From 9bb914fa523e731da7b854441095fd7a90bd88f8 Mon Sep 17 00:00:00 2001 From: Andrea V <1577639+karimodm@users.noreply.github.com> Date: Mon, 16 May 2022 13:45:12 +0200 Subject: [PATCH] Better Docker paths (#2206) --- Dockerfile | 34 +++++++++------- .../templates/docker-compose-goshimmer.yml.j2 | 1 - docker-compose.yml | 10 ++--- .../docs/tooling/docker_private_network.md | 2 +- documentation/docs/tutorials/setup.md | 16 ++++---- .../docs/tutorials/static_identity.md | 6 +-- tools/docker-network/docker-compose.yml | 38 +++++++++--------- tools/entry-node/.gitignore | 1 - tools/entry-node/README.md | 39 ------------------- tools/entry-node/create-volume.sh | 6 --- tools/entry-node/docker-compose.yml | 28 ------------- 11 files changed, 55 insertions(+), 126 deletions(-) delete mode 100644 tools/entry-node/.gitignore delete mode 100644 tools/entry-node/README.md delete mode 100755 tools/entry-node/create-volume.sh delete mode 100644 tools/entry-node/docker-compose.yml diff --git a/Dockerfile b/Dockerfile index 344ea46a95..5f1ba10bd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -90,6 +90,10 @@ RUN if [ "$DOWNLOAD_SNAPSHOT" -gt 0 ] && [ "$CUSTOM_SNAPSHOT_URL" = "" ] ; then touch /tmp/snapshot.bin ; \ fi +RUN mkdir -p /tmp/db/mainnetdb /tmp/db/peerdb +# 65532:65532 is the UID:GUID of nonroot user of distroless image +RUN chown 65532:65532 /tmp/db/mainnetdb /tmp/db/peerdb + ############################ # Image ############################ @@ -100,7 +104,7 @@ FROM gcr.io/distroless/cc-debian11:nonroot as prepare-runtime # Gossip EXPOSE 14666/tcp # AutoPeering -#EXPOSE 14626/udp +EXPOSE 14626/udp # Pprof Profiling EXPOSE 6061/tcp # Prometheus exporter @@ -112,32 +116,32 @@ EXPOSE 8081/tcp # DAGs Visualizer EXPOSE 8061/tcp -# Copy configuration -COPY --from=build /tmp/snapshot.bin /tmp/snapshot.bin -COPY config.default.json /config.json +# Default directory and drop privileges +WORKDIR /app +USER nonroot # Copy the Pre-built binary file from the previous stage -COPY --chown=nonroot:nonroot --from=build /go/bin/goshimmer /run/goshimmer +COPY --chown=nonroot:nonroot --from=build /go/bin/goshimmer /app/goshimmer -# Fix permission issue when mounting volumes. -COPY --chown=nonroot:nonroot --from=build /tmp/ /tmp/mainnetdb/ -COPY --chown=nonroot:nonroot --from=build /tmp/ /tmp/peerdb/ +# Copy configuration and snapshot from the previous stage +COPY config.default.json /app/config.json +COPY --from=build /tmp/snapshot.bin /app/snapshot.bin -WORKDIR /tmp -USER nonroot +# Fix permission issue when mounting volumes +COPY --chown=nonroot:nonroot --from=build /tmp/db/ /app/ -# We execute this stage only if debugging is disabled, i.e REMOTE_DEBUGGIN==0. +# We execute this stage only if debugging is disabled, i.e REMOTE_DEBUGGIN==0 FROM prepare-runtime as debugger-enabled-0 -ENTRYPOINT ["/run/goshimmer", "--config=/config.json"] +ENTRYPOINT ["/app/goshimmer", "--config=/app/config.json"] -# We execute this stage only if debugging is enabled, i.e REMOTE_DEBUGGIN==1. +# We execute this stage only if debugging is enabled, i.e REMOTE_DEBUGGIN==1 FROM prepare-runtime as debugger-enabled-1 EXPOSE 40000 # Copy the Delve binary -COPY --chown=nonroot:nonroot --from=build /go/bin/dlv /run/dlv -ENTRYPOINT ["/run/dlv","--listen=:40000", "--headless" ,"--api-version=2", "--accept-multiclient", "exec", "--continue", "/run/goshimmer", "--", "--config=/config.json"] +COPY --chown=nonroot:nonroot --from=build /go/bin/dlv /app/dlv +ENTRYPOINT ["/app/dlv", "--listen=:40000", "--headless", "--api-version=2", "--accept-multiclient", "exec", "--continue", "/app/goshimmer", "--", "--config=/app/config.json"] # Execute corresponding build stage depending on the REMOTE_DEBUGGING build arg. FROM debugger-enabled-${REMOTE_DEBUGGING} as runtime diff --git a/deploy/ansible/roles/goshimmer-node/templates/docker-compose-goshimmer.yml.j2 b/deploy/ansible/roles/goshimmer-node/templates/docker-compose-goshimmer.yml.j2 index 9434ef450c..05fa8963fb 100644 --- a/deploy/ansible/roles/goshimmer-node/templates/docker-compose-goshimmer.yml.j2 +++ b/deploy/ansible/roles/goshimmer-node/templates/docker-compose-goshimmer.yml.j2 @@ -57,7 +57,6 @@ services: --node.enablePlugins=dashboard,remotelog,networkdelay,prometheus{% if faucet|default(false) %},faucet{% endif %},activity,snapshot,WebAPIToolsDRNGEndpoint,WebAPIToolsMessageEndpoint,"WebAPI tools Endpoint"{% if spammer|default(false) %},spammer{% endif %} --prometheus.bindAddress=0.0.0.0:9311 --activity.broadcastInterval=1s - --messageLayer.snapshot.file=/snapshot.bin {% if faucet|default(false) %} --faucet.seed={{ faucetSeed }} --faucet.tokensPerRequest=1000000 diff --git a/docker-compose.yml b/docker-compose.yml index 7af076dba1..65dc72af17 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -15,8 +15,8 @@ services: # make sure to give read/write access to the folder ./mainnetdb (e.g., chmod -R 777 ./mainnetdb) # optionally, you can mount a config.json into the container volumes: - - "goshimmer-db-volume:/tmp/mainnetdb:rw" - - "goshimmer-peerdb-volume:/tmp/peerdb:rw" + - "goshimmer-db-volume:/app/mainnetdb:rw" + - "goshimmer-peerdb-volume:/app/peerdb:rw" - "/etc/localtime:/etc/localtime:ro" ports: # AutoPeering @@ -43,8 +43,8 @@ services: --autoPeering.entryNodes=2PV5487xMw5rasGBXXWeqSi4hLz7r19YBt8Y1TGAsQbj@analysisentry-01.devnet.shimmer.iota.cafe:15626,5EDH4uY78EA6wrBkHHAVBWBMDt7EcksRq6pjzipoW15B@entry-0.devnet.tanglebay.com:14646,CAB87iQZR6BjBrCgEBupQJ4gpEBgvGKKv3uuGVRBKb4n@entry-1.devnet.tanglebay.com:14646 --node.disablePlugins=portcheck --node.enablePlugins=remotelog,networkdelay,spammer,prometheus - --database.directory=/tmp/mainnetdb - --node.peerDBDirectory=/tmp/peerdb + --database.directory=/app/mainnetdb + --node.peerDBDirectory=/app/peerdb --logger.level=info --logger.disableEvents=false --logger.remotelog.serverAddress=metrics-01.devnet.shimmer.iota.cafe:5213 @@ -95,4 +95,4 @@ volumes: goshimmer-db-volume: goshimmer-peerdb-volume: grafana-data-volume: - prometheus-data-volume: \ No newline at end of file + prometheus-data-volume: diff --git a/documentation/docs/tooling/docker_private_network.md b/documentation/docs/tooling/docker_private_network.md index b94b5f3aa1..e65f40f2f1 100644 --- a/documentation/docs/tooling/docker_private_network.md +++ b/documentation/docs/tooling/docker_private_network.md @@ -164,7 +164,7 @@ A node that is used to expose ports via the host and to have a single attachment ##### Volumes -Docker Compose creates a `shimmerdb` volume to maintain a tangle even after tearing down the containers. Run `docker-compose down -v` to clear the volume. +Docker Compose creates a `mainnetdb` volume to maintain a tangle even after tearing down the containers. Run `docker-compose down -v` to clear the volume. ##### Ports diff --git a/documentation/docs/tutorials/setup.md b/documentation/docs/tutorials/setup.md index a3502d00d8..b30c52f861 100644 --- a/documentation/docs/tutorials/setup.md +++ b/documentation/docs/tutorials/setup.md @@ -160,7 +160,7 @@ docker-compose version 1.26.0, build d4451659 First, lets create a user defined bridged network. Unlike the already existing `bridge` network, the user defined one will have container name DNS resolution for containers within that network. This is useful if later we want to setup additional containers which need to speak with the GoShimmer container. ```shell -docker network create --driver=bridge shimmer +docker network create --driver=bridge goshimmer c726034d295c3df66803b92c71ca517a0cf0e3c65c1c6d84ee5fa34ae76cbcd4 ``` @@ -174,8 +174,8 @@ Lets create a folder holding our database: ```shell cd /opt/goshimmer -mkdir db -chmod 0777 db +sudo mkdir mainnetdb && sudo chown 65532:65532 mainnetdb +sudo mkdir peerdb && sudo chown 65532:65532 peerdb ``` Finally, lets create our `docker-compose.yml`: @@ -191,7 +191,7 @@ version: '3.3' networks: outside: external: - name: shimmer + name: goshimmer services: goshimmer: @@ -200,8 +200,8 @@ services: hostname: goshimmer stop_grace_period: 2m volumes: - - "./db:/tmp/mainnetdb:rw" - - "./peerdb:/tmp/peerdb:rw" + - "./db:/app/mainnetdb:rw" + - "./peerdb:/app/peerdb:rw" - "/etc/localtime:/etc/localtime:ro" ports: # Autopeering @@ -228,8 +228,8 @@ services: --autoPeering.entryNodes=2PV5487xMw5rasGBXXWeqSi4hLz7r19YBt8Y1TGAsQbj@analysisentry-01.devnet.shimmer.iota.cafe:15626,5EDH4uY78EA6wrBkHHAVBWBMDt7EcksRq6pjzipoW15B@entry-0.devnet.tanglebay.com:14646,CAB87iQZR6BjBrCgEBupQJ4gpEBgvGKKv3uuGVRBKb4n@entry-1.devnet.tanglebay.com:14646 --node.disablePlugins=portcheck --node.enablePlugins=remotelog,networkdelay,spammer,prometheus - --database.directory=/tmp/mainnetdb - --node.peerDBDirectory=/tmp/peerdb + --database.directory=/app/mainnetdb + --node.peerDBDirectory=/app/peerdb --logger.level=info --logger.disableEvents=false --logger.remotelog.serverAddress=metrics-01.devnet.shimmer.iota.cafe:5213 diff --git a/documentation/docs/tutorials/static_identity.md b/documentation/docs/tutorials/static_identity.md index 46fcfa8686..a7d2b4bf18 100644 --- a/documentation/docs/tutorials/static_identity.md +++ b/documentation/docs/tutorials/static_identity.md @@ -46,8 +46,8 @@ goshimmer: # make sure to give read/write access to the folder ./mainnetdb (e.g., chmod -R 777 ./mainnetdb) # optionally, you can mount a config.json into the container volumes: - - ./mainnetdb/:/tmp/mainnetdb/:rw - - ./config.json:/config.json:ro + - ./mainnetdb/:/app/mainnetdb/:rw + - ./config.json:/app/config.json:ro # Expose ports: # gossip: - "14666:14666/tcp" # autoPeering: - "14626:14626/udp" @@ -59,4 +59,4 @@ goshimmer: - "9311:9311/tcp" # prometheus exporter - "8080:8080/tcp" # webApi - "8081:8081/tcp" # dashboard -``` \ No newline at end of file +``` diff --git a/tools/docker-network/docker-compose.yml b/tools/docker-network/docker-compose.yml index 8662d8e3e7..3b7954ca61 100644 --- a/tools/docker-network/docker-compose.yml +++ b/tools/docker-network/docker-compose.yml @@ -16,8 +16,8 @@ services: --node.seed=base58:8q491c3YWjbPwLmF2WD95YmCgh61j2kenCKHfGfByoWi --node.overwriteStoredSeed=true --config=/run/secrets/goshimmer.config.json - --database.directory=/tmp/mainnetdb - --node.peerDBDirectory=/tmp/peerdb + --database.directory=/app/mainnetdb + --node.peerDBDirectory=/app/peerdb --mana.enableResearchVectors=false --mana.snapshotResetTime=true --messageLayer.snapshot.file=/run/secrets/goshimmer.message.snapshot.bin @@ -36,8 +36,8 @@ services: - goshimmer.config.json - goshimmer.message.snapshot.bin volumes: - - shimmerdb:/tmp/mainnetdb - - peerdb:/tmp/peerdb + - mainnetdb:/app/mainnetdb + - peerdb:/app/peerdb ports: - "8080:8080/tcp" # web API - "8081:8081/tcp" # dashboard @@ -47,14 +47,14 @@ services: expose: - 1888/tcp # analysis server networks: - - shimmer + - goshimmer peer_replica: build: *goshimmer_build stop_grace_period: 1m command: > --config=/run/secrets/goshimmer.config.json - --database.directory=/tmp/mainnetdb - --node.peerDBDirectory=/tmp/peerdb + --database.directory=/app/mainnetdb + --node.peerDBDirectory=/app/peerdb --node.enablePlugins=bootstrap,"webAPIToolsEndpoint" --messageLayer.snapshot.file=/run/secrets/goshimmer.message.snapshot.bin --messageLayer.snapshot.genesisNode= @@ -68,7 +68,7 @@ services: - goshimmer.config.json - goshimmer.message.snapshot.bin networks: - - shimmer + - goshimmer depends_on: - peer_master peer_master2: @@ -76,7 +76,7 @@ services: stop_grace_period: 1m command: > --config=/run/secrets/goshimmer.config.json - --database.directory=/tmp/mainnetdb + --database.directory=/app/mainnetdb --node.enablePlugins="webapi tools endpoint",activity,spammer,prometheus --messageLayer.snapshot.file=/run/secrets/goshimmer.message.snapshot.bin --messageLayer.snapshot.genesisNode= @@ -94,7 +94,7 @@ services: - "8071:8081/tcp" # dashboard - "6071:6061/tcp" # pprof networks: - - shimmer + - goshimmer depends_on: - peer_master faucet: @@ -102,8 +102,8 @@ services: stop_grace_period: 1m command: > --config=/run/secrets/goshimmer.config.json - --database.directory=/tmp/mainnetdb - --node.peerDBDirectory=/tmp/peerdb + --database.directory=/app/mainnetdb + --node.peerDBDirectory=/app/peerdb --node.enablePlugins=bootstrap,"webapi tools endpoint",faucet,activity,spammer --node.seed=base58:3YX6e7AL28hHihZewKdq6CMkEYVsTJBLgRiprUNiNq5E --node.overwriteStoredSeed=true @@ -126,7 +126,7 @@ services: - "8091:8081/tcp" # dashboard - "6091:6061/tcp" # pprof networks: - - shimmer + - goshimmer depends_on: - peer_master prometheus: @@ -140,7 +140,7 @@ services: secrets: - prometheus.yml networks: - - shimmer + - goshimmer depends_on: - peer_master grafana: @@ -154,7 +154,7 @@ services: - GF_ALERTING_ENABLED=true - GF_UNIFIED_ALERTING_ENABLED=false networks: - - shimmer + - goshimmer ports: - "3000:3000" user: "104" @@ -171,7 +171,7 @@ services: - "8000:8000/tcp" - "8800:8081/tcp" networks: - - shimmer + - goshimmer environment: LEADER: 1 GOSHIMMER: http://peer_master:8080 @@ -191,19 +191,19 @@ services: # Manually set the container name for the leader to what the container expects - drand-leader:testdrng-drand_0 networks: - - shimmer + - goshimmer environment: GOSHIMMER: http://peer_master:8080 depends_on: - drand-leader # Create our own network networks: - shimmer: + goshimmer: driver: bridge # Named Docker volumes for data persistence # ./run.sh removes these on exit volumes: - shimmerdb: + mainnetdb: peerdb: grafana-data-volume: # read only files to load in the containers that may be shared across containers diff --git a/tools/entry-node/.gitignore b/tools/entry-node/.gitignore deleted file mode 100644 index 4c49bd78f1..0000000000 --- a/tools/entry-node/.gitignore +++ /dev/null @@ -1 +0,0 @@ -.env diff --git a/tools/entry-node/README.md b/tools/entry-node/README.md deleted file mode 100644 index a6f8de77ec..0000000000 --- a/tools/entry-node/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# Docker entry node - -This folder contains the scripts for running a GoShimmer entry node with Docker. - -It builds the Docker image directly from the specified Git tag (such as `v0.1.3`, `master`, `af0ae41d5bfd607123e6cbae271da839a050b220`, ...) and does not depend on the locally checked out version. -The GoShimmer DB is persisted in a named Docker volume. - -The entry node exposes the following ports on the host: -- 14626/udp (Autopeering) -- 188/tcp (Analysis Server) -- 80/tcp (Analysis Dashboard) - -## How to run - -### Create the Docker volume -Before starting an entry node for the specified git tag the first time, a Docker volume needs to be created. -This is only needed once and can be done via the following command: -```shell -TAG=tag ./create-volume.sh -``` -The environment variable `TAG` contains the Git tag of the desired GoShimmer version. -### Run the GoShimmer entry node -To start the actual entry node, run the following: - -```shell -TAG=tag SEED=seed docker-compose up -d --build -``` -The optional environment variable `SEED` contains the autopeering seed of the entry node in Base64 encoding. -If `SEED` is not set, the seed will be taken from the DB (if present) in the volume. -As such, `SEED` is only required once when setting or changing the seed of the entry node. - -Alternatively to providing the variables in the command, create the file `.env` in the base folder with the following content: -``` -# Git tag of the entry node version -TAG=tag - -# Autopeering seed used for the entry node -SEED=seed -``` diff --git a/tools/entry-node/create-volume.sh b/tools/entry-node/create-volume.sh deleted file mode 100755 index 5bde3f24dd..0000000000 --- a/tools/entry-node/create-volume.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env sh - -[ -z "$TAG" ] && echo "TAG not set" >&2 && exit 1 - -# create docker volume and fix permissions -docker run --rm -v entrynode_db-"$TAG":/volume busybox chown -R 65532:65532 /volume diff --git a/tools/entry-node/docker-compose.yml b/tools/entry-node/docker-compose.yml deleted file mode 100644 index bcc9573195..0000000000 --- a/tools/entry-node/docker-compose.yml +++ /dev/null @@ -1,28 +0,0 @@ -version: "3" - -services: - entrynode: - image: "iotaledger/goshimmer-entrynode:${TAG}" - container_name: goshimmer-entrynode - build: - context: "https://github.com/iotaledger/goshimmer.git#${TAG}" - volumes: - - entrynode:/tmp/mainnetdb - - entrynode:/mainnetdb - ports: - - "1888:188/tcp" # analysis server - - "8080:80/tcp" # analysis dashboard - - "14626:14626/udp" # autopeering discovery - command: > - --node.seed=${SEED} - --autoPeering.entryNodes= - --analysis.client.serverAddress= - --analysis.server.bindAddress=0.0.0.0:1888 - --analysis.dashboard.bindAddress=0.0.0.0:8080 - --node.enablePlugins=analysisServer,analysisDashboard - --node.disablePlugins=analysisClient,gossip,firewall,portcheck,spa,dashboard,webAPI,webAPIBroadcastDataEndpoint,webAPIFindTransactionHashesEndpoint,webAPIGetNeighborsEndpoint,webAPIGetTransactionObjectsByHashEndpoint,webAPIGetTransactionTrytesByHashEndpoint - -volumes: - entrynode: - external: - name: entrynode_db-${TAG}