Docker: do not export the RPC port by default.

This commit is contained in:
Grégoire Henry 2017-04-19 15:32:27 +02:00 committed by Benjamin Canou
parent 9b3e2c2502
commit 400d25d54a
3 changed files with 42 additions and 22 deletions

View File

@ -5,7 +5,7 @@ LABEL distro_style="apk" distro="alpine" distro_long="alpine-$alpine_version" ar
RUN adduser -S tezos && \ RUN adduser -S tezos && \
apk update && \ apk update && \
apk upgrade && \ apk upgrade && \
apk add sudo bash libssl1.0 libsodium libev gmp git nginx && \ apk add sudo bash libssl1.0 libsodium libev gmp git && \
rm -f /var/cache/apk/* && \ rm -f /var/cache/apk/* && \
echo 'tezos ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/tezos && \ echo 'tezos ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/tezos && \
chmod 440 /etc/sudoers.d/tezos && \ chmod 440 /etc/sudoers.d/tezos && \
@ -30,9 +30,6 @@ RUN sudo cp scripts/docker_entrypoint.sh /usr/local/bin/tezos && \
RUN sudo mkdir -p /var/run/tezos && \ RUN sudo mkdir -p /var/run/tezos && \
sudo chown tezos /var/run/tezos sudo chown tezos /var/run/tezos
RUN sudo mkdir -p /run/nginx && \
sudo cp scripts/nginx.conf /etc/nginx
ENV EDITOR=vi ENV EDITOR=vi
VOLUME /var/run/tezos VOLUME /var/run/tezos

View File

@ -162,6 +162,9 @@ assert_container() {
} }
start_container() { start_container() {
if [ "$#" -ge 2 ] && [ "$1" = "--rpc-port" ] ; then
docker_export_rpc="-p $2:8732"
fi
if check_container; then if check_container; then
assert_container_uptodate assert_container_uptodate
else else
@ -170,13 +173,11 @@ start_container() {
fi fi
docker rm "$docker_container" || true > /dev/null 2>&1 docker rm "$docker_container" || true > /dev/null 2>&1
echo "Launching the docker container..." echo "Launching the docker container..."
docker run --rm -dit -p "$port:$port" -p "8732:80" \ docker run --rm -dit -p "$port:$port" $docker_export_rpc \
-v $docker_volume:/var/run/tezos \ -v "$docker_volume:/var/run/tezos" \
--entrypoint /bin/sh \ --entrypoint /bin/sh \
--name "$docker_container" \ --name "$docker_container" \
"$docker_image" > /dev/null "$docker_image" > /dev/null
docker exec --user root --detach "$docker_container" \
nginx -c /etc/nginx/nginx.conf
may_restore_identity may_restore_identity
may_restore_accounts may_restore_accounts
fi fi
@ -198,7 +199,8 @@ stop_container() {
## Node #################################################################### ## Node ####################################################################
init_node() { init_node() {
docker exec "$docker_container" tezos init "$@" docker exec "$docker_container" tezos init \
"$@" --net-addr "[::]:$port"
save_identity save_identity
} }
@ -332,7 +334,11 @@ run_client() {
} }
run_shell() { run_shell() {
if [ $# -eq 0 ]; then
docker exec -it "$docker_container" bash docker exec -it "$docker_container" bash
else
docker exec -it "$docker_container" bash -c "$@"
fi
save_accounts save_accounts
} }
@ -347,8 +353,8 @@ display_head() {
start() { start() {
pull_image pull_image
start_container start_container "$@"
init_node --net-addr "[::]:$port" "$@" init_node "$@"
start_node start_node
start_baker start_baker
start_endorser start_endorser
@ -417,11 +423,18 @@ update_script() {
usage() { usage() {
echo "Usage: $0 [GLOBAL_OPTIONS] <command> [OPTIONS]" echo "Usage: $0 [GLOBAL_OPTIONS] <command> [OPTIONS]"
echo " Main commands:" echo " Main commands:"
echo " $0 start [OPTIONS] (passed to tezos-node config init)" echo " $0 start [--rpc-port <int>] [OPTIONS]"
echo " Launch a full Tezos alphanet node in a docker container" echo " Launch a full Tezos alphanet node in a docker container"
echo " automatically generating a new network identity." echo " automatically generating a new network identity."
echo " An account my_account for a manager my_identity is also" echo " An account 'my_account' for a manager 'my_identity' is also"
echo " created to be used via the client." echo " created to be used via the client."
echo " OPTIONS (others than --rpc-port) are directly passed to the"
echo " Tezos node, see '$0 shell tezos-node config --help'"
echo " for more details."
echo " By default, the RPC port is not exported outside the docker"
echo " container. WARNING: when exported some RPCs could be harmful"
echo " (e.g. 'inject_block', 'force_validation', ...), it is"
echo " advised not to export them publicly."
echo " $0 <stop|kill>" echo " $0 <stop|kill>"
echo " Friendly or brutally stop the node." echo " Friendly or brutally stop the node."
echo " $0 restart" echo " $0 restart"
@ -447,7 +460,9 @@ usage() {
echo " $0 endorser <start|stop|status|log>" echo " $0 endorser <start|stop|status|log>"
echo " $0 shell" echo " $0 shell"
echo "Node configuration backup directory: $data_dir" echo "Node configuration backup directory: $data_dir"
echo "Global options are currently restricted to: '--port <int>'" echo "Global options are currently limited to:"
echo " --port <int>"
echo " change public the port Tezos node"
} }
## Dispatch ################################################################ ## Dispatch ################################################################
@ -503,7 +518,7 @@ case "$command" in
if [ "$#" -eq 0 ] ; then usage ; exit 1 ; else shift ; fi if [ "$#" -eq 0 ] ; then usage ; exit 1 ; else shift ; fi
case "$subcommand" in case "$subcommand" in
start) start)
start_container start_container "$@"
warn_script_uptodate warn_script_uptodate
;; ;;
status) status)
@ -617,7 +632,7 @@ case "$command" in
;; ;;
shell) shell)
assert_uptodate assert_uptodate
run_shell run_shell "$@"
;; ;;
client) client)
assert_uptodate assert_uptodate

View File

@ -33,16 +33,24 @@ init() {
rmdir "$data_dir/bak" rmdir "$data_dir/bak"
cp ~/scripts/alphanet_version "$data_dir/alphanet_version" cp ~/scripts/alphanet_version "$data_dir/alphanet_version"
fi fi
if [ "$#" -ge 2 ] && [ "$1" = "--rpc-port" ] ; then
rpc_addr="[::]:8732"
shift 2
else
rpc_addr="127.0.0.1:8732"
fi
if [ ! -f "$node_dir/config.json" ]; then if [ ! -f "$node_dir/config.json" ]; then
"$node" config init \ "$node" config init \
"$@" \
--data-dir "$node_dir" \ --data-dir "$node_dir" \
--rpc-addr "127.0.0.1:8732" \ --rpc-addr "$rpc_addr" \
--log-output "$node_dir/log" \ --log-output "$node_dir/log"
"$@"
else else
"$node" config update \ "$node" config update \
"$@" \
--data-dir "$node_dir" \ --data-dir "$node_dir" \
"$@" --rpc-addr "$rpc_addr" \
--log-output "$node_dir/log"
fi fi
if [ -f "$node_dir/identity.json" ]; then if [ -f "$node_dir/identity.json" ]; then
if ! "$node" identity check \ if ! "$node" identity check \
@ -70,7 +78,7 @@ run_node() {
## Temporary hack until Pierre has debugged Lwt... ## Temporary hack until Pierre has debugged Lwt...
export LWT_ASYNC_METHOD=none export LWT_ASYNC_METHOD=none
## END of temporary hack ## END of temporary hack
exec "$node" run --data-dir "$node_dir" "$@" exec "$node" run "$@" --data-dir "$node_dir"
} }
stop_node() { stop_node() {