Docker: do not export the RPC port by default.
This commit is contained in:
parent
9b3e2c2502
commit
400d25d54a
@ -5,7 +5,7 @@ LABEL distro_style="apk" distro="alpine" distro_long="alpine-$alpine_version" ar
|
|||||||
RUN adduser -S tezos && \
|
RUN adduser -S tezos && \
|
||||||
apk update && \
|
apk update && \
|
||||||
apk upgrade && \
|
apk upgrade && \
|
||||||
apk add sudo bash libssl1.0 libsodium libev gmp git nginx && \
|
apk add sudo bash libssl1.0 libsodium libev gmp git && \
|
||||||
rm -f /var/cache/apk/* && \
|
rm -f /var/cache/apk/* && \
|
||||||
echo 'tezos ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/tezos && \
|
echo 'tezos ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/tezos && \
|
||||||
chmod 440 /etc/sudoers.d/tezos && \
|
chmod 440 /etc/sudoers.d/tezos && \
|
||||||
@ -30,9 +30,6 @@ RUN sudo cp scripts/docker_entrypoint.sh /usr/local/bin/tezos && \
|
|||||||
RUN sudo mkdir -p /var/run/tezos && \
|
RUN sudo mkdir -p /var/run/tezos && \
|
||||||
sudo chown tezos /var/run/tezos
|
sudo chown tezos /var/run/tezos
|
||||||
|
|
||||||
RUN sudo mkdir -p /run/nginx && \
|
|
||||||
sudo cp scripts/nginx.conf /etc/nginx
|
|
||||||
|
|
||||||
ENV EDITOR=vi
|
ENV EDITOR=vi
|
||||||
|
|
||||||
VOLUME /var/run/tezos
|
VOLUME /var/run/tezos
|
||||||
|
@ -162,6 +162,9 @@ assert_container() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
start_container() {
|
start_container() {
|
||||||
|
if [ "$#" -ge 2 ] && [ "$1" = "--rpc-port" ] ; then
|
||||||
|
docker_export_rpc="-p $2:8732"
|
||||||
|
fi
|
||||||
if check_container; then
|
if check_container; then
|
||||||
assert_container_uptodate
|
assert_container_uptodate
|
||||||
else
|
else
|
||||||
@ -170,13 +173,11 @@ start_container() {
|
|||||||
fi
|
fi
|
||||||
docker rm "$docker_container" || true > /dev/null 2>&1
|
docker rm "$docker_container" || true > /dev/null 2>&1
|
||||||
echo "Launching the docker container..."
|
echo "Launching the docker container..."
|
||||||
docker run --rm -dit -p "$port:$port" -p "8732:80" \
|
docker run --rm -dit -p "$port:$port" $docker_export_rpc \
|
||||||
-v $docker_volume:/var/run/tezos \
|
-v "$docker_volume:/var/run/tezos" \
|
||||||
--entrypoint /bin/sh \
|
--entrypoint /bin/sh \
|
||||||
--name "$docker_container" \
|
--name "$docker_container" \
|
||||||
"$docker_image" > /dev/null
|
"$docker_image" > /dev/null
|
||||||
docker exec --user root --detach "$docker_container" \
|
|
||||||
nginx -c /etc/nginx/nginx.conf
|
|
||||||
may_restore_identity
|
may_restore_identity
|
||||||
may_restore_accounts
|
may_restore_accounts
|
||||||
fi
|
fi
|
||||||
@ -198,7 +199,8 @@ stop_container() {
|
|||||||
## Node ####################################################################
|
## Node ####################################################################
|
||||||
|
|
||||||
init_node() {
|
init_node() {
|
||||||
docker exec "$docker_container" tezos init "$@"
|
docker exec "$docker_container" tezos init \
|
||||||
|
"$@" --net-addr "[::]:$port"
|
||||||
save_identity
|
save_identity
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -332,7 +334,11 @@ run_client() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
run_shell() {
|
run_shell() {
|
||||||
|
if [ $# -eq 0 ]; then
|
||||||
docker exec -it "$docker_container" bash
|
docker exec -it "$docker_container" bash
|
||||||
|
else
|
||||||
|
docker exec -it "$docker_container" bash -c "$@"
|
||||||
|
fi
|
||||||
save_accounts
|
save_accounts
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -347,8 +353,8 @@ display_head() {
|
|||||||
|
|
||||||
start() {
|
start() {
|
||||||
pull_image
|
pull_image
|
||||||
start_container
|
start_container "$@"
|
||||||
init_node --net-addr "[::]:$port" "$@"
|
init_node "$@"
|
||||||
start_node
|
start_node
|
||||||
start_baker
|
start_baker
|
||||||
start_endorser
|
start_endorser
|
||||||
@ -417,11 +423,18 @@ update_script() {
|
|||||||
usage() {
|
usage() {
|
||||||
echo "Usage: $0 [GLOBAL_OPTIONS] <command> [OPTIONS]"
|
echo "Usage: $0 [GLOBAL_OPTIONS] <command> [OPTIONS]"
|
||||||
echo " Main commands:"
|
echo " Main commands:"
|
||||||
echo " $0 start [OPTIONS] (passed to tezos-node config init)"
|
echo " $0 start [--rpc-port <int>] [OPTIONS]"
|
||||||
echo " Launch a full Tezos alphanet node in a docker container"
|
echo " Launch a full Tezos alphanet node in a docker container"
|
||||||
echo " automatically generating a new network identity."
|
echo " automatically generating a new network identity."
|
||||||
echo " An account my_account for a manager my_identity is also"
|
echo " An account 'my_account' for a manager 'my_identity' is also"
|
||||||
echo " created to be used via the client."
|
echo " created to be used via the client."
|
||||||
|
echo " OPTIONS (others than --rpc-port) are directly passed to the"
|
||||||
|
echo " Tezos node, see '$0 shell tezos-node config --help'"
|
||||||
|
echo " for more details."
|
||||||
|
echo " By default, the RPC port is not exported outside the docker"
|
||||||
|
echo " container. WARNING: when exported some RPCs could be harmful"
|
||||||
|
echo " (e.g. 'inject_block', 'force_validation', ...), it is"
|
||||||
|
echo " advised not to export them publicly."
|
||||||
echo " $0 <stop|kill>"
|
echo " $0 <stop|kill>"
|
||||||
echo " Friendly or brutally stop the node."
|
echo " Friendly or brutally stop the node."
|
||||||
echo " $0 restart"
|
echo " $0 restart"
|
||||||
@ -447,7 +460,9 @@ usage() {
|
|||||||
echo " $0 endorser <start|stop|status|log>"
|
echo " $0 endorser <start|stop|status|log>"
|
||||||
echo " $0 shell"
|
echo " $0 shell"
|
||||||
echo "Node configuration backup directory: $data_dir"
|
echo "Node configuration backup directory: $data_dir"
|
||||||
echo "Global options are currently restricted to: '--port <int>'"
|
echo "Global options are currently limited to:"
|
||||||
|
echo " --port <int>"
|
||||||
|
echo " change public the port Tezos node"
|
||||||
}
|
}
|
||||||
|
|
||||||
## Dispatch ################################################################
|
## Dispatch ################################################################
|
||||||
@ -503,7 +518,7 @@ case "$command" in
|
|||||||
if [ "$#" -eq 0 ] ; then usage ; exit 1 ; else shift ; fi
|
if [ "$#" -eq 0 ] ; then usage ; exit 1 ; else shift ; fi
|
||||||
case "$subcommand" in
|
case "$subcommand" in
|
||||||
start)
|
start)
|
||||||
start_container
|
start_container "$@"
|
||||||
warn_script_uptodate
|
warn_script_uptodate
|
||||||
;;
|
;;
|
||||||
status)
|
status)
|
||||||
@ -617,7 +632,7 @@ case "$command" in
|
|||||||
;;
|
;;
|
||||||
shell)
|
shell)
|
||||||
assert_uptodate
|
assert_uptodate
|
||||||
run_shell
|
run_shell "$@"
|
||||||
;;
|
;;
|
||||||
client)
|
client)
|
||||||
assert_uptodate
|
assert_uptodate
|
||||||
|
@ -33,16 +33,24 @@ init() {
|
|||||||
rmdir "$data_dir/bak"
|
rmdir "$data_dir/bak"
|
||||||
cp ~/scripts/alphanet_version "$data_dir/alphanet_version"
|
cp ~/scripts/alphanet_version "$data_dir/alphanet_version"
|
||||||
fi
|
fi
|
||||||
|
if [ "$#" -ge 2 ] && [ "$1" = "--rpc-port" ] ; then
|
||||||
|
rpc_addr="[::]:8732"
|
||||||
|
shift 2
|
||||||
|
else
|
||||||
|
rpc_addr="127.0.0.1:8732"
|
||||||
|
fi
|
||||||
if [ ! -f "$node_dir/config.json" ]; then
|
if [ ! -f "$node_dir/config.json" ]; then
|
||||||
"$node" config init \
|
"$node" config init \
|
||||||
|
"$@" \
|
||||||
--data-dir "$node_dir" \
|
--data-dir "$node_dir" \
|
||||||
--rpc-addr "127.0.0.1:8732" \
|
--rpc-addr "$rpc_addr" \
|
||||||
--log-output "$node_dir/log" \
|
--log-output "$node_dir/log"
|
||||||
"$@"
|
|
||||||
else
|
else
|
||||||
"$node" config update \
|
"$node" config update \
|
||||||
|
"$@" \
|
||||||
--data-dir "$node_dir" \
|
--data-dir "$node_dir" \
|
||||||
"$@"
|
--rpc-addr "$rpc_addr" \
|
||||||
|
--log-output "$node_dir/log"
|
||||||
fi
|
fi
|
||||||
if [ -f "$node_dir/identity.json" ]; then
|
if [ -f "$node_dir/identity.json" ]; then
|
||||||
if ! "$node" identity check \
|
if ! "$node" identity check \
|
||||||
@ -70,7 +78,7 @@ run_node() {
|
|||||||
## Temporary hack until Pierre has debugged Lwt...
|
## Temporary hack until Pierre has debugged Lwt...
|
||||||
export LWT_ASYNC_METHOD=none
|
export LWT_ASYNC_METHOD=none
|
||||||
## END of temporary hack
|
## END of temporary hack
|
||||||
exec "$node" run --data-dir "$node_dir" "$@"
|
exec "$node" run "$@" --data-dir "$node_dir"
|
||||||
}
|
}
|
||||||
|
|
||||||
stop_node() {
|
stop_node() {
|
||||||
|
Loading…
Reference in New Issue
Block a user