Skip to content
This repository has been archived by the owner on Jun 8, 2024. It is now read-only.

web3signer refactor #11

Merged
merged 4 commits into from
Jan 27, 2022
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dappnode_package.json
Original file line number Diff line number Diff line change
@@ -21,7 +21,7 @@
"url": "https://github.com/ConsenSys/web3signer/issues"
},
"links": {
"ui": "http://web3signer.dappnode:9003/",
"ui": "http://ui.web3signer-prater.dappnode:3000?signer_url=http://web3signer.web3signer-prater.dappnode:9000",
"homepage": "https://docs.web3signer.consensys.net/en/latest/",
"readme": "https://github.com/ConsenSys/web3signer/blob/master/README.md"
},
24 changes: 13 additions & 11 deletions docker-compose.yml
Original file line number Diff line number Diff line change
@@ -1,21 +1,24 @@
version: "3.5"
services:
ui:
image: "ui.web3signer.dnp.dappnode.eth:0.1.0"
build:
context: ui
restart: unless-stopped
ports:
- "3000"

web3signer:
image: "web3signer.web3signer.dnp.dappnode.eth:0.1.0"
build:
context: web3signer
args:
KEYFILES_DIR: /opt/web3signer/keyfiles
KEYFILES_DIR_TMP: /opt/web3signer/keyfiles_tmp
UPSTREAM_VERSION: 21.10.5
environment:
KEYFILES_DIR: /opt/web3signer/keyfiles
KEYFILES_DIR_TMP: /opt/web3signer/keyfiles_tmp
ports:
- "9003:9000"
- "9000"
volumes:
- "web3signer_keyfiles:/opt/web3signer/keyfiles"
- "web3signer_keyfiles_tmp:/opt/web3signer/keyfiles_tmp"
# IMPORTANT! Volume cannot be explicity the path defined at --key-store-path, otherwise there will be permission issues
- "web3signer_data:/opt/web3signer"
restart: unless-stopped
postgres:
build:
@@ -31,13 +34,12 @@ services:
POSTGRES_DB: web3signer
user: postgres
ports:
- "5432:5432"
- "5432"
volumes:
- "postgres_data:/var/lib/postgresql/data"
- "postgres_migrations:/docker-entrypoint-initdb.d"
restart: unless-stopped
volumes:
web3signer_keyfiles: {}
web3signer_keyfiles_tmp: {}
web3signer_data: {}
postgres_data: {}
postgres_migrations: {}
20 changes: 0 additions & 20 deletions setup-wizard.yml

This file was deleted.

8 changes: 8 additions & 0 deletions ui/Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM node:14-alpine3.14 as build
WORKDIR /app
RUN apk update && apk add git && git clone https://github.com/joaquim-verges/eth2-keymanager-frontend.git
WORKDIR /app/eth2-keymanager-frontend
RUN yarn
RUN yarn run build
EXPOSE 3000
CMD ["yarn", "start"]
23 changes: 16 additions & 7 deletions web3signer/Dockerfile
Original file line number Diff line number Diff line change
@@ -1,15 +1,24 @@
ARG UPSTREAM_VERSION

###########
# BUILDER #
###########

# TEMPORARY!: Until keymanager is released in the official web3signer docker image

FROM openjdk:11 as builder
WORKDIR /usr/src/app
RUN apt update && apt install git -y && git clone https://github.com/joaquim-verges/web3signer.git
WORKDIR /usr/src/app/web3signer
RUN git fetch origin && git checkout -b keymanager origin/keymanager && ./gradlew clean assemble && tar -xzf ./build/distributions/web3signer-develop.tar.gz

##############
# WEB3SIGNER #
##############
FROM consensys/web3signer:$UPSTREAM_VERSION

ARG KEYFILES_DIR
ARG KEYFILES_DIR_TMP

# Create keyfiles dirs
RUN mkdir -p $KEYFILES_DIR $KEYFILES_DIR_TMP

FROM consensys/web3signer:$UPSTREAM_VERSION
# Copy web3signer keymanager binary
COPY --from=builder /usr/src/app/web3signer/web3signer-develop /opt/web3signer
COPY entrypoint.sh /usr/bin/entrypoint.sh
EXPOSE 9000
ENTRYPOINT /bin/bash /usr/bin/entrypoint.sh
98 changes: 5 additions & 93 deletions web3signer/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,97 +1,9 @@
#!/bin/bash

# Detect new keystores and password from KEYFILES_DIR_TMP and move them to KEYFILES_DIR
# following naming convention:
# - keystore: keystore<x>.json
# - password: password<xyz..>.txt (each number represents a keystore)

# It also creates the corresponding validator_X.yml file with the keystores and password paths

# Log vars
INFO="\e[0;34m[INFO] "
WARN="\e[0;33m [WARN] "
ERROR="\e[0;31m [ERROR] "
END_LOG="\e[0m"

########
# VARS #
########
#KEYFILES_DIR_TMP="/opt/web3signer/keyfiles_tmp" => Declare in compose
#KEYFILES_DIR="/opt/web3signer/keyfiles" => Declare in compose
KEYSTORE_FILES_TMP=$(ls $KEYFILES_DIR_TMP/*.json)
KEYSTORE_FILES=$(ls $KEYFILES_DIR/*.json)
KEYSTORE_PASSWORD_FILE_TMP=$(ls $KEYFILES_DIR_TMP/*.txt)
PASSWORD_FILE_NAME="password_"
ARRAY_NEW_KEYSTORES=()

#############
# FUNCTIONS #
#############

# Check requirements
function check_requirements() {
[ -z "$KEYSTORE_FILES_TMP" ] && [ ! -z "$KEYSTORE_PASSWORD_FILE_TMP" ] && { echo -e "${ERROR} password uploaded without keystores ${END_LOG}"; exit 1;}
[ -z "$KEYSTORE_PASSWORD_FILE_TMP" ] && [ ! -z "$KEYSTORE_FILES_TMP" ] && { echo -e "${ERROR} keystores uploaded without password ${END_LOG}"; exit 1;}
}

# Create validator file
function create_validator_file() {
echo -e "${INFO} creating validator file number ${1} ${END_LOG}"
printf 'type: "file-keystore"\nkeyType: "BLS"\nkeystoreFile: "%s"\nkeystorePasswordFile: "%s"\n' "${KEYFILES_DIR}/keystore_${1}.json" "${KEYFILES_DIR}/${PASSWORD_FILE_NAME}.txt" >> "${KEYFILES_DIR}/validator_${1}.yaml"
}

# Moves keystore files from KEYFILES_DIR_TMP to KEYFILES_DIR
function move_keys_files() {
counter=1
KEY_FILE_NAME="keystore_${counter}.json"

for KEY_FILE_TMP in $KEYSTORE_FILES_TMP; do
# Get available keystore file name
while [ -f ${KEYFILES_DIR}/${KEY_FILE_NAME} ]; do
((counter+=1))
KEY_FILE_NAME="keystore_${counter}.json"
done

# Check keystore file content is not duplicated with cmp
for KEY_FILE in $KEYSTORE_FILES; do
cmp -s $KEY_FILE_TMP $KEY_FILE && { echo -e "${ERROR} keystore file ${KEY_FILE_TMP} content is duplicated in ${KEY_FILE} ${END_LOG}"; exit 1;}
done

# Move keystore file with available name
if [ ! -f ${KEYFILES_DIR}/${KEY_FILE_NAME} ]; then
echo -e "${INFO} moving ${KEY_FILE_TMP} ${END_LOG}"
mv ${KEY_FILE_TMP} ${KEYFILES_DIR}/${KEY_FILE_NAME} || { echo -e "${ERROR} failed to move ${KEY_FILE_TMP} to ${KEYFILES_DIR} ${END_LOG}"; exit 1;}
ARRAY_NEW_KEYSTORES+=($counter)
PASSWORD_FILE_NAME+=$counter
fi
done

# Move KEYSTORE_PASSWORD_FILE to KEYFILES_DIR
mv ${KEYSTORE_PASSWORD_FILE_TMP} ${KEYFILES_DIR}/${PASSWORD_FILE_NAME}.txt || { echo -e "${ERROR} failed to move ${KEYSTORE_PASSWORD_FILE} to ${KEYFILES_DIR} ${END_LOG}"; exit 1;}
}

##########
## MAIN ##
##########

check_requirements

if [ -z "$KEYSTORE_FILES_TMP" ]; then
# Skip if no new files found in tmp dir
echo -e "${INFO} no new keystore files found in ${KEYFILES_DIR_TMP} ${END_LOG}"
else
# Move new files if found in tmp dir
echo -e "${INFO} moving keystore files from ${KEYFILES_DIR_TMP} to ${KEYFILES_DIR} ${END_LOG}"
move_keys_files

# Create the validator_x.yml files
for KEY_INDEX in ${ARRAY_NEW_KEYSTORES[@]}; do
create_validator_file $KEY_INDEX
done
fi

# Clean KEYFILES_DIR_TMP files
rm -rf $KEYFILES_DIR_TMP/*
KEYFILES_DIR="/opt/web3signer/keyfiles"
# IMPORTANT! The dir defined for --key-store-path must exist and have specific permissions. Should not be created with a docker volume
mkdir -p "$KEYFILES_DIR"

# Run web3signer binary
exec /opt/web3signer/bin/web3signer --key-store-path="$KEYFILES_DIR" --http-listen-port=9003 --http-listen-host=0.0.0.0 --http-host-allowlist=* eth2 --network=prater --slashing-protection-db-url=jdbc:postgresql://postgres:5432/web3signer --slashing-protection-db-username=postgres --slashing-protection-db-password=password
# - Run key manager (it may change in the future): --key-manager-api-enabled=true
exec /opt/web3signer/bin/web3signer --key-store-path="$KEYFILES_DIR" --http-listen-port=9000 --http-listen-host=0.0.0.0 --http-host-allowlist=* eth2 --network=prater --slashing-protection-db-url=jdbc:postgresql://postgres:5432/web3signer --slashing-protection-db-username=postgres --slashing-protection-db-password=password --key-manager-api-enabled=true