From 3cad551aaf883661069b6b72dd7d77540a80fc70 Mon Sep 17 00:00:00 2001 From: Sam Calder-Mason Date: Fri, 19 Jun 2026 12:35:00 +1000 Subject: [PATCH 1/2] ansible: source per-client SSH rosters from coredevs Replace the hardcoded bootstrap_default_user_authorized_keys_github_team_cl/_el lists in each client group_vars with a runtime fetch from the coredevs registry (https://coredevs.analytics.production.platform.ethpandaops.io), so client-dev access stays current without hand-editing inventory. Each client keeps a _extra_github_users list for handles not yet in coredevs; it is unioned with the fetched roster. The few handles that were in the old lists but not yet in coredevs (lighthouse marcopolo/aarshkshah1992, prysm marcopolo, teku siladu) are seeded there so no one loses access. --- .../devnet-0/group_vars/all/all.yaml | 4 ++++ .../inventories/devnet-0/group_vars/besu.yaml | 18 ++++-------------- .../devnet-0/group_vars/erigon.yaml | 8 ++++---- .../inventories/devnet-0/group_vars/geth.yaml | 10 ++++------ .../devnet-0/group_vars/grandine.yaml | 9 ++++----- .../devnet-0/group_vars/lighthouse.yaml | 15 ++++----------- .../devnet-0/group_vars/lodestar.yaml | 13 ++++--------- .../devnet-0/group_vars/nethermind.yaml | 15 ++++----------- .../devnet-0/group_vars/nimbus.yaml | 11 ++++------- .../devnet-0/group_vars/nimbusel.yaml | 9 ++++----- .../inventories/devnet-0/group_vars/prysm.yaml | 14 ++++---------- .../inventories/devnet-0/group_vars/reth.yaml | 14 ++++---------- .../inventories/devnet-0/group_vars/teku.yaml | 11 ++++------- 13 files changed, 52 insertions(+), 99 deletions(-) diff --git a/ansible/inventories/devnet-0/group_vars/all/all.yaml b/ansible/inventories/devnet-0/group_vars/all/all.yaml index df3943e..f026b5b 100644 --- a/ansible/inventories/devnet-0/group_vars/all/all.yaml +++ b/ansible/inventories/devnet-0/group_vars/all/all.yaml @@ -112,6 +112,10 @@ ethereum_genesis_validator_keyranges: >- bootstrap_default_user_authorized_keys_plain: - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDbboxOo0jyL3DNxqZ6UTEnZPEzPDPnujEYaClqNWSLWkphczHKAnJPkrwbAWB4JbJKjsAJ5kn53f10KPnUyZvJ5Jn8Rpf7RM7+56MYaBg84gVoA2KeIYxUa7h8neY7J61Galp0c6cOK+hp1lPsoiBSdCW/Rtbv6ALCcVe+4+uCW5FRoJcNRJfGRLRnjh1pw57HQw9O55mf319s4rVUq4umznQ0CciEx3rVMtXf4xjIZDZAhNpGaBh8AtHauaMZCOGociAIquYYqoSQnnmnOBiduRa5OkvGZomgybNQivlYboDeF6sQ71KVzRXSI+mxCYbSp246lqSdQtQsjFA54NYl/qWgAql0uqCqsZidW+XBjquyItRl2Rfzzy5Fk/gMOAJXHQYp4POfgFbqtxjWpfnuOKqW/1IGWcIt2g016effUqGgj/oePX0g+duFdszSKK773rJBySgafFF6XWNqagrLmE4LUGC+6P3oxzYTSFGeUVA21OayL+K40XPpJti5zns= # devops-eth2-shared" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWh9NW66VD4BPKETNyZeZrGN1f7G6dkihW3eAc7cbJPFQGIpnWc2tGq5o13vWW+SoCh16nkYM2oak+PJQxXYTiQnrMJSmSFd7E0DmdcoKadGJEnfosrH++aOZf/eVLe5q3E9NQFVSdOPo1MCRRTuZxPkuMxS6QikW3otWrA3F2vFgmYyki3Cy8huQzHKUZGicividYcUSFTydR2L0oWUNve3FyqMQQQPnfaJ1RvrkeGtdhRSAxa6L0jzgRK7fjpUyhKOofr7kCKARGELRRiB9QikRAoHU2/D/2jtJjKlTCJxArzXyDF2IcQCco+5Oe9x4c7Xch32dbscJSmjaAvsxRnu7GEFCS7b6kKGvwcoq5vJzvp3RBBR7Mosxv6pcM/q7Z4RhXOFVFFiPVl1dqkqSPkUrHwg8LtWOxC+GAl36vxhHLdDEV/RhbSAzO6SfYEWYGH1w7u4oiy2XAT2cNCO0j0tSHS5chX+d7TzwAbBE2HuPL84GVGHZG875hmiE+Dok= # github-actions-ci" +# Per-client team SSH rosters are fetched at runtime from the coredevs registry +# (see each client group_vars file). https://github.com/ethpandaops/coredevs +coredevs_api_url: https://coredevs.analytics.production.platform.ethpandaops.io + bootstrap_default_user_authorized_keys_github_all: - barnabasbusa - parithosh diff --git a/ansible/inventories/devnet-0/group_vars/besu.yaml b/ansible/inventories/devnet-0/group_vars/besu.yaml index 8e696f7..1fc63f3 100644 --- a/ansible/inventories/devnet-0/group_vars/besu.yaml +++ b/ansible/inventories/devnet-0/group_vars/besu.yaml @@ -1,18 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_el: - - garyschulte - - jflo - - fab-10 - - matkt - - Gabriel-Trintinalia - - siladu - - pinges - - jframe - - ahamlat - - macfarla - - daniellehrner - - kkaur01 - - joshuafernandes +besu_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_el: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/besu?format=txt') | select | list) + + besu_extra_github_users }} # role: ethpandaops.general.ethereum_node ethereum_node_el: besu diff --git a/ansible/inventories/devnet-0/group_vars/erigon.yaml b/ansible/inventories/devnet-0/group_vars/erigon.yaml index 5b5ab25..dac89d7 100644 --- a/ansible/inventories/devnet-0/group_vars/erigon.yaml +++ b/ansible/inventories/devnet-0/group_vars/erigon.yaml @@ -1,8 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_el: - - Giulio2002 - - yperbasis - - taratorio +erigon_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_el: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/erigon?format=txt') | select | list) + + erigon_extra_github_users }} # role: ethpandaops.general.ethereum_node ethereum_node_el: erigon diff --git a/ansible/inventories/devnet-0/group_vars/geth.yaml b/ansible/inventories/devnet-0/group_vars/geth.yaml index 5672101..a1e0d71 100644 --- a/ansible/inventories/devnet-0/group_vars/geth.yaml +++ b/ansible/inventories/devnet-0/group_vars/geth.yaml @@ -1,10 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_el: - - mariusVanDerWijden - - lightclient - - rjl493456442 - - jrhea - - healthykim +geth_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_el: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/geth?format=txt') | select | list) + + geth_extra_github_users }} # role: ethpandaops.general.ethereum_node ethereum_node_el: geth diff --git a/ansible/inventories/devnet-0/group_vars/grandine.yaml b/ansible/inventories/devnet-0/group_vars/grandine.yaml index 9c747d3..703aeac 100644 --- a/ansible/inventories/devnet-0/group_vars/grandine.yaml +++ b/ansible/inventories/devnet-0/group_vars/grandine.yaml @@ -1,9 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_cl: - - sauliusgrigaitis - - tumas - - povi - - hangleang +grandine_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_cl: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/grandine?format=txt') | select | list) + + grandine_extra_github_users }} # role: geerlingguy.docker docker_daemon_options: diff --git a/ansible/inventories/devnet-0/group_vars/lighthouse.yaml b/ansible/inventories/devnet-0/group_vars/lighthouse.yaml index 8dbd57b..dc1b285 100644 --- a/ansible/inventories/devnet-0/group_vars/lighthouse.yaml +++ b/ansible/inventories/devnet-0/group_vars/lighthouse.yaml @@ -1,17 +1,10 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_cl: - - AgeManning - - ethdreamer - - paulhauner - - pawanjay176 - - michaelsproul - - antondlr - - realbigsean - - jimmygchen - # - dapplion +lighthouse_extra_github_users: # handles not yet in the coredevs registry - marcopolo - - dknopik - aarshkshah1992 +bootstrap_default_user_authorized_keys_github_team_cl: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/lighthouse?format=txt') | select | list) + + lighthouse_extra_github_users }} # role: validator_keys validator_keys_sync_files: diff --git a/ansible/inventories/devnet-0/group_vars/lodestar.yaml b/ansible/inventories/devnet-0/group_vars/lodestar.yaml index aa1b491..f4da53d 100644 --- a/ansible/inventories/devnet-0/group_vars/lodestar.yaml +++ b/ansible/inventories/devnet-0/group_vars/lodestar.yaml @@ -1,13 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_cl: - - wemeetagain - - twoeths - - g11tech - - philknows - - nazarhussain - - nflaig - - matthewkeil - - ensi321 +lodestar_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_cl: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/lodestar?format=txt') | select | list) + + lodestar_extra_github_users }} # role: validator_keys validator_keys_sync_files: diff --git a/ansible/inventories/devnet-0/group_vars/nethermind.yaml b/ansible/inventories/devnet-0/group_vars/nethermind.yaml index 606f932..8fd1c61 100644 --- a/ansible/inventories/devnet-0/group_vars/nethermind.yaml +++ b/ansible/inventories/devnet-0/group_vars/nethermind.yaml @@ -1,15 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_el: - - MarekM25 - - kamilchodola - - LukaszRozmej - - marcindsobczak - - asdacap - - rubo - - smartprogrammer93 - - cbermudez97 - - flcl42 - - stdevMac +nethermind_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_el: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/nethermind?format=txt') | select | list) + + nethermind_extra_github_users }} # role: ethpandaops.general.ethereum_node ethereum_node_el: nethermind diff --git a/ansible/inventories/devnet-0/group_vars/nimbus.yaml b/ansible/inventories/devnet-0/group_vars/nimbus.yaml index d648d54..7f8d9ef 100644 --- a/ansible/inventories/devnet-0/group_vars/nimbus.yaml +++ b/ansible/inventories/devnet-0/group_vars/nimbus.yaml @@ -1,11 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_cl: - - zah - - tersec - - etan-status - - arnetheduck - - chirag-parmar - - agnxsh +nimbus_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_cl: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/nimbus?format=txt') | select | list) + + nimbus_extra_github_users }} # role: validator_keys validator_keys_sync_files: diff --git a/ansible/inventories/devnet-0/group_vars/nimbusel.yaml b/ansible/inventories/devnet-0/group_vars/nimbusel.yaml index 663ddf6..8b71bb0 100644 --- a/ansible/inventories/devnet-0/group_vars/nimbusel.yaml +++ b/ansible/inventories/devnet-0/group_vars/nimbusel.yaml @@ -1,9 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_el: - - tersec - - jangko - - advaita-saha - - mjfh +nimbusel_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_el: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/nimbus?format=txt') | select | list) + + nimbusel_extra_github_users }} # role: ethpandaops.general.ethereum_node ethereum_node_el: nimbusel diff --git a/ansible/inventories/devnet-0/group_vars/prysm.yaml b/ansible/inventories/devnet-0/group_vars/prysm.yaml index 75a6fa1..1c1db34 100644 --- a/ansible/inventories/devnet-0/group_vars/prysm.yaml +++ b/ansible/inventories/devnet-0/group_vars/prysm.yaml @@ -1,15 +1,9 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_cl: - - kasey - - terencechain - - potuz - - nisdas - - prestonvanloon - - rkapka - - nalepae - - james-prysm +prysm_extra_github_users: # handles not yet in the coredevs registry - marcopolo - - aarshkshah1992 +bootstrap_default_user_authorized_keys_github_team_cl: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/prysm?format=txt') | select | list) + + prysm_extra_github_users }} # role: validator_keys validator_keys_sync_files: diff --git a/ansible/inventories/devnet-0/group_vars/reth.yaml b/ansible/inventories/devnet-0/group_vars/reth.yaml index afc21b0..604e6c3 100644 --- a/ansible/inventories/devnet-0/group_vars/reth.yaml +++ b/ansible/inventories/devnet-0/group_vars/reth.yaml @@ -1,14 +1,8 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_el: - - gakonst - - onbjerg - - klkvr - - shekhirin - - rkrasiuk - - mattsse - - jenpaff - - emmajam - - rjected +reth_extra_github_users: [] # handles not yet in the coredevs registry +bootstrap_default_user_authorized_keys_github_team_el: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/reth?format=txt') | select | list) + + reth_extra_github_users }} # role: ethpandaops.general.ethereum_node ethereum_node_el: reth diff --git a/ansible/inventories/devnet-0/group_vars/teku.yaml b/ansible/inventories/devnet-0/group_vars/teku.yaml index 9705d1d..9ea7265 100644 --- a/ansible/inventories/devnet-0/group_vars/teku.yaml +++ b/ansible/inventories/devnet-0/group_vars/teku.yaml @@ -1,12 +1,9 @@ # role: ethpandaops.general.bootstrap -bootstrap_default_user_authorized_keys_github_team_cl: - - tbenr - - rolfyone +teku_extra_github_users: # handles not yet in the coredevs registry - siladu - - lucassaldanha - - StefanBratanov - - zilm13 - - mehdi-aouadi +bootstrap_default_user_authorized_keys_github_team_cl: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/teku?format=txt') | select | list) + + teku_extra_github_users }} # role: validator_keys validator_keys_sync_files: From 44c8869e22119b27dc5325c5d1ec10b8619f6248 Mon Sep 17 00:00:00 2001 From: Sam Calder-Mason Date: Fri, 19 Jun 2026 14:17:25 +1000 Subject: [PATCH 2/2] ansible: source ethpandaops core team from coredevs too Replace the hardcoded bootstrap_default_user_authorized_keys_github_all list with a fetch of the coredevs ethpandaops team, unioned with github_all_extra_users for handles not in the coredevs team (bharath-123). --- .../inventories/devnet-0/group_vars/all/all.yaml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/ansible/inventories/devnet-0/group_vars/all/all.yaml b/ansible/inventories/devnet-0/group_vars/all/all.yaml index f026b5b..a9a6ee8 100644 --- a/ansible/inventories/devnet-0/group_vars/all/all.yaml +++ b/ansible/inventories/devnet-0/group_vars/all/all.yaml @@ -116,16 +116,13 @@ bootstrap_default_user_authorized_keys_plain: # (see each client group_vars file). https://github.com/ethpandaops/coredevs coredevs_api_url: https://coredevs.analytics.production.platform.ethpandaops.io -bootstrap_default_user_authorized_keys_github_all: - - barnabasbusa - - parithosh - - samcm - - savid - - skylenet - - pk910 - - mattevans - - qu0b +# ethpandaops core team, sourced from the coredevs ethpandaops team. Handles not +# in the coredevs team go in the extra list. +github_all_extra_users: - bharath-123 +bootstrap_default_user_authorized_keys_github_all: >- + {{ (query('ethpandaops.general.url_cached', coredevs_api_url ~ '/api/v1/users/ethpandaops?format=txt') | select | list) + + github_all_extra_users }} bootstrap_default_user_authorized_keys_github: > {{