Use fetched account creds in mobymask-v2 stack

2023-04-20 14:02:19 +05:30 · 2023-04-20 14:02:19 +05:30 · d2393bd755
commit d2393bd755
parent 276305c9e3
9 changed files with 39 additions and 25 deletions
--- a/app/data/compose/docker-compose-watcher-mobymask-v2.yml
+++ b/app/data/compose/docker-compose-watcher-mobymask-v2.yml
@ -34,6 +34,7 @@ services:
      CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
      ENV: "PROD"
      CERC_L2_GETH_RPC: ${CERC_L2_GETH_RPC}
+      CERC_L1_ACCOUNTS_CSV_URL: ${CERC_L1_ACCOUNTS_CSV_URL}
      CERC_PRIVATE_KEY_DEPLOYER: ${CERC_PRIVATE_KEY_DEPLOYER}
      CERC_MOBYMASK_APP_BASE_URI: ${CERC_MOBYMASK_APP_BASE_URI}
      CERC_DEPLOYED_CONTRACT: ${CERC_DEPLOYED_CONTRACT}
@ -50,7 +51,6 @@ services:
      - ../config/watcher-mobymask-v2/secrets-template.json:/app/packages/server/secrets-template.json
      - ../config/watcher-mobymask-v2/deploy-and-generate-invite.sh:/app/packages/server/deploy-and-generate-invite.sh
      - mobymask_deployment:/app/packages/server
-      - fixturenet_geth_accounts:/geth-accounts:ro
    extra_hosts:
      - "host.docker.internal:host-gateway"

@ -83,6 +83,7 @@ services:
    environment:
      CERC_SCRIPT_DEBUG: ${CERC_SCRIPT_DEBUG}
      CERC_L2_GETH_RPC: ${CERC_L2_GETH_RPC}
+      CERC_L1_ACCOUNTS_CSV_URL: ${CERC_L1_ACCOUNTS_CSV_URL}
      CERC_PRIVATE_KEY_PEER: ${CERC_PRIVATE_KEY_PEER}
      CERC_RELAY_PEERS: ${CERC_RELAY_PEERS}
      CERC_RELAY_ANNOUNCE_DOMAIN: ${CERC_RELAY_ANNOUNCE_DOMAIN}
@ -94,7 +95,6 @@ services:
      - ../config/watcher-mobymask-v2/start-server.sh:/app/start-server.sh
      - peers_ids:/app/peers
      - mobymask_deployment:/server
-      - fixturenet_geth_accounts:/geth-accounts:ro
    # Expose GQL, metrics and relay node ports
    ports:
      - "0.0.0.0:3001:3001"
@ -135,4 +135,3 @@ volumes:
  mobymask_watcher_db_data:
  peers_ids:
  mobymask_deployment:
-  fixturenet_geth_accounts:
--- a/app/data/config/watcher-mobymask-v2/deploy-and-generate-invite.sh
+++ b/app/data/config/watcher-mobymask-v2/deploy-and-generate-invite.sh
@ -5,19 +5,25 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then
 fi

 CERC_L2_GETH_RPC="${CERC_L2_GETH_RPC:-${DEFAULT_CERC_L2_GETH_RPC}}"
-CERC_PRIVATE_KEY_DEPLOYER="${CERC_PRIVATE_KEY_DEPLOYER:-${DEFAULT_CERC_PRIVATE_KEY_DEPLOYER}}"
+CERC_L1_ACCOUNTS_CSV_URL="${CERC_L1_ACCOUNTS_CSV_URL:-${DEFAULT_CERC_L1_ACCOUNTS_CSV_URL}}"

 CERC_MOBYMASK_APP_BASE_URI="${CERC_MOBYMASK_APP_BASE_URI:-${DEFAULT_CERC_MOBYMASK_APP_BASE_URI}}"
 CERC_DEPLOYED_CONTRACT="${CERC_DEPLOYED_CONTRACT:-${DEFAULT_CERC_DEPLOYED_CONTRACT}}"

 echo "Using L2 RPC endpoint ${CERC_L2_GETH_RPC}"

-if [ -f /geth-accounts/accounts.csv ]; then
-  echo "Using L1 private key from the mounted volume"
-  # Read the private key of L1 account to deploy contract
+if [ -n "$CERC_L1_ACCOUNTS_CSV_URL" ] && \
+  l1_accounts_response=$(curl -L --write-out '%{http_code}' --silent --output /dev/null "$CERC_L1_ACCOUNTS_CSV_URL") && \
+  [ "$l1_accounts_response" -eq 200 ];
+then
+  echo "Fetching L1 account credentials using provided URL"
+  mkdir -p /geth-accounts
+  wget -O /geth-accounts/accounts.csv "$CERC_L1_ACCOUNTS_CSV_URL"
+
+  # Read the private key of an L1 account to deploy contract
  CERC_PRIVATE_KEY_DEPLOYER=$(head -n 1 /geth-accounts/accounts.csv | cut -d ',' -f 3)
 else
-  echo "Using CERC_PRIVATE_KEY_DEPLOYER from env"
+  echo "Couldn't fetch L1 account credentials, using CERC_PRIVATE_KEY_DEPLOYER from env"
 fi

 # Set the private key
--- a/app/data/config/watcher-mobymask-v2/optimism-params.env
+++ b/app/data/config/watcher-mobymask-v2/optimism-params.env
@ -8,6 +8,5 @@ DEFAULT_CERC_L2_GETH_PORT=8545
 DEFAULT_CERC_L2_NODE_HOST="op-node"
 DEFAULT_CERC_L2_NODE_PORT=8547

-# Credentials for accounts to perform txs on L2
-DEFAULT_CERC_PRIVATE_KEY_DEPLOYER=
-DEFAULT_CERC_PRIVATE_KEY_PEER=
+# URL to get CSV with credentials for accounts on L1 to perform txs on L2
+DEFAULT_CERC_L1_ACCOUNTS_CSV_URL="http://fixturenet-eth-bootnode-geth:9898/accounts.csv"
--- a/app/data/config/watcher-mobymask-v2/start-server.sh
+++ b/app/data/config/watcher-mobymask-v2/start-server.sh
@ -5,7 +5,7 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then
 fi

 CERC_L2_GETH_RPC="${CERC_L2_GETH_RPC:-${DEFAULT_CERC_L2_GETH_RPC}}"
-CERC_PRIVATE_KEY_PEER="${CERC_PRIVATE_KEY_PEER:-${DEFAULT_CERC_PRIVATE_KEY_PEER}}"
+CERC_L1_ACCOUNTS_CSV_URL="${CERC_L1_ACCOUNTS_CSV_URL:-${DEFAULT_CERC_L1_ACCOUNTS_CSV_URL}}"

 CERC_RELAY_PEERS="${CERC_RELAY_PEERS:-${DEFAULT_CERC_RELAY_PEERS}}"
 CERC_RELAY_ANNOUNCE_DOMAIN="${CERC_RELAY_ANNOUNCE_DOMAIN:-${DEFAULT_CERC_RELAY_ANNOUNCE_DOMAIN}}"
@ -24,12 +24,18 @@ else
  CONTRACT_ADDRESS=$(jq -r '.address' /server/config.json | tr -d '"')
 fi

-if [ -f /geth-accounts/accounts.csv ]; then
-  echo "Using L1 private key from the mounted volume"
-  # Read the private key of L1 account for sending txs from peer
+if [ -n "$CERC_L1_ACCOUNTS_CSV_URL" ] && \
+  l1_accounts_response=$(curl -L --write-out '%{http_code}' --silent --output /dev/null "$CERC_L1_ACCOUNTS_CSV_URL") && \
+  [ "$l1_accounts_response" -eq 200 ];
+then
+  echo "Fetching L1 account credentials using provided URL"
+  mkdir -p /geth-accounts
+  wget -O /geth-accounts/accounts.csv "$CERC_L1_ACCOUNTS_CSV_URL"
+
+  # Read the private key of an L1 account for sending txs from peer
  CERC_PRIVATE_KEY_PEER=$(awk -F, 'NR==2{print $NF}' /geth-accounts/accounts.csv)
 else
-  echo "Using CERC_PRIVATE_KEY_PEER from env"
+  echo "Couldn't fetch L1 account credentials, using CERC_PRIVATE_KEY_PEER from env"
 fi

 # Read in the config template TOML file and modify it
--- a/app/data/container-build/cerc-mobymask/Dockerfile
+++ b/app/data/container-build/cerc-mobymask/Dockerfile
@ -1,6 +1,6 @@
 FROM node:16.17.1-alpine3.16

-RUN apk --update --no-cache add python3 alpine-sdk jq bash
+RUN apk --update --no-cache add python3 alpine-sdk jq bash curl wget

 WORKDIR /app

--- a/app/data/container-build/cerc-watcher-mobymask-v2/Dockerfile
+++ b/app/data/container-build/cerc-watcher-mobymask-v2/Dockerfile
@ -1,7 +1,7 @@
 FROM ubuntu:22.04

 RUN apt-get update \
-  && apt-get install -y curl gnupg build-essential \
+  && apt-get install -y curl wget gnupg build-essential \
  && curl --silent --location https://deb.nodesource.com/setup_18.x | bash - \
  && apt-get update \
  && apt-get install -y nodejs git busybox jq \
--- a/app/data/stacks/fixturenet-eth/README.md
+++ b/app/data/stacks/fixturenet-eth/README.md
@ -117,8 +117,8 @@ Clear volumes created by this stack:

 ```bash
 # List all relevant volumes
-$ docker volume ls -q --filter "name=.*fixturenet_eth_bootnode_geth_data|.*fixturenet_eth_bootnode_lighthouse_data|.*fixturenet_eth_geth_1_data|.*fixturenet_eth_geth_2_data|.*fixturenet_eth_lighthouse_1_data|.*fixturenet_eth_lighthouse_2_data|.*fixturenet_geth_accounts"
+$ docker volume ls -q --filter "name=.*fixturenet_eth_bootnode_geth_data|.*fixturenet_eth_bootnode_lighthouse_data|.*fixturenet_eth_geth_1_data|.*fixturenet_eth_geth_2_data|.*fixturenet_eth_lighthouse_1_data|.*fixturenet_eth_lighthouse_2_data"

 # Remove all the listed volumes
-$ docker volume rm $(docker volume ls -q --filter "name=.*fixturenet_eth_bootnode_geth_data|.*fixturenet_eth_bootnode_lighthouse_data|.*fixturenet_eth_geth_1_data|.*fixturenet_eth_geth_2_data|.*fixturenet_eth_lighthouse_1_data|.*fixturenet_eth_lighthouse_2_data|.*fixturenet_geth_accounts")
+$ docker volume rm $(docker volume ls -q --filter "name=.*fixturenet_eth_bootnode_geth_data|.*fixturenet_eth_bootnode_lighthouse_data|.*fixturenet_eth_geth_1_data|.*fixturenet_eth_geth_2_data|.*fixturenet_eth_lighthouse_1_data|.*fixturenet_eth_lighthouse_2_data")
 ```
--- a/app/data/stacks/mobymask-v2/README.md
+++ b/app/data/stacks/mobymask-v2/README.md
@ -114,8 +114,8 @@ Clear volumes created by this stack:

 ```bash
 # List all relevant volumes
-docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment|.*fixturenet_geth_accounts|.*l1_deployment|.*l2_accounts|.*l2_config|.*l2_geth_data"
+docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment|.*l1_deployment|.*l2_accounts|.*l2_config|.*l2_geth_data"

 # Remove all the listed volumes
-docker volume rm $(docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment|.*fixturenet_geth_accounts|.*l1_deployment|.*l2_accounts|.*l2_config|.*l2_geth_data")
+docker volume rm $(docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment|.*l1_deployment|.*l2_accounts|.*l2_config|.*l2_geth_data")
 ```
--- a/app/data/stacks/mobymask-v2/mobymask-only.md
+++ b/app/data/stacks/mobymask-v2/mobymask-only.md
@ -49,7 +49,11 @@ Create and update an env file to be used in the next step ([defaults](../../conf
  CERC_L2_NODE_HOST=
  CERC_L2_NODE_PORT=

-  # Credentials for accounts to perform txs on L2
+  # URL to get CSV with credentials for accounts on L1 to perform txs on L2
+  CERC_L1_ACCOUNTS_CSV_URL=
+
+  # OR
+  # Specify the required account credentials
  CERC_PRIVATE_KEY_DEPLOYER=
  CERC_PRIVATE_KEY_PEER=

@ -118,8 +122,8 @@ Clear volumes created by this stack:

 ```bash
 # List all relevant volumes
-docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment|.*fixturenet_geth_accounts"
+docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment"

 # Remove all the listed volumes
-docker volume rm $(docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment|.*fixturenet_geth_accounts")
+docker volume rm $(docker volume ls -q --filter "name=.*mobymask_watcher_db_data|.*peers_ids|.*mobymask_deployment")
 ```