Generate required JWT secret using openssl

README.md

@@ -1 +1,5 @@
 # eth-stack
+
+Stack to run a Ethereum node (geth + lighthouse beacon node)
+
+* [Stack documentation](./stack-orchestrator/stacks/eth/README.md)

stack-orchestrator/compose/docker-compose-eth.yml

@@ -3,19 +3,18 @@ services:
     restart: on-failure
     hostname: eth-geth
     image: ethereum/client-go:alltools-v1.14.8
-    env_file:
-      - ../config/eth/params.env
     environment:
       CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
       CERC_NETWORK: ${CERC_NETWORK:-sepolia}
       CERC_ALLOW_UNPROTECTED_TXS: ${CERC_ALLOW_UNPROTECTED_TXS:-false}
-      CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/ethdata}
+      CERC_ETH_DATADIR: ${CERC_ETH_DATADIR:-/root/.ethereum}
       CERC_GETH_VERBOSITY: ${CERC_GETH_VERBOSITY:-3}
     entrypoint: ["sh", "-c"]
     command: |
       "/root/scripts/run-el.sh"
     volumes:
       - eth_geth_data:/root/.ethereum
+      - eth_secrets:/root/secrets
       - ../config/eth/run-el.sh:/root/scripts/run-el.sh
     healthcheck:
       test: ["CMD", "nc", "-v", "localhost", "8545"]
@@ -32,11 +31,6 @@ services:
     restart: on-failure
     hostname: eth-lighthouse
     image: sigp/lighthouse:v5.3.0
-    depends_on:
-      eth-geth:
-        condition: service_healthy
-    env_file:
-      - ../config/eth/params.env
     environment:
       CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
       ETH_ENDPOINT: "http://eth-geth:8545"
@@ -48,8 +42,10 @@ services:
     command: bash /root/scripts/run-cl.sh
     volumes:
       - eth_lighthouse_data:/root/.lighthouse
+      - eth_secrets:/root/secrets
       - ../config/eth/run-cl.sh:/root/scripts/run-cl.sh
     healthcheck:
+      # TODO: Update
       test: ["CMD", "wget", "--tries=1", "--connect-timeout=1", "--quiet", "-O", "-", "http://localhost:8001/eth/v2/beacon/blocks/head"]
       interval: 30s
       timeout: 10s
@@ -61,3 +57,4 @@ services:
 volumes:
   eth_geth_data:
   eth_lighthouse_data:
+  eth_secrets:

stack-orchestrator/config/eth/params.env

@@ -1,3 +0,0 @@
-# JWT shared by geth and lighthouse for authentication
-# TODO: Generate using openssl
-JWT="0x6cdcac3501046a08e186730dd8bd136cfaf0fdc1fc955f6e15ad3068c0ff2af0"

stack-orchestrator/config/eth/run-cl.sh

@@ -24,8 +24,11 @@ cleanup() {
 }
 trap 'cleanup' SIGINT SIGTERM
 
-jwtsecret_file_path=/opt/jwtsecret
+# Create a JWT secret at shared path
-echo -n "$JWT" > $jwtsecret_file_path
+jwtsecret_file_path=/root/secrets/jwtsecret
+openssl rand -hex 32 | tr -d "\n" > $jwtsecret_file_path
+
+echo "Using the JWT secret generated at $jwtsecret_file_path"
 
 http_port=8001
 lighthouse bn \

stack-orchestrator/config/eth/run-el.sh

@@ -25,9 +25,15 @@ cleanup() {
 }
 trap 'cleanup' SIGINT SIGTERM
 
-# Store the JWT secret
+# Wait for the JWT secret to be generated
-jwtsecret_file_path=/opt/jwtsecret
+jwtsecret_file_path=/root/secrets/jwtsecret
-echo -n "$JWT" > $jwtsecret_file_path
+retry_interval=3
+while [ ! -f "$jwtsecret_file_path" ]; do
+  echo "JWT secret not found, retrying after ${retry_interval}s..."
+  sleep $retry_interval
+done
+
+echo "JWT secret found at $jwtsecret_file_path"
 
 NETWORK_OPT=""
 if [ "$CERC_NETWORK" = "sepolia"  ] || [ "$CERC_NETWORK" = "holesky"  ] || [ "$CERC_NETWORK" = "mainnet"  ]; then