Basic-Service

Configure and operate a basic cloud-native service: running anything from crypto blockchain clients to the immense app store of open-source (Apache, CNCF and beyond) services.

Requirements

Systemd, installation of the docker engine or a Kubernetes cluster.

Role Variables

Common

var	description	default
setup_mode	infrastructure provisioning setup mode (container, k8s, systemd, install)	undefined
name	name of service to deploy	required
command	Command and arguments to execute on startup	required
user	service user to setup	<operating-user>
group	service group to setup	<operating-user>
config	configuration files associated with the service to mount	{}
config_env	environment variables to set within the service runtime	{}
ports	listening port information for a service	{}
data_dirs	directory mappings to store service runtime/operational data	{}
host_data_dir	host directory for general deployment operations	``
cpus	CPU resources each deployed service can use (either percentage for systemd or cores for containers)	100
memory	available memory resources each deployed service can use	1G
restart_policy	service restart policy	on-failure
uninstall	whether to remove installed service and artifacts	false

Container

var	description	default
image	service container image to deploy
network_mode	container network to attach (more info)	bridge
binary_url	URL of the binary file or archive to download and bind-mount into the container
binary_file_name_override	Override the binary file name after moving it to the destination directory
binary_strip_components	Strip NUMBER leading components/directories from file names on extraction	0
destination_directory	host directory where the binary file will be placed after downloading/extracting	/usr/local/bin
binary_app_path	in-container mount path for the downloaded binary directory	<destination_directory>

Systemd

var	description	default
binary_url	URL of the binary file to download
binary_file_name_override	Override the binary file name after moving it to the destination directory
binary_strip_components	Strip NUMBER leading components/directories from file names on extraction	0
destination_directory	directory where the binary file will be placed after downloading/extracting	/usr/local/bin
systemd	custom service type & unit, service and install properties	{}
systemd.enable_accounting	enable systemd resource accounting (CPU, Memory, IO, Tasks, IP)	true

Kubernetes (k8s)

To authorize access to the target Kubernetes cluster, set the following environment variables:

export KUBECONFIG=<path-to-the-kubeconfig-file>
export KUBE_CONTEXT=<context-within-the-kubeconfig-to-use>

var	description	default
helm_chart_path	path to Helm chart to use for the service deployment/release	helm (resolved relative to the role)
helm_namespace	Kubernetes namespace to deploy to (also rendered into chart values)	default
helm_values_path	optional Helm values overlay file merged after rendered role values	""
helm_render_values_from_role	map common role vars (image, config, ports, cpus, memory, etc.) into Helm values	true
helm_create_namespace	create the target namespace during Helm install	true
helm_wait / helm_atomic / helm_timeout	Helm install safety controls	true / true / 10m

With setup_mode: k8s, the role renders Helm values from the same variables used by container, systemd, and install modes, then deploys the bundled chart. Set helm_render_values_from_role: false to use only helm_values_path.

Containerized Apps

• O1 Containers
• Dockerhub
• Quay.io

Dependencies

Install role and collection requirements:

ansible-galaxy install -r requirements.yml

See requirements.yml for the full list (includes ansible-role-systemd and community.docker).

Example Playbook

One schema for container, systemd, k8s, and install — swap setup_mode; the role derives mounts, ports, firewall rules, unit files, and Helm values from shared dicts.

Molecule CI: tests/molecule/.

Container

- name: Serve nginx
  hosts: web
  become: true
  roles:
    - role: basic-service
      vars:
        setup_mode: container
        name: nginx
        image: nginx:latest
        command: nginx -g "daemon off;"
        cpus: 0.5
        memory: 128M
        ports:
          http:
            ingressPort: 8080
            servicePort: 80

Prometheus — systemd or k8s

Play vars and a YAML anchor share config across runtimes. For k8s, set KUBECONFIG / KUBE_CONTEXT (Kubernetes variables).

- name: Prometheus on systemd
  hosts: monitoring
  become: true
  vars:
    prometheus_root: /var/lib/prometheus
    prometheus_data_dir: "{{ prometheus_root }}/data"
    prometheus_config: /etc/prometheus/prometheus.yml
    prometheus: &prometheus
      name: prometheus
      memory: 512M
      ports:
        prometheus: { ingressPort: 9090, servicePort: 9090 }
      config:
        prometheus.yml:
          destinationPath: "{{ prometheus_config }}"
          data: |
            global:
              scrape_interval: 15s
            scrape_configs:
              - job_name: prometheus
                static_configs:
                  - targets: ["localhost:9090"]
  roles:
    - role: basic-service
      vars:
        <<: *prometheus
        setup_mode: systemd
        user: prometheus
        cpus: 50
        binary_url: https://github.com/prometheus/prometheus/releases/download/v2.47.0/prometheus-2.47.0.linux-amd64.tar.gz
        binary_strip_components: 1
        binary_file_name_override: "{{ name }}"
        command: >
          /usr/local/bin/{{ name }}
          --config.file={{ prometheus_root }}{{ prometheus_config }}
          --storage.tsdb.path={{ prometheus_data_dir }}
        host_data_dir: "{{ prometheus_root }}"
        data_dirs:
          prometheus_data:
            hostPath: "{{ prometheus_data_dir }}"
            appPath: "{{ prometheus_data_dir }}"
        setup_iptables: true
        systemd:
          enable_accounting: true

- name: Prometheus on Kubernetes
  hosts: localhost
  connection: local
  roles:
    - role: basic-service
      vars:
        <<: *prometheus
        setup_mode: k8s
        image: prom/prometheus:v2.47.0
        helm_namespace: monitoring
        cpus: 0.5
        command: >
          --config.file={{ prometheus_config }}
          --storage.tsdb.path=/prometheus
        k8s_health_check_path: /-/healthy

Ethereum (Sepolia)

- name: Ethereum Sepolia stack
  hosts: sepolia_nodes
  become: true
  vars:
    ethereum_network: sepolia
    ethereum_data_root: /var/lib/ethereum
    jwt_path: "{{ ethereum_data_root }}/jwt.hex"
    ethereum_client: &ethereum_client
      setup_mode: systemd
      user: ethereum
  roles:
    - role: basic-service
      vars:
        <<: *ethereum_client
        name: reth
        host_data_dir: "{{ ethereum_data_root }}/{{ name }}"
        client_datadir: "{{ ethereum_data_root }}/{{ name }}/data"
        binary_url: https://github.com/paradigmxyz/reth/releases/download/v1.1.4/reth-v1.1.4-x86_64-unknown-linux-gnu.tar.gz
        binary_file_name_override: "{{ name }}"
        command: >
          /usr/local/bin/{{ name }} node --chain {{ ethereum_network }}
          --datadir {{ client_datadir }}
          --authrpc.jwtsecret {{ jwt_path }}
          --http --http.addr 127.0.0.1 --http.port 8545
          --metrics 0.0.0.0:9001
        cpus: 80
        memory: 8G
        data_dirs:
          chain:
            hostPath: "{{ client_datadir }}"
            appPath: "{{ client_datadir }}"
        ports:
          metrics: { ingressPort: 9001, servicePort: 9001 }

    - role: basic-service
      vars:
        <<: *ethereum_client
        name: lighthouse
        host_data_dir: "{{ ethereum_data_root }}/{{ name }}"
        client_datadir: "{{ ethereum_data_root }}/{{ name }}/data"
        binary_url: https://github.com/sigp/lighthouse/releases/download/v6.0.0/lighthouse-v6.0.0-x86_64-unknown-linux-gnu.tar.gz
        binary_file_name_override: "{{ name }}"
        command: >
          /usr/local/bin/{{ name }} bn --network {{ ethereum_network }}
          --datadir {{ client_datadir }}
          --checkpoint-sync-url https://checkpoint-sync.sepolia.ethpandaops.io
          --execution-endpoint http://127.0.0.1:8551
          --execution-jwt {{ jwt_path }}
          --http --http-address 127.0.0.1 --http-port 5052
          --metrics --metrics-address 0.0.0.0 --metrics-port 9002
        cpus: 50
        memory: 4G
        data_dirs:
          beacon:
            hostPath: "{{ client_datadir }}"
            appPath: "{{ client_datadir }}"
        ports:
          metrics: { ingressPort: 9002, servicePort: 9002 }

Install / uninstall

- name: Install jq CLI
  hosts: all
  become: true
  vars:
    jq_tool: &jq_tool
      setup_mode: install
      name: jq
      binary_url: https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-linux-amd64
      binary_file_name_override: "{{ name }}"
  roles:
    - role: basic-service
      vars:
        <<: *jq_tool

- name: Remove jq CLI
  hosts: all
  become: true
  roles:
    - role: basic-service
      vars:
        <<: *jq_tool
        uninstall: true

License

MIT

Author Information

This Ansible role was created in 2023 by O1.IO.

🏆 always happy to help & donations are always welcome 💸

• ETH (Ethereum): 0x652eD9d222eeA1Ad843efec01E60C29bF2CF6E4c

• BTC (Bitcoin): 3E8gMxwEnfAAWbvjoPVqSz6DvPfwQ1q8Jn

• ATOM (Cosmos): cosmos19vmcf5t68w6ug45mrwjyauh4ey99u9htrgqv09