From 9e8708832839171d2065828b55594007c9a7673a Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 19 Mar 2024 16:49:51 -0500 Subject: [PATCH 01/19] WIP: nitro auth --- .../compose/docker-compose-go-nitro-auth.yml | 100 ++++++++++++++++++ .../data/config/go-nitro/run-nitro-node.sh | 22 +++- .../data/config/nitro-rpc-client/start.sh | 88 +++++++++++++++ .../container-build/cerc-go-nitro/Dockerfile | 14 ++- .../cerc-nitro-rpc-client/Dockerfile | 5 +- .../stacks/fixturenet-nitro-auth/README.md | 84 +++++++++++++++ .../stacks/fixturenet-nitro-auth/stack.yml | 25 +++++ 7 files changed, 333 insertions(+), 5 deletions(-) create mode 100644 stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml create mode 100755 stack_orchestrator/data/config/nitro-rpc-client/start.sh create mode 100644 stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md create mode 100644 stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml diff --git a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml new file mode 100644 index 00000000..bef755b0 --- /dev/null +++ b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml @@ -0,0 +1,100 @@ +version: '3.7' + +services: + go-nitro-alice: + image: cerc/go-nitro:local + hostname: go-nitro-alice + restart: on-failure + depends_on: + # Wait for Nitro contracts to be deployed + nitro-contracts: + condition: service_completed_successfully + environment: + CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} + CERC_NITRO_PK: ${CERC_NITRO_PK_ALICE:-f36f6dd450892224ee113899195ef922a4795d41c32cafb386d9aab6e0b7b0c6} + CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_ALICE:-888814df89c4358d7ddb3fa4b0213e7331239a80e1f013eaa7b2deca2a41a218} + CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-true} + CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store} + CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_ALICE:-3006} + CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_ALICE:-5006} + CERC_NITRO_RPC_PORT: ${CERC_NITRO_RPC_PORT_ALICE:-4006} + CERC_NITRO_BOOT_PEERS: "/dns4/go-nitro-bob/tcp/3007/p2p/16Uiu2HAm7JBTpfJWoUh14ZC5MaCM6TujKp8P8ag4ULPiw6g9Xzba" + CERC_NA_ADDRESS: ${CERC_NA_ADDRESS} + CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} + CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} + CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_ALICE:-4106} + entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] + volumes: + - go_nitro_data_alice:/app/data + - nitro_deployment:/app/deployment + - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh + healthcheck: + test: ["CMD", "nc", "-vz", "localhost", "4006"] + interval: 5s + timeout: 5s + retries: 100 + start_period: 100s + ports: + - "3006:3006" + - "4006:4006" + - "5006:5006" + - "4106:4106" + + go-nitro-bob: + image: cerc/go-nitro:local + hostname: go-nitro-bob + restart: on-failure + depends_on: + # Wait for Nitro contracts to be deployed + nitro-contracts: + condition: service_completed_successfully + environment: + CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} + CERC_NITRO_PK: ${CERC_NITRO_PK_BOB:-801c8f30853ed4cbfa130298def86c441c00f4a2eefc6e8fc835ae253ad91d7f} + CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_BOB:-570b909da9669b2f35a0b1ac70b8358516d55ae1b5b3710e95e9a94395090597} + CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-true} + CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store} + CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_BOB:-3007} + CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_BOB:-5007} + CERC_NITRO_RPC_PORT: ${CERC_NITRO_RPC_PORT_BOB:-4007} + CERC_NITRO_BOOT_PEERS: "/dns4/go-nitro-alice/tcp/3006/p2p/16Uiu2HAmNUiX7bpCpbo5JdqEebp85ptGU2Vk2AT9E3BykvbwQ3F9" + CERC_NA_ADDRESS: ${CERC_NA_ADDRESS} + CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} + CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} + CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_BOB:-4107} + entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] + volumes: + - go_nitro_data_bob:/app/data + - nitro_deployment:/app/deployment + - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh + healthcheck: + test: ["CMD", "nc", "-vz", "localhost", "4007"] + interval: 5s + timeout: 5s + retries: 100 + start_period: 100s + ports: + - "3007:3007" + - "4007:4007" + - "5007:5007" + - "4107:4107" + + nitro-rpc-client: + image: cerc/nitro-rpc-client:local + hostname: nitro-rpc-client + restart: always + environment: + CERC_NITRO_RPC_FUND_AMOUNT: ${CERC_NITRO_RPC_FUND_AMOUNT:-2000000} + CERC_NITRO_RPC_HOST_ALICE: ${CERC_NITRO_RPC_HOST_ALICE:-go-nitro-alice} + CERC_NITRO_RPC_PORT_ALICE: ${CERC_NITRO_RPC_PORT_ALICE:-4006} + CERC_NITRO_USE_TLS: ${CERC_NITRO_USE_TLS:-false} + CERC_NITRO_ADDRESS_BOB: ${CERC_NITRO_ADDRESS_BOB:-0xe07e314501cc73b24cf45a6577486017300e153c} + volumes: + - nitro_deployment:/app/deployment + - ../config/nitro-rpc-client/start.sh:/app/start.sh + command: ["/app/start.sh"] + +volumes: + go_nitro_data_alice: + go_nitro_data_bob: + nitro_deployment: diff --git a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh index 249937ef..b319f6fa 100755 --- a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh +++ b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh @@ -47,4 +47,24 @@ while true; do sleep $retry_interval done -./nitro -chainurl ${CERC_NITRO_CHAIN_URL} -msgport ${CERC_NITRO_MSG_PORT} -rpcport ${CERC_NITRO_RPC_PORT} -wsmsgport ${CERC_NITRO_WS_MSG_PORT} -publicip "0.0.0.0" -pk ${CERC_NITRO_PK} -chainpk ${CERC_NITRO_CHAIN_PK} -naaddress ${NA_ADDRESS} -vpaaddress ${VPA_ADDRESS} -caaddress ${CA_ADDRESS} -usedurablestore ${CERC_NITRO_USE_DURABLE_STORE} -durablestorefolder ${CERC_NITRO_DURABLE_STORE_FOLDER} -tlscertfilepath "" -tlsKeyFilepath "" +if [[ -n "$CERC_NITRO_UI_PORT" ]] && [[ -d "ui" ]]; then + for f in `ls ui/assets/*.js`; do + sed -i "s/\"CERC_RUNTIME_ENV_RPC_HOST\"/\"localhost:${CERC_NITRO_RPC_PORT}\"/g" "$f" + done + http-server -p $CERC_NITRO_UI_PORT ui & +fi + +./nitro \ + -chainurl ${CERC_NITRO_CHAIN_URL} \ + -msgport ${CERC_NITRO_MSG_PORT} \ + -rpcport ${CERC_NITRO_RPC_PORT} \ + -wsmsgport ${CERC_NITRO_WS_MSG_PORT} \ + -publicip "0.0.0.0" \ + -pk ${CERC_NITRO_PK} \ + -chainpk ${CERC_NITRO_CHAIN_PK} \ + -naaddress ${NA_ADDRESS} \ + -vpaaddress ${VPA_ADDRESS} \ + -caaddress ${CA_ADDRESS} \ + -usedurablestore=${CERC_NITRO_USE_DURABLE_STORE} \ + -durablestorefolder ${CERC_NITRO_DURABLE_STORE_FOLDER} \ + -bootpeers "${CERC_NITRO_BOOT_PEERS}" \ No newline at end of file diff --git a/stack_orchestrator/data/config/nitro-rpc-client/start.sh b/stack_orchestrator/data/config/nitro-rpc-client/start.sh new file mode 100755 index 00000000..e1240129 --- /dev/null +++ b/stack_orchestrator/data/config/nitro-rpc-client/start.sh @@ -0,0 +1,88 @@ +#!/bin/bash + +CERC_NITRO_RPC_FUND_AMOUNT=${CERC_NITRO_RPC_FUND_AMOUNT:-0} +CERC_NITRO_RPC_HOST_ALICE=${CERC_NITRO_RPC_HOST_ALICE:-go-nitro-alice} +CERC_NITRO_RPC_PORT_ALICE=${CERC_NITRO_RPC_PORT_ALICE:-4006} +CERC_NITRO_USE_TLS=${CERC_NITRO_USE_TLS:-false} +CERC_NITRO_ADDRESS_BOB=${CERC_NITRO_ADDRESS_BOB:-0xe07e314501cc73b24cf45a6577486017300e153c} + + +# Wait till chain endpoint is available +retry_interval=5 +while true; do + nc -z -w 1 "$CERC_NITRO_RPC_HOST_ALICE" "$CERC_NITRO_RPC_PORT_ALICE" + + if [ $? -eq 0 ]; then + echo "Nitro endpoint is available" + break + fi + + echo "Nitro endpoint not yet available, retrying in $retry_interval seconds..." + sleep $retry_interval +done + + +if [[ "$CERC_NITRO_RPC_FUND_AMOUNT" -gt 0 ]]; then + nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ + -p $CERC_NITRO_RPC_PORT_ALICE \ + -s=$CERC_NITRO_USE_TLS \ + get-all-ledger-channels | \ + jq "[.[] | select(.Status == \"Open\") | select(.Balance.Them == \"$CERC_NITRO_ADDRESS_BOB\")] | first" > \ + /app/deployment/nitro-ledger-channel-alice-to-bob.json + if [[ ! -f "/app/deployment/nitro-ledger-channel-alice-to-bob.json" ]]; then + echo "Creating new ledger channel ..." + nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ + -p $CERC_NITRO_RPC_PORT_ALICE \ + -s=$CERC_NITRO_USE_TLS \ + -n \ + direct-fund --amount $CERC_NITRO_RPC_FUND_AMOUNT $CERC_NITRO_ADDRESS_BOB + fi + + + nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ + -p $CERC_NITRO_RPC_PORT_ALICE \ + -s=$CERC_NITRO_USE_TLS \ + get-all-ledger-channels | \ + jq "[.[] | select(.Status == \"Open\") | select(.Balance.Them == \"$CERC_NITRO_ADDRESS_BOB\")] | first" > \ + /app/deployment/nitro-ledger-channel-alice-to-bob.json + + ledger_channel=$(jq -r '.ID' /app/deployment/nitro-ledger-channel-alice-to-bob.json) + + if [[ ! -f "/app/deployment/nitro-payment-channels-alice-to-bob.json" ]]; then + echo "Creating new payment channel ..." + nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ + -p $CERC_NITRO_RPC_PORT_ALICE \ + -s=$CERC_NITRO_USE_TLS \ + -n \ + virtual-fund --amount $((CERC_NITRO_RPC_FUND_AMOUNT/2)) $CERC_NITRO_ADDRESS_BOB + fi + + nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ + -p $CERC_NITRO_RPC_PORT_ALICE \ + -s=$CERC_NITRO_USE_TLS \ + get-payment-channels-by-ledger $ledger_channel > \ + /app/deployment/nitro-payment-channels-alice-to-bob.json + + echo "" + echo "################################################################" + echo "" + + echo "LEDGER:" + cat /app/deployment/nitro-ledger-channel-alice-to-bob.json | jq + echo "" + echo "" + + echo "PAYMENT:" + cat /app/deployment/nitro-payment-channels-alice-to-bob.json | jq + echo "" + echo "" +fi + +if [ -n "$1" ]; then + exec "$@" + exit $? +fi + +while [ 1 -eq 1 ]; do + sleep 100 +done diff --git a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile index 1d0e31b4..803d6175 100644 --- a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile +++ b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile @@ -8,9 +8,19 @@ COPY . . RUN go build -v -o nitro . # Reduce image size -FROM debian:bullseye-slim +FROM node:18-bullseye-slim as builder-ui RUN apt-get update -RUN apt-get install -y ca-certificates jq netcat +RUN apt-get install -y make +WORKDIR /app +COPY . . +RUN yarn +RUN VITE_RPC_HOST=CERC_RUNTIME_ENV_RPC_HOST make ui/build + +FROM node:18-bullseye-slim +RUN apt-get update +RUN apt-get install -y ca-certificates jq netcat make RUN rm -rf /var/lib/apt/lists/* +RUN npm install -g http-server WORKDIR /app COPY --from=builder /app/nitro . +COPY --from=builder-ui /app/packages/nitro-gui/dist /app/ui diff --git a/stack_orchestrator/data/container-build/cerc-nitro-rpc-client/Dockerfile b/stack_orchestrator/data/container-build/cerc-nitro-rpc-client/Dockerfile index 2c0d636a..2def6d70 100644 --- a/stack_orchestrator/data/container-build/cerc-nitro-rpc-client/Dockerfile +++ b/stack_orchestrator/data/container-build/cerc-nitro-rpc-client/Dockerfile @@ -4,9 +4,10 @@ RUN apk --update --no-cache add python3 alpine-sdk bash curl jq WORKDIR /app -COPY . . +COPY packages/nitro-rpc-client . RUN echo "Installing dependencies" && \ yarn -RUN cd packages/nitro-rpc-client +RUN yarn build +RUN ln -s /app/bin/nitro-rpc-client.js /bin/nitro-rpc-client diff --git a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md new file mode 100644 index 00000000..6c57bfe8 --- /dev/null +++ b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md @@ -0,0 +1,84 @@ +# fixturenet-payments-lite + +Instructions to setup and deploy an end-to-end fixturenet-payments-lite stack, on a local machine. Some tips are included for running on a remote cloud machine. + +## Setup + +Clone required repositories: + +```bash +laconic-so --stack fixturenet-nitro setup-repositories --pull +``` + +Build the container imagesfixturenet-payments-lite: + +```bash +laconic-so --stack fixturenet-nitro build-containers +``` + +## Deploy + +Deploy the stack: + +```bash +laconic-so --stack fixturenet-nitro deploy --cluster payments up +``` + +```bash +# Exposed on host ports: +# 32***: geth in statediffing mode and ipld-eth-server(s) +# 4005: in-process go-nitro node's RPC endpoint +# 3005: in-process go-nitro node's p2p TCP endpoint +# 5005: in-process go-nitro node's p2p WS endpoint +# 4006: out-of-process go-nitro node's RPC endpoint +# 3006: out-of-process go-nitro node's p2p TCP endpoint +# 5006: out-of-process go-nitro node's p2p WS endpoint +# 15432: MobyMask v3 watcher's db endpoint +# 3001: MobyMask v3 watcher endpoint +# 9090: MobyMask v3 watcher relay node endpoint +# 8080: MobyMask snap +# 3004: MobyMask v3 app +# 42070: Ponder indexer-1 +# 42071: Ponder indexer-2 +# 42069: Ponder watcher +``` + +If running in the cloud, ensure all the of the above ports are open. The geth port can be retrieved with: + +```bash +docker port payments-fixturenet-eth-geth-1-1 8545 +``` + +Then for every port above, run each line in a new terminal window (or use `screen`): + +```bash +ssh -L 4005:localhost:4005 user@ +ssh -L 5005:localhost:5005 user@ +ssh -L 8081:localhost:8081 user@ +# ... and so on for every port +``` + +This will allow you to access the entirety of the app as if it were running locally. + +## Demo + +- Follow the [mobymask-demo](./mobymask-demo.md) to try out MobyMask end-to-end payments. +- Follow the [ponder-demo](./ponder-demo.md) to try out Ponder end-to-end payments. + +## Clean up + +Stop all the services running in background: + +```bash +laconic-so --stack fixturenet-nitro deploy --cluster payments down 30 +``` + +Clear volumes created by this stack: + +```bash +# List all relevant volumes +docker volume ls -q --filter "name=payments" + +# Remove all the listed volumes +docker volume rm $(docker volume ls -q --filter "name=payments") +``` diff --git a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml new file mode 100644 index 00000000..58c20276 --- /dev/null +++ b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml @@ -0,0 +1,25 @@ +version: "1.0" +name: fixturenet-nitro-auth +description: "Stack to demonstrate payments between various services" +repos: + # fixturenet repos + - git.vdb.to/cerc-io/go-ethereum@v1.11.6-statediff-v5 + - git.vdb.to/cerc-io/lighthouse + # nitro repo + - github.com/cerc-io/go-nitro@v0.1.2-ts-port-0.1.9 +containers: + # fixturenet images + - cerc/go-ethereum + - cerc/lighthouse + - cerc/lighthouse-cli + - cerc/fixturenet-eth-genesis + - cerc/fixturenet-eth-geth + - cerc/fixturenet-eth-lighthouse + # nitro + - cerc/nitro-contracts + - cerc/go-nitro + - cerc/nitro-rpc-client +pods: + - fixturenet-eth + - nitro-contracts + - go-nitro-auth \ No newline at end of file -- 2.45.2 From 78219c0e045f5f1b9954d51997d7d96e561b747d Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 19 Mar 2024 21:11:52 -0500 Subject: [PATCH 02/19] Ask nitor --- .../data/config/nitro-rpc-client/start.sh | 45 ++++++++++++------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/stack_orchestrator/data/config/nitro-rpc-client/start.sh b/stack_orchestrator/data/config/nitro-rpc-client/start.sh index e1240129..c61eb04e 100755 --- a/stack_orchestrator/data/config/nitro-rpc-client/start.sh +++ b/stack_orchestrator/data/config/nitro-rpc-client/start.sh @@ -21,7 +21,6 @@ while true; do sleep $retry_interval done - if [[ "$CERC_NITRO_RPC_FUND_AMOUNT" -gt 0 ]]; then nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ -p $CERC_NITRO_RPC_PORT_ALICE \ @@ -29,32 +28,25 @@ if [[ "$CERC_NITRO_RPC_FUND_AMOUNT" -gt 0 ]]; then get-all-ledger-channels | \ jq "[.[] | select(.Status == \"Open\") | select(.Balance.Them == \"$CERC_NITRO_ADDRESS_BOB\")] | first" > \ /app/deployment/nitro-ledger-channel-alice-to-bob.json - if [[ ! -f "/app/deployment/nitro-ledger-channel-alice-to-bob.json" ]]; then + + ledger_channel=$(jq -r '.ID' /app/deployment/nitro-ledger-channel-alice-to-bob.json 2>/dev/null | sed 's/^null$//') + + if [[ -z "${ledger_channel}" ]]; then echo "Creating new ledger channel ..." nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ -p $CERC_NITRO_RPC_PORT_ALICE \ -s=$CERC_NITRO_USE_TLS \ -n \ direct-fund --amount $CERC_NITRO_RPC_FUND_AMOUNT $CERC_NITRO_ADDRESS_BOB - fi - - nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ - -p $CERC_NITRO_RPC_PORT_ALICE \ - -s=$CERC_NITRO_USE_TLS \ - get-all-ledger-channels | \ - jq "[.[] | select(.Status == \"Open\") | select(.Balance.Them == \"$CERC_NITRO_ADDRESS_BOB\")] | first" > \ - /app/deployment/nitro-ledger-channel-alice-to-bob.json - - ledger_channel=$(jq -r '.ID' /app/deployment/nitro-ledger-channel-alice-to-bob.json) - - if [[ ! -f "/app/deployment/nitro-payment-channels-alice-to-bob.json" ]]; then - echo "Creating new payment channel ..." nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ -p $CERC_NITRO_RPC_PORT_ALICE \ -s=$CERC_NITRO_USE_TLS \ - -n \ - virtual-fund --amount $((CERC_NITRO_RPC_FUND_AMOUNT/2)) $CERC_NITRO_ADDRESS_BOB + get-all-ledger-channels | \ + jq "[.[] | select(.Status == \"Open\") | select(.Balance.Them == \"$CERC_NITRO_ADDRESS_BOB\")] | first" > \ + /app/deployment/nitro-ledger-channel-alice-to-bob.json + + ledger_channel=$(jq -r '.ID' /app/deployment/nitro-ledger-channel-alice-to-bob.json) fi nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ @@ -63,6 +55,25 @@ if [[ "$CERC_NITRO_RPC_FUND_AMOUNT" -gt 0 ]]; then get-payment-channels-by-ledger $ledger_channel > \ /app/deployment/nitro-payment-channels-alice-to-bob.json + first_open_channel=$(jq '[.[] | select(.Status == "Open")] | first' /app/deployment/nitro-payment-channels-alice-to-bob.json | sed 's/^null$//') + + if [[ -z "$first_open_channel" ]]; then + echo "Creating new payment channel ..." + nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ + -p $CERC_NITRO_RPC_PORT_ALICE \ + -s=$CERC_NITRO_USE_TLS \ + -n \ + virtual-fund --amount $((CERC_NITRO_RPC_FUND_AMOUNT/2)) $CERC_NITRO_ADDRESS_BOB + + nitro-rpc-client -h $CERC_NITRO_RPC_HOST_ALICE \ + -p $CERC_NITRO_RPC_PORT_ALICE \ + -s=$CERC_NITRO_USE_TLS \ + get-payment-channels-by-ledger $ledger_channel > \ + /app/deployment/nitro-payment-channels-alice-to-bob.json + + first_open_channel=$(jq '[.[] | select(.Status == "Open")] | first' /app/deployment/nitro-payment-channels-alice-to-bob.json | sed 's/^null$//') + fi + echo "" echo "################################################################" echo "" -- 2.45.2 From 76821f00a04e008334abc54463cc16aa0503c284 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 21 Mar 2024 02:10:37 -0500 Subject: [PATCH 03/19] stack updates --- .../compose/docker-compose-go-nitro-auth.yml | 27 ++++++++- .../go-nitro-auth/nginx/nitro_auth_proxy.conf | 57 +++++++++++++++++++ .../data/config/go-nitro/run-nitro-node.sh | 22 +++++-- .../container-build/cerc-go-nitro/Dockerfile | 13 ++++- .../data/stacks/fixturenet-eth/stack.yml | 5 +- .../stacks/fixturenet-nitro-auth/stack.yml | 2 +- 6 files changed, 111 insertions(+), 15 deletions(-) create mode 100644 stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf diff --git a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml index bef755b0..7840ad66 100644 --- a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml +++ b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml @@ -13,7 +13,7 @@ services: CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} CERC_NITRO_PK: ${CERC_NITRO_PK_ALICE:-f36f6dd450892224ee113899195ef922a4795d41c32cafb386d9aab6e0b7b0c6} CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_ALICE:-888814df89c4358d7ddb3fa4b0213e7331239a80e1f013eaa7b2deca2a41a218} - CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-true} + CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-false} CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store} CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_ALICE:-3006} CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_ALICE:-5006} @@ -23,6 +23,9 @@ services: CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_ALICE:-4106} + CERC_NITRO_AUTH_UI_PORT: ${CERC_NITRO_AUTH_UI_PORT_ALICE:-4206} + CERC_NITRO_AUTH_ON: false + CERC_NITRO_AUTH_RPC_PORT: 4006 entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] volumes: - go_nitro_data_alice:/app/data @@ -39,6 +42,8 @@ services: - "4006:4006" - "5006:5006" - "4106:4106" + - "4206:4206" + - "4216:4216" go-nitro-bob: image: cerc/go-nitro:local @@ -52,7 +57,7 @@ services: CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} CERC_NITRO_PK: ${CERC_NITRO_PK_BOB:-801c8f30853ed4cbfa130298def86c441c00f4a2eefc6e8fc835ae253ad91d7f} CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_BOB:-570b909da9669b2f35a0b1ac70b8358516d55ae1b5b3710e95e9a94395090597} - CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-true} + CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-false} CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store} CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_BOB:-3007} CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_BOB:-5007} @@ -62,6 +67,9 @@ services: CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_BOB:-4107} + CERC_NITRO_AUTH_UI_PORT: ${CERC_NITRO_AUTH_UI_PORT_BOB:-4207} + CERC_NITRO_AUTH_ON: true + CERC_NITRO_AUTH_RPC_PORT: 4007 entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] volumes: - go_nitro_data_bob:/app/data @@ -78,13 +86,15 @@ services: - "4007:4007" - "5007:5007" - "4107:4107" + - "4207:4207" + - "4217:4217" nitro-rpc-client: image: cerc/nitro-rpc-client:local hostname: nitro-rpc-client restart: always environment: - CERC_NITRO_RPC_FUND_AMOUNT: ${CERC_NITRO_RPC_FUND_AMOUNT:-2000000} + CERC_NITRO_RPC_FUND_AMOUNT: ${CERC_NITRO_RPC_FUND_AMOUNT:-0} CERC_NITRO_RPC_HOST_ALICE: ${CERC_NITRO_RPC_HOST_ALICE:-go-nitro-alice} CERC_NITRO_RPC_PORT_ALICE: ${CERC_NITRO_RPC_PORT_ALICE:-4006} CERC_NITRO_USE_TLS: ${CERC_NITRO_USE_TLS:-false} @@ -94,6 +104,17 @@ services: - ../config/nitro-rpc-client/start.sh:/app/start.sh command: ["/app/start.sh"] + nitro-nginx: + image: nginx:1.23-alpine + restart: always + volumes: + - ../config/go-nitro-auth/nginx:/etc/nginx/conf.d + ports: + - 5678:80 + depends_on: + - go-nitro-alice + - go-nitro-bob + volumes: go_nitro_data_alice: go_nitro_data_bob: diff --git a/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf b/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf new file mode 100644 index 00000000..28ed62fa --- /dev/null +++ b/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf @@ -0,0 +1,57 @@ +server { + listen 80; + listen [::]:80; + server_name localhost; + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + location / { + proxy_buffering off; + proxy_pass http://go-nitro-alice:4206; + } + +### geth + location ~ ^/eth/?([^/]*)$ { + set $apiKey $1; + if ($apiKey = '') { + set $apiKey $http_X_API_KEY; + } + auth_request /auth; + proxy_buffering off; + rewrite /.*$ / break; + proxy_pass http://fixturenet-eth-geth-1:8545; + } + +## lighthouse + location /beacon/ { + set $apiKey $http_X_API_KEY; + auth_request /auth; + proxy_buffering off; + proxy_pass http://fixturenet-eth-lighthouse-1:8001/; + } + +## payments + location /pay { + proxy_buffering off; + proxy_pass http://go-nitro-bob:8547/pay; + } + + location = /auth { + internal; + proxy_buffering off; + resolver 127.0.0.11 ipv6=off; + proxy_pass http://go-nitro-bob:8547/auth/$apiKey; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + proxy_set_header X-Original-URI $request_uri; + proxy_set_header X-Original-Remote-Addr $remote_addr; + proxy_set_header X-Original-Host $host; + } + + location = /stub_status { + stub_status; + } +} diff --git a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh index b319f6fa..70425278 100755 --- a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh +++ b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh @@ -47,13 +47,27 @@ while true; do sleep $retry_interval done -if [[ -n "$CERC_NITRO_UI_PORT" ]] && [[ -d "ui" ]]; then - for f in `ls ui/assets/*.js`; do - sed -i "s/\"CERC_RUNTIME_ENV_RPC_HOST\"/\"localhost:${CERC_NITRO_RPC_PORT}\"/g" "$f" +if [[ -n "$CERC_NITRO_UI_PORT" ]] && [[ -d "/app-node/packages/nitro-gui/dist" ]]; then + for f in `ls /app-node/packages/nitro-gui/dist/assets/*.js`; do + sed -i "s#\"CERC_RUNTIME_ENV_RPC_URL\"#\"http://localhost:${CERC_NITRO_RPC_PORT}\"#g" "$f" + sed -i "s#\"CERC_RUNTIME_ENV_TARGET_URL\"#\"http://localhost:5678\"#g" "$f" done - http-server -p $CERC_NITRO_UI_PORT ui & + http-server -p $CERC_NITRO_UI_PORT /app-node/packages/nitro-gui/dist & fi +if [[ -n "$CERC_NITRO_AUTH_UI_PORT" ]] && [[ -d "/app-node/packages/nitro-auth-gui/dist" ]]; then + for f in `ls /app-node/packages/nitro-auth-gui/dist/assets/*.js`; do + sed -i "s#\"CERC_RUNTIME_ENV_RPC_URL\"#\"http://localhost:${CERC_NITRO_RPC_PORT}\"#g" "$f" + sed -i "s#\"CERC_RUNTIME_ENV_TARGET_URL\"#\"http://localhost:5678\"#g" "$f" + done + http-server -p $CERC_NITRO_AUTH_UI_PORT /app-node/packages/nitro-auth-gui/dist & +fi + +if [[ "$CERC_NITRO_AUTH_ON" == "true" ]] && [[ -d "/app-node/packages/nitro-auth/dist" ]]; then + bash -c "sleep 10 && cd /app-node/packages/nitro-auth && yarn start" & +fi + +cd /app ./nitro \ -chainurl ${CERC_NITRO_CHAIN_URL} \ -msgport ${CERC_NITRO_MSG_PORT} \ diff --git a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile index 803d6175..27382f95 100644 --- a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile +++ b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile @@ -8,13 +8,20 @@ COPY . . RUN go build -v -o nitro . # Reduce image size -FROM node:18-bullseye-slim as builder-ui +FROM node:18-bullseye-slim as builder-node RUN apt-get update RUN apt-get install -y make WORKDIR /app COPY . . +RUN find . -name 'node_modules' | xargs -n1 rm -rf +RUN find . -name 'dist' | xargs -n1 rm -rf RUN yarn -RUN VITE_RPC_HOST=CERC_RUNTIME_ENV_RPC_HOST make ui/build +WORKDIR /app/packages/nitro-gui +RUN VITE_RPC_URL=CERC_RUNTIME_ENV_RPC_URL VITE_TARGET_URL=CERC_RUNTIME_ENV_TARGET_URL yarn build +WORKDIR /app/packages/nitro-auth-gui +RUN VITE_RPC_URL=CERC_RUNTIME_ENV_RPC_URL VITE_TARGET_URL=CERC_RUNTIME_ENV_TARGET_URL yarn build +WORKDIR /app/packages/nitro-auth +RUN yarn build FROM node:18-bullseye-slim RUN apt-get update @@ -23,4 +30,4 @@ RUN rm -rf /var/lib/apt/lists/* RUN npm install -g http-server WORKDIR /app COPY --from=builder /app/nitro . -COPY --from=builder-ui /app/packages/nitro-gui/dist /app/ui +COPY --from=builder-node /app /app-node \ No newline at end of file diff --git a/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml b/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml index ce57df4d..cb80bc70 100644 --- a/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml +++ b/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml @@ -4,7 +4,6 @@ description: "Ethereum Fixturenet" repos: - git.vdb.to/cerc-io/go-ethereum@v1.11.6-statediff-v5 - git.vdb.to/cerc-io/lighthouse - - github.com/dboreham/foundry containers: - cerc/go-ethereum - cerc/lighthouse @@ -12,7 +11,5 @@ containers: - cerc/fixturenet-eth-genesis - cerc/fixturenet-eth-geth - cerc/fixturenet-eth-lighthouse - - cerc/foundry pods: - - fixturenet-eth - - foundry + - fixturenet-eth \ No newline at end of file diff --git a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml index 58c20276..8ca2fc5c 100644 --- a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml +++ b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml @@ -6,7 +6,7 @@ repos: - git.vdb.to/cerc-io/go-ethereum@v1.11.6-statediff-v5 - git.vdb.to/cerc-io/lighthouse # nitro repo - - github.com/cerc-io/go-nitro@v0.1.2-ts-port-0.1.9 + - github.com/cerc-io/go-nitro@telackey/update containers: # fixturenet images - cerc/go-ethereum -- 2.45.2 From 247025de28b8801b997b4872d121ce1df0106959 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 21 Mar 2024 12:12:26 -0500 Subject: [PATCH 04/19] Shorten sleep --- stack_orchestrator/data/config/go-nitro/run-nitro-node.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh index 70425278..3cf4279d 100755 --- a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh +++ b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh @@ -64,7 +64,7 @@ if [[ -n "$CERC_NITRO_AUTH_UI_PORT" ]] && [[ -d "/app-node/packages/nitro-auth-g fi if [[ "$CERC_NITRO_AUTH_ON" == "true" ]] && [[ -d "/app-node/packages/nitro-auth/dist" ]]; then - bash -c "sleep 10 && cd /app-node/packages/nitro-auth && yarn start" & + bash -c "sleep 6 && cd /app-node/packages/nitro-auth && yarn start" & fi cd /app -- 2.45.2 From 7929a137b6750473bd7308aebb550cefedd0918d Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 21 Mar 2024 16:19:14 -0500 Subject: [PATCH 05/19] revert --- stack_orchestrator/data/stacks/fixturenet-eth/stack.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml b/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml index cb80bc70..ce57df4d 100644 --- a/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml +++ b/stack_orchestrator/data/stacks/fixturenet-eth/stack.yml @@ -4,6 +4,7 @@ description: "Ethereum Fixturenet" repos: - git.vdb.to/cerc-io/go-ethereum@v1.11.6-statediff-v5 - git.vdb.to/cerc-io/lighthouse + - github.com/dboreham/foundry containers: - cerc/go-ethereum - cerc/lighthouse @@ -11,5 +12,7 @@ containers: - cerc/fixturenet-eth-genesis - cerc/fixturenet-eth-geth - cerc/fixturenet-eth-lighthouse + - cerc/foundry pods: - - fixturenet-eth \ No newline at end of file + - fixturenet-eth + - foundry -- 2.45.2 From f20dcb8457c171c4f548bb0f455f5b248138afa2 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 21 Mar 2024 16:19:42 -0500 Subject: [PATCH 06/19] revert --- .../stacks/fixturenet-nitro-auth/README.md | 84 ------------------- 1 file changed, 84 deletions(-) delete mode 100644 stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md diff --git a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md deleted file mode 100644 index 6c57bfe8..00000000 --- a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/README.md +++ /dev/null @@ -1,84 +0,0 @@ -# fixturenet-payments-lite - -Instructions to setup and deploy an end-to-end fixturenet-payments-lite stack, on a local machine. Some tips are included for running on a remote cloud machine. - -## Setup - -Clone required repositories: - -```bash -laconic-so --stack fixturenet-nitro setup-repositories --pull -``` - -Build the container imagesfixturenet-payments-lite: - -```bash -laconic-so --stack fixturenet-nitro build-containers -``` - -## Deploy - -Deploy the stack: - -```bash -laconic-so --stack fixturenet-nitro deploy --cluster payments up -``` - -```bash -# Exposed on host ports: -# 32***: geth in statediffing mode and ipld-eth-server(s) -# 4005: in-process go-nitro node's RPC endpoint -# 3005: in-process go-nitro node's p2p TCP endpoint -# 5005: in-process go-nitro node's p2p WS endpoint -# 4006: out-of-process go-nitro node's RPC endpoint -# 3006: out-of-process go-nitro node's p2p TCP endpoint -# 5006: out-of-process go-nitro node's p2p WS endpoint -# 15432: MobyMask v3 watcher's db endpoint -# 3001: MobyMask v3 watcher endpoint -# 9090: MobyMask v3 watcher relay node endpoint -# 8080: MobyMask snap -# 3004: MobyMask v3 app -# 42070: Ponder indexer-1 -# 42071: Ponder indexer-2 -# 42069: Ponder watcher -``` - -If running in the cloud, ensure all the of the above ports are open. The geth port can be retrieved with: - -```bash -docker port payments-fixturenet-eth-geth-1-1 8545 -``` - -Then for every port above, run each line in a new terminal window (or use `screen`): - -```bash -ssh -L 4005:localhost:4005 user@ -ssh -L 5005:localhost:5005 user@ -ssh -L 8081:localhost:8081 user@ -# ... and so on for every port -``` - -This will allow you to access the entirety of the app as if it were running locally. - -## Demo - -- Follow the [mobymask-demo](./mobymask-demo.md) to try out MobyMask end-to-end payments. -- Follow the [ponder-demo](./ponder-demo.md) to try out Ponder end-to-end payments. - -## Clean up - -Stop all the services running in background: - -```bash -laconic-so --stack fixturenet-nitro deploy --cluster payments down 30 -``` - -Clear volumes created by this stack: - -```bash -# List all relevant volumes -docker volume ls -q --filter "name=payments" - -# Remove all the listed volumes -docker volume rm $(docker volume ls -q --filter "name=payments") -``` -- 2.45.2 From 80b299c1e5cb4e72e79d9aa5c8a335ae57271253 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Fri, 22 Mar 2024 17:10:23 -0500 Subject: [PATCH 07/19] Swap caddy for nginx --- .../compose/docker-compose-go-nitro-auth.yml | 21 +++++++--- .../data/config/go-nitro-auth/caddy/Caddyfile | 38 +++++++++++++++++++ .../go-nitro-auth/nginx/nitro_auth_proxy.conf | 8 ++-- .../data/config/go-nitro/run-nitro-node.sh | 2 +- .../container-build/cerc-go-nitro/Dockerfile | 2 +- 5 files changed, 60 insertions(+), 11 deletions(-) create mode 100644 stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile diff --git a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml index 7840ad66..dff40436 100644 --- a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml +++ b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml @@ -94,7 +94,7 @@ services: hostname: nitro-rpc-client restart: always environment: - CERC_NITRO_RPC_FUND_AMOUNT: ${CERC_NITRO_RPC_FUND_AMOUNT:-0} + CERC_NITRO_RPC_FUND_AMOUNT: ${CERC_NITRO_RPC_FUND_AMOUNT:-2000000} CERC_NITRO_RPC_HOST_ALICE: ${CERC_NITRO_RPC_HOST_ALICE:-go-nitro-alice} CERC_NITRO_RPC_PORT_ALICE: ${CERC_NITRO_RPC_PORT_ALICE:-4006} CERC_NITRO_USE_TLS: ${CERC_NITRO_USE_TLS:-false} @@ -104,13 +104,24 @@ services: - ../config/nitro-rpc-client/start.sh:/app/start.sh command: ["/app/start.sh"] - nitro-nginx: - image: nginx:1.23-alpine + #nitro-nginx: + # image: nginx:1.23-alpine + # restart: always + # volumes: + # - ../config/go-nitro-auth/nginx:/etc/nginx/conf.d + # ports: + # - 5678:80 + # depends_on: + # - go-nitro-alice + # - go-nitro-bob + + nitro-caddy: + image: caddy:2-alpine restart: always volumes: - - ../config/go-nitro-auth/nginx:/etc/nginx/conf.d + - ../config/go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile ports: - - 5678:80 + - "5678:80" depends_on: - go-nitro-alice - go-nitro-bob diff --git a/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile b/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile new file mode 100644 index 00000000..a0d1d9d3 --- /dev/null +++ b/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile @@ -0,0 +1,38 @@ +:80 { + handle /pay* { + reverse_proxy http://go-nitro-bob:8547 + } + + @eth-key-in-header { + path_regexp /eth/?$ + header X-Api-Key * + } + + handle @eth-key-in-header { + forward_auth go-nitro-bob:8547 { + uri /auth/{header.x-api-key} + } + rewrite * / + reverse_proxy http://fixturenet-eth-geth-1:8545 + } + + @eth-key-in-path { + path_regexp apikey eth/(.+)$ + } + + handle @eth-key-in-path { + forward_auth go-nitro-bob:8547 { + uri /auth/{re.apikey.1} + } + rewrite * / + reverse_proxy http://fixturenet-eth-geth-1:8545 + } + + handle /eth* { + respond "401 Unauthorized" 401 + } + + handle { + reverse_proxy http://go-nitro-alice:4206 + } +} \ No newline at end of file diff --git a/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf b/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf index 28ed62fa..5bd5f0f3 100644 --- a/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf +++ b/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf @@ -34,10 +34,10 @@ server { } ## payments - location /pay { - proxy_buffering off; - proxy_pass http://go-nitro-bob:8547/pay; - } + location /pay { + proxy_buffering off; + proxy_pass http://go-nitro-bob:8547/pay; + } location = /auth { internal; diff --git a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh index 3cf4279d..732af9aa 100755 --- a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh +++ b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh @@ -49,7 +49,7 @@ done if [[ -n "$CERC_NITRO_UI_PORT" ]] && [[ -d "/app-node/packages/nitro-gui/dist" ]]; then for f in `ls /app-node/packages/nitro-gui/dist/assets/*.js`; do - sed -i "s#\"CERC_RUNTIME_ENV_RPC_URL\"#\"http://localhost:${CERC_NITRO_RPC_PORT}\"#g" "$f" + sed -i "s#\"CERC_RUNTIME_ENV_RPC_HOST\"#\"localhost:${CERC_NITRO_RPC_PORT}\"#g" "$f" sed -i "s#\"CERC_RUNTIME_ENV_TARGET_URL\"#\"http://localhost:5678\"#g" "$f" done http-server -p $CERC_NITRO_UI_PORT /app-node/packages/nitro-gui/dist & diff --git a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile index 27382f95..331cadad 100644 --- a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile +++ b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile @@ -17,7 +17,7 @@ RUN find . -name 'node_modules' | xargs -n1 rm -rf RUN find . -name 'dist' | xargs -n1 rm -rf RUN yarn WORKDIR /app/packages/nitro-gui -RUN VITE_RPC_URL=CERC_RUNTIME_ENV_RPC_URL VITE_TARGET_URL=CERC_RUNTIME_ENV_TARGET_URL yarn build +RUN VITE_RPC_HOST=CERC_RUNTIME_ENV_RPC_HOST yarn build WORKDIR /app/packages/nitro-auth-gui RUN VITE_RPC_URL=CERC_RUNTIME_ENV_RPC_URL VITE_TARGET_URL=CERC_RUNTIME_ENV_TARGET_URL yarn build WORKDIR /app/packages/nitro-auth -- 2.45.2 From 36e89b5a7852594ac19dc1b0e1d693d5718aa185 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Mon, 1 Apr 2024 15:53:01 -0500 Subject: [PATCH 08/19] Linea Sepolia Testnet-based Nitro Auth --- ...er-compose-linea-testnet-go-nitro-auth.yml | 91 +++++++++++++++++++ .../data/config/go-nitro/run-nitro-node.sh | 54 +++++++---- .../linea-testnet-go-nitro-auth/alice.env | 25 +++++ .../linea-testnet-go-nitro-auth/bob.env | 25 +++++ .../linea-testnet-go-nitro-auth/bootnode.env | 23 +++++ .../caddy/Caddyfile | 42 +++++++++ .../deployment/nitro-addresses.json | 5 + .../container-build/cerc-go-nitro/Dockerfile | 2 +- .../stacks/linea-testnet-nitro-auth/stack.yml | 11 +++ 9 files changed, 261 insertions(+), 17 deletions(-) create mode 100644 stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml create mode 100644 stack_orchestrator/data/config/linea-testnet-go-nitro-auth/alice.env create mode 100644 stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bob.env create mode 100644 stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bootnode.env create mode 100644 stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile create mode 100644 stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json create mode 100644 stack_orchestrator/data/stacks/linea-testnet-nitro-auth/stack.yml diff --git a/stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml new file mode 100644 index 00000000..44a56e13 --- /dev/null +++ b/stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml @@ -0,0 +1,91 @@ +version: '3.7' + +services: + go-nitro-alice: + image: cerc/go-nitro:local + hostname: go-nitro-alice + restart: on-failure + depends_on: + - go-nitro-bootnode + env_file: + - ../config/linea-testnet-go-nitro-auth/alice.env + entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] + volumes: + - nitro_deployment:/app/deployment + - go_nitro_data_alice:/app/data + - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh + healthcheck: + test: ["CMD", "nc", "-vz", "localhost", "4006"] + interval: 5s + timeout: 5s + retries: 100 + start_period: 100s + ports: + - "3006:3006" + - "4006:4006" + - "5006:5006" + - "4106:4106" + - "4206:4206" + - "4216:4216" + + go-nitro-bob: + image: cerc/go-nitro:local + hostname: go-nitro-bob + restart: on-failure + depends_on: + - go-nitro-bootnode + env_file: + - ../config/linea-testnet-go-nitro-auth/bob.env + entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] + volumes: + - nitro_deployment:/app/deployment + - go_nitro_data_bob:/app/data + - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh + healthcheck: + test: ["CMD", "nc", "-vz", "localhost", "4007"] + interval: 5s + timeout: 5s + retries: 100 + start_period: 100s + ports: + - "3007:3007" + - "4007:4007" + - "5007:5007" + - "4107:4107" + - "4207:4207" + - "4217:4217" + + go-nitro-bootnode: + image: cerc/go-nitro:local + hostname: go-nitro-bootnode + restart: on-failure + env_file: + - ../config/linea-testnet-go-nitro-auth/bootnode.env + entrypoint: [ "bash", "-c", "/app/run-nitro-node.sh" ] + volumes: + - nitro_deployment:/app/deployment + - go_nitro_data_bootnode:/app/data + - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh + healthcheck: + test: [ "CMD", "nc", "-vz", "localhost", "4008" ] + interval: 5s + timeout: 5s + retries: 100 + start_period: 100s + + nitro-caddy: + image: caddy:2-alpine + restart: always + volumes: + - ../config/linea-testnet-go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile + ports: + - "5678:80" + depends_on: + - go-nitro-alice + - go-nitro-bob + +volumes: + go_nitro_data_alice: + go_nitro_data_bob: + go_nitro_data_bootnode: + nitro_deployment: diff --git a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh index 732af9aa..3b48e554 100755 --- a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh +++ b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh @@ -4,6 +4,11 @@ if [ -n "$CERC_SCRIPT_DEBUG" ]; then set -x fi +if [ -z "$CERC_NITRO_CHAIN_PK" ] || [ -z "$CERC_NITRO_CHAIN_URL" ]; then + echo "You most set both CERC_NITRO_CHAIN_PK and CERC_NITRO_CHAIN_URL." 1>&2 + exit 1 +fi + nitro_addresses_file="/app/deployment/nitro-addresses.json" # Check if CERC_NA_ADDRESS environment variable is set @@ -29,23 +34,25 @@ fi echo "Running Nitro node" -# Assuming CERC_NITRO_CHAIN_URL is of format ://host:port -ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 1) -ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 2) +if [[ "${CERC_GO_NITRO_WAIT_FOR_CHAIN:-true}" == "true" ]]; then + # Assuming CERC_NITRO_CHAIN_URL is of format ://host:port + ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 1 | cut -d'/' -f 1) + ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 2) -# Wait till chain endpoint is available -retry_interval=5 -while true; do - nc -z -w 1 "$ws_host" "$ws_port" + # Wait till chain endpoint is available + retry_interval=5 + while true; do + nc -z -w 1 "$ws_host" "$ws_port" - if [ $? -eq 0 ]; then - echo "Chain endpoint is available" - break - fi + if [ $? -eq 0 ]; then + echo "Chain endpoint is available" + break + fi - echo "Chain endpoint not yet available, retrying in $retry_interval seconds..." - sleep $retry_interval -done + echo "Chain endpoint not yet available, retrying in $retry_interval seconds..." + sleep $retry_interval + done +fi if [[ -n "$CERC_NITRO_UI_PORT" ]] && [[ -d "/app-node/packages/nitro-gui/dist" ]]; then for f in `ls /app-node/packages/nitro-gui/dist/assets/*.js`; do @@ -67,6 +74,20 @@ if [[ "$CERC_NITRO_AUTH_ON" == "true" ]] && [[ -d "/app-node/packages/nitro-auth bash -c "sleep 6 && cd /app-node/packages/nitro-auth && yarn start" & fi +if [[ -z "$CERC_CHAIN_START_BLOCK" ]]; then + if [[ ! -f "/app/deployment/chainstartblock.json" ]]; then + curl --location "$(echo $CERC_NITRO_CHAIN_URL | sed 's/^ws/http/' | sed 's#/ws/#/#')" \ + --header 'Content-Type: application/json' \ + --data '{ + "jsonrpc": "2.0", + "id": 124, + "method": "eth_blockNumber", + "params": [] + }' > /app/deployment/chainstartblock.json + fi + CERC_CHAIN_START_BLOCK=$(printf "%d" `cat /app/deployment/chainstartblock.json | jq -r '.result'`) +fi + cd /app ./nitro \ -chainurl ${CERC_NITRO_CHAIN_URL} \ @@ -74,11 +95,12 @@ cd /app -rpcport ${CERC_NITRO_RPC_PORT} \ -wsmsgport ${CERC_NITRO_WS_MSG_PORT} \ -publicip "0.0.0.0" \ - -pk ${CERC_NITRO_PK} \ + -pk ${CERC_NITRO_PK:-$CERC_NITRO_CHAIN_PK} \ -chainpk ${CERC_NITRO_CHAIN_PK} \ -naaddress ${NA_ADDRESS} \ -vpaaddress ${VPA_ADDRESS} \ -caaddress ${CA_ADDRESS} \ -usedurablestore=${CERC_NITRO_USE_DURABLE_STORE} \ -durablestorefolder ${CERC_NITRO_DURABLE_STORE_FOLDER} \ - -bootpeers "${CERC_NITRO_BOOT_PEERS}" \ No newline at end of file + -bootpeers "${CERC_NITRO_BOOT_PEERS}" \ + -chainstartblock $CERC_CHAIN_START_BLOCK \ No newline at end of file diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/alice.env b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/alice.env new file mode 100644 index 00000000..7cfbae5c --- /dev/null +++ b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/alice.env @@ -0,0 +1,25 @@ +CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" +CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636" +CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" + +# SET ME! Your on-chain private key. +#CERC_NITRO_CHAIN_PK= + +# Default is CERC_NITRO_CHAIN_PK. +#CERC_NITRO_PK= + +# SET ME! The WebSocket to connect to. +#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ + +CERC_GO_NITRO_WAIT_FOR_CHAIN=false + +CERC_NITRO_AUTH_ON=false +CERC_NITRO_AUTH_RPC_PORT=4006 +CERC_NITRO_AUTH_UI_PORT=4206 +CERC_NITRO_BOOT_PEERS="/dns4/go-nitro-bootnode/tcp/3008/p2p/16Uiu2HAmFYz5YPf3GtkfQsAwYJfDsKSm34U9qAiTwxW7RJUVGMRK" +CERC_NITRO_DURABLE_STORE_FOLDER=/app/data/nitro-store +CERC_NITRO_MSG_PORT=3006 +CERC_NITRO_RPC_PORT=4006 +CERC_NITRO_UI_PORT=4106 +CERC_NITRO_USE_DURABLE_STORE=true +CERC_NITRO_WS_MSG_PORT=5006 diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bob.env b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bob.env new file mode 100644 index 00000000..9a86a397 --- /dev/null +++ b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bob.env @@ -0,0 +1,25 @@ +CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" +CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636" +CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" + +# SET ME! Your on-chain private key. +#CERC_NITRO_CHAIN_PK= + +# Default is CERC_NITRO_CHAIN_PK. +#CERC_NITRO_PK= + +# SET ME! The WebSocket to connect to. +#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ + +CERC_GO_NITRO_WAIT_FOR_CHAIN=false + +CERC_NITRO_AUTH_ON=true +CERC_NITRO_AUTH_RPC_PORT=4007 +CERC_NITRO_AUTH_UI_PORT=4207 +CERC_NITRO_BOOT_PEERS="/dns4/go-nitro-bootnode/tcp/3008/p2p/16Uiu2HAmFYz5YPf3GtkfQsAwYJfDsKSm34U9qAiTwxW7RJUVGMRK" +CERC_NITRO_DURABLE_STORE_FOLDER=/app/data/nitro-store +CERC_NITRO_MSG_PORT=3007 +CERC_NITRO_RPC_PORT=4007 +CERC_NITRO_UI_PORT=4107 +CERC_NITRO_USE_DURABLE_STORE=true +CERC_NITRO_WS_MSG_PORT=5007 diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bootnode.env b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bootnode.env new file mode 100644 index 00000000..9d5a0fa5 --- /dev/null +++ b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bootnode.env @@ -0,0 +1,23 @@ +CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" +CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636" +CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" + +CERC_NITRO_CHAIN_PK=596db2ac27479cfdf60f708bf64ae44a1c5090e9446cca011d72bc9a59b47d3d +CERC_NITRO_PK=f41086394674cf00a66448c6688295d7330af39f6f38fed89ea023e39382d6a0 + +# The WebSocket to connect to. +#CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ + +CERC_GO_NITRO_WAIT_FOR_CHAIN=false + +CERC_NITRO_AUTH_ON=false +CERC_NITRO_AUTH_RPC_PORT=4008 +CERC_NITRO_AUTH_UI_PORT=4208 +CERC_NITRO_DURABLE_STORE_FOLDER=/app/data/nitro-store +CERC_NITRO_MSG_PORT=3008 +CERC_NITRO_RPC_PORT=4008 +CERC_NITRO_UI_PORT=4108 +CERC_NITRO_USE_DURABLE_STORE=true +CERC_NITRO_WS_MSG_PORT=5008 + +CERC_SCRIPT_DEBUG=true \ No newline at end of file diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile new file mode 100644 index 00000000..0d33d962 --- /dev/null +++ b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile @@ -0,0 +1,42 @@ +:80 { + handle /pay* { + reverse_proxy http://go-nitro-bob:8547 + } + + @eth-key-in-header { + path_regexp /eth/?$ + header X-Api-Key * + } + + handle @eth-key-in-header { + forward_auth go-nitro-bob:8547 { + uri /auth/{header.x-api-key} + } + rewrite * / + reverse_proxy https://rpc.sepolia.linea.build:443 { + header_up Host {upstream_hostport} + } + } + + @eth-key-in-path { + path_regexp apikey eth/(.+)$ + } + + handle @eth-key-in-path { + forward_auth go-nitro-bob:8547 { + uri /auth/{re.apikey.1} + } + rewrite * / + reverse_proxy https://rpc.sepolia.linea.build:443 { + header_up Host {upstream_hostport} + } + } + + handle /eth* { + respond "401 Unauthorized" 401 + } + + handle { + reverse_proxy http://go-nitro-alice:4206 + } +} \ No newline at end of file diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json new file mode 100644 index 00000000..6d271589 --- /dev/null +++ b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json @@ -0,0 +1,5 @@ +{ + "nitroAdjudicatorAddress": "0xc453C5E3f304bb545A3Df7bBa02fe6274A056636", + "virtualPaymentAppAddress": "0xA11af80D75b1150631FA78178c94fa451c7172a8", + "consensusAppAddress": "0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" +} \ No newline at end of file diff --git a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile index 331cadad..e33da5bc 100644 --- a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile +++ b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile @@ -25,7 +25,7 @@ RUN yarn build FROM node:18-bullseye-slim RUN apt-get update -RUN apt-get install -y ca-certificates jq netcat make +RUN apt-get install -y ca-certificates jq netcat make curl wget RUN rm -rf /var/lib/apt/lists/* RUN npm install -g http-server WORKDIR /app diff --git a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/stack.yml b/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/stack.yml new file mode 100644 index 00000000..46da5efc --- /dev/null +++ b/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/stack.yml @@ -0,0 +1,11 @@ +version: "1.0" +name: linea-testnet-nitro-auth +description: "Stack to demonstrate payments between various services" +repos: + # nitro repo + - github.com/cerc-io/go-nitro@telackey/update +containers: + # nitro + - cerc/go-nitro +pods: + - linea-testnet-go-nitro-auth \ No newline at end of file -- 2.45.2 From fd00143b7673336fb8f47d369b83fa17252d351b Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Mon, 1 Apr 2024 16:06:52 -0500 Subject: [PATCH 09/19] Add README --- .../stacks/linea-testnet-nitro-auth/README.md | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md diff --git a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md b/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md new file mode 100644 index 00000000..a900ee68 --- /dev/null +++ b/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md @@ -0,0 +1,51 @@ +# linea-testnet-nitro-auth + +Deployes a demo stack for Nitro-based auth using the Linea Sepolia testnet. + +## Clone required repositories + +``` +$ laconic-so --stack linea-testnet-nitro-auth setup-repositories +``` + +## Build containers + +``` +$ laconic-so --stack linea-testnet-nitro-auth build-containers +``` + +## Create a deployment + +``` +$ laconic-so --stack linea-testnet-nitro-auth deploy init --map-ports-to-host any-same --output linea-testnet-nitro-auth-spec.yml +$ laconic-so --stack linea-testnet-nitro-auth deploy create --spec-file linea-testnet-nitro-auth-spec.yml --deployment-dir linea-testnet-nitro-auth-deployment +``` + +## Set your keys + +You must set the private keys for two accounts with funds on the target network. You must also set the URL to use +for a WebSocket connection, eg, `wss://linea-sepolia.infura.io/ws/v3/` + +``` +# For the first account (payer). +$ vim linea-testnet-nitro-auth-deployment/config/alice.env + +CERC_NITRO_CHAIN_PK= +CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ + +# For the second account (payee). +$ vim linea-testnet-nitro-auth-deployment/config/bob.env + +CERC_NITRO_CHAIN_PK= +CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ + +# For the bootnode, just set the URL. +$ vim linea-testnet-nitro-auth-deployment/config/bootnode.env + +CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ +``` + +## Start the stack +``` +$ laconic-so deployment --dir linea-testnet-nitro-auth-deployment start +``` \ No newline at end of file -- 2.45.2 From 343d31c3246c288d5d66af4329108f774f20930e Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Mon, 1 Apr 2024 16:07:47 -0500 Subject: [PATCH 10/19] Add README --- .../data/stacks/linea-testnet-nitro-auth/README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md b/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md index a900ee68..aad85eb9 100644 --- a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md +++ b/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md @@ -48,4 +48,8 @@ CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ ## Start the stack ``` $ laconic-so deployment --dir linea-testnet-nitro-auth-deployment start -``` \ No newline at end of file +``` + +## Open the webapp + +Visit http://localhost:5678 -- 2.45.2 From d7f06ad51e601785fdac4c923fc94a9a0980c3db Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 2 Apr 2024 18:02:54 -0500 Subject: [PATCH 11/19] Combine stacks. --- .../compose/docker-compose-go-nitro-auth.yml | 112 +++++++----------- .../alice.env | 8 +- .../bob.env | 6 - .../bootnode.env | 6 - .../data/config/go-nitro-auth/caddy/Caddyfile | 10 +- .../go-nitro-auth/nginx/nitro_auth_proxy.conf | 57 --------- .../data/config/go-nitro/run-nitro-node.sh | 11 +- .../caddy/Caddyfile | 42 ------- .../deployment/nitro-addresses.json | 5 - .../data/stacks/go-nitro-auth/README.md | 104 ++++++++++++++++ .../stack.yml | 7 +- .../stacks/linea-testnet-nitro-auth/README.md | 55 --------- 12 files changed, 168 insertions(+), 255 deletions(-) rename stack_orchestrator/data/config/{linea-testnet-go-nitro-auth => go-nitro-auth}/alice.env (71%) rename stack_orchestrator/data/config/{linea-testnet-go-nitro-auth => go-nitro-auth}/bob.env (74%) rename stack_orchestrator/data/config/{linea-testnet-go-nitro-auth => go-nitro-auth}/bootnode.env (72%) delete mode 100644 stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf delete mode 100644 stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile delete mode 100644 stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json create mode 100644 stack_orchestrator/data/stacks/go-nitro-auth/README.md rename stack_orchestrator/data/stacks/{linea-testnet-nitro-auth => go-nitro-auth}/stack.yml (65%) delete mode 100644 stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md diff --git a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml index dff40436..cf6e483f 100644 --- a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml +++ b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml @@ -6,30 +6,19 @@ services: hostname: go-nitro-alice restart: on-failure depends_on: - # Wait for Nitro contracts to be deployed - nitro-contracts: - condition: service_completed_successfully + - go-nitro-bootnode environment: - CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} - CERC_NITRO_PK: ${CERC_NITRO_PK_ALICE:-f36f6dd450892224ee113899195ef922a4795d41c32cafb386d9aab6e0b7b0c6} CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_ALICE:-888814df89c4358d7ddb3fa4b0213e7331239a80e1f013eaa7b2deca2a41a218} - CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-false} - CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store} - CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_ALICE:-3006} - CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_ALICE:-5006} - CERC_NITRO_RPC_PORT: ${CERC_NITRO_RPC_PORT_ALICE:-4006} - CERC_NITRO_BOOT_PEERS: "/dns4/go-nitro-bob/tcp/3007/p2p/16Uiu2HAm7JBTpfJWoUh14ZC5MaCM6TujKp8P8ag4ULPiw6g9Xzba" + CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} CERC_NA_ADDRESS: ${CERC_NA_ADDRESS} CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} - CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_ALICE:-4106} - CERC_NITRO_AUTH_UI_PORT: ${CERC_NITRO_AUTH_UI_PORT_ALICE:-4206} - CERC_NITRO_AUTH_ON: false - CERC_NITRO_AUTH_RPC_PORT: 4006 + env_file: + - ../config/go-nitro-auth/alice.env entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] volumes: - - go_nitro_data_alice:/app/data - nitro_deployment:/app/deployment + - go_nitro_data_alice:/app/data - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh healthcheck: test: ["CMD", "nc", "-vz", "localhost", "4006"] @@ -38,42 +27,31 @@ services: retries: 100 start_period: 100s ports: - - "3006:3006" - - "4006:4006" - - "5006:5006" - - "4106:4106" - - "4206:4206" - - "4216:4216" + - "3006" + - "4006" + - "5006" + - "4106" + - "4206" + - "4216" go-nitro-bob: image: cerc/go-nitro:local hostname: go-nitro-bob restart: on-failure depends_on: - # Wait for Nitro contracts to be deployed - nitro-contracts: - condition: service_completed_successfully + - go-nitro-bootnode environment: - CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} - CERC_NITRO_PK: ${CERC_NITRO_PK_BOB:-801c8f30853ed4cbfa130298def86c441c00f4a2eefc6e8fc835ae253ad91d7f} CERC_NITRO_CHAIN_PK: ${CERC_NITRO_CHAIN_PK_BOB:-570b909da9669b2f35a0b1ac70b8358516d55ae1b5b3710e95e9a94395090597} - CERC_NITRO_USE_DURABLE_STORE: ${CERC_NITRO_USE_DURABLE_STORE:-false} - CERC_NITRO_DURABLE_STORE_FOLDER: ${CERC_NITRO_DURABLE_STORE_FOLDER:-/app/data/nitro-store} - CERC_NITRO_MSG_PORT: ${CERC_NITRO_MSG_PORT_BOB:-3007} - CERC_NITRO_WS_MSG_PORT: ${CERC_NITRO_WS_MSG_PORT_BOB:-5007} - CERC_NITRO_RPC_PORT: ${CERC_NITRO_RPC_PORT_BOB:-4007} - CERC_NITRO_BOOT_PEERS: "/dns4/go-nitro-alice/tcp/3006/p2p/16Uiu2HAmNUiX7bpCpbo5JdqEebp85ptGU2Vk2AT9E3BykvbwQ3F9" + CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} CERC_NA_ADDRESS: ${CERC_NA_ADDRESS} CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} - CERC_NITRO_UI_PORT: ${CERC_NITRO_UI_PORT_BOB:-4107} - CERC_NITRO_AUTH_UI_PORT: ${CERC_NITRO_AUTH_UI_PORT_BOB:-4207} - CERC_NITRO_AUTH_ON: true - CERC_NITRO_AUTH_RPC_PORT: 4007 + env_file: + - ../config/go-nitro-auth/bob.env entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] volumes: - - go_nitro_data_bob:/app/data - nitro_deployment:/app/deployment + - go_nitro_data_bob:/app/data - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh healthcheck: test: ["CMD", "nc", "-vz", "localhost", "4007"] @@ -82,38 +60,35 @@ services: retries: 100 start_period: 100s ports: - - "3007:3007" - - "4007:4007" - - "5007:5007" - - "4107:4107" - - "4207:4207" - - "4217:4217" + - "3007" + - "4007" + - "5007" + - "4107" + - "4207" + - "4217" - nitro-rpc-client: - image: cerc/nitro-rpc-client:local - hostname: nitro-rpc-client - restart: always + go-nitro-bootnode: + image: cerc/go-nitro:local + hostname: go-nitro-bootnode + restart: on-failure environment: - CERC_NITRO_RPC_FUND_AMOUNT: ${CERC_NITRO_RPC_FUND_AMOUNT:-2000000} - CERC_NITRO_RPC_HOST_ALICE: ${CERC_NITRO_RPC_HOST_ALICE:-go-nitro-alice} - CERC_NITRO_RPC_PORT_ALICE: ${CERC_NITRO_RPC_PORT_ALICE:-4006} - CERC_NITRO_USE_TLS: ${CERC_NITRO_USE_TLS:-false} - CERC_NITRO_ADDRESS_BOB: ${CERC_NITRO_ADDRESS_BOB:-0xe07e314501cc73b24cf45a6577486017300e153c} + CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} + CERC_NA_ADDRESS: ${CERC_NA_ADDRESS} + CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} + CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} + env_file: + - ../config/go-nitro-auth/bootnode.env + entrypoint: [ "bash", "-c", "/app/run-nitro-node.sh" ] volumes: - nitro_deployment:/app/deployment - - ../config/nitro-rpc-client/start.sh:/app/start.sh - command: ["/app/start.sh"] - - #nitro-nginx: - # image: nginx:1.23-alpine - # restart: always - # volumes: - # - ../config/go-nitro-auth/nginx:/etc/nginx/conf.d - # ports: - # - 5678:80 - # depends_on: - # - go-nitro-alice - # - go-nitro-bob + - go_nitro_data_bootnode:/app/data + - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh + healthcheck: + test: [ "CMD", "nc", "-vz", "localhost", "4008" ] + interval: 5s + timeout: 5s + retries: 100 + start_period: 100s nitro-caddy: image: caddy:2-alpine @@ -121,7 +96,7 @@ services: volumes: - ../config/go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile ports: - - "5678:80" + - "5678" depends_on: - go-nitro-alice - go-nitro-bob @@ -129,4 +104,5 @@ services: volumes: go_nitro_data_alice: go_nitro_data_bob: - nitro_deployment: + go_nitro_data_bootnode: + nitro_deployment: \ No newline at end of file diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/alice.env b/stack_orchestrator/data/config/go-nitro-auth/alice.env similarity index 71% rename from stack_orchestrator/data/config/linea-testnet-go-nitro-auth/alice.env rename to stack_orchestrator/data/config/go-nitro-auth/alice.env index 7cfbae5c..2de2a017 100644 --- a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/alice.env +++ b/stack_orchestrator/data/config/go-nitro-auth/alice.env @@ -1,7 +1,3 @@ -CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" -CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636" -CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" - # SET ME! Your on-chain private key. #CERC_NITRO_CHAIN_PK= @@ -11,8 +7,6 @@ CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" # SET ME! The WebSocket to connect to. #CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ -CERC_GO_NITRO_WAIT_FOR_CHAIN=false - CERC_NITRO_AUTH_ON=false CERC_NITRO_AUTH_RPC_PORT=4006 CERC_NITRO_AUTH_UI_PORT=4206 @@ -22,4 +16,4 @@ CERC_NITRO_MSG_PORT=3006 CERC_NITRO_RPC_PORT=4006 CERC_NITRO_UI_PORT=4106 CERC_NITRO_USE_DURABLE_STORE=true -CERC_NITRO_WS_MSG_PORT=5006 +CERC_NITRO_WS_MSG_PORT=5006 \ No newline at end of file diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bob.env b/stack_orchestrator/data/config/go-nitro-auth/bob.env similarity index 74% rename from stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bob.env rename to stack_orchestrator/data/config/go-nitro-auth/bob.env index 9a86a397..fc280b54 100644 --- a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bob.env +++ b/stack_orchestrator/data/config/go-nitro-auth/bob.env @@ -1,7 +1,3 @@ -CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" -CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636" -CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" - # SET ME! Your on-chain private key. #CERC_NITRO_CHAIN_PK= @@ -11,8 +7,6 @@ CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" # SET ME! The WebSocket to connect to. #CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ -CERC_GO_NITRO_WAIT_FOR_CHAIN=false - CERC_NITRO_AUTH_ON=true CERC_NITRO_AUTH_RPC_PORT=4007 CERC_NITRO_AUTH_UI_PORT=4207 diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bootnode.env b/stack_orchestrator/data/config/go-nitro-auth/bootnode.env similarity index 72% rename from stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bootnode.env rename to stack_orchestrator/data/config/go-nitro-auth/bootnode.env index 9d5a0fa5..241fbb0b 100644 --- a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/bootnode.env +++ b/stack_orchestrator/data/config/go-nitro-auth/bootnode.env @@ -1,15 +1,9 @@ -CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" -CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636" -CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" - CERC_NITRO_CHAIN_PK=596db2ac27479cfdf60f708bf64ae44a1c5090e9446cca011d72bc9a59b47d3d CERC_NITRO_PK=f41086394674cf00a66448c6688295d7330af39f6f38fed89ea023e39382d6a0 # The WebSocket to connect to. #CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ -CERC_GO_NITRO_WAIT_FOR_CHAIN=false - CERC_NITRO_AUTH_ON=false CERC_NITRO_AUTH_RPC_PORT=4008 CERC_NITRO_AUTH_UI_PORT=4208 diff --git a/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile b/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile index a0d1d9d3..340d8369 100644 --- a/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile +++ b/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile @@ -1,4 +1,4 @@ -:80 { +:5678 { handle /pay* { reverse_proxy http://go-nitro-bob:8547 } @@ -13,7 +13,9 @@ uri /auth/{header.x-api-key} } rewrite * / - reverse_proxy http://fixturenet-eth-geth-1:8545 + reverse_proxy https://rpc.sepolia.linea.build:443 { + header_up Host {upstream_hostport} + } } @eth-key-in-path { @@ -25,7 +27,9 @@ uri /auth/{re.apikey.1} } rewrite * / - reverse_proxy http://fixturenet-eth-geth-1:8545 + reverse_proxy https://rpc.sepolia.linea.build:443 { + header_up Host {upstream_hostport} + } } handle /eth* { diff --git a/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf b/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf deleted file mode 100644 index 5bd5f0f3..00000000 --- a/stack_orchestrator/data/config/go-nitro-auth/nginx/nitro_auth_proxy.conf +++ /dev/null @@ -1,57 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name localhost; - - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - - location / { - proxy_buffering off; - proxy_pass http://go-nitro-alice:4206; - } - -### geth - location ~ ^/eth/?([^/]*)$ { - set $apiKey $1; - if ($apiKey = '') { - set $apiKey $http_X_API_KEY; - } - auth_request /auth; - proxy_buffering off; - rewrite /.*$ / break; - proxy_pass http://fixturenet-eth-geth-1:8545; - } - -## lighthouse - location /beacon/ { - set $apiKey $http_X_API_KEY; - auth_request /auth; - proxy_buffering off; - proxy_pass http://fixturenet-eth-lighthouse-1:8001/; - } - -## payments - location /pay { - proxy_buffering off; - proxy_pass http://go-nitro-bob:8547/pay; - } - - location = /auth { - internal; - proxy_buffering off; - resolver 127.0.0.11 ipv6=off; - proxy_pass http://go-nitro-bob:8547/auth/$apiKey; - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - proxy_set_header X-Original-URI $request_uri; - proxy_set_header X-Original-Remote-Addr $remote_addr; - proxy_set_header X-Original-Host $host; - } - - location = /stub_status { - stub_status; - } -} diff --git a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh index 3b48e554..d3ac4525 100755 --- a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh +++ b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh @@ -35,14 +35,17 @@ fi echo "Running Nitro node" if [[ "${CERC_GO_NITRO_WAIT_FOR_CHAIN:-true}" == "true" ]]; then - # Assuming CERC_NITRO_CHAIN_URL is of format ://host:port - ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 1 | cut -d'/' -f 1) - ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d ':' -f 2) + # Assuming CERC_NITRO_CHAIN_URL is of format ://host[:port][/foo] + ws_host=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d'/' -f 1 | cut -d ':' -f 1) + ws_port=$(echo "$CERC_NITRO_CHAIN_URL" | awk -F '://' '{print $2}' | cut -d'/' -f 1 | cut -d ':' -f 2) + if [[ "$ws_port" == "$ws_host" ]]; then + ws_port="" + fi # Wait till chain endpoint is available retry_interval=5 while true; do - nc -z -w 1 "$ws_host" "$ws_port" + nc -z -w 1 "$ws_host" "${ws_port:-443}" if [ $? -eq 0 ]; then echo "Chain endpoint is available" diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile deleted file mode 100644 index 0d33d962..00000000 --- a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/caddy/Caddyfile +++ /dev/null @@ -1,42 +0,0 @@ -:80 { - handle /pay* { - reverse_proxy http://go-nitro-bob:8547 - } - - @eth-key-in-header { - path_regexp /eth/?$ - header X-Api-Key * - } - - handle @eth-key-in-header { - forward_auth go-nitro-bob:8547 { - uri /auth/{header.x-api-key} - } - rewrite * / - reverse_proxy https://rpc.sepolia.linea.build:443 { - header_up Host {upstream_hostport} - } - } - - @eth-key-in-path { - path_regexp apikey eth/(.+)$ - } - - handle @eth-key-in-path { - forward_auth go-nitro-bob:8547 { - uri /auth/{re.apikey.1} - } - rewrite * / - reverse_proxy https://rpc.sepolia.linea.build:443 { - header_up Host {upstream_hostport} - } - } - - handle /eth* { - respond "401 Unauthorized" 401 - } - - handle { - reverse_proxy http://go-nitro-alice:4206 - } -} \ No newline at end of file diff --git a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json b/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json deleted file mode 100644 index 6d271589..00000000 --- a/stack_orchestrator/data/config/linea-testnet-go-nitro-auth/deployment/nitro-addresses.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "nitroAdjudicatorAddress": "0xc453C5E3f304bb545A3Df7bBa02fe6274A056636", - "virtualPaymentAppAddress": "0xA11af80D75b1150631FA78178c94fa451c7172a8", - "consensusAppAddress": "0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" -} \ No newline at end of file diff --git a/stack_orchestrator/data/stacks/go-nitro-auth/README.md b/stack_orchestrator/data/stacks/go-nitro-auth/README.md new file mode 100644 index 00000000..8ec88820 --- /dev/null +++ b/stack_orchestrator/data/stacks/go-nitro-auth/README.md @@ -0,0 +1,104 @@ +# go-nitro-auth + +Deploy a stack for demoing Nitro-based auth, using either a local fixturenet (fully self-contained) or remote testnet. + +## Local Fixturenet (Self-Contained) + +### Clone required repositories + +``` +$ laconic-so --stack fixturenet-eth setup-repositories +$ laconic-so --stack go-nitro-auth setup-repositories +``` + +### Build containers + +``` +$ laconic-so --stack fixturenet-eth build-containers +$ laconic-so --stack go-nitro-auth build-containers +``` + +### Create a deployment + +``` +$ laconic-so --stack fixturenet-eth deploy init --output nitro-net.yml +$ laconic-so --stack fixturenet-eth deploy create --spec-file nitro-net.yml --deployment-dir /srv/nitro-net + +$ laconic-so --stack go-nitro-auth deploy init --map-ports-to-host any-same --output nitro-auth.yml +$ laconic-so --stack go-nitro-auth deploy create --spec-file nitro-auth.yml --deployment-dir /srv/nitro-auth + +# Place them both in the same namespace (TODO: support setting the deployment name via --cluster). +$ cp /srv/nitro-net/deployment.yml /srv/nitro-auth/deployment.yml +``` + +### Start the containers + +``` +$ laconic-so deployment --dir /srv/nitro-net up +$ laconic-so deployment --dir /srv/nitro-auth up +``` + +### Open the webapp + +Visit http://localhost:5678 + +## Remote Testnet + +This example will use the Linea Sepolia testnet. + +### Clone required repositories + +``` +$ laconic-so --stack go-nitro-auth setup-repositories +``` + +### Build containers + +``` +$ laconic-so --stack go-nitro-auth build-containers +``` + +### Create a deployment + +``` +$ laconic-so --stack go-nitro-auth deploy init --map-ports-to-host any-same --output nitro-auth.yml +$ laconic-so --stack go-nitro-auth deploy create --spec-file nitro-auth.yml --deployment-dir /srv/nitro-auth +``` + +### Set your keys, contract addresses, etc. + +You must set the private keys for two accounts with funds on the target network, as well as the contract addresses +(if they already exist) or else an account to create them. You must also set the URL to use for WebSocket connections, +eg, `wss://linea-sepolia.infura.io/ws/v3/` + +#### Config + +``` +$ vim /srv/nitro-auth/config.env +# Addresses of existing contracts. +CERC_CA_ADDRESS="0x1Ae815c3e7556e16ceaB6B6d46306C1870EB6d24" +CERC_NA_ADDRESS="0xc453C5E3f304bb545A3Df7bBa02fe6274A056636" +CERC_VPA_ADDRESS="0xA11af80D75b1150631FA78178c94fa451c7172a8" + +# Else the private key of an account and RPC URL to use create them. +CERC_PRIVATE_KEY_DEPLOYER= +CERC_ETH_RPC_ENDPOINT=https://rpc.sepolia.linea.build + +# The WebSocket chain URL. +CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ + +# Private key for "Alice" account (payer) +CERC_NITRO_CHAIN_PK_ALICE= +j +# Private key for "Bob" account (payee) +CERC_NITRO_CHAIN_PK_BOB= +``` + +### Start the stack +``` +$ laconic-so deployment --dir /srv/nitro-auth up +``` + +### Open the webapp + +Visit http://localhost:5678 diff --git a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/stack.yml b/stack_orchestrator/data/stacks/go-nitro-auth/stack.yml similarity index 65% rename from stack_orchestrator/data/stacks/linea-testnet-nitro-auth/stack.yml rename to stack_orchestrator/data/stacks/go-nitro-auth/stack.yml index 46da5efc..56c402ea 100644 --- a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/stack.yml +++ b/stack_orchestrator/data/stacks/go-nitro-auth/stack.yml @@ -1,11 +1,14 @@ version: "1.0" -name: linea-testnet-nitro-auth +name: go-nitro-auth description: "Stack to demonstrate payments between various services" repos: # nitro repo - github.com/cerc-io/go-nitro@telackey/update containers: # nitro + - cerc/nitro-contracts - cerc/go-nitro + - cerc/nitro-rpc-client pods: - - linea-testnet-go-nitro-auth \ No newline at end of file + - nitro-contracts + - go-nitro-auth \ No newline at end of file diff --git a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md b/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md deleted file mode 100644 index aad85eb9..00000000 --- a/stack_orchestrator/data/stacks/linea-testnet-nitro-auth/README.md +++ /dev/null @@ -1,55 +0,0 @@ -# linea-testnet-nitro-auth - -Deployes a demo stack for Nitro-based auth using the Linea Sepolia testnet. - -## Clone required repositories - -``` -$ laconic-so --stack linea-testnet-nitro-auth setup-repositories -``` - -## Build containers - -``` -$ laconic-so --stack linea-testnet-nitro-auth build-containers -``` - -## Create a deployment - -``` -$ laconic-so --stack linea-testnet-nitro-auth deploy init --map-ports-to-host any-same --output linea-testnet-nitro-auth-spec.yml -$ laconic-so --stack linea-testnet-nitro-auth deploy create --spec-file linea-testnet-nitro-auth-spec.yml --deployment-dir linea-testnet-nitro-auth-deployment -``` - -## Set your keys - -You must set the private keys for two accounts with funds on the target network. You must also set the URL to use -for a WebSocket connection, eg, `wss://linea-sepolia.infura.io/ws/v3/` - -``` -# For the first account (payer). -$ vim linea-testnet-nitro-auth-deployment/config/alice.env - -CERC_NITRO_CHAIN_PK= -CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ - -# For the second account (payee). -$ vim linea-testnet-nitro-auth-deployment/config/bob.env - -CERC_NITRO_CHAIN_PK= -CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ - -# For the bootnode, just set the URL. -$ vim linea-testnet-nitro-auth-deployment/config/bootnode.env - -CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ -``` - -## Start the stack -``` -$ laconic-so deployment --dir linea-testnet-nitro-auth-deployment start -``` - -## Open the webapp - -Visit http://localhost:5678 -- 2.45.2 From 80e039d70e184cc17bb678e1c58c0ba9ee632e59 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 2 Apr 2024 18:03:59 -0500 Subject: [PATCH 12/19] Remove abandoned file. --- ...er-compose-linea-testnet-go-nitro-auth.yml | 91 ------------------- 1 file changed, 91 deletions(-) delete mode 100644 stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml diff --git a/stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml deleted file mode 100644 index 44a56e13..00000000 --- a/stack_orchestrator/data/compose/docker-compose-linea-testnet-go-nitro-auth.yml +++ /dev/null @@ -1,91 +0,0 @@ -version: '3.7' - -services: - go-nitro-alice: - image: cerc/go-nitro:local - hostname: go-nitro-alice - restart: on-failure - depends_on: - - go-nitro-bootnode - env_file: - - ../config/linea-testnet-go-nitro-auth/alice.env - entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] - volumes: - - nitro_deployment:/app/deployment - - go_nitro_data_alice:/app/data - - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh - healthcheck: - test: ["CMD", "nc", "-vz", "localhost", "4006"] - interval: 5s - timeout: 5s - retries: 100 - start_period: 100s - ports: - - "3006:3006" - - "4006:4006" - - "5006:5006" - - "4106:4106" - - "4206:4206" - - "4216:4216" - - go-nitro-bob: - image: cerc/go-nitro:local - hostname: go-nitro-bob - restart: on-failure - depends_on: - - go-nitro-bootnode - env_file: - - ../config/linea-testnet-go-nitro-auth/bob.env - entrypoint: ["bash", "-c", "/app/run-nitro-node.sh"] - volumes: - - nitro_deployment:/app/deployment - - go_nitro_data_bob:/app/data - - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh - healthcheck: - test: ["CMD", "nc", "-vz", "localhost", "4007"] - interval: 5s - timeout: 5s - retries: 100 - start_period: 100s - ports: - - "3007:3007" - - "4007:4007" - - "5007:5007" - - "4107:4107" - - "4207:4207" - - "4217:4217" - - go-nitro-bootnode: - image: cerc/go-nitro:local - hostname: go-nitro-bootnode - restart: on-failure - env_file: - - ../config/linea-testnet-go-nitro-auth/bootnode.env - entrypoint: [ "bash", "-c", "/app/run-nitro-node.sh" ] - volumes: - - nitro_deployment:/app/deployment - - go_nitro_data_bootnode:/app/data - - ../config/go-nitro/run-nitro-node.sh:/app/run-nitro-node.sh - healthcheck: - test: [ "CMD", "nc", "-vz", "localhost", "4008" ] - interval: 5s - timeout: 5s - retries: 100 - start_period: 100s - - nitro-caddy: - image: caddy:2-alpine - restart: always - volumes: - - ../config/linea-testnet-go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile - ports: - - "5678:80" - depends_on: - - go-nitro-alice - - go-nitro-bob - -volumes: - go_nitro_data_alice: - go_nitro_data_bob: - go_nitro_data_bootnode: - nitro_deployment: -- 2.45.2 From 9aa02fc26ad6e27ca7f48fa7d5f9df20e49a8b3e Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 2 Apr 2024 18:39:48 -0500 Subject: [PATCH 13/19] missing env --- .../data/compose/docker-compose-go-nitro-auth.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml index cf6e483f..1ed542f8 100644 --- a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml +++ b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml @@ -93,6 +93,9 @@ services: nitro-caddy: image: caddy:2-alpine restart: always + environment: + CERC_ETH_RPC_ENDPOINT: ${CERC_ETH_RPC_ENDPOINT:-http://fixturenet-eth-geth-1:8545} + CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} volumes: - ../config/go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile ports: -- 2.45.2 From 236dea1b444a28d9669614addf73361dccc5de6b Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 2 Apr 2024 18:43:05 -0500 Subject: [PATCH 14/19] typo --- stack_orchestrator/data/stacks/go-nitro-auth/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stack_orchestrator/data/stacks/go-nitro-auth/README.md b/stack_orchestrator/data/stacks/go-nitro-auth/README.md index 8ec88820..edaa490e 100644 --- a/stack_orchestrator/data/stacks/go-nitro-auth/README.md +++ b/stack_orchestrator/data/stacks/go-nitro-auth/README.md @@ -89,7 +89,7 @@ CERC_NITRO_CHAIN_URL=wss://linea-sepolia.infura.io/ws/v3/ # Private key for "Alice" account (payer) CERC_NITRO_CHAIN_PK_ALICE= -j + # Private key for "Bob" account (payee) CERC_NITRO_CHAIN_PK_BOB= ``` -- 2.45.2 From 202c68d9964731a4e12ea314251ac52eeb09bca9 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 2 Apr 2024 21:25:06 -0500 Subject: [PATCH 15/19] unused file --- .../stacks/fixturenet-nitro-auth/stack.yml | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml diff --git a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml b/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml deleted file mode 100644 index 8ca2fc5c..00000000 --- a/stack_orchestrator/data/stacks/fixturenet-nitro-auth/stack.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: "1.0" -name: fixturenet-nitro-auth -description: "Stack to demonstrate payments between various services" -repos: - # fixturenet repos - - git.vdb.to/cerc-io/go-ethereum@v1.11.6-statediff-v5 - - git.vdb.to/cerc-io/lighthouse - # nitro repo - - github.com/cerc-io/go-nitro@telackey/update -containers: - # fixturenet images - - cerc/go-ethereum - - cerc/lighthouse - - cerc/lighthouse-cli - - cerc/fixturenet-eth-genesis - - cerc/fixturenet-eth-geth - - cerc/fixturenet-eth-lighthouse - # nitro - - cerc/nitro-contracts - - cerc/go-nitro - - cerc/nitro-rpc-client -pods: - - fixturenet-eth - - nitro-contracts - - go-nitro-auth \ No newline at end of file -- 2.45.2 From 90d92c3e1581aba18fc11c6caddb388474ef3246 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Tue, 2 Apr 2024 22:20:02 -0500 Subject: [PATCH 16/19] Fix Docker build --- .../data/container-build/cerc-go-nitro/Dockerfile | 8 +++++--- stack_orchestrator/data/stacks/go-nitro-auth/stack.yml | 4 +++- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile index e33da5bc..9c89c383 100644 --- a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile +++ b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile @@ -18,10 +18,12 @@ RUN find . -name 'dist' | xargs -n1 rm -rf RUN yarn WORKDIR /app/packages/nitro-gui RUN VITE_RPC_HOST=CERC_RUNTIME_ENV_RPC_HOST yarn build -WORKDIR /app/packages/nitro-auth-gui -RUN VITE_RPC_URL=CERC_RUNTIME_ENV_RPC_URL VITE_TARGET_URL=CERC_RUNTIME_ENV_TARGET_URL yarn build +RUN if [ -d /app/packages/nitro-auth-gui ]; then \ + cd /app/packages/nitro-auth-gui && \ + VITE_RPC_URL=CERC_RUNTIME_ENV_RPC_URL VITE_TARGET_URL=CERC_RUNTIME_ENV_TARGET_URL yarn build; \ + fi WORKDIR /app/packages/nitro-auth -RUN yarn build +RUN if [ -d /app/packages/nitro-auth ]; then cd /app/packages/nitro-auth && yarn build; fi FROM node:18-bullseye-slim RUN apt-get update diff --git a/stack_orchestrator/data/stacks/go-nitro-auth/stack.yml b/stack_orchestrator/data/stacks/go-nitro-auth/stack.yml index 56c402ea..42b10950 100644 --- a/stack_orchestrator/data/stacks/go-nitro-auth/stack.yml +++ b/stack_orchestrator/data/stacks/go-nitro-auth/stack.yml @@ -2,7 +2,9 @@ version: "1.0" name: go-nitro-auth description: "Stack to demonstrate payments between various services" repos: - # nitro repo + # for nitro-contracts + - github.com/cerc-io/ts-nitro@v0.1.15 + # for go-nitro and nitro-rpc-client - github.com/cerc-io/go-nitro@telackey/update containers: # nitro -- 2.45.2 From 0cd90ad3dc4c48ce3fd37c699133cdbe59876cf0 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 4 Apr 2024 14:32:12 -0500 Subject: [PATCH 17/19] Target reverse_proxy by env. --- .../compose/docker-compose-go-nitro-auth.yml | 1 - .../data/config/go-nitro-auth/caddy/Caddyfile | 68 +++++++++---------- 2 files changed, 34 insertions(+), 35 deletions(-) diff --git a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml index 1ed542f8..1431a55d 100644 --- a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml +++ b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml @@ -95,7 +95,6 @@ services: restart: always environment: CERC_ETH_RPC_ENDPOINT: ${CERC_ETH_RPC_ENDPOINT:-http://fixturenet-eth-geth-1:8545} - CERC_NITRO_CHAIN_URL: ${CERC_NITRO_CHAIN_URL:-ws://fixturenet-eth-geth-1:8546} volumes: - ../config/go-nitro-auth/caddy/Caddyfile:/etc/caddy/Caddyfile ports: diff --git a/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile b/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile index 340d8369..13a11607 100644 --- a/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile +++ b/stack_orchestrator/data/config/go-nitro-auth/caddy/Caddyfile @@ -1,42 +1,42 @@ :5678 { - handle /pay* { - reverse_proxy http://go-nitro-bob:8547 + handle /pay* { + reverse_proxy http://go-nitro-bob:8547 + } + + @eth-key-in-header { + path_regexp /eth/?$ + header X-Api-Key * + } + + handle @eth-key-in-header { + forward_auth go-nitro-bob:8547 { + uri /auth/{header.x-api-key} } - - @eth-key-in-header { - path_regexp /eth/?$ - header X-Api-Key * + rewrite * / + reverse_proxy {$CERC_ETH_RPC_ENDPOINT} { + header_up Host {upstream_hostport} } + } - handle @eth-key-in-header { - forward_auth go-nitro-bob:8547 { - uri /auth/{header.x-api-key} - } - rewrite * / - reverse_proxy https://rpc.sepolia.linea.build:443 { - header_up Host {upstream_hostport} - } - } + @eth-key-in-path { + path_regexp apikey eth/(.+)$ + } - @eth-key-in-path { - path_regexp apikey eth/(.+)$ + handle @eth-key-in-path { + forward_auth go-nitro-bob:8547 { + uri /auth/{re.apikey.1} } - - handle @eth-key-in-path { - forward_auth go-nitro-bob:8547 { - uri /auth/{re.apikey.1} - } - rewrite * / - reverse_proxy https://rpc.sepolia.linea.build:443 { - header_up Host {upstream_hostport} - } - } - - handle /eth* { - respond "401 Unauthorized" 401 - } - - handle { - reverse_proxy http://go-nitro-alice:4206 + rewrite * / + reverse_proxy {$CERC_ETH_RPC_ENDPOINT} { + header_up Host {upstream_hostport} } + } + + handle /eth* { + respond "401 Unauthorized" 401 + } + + handle { + reverse_proxy http://go-nitro-alice:4206 + } } \ No newline at end of file -- 2.45.2 From 7cce68959ffc6178a784ce3d2ec1282578823898 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Thu, 4 Apr 2024 22:55:45 -0500 Subject: [PATCH 18/19] relay --- .../data/compose/docker-compose-go-nitro-auth.yml | 3 +++ .../data/config/go-nitro/run-nitro-node.sh | 10 ++++++++++ .../data/container-build/cerc-go-nitro/Dockerfile | 2 ++ 3 files changed, 15 insertions(+) diff --git a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml index 1431a55d..7fa6a90f 100644 --- a/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml +++ b/stack_orchestrator/data/compose/docker-compose-go-nitro-auth.yml @@ -76,6 +76,7 @@ services: CERC_NA_ADDRESS: ${CERC_NA_ADDRESS} CERC_VPA_ADDRESS: ${CERC_VPA_ADDRESS} CERC_CA_ADDRESS: ${CERC_CA_ADDRESS} + CERC_NITRO_RELAY_ON: true env_file: - ../config/go-nitro-auth/bootnode.env entrypoint: [ "bash", "-c", "/app/run-nitro-node.sh" ] @@ -89,6 +90,8 @@ services: timeout: 5s retries: 100 start_period: 100s + ports: + - "9090" nitro-caddy: image: caddy:2-alpine diff --git a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh index d3ac4525..f0febfb4 100755 --- a/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh +++ b/stack_orchestrator/data/config/go-nitro/run-nitro-node.sh @@ -77,6 +77,16 @@ if [[ "$CERC_NITRO_AUTH_ON" == "true" ]] && [[ -d "/app-node/packages/nitro-auth bash -c "sleep 6 && cd /app-node/packages/nitro-auth && yarn start" & fi +if [[ "$CERC_NITRO_RELAY_ON" == "true" ]]; then + if [[ ! -f "/app/deployment/relay-node.json" ]]; then + node /usr/local/lib/node_modules/@cerc-io/peer/dist/cli/create-peer.js \ + -f /app/deployment/relay-node.json + fi + DEBUG='laconic:*' node /usr/local/lib/node_modules/@cerc-io/peer/dist/cli/relay.js \ + --host 0.0.0.0 \ + -f /app/deployment/relay-node.json & +fi + if [[ -z "$CERC_CHAIN_START_BLOCK" ]]; then if [[ ! -f "/app/deployment/chainstartblock.json" ]]; then curl --location "$(echo $CERC_NITRO_CHAIN_URL | sed 's/^ws/http/' | sed 's#/ws/#/#')" \ diff --git a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile index 9c89c383..9057d3b0 100644 --- a/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile +++ b/stack_orchestrator/data/container-build/cerc-go-nitro/Dockerfile @@ -30,6 +30,8 @@ RUN apt-get update RUN apt-get install -y ca-certificates jq netcat make curl wget RUN rm -rf /var/lib/apt/lists/* RUN npm install -g http-server +RUN npm config set @cerc-io:registry https://git.vdb.to/api/packages/cerc-io/npm/ +RUN npm install -g @cerc-io/peer WORKDIR /app COPY --from=builder /app/nitro . COPY --from=builder-node /app /app-node \ No newline at end of file -- 2.45.2 From 42a4035a6420fee8869e3719a5a186e795152693 Mon Sep 17 00:00:00 2001 From: Thomas E Lackey Date: Fri, 12 Apr 2024 16:57:36 -0500 Subject: [PATCH 19/19] Add --fqdn-policy option to deploy-webapp-from-registry. --- .../webapp/deploy_webapp_from_registry.py | 26 +++++++++++++------ 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py b/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py index 2cc704ff..f030b735 100644 --- a/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py +++ b/stack_orchestrator/deploy/webapp/deploy_webapp_from_registry.py @@ -39,11 +39,12 @@ def process_app_deployment_request( app_deployment_request, deployment_record_namespace, dns_record_namespace, - dns_suffix, + default_dns_suffix, deployment_parent_dir, kube_config, image_registry, force_rebuild, + fqdn_policy, logger ): logger.log("BEGIN - process_app_deployment_request") @@ -56,14 +57,15 @@ def process_app_deployment_request( requested_name = hostname_for_deployment_request(app_deployment_request, laconic) logger.log(f"Determined requested name: {requested_name}") - # HACK if "." in requested_name: - raise Exception("Only unqualified hostnames allowed at this time.") - - fqdn = f"{requested_name}.{dns_suffix}" + if "allow" == fqdn_policy or "preexisting" == fqdn_policy: + fqdn = requested_name + else: + raise Exception(f"{requested_name} is invalid: only unqualified hostnames are allowed.") + else: + fqdn = f"{requested_name}.{default_dns_suffix}" # 3. check ownership of existing dnsrecord vs this request - # TODO: Support foreign DNS dns_crn = f"{dns_record_namespace}/{fqdn}" dns_record = laconic.get_record(dns_crn) if dns_record: @@ -75,7 +77,9 @@ def process_app_deployment_request( logger.log(f"Matched DnsRecord ownership: {matched_owner}") else: raise Exception("Unable to confirm ownership of DnsRecord %s for request %s" % - (dns_record.id, app_deployment_request.id)) + (dns_crn, app_deployment_request.id)) + elif "preexisting" == fqdn_policy: + raise Exception(f"No pre-existing DnsRecord {dns_crn} could be found for request {app_deployment_request.id}.") # 4. get build and runtime config from request env_filename = None @@ -191,6 +195,7 @@ def dump_known_requests(filename, requests, status="SEEN"): @click.option("--state-file", help="File to store state about previously seen requests.") @click.option("--only-update-state", help="Only update the state file, don't process any requests anything.", is_flag=True) @click.option("--dns-suffix", help="DNS domain to use eg, laconic.servesthe.world") +@click.option("--fqdn-policy", help="How to handle requests with an FQDN: prohibit, allow, preexisting", default="prohibit") @click.option("--record-namespace-dns", help="eg, crn://laconic/dns") @click.option("--record-namespace-deployments", help="eg, crn://laconic/deployments") @click.option("--dry-run", help="Don't do anything, just report what would be done.", is_flag=True) @@ -201,7 +206,7 @@ def dump_known_requests(filename, requests, status="SEEN"): @click.pass_context def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_dir, # noqa: C901 request_id, discover, state_file, only_update_state, - dns_suffix, record_namespace_dns, record_namespace_deployments, dry_run, + dns_suffix, fqdn_policy, record_namespace_dns, record_namespace_deployments, dry_run, include_tags, exclude_tags, force_rebuild, log_dir): if request_id and discover: print("Cannot specify both --request-id and --discover", file=sys.stderr) @@ -220,6 +225,10 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_ print("--dns-suffix, --record-namespace-dns, and --record-namespace-deployments are all required", file=sys.stderr) sys.exit(2) + if fqdn_policy not in ["prohibit", "allow", "preexisting"]: + print("--fqdn-policy must be one of 'prohibit', 'allow', or 'preexisting'", file=sys.stderr) + sys.exit(2) + # Split CSV and clean up values. include_tags = [tag.strip() for tag in include_tags.split(",") if tag] exclude_tags = [tag.strip() for tag in exclude_tags.split(",") if tag] @@ -334,6 +343,7 @@ def command(ctx, kube_config, laconic_config, image_registry, deployment_parent_ kube_config, image_registry, force_rebuild, + fqdn_policy, logger ) status = "DEPLOYED" -- 2.45.2