirs
+data-dir = {{ beacon_node_data_path | to_json }}
+secrets-dir = {{ beacon_node_secrets_path | to_json }}
+validators-dir = {{ beacon_node_validators_path | to_json }}
+era-dir = {{ beacon_node_era_dir_path | to_json }}
+
+### Security
+netkey-file = {{ beacon_node_netkey_path | to_json }}
+{% if beacon_node_exec_layer_jwt_secret is defined %}
+jwt-secret = {{ beacon_node_exec_layer_jwt_secret_path | mandatory | to_json }}
+{% endif %}
+doppelganger-detection = {{ beacon_node_doppelganger_detection | to_json }}
+insecure-netkey-password = true
+{% if beacon_node_payload_builder_enabled %}
+
+### Payload Builder
+payload-builder = {{ beacon_node_payload_builder_enabled | to_json | to_json }}
+payload-builder-url = {{ beacon_node_payload_builder_url | mandatory | to_json }}
+{% endif %}
+
+### REST API
+rest = {{ beacon_node_rest_enabled | to_json }}
+{% if beacon_node_rest_enabled %}
+rest-address = {{ beacon_node_rest_address | to_json }}
+rest-port = {{ beacon_node_rest_port }}
+{% if beacon_node_rest_allow_origin != '' %}
+rest-allow-origin = {{ beacon_node_rest_allow_origin | to_json }}
+{% endif %}
+rest-max-body-size = {{ beacon_node_rest_max_body_size | mandatory }}
+rest-max-headers-size = {{ beacon_node_rest_max_headers_size | mandatory }}
+{% endif %}
+
+### Metrics
+metrics = {{ beacon_node_metrics_enabled | to_json }}
+{% if beacon_node_metrics_enabled %}
+metrics-address = {{ beacon_node_metrics_address | to_json }}
+metrics-port = {{ beacon_node_metrics_port }}
+{% endif %}
+
+### Monitoring
+validator-monitor-auto = {{ beacon_node_validator_monitor_auto | to_json }}
+validator-monitor-details = {{ beacon_node_validator_monitor_details | to_json }}
+{% if beacon_node_validator_monitor_pubkeys %}
+validator-monitor-pubkey = [
+{% for pubkey in beacon_node_validator_monitor_pubkeys %}
+  {{ pubkey | to_json }},
+{% endfor %}]
+{% else %}
+validator-monitor-pubkey = []
+{% endif %}
+
+{% if beacon_node_light_client_data_enabled %}
+### Light Client
+light-client-data-serve = {{ beacon_node_light_client_data_serve | to_json }}
+light-client-data-import-mode = {{ beacon_node_light_client_data_import_mode | to_json }}
+{% if beacon_node_light_client_data_max_periods >= 0 %}
+light-client-data-max-periods = {{ beacon_node_light_client_data_max_periods }}
+{% endif %}
+{% endif -%}
+{% if beacon_node_extra_flags %}
+
+### Extra Flags
+{% for key,value in beacon_node_extra_flags %}
+{{ key }} = {{ value | to_json }}
+{% endfor %}
+{% endif %}