diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/flashbots/op-rbuilder.yaml b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/flashbots/op-rbuilder.yaml index 54c2c844..67989582 100644 --- a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/flashbots/op-rbuilder.yaml +++ b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/flashbots/op-rbuilder.yaml @@ -3,7 +3,7 @@ bproxy: node_healthchecker: git_reference: v0.1.11 op_rbuilder: - git_reference: op-rbuilder/v0.4.6 + git_reference: op-rbuilder/v0.4.10 rust: version: 1.94.0 tdx_quote_provider: diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/systemd/system/node-healthchecker.service b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/systemd/system/node-healthchecker.service deleted file mode 100644 index 35ef6122..00000000 --- a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/systemd/system/node-healthchecker.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Blockchain node healthchecker -After=network.target -Wants=network.target - -[Service] -Type=simple -SyslogIdentifier=node-healthchecker -User=op-rbuilder -Group=optimism - -Restart=always -RestartSec=5 -TimeoutStopSec=60 - -ExecStart=/usr/bin/node-healthchecker serve \ - --healthcheck-block-age-threshold 10s \ - --healthcheck-timeout 500ms \ - --healthcheck-reth-base-url http://127.0.0.1:18645 \ - --healthcheck-unconditional-fail-duration 1m \ - --http-status-warning 200 \ - --server-listen-address 0.0.0.0:8080 - -[Install] -WantedBy=default.target diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.ctmpl b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.ctmpl index 681c0553..93ed365b 100644 --- a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.ctmpl +++ b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.ctmpl @@ -1,5 +1,5 @@ [Install] -WantedBy=default.target +WantedBy=minimal.target [Unit] Description=L2 builder proxy diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.hcl b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.hcl index f675bec4..0c08bb9c 100644 --- a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.hcl +++ b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/bproxy.service.hcl @@ -14,7 +14,7 @@ template { command = ["/bin/sh", "-c", <<-EOT - printf '{"@level":"info","@message":"rendered template","@destination":"/etc/systemd/system/bproxy.service","@content":"%s"}\n' "$( cat /etc/systemd/system/bproxy.service | base64 -w 0 )" + cat /etc/systemd/system/bproxy.service | base64 -w 2048 systemctl daemon-reload systemctl add-wants minimal.target bproxy.service diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.ctmpl b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.ctmpl new file mode 100644 index 00000000..a42b22d2 --- /dev/null +++ b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.ctmpl @@ -0,0 +1,31 @@ +[Install] +WantedBy=minimal.target + +[Unit] +Description=Blockchain node healthchecker +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=node-healthchecker +User=op-rbuilder +Group=optimism + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +((- $cordon := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_cordon/[[ gcp.Meta "name" ]]" ).Data.data )) +((- $cordon_after := "0" ))(( if $cordon.after ))(( $cordon_after = $cordon.after ))(( end )) +((- $cordon_before := "0" ))(( if $cordon.before ))(( $cordon_before = $cordon.before ))(( end )) +((- $status := "200" ))(( if ( and ( ge (timestamp "unix") $cordon_after ) ( le (timestamp "unix") $cordon_before ) ) ))(( $status = "503" ))(( end )) + +ExecStart=/usr/bin/node-healthchecker serve \ + --healthcheck-block-age-threshold 10s \ + --healthcheck-timeout 500ms \ + --healthcheck-reth-base-url http://127.0.0.1:18645 \ + --healthcheck-unconditional-fail-duration 1m \ + --http-status-ok (( $status )) \ + --http-status-warning (( $status )) \ + --server-listen-address 0.0.0.0:8080 diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.hcl b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.hcl new file mode 100644 index 00000000..e44831c1 --- /dev/null +++ b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.hcl @@ -0,0 +1,25 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/node-healthchecker.service.ctmpl" + destination = "/etc/systemd/system/node-healthchecker.service" + + user = "root" + group = "root" + perms = "0644" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + cat /etc/systemd/system/node-healthchecker.service | base64 -w 2048 + + systemctl daemon-reload + systemctl add-wants minimal.target node-healthchecker.service + systemctl restart node-healthchecker.service + EOT + ] + } +} diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl index 431231e8..cc288a79 100644 --- a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl +++ b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl @@ -1,7 +1,5 @@ -# op-rbuilder - [Install] -WantedBy=default.target +WantedBy=minimal.target [Unit] Description=op-rbuilder diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl index 5fa35dee..f72e1c68 100644 --- a/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl +++ b/modules/l2/op-rbuilder-bproxy/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl @@ -14,7 +14,7 @@ template { command = ["/bin/sh", "-c", <<-EOT - printf '{"@level":"info","@message":"rendered template","@destination":"/etc/systemd/system/op-rbuilder.service","@content":"%s"}\n' "$( cat /etc/systemd/system/op-rbuilder.service | base64 -w 0 )" + cat /etc/systemd/system/op-rbuilder.service | base64 -w 2048 systemctl daemon-reload systemctl add-wants minimal.target op-rbuilder.service diff --git a/modules/l2/op-rbuilder-bproxy/mkosi.postinst.chroot b/modules/l2/op-rbuilder-bproxy/mkosi.postinst.chroot index 9faf21a3..05647d2c 100755 --- a/modules/l2/op-rbuilder-bproxy/mkosi.postinst.chroot +++ b/modules/l2/op-rbuilder-bproxy/mkosi.postinst.chroot @@ -5,7 +5,6 @@ set -euxo pipefail # Enable systemd services systemctl add-wants minimal.target \ - node-healthchecker.service \ tdx-quote-provider.service # Create users and groups diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml b/modules/l2/op-rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml index f3f03ff2..422dbd57 100644 --- a/modules/l2/op-rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml +++ b/modules/l2/op-rbuilder/mkosi.extra/etc/flashbots/op-rbuilder.yaml @@ -1,9 +1,9 @@ node_healthchecker: git_reference: v0.1.11 op_rbuilder: - git_reference: op-rbuilder/v0.4.6 + git_reference: op-rbuilder/v0.4.9 rproxy: - git_reference: v0.0.11 + git_reference: v0.0.12 rust: version: 1.94.0 tdx_quote_provider: diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service b/modules/l2/op-rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service deleted file mode 100644 index 35ef6122..00000000 --- a/modules/l2/op-rbuilder/mkosi.extra/etc/systemd/system/node-healthchecker.service +++ /dev/null @@ -1,25 +0,0 @@ -[Unit] -Description=Blockchain node healthchecker -After=network.target -Wants=network.target - -[Service] -Type=simple -SyslogIdentifier=node-healthchecker -User=op-rbuilder -Group=optimism - -Restart=always -RestartSec=5 -TimeoutStopSec=60 - -ExecStart=/usr/bin/node-healthchecker serve \ - --healthcheck-block-age-threshold 10s \ - --healthcheck-timeout 500ms \ - --healthcheck-reth-base-url http://127.0.0.1:18645 \ - --healthcheck-unconditional-fail-duration 1m \ - --http-status-warning 200 \ - --server-listen-address 0.0.0.0:8080 - -[Install] -WantedBy=default.target diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.ctmpl b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.ctmpl new file mode 100644 index 00000000..a42b22d2 --- /dev/null +++ b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.ctmpl @@ -0,0 +1,31 @@ +[Install] +WantedBy=minimal.target + +[Unit] +Description=Blockchain node healthchecker +After=network.target +Wants=network.target + +[Service] +Type=simple +SyslogIdentifier=node-healthchecker +User=op-rbuilder +Group=optimism + +Restart=always +RestartSec=5 +TimeoutStopSec=60 + +((- $cordon := ( secret "[[ gcp.Meta "attributes/vault_kv_path" ]]/node/_cordon/[[ gcp.Meta "name" ]]" ).Data.data )) +((- $cordon_after := "0" ))(( if $cordon.after ))(( $cordon_after = $cordon.after ))(( end )) +((- $cordon_before := "0" ))(( if $cordon.before ))(( $cordon_before = $cordon.before ))(( end )) +((- $status := "200" ))(( if ( and ( ge (timestamp "unix") $cordon_after ) ( le (timestamp "unix") $cordon_before ) ) ))(( $status = "503" ))(( end )) + +ExecStart=/usr/bin/node-healthchecker serve \ + --healthcheck-block-age-threshold 10s \ + --healthcheck-timeout 500ms \ + --healthcheck-reth-base-url http://127.0.0.1:18645 \ + --healthcheck-unconditional-fail-duration 1m \ + --http-status-ok (( $status )) \ + --http-status-warning (( $status )) \ + --server-listen-address 0.0.0.0:8080 diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.hcl b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.hcl new file mode 100644 index 00000000..e44831c1 --- /dev/null +++ b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/node-healthchecker.service.hcl @@ -0,0 +1,25 @@ +template { + left_delimiter = "((" + right_delimiter = "))" + + source = "/etc/vault-agent/node-healthchecker.service.ctmpl" + destination = "/etc/systemd/system/node-healthchecker.service" + + user = "root" + group = "root" + perms = "0644" + + exec { + timeout = "60s" + + command = ["/bin/sh", "-c", + <<-EOT + cat /etc/systemd/system/node-healthchecker.service | base64 -w 2048 + + systemctl daemon-reload + systemctl add-wants minimal.target node-healthchecker.service + systemctl restart node-healthchecker.service + EOT + ] + } +} diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl index 0e047e19..bb9aac05 100644 --- a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl +++ b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.ctmpl @@ -1,7 +1,5 @@ -# op-rbuilder - [Install] -WantedBy=default.target +WantedBy=minimal.target [Unit] Description=op-rbuilder diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl index 65755ba8..c129c9a7 100644 --- a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl +++ b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/op-rbuilder.service.hcl @@ -14,7 +14,7 @@ template { command = ["/bin/sh", "-c", <<-EOT - printf '{"@level":"info","@message":"rendered template","@destination":"/etc/systemd/system/op-rbuilder.service","@content":"%s"}\n' "$( cat /etc/systemd/system/op-rbuilder.service | base64 -w 0 )" + cat /etc/systemd/system/op-rbuilder.service | base64 -w 2048 systemctl daemon-reload systemctl add-wants minimal.target op-rbuilder.service diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl index e443a5f6..91d4ea7a 100644 --- a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl +++ b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.ctmpl @@ -1,5 +1,5 @@ [Install] -WantedBy=default.target +WantedBy=minimal.target [Unit] Description=L2 builder proxy diff --git a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl index 65c7f8c8..0b8c6f4b 100644 --- a/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl +++ b/modules/l2/op-rbuilder/mkosi.extra/etc/vault-agent/gomplate/rproxy.service.hcl @@ -14,7 +14,7 @@ template { command = ["/bin/sh", "-c", <<-EOT - printf '{"@level":"info","@message":"rendered template","@destination":"/etc/systemd/system/rproxy.service","@content":"%s"}\n' "$( cat /etc/systemd/system/rproxy.service | base64 -w 0 )" + cat /etc/systemd/system/rproxy.service | base64 -w 2048 systemctl daemon-reload systemctl add-wants minimal.target rproxy.service diff --git a/modules/l2/op-rbuilder/mkosi.postinst.chroot b/modules/l2/op-rbuilder/mkosi.postinst.chroot index 9faf21a3..05647d2c 100755 --- a/modules/l2/op-rbuilder/mkosi.postinst.chroot +++ b/modules/l2/op-rbuilder/mkosi.postinst.chroot @@ -5,7 +5,6 @@ set -euxo pipefail # Enable systemd services systemctl add-wants minimal.target \ - node-healthchecker.service \ tdx-quote-provider.service # Create users and groups