Generate required JWT secret using openssl

This commit is contained in:
Prathamesh Musale 2024-09-04 16:08:04 +05:30
parent 50f77a1b85
commit 6a5bbe1cd8
5 changed files with 23 additions and 16 deletions

View File

@ -1 +1,5 @@
# eth-stack # eth-stack
Stack to run a Ethereum node (geth + lighthouse beacon node)
* [Stack documentation](./stack-orchestrator/stacks/eth/README.md)

View File

@ -3,19 +3,18 @@ services:
restart: on-failure restart: on-failure
hostname: eth-geth hostname: eth-geth
image: ethereum/client-go:alltools-v1.14.8 image: ethereum/client-go:alltools-v1.14.8
env_file:
- ../config/eth/params.env
environment: environment:
CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG} CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
CERC_NETWORK: ${CERC_NETWORK:-sepolia} CERC_NETWORK: ${CERC_NETWORK:-sepolia}
CERC_ALLOW_UNPROTECTED_TXS: ${CERC_ALLOW_UNPROTECTED_TXS:-false} CERC_ALLOW_UNPROTECTED_TXS: ${CERC_ALLOW_UNPROTECTED_TXS:-false}
CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/ethdata} CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/.ethereum}
CERC_GETH_VERBOSITY: ${CERC_GETH_VERBOSITY:-3} CERC_GETH_VERBOSITY: ${CERC_GETH_VERBOSITY:-3}
entrypoint: ["sh", "-c"] entrypoint: ["sh", "-c"]
command: | command: |
"/root/scripts/run-el.sh" "/root/scripts/run-el.sh"
volumes: volumes:
- eth_geth_data:/root/.ethereum - eth_geth_data:/root/.ethereum
- eth_secrets:/root/secrets
- ../config/eth/run-el.sh:/root/scripts/run-el.sh - ../config/eth/run-el.sh:/root/scripts/run-el.sh
healthcheck: healthcheck:
test: ["CMD", "nc", "-v", "localhost", "8545"] test: ["CMD", "nc", "-v", "localhost", "8545"]
@ -32,11 +31,6 @@ services:
restart: on-failure restart: on-failure
hostname: eth-lighthouse hostname: eth-lighthouse
image: sigp/lighthouse:v5.3.0 image: sigp/lighthouse:v5.3.0
depends_on:
eth-geth:
condition: service_healthy
env_file:
- ../config/eth/params.env
environment: environment:
CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG} CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
ETH_ENDPOINT: "http://eth-geth:8545" ETH_ENDPOINT: "http://eth-geth:8545"
@ -48,8 +42,10 @@ services:
command: bash /root/scripts/run-cl.sh command: bash /root/scripts/run-cl.sh
volumes: volumes:
- eth_lighthouse_data:/root/.lighthouse - eth_lighthouse_data:/root/.lighthouse
- eth_secrets:/root/secrets
- ../config/eth/run-cl.sh:/root/scripts/run-cl.sh - ../config/eth/run-cl.sh:/root/scripts/run-cl.sh
healthcheck: healthcheck:
# TODO: Update
test: ["CMD", "wget", "--tries=1", "--connect-timeout=1", "--quiet", "-O", "-", "http://localhost:8001/eth/v2/beacon/blocks/head"] test: ["CMD", "wget", "--tries=1", "--connect-timeout=1", "--quiet", "-O", "-", "http://localhost:8001/eth/v2/beacon/blocks/head"]
interval: 30s interval: 30s
timeout: 10s timeout: 10s
@ -61,3 +57,4 @@ services:
volumes: volumes:
eth_geth_data: eth_geth_data:
eth_lighthouse_data: eth_lighthouse_data:
eth_secrets:

View File

@ -1,3 +0,0 @@
# JWT shared by geth and lighthouse for authentication
# TODO: Generate using openssl
JWT="0x6cdcac3501046a08e186730dd8bd136cfaf0fdc1fc955f6e15ad3068c0ff2af0"

View File

@ -24,8 +24,11 @@ cleanup() {
} }
trap 'cleanup' SIGINT SIGTERM trap 'cleanup' SIGINT SIGTERM
jwtsecret_file_path=/opt/jwtsecret # Create a JWT secret at shared path
echo -n "$JWT" > $jwtsecret_file_path jwtsecret_file_path=/root/secrets/jwtsecret
openssl rand -hex 32 | tr -d "\n" > $jwtsecret_file_path
echo "Using the JWT secret generated at $jwtsecret_file_path"
http_port=8001 http_port=8001
lighthouse bn \ lighthouse bn \

View File

@ -25,9 +25,15 @@ cleanup() {
} }
trap 'cleanup' SIGINT SIGTERM trap 'cleanup' SIGINT SIGTERM
# Store the JWT secret # Wait for the JWT secret to be generated
jwtsecret_file_path=/opt/jwtsecret jwtsecret_file_path=/root/secrets/jwtsecret
echo -n "$JWT" > $jwtsecret_file_path retry_interval=3
while [ ! -f "$jwtsecret_file_path" ]; do
echo "JWT secret not found, retrying after ${retry_interval}s..."
sleep $retry_interval
done
echo "JWT secret found at $jwtsecret_file_path"
NETWORK_OPT="" NETWORK_OPT=""
if [ "$CERC_NETWORK" = "sepolia" ] || [ "$CERC_NETWORK" = "holesky" ] || [ "$CERC_NETWORK" = "mainnet" ]; then if [ "$CERC_NETWORK" = "sepolia" ] || [ "$CERC_NETWORK" = "holesky" ] || [ "$CERC_NETWORK" = "mainnet" ]; then