Better Docker paths (#2206)

Dockerfile

@@ -90,6 +90,10 @@ RUN if [ "$DOWNLOAD_SNAPSHOT" -gt 0 ] && [ "$CUSTOM_SNAPSHOT_URL" = "" ] ; then
       touch /tmp/snapshot.bin ; \
     fi
 
+RUN mkdir -p /tmp/db/mainnetdb /tmp/db/peerdb
+# 65532:65532 is the UID:GUID of nonroot user of distroless image
+RUN chown 65532:65532 /tmp/db/mainnetdb /tmp/db/peerdb
+
 ############################
 # Image
 ############################
@@ -100,7 +104,7 @@ FROM gcr.io/distroless/cc-debian11:nonroot as prepare-runtime
 # Gossip
 EXPOSE 14666/tcp
 # AutoPeering
-#EXPOSE 14626/udp
+EXPOSE 14626/udp
 # Pprof Profiling
 EXPOSE 6061/tcp
 # Prometheus exporter
@@ -112,32 +116,32 @@ EXPOSE 8081/tcp
 # DAGs Visualizer
 EXPOSE 8061/tcp
 
-# Copy configuration
-COPY --from=build /tmp/snapshot.bin /tmp/snapshot.bin
-COPY config.default.json /config.json
+# Default directory and drop privileges
+WORKDIR /app
+USER nonroot
 
 # Copy the Pre-built binary file from the previous stage
-COPY --chown=nonroot:nonroot --from=build /go/bin/goshimmer /run/goshimmer
+COPY --chown=nonroot:nonroot --from=build /go/bin/goshimmer /app/goshimmer
 
-# Fix permission issue when mounting volumes.
-COPY --chown=nonroot:nonroot --from=build /tmp/ /tmp/mainnetdb/
-COPY --chown=nonroot:nonroot --from=build /tmp/ /tmp/peerdb/
+# Copy configuration and snapshot from the previous stage
+COPY config.default.json /app/config.json
+COPY --from=build /tmp/snapshot.bin /app/snapshot.bin
 
-WORKDIR /tmp
-USER nonroot
+# Fix permission issue when mounting volumes
+COPY --chown=nonroot:nonroot --from=build /tmp/db/ /app/
 
-# We execute this stage only if debugging is disabled, i.e REMOTE_DEBUGGIN==0.
+# We execute this stage only if debugging is disabled, i.e REMOTE_DEBUGGIN==0
 FROM prepare-runtime as debugger-enabled-0
 
-ENTRYPOINT ["/run/goshimmer", "--config=/config.json"]
+ENTRYPOINT ["/app/goshimmer", "--config=/app/config.json"]
 
-# We execute this stage only if debugging is enabled, i.e REMOTE_DEBUGGIN==1.
+# We execute this stage only if debugging is enabled, i.e REMOTE_DEBUGGIN==1
 FROM prepare-runtime as debugger-enabled-1
 EXPOSE 40000
 
 # Copy the Delve binary
-COPY --chown=nonroot:nonroot --from=build /go/bin/dlv /run/dlv
-ENTRYPOINT ["/run/dlv","--listen=:40000", "--headless" ,"--api-version=2", "--accept-multiclient", "exec", "--continue", "/run/goshimmer", "--", "--config=/config.json"]
+COPY --chown=nonroot:nonroot --from=build /go/bin/dlv /app/dlv
+ENTRYPOINT ["/app/dlv", "--listen=:40000", "--headless", "--api-version=2", "--accept-multiclient", "exec", "--continue", "/app/goshimmer", "--", "--config=/app/config.json"]
 
 # Execute corresponding build stage depending on the REMOTE_DEBUGGING build arg.
 FROM debugger-enabled-${REMOTE_DEBUGGING} as runtime

deploy/ansible/roles/goshimmer-node/templates/docker-compose-goshimmer.yml.j2

@@ -57,7 +57,6 @@ services:
       --node.enablePlugins=dashboard,remotelog,networkdelay,prometheus{% if faucet|default(false) %},faucet{% endif %},activity,snapshot,WebAPIToolsDRNGEndpoint,WebAPIToolsMessageEndpoint,"WebAPI tools Endpoint"{% if spammer|default(false) %},spammer{% endif %}
       --prometheus.bindAddress=0.0.0.0:9311
       --activity.broadcastInterval=1s
-      --messageLayer.snapshot.file=/snapshot.bin
      {% if faucet|default(false) %}
       --faucet.seed={{ faucetSeed }}
       --faucet.tokensPerRequest=1000000

docker-compose.yml

@@ -15,8 +15,8 @@ services:
     # make sure to give read/write access to the folder ./mainnetdb (e.g., chmod -R 777 ./mainnetdb)
     # optionally, you can mount a config.json into the container
     volumes:
-      - "goshimmer-db-volume:/tmp/mainnetdb:rw"
-      - "goshimmer-peerdb-volume:/tmp/peerdb:rw"
+      - "goshimmer-db-volume:/app/mainnetdb:rw"
+      - "goshimmer-peerdb-volume:/app/peerdb:rw"
       - "/etc/localtime:/etc/localtime:ro"
     ports:
       # AutoPeering
@@ -43,8 +43,8 @@ services:
       --autoPeering.entryNodes=2PV5487xMw5rasGBXXWeqSi4hLz7r19YBt8Y1TGAsQbj@analysisentry-01.devnet.shimmer.iota.cafe:15626,5EDH4uY78EA6wrBkHHAVBWBMDt7EcksRq6pjzipoW15B@entry-0.devnet.tanglebay.com:14646,CAB87iQZR6BjBrCgEBupQJ4gpEBgvGKKv3uuGVRBKb4n@entry-1.devnet.tanglebay.com:14646
       --node.disablePlugins=portcheck
       --node.enablePlugins=remotelog,networkdelay,spammer,prometheus
-      --database.directory=/tmp/mainnetdb
-      --node.peerDBDirectory=/tmp/peerdb
+      --database.directory=/app/mainnetdb
+      --node.peerDBDirectory=/app/peerdb
       --logger.level=info
       --logger.disableEvents=false
       --logger.remotelog.serverAddress=metrics-01.devnet.shimmer.iota.cafe:5213
@@ -95,4 +95,4 @@ volumes:
   goshimmer-db-volume:
   goshimmer-peerdb-volume:
   grafana-data-volume:
-  prometheus-data-volume:
+  prometheus-data-volume:

documentation/docs/tooling/docker_private_network.md

@@ -164,7 +164,7 @@ A node that is used to expose ports via the host and to have a single attachment
 
 ##### Volumes
 
-Docker Compose creates a `shimmerdb` volume to maintain a tangle even after tearing down the containers. Run `docker-compose down -v` to clear the volume.
+Docker Compose creates a `mainnetdb` volume to maintain a tangle even after tearing down the containers. Run `docker-compose down -v` to clear the volume.
 
 ##### Ports
 

documentation/docs/tutorials/setup.md

@@ -160,7 +160,7 @@ docker-compose version 1.26.0, build d4451659
 First, lets create a user defined bridged network. Unlike the already existing `bridge` network, the user defined one will have container name DNS resolution for containers within that network. This is useful if later we want to setup additional containers which need to speak with the GoShimmer container.
 
 ```shell
-docker network create --driver=bridge shimmer
+docker network create --driver=bridge goshimmer
 c726034d295c3df66803b92c71ca517a0cf0e3c65c1c6d84ee5fa34ae76cbcd4
 ```
 
@@ -174,8 +174,8 @@ Lets create a folder holding our database:
 
 ```shell
 cd /opt/goshimmer
-mkdir db
-chmod 0777 db
+sudo mkdir mainnetdb && sudo chown 65532:65532 mainnetdb
+sudo mkdir peerdb && sudo chown 65532:65532 peerdb
 ```
 
 Finally, lets create our `docker-compose.yml`:
@@ -191,7 +191,7 @@ version: '3.3'
 networks:
   outside:
     external:
-      name: shimmer
+      name: goshimmer
 
 services:
   goshimmer:
@@ -200,8 +200,8 @@ services:
     hostname: goshimmer
     stop_grace_period: 2m
     volumes:
-      - "./db:/tmp/mainnetdb:rw"
-      - "./peerdb:/tmp/peerdb:rw"
+      - "./db:/app/mainnetdb:rw"
+      - "./peerdb:/app/peerdb:rw"
       - "/etc/localtime:/etc/localtime:ro"
     ports:
       # Autopeering
@@ -228,8 +228,8 @@ services:
       --autoPeering.entryNodes=2PV5487xMw5rasGBXXWeqSi4hLz7r19YBt8Y1TGAsQbj@analysisentry-01.devnet.shimmer.iota.cafe:15626,5EDH4uY78EA6wrBkHHAVBWBMDt7EcksRq6pjzipoW15B@entry-0.devnet.tanglebay.com:14646,CAB87iQZR6BjBrCgEBupQJ4gpEBgvGKKv3uuGVRBKb4n@entry-1.devnet.tanglebay.com:14646
       --node.disablePlugins=portcheck
       --node.enablePlugins=remotelog,networkdelay,spammer,prometheus
-      --database.directory=/tmp/mainnetdb
-      --node.peerDBDirectory=/tmp/peerdb
+      --database.directory=/app/mainnetdb
+      --node.peerDBDirectory=/app/peerdb
       --logger.level=info
       --logger.disableEvents=false
       --logger.remotelog.serverAddress=metrics-01.devnet.shimmer.iota.cafe:5213

documentation/docs/tutorials/static_identity.md

@@ -46,8 +46,8 @@ goshimmer:
     # make sure to give read/write access to the folder ./mainnetdb (e.g., chmod -R 777 ./mainnetdb)
     # optionally, you can mount a config.json into the container
     volumes:
-      - ./mainnetdb/:/tmp/mainnetdb/:rw
-      - ./config.json:/config.json:ro
+      - ./mainnetdb/:/app/mainnetdb/:rw
+      - ./config.json:/app/config.json:ro
     # Expose ports:
     # gossip:       - "14666:14666/tcp"
     # autoPeering:  - "14626:14626/udp"
@@ -59,4 +59,4 @@ goshimmer:
       - "9311:9311/tcp" # prometheus exporter
       - "8080:8080/tcp" # webApi
       - "8081:8081/tcp" # dashboard
-```
+```

tools/docker-network/docker-compose.yml

@@ -16,8 +16,8 @@ services:
       --node.seed=base58:8q491c3YWjbPwLmF2WD95YmCgh61j2kenCKHfGfByoWi
       --node.overwriteStoredSeed=true
       --config=/run/secrets/goshimmer.config.json
-      --database.directory=/tmp/mainnetdb
-      --node.peerDBDirectory=/tmp/peerdb
+      --database.directory=/app/mainnetdb
+      --node.peerDBDirectory=/app/peerdb
       --mana.enableResearchVectors=false
       --mana.snapshotResetTime=true
       --messageLayer.snapshot.file=/run/secrets/goshimmer.message.snapshot.bin
@@ -36,8 +36,8 @@ services:
       - goshimmer.config.json
       - goshimmer.message.snapshot.bin
     volumes:
-      - shimmerdb:/tmp/mainnetdb
-      - peerdb:/tmp/peerdb
+      - mainnetdb:/app/mainnetdb
+      - peerdb:/app/peerdb
     ports:
       - "8080:8080/tcp" # web API
       - "8081:8081/tcp" # dashboard
@@ -47,14 +47,14 @@ services:
     expose:
       - 1888/tcp # analysis server
     networks:
-      - shimmer
+      - goshimmer
   peer_replica:
     build: *goshimmer_build
     stop_grace_period: 1m
     command: >
       --config=/run/secrets/goshimmer.config.json
-      --database.directory=/tmp/mainnetdb
-      --node.peerDBDirectory=/tmp/peerdb
+      --database.directory=/app/mainnetdb
+      --node.peerDBDirectory=/app/peerdb
       --node.enablePlugins=bootstrap,"webAPIToolsEndpoint"
       --messageLayer.snapshot.file=/run/secrets/goshimmer.message.snapshot.bin
       --messageLayer.snapshot.genesisNode=
@@ -68,15 +68,15 @@ services:
       - goshimmer.config.json
       - goshimmer.message.snapshot.bin
     networks:
-      - shimmer
+      - goshimmer
     depends_on:
       - peer_master
   peer_master2:
     build: *goshimmer_build
     stop_grace_period: 1m
     command: >
       --config=/run/secrets/goshimmer.config.json
-      --database.directory=/tmp/mainnetdb
+      --database.directory=/app/mainnetdb
       --node.enablePlugins="webapi tools endpoint",activity,spammer,prometheus
       --messageLayer.snapshot.file=/run/secrets/goshimmer.message.snapshot.bin
       --messageLayer.snapshot.genesisNode=
@@ -94,16 +94,16 @@ services:
       - "8071:8081/tcp" # dashboard
       - "6071:6061/tcp" # pprof
     networks:
-      - shimmer
+      - goshimmer
     depends_on:
       - peer_master
   faucet:
     build: *goshimmer_build
     stop_grace_period: 1m
     command: >
       --config=/run/secrets/goshimmer.config.json
-      --database.directory=/tmp/mainnetdb
-      --node.peerDBDirectory=/tmp/peerdb
+      --database.directory=/app/mainnetdb
+      --node.peerDBDirectory=/app/peerdb
       --node.enablePlugins=bootstrap,"webapi tools endpoint",faucet,activity,spammer
       --node.seed=base58:3YX6e7AL28hHihZewKdq6CMkEYVsTJBLgRiprUNiNq5E
       --node.overwriteStoredSeed=true
@@ -126,7 +126,7 @@ services:
       - "8091:8081/tcp" # dashboard
       - "6091:6061/tcp" # pprof
     networks:
-      - shimmer
+      - goshimmer
     depends_on:
       - peer_master
   prometheus:
@@ -140,7 +140,7 @@ services:
     secrets:
       - prometheus.yml
     networks:
-      - shimmer
+      - goshimmer
     depends_on:
       - peer_master
   grafana:
@@ -154,7 +154,7 @@ services:
       - GF_ALERTING_ENABLED=true
       - GF_UNIFIED_ALERTING_ENABLED=false
     networks:
-      - shimmer
+      - goshimmer
     ports:
       - "3000:3000"
     user: "104"
@@ -171,7 +171,7 @@ services:
       - "8000:8000/tcp"
       - "8800:8081/tcp"
     networks:
-      - shimmer
+      - goshimmer
     environment:
       LEADER: 1
       GOSHIMMER: http://peer_master:8080
@@ -191,19 +191,19 @@ services:
       # Manually set the container name for the leader to what the container expects
       - drand-leader:testdrng-drand_0
     networks:
-      - shimmer
+      - goshimmer
     environment:
       GOSHIMMER: http://peer_master:8080
     depends_on:
       - drand-leader
 # Create our own network
 networks:
-  shimmer:
+  goshimmer:
     driver: bridge
 # Named Docker volumes for data persistence
 # ./run.sh removes these on exit
 volumes:
-  shimmerdb:
+  mainnetdb:
   peerdb:
   grafana-data-volume:
 # read only files to load in the containers that may be shared across containers