From 5d58fa65d2dcc0850ba9acad85ab8d1e187372c9 Mon Sep 17 00:00:00 2001 From: dappnodedev Date: Fri, 5 Jul 2024 13:21:43 +0200 Subject: [PATCH 1/5] Add beacon-validator proxy --- docker-compose.yml | 7 ++++++ package_variants/gnosis/docker-compose.yml | 5 ++++ package_variants/holesky/docker-compose.yml | 5 ++++ package_variants/mainnet/docker-compose.yml | 5 ++++ proxy/Dockerfile | 15 ++++++++++++ proxy/entrypoint.sh | 20 +++++++++++++++ proxy/nginx.conf | 27 +++++++++++++++++++++ 7 files changed, 84 insertions(+) create mode 100644 proxy/Dockerfile create mode 100755 proxy/entrypoint.sh create mode 100644 proxy/nginx.conf diff --git a/docker-compose.yml b/docker-compose.yml index 7b72d86..6e5767e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,12 @@ version: "3.6" services: + # Proxy to forward legacy requests to beacon-validator instead of beacon-chain or validator + beacon-validator: + build: + context: proxy + depends_on: + - beacon-chain + - validator beacon-chain: build: diff --git a/package_variants/gnosis/docker-compose.yml b/package_variants/gnosis/docker-compose.yml index ca6b6df..cdbabe3 100644 --- a/package_variants/gnosis/docker-compose.yml +++ b/package_variants/gnosis/docker-compose.yml @@ -1,5 +1,10 @@ version: "3.5" services: + beacon-validator: + build: + args: + NETWORK: gnosis + beacon-chain: build: args: diff --git a/package_variants/holesky/docker-compose.yml b/package_variants/holesky/docker-compose.yml index adebb45..c30fdc2 100644 --- a/package_variants/holesky/docker-compose.yml +++ b/package_variants/holesky/docker-compose.yml @@ -1,5 +1,10 @@ version: "3.5" services: + beacon-validator: + build: + args: + NETWORK: holesky + beacon-chain: build: args: diff --git a/package_variants/mainnet/docker-compose.yml b/package_variants/mainnet/docker-compose.yml index e850f47..7611443 100644 --- a/package_variants/mainnet/docker-compose.yml +++ b/package_variants/mainnet/docker-compose.yml @@ -1,5 +1,10 @@ version: "3.5" services: + beacon-validator: + build: + args: + NETWORK: mainnet + beacon-chain: build: args: diff --git a/proxy/Dockerfile b/proxy/Dockerfile new file mode 100644 index 0000000..3d87812 --- /dev/null +++ b/proxy/Dockerfile @@ -0,0 +1,15 @@ +FROM nginx:1.27.0-alpine + +ARG NETWORK + +ENV NETWORK=${NETWORK} + +COPY nginx.conf /etc/nginx/nginx.conf.template + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh + +RUN chmod +x /usr/local/bin/entrypoint.sh + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] + +CMD ["nginx", "-g", "daemon off;"] diff --git a/proxy/entrypoint.sh b/proxy/entrypoint.sh new file mode 100755 index 0000000..aa5c827 --- /dev/null +++ b/proxy/entrypoint.sh @@ -0,0 +1,20 @@ +#!/bin/sh + +if [ -z "${NETWORK}" ]; then + echo "NETWORK is not defined. Exiting." + exit 1 +fi + +if [ "${NETWORK}" = "mainnet" ]; then + BEACON_CHAIN_URL="http://beacon-chain.nimbus.dappnode:3500" + VALIDATOR_URL="http://validator.nimbus.dappnode:3500" +else + BEACON_CHAIN_URL="http://beacon-chain.nimbus-${NETWORK}.dappnode:3500" + VALIDATOR_URL="http://validator.nimbus-${NETWORK}.dappnode:3500" +fi + +# Replace variables in nginx.conf +sed -e "s|\${VALIDATOR_URL}|${VALIDATOR_URL}|g" -e "s|\${BEACON_CHAIN_URL}|${BEACON_CHAIN_URL}|g" /etc/nginx/nginx.conf.template >/etc/nginx/nginx.conf + +# Start nginx +exec "$@" diff --git a/proxy/nginx.conf b/proxy/nginx.conf new file mode 100644 index 0000000..a23087e --- /dev/null +++ b/proxy/nginx.conf @@ -0,0 +1,27 @@ +events {} + +http { + server { + listen 3500; + + location / { + proxy_pass ${VALIDATOR_URL}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } + + server { + listen 4500; + + location / { + proxy_pass ${BEACON_CHAIN_URL}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + } +} From 4cc6dd06c5554cd7367d51c0f128f5e1bc67666c Mon Sep 17 00:00:00 2001 From: dappnodedev Date: Fri, 5 Jul 2024 13:31:11 +0200 Subject: [PATCH 2/5] Set boolean as string --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 6e5767e..fdac07c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,7 +34,7 @@ services: LOG_TYPE: INFO GRAFFITI: validating_from_DAppNode FEE_RECIPIENT: "" - ENABLE_DOPPELGANGER: true + ENABLE_DOPPELGANGER: "true" EXTRA_OPTS: "" restart: unless-stopped From ff8158197a1b3079056267da8996140a42f6d4b6 Mon Sep 17 00:00:00 2001 From: dappnodedev Date: Fri, 5 Jul 2024 15:57:04 +0200 Subject: [PATCH 3/5] Quiet on data dir not found --- beacon-chain/entrypoint.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/beacon-chain/entrypoint.sh b/beacon-chain/entrypoint.sh index 6f9761f..c16c081 100755 --- a/beacon-chain/entrypoint.sh +++ b/beacon-chain/entrypoint.sh @@ -8,7 +8,7 @@ MEVBOOST_FLAGS="--payload-builder=true --payload-builder-url" handle_checkpoint() { - if [ -n "$(ls -A "${DATA_DIR}/db")" ]; then + if [ -n "$(ls -A "${DATA_DIR}/db" 2>/dev/null)" ]; then echo "[INFO - entrypoint] Data directory has already been initialized, skipping checkpoint sync." return fi From 474c9a5bd7eae78dd21b44f3eccfe8933c1409ad Mon Sep 17 00:00:00 2001 From: dappnodedev Date: Mon, 8 Jul 2024 10:19:25 +0200 Subject: [PATCH 4/5] Improve package user permission --- beacon-chain/Dockerfile | 10 ++++------ validator/Dockerfile | 8 +++----- validator/entrypoint.sh | 2 +- 3 files changed, 8 insertions(+), 12 deletions(-) diff --git a/beacon-chain/Dockerfile b/beacon-chain/Dockerfile index 9326e49..2a348f7 100644 --- a/beacon-chain/Dockerfile +++ b/beacon-chain/Dockerfile @@ -6,10 +6,6 @@ ARG NETWORK ARG P2P_PORT ARG STAKER_SCRIPTS_VERSION -USER root - -RUN apt-get update && apt-get install -y curl && apt-get clean - COPY entrypoint.sh /usr/local/bin/entrypoint.sh COPY jwtsecret.hex /jwtsecret @@ -19,12 +15,14 @@ ENV JWT_SECRET_FILE=/jwtsecret \ P2P_PORT=${P2P_PORT} \ NIMBUS_BIN="/home/user/nimbus_beacon_node" \ DATA_DIR="/home/user/nimbus-eth2/build/data" \ - TOKEN_FILE="${DATA_DIR}/auth-token" \ - AUTH_TOKEN_PATH=${AUTH_TOKEN_PATH} \ STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION} ADD ${STAKER_SCRIPTS_URL}/consensus_tools.sh /etc/profile.d/ +USER root +RUN apt-get update && apt-get install -y curl && apt-get clean +USER user + RUN chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] \ No newline at end of file diff --git a/validator/Dockerfile b/validator/Dockerfile index 8b6252b..4571992 100644 --- a/validator/Dockerfile +++ b/validator/Dockerfile @@ -4,15 +4,13 @@ FROM statusim/nimbus-validator-client:multiarch-${UPSTREAM_VERSION} ARG NETWORK ARG STAKER_SCRIPTS_VERSION -ARG AUTH_TOKEN_PATH=/security/auth-token - -USER root +ARG VALIDATOR_API_TOKEN_PATH=/security/auth-token COPY entrypoint.sh /usr/local/bin/entrypoint.sh -COPY auth-token ${AUTH_TOKEN_PATH} +COPY auth-token ${VALIDATOR_API_TOKEN_PATH} ENV NETWORK=${NETWORK} \ - AUTH_TOKEN_PATH=${AUTH_TOKEN_PATH} \ + VALIDATOR_API_TOKEN_PATH=${VALIDATOR_API_TOKEN_PATH} \ NIMBUS_BIN="/home/user/nimbus_validator_client" \ STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION} diff --git a/validator/entrypoint.sh b/validator/entrypoint.sh index 8b8036f..5b6fe3d 100644 --- a/validator/entrypoint.sh +++ b/validator/entrypoint.sh @@ -22,7 +22,7 @@ run_validator() { --keymanager-port=3500 \ --keymanager-address=0.0.0.0 \ --keymanager-allow-origin=* \ - --keymanager-token-file="${AUTH_TOKEN_PATH}" \ + --keymanager-token-file="${VALIDATOR_API_TOKEN_PATH}" \ --metrics=true \ --metrics-address=0.0.0.0 \ --metrics-port=8008 \ From 5e868dacc6086abeb2a8d34f58a2facdbd30a92a Mon Sep 17 00:00:00 2001 From: dappnodedev Date: Mon, 22 Jul 2024 12:25:11 +0200 Subject: [PATCH 5/5] Use latest staker package scripts version --- beacon-chain/Dockerfile | 21 +++++----- beacon-chain/entrypoint.sh | 79 +++++++++++++++++--------------------- docker-compose.yml | 5 +++ validator/Dockerfile | 21 ++++++---- validator/entrypoint.sh | 48 +++++++++++------------ 5 files changed, 90 insertions(+), 84 deletions(-) diff --git a/beacon-chain/Dockerfile b/beacon-chain/Dockerfile index 2a348f7..ea54295 100644 --- a/beacon-chain/Dockerfile +++ b/beacon-chain/Dockerfile @@ -3,26 +3,29 @@ ARG UPSTREAM_VERSION FROM statusim/nimbus-eth2:multiarch-${UPSTREAM_VERSION} ARG NETWORK -ARG P2P_PORT ARG STAKER_SCRIPTS_VERSION - -COPY entrypoint.sh /usr/local/bin/entrypoint.sh -COPY jwtsecret.hex /jwtsecret +ARG DATA_DIR +ARG P2P_PORT ENV JWT_SECRET_FILE=/jwtsecret \ - NETWORK=${NETWORK} \ VALIDATOR_PORT=3500 \ + DATA_DIR=${DATA_DIR} \ P2P_PORT=${P2P_PORT} \ NIMBUS_BIN="/home/user/nimbus_beacon_node" \ - DATA_DIR="/home/user/nimbus-eth2/build/data" \ STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION} +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +COPY jwtsecret.hex ${JWT_SECRET_FILE} + ADD ${STAKER_SCRIPTS_URL}/consensus_tools.sh /etc/profile.d/ USER root -RUN apt-get update && apt-get install -y curl && apt-get clean -USER user -RUN chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh +RUN apt-get update && apt-get --yes install curl && apt-get clean && \ + chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh + +# This env changes the variant +# Placed at the end to regenerate the least amount of layers +ENV NETWORK=${NETWORK} ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] \ No newline at end of file diff --git a/beacon-chain/entrypoint.sh b/beacon-chain/entrypoint.sh index c16c081..f0e371c 100755 --- a/beacon-chain/entrypoint.sh +++ b/beacon-chain/entrypoint.sh @@ -1,55 +1,46 @@ #!/bin/sh SUPPORTED_NETWORKS="gnosis holesky mainnet" -MEVBOOST_FLAGS="--payload-builder=true --payload-builder-url" +MEVBOOST_FLAG_KEYS="--payload-builder=true --payload-builder-url" # shellcheck disable=SC1091 # Path is relative to the Dockerfile . /etc/profile -handle_checkpoint() { +ENGINE_URL=$(get_engine_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}") +VALID_FEE_RECIPIENT=$(get_valid_fee_recipient "${FEE_RECIPIENT}") +MEVBOOST_FLAG=$(get_mevboost_flag "${NETWORK}" "${MEVBOOST_FLAG_KEYS}") - if [ -n "$(ls -A "${DATA_DIR}/db" 2>/dev/null)" ]; then - echo "[INFO - entrypoint] Data directory has already been initialized, skipping checkpoint sync." - return - fi +if [ -n "$(ls -A "${DATA_DIR}/db" 2>/dev/null)" ]; then + echo "[INFO - entrypoint] Data directory has already been initialized, skipping checkpoint sync." - # Run checkpoint sync script if provided - if [ -n "${CHECKPOINT_SYNC_URL}" ]; then - echo "[INFO - entrypoint] Running checkpoint sync script" +elif [ -n "${CHECKPOINT_SYNC_URL}" ]; then + echo "[INFO - entrypoint] Running checkpoint sync script" - ${NIMBUS_BIN} trustedNodeSync \ - --network="${NETWORK}" \ - --trusted-node-url="${CHECKPOINT_SYNC_URL}" \ - --backfill=false \ - --data-dir="${DATA_DIR}" - else - echo "[WARN - entrypoint] No checkpoint sync script provided. Syncing from genesis." - fi -} - -run_beacon() { - echo "[INFO - entrypoint] Running beacon node service" - - # shellcheck disable=SC2086 - exec ${NIMBUS_BIN} \ + ${NIMBUS_BIN} trustedNodeSync \ --network="${NETWORK}" \ - --data-dir="${DATA_DIR}" \ - --tcp-port="${P2P_PORT}" \ - --udp-port="${P2P_PORT}" \ - --log-level="${LOG_TYPE}" \ - --rest \ - --rest-port=3500 \ - --rest-address=0.0.0.0 \ - --metrics \ - --metrics-address=0.0.0.0 \ - --metrics-port=8008 \ - --jwt-secret=/jwtsecret \ - --web3-url="${ENGINE_API_URL}" \ - --suggested-fee-recipient="${FEE_RECIPIENT}" ${EXTRA_OPTS} -} - -format_graffiti -set_beacon_config_by_network "${NETWORK}" "${SUPPORTED_NETWORKS}" -handle_checkpoint -set_mevboost_flag "${MEVBOOST_FLAGS}" # MEV-Boost: https://chainsafe.github.io/lodestar/usage/mev-integration/ -run_beacon + --trusted-node-url="${CHECKPOINT_SYNC_URL}" \ + --backfill=false \ + --data-dir="${DATA_DIR}" + +else + echo "[WARN - entrypoint] No checkpoint sync script provided. Syncing from genesis." +fi + +echo "[INFO - entrypoint] Running beacon node service" + +# shellcheck disable=SC2086 +exec ${NIMBUS_BIN} \ + --network="${NETWORK}" \ + --data-dir="${DATA_DIR}" \ + --tcp-port="${P2P_PORT}" \ + --udp-port="${P2P_PORT}" \ + --log-level="${LOG_TYPE}" \ + --rest \ + --rest-port=3500 \ + --rest-address=0.0.0.0 \ + --metrics \ + --metrics-address=0.0.0.0 \ + --metrics-port=8008 \ + --jwt-secret=/jwtsecret \ + --web3-url="${ENGINE_URL}" \ + --suggested-fee-recipient="${VALID_FEE_RECIPIENT}" ${MEVBOOST_FLAG} ${EXTRA_OPTS} diff --git a/docker-compose.yml b/docker-compose.yml index fdac07c..bcdfad8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,6 +14,7 @@ services: args: UPSTREAM_VERSION: v24.6.0 STAKER_SCRIPTS_VERSION: v0.1.0 + DATA_DIR: /home/user/nimbus-eth2/build/data environment: LOG_TYPE: INFO FEE_RECIPIENT: "" @@ -30,14 +31,18 @@ services: args: UPSTREAM_VERSION: v24.6.0 STAKER_SCRIPTS_VERSION: v0.1.0 + DATA_DIR: /home/user/nimbus-eth2/build/data environment: LOG_TYPE: INFO GRAFFITI: validating_from_DAppNode FEE_RECIPIENT: "" ENABLE_DOPPELGANGER: "true" EXTRA_OPTS: "" + volumes: + - nimbus-validators-data:/home/user/nimbus-eth2/build/data restart: unless-stopped stop_grace_period: 1m volumes: nimbus-data: {} + nimbus-validators-data: {} diff --git a/validator/Dockerfile b/validator/Dockerfile index 4571992..1326b7c 100644 --- a/validator/Dockerfile +++ b/validator/Dockerfile @@ -4,18 +4,25 @@ FROM statusim/nimbus-validator-client:multiarch-${UPSTREAM_VERSION} ARG NETWORK ARG STAKER_SCRIPTS_VERSION -ARG VALIDATOR_API_TOKEN_PATH=/security/auth-token +ARG DATA_DIR -COPY entrypoint.sh /usr/local/bin/entrypoint.sh -COPY auth-token ${VALIDATOR_API_TOKEN_PATH} - -ENV NETWORK=${NETWORK} \ - VALIDATOR_API_TOKEN_PATH=${VALIDATOR_API_TOKEN_PATH} \ +ENV DATA_DIR=${DATA_DIR} \ + VALIDATOR_API_TOKEN_PATH=/security/auth-token \ NIMBUS_BIN="/home/user/nimbus_validator_client" \ STAKER_SCRIPTS_URL=https://github.com/dappnode/staker-package-scripts/releases/download/${STAKER_SCRIPTS_VERSION} +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +COPY auth-token ${VALIDATOR_API_TOKEN_PATH} + ADD ${STAKER_SCRIPTS_URL}/consensus_tools.sh /etc/profile.d/ -RUN chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh +USER root + +RUN apt-get update && apt-get --yes install curl && apt-get clean && \ + chmod +rx /usr/local/bin/entrypoint.sh /etc/profile.d/consensus_tools.sh + +# This env changes the variant +# Placed at the end to regenerate the least amount of layers +ENV NETWORK=${NETWORK} ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ] \ No newline at end of file diff --git a/validator/entrypoint.sh b/validator/entrypoint.sh index 5b6fe3d..0a87f08 100644 --- a/validator/entrypoint.sh +++ b/validator/entrypoint.sh @@ -8,29 +8,29 @@ CLIENT="nimbus" # shellcheck disable=SC1091 . /etc/profile -run_validator() { - echo "[INFO - entrypoint] Running validator service" +VALID_GRAFFITI=$(get_valid_graffiti "${GRAFFITI}") +VALID_FEE_RECIPIENT=$(get_valid_fee_recipient "${FEE_RECIPIENT}") +SIGNER_API_URL=$(get_signer_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}") +BEACON_API_URL=$(get_beacon_api_url "${NETWORK}" "${SUPPORTED_NETWORKS}" "${CLIENT}") +MEVBOOST_FLAG=$(get_mevboost_flag "${MEVBOOST_FLAG_KEY}" "${SKIP_MEVBOOST_URL}") - # shellcheck disable=SC2086 - exec ${NIMBUS_BIN} \ - --log-level="${LOG_TYPE}" \ - --doppelganger-detection="${ENABLE_DOPPELGANGER}" \ - --non-interactive=true \ - --web3-signer-url="${WEB3SIGNER_API_URL}" \ - --suggested-fee-recipient="${FEE_RECIPIENT}" \ - --keymanager=true \ - --keymanager-port=3500 \ - --keymanager-address=0.0.0.0 \ - --keymanager-allow-origin=* \ - --keymanager-token-file="${VALIDATOR_API_TOKEN_PATH}" \ - --metrics=true \ - --metrics-address=0.0.0.0 \ - --metrics-port=8008 \ - --graffiti="${GRAFFITI}" \ - --beacon-node="${BEACON_API_URL}" ${EXTRA_OPTS} -} +echo "[INFO - entrypoint] Running validator service" -format_graffiti -set_validator_config_by_network "${NETWORK}" "${SUPPORTED_NETWORKS}" "${CLIENT}" -set_mevboost_flag "${MEVBOOST_FLAG}" "${SKIP_MEVBOOST_URL}" # MEV-Boost: https://chainsafe.github.io/lodestar/usage/mev-integration/ -run_validator +# shellcheck disable=SC2086 +exec ${NIMBUS_BIN} \ + --log-level="${LOG_TYPE}" \ + --data-dir="${DATA_DIR}" \ + --doppelganger-detection="${ENABLE_DOPPELGANGER}" \ + --non-interactive \ + --web3-signer-url="${SIGNER_API_URL}" \ + --suggested-fee-recipient="${VALID_FEE_RECIPIENT}" \ + --keymanager=true \ + --keymanager-port=3500 \ + --keymanager-address=0.0.0.0 \ + --keymanager-allow-origin=* \ + --keymanager-token-file="${VALIDATOR_API_TOKEN_PATH}" \ + --metrics=true \ + --metrics-address=0.0.0.0 \ + --metrics-port=8008 \ + --graffiti="${VALID_GRAFFITI}" \ + --beacon-node="${BEACON_API_URL}" ${MEVBOOST_FLAG} ${EXTRA_OPTS}