zerotier removal - Best to use a multi-cluster vpn such as kilo (#615)

oxheadalpha · Dec 8, 2023 · 6aea0dc · 6aea0dc
1 parent c1fb087
commit 6aea0dc
Show file tree

Hide file tree

Showing 21 changed files with 21 additions and 436 deletions.
diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md
@@ -61,8 +61,6 @@ Devspace will now do a few things:
 
 - If you would like to build all of our images without using Devspace to deploy (you might want to do a `helm install` instead), you can run `devspace build -t dev --skip-push`.
 
-- Due to a current limitation of devspace, multiple profiles cannot be used at one time. Therefore, devspace will watch `zerotier` files even if tezos nodes are not configured to use it via `mkchain`. Preferably `zerotier` would also be a profile in addition to `rpc-auth` being one.
-
 - If you find that you have images built but Devspace is having a hard time getting them and/or is producing errors that don't seem to make sense, you can try `rm -rf .devspace` to remove any potentially wrong state.
 
 # Helm Charts

diff --git a/charts/tezos/scripts/octez-node.sh b/charts/tezos/scripts/octez-node.sh
@@ -5,8 +5,7 @@ set -xe
 # ensure we can run octez-client commands without specifying client dir
 ln -s /var/tezos/client /home/tezos/.tezos-client
 #
-# Not every error is fatal on start.  In particular, with zerotier,
-# the listen-addr may not yet be bound causing octez-node to fail.
+# Not every error is fatal on start.
 # So, we try a few times with increasing delays:
 
 for d in 1 1 5 10 20 60 120; do

diff --git a/charts/tezos/templates/_containers.tpl b/charts/tezos/templates/_containers.tpl
@@ -348,60 +348,6 @@
 {{- end }}
 
 {{/*
-// * The zerotier containers:
-*/}}
-
-{{- define "tezos.init_container.zerotier" }}
-{{- if (include "tezos.doesZerotierConfigExist" .) }}
-- envFrom:
-    - configMapRef:
-        name: tezos-config
-    - configMapRef:
-        name: zerotier-config
-  image: "{{ .Values.tezos_k8s_images.zerotier }}"
-  imagePullPolicy: IfNotPresent
-  name: get-zerotier-ip
-  securityContext:
-    capabilities:
-      add:
-        - NET_ADMIN
-        - NET_RAW
-        - SYS_ADMIN
-    privileged: true
-  volumeMounts:
-    - mountPath: /etc/tezos
-      name: config-volume
-    - mountPath: /var/tezos
-      name: var-volume
-    - mountPath: /dev/net/tun
-      name: dev-net-tun
-  env:
-{{- include "tezos.localvars.pod_envvars" . | indent 4 }}
-{{- end }}
-{{- end }}
-
-{{- define "tezos.container.zerotier" }}
-{{- if (include "tezos.doesZerotierConfigExist" .) }}
-- args:
-    - "-c"
-    - "echo 'starting zerotier' && zerotier-one /var/tezos/zerotier"
-  command:
-    - sh
-  image: "{{ .Values.tezos_k8s_images.zerotier }}"
-  imagePullPolicy: IfNotPresent
-  name: zerotier
-  securityContext:
-    capabilities:
-      add:
-        - NET_ADMIN
-        - NET_RAW
-        - SYS_ADMIN
-    privileged: true
-  volumeMounts:
-    - mountPath: /var/tezos
-      name: var-volume
-{{- end }}
-{{- end }}
 
 {{/*
   Node selector config section

diff --git a/charts/tezos/templates/_helpers.tpl b/charts/tezos/templates/_helpers.tpl
@@ -1,16 +1,3 @@
-{{/*
-  Checks if Zerotier config has a network and token set.
-  Returns a string "true" or empty string which is falsey.
-*/}}
-{{- define "tezos.doesZerotierConfigExist" -}}
-  {{- $zerotier_config := .Values.zerotier_config | default dict }}
-  {{- if and ($zerotier_config.zerotier_network)  ($zerotier_config.zerotier_token) }}
-    {{- "true" }}
-  {{- else }}
-    {{- "" }}
-  {{- end }}
-{{- end }}
-
 {{/*
   Should nodes wait for DNS to be ready for peers
   Yes if these conditions are met:

diff --git a/charts/tezos/templates/configs.yaml b/charts/tezos/templates/configs.yaml
@@ -62,20 +62,6 @@ data:
 
 ---
 
-{{- if (include "tezos.doesZerotierConfigExist" .) }}
-apiVersion: v1
-data:
-  NETWORK_ID: "{{ .Values.zerotier_config.zerotier_network }}"
-  ZTAUTHTOKEN: "{{ .Values.zerotier_config.zerotier_token }}"
-  NODES: |
-{{ .Values.nodes | mustToPrettyJson | indent 4 }}
-kind: ConfigMap
-metadata:
-  name: zerotier-config
-  namespace: {{ .Release.Namespace }}
-{{- end }}
----
-
 apiVersion: v1
 data:
   ACCOUNTS: |

diff --git a/charts/tezos/templates/nodes.yaml b/charts/tezos/templates/nodes.yaml
@@ -35,12 +35,10 @@ spec:
         {{- include "tezos.container.accusers"  $ | indent 8 }}
         {{- include "tezos.container.bakers"    $ | indent 8 }}
         {{- include "tezos.container.logger"    $ | indent 8 }}
-        {{- include "tezos.container.zerotier"  $ | indent 8 }}
         {{- include "tezos.container.sidecar"   $ | indent 8 }}
         {{- include "tezos.container.vdf"       $ | indent 8 }}
       initContainers:
         {{- include "tezos.init_container.config_init"         $ | indent 8 }}
-        {{- include "tezos.init_container.zerotier"            $ | indent 8 }}
         {{- include "tezos.init_container.config_generator"    $ | indent 8 }}
         {{- include "tezos.init_container.snapshot_downloader" $ | indent 8 }}
         {{- include "tezos.init_container.snapshot_importer"   $ | indent 8 }}
@@ -50,11 +48,6 @@ spec:
         fsGroup: 1000
 {{- include "tezos.nodeSelectorConfig" $ | indent 6 }}
       volumes:
-      {{- if (include "tezos.doesZerotierConfigExist" $) }}
-        - hostPath:
-            path: /dev/net/tun
-          name: dev-net-tun
-      {{- end }}
         - emptyDir: {}
           name: config-volume
         - name: tezos-accounts

diff --git a/charts/tezos/values.yaml b/charts/tezos/values.yaml
@@ -1,19 +1,10 @@
-# Is the values file an invitation for a private chain
-is_invitation: false
-
-# A chain using Zerotier would be a private chain
-# zerotier_config:
-#   zerotier_network: YOUR_NETWORK_ID_HERE
-#   zerotier_token: YOUR_ZEROTIER_TOKEN_HERE
-
 # Images not part of the tezos-k8s repo go here
 images:
   octez: tezos/tezos:v17.3
   tacoinfraRemoteSigner: ghcr.io/oxheadalpha/tacoinfra-remote-signer:0.1.0
 # Images that are part of the tezos-k8s repo go here with 'dev' tag
 tezos_k8s_images:
   utils: ghcr.io/oxheadalpha/tezos-k8s-utils:master
-  zerotier: ghcr.io/oxheadalpha/tezos-k8s-zerotier:master
 
 ## Properties that are templated for some k8s resources. There are container
 ## scripts that will look up some of these values. They should not be modified.

diff --git a/devspace.yaml b/devspace.yaml
@@ -8,10 +8,6 @@ deployments:
         - ./${CHAIN_NAME}_values.yaml
 
 images:
-  zerotier:
-    image: tezos-k8s-zerotier
-    dockerfile: ./zerotier/Dockerfile
-    context: ./zerotier
   utils:
     image: tezos-k8s-utils
     dockerfile: ./utils/Dockerfile
@@ -29,8 +25,6 @@ dev:
   autoReload:
     deployments:
       - chain
-    paths:
-      - ./zerotier/*
 
 hooks:
   - command: minikube

diff --git a/docs/Prerequisites.md b/docs/Prerequisites.md
@@ -4,7 +4,6 @@
 - [docker](https://docs.docker.com/get-docker/)
 - [kubectl](https://kubernetes.io/docs/reference/kubectl/kubectl/)
 - [helm](https://helm.sh/)
-- (optional, for distributed private chains) A [ZeroTier](https://www.zerotier.com/) network with api access token
 
 ### For local deployment
 

diff --git a/docs/Private-Chain.md b/docs/Private-Chain.md
@@ -1,27 +1,5 @@
 # Creating a Private Blockchain
 
-## Zerotier
-
-Zerotier is a VPN service that the Tezos nodes in your cluster will use to communicate with each other.
-
-Create a ZeroTier network:
-
-- Go to https://my.zerotier.com
-- Login with credentials or create a new account
-- Go to https://my.zerotier.com/account to create a new API access token
-- Under `API Access Tokens > New Token`, give a name to your access token and generate it by clicking on the "generate" button. Save the generated access token, e.g. `yEflQt726fjXuSUyQ73WqXvAFoijXkLt` on your computer.
-- Go to https://my.zerotier.com/network
-- Create a new network by clicking on the "Create a Network"
-  button. Save the 16 character generated network
-  id, e.g. `1c33c1ced02a5eee` on your computer.
-
-Set Zerotier environment variables in order to access the network id and access token values with later commands:
-
-```shell
-export ZT_TOKEN=yEflQt726fjXuSUyQ73WqXvAFoijXkLt
-export ZT_NET=1c33c1ced02a5eee
-```
-
 ## mkchain
 
 mkchain is a python script that generates Helm values, which Helm then uses to create your Tezos chain on k8s.
@@ -47,7 +25,7 @@ export PYTHONUNBUFFERED=x
 Run `mkchain` to create your Helm values
 
 ```shell
-mkchain $CHAIN_NAME --zerotier-network $ZT_NET --zerotier-token $ZT_TOKEN
+mkchain $CHAIN_NAME
 ```
 
 This will create two files:
@@ -68,7 +46,6 @@ helm install $CHAIN_NAME oxheadalpha/tezos-chain \
 Your kubernetes cluster will now be running a series of jobs to
 perform the following tasks:
 
-- get a zerotier ip
 - generate a node identity
 - create a baker account
 - generate a genesis block for your chain
@@ -93,7 +70,7 @@ chain running one node.
 
 ## Adding nodes within the cluster
 
-You can spin up a number of regular peer nodes that don't bake in your cluster by passing `--number-of-nodes N` to `mkchain`. Pass this along with your previously used flags (`--zerotier-network` and `--zerotier-token`). You can use this to both scale up and down.
+You can spin up a number of regular peer nodes that don't bake in your cluster by passing `--number-of-nodes N` to `mkchain`. You can use this to both scale up and down.
 
 Or if you previously spun up the chain using `mkchain`, you may adjust
 your setup to an arbitrary number of nodes by updating the "nodes"

diff --git a/mkchain/README.md b/mkchain/README.md
@@ -68,8 +68,6 @@ mkchain $CHAIN_NAME
 
 This command will create a yaml file in your current working directory: `<$CHAIN_NAME>_values.yaml`
 
-If you configure your chain to run over a Zerotier VPN, mkchain will create an additional file for invitees to join your network: `<$CHAIN_NAME>_invite_values.yaml`.
-
 ### mkchain parameters
 
 You can explicitly specify some values by:
@@ -88,8 +86,6 @@ You can explicitly specify some values by:
 | expected_proof_of_work           | --expected-proof-of-work | Node identity generation difficulty                            | 0                       |
 | images.octez                     | --octez-docker-image     | Version of the Octez docker image to run                       | tezos/tezos:v17.3 |
 |                                  | --use-docker (--no...)   | Use (or don't use) docker to generate keys rather than pytezos | autodetect              |
-| zerotier_config.zerotier_network | --zerotier-network       | Zerotier network id for external chain access                  |                         |
-| zerotier_config.zerotier_token   | --zerotier-token         | Zerotier token for external chain access                       |                         |
 
 ## Create Tezos Chain
 

diff --git a/mkchain/tqchain/mkchain.py b/mkchain/tqchain/mkchain.py
@@ -56,8 +56,6 @@ def quoted_scalar(dumper, data):  # a representer to force quotations on scalars
         "default": 1,
         "type": int,
     },
-    "zerotier_network": {"help": "Zerotier network id for external chain access"},
-    "zerotier_token": {"help": "Zerotier token for external chain access"},
     "expected_proof_of_work": {
         "help": "Node identity generation difficulty",
         "default": 0,
@@ -134,18 +132,6 @@ def validate_args(args):
         )
         exit(1)
 
-    if (not args.zerotier_network and args.zerotier_token) or (
-        not args.zerotier_token and args.zerotier_network
-    ):
-        print("Configuring Zerotier requires both a network id and access token.")
-        exit(1)
-
-    if args.zerotier_network and args.should_generate_unsafe_deterministic_data:
-        print(
-            "Configuring a Zerotier network and generating unsafe deterministic data is not allowed."
-        )
-        exit(1)
-
 
 def node_config(name, n, is_baker):
     ret = {
@@ -175,10 +161,6 @@ def main():
             "octez": args.octez_docker_image,
         },
         "node_config_network": {"chain_name": args.chain_name},
-        "zerotier_config": {
-            "zerotier_network": args.zerotier_network,
-            "zerotier_token": args.zerotier_token,
-        },
         # Custom chains should not pull snapshots or tarballs
         "snapshot_source": None,
         "node_globals": {
@@ -197,7 +179,6 @@ def main():
 
     # preserve pre-existing values, if any (in case of scale-up)
     old_create_values = {}
-    old_invite_values = {}
     files_path = f"{os.getcwd()}/{args.chain_name}"
     if os.path.isfile(f"{files_path}_values.yaml"):
         print(
@@ -217,10 +198,6 @@ def main():
             print(f"Attempted change to {args.number_of_bakers} bakers")
             exit(1)
 
-        if os.path.isfile(f"{files_path}_invite_values.yaml"):
-            with open(f"{files_path}_invite_values.yaml", "r") as yaml_file:
-                old_invite_values = yaml.safe_load(yaml_file)
-
     if old_create_values.get("node_config_network", {}).get("genesis"):
         print("Using existing genesis parameters")
         base_constants["node_config_network"]["genesis"] = old_create_values[
@@ -237,9 +214,6 @@ def main():
     if old_create_values.get("accounts"):
         print("Using existing secret keys")
         accounts["secret"] = old_create_values["accounts"]
-        if old_invite_values.get("accounts"):
-            print("Using existing public keys")
-            accounts["public"] = old_invite_values["accounts"]
     elif not args.should_generate_unsafe_deterministic_data:
         baking_accounts = {
             f"{ARCHIVE_BAKER_NODE_NAME}-{n}": {} for n in range(args.number_of_bakers)
@@ -306,7 +280,6 @@ def main():
     bootstrap_peers = args.bootstrap_peers if args.bootstrap_peers else []
 
     creation_constants = {
-        "is_invitation": False,
         "should_generate_unsafe_deterministic_data": args.should_generate_unsafe_deterministic_data,
         "expected_proof_of_work": args.expected_proof_of_work,
         **base_constants,
@@ -327,40 +300,6 @@ def main():
         )
         print(f"Wrote chain creation constants to {files_path}_values.yaml")
 
-    # If there is a Zerotier configuration, create an invite file.
-    if not args.should_generate_unsafe_deterministic_data and base_constants.get(
-        "zerotier_config", {}
-    ).get("zerotier_network"):
-        invite_nodes = {
-            ROLLING_REGULAR_NODE_NAME: {
-                "storage_size": "15Gi",
-                "instances": [
-                    node_config(ROLLING_REGULAR_NODE_NAME, 0, is_baker=False)
-                ],
-            },
-            ARCHIVE_BAKER_NODE_NAME: None,
-        }
-        invitation_constants = {
-            "is_invitation": True,
-            "expected_proof_of_work": args.expected_proof_of_work,
-            **base_constants,
-            "accounts": accounts["public"],
-            "bootstrap_peers": bootstrap_peers,
-            "nodes": invite_nodes,
-        }
-
-        with open(f"{files_path}_invite_values.yaml", "w") as yaml_file:
-            print(
-                f"Wrote chain invitation constants to {files_path}_invite_values.yaml"
-            )
-            yaml.dump(
-                invitation_constants,
-                yaml_file,
-                Dumper=MyDumper,
-                default_flow_style=False,
-                sort_keys=False,
-            )
-
 
 if __name__ == "__main__":
     main()