From 06dd244035a1884e296db44dcc82d1b8ef420f6f Mon Sep 17 00:00:00 2001 From: u1 Date: Sat, 7 Feb 2026 00:36:30 +0100 Subject: [PATCH] fix(sol): bind validator and RPC to same address --- ansible/group_vars/sol_rpc.yml | 4 +++- ansible/templates/solana-rpc.service.j2 | 3 ++- doc/etap-006-agave-install-identity-start.md | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ansible/group_vars/sol_rpc.yml b/ansible/group_vars/sol_rpc.yml index 65d5600..41fc022 100644 --- a/ansible/group_vars/sol_rpc.yml +++ b/ansible/group_vars/sol_rpc.yml @@ -18,7 +18,9 @@ solana_ledger_dir: /var/lib/solana/ledger solana_accounts_dir: /var/lib/solana/accounts solana_log_dir: /var/log/solana -solana_rpc_bind_address: 127.0.0.1 +# Note: agave-validator expects all sockets to be bound to the same IP. +# For now we bind validator + RPC to 0.0.0.0 and rely on network hardening in a later etap. +solana_bind_address: 0.0.0.0 solana_rpc_port: 8899 solana_rpc_pubsub_port: 8900 solana_dynamic_port_range: "8000-8020" diff --git a/ansible/templates/solana-rpc.service.j2 b/ansible/templates/solana-rpc.service.j2 index ff047b7..f82c6c8 100644 --- a/ansible/templates/solana-rpc.service.j2 +++ b/ansible/templates/solana-rpc.service.j2 @@ -17,7 +17,8 @@ ExecStart={{ solana_validator_bin }} \ --identity {{ solana_identity_path }} \ --ledger {{ solana_ledger_dir }} \ --accounts {{ solana_accounts_dir }} \ - --rpc-bind-address {{ solana_rpc_bind_address }} \ + --bind-address {{ solana_bind_address }} \ + --rpc-bind-address {{ solana_bind_address }} \ --rpc-port {{ solana_rpc_port }} \ --dynamic-port-range {{ solana_dynamic_port_range }}{% for ep in solana_entrypoints %} \ --entrypoint {{ ep }}{% endfor %}{% for kv in solana_known_validators %} \ diff --git a/doc/etap-006-agave-install-identity-start.md b/doc/etap-006-agave-install-identity-start.md index 2672944..38ebcb0 100644 --- a/doc/etap-006-agave-install-identity-start.md +++ b/doc/etap-006-agave-install-identity-start.md @@ -16,7 +16,8 @@ Cel etapu: domknąć bootstrap uruchomienia `solana-rpc` jako `solana` przez: ## Założenia -- Bootstrap używa domyślnego bind `127.0.0.1` (bez publicznej ekspozycji RPC). +- W tej wersji `agave-validator` wszystkie sockety (gossip/TPU/RPC) muszą być zbindowane do tego samego IP. +- Na czas bootstrapu bind jest na `0.0.0.0` (żeby validator przeszedł check reachability i wystartował). - Produkcyjny bind na WG IP i hardening sieciowy będzie osobnym etapem. - Release tar z `agave-install` nie zawiera `agave-validator`, więc `agave-validator` budujemy ze źródeł (tag `v2.x`) i instalujemy do `/opt/solana/bin`. - Build wymaga pakietów dev, w tym `libclang`/`llvm` (Ansible instaluje je w playbooku).