Ansible Role: ethereum_node_mgmt

slingnode.ethereum_node_mgmt is an Ansible role that facilitates common management tasks on servers running Ethereum clients. It is designed to seamlessly work with nodes deployed using slingnode.ethereum role. The role supports the following tasks:

• validator key import (using command line or Key Manager API)
• Slashing protection DB import and export

Supported clients

• Lighthouse
• Prysm
• Teku
• Nimbus

Supported Operating Systems

The role has been tested on the following operating systems

RedHat based:

• AlmaLinux 9.1
• AlmaLinux 8.7
• RockyLinux 9.1
• RockyLinux 8.7
• AmazonLinux 2

Debian based:

• Ubuntu 22.04
• Ubuntu 20.04

Documentation

The README file provides a basic overview only. Full documentation describing the role in details is available at https://docs.slingnode.com/slingnode.ethereum_node_mgmt/.

Requirements

Ansible Docker module is required on the Ansible controller. It can be installed using the below command:

ansible-galaxy collection install community.docker:==3.8.0

Dependencies

The role is designed to work with nodes deployed using slingnode.ethereum role.

Role Variables

Role variables are defined in 'defaults'. This means they have the lowest precedence and can be easily overridden. See Ansible documentation for details on the precedence.

All client specific variables are defined in their corresponding variable file. All client specific variables have unique names (prefixed with clientname_) so there's no risk of a clash.

Important variables

This section outlines variables that you will most likely want to modify.

clients

"clients" variable defines what clients the tasks will execute against.

• execution: geth, nethermind, erigon, besu
• consensus and validator: lighthouse, prysm, teku, nimbus

clients:
  execution: geth
  consensus: lighthouse
  validator: lighthouse

action variables

The variables below define what action the role will perform. All default to false, set to true to carry out required action.

import_validator_keys_api: false
import_validator_keys_cmd: false
export_slashing_protection_db: false
import_slashing_protection_db: false

copy_slashing_protection_db_to_server

When set to true the role will copy the slashing protection DB from the control host to the managed host where the import will occur. The variable is used with source_slashing_protection_db_to_copy and import_slashing_protection_db set to true. Otherwise it has no effect.

copy_slashing_protection_db_to_server: true
source_slashing_protection_db_to_copy: local_source/slashing_protection.json
import_slashing_protection_db: true

keystore_files

Variable required for command line based key import tasks. It specifies local source of the kyestore and password files to copy to the server.

keystore_files:
  - src: molecule/resources/test_validator_keystores/keystore-m_12381_3600_1_0_0-1680087924.json
    dest: "{{ blockchain_root_path }}/validator/keystore/keystore-m_12381_3600_1_0_0-1680087924.json"
  - src: molecule/resources/test_validator_keystores/keystore-m_12381_3600_1_0_0-1680087924.txt
    dest: "{{ blockchain_root_path }}/validator/keystore/keystore-m_12381_3600_1_0_0-1680087924.txt"

keystore_password_file

Specifies file name on the managed server containing password to decrypt the keystore. Required by Lighthouse and Prysm.

keystore_password_file: "keystore-m_12381_3600_1_0_0-1680087924.txt"

keystores_without_slashing_protection

Variable used with API keystore import. It specifies local paths on the control host. Use this variable when you do not want to import slashing protection DB along with the keystores.

keystores_without_slashing_protection:
  - keystore: molecule/resources/test_validator_keystores/keystore-m_12381_3600_1_0_0-1680087924.json
    password: molecule/resources/test_validator_keystores/keystore-m_12381_3600_1_0_0-1680087924.txt

keystores_with_slashing_protection

Variable used with API keystore import. It specifies local paths on the control host. Use this variable when you want to import slashing protection DB along with the keystores.

keystores_with_slashing_protection:
  - keystore: molecule/resources/test_validator_keystores/keystore-m_12381_3600_0_0_0-1669980799.json
    password: molecule/resources/test_validator_keystores/keystore-m_12381_3600_0_0_0-1669980799.txt
    slashing_protection_db: molecule/resources/test_validator_keystores/slashing_protection_db.json

Example playbook

The best place to start is to check the examples project. There are multiple example playbooks. The examples project is available here https://github.com/SlingNode/slingnode-ethereum-examples.

Contact

If you have any questions join our Discord server or log a GitHub issue.

License

MIT

Author Information

This role was created in 2023 by pgjavier and karolpivo.