Generate required JWT secret using openssl

2024-09-04 16:08:04 +05:30 · 2024-09-04 16:08:04 +05:30 · 6a5bbe1cd8
commit 6a5bbe1cd8
parent 50f77a1b85
5 changed files with 23 additions and 16 deletions
--- a/README.md
+++ b/README.md
@ -1 +1,5 @@
 # eth-stack
+
+Stack to run a Ethereum node (geth + lighthouse beacon node)
+
+* [Stack documentation](./stack-orchestrator/stacks/eth/README.md)
--- a/stack-orchestrator/compose/docker-compose-eth.yml
+++ b/stack-orchestrator/compose/docker-compose-eth.yml
@ -3,19 +3,18 @@ services:
    restart: on-failure
    hostname: eth-geth
    image: ethereum/client-go:alltools-v1.14.8
-    env_file:
-      - ../config/eth/params.env
    environment:
      CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
      CERC_NETWORK: ${CERC_NETWORK:-sepolia}
      CERC_ALLOW_UNPROTECTED_TXS: ${CERC_ALLOW_UNPROTECTED_TXS:-false}
-      CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/ethdata}
+      CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/.ethereum}
      CERC_GETH_VERBOSITY: ${CERC_GETH_VERBOSITY:-3}
    entrypoint: ["sh", "-c"]
    command: |
      "/root/scripts/run-el.sh"
    volumes:
      - eth_geth_data:/root/.ethereum
+      - eth_secrets:/root/secrets
      - ../config/eth/run-el.sh:/root/scripts/run-el.sh
    healthcheck:
      test: ["CMD", "nc", "-v", "localhost", "8545"]
@ -32,11 +31,6 @@ services:
    restart: on-failure
    hostname: eth-lighthouse
    image: sigp/lighthouse:v5.3.0
-    depends_on:
-      eth-geth:
-        condition: service_healthy
-    env_file:
-      - ../config/eth/params.env
    environment:
      CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
      ETH_ENDPOINT: "http://eth-geth:8545"
@ -48,8 +42,10 @@ services:
    command: bash /root/scripts/run-cl.sh
    volumes:
      - eth_lighthouse_data:/root/.lighthouse
+      - eth_secrets:/root/secrets
      - ../config/eth/run-cl.sh:/root/scripts/run-cl.sh
    healthcheck:
+      # TODO: Update
      test: ["CMD", "wget", "--tries=1", "--connect-timeout=1", "--quiet", "-O", "-", "http://localhost:8001/eth/v2/beacon/blocks/head"]
      interval: 30s
      timeout: 10s
@ -61,3 +57,4 @@ services:
 volumes:
  eth_geth_data:
  eth_lighthouse_data:
+  eth_secrets:
--- a/stack-orchestrator/config/eth/params.env
+++ b/stack-orchestrator/config/eth/params.env
@ -1,3 +0,0 @@
-# JWT shared by geth and lighthouse for authentication
-# TODO: Generate using openssl
-JWT="0x6cdcac3501046a08e186730dd8bd136cfaf0fdc1fc955f6e15ad3068c0ff2af0"
--- a/stack-orchestrator/config/eth/run-cl.sh
+++ b/stack-orchestrator/config/eth/run-cl.sh
@ -24,8 +24,11 @@ cleanup() {
 }
 trap 'cleanup' SIGINT SIGTERM

-jwtsecret_file_path=/opt/jwtsecret
-echo -n "$JWT" > $jwtsecret_file_path
+# Create a JWT secret at shared path
+jwtsecret_file_path=/root/secrets/jwtsecret
+openssl rand -hex 32 | tr -d "\n" > $jwtsecret_file_path
+
+echo "Using the JWT secret generated at $jwtsecret_file_path"

 http_port=8001
 lighthouse bn \
--- a/stack-orchestrator/config/eth/run-el.sh
+++ b/stack-orchestrator/config/eth/run-el.sh
@ -25,9 +25,15 @@ cleanup() {
 }
 trap 'cleanup' SIGINT SIGTERM

-# Store the JWT secret
-jwtsecret_file_path=/opt/jwtsecret
-echo -n "$JWT" > $jwtsecret_file_path
+# Wait for the JWT secret to be generated
+jwtsecret_file_path=/root/secrets/jwtsecret
+retry_interval=3
+while [ ! -f "$jwtsecret_file_path" ]; do
+  echo "JWT secret not found, retrying after ${retry_interval}s..."
+  sleep $retry_interval
+done
+
+echo "JWT secret found at $jwtsecret_file_path"

 NETWORK_OPT=""
 if [ "$CERC_NETWORK" = "sepolia"  ] || [ "$CERC_NETWORK" = "holesky"  ] || [ "$CERC_NETWORK" = "mainnet"  ]; then