From 6a5bbe1cd8b5e778437c55ae6db9fa410c1d4e98 Mon Sep 17 00:00:00 2001 From: Prathamesh Musale Date: Wed, 4 Sep 2024 16:08:04 +0530 Subject: [PATCH] Generate required JWT secret using openssl --- README.md | 4 ++++ stack-orchestrator/compose/docker-compose-eth.yml | 13 +++++-------- stack-orchestrator/config/eth/params.env | 3 --- stack-orchestrator/config/eth/run-cl.sh | 7 +++++-- stack-orchestrator/config/eth/run-el.sh | 12 +++++++++--- 5 files changed, 23 insertions(+), 16 deletions(-) delete mode 100644 stack-orchestrator/config/eth/params.env diff --git a/README.md b/README.md index d5f8e33..bbcd435 100644 --- a/README.md +++ b/README.md @@ -1 +1,5 @@ # eth-stack + +Stack to run a Ethereum node (geth + lighthouse beacon node) + +* [Stack documentation](./stack-orchestrator/stacks/eth/README.md) diff --git a/stack-orchestrator/compose/docker-compose-eth.yml b/stack-orchestrator/compose/docker-compose-eth.yml index 83db8aa..0f5f135 100644 --- a/stack-orchestrator/compose/docker-compose-eth.yml +++ b/stack-orchestrator/compose/docker-compose-eth.yml @@ -3,19 +3,18 @@ services: restart: on-failure hostname: eth-geth image: ethereum/client-go:alltools-v1.14.8 - env_file: - - ../config/eth/params.env environment: CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG} CERC_NETWORK: ${CERC_NETWORK:-sepolia} CERC_ALLOW_UNPROTECTED_TXS: ${CERC_ALLOW_UNPROTECTED_TXS:-false} - CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/ethdata} + CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/.ethereum} CERC_GETH_VERBOSITY: ${CERC_GETH_VERBOSITY:-3} entrypoint: ["sh", "-c"] command: | "/root/scripts/run-el.sh" volumes: - eth_geth_data:/root/.ethereum + - eth_secrets:/root/secrets - ../config/eth/run-el.sh:/root/scripts/run-el.sh healthcheck: test: ["CMD", "nc", "-v", "localhost", "8545"] @@ -32,11 +31,6 @@ services: restart: on-failure hostname: eth-lighthouse image: sigp/lighthouse:v5.3.0 - depends_on: - eth-geth: - condition: service_healthy - env_file: - - ../config/eth/params.env environment: CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG} ETH_ENDPOINT: "http://eth-geth:8545" @@ -48,8 +42,10 @@ services: command: bash /root/scripts/run-cl.sh volumes: - eth_lighthouse_data:/root/.lighthouse + - eth_secrets:/root/secrets - ../config/eth/run-cl.sh:/root/scripts/run-cl.sh healthcheck: + # TODO: Update test: ["CMD", "wget", "--tries=1", "--connect-timeout=1", "--quiet", "-O", "-", "http://localhost:8001/eth/v2/beacon/blocks/head"] interval: 30s timeout: 10s @@ -61,3 +57,4 @@ services: volumes: eth_geth_data: eth_lighthouse_data: + eth_secrets: diff --git a/stack-orchestrator/config/eth/params.env b/stack-orchestrator/config/eth/params.env deleted file mode 100644 index d8db9d1..0000000 --- a/stack-orchestrator/config/eth/params.env +++ /dev/null @@ -1,3 +0,0 @@ -# JWT shared by geth and lighthouse for authentication -# TODO: Generate using openssl -JWT="0x6cdcac3501046a08e186730dd8bd136cfaf0fdc1fc955f6e15ad3068c0ff2af0" diff --git a/stack-orchestrator/config/eth/run-cl.sh b/stack-orchestrator/config/eth/run-cl.sh index 3e7e2d7..294235b 100644 --- a/stack-orchestrator/config/eth/run-cl.sh +++ b/stack-orchestrator/config/eth/run-cl.sh @@ -24,8 +24,11 @@ cleanup() { } trap 'cleanup' SIGINT SIGTERM -jwtsecret_file_path=/opt/jwtsecret -echo -n "$JWT" > $jwtsecret_file_path +# Create a JWT secret at shared path +jwtsecret_file_path=/root/secrets/jwtsecret +openssl rand -hex 32 | tr -d "\n" > $jwtsecret_file_path + +echo "Using the JWT secret generated at $jwtsecret_file_path" http_port=8001 lighthouse bn \ diff --git a/stack-orchestrator/config/eth/run-el.sh b/stack-orchestrator/config/eth/run-el.sh index ea7d5e2..9744ef4 100755 --- a/stack-orchestrator/config/eth/run-el.sh +++ b/stack-orchestrator/config/eth/run-el.sh @@ -25,9 +25,15 @@ cleanup() { } trap 'cleanup' SIGINT SIGTERM -# Store the JWT secret -jwtsecret_file_path=/opt/jwtsecret -echo -n "$JWT" > $jwtsecret_file_path +# Wait for the JWT secret to be generated +jwtsecret_file_path=/root/secrets/jwtsecret +retry_interval=3 +while [ ! -f "$jwtsecret_file_path" ]; do + echo "JWT secret not found, retrying after ${retry_interval}s..." + sleep $retry_interval +done + +echo "JWT secret found at $jwtsecret_file_path" NETWORK_OPT="" if [ "$CERC_NETWORK" = "sepolia" ] || [ "$CERC_NETWORK" = "holesky" ] || [ "$CERC_NETWORK" = "mainnet" ]; then