Configure and operate a basic cloud-native service: running anything from crypto blockchain clients to the immense app store of open-source (Apache, CNCF and beyond) services.
Systemd, installation of the docker engine or a Kubernetes cluster.
| var | description | default |
|---|---|---|
| setup_mode | infrastructure provisioning setup mode (container, k8s, systemd, install) |
undefined |
| name | name of service to deploy | required |
| command | Command and arguments to execute on startup | required |
| user | service user to setup | <operating-user> |
| group | service group to setup | <operating-user> |
| config | configuration files associated with the service to mount | {} |
| config_env | environment variables to set within the service runtime | {} |
| ports | listening port information for a service | {} |
| data_dirs | directory mappings to store service runtime/operational data | {} |
| host_data_dir | host directory for general deployment operations | `` |
| cpus | CPU resources each deployed service can use (either percentage for systemd or cores for containers) | 100 |
| memory | available memory resources each deployed service can use | 1G |
| restart_policy | service restart policy | on-failure |
| uninstall | whether to remove installed service and artifacts | false |
| var | description | default |
|---|---|---|
| image | service container image to deploy | |
| network_mode | container network to attach (more info) | bridge |
| binary_url | URL of the binary file or archive to download and bind-mount into the container | |
| binary_file_name_override | Override the binary file name after moving it to the destination directory | |
| binary_strip_components | Strip NUMBER leading components/directories from file names on extraction | 0 |
| destination_directory | host directory where the binary file will be placed after downloading/extracting | /usr/local/bin |
| binary_app_path | in-container mount path for the downloaded binary directory | <destination_directory> |
| var | description | default |
|---|---|---|
| binary_url | URL of the binary file to download | |
| binary_file_name_override | Override the binary file name after moving it to the destination directory | |
| binary_strip_components | Strip NUMBER leading components/directories from file names on extraction | 0 |
| destination_directory | directory where the binary file will be placed after downloading/extracting | /usr/local/bin |
| systemd | custom service type & unit, service and install properties | {} |
| systemd.enable_accounting | enable systemd resource accounting (CPU, Memory, IO, Tasks, IP) | true |
To authorize access to the target Kubernetes cluster, set the following environment variables:
export KUBECONFIG=<path-to-the-kubeconfig-file>
export KUBE_CONTEXT=<context-within-the-kubeconfig-to-use>| var | description | default |
|---|---|---|
| helm_chart_path | path to Helm chart to use for the service deployment/release | helm (resolved relative to the role) |
| helm_namespace | Kubernetes namespace to deploy to (also rendered into chart values) | default |
| helm_values_path | optional Helm values overlay file merged after rendered role values | "" |
| helm_render_values_from_role | map common role vars (image, config, ports, cpus, memory, etc.) into Helm values |
true |
| helm_create_namespace | create the target namespace during Helm install | true |
| helm_wait / helm_atomic / helm_timeout | Helm install safety controls | true / true / 10m |
With setup_mode: k8s, the role renders Helm values from the same variables used by container, systemd, and install modes, then deploys the bundled chart. Set helm_render_values_from_role: false to use only helm_values_path.
Install role and collection requirements:
ansible-galaxy install -r requirements.ymlSee requirements.yml for the full list (includes ansible-role-systemd and community.docker).
- Launch a Wireguard client which establishes a secure peer tunnel connection:
- name: Configure WireGuard VPN
hosts: VPNServers
remote_user: devops
become: true
roles:
- role: basic-service
vars:
setup_mode: systemd
name: wireguard
user: wireguard
binary_url: https://git.zx2c4.com/wireguard-tools/snapshot/wireguard-tools-1.0.20210424.tar.xz
binary_file_name_override: wireguard
command: >
/usr/local/bin/wg-quick up wg0
cpus: 50
memory: 1G
config:
wg0.conf:
destinationPath: /etc/wireguard/wg0.conf
data: |
[Interface]
PrivateKey = <Your-Private-Key>
Address = 10.0.0.1/24
ListenPort = 51820
[Peer]
PublicKey = <Peer-Public-Key>
Endpoint = <Peer-Public-IP>:51820
AllowedIPs = 10.0.0.2/32
ports:
wireguard:
ingressPort: 51820
servicePort: 51820
systemd:
enable_accounting: true
service_properties:
ExecStop: /usr/local/bin/wg-quick down wg0
Restart: on-failure- Provision an Ethereum execution and consensus client connected to the Sepolia testnet and monitor with the XATU service
- name: Configure Ethereum execution layer clients
hosts: EthereumSepolia
become: true
roles:
- role: basic-service
vars:
setup_mode: systemd
name: reth
user: ubuntu
binary_url: https://github.com/paradigmxyz/reth/releases/download/v1.1.4/reth-v1.1.4-x86_64-unknown-linux-gnu.tar.gz
binary_file_name_override: reth
command: >
/usr/local/bin/reth node --full --chain=sepolia --http --http.addr 0.0.0.0 --http.api "admin,debug,eth,net,txpool,web3,rpc,reth,ots,flashbots,miner" --metrics 0.0.0.0:8085
cpus: 50
memory: 5G
config:
reth.toml:
destinationPath: /home/ubuntu/reth.toml
data: |
# add configuration values
- name: Configure Ethereum consensus layer clients
hosts: EthereumSepolia
become: true
roles:
- role: basic-service
vars:
setup_mode: systemd
name: lighthouse
user: ubuntu
binary_url: https://github.com/sigp/lighthouse/releases/download/v6.0.0/lighthouse-v6.0.0-x86_64-unknown-linux-gnu.tar.gz
binary_file_name_override: lighthouse
command: >
lighthouse bn --network sepolia --checkpoint-sync-url https://checkpoint-sync.sepolia.ethpandaops.io/
--execution-endpoint http://localhost:8551 --execution-jwt /home/ahmad/.local/share/reth/sepolia/jwt.hex
--http --http-address 0.0.0.0
--metrics --metrics-address 0.0.0.0 --metrics-port 8086
cpus: 50
memory: 5G
- name: Configure XATU server for analytics
hosts: EthereumSepolia
become: true
roles:
- role: basic-service
vars:
setup_mode: container
name: xatu-server
image: ethpandaops/xatu:latest
command: sentry --preset ethpandaops --beacon-node-url=http://localhost:5052 --output-authorization="Basic <redacted>"
cpus: 0.5
memory: 5g
network_mode: host- Run a downloaded binary inside a container (e.g. Prometheus from a release archive):
- name: Configure Prometheus in a container
hosts: Monitoring
become: true
roles:
- role: basic-service
vars:
setup_mode: container
name: prometheus
image: debian:bookworm-slim
binary_url: https://github.com/prometheus/prometheus/releases/download/v2.47.0/prometheus-2.47.0.linux-amd64.tar.gz
binary_strip_components: 1
binary_file_name_override: prometheus
destination_directory: /usr/local/bin
command: >
/usr/local/bin/prometheus --config.file=/etc/prometheus/prometheus.yml
--storage.tsdb.path=/prometheus --web.listen-address=0.0.0.0:9090
ports:
prometheus:
ingressPort: 9090
servicePort: 9090
host_data_dir: /var/lib/prometheus
config:
prometheus.yml:
destinationPath: /etc/prometheus/prometheus.yml
data: |
global:
scrape_interval: 15s
data_dirs:
prometheus-data:
hostPath: /var/lib/prometheus/data
appPath: /prometheus- Install a tool (e.g.
curl):
- name: Install curl tool
hosts: all
become: true
roles:
- role: basic-service
vars:
setup_mode: install
name: curl
binary_url: https://github.com/moparisthebest/static-curl/releases/download/v8.12.1/curl-amd64
binary_strip_components: 1
binary_file_name_override: curlMIT
This Ansible role was created in 2023 by O1.IO.
🏆 always happy to help & donations are always welcome 💸
-
ETH (Ethereum): 0x652eD9d222eeA1Ad843efec01E60C29bF2CF6E4c
-
BTC (Bitcoin): 3E8gMxwEnfAAWbvjoPVqSz6DvPfwQ1q8Jn
-
ATOM (Cosmos): cosmos19vmcf5t68w6ug45mrwjyauh4ey99u9htrgqv09