feat: Add Xatu Stack (#20)

ansible/inventories/devnet-3/group_vars/all/all.sops.yaml

@@ -12,24 +12,21 @@ secret_genesis_mnemonic: ENC[AES256_GCM,data:MILGlFDIsVhL/KLYehzZPbouuu1xNtZnJDx
 secret_mev_signingkey: ENC[AES256_GCM,data:7xug6L4MXETqWb7cmZS6BpAxBercs4mnJEg1NKp+LwZjCWl5pPAlTbfZASwXVBMo24Xoqi9/FbjeJML6WtaJ2Q==,iv:UGcVz81+wBNdb4cmkg9t4tSamqOaBUfWk6glh/6jUA8=,tag:W5Y00+vamA2tq2tEpAEhQA==,type:str]
 secret_mev_flood_private_key: ENC[AES256_GCM,data:2vVJ+N0XLer202Dc5J2HVjTEW6XUa+LpmhS/mo2brt+qzabraTSaD7d4P5rVqbovW+W5Je5FdDr4s7rScyn/RA==,iv:1qNfUVqJ9eebRmA4Ly59KFR9WmaQ8eelSvNLJAWCJ10=,tag:knDhqt3zak1OEsHi2nQ3oA==,type:str]
 secret_mev_flood_user_key: ENC[AES256_GCM,data:+XXSXUZdEKClV09Pfy/YWULlRl+5njMWcKOvPwuF6YUWHP2spLbJa8BnOimxxi6v7ioGMXEZW7XROVqqQiY4Aw==,iv:efkOBcrGeGJwT91SR+2wFI/fpnWASQeqjH3MJSIQBAA=,tag:KjJMfc7VgZkc8cy/IHrNNA==,type:str]
-secret_xatu_sentry:
-    server_address: ENC[AES256_GCM,data:U3A2QJfVr5/cj7sMbf1C8ztynZc9MS5K9tstLiNYRzhGtC9ZU6npoGL/xsV8y5Z8yg+Z,iv:fuAuq7J/ksqoOiUKMmL96DB5Qbx6HJs4qHVYMoAziOE=,tag:LhQAkrXq9QsWrUneltJXig==,type:str]
-    user: ENC[AES256_GCM,data:6Rl/PXMHqw==,iv:gHXmk6tie0m6usKO6v9kwBI3BW0Kjj04wuMiijQYVbg=,tag:qjLt4uzXQ2s3j+xvEGlYFQ==,type:str]
-    password: ENC[AES256_GCM,data:Qs3nM2MRodo/iUNB+w6ezZo5jIBpWp/vjuZmzDly55IYMobc,iv:qdGn0xmCaDu8W+y2cOh4tDaXz9eifsMc186OqaPFcAk=,tag:kiSkV9uWDoAtzSSWkHiZ/g==,type:str]
 tx_fuzz_blobs_privkey: ENC[AES256_GCM,data:XUiDF6puTOcP0veM5k2x9PmPSA2vP1FeoxSY7rn0bxLMB0b/DsB7y7bfsjBlgPIiL9f2AOSfsol8WWxd3zT6IA==,iv:qTk22/lpJyWFycayBupQp0sBaw2E2oq7peWypQh+0Ic=,tag:Eeqpv2JCfrsQd5ovOcpdVg==,type:str]
 tx_fuzz_txs_privkey: ENC[AES256_GCM,data:c52KtPzcxyZPj3vQ6tx0Di5uLFy5JoRUSZ5ZH/WEj7nqC7JTwRw3+bNPk8Y43wjE7caqRZ7eq0la0Bc42ydpew==,iv:gHO+ttqzJCbRBCUvmlsTVNQK6vpnGXamIag63HS/fas=,tag:1Qultc6tndFGDuSKjm/TVg==,type:str]
 goomy_private_key: ENC[AES256_GCM,data:+AwqAcOobrvR5gXxdABQki0rH41Ns8H3sJvVtQb5sh/596u1oDPq2bEh6Tpkfx8B+x4rSp+MRQi5wHwk9/Nqcw==,iv:Ibm4sLvU+tNk7EqaSPs/2CRLU1yLlNDgSWjR+uNPrvQ=,tag:oWbWW/jt9pPTWFcRoVTBsg==,type:str]
 nethermind_seq_api_key: ENC[AES256_GCM,data:fxY/OkvHP2w5r2WdAwwGkdPOG9Q=,iv:8RFbkiSRAdtEPHM5JvmQskIHybMuZdbzP1CV1rGp1DM=,tag:HWEciIkJpTbJhumao1CaHA==,type:str]
 nethermind_seq_server: ENC[AES256_GCM,data:tNMBXIUTbUfXP2quBzmzLHUk+/+Dg5wzIQ==,iv:N0JY8nvNIqVQuBvUZF+TtBhgrnwtzCEu40axAxTMwWc=,tag:zFCJZekruevCbvdDAlmakg==,type:str]
 nethermind_push_gateway: ENC[AES256_GCM,data:ZZVpFiiuIPhj1bttOr9pA03/wHS3lY+f6n/DD05PRLEK1Vtla0Pu3I9k1vjZdkkbMYFeLwy+dDUxk6UQeQTFpS430E68O51ers31YF9M4kOFiKVWM1q2cO705QKRjysd2Y52OI1UMk1G3yTJdmIim0cBvt1yZafso05dIZa1Thi+cYQNg0Z6re3QU53GMzbSfg==,iv:TwKc357lNh4ICSQBR/0QbBJrVCZuTOI+1wWXEoVT2Ys=,tag:Hq55iZFPmCPALhR3SWaRNg==,type:str]
+secret_xatu_event_ingester_secret: ENC[AES256_GCM,data:QIJlPRKhCyoL+o3T//C6Qu3AMBJrvIXbhOjHtukdUH4QRdA=,iv:mt/2lpmyCFvEh0vLqa5gu4w1rVVyKWMpCxYqN7zc1NY=,tag:3E0xdFSeFVN3Z9DHZTe/GA==,type:str]
 sops:
     kms: []
     gcp_kms: []
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-09-11T10:08:46Z"
-    mac: ENC[AES256_GCM,data:EQ+zXd+FSZSKm5JqU8HSFnWcQD9HD+fEGfJnpPUcbHbUxBi4TguGPIwyBzVV2gR3Kk2z868HiFeWRm+N2UodqInR4QwV645nTnIZ+WL4pCmpnzGsWr150YT40b90lbDeY0TLG8jaEpxLfUMWH0NMgBKC6DuEKAQxAEZUnK14vJI=,iv:HU95U3ZqE/yXSFl46ta+F3VqdPwBL8dxmS6l+CkNY6s=,tag:8Kz4h7/5JLGQad2boAsHgg==,type:str]
+    lastmodified: "2024-09-12T08:58:14Z"
+    mac: ENC[AES256_GCM,data:J2FiJDKW5ajohCjsVw+Y2df5zIyPslmJwKco2i1Jj6U6knPeTQvZAXno+mct8Q9JoDWC/53/Nwi06CkEQxU1quzXPOPOCtneiiKtxGB/86ES/y40O8OFUywpFcFJTEkh/vhqYru29k/CfmspJHvkpkBFKcuooeBYv7/7nZg12Uo=,iv:nbH91r8QU9fdQ06wq6Oc/nK/vrAzCCOcLTkRaY0fb6s=,tag:bFMtVRPhLiUonaG1xu3+6w==,type:str]
     pgp:
         - created_at: "2023-09-28T11:48:21Z"
           enc: |-

ansible/inventories/devnet-3/group_vars/all/all.yaml

@@ -115,7 +115,7 @@ bootstrap_default_user_authorized_keys_github: >
 # role: ethpandaops.general.ethereum_node
 ethereum_node_images_always_pull: true
 ethereum_node_metrics_exporter_enabled: true
-ethereum_node_xatu_sentry_enabled: false
+ethereum_node_xatu_sentry_enabled: true
 ethereum_node_cl_validator_enabled: "{{ validator_start is defined and validator_end is defined }}"
 ethereum_node_cl_validator_fee_recipient: "0xf97e180c050e5Ab072211Ad2C213Eb5AEE4DF134"
 ethereum_node_cl_ports_p2p_tcp: 9000
@@ -136,10 +136,23 @@ ethereum_node_json_rpc_snooper_engine_name: "snooper-engine"
 # role: ethpandaops.general.xatu_sentry
 xatu_sentry_container_image: "{{ default_tooling_images.xatu_sentry }}"
 xatu_sentry_config_name: "{{ ethereum_network_name }}-{{ inventory_hostname }}"
-xatu_sentry_config_server_address: "{{ secret_xatu_sentry.server_address }}"
-xatu_sentry_config_server_auth_user: "{{ secret_xatu_sentry.user }}"
-xatu_sentry_config_server_auth_password: "{{ secret_xatu_sentry.password }}"
+xatu_sentry_config_server_address: "server.xatu.{{ ethereum_network_name }}.ethpandaops.io:80"
 xatu_sentry_config_network_name_override: "{{ ethereum_network_name }}"
+xatu_sentry_config: |
+  logging: "info"
+  metricsAddr: ":9090"
+  name: "{{ xatu_sentry_config_name }}"
+  ethereum:
+    beaconNodeAddress: {{ xatu_sentry_config_beacon_uri }}
+    overrideNetworkName: {{ xatu_sentry_config_network_name_override }}
+  outputs:
+  - name: grpc
+    type: xatu
+    config:
+      address: {{ xatu_sentry_config_server_address }}
+      authorization_secret: {{ secret_xatu_event_ingester_secret }}
+      tls: false
+
 
 # role: ethpandaops.general.ethereum_metrics_exporter
 ethereum_metrics_exporter_container_image: "{{ default_tooling_images.ethereum_metrics_exporter }}"

ansible/inventories/devnet-3/inventory.ini

@@ -135,6 +135,9 @@ teku-reth-1 ansible_host=104.248.18.173 ipv6=2a03:b0c0:3:d0::1c53:7001 cloud=dig
 teku-reth-2 ansible_host=178.128.247.219 ipv6=2a03:b0c0:2:d0::187e:2001 cloud=digitalocean cloud_region=ams3 validator_start=4900 validator_end=5000
 teku-reth-3 ansible_host=144.126.226.186 ipv6=2a03:b0c0:1:d0::1172:d001 cloud=digitalocean cloud_region=lon1 validator_start=5000 validator_end=5100
 
+[xatu]
+xatu-1 ansible_host=64.226.71.154 ipv6=2a03:b0c0:3:f0::2bc:e000 cloud=digitalocean cloud_region=fra1 
+
 
 # Consensus client groups
 
@@ -255,4 +258,4 @@ bootnode-1
 bootnode-1
 
 [goomy]
-bootnode-1
+bootnode-1

ansible/playbook.yaml

@@ -115,3 +115,9 @@
   roles:
     - role: ethpandaops.general.goomy
       tags: [goomy]
+
+- hosts: xatu
+  become: true
+  roles:
+    - role: ethpandaops.general.xatu_stack
+      tags: [ethereum, xatu]

ansible/requirements.yaml

@@ -15,6 +15,6 @@ collections:
   - name: community.sops
     version: 1.6.0
   - name: ethpandaops.general
-    source: https://github.com/ethpandaops/ansible-collection-general.git,master
+    source: https://github.com/ethpandaops/ansible-collection-general.git,feat/xatu-stack
     type: git
   - name: kubernetes.core

terraform/devnet-3/ansible_inventory.tmpl

@@ -29,7 +29,7 @@ ${replace(gid, "-", "_")}
 %{ for el in ["besu", "ethereumjs", "geth", "nethermind", "erigon", "reth"] ~}
 [${el}:children]
 %{ for gid, group in groups ~}
-%{ if split("-", gid)[0] != "bootnode" ~}
+%{ if split("-", gid)[0] != "bootnode" && split("-", gid)[0] != "xatu" ~}
 %{ if split("-", gid)[1] == "${el}" ~}
 ${replace(gid, "-", "_")}
 %{ endif ~}
@@ -40,12 +40,12 @@ ${replace(gid, "-", "_")}
 # Global groups
 
 [consensus_node:children]
-%{ for x,y in merge( { for gid, group in groups : split("-", gid)[0] => true... if split("-", gid)[0] != "bootnode" } )   ~}
+%{ for x,y in merge( { for gid, group in groups : split("-", gid)[0] => true... if split("-", gid)[0] != "bootnode" && split("-", gid)[0] != "xatu" } )   ~}
 ${x}
 %{ endfor ~}
 
 [execution_node:children]
-%{ for x,y in merge( { for gid, group in groups : split("-", gid)[1] => true... if split("-", gid)[0] != "bootnode" } )   ~}
+%{ for x,y in merge( { for gid, group in groups : split("-", gid)[1] => true... if split("-", gid)[0] != "bootnode" && split("-", gid)[0] != "xatu" } )   ~}
 ${x}
 %{ endfor ~}
 

terraform/devnet-3/digitalocean.tf

@@ -298,6 +298,36 @@ resource "cloudflare_record" "server_record_beacon_v6" {
   ttl     = 120
 }
 
+resource "cloudflare_record" "server_record_xatu_v4" {
+  for_each = {
+    for vm in local.digitalocean_vms : "${vm.id}" => vm if contains(vm.tags, "group_name:xatu")
+  }
+  zone_id = data.cloudflare_zone.default.id
+  name    = "xatu.${var.ethereum_network}"
+  type    = "A"
+  value   = digitalocean_droplet.main[each.value.id].ipv4_address
+  proxied = false
+  ttl     = 120
+}
+
+resource "cloudflare_record" "xatu-server" {
+  zone_id = data.cloudflare_zone.default.id
+  name    = "server.xatu.${var.ethereum_network}"
+  type    = "CNAME"
+  value   = "xatu.${var.ethereum_network}.ethpandaops.io"
+  proxied = false
+  ttl     = 120
+}
+
+resource "cloudflare_record" "grafana" {
+  zone_id = data.cloudflare_zone.default.id
+  name    = "grafana.xatu.${var.ethereum_network}"
+  type    = "CNAME"
+  value   = "xatu.${var.ethereum_network}.ethpandaops.io"
+  proxied = true
+  ttl     = 1
+}
+
 
 ////////////////////////////////////////////////////////////////////////////////////////
 //                          GENERATED FILES AND OUTPUTS

terraform/devnet-3/main.tf

@@ -63,6 +63,7 @@ locals {
   vm_groups = [
     var.mev_relay,
     var.bootnode,
+    var.xatu,
     var.lighthouse_geth,
     var.lighthouse_nethermind,
     var.lighthouse_erigon,

terraform/devnet-3/nodes.tf

@@ -18,6 +18,18 @@ variable "mev_relay" {
     #size            = "s-4vcpu-8gb-240gb-intel"
   }
 }
+
+# xatu
+variable "xatu" {
+  default = {
+    name            = "xatu"
+    count           = 1
+    validator_start = 0
+    validator_end   = 0
+    size            = "s-8vcpu-16gb-amd"
+  }
+}
+
 # Lighthouse
 variable "lighthouse_geth" {
   default = {