From 72e200bfd32f52259acb0fbb4e229f2f9746d079 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gr=C3=A9goire=20Henry?= Date: Mon, 17 Apr 2017 02:25:20 +0200 Subject: [PATCH] Docker: export "safe" RPCs from the container. --- .gitlab-ci.yml | 6 +++--- scripts/Dockerfile.binaries.in | 9 ++++++--- scripts/alphanet.sh | 26 +++++++++++++++++++------- scripts/alphanet_constants.patch | 12 ------------ scripts/alphanet_next.patch | 12 ------------ scripts/client_lib.inc.sh | 6 +++--- scripts/docker_entrypoint.inc.sh | 26 +++++++++++++++----------- scripts/nginx.conf | 31 +++++++++++++++++++++++++++++++ 8 files changed, 77 insertions(+), 51 deletions(-) create mode 100644 scripts/nginx.conf diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 595f8d9de..ed06bc72b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -173,6 +173,7 @@ build:docker:alphanet: only: - alphanet@tezos/tezos script: + - sed -i s/TEZOS/TEZOS_ALPHANET/ src/node/shell/distributed_db_message.ml - patch -p1 < scripts/alphanet_constants.patch - ./scripts/create_docker_image.sh "${CI_REGISTRY_IMAGE}" "${CI_BUILD_REF}.patched" . @@ -185,6 +186,7 @@ build:docker:alphanet_next: only: - master@tezos/tezos script: + - sed -i s/TEZOS/TEZOS_ALPHANET_NEXT/ src/node/shell/distributed_db_message.ml - patch -p1 < scripts/alphanet_constants.patch - patch -p1 < scripts/alphanet_next.patch - ./scripts/create_docker_image.sh @@ -296,9 +298,7 @@ deploy:alphanet_next: - echo "${CI_KH}" > ~/.ssh/known_hosts - echo "${CI_PK_ALPHANET_NEXT}" > ~/.ssh/id_ed25519 - chmod 400 ~/.ssh/id_ed25519 - - ssh greg@zo.gbzm.fr - - ssh tezos@35.167.138.212 - - ssh tezos@35.165.227.4 + - echo | ssh -v greg@zo.gbzm.fr allow_failure: true cleanup: diff --git a/scripts/Dockerfile.binaries.in b/scripts/Dockerfile.binaries.in index 551d38ef7..d0c34f540 100644 --- a/scripts/Dockerfile.binaries.in +++ b/scripts/Dockerfile.binaries.in @@ -2,11 +2,11 @@ FROM alpine:$alpine_version LABEL distro_style="apk" distro="alpine" distro_long="alpine-$alpine_version" arch="x86_64" operatingsystem="linux" -RUN apk update && \ +RUN adduser -S tezos && \ + apk update && \ apk upgrade && \ - apk add sudo bash libssl1.0 libsodium libev gmp git && \ + apk add sudo bash libssl1.0 libsodium libev gmp git nginx && \ rm -f /var/cache/apk/* && \ - adduser -S tezos && \ echo 'tezos ALL=(ALL:ALL) NOPASSWD:ALL' > /etc/sudoers.d/tezos && \ chmod 440 /etc/sudoers.d/tezos && \ chown root:root /etc/sudoers.d/tezos && \ @@ -30,6 +30,9 @@ RUN sudo cp scripts/docker_entrypoint.sh /usr/local/bin/tezos && \ RUN sudo mkdir -p /var/run/tezos && \ sudo chown tezos /var/run/tezos +RUN sudo mkdir -p /run/nginx && \ + sudo cp scripts/nginx.conf /etc/nginx + ENV EDITOR=vi VOLUME /var/run/tezos diff --git a/scripts/alphanet.sh b/scripts/alphanet.sh index 5d143a499..7f4139e50 100755 --- a/scripts/alphanet.sh +++ b/scripts/alphanet.sh @@ -128,7 +128,7 @@ check_volume() { clear_volume() { if check_volume ; then - docker volume rm "$docker_volume" + docker volume rm "$docker_volume" > /dev/null echo "\033[32mThe blockchain data has been removed from the disk.\033[0m" else echo "\033[32mNo remaining data to be removed from the disk.\033[0m" @@ -170,11 +170,13 @@ start_container() { fi docker rm "$docker_container" || true > /dev/null 2>&1 echo "Launching the docker container..." - docker run -dit -p "$port:$port" \ + docker run --rm -dit -p "$port:$port" -p "8732:80" \ -v $docker_volume:/var/run/tezos \ --entrypoint /bin/sh \ --name "$docker_container" \ "$docker_image" > /dev/null + docker exec --user root --detach "$docker_container" \ + nginx -c /etc/nginx/nginx.conf may_restore_identity may_restore_accounts fi @@ -188,7 +190,7 @@ stop_container() { save_identity ## Saving again, just in case... save_accounts printf "Stopping the container... " - docker stop "$docker_container" + docker stop "$docker_container" >/dev/null echo " done" } @@ -400,10 +402,16 @@ assert_uptodate() { update_script() { pull_image - tmp="$(docker run -dit --entrypoint /bin/true "$docker_image")" - docker cp "$tmp:home/tezos/scripts/alphanet.sh" "$0" - docker stop "$tmp" - echo "\033[32mThe script has been updated.\033[0m" + tmp="$(docker run --rm -dit --entrypoint /bin/true "$docker_image")" + docker cp "$tmp:home/tezos/scripts/alphanet.sh" ".alphanet.sh.new" + docker stop "$tmp" > /dev/null + if ! diff .alphanet.sh.new "$0" >/dev/null 2>&1 ; then + mv .alphanet.sh.new "$0" + echo "\033[32mThe script has been updated.\033[0m" + else + rm .alphanet.sh.new + echo "\033[32mThe script is up to date.\033[0m" + fi } usage() { @@ -470,6 +478,10 @@ case "$command" in exec "$0" start "$@" ;; clear) + if check_container; then + echo "\033[31mCannot clear data while the container is running.\033[0m" + exit 1 + fi clear_volume ;; status) diff --git a/scripts/alphanet_constants.patch b/scripts/alphanet_constants.patch index 45f485e5c..cf25e2c42 100644 --- a/scripts/alphanet_constants.patch +++ b/scripts/alphanet_constants.patch @@ -22,15 +22,3 @@ diff --git a/src/proto/alpha/constants_repr.ml b/src/proto/alpha/constants_repr. max_signing_slot = 15 ; instructions_per_transaction = 16 * 1024 ; proof_of_work_threshold = -diff --git a/src/node/shell/distributed_db_message.ml b/src/node/shell/distributed_db_message.ml ---- a/src/node/shell/distributed_db_message.ml -+++ b/src/node/shell/distributed_db_message.ml -@@ -144,7 +144,7 @@ let encoding = - - let versions = - let open P2p.Version in -- [ { name = "TEZOS" ; -+ [ { name = "TEZOS_ALPHANET" ; - major = 0 ; - minor = 5 ; - } diff --git a/scripts/alphanet_next.patch b/scripts/alphanet_next.patch index 3d59b6dce..d94dfd0eb 100644 --- a/scripts/alphanet_next.patch +++ b/scripts/alphanet_next.patch @@ -1,15 +1,3 @@ -diff --git a/src/node/shell/distributed_db_message.ml b/src/node/shell/distributed_db_message.ml ---- a/src/node/shell/distributed_db_message.ml -+++ b/src/node/shell/distributed_db_message.ml -@@ -144,7 +144,7 @@ let encoding = - - let versions = - let open P2p.Version in -- [ { name = "TEZOS_ALPHANET" ; -+ [ { name = "TEZOS_ALPHANET_NEXT" ; - major = 0 ; - minor = 5 ; - } diff --git a/scripts/alphanet.sh b/scripts/alphanet.sh --- a/scripts/alphanet.sh +++ b/scripts/alphanet.sh diff --git a/scripts/client_lib.inc.sh b/scripts/client_lib.inc.sh index 7ef91453f..ef1c6fdf3 100644 --- a/scripts/client_lib.inc.sh +++ b/scripts/client_lib.inc.sh @@ -28,12 +28,12 @@ wait_for_the_node_to_be_bootstraped() { may_create_identity() { if ! $client get balance "my_identity" >/dev/null 2>&1 ; then echo "Generating new manager key (known as 'my_identity')..." - $client gen keys my_identity + $client gen keys "my_identity" fi if ! $client get balance "my_account" >/dev/null 2>&1 ; then echo "Creating new account for 'my_identity' (known as 'my_account')..." - $client forget contract my_account || true >/dev/null 2>&1 - $client originate free account my_account for my_identity + $client forget contract "my_account" >/dev/null 2>&1 || true + $client originate free account "my_account" for "my_identity" fi } diff --git a/scripts/docker_entrypoint.inc.sh b/scripts/docker_entrypoint.inc.sh index 7ed5ed056..f6d1d1190 100644 --- a/scripts/docker_entrypoint.inc.sh +++ b/scripts/docker_entrypoint.inc.sh @@ -7,20 +7,24 @@ node="${node:=tezos-node}" client="${client:=tezos-client -base-dir \"$client_dir\"}" init() { - if [ -f "$data_dir/alphanet_version" ] && \ - [ "$(cat $data_dir/alphanet_version)" \ + if [ ! -f "$data_dir/alphanet_version" ] || \ + [ "$(cat "$data_dir/alphanet_version")" \ != "$(cat ~/scripts/alphanet_version)" ]; then - echo "\033[33mThe alphanet chain has been reset\033[0m" - mv "$node_dir/identity.json" /tmp - mv "$client_dir/public key hashs" /tmp - mv "$client_dir/public keys" /tmp - mv "$client_dir/secret keys" /tmp + echo -e "\033[33mThe alphanet chain has been reset\033[0m" + mkdir -p "$data_dir/bak" + mv "$node_dir/identity.json" \ + "$client_dir/public key hashs" \ + "$client_dir/public keys" \ + "$client_dir/secret keys" \ + "$data_dir/bak" rm -rf "$node_dir" "$client_dir" mkdir -p "$node_dir" "$client_dir" - mv "/tmp/identity.json" "$node_dir/" - mv "/tmp/public key hashs" "$client_dir/" - mv "/tmp/public keys" "$client_dir/" - mv "/tmp/secret keys" "$client_dir/" + mv "$data_dir/bak/identity.json" "$node_dir/" + mv "$data_dir/bak/public key hashs" "$client_dir/" + mv "$data_dir/bak/public keys" "$client_dir/" + mv "$data_dir/bak/secret keys" "$client_dir/" + rmdir "$data_dir/bak" + cp ~/scripts/alphanet_version "$data_dir/alphanet_version" fi if [ ! -f "$node_dir/config.json" ]; then "$node" config init \ diff --git a/scripts/nginx.conf b/scripts/nginx.conf new file mode 100644 index 000000000..2db9fae21 --- /dev/null +++ b/scripts/nginx.conf @@ -0,0 +1,31 @@ +# /etc/nginx/nginx.conf + +user nginx; + +worker_processes 1; +error_log off; + +events { + worker_connections 1024; +} + +http { + server_tokens off; + client_max_body_size 0; + keepalive_timeout 65; + tcp_nodelay on; + access_log off; + server { + listen 80 default_server; + listen [::]:80 default_server; + location / { + proxy_pass http://127.0.0.1:8732/; + } + location ~ ^/(validate_block|network/connection/.*/kick|network/connect/|(forge|inject)_(block|operation|protocol)/) { + return 404; + } + location = /404.html { + internal; + } + } +}