eth-educators / eth-docker Goto Github PK
View Code? Open in Web Editor NEWDocker automation for Ethereum nodes
License: Apache License 2.0
Docker automation for Ethereum nodes
License: Apache License 2.0
Add the option to choose openethereum instead of geth. Due to openethereum 2.5.13 being slow, 3.01 not stable, and 3.1 not yet out, on the back burner until openethereum 3.1.x is out and well tested.
Add the option to run the prysm slasher
Inform user when an update is available, handle client updates for them.
Here's @tjcim 's idea that we may want to pull from:
#!/bin/bash
set -e
RED='\033[0;31m'
GREEN='\033[0;32m'
ORANGE='\033[0;33m'
NC='\033[0m'
# Change this
REGISTRY=registry_host:port
populate_build_list () {
builds=()
for entry in ./Dockerfile.*
do
IFS='.' read -ra docker_files <<< "$entry"
builds+=("${docker_files[-1]}")
done
}
get_desired_build () {
echo "${builds[@]}"
echo -e "$GREEN[*] Available build options:$NC"
for ((i=1; i<="${#builds[@]}"; i++));
do
echo "$i: ${builds[$i-1]}"
done
echo -ne "$ORANGE[+] Enter the number that you want to build:$NC "
read build_num
BUILD="${builds[$build_num -1]}"
}
print_urls () {
case $BUILD in
deposit_cli)
echo -e "$GREEN[*] Check available tags here: https://github.com/ethereum/eth2.0-deposit-cli/tags$NC";;
go_ethereum)
echo -e "$GREEN[*] Check available tags here: https://github.com/ethereum/go-ethereum/tags$NC";;
lighthouse)
echo -e "$GREEN[*] Check available tags here: https://github.com/sigp/lighthouse/tags$NC";;
prysm)
echo -e "$GREEN[*] Check available tags here: https://github.com/prysmaticlabs/prysm/tags$NC";;
teku)
echo -e "$GREEN[*] Check available tags here: https://github.com/PegaSysEng/teku/tags$NC";;
esac
DOCKER_FILE="./Dockerfile.$BUILD"
}
check_latest () {
# If utility than don't ask about the release or the latest. Just mark latest as true.
if [ "$BUILD" != "utility" ]; then
echo -ne "$ORANGE[+] Enter the version release you want to build:$NC "
read RELEASE
while true
do
echo -ne "$ORANGE[+] Do you want me to tag this release as the latest? [Y]:$NC "
read LATEST
LATEST=${LATEST:-Y}
case $LATEST in
[yY]* ) LATEST=true
break;;
[nN]* ) LATEST=false
break;;
* ) echo "Enter Y or N";;
esac
done
else
LATEST=true
fi
}
echo_summary () {
echo -e "$GREEN[*] ***** Summary *****"
echo -e "[*] Build: $BUILD"
echo -e "[*] Release: $RELEASE"
echo -e "[*] Tag as Latest: $LATEST"
if [ -z "$RELEASE" ] ; then
echo -e "[*] Push to Registry: $REGISTRY/ethereum/$BUILD:latest$NC"
else
echo -e "[*] Push to Registry: $REGISTRY/ethereum/$BUILD:$RELEASE$NC"
fi
while true
do
echo -ne "$ORANGE[+] Is the summary correct? [Y]:$NC "
read CORRECT
CORRECT=${CORRECT:-Y}
case $CORRECT in
[yY]* ) break;;
[nN]* ) exit 1;;
* ) echo "Enter Y or N";;
esac
done
}
build_image () {
if [ "$LATEST" = true ] ; then
# If release is not set build as latest.
if [ -z "$RELEASE" ]; then
docker build -t $REGISTRY/ethereum/$BUILD:latest -f $DOCKER_FILE .
else
docker build --build-arg RELEASE=$RELEASE -t $REGISTRY/ethereum/$BUILD:$RELEASE -t $REGISTRY/ethereum/$BUILD:latest -f $DOCKER_FILE .
fi
else
docker build --build-arg RELEASE=$RELEASE -t $REGISTRY/ethereum/$BUILD:$RELEASE -f $DOCKER_FILE .
fi
}
push_image () {
if [ "$LATEST" = true ] ; then
echo -e "$GREEN[*] Pushing the image to the registry with the latest tag$NC"
docker push $REGISTRY/ethereum/$BUILD:latest
fi
# If release is set, tag it with that release
if [ ! -z "$RELEASE" ]; then
echo -e "$GREEN[*] Pushing the $BUILD image to the registry with a tag of: $RELEASE$NC"
docker push $REGISTRY/ethereum/$BUILD:$RELEASE
fi
}
prune_images () {
while true
do
echo -ne "$ORANGE[+] Do you want me to run 'docker image prune -f'? [Y]:$NC "
read PRUNE
PRUNE=${PRUNE:-Y}
case $PRUNE in
[yY]* ) PRUNE=true
break;;
[nN]* ) PRUNE=false
break;;
* ) echo "Enter Y or N";;
esac
done
if [ "$PRUNE" = true ] ; then
echo -e "$GREEN[*] Pruning docker images$NC"
docker image prune -f
fi
}
read_args () {
# If no argument was passed
if [ -z $1 ]; then
populate_build_list
get_desired_build
print_urls
check_latest
echo_summary
build_image
push_image
prune_images
# If an agrument was passed
else
populate_build_list
# Check if argument is part of builds
if [[ " ${builds[@]} " =~ " ${1} " ]]; then
BUILD=$1
print_urls
check_latest
echo_summary
build_image
push_image
prune_images
fi
fi
}
read_args $1
Give users the option to use https://github.com/emeraldpay/dshackle as a load balancer for eth1 source, e.g. infura and geth
Still confusing as-is. Suggested change:
"
It should start with a description and then prerequisites with a link to docker (or another page) for installation instructions. Then the eth2 wallet creation section. Split the Choose a client section into two parts, one under lighthouse and one under prysm. Lighthouse and Prysm should be there own sections and contain all the instructions for getting that client up and running. Then the monitoring stuff.
"
And thanks to tjc_ for his valuable comments.
Keep an eye on NethermindEth/nethermind#2308 and consider offering Nethermind as an eth1 option when pruning is in.
Test and create AppArmor profiles for beacon, validator, eth1. Look into same for grafana, prometheus, node_exporter, at lower priority.
It'd need to be done individually for each client and be quite a bit of work, trial-and-error to a degree.
It'd also enhance security dramatically.
Definitely outside of this project, and relevant to it. Grafana dashboards that include notification for low memory, high CPU, low disk space, validator offline, time sync off. I saw a Prysm dashboard that has some of that.
Track available dashboards here and add them to docs; maybe contribute to dashboard projects.
Completion Criteria:
Current Status:
Lighthouse:
16 hours
Look into how to create alpine containers for Lighthouse, Prysm, possibly Nimbus and Teku, when compiling from source. The current debian option is a little heavy.
I'm experiencing an issue with using Dockerfile.source
of openethereum in my docker-compose definition. I've configured OE_USER
along with other parameters in .env
. Looks like a leftover default.
Step 18/19 : COPY --chown=openethereum:openethereum --from=builder /openethereum/target/x86_64-alpine-linux-musl/release/openethereum /usr/local/bin
ERROR: Service 'eth1' failed to build: unable to convert uid/gid chown string to host mapping: can't find uid for user openethereum: no such user: openethereum
Document steps to use this project to participate in spadina. May require ethdo unless eth2.0-deposit-cli gets updated to understand spadina.
More options than extip, and extend to geth and if need be lighthouse
Updated to the latest version of eth2-docker and noticed my metanull dashboard was no longer working. I changed my dashboard json from
to
Need to update the Dockerfile to include the proper metalnull dashboard.
Following /u/SomerEsat's directions
Following /u/SomerEsat's guide for it
After building per docs at https://eth2-docker.net/docs/ the "Configure Wallet" step https://eth2-docker.net/docs/Usage/ConfigureWallet instructs to test the keys generated offline with sudo docker-compose run --rm deposit-cli existing-mnemonic
but the option isn't available:
user@host:~/eth2-docker$ sudo docker-compose run --rm deposit-cli existing-mnemonic
[sudo] password for user:
Please choose your mnemonic language (spanish, italian, czech, english, chinese_traditional, chinese_simplified, korean) [english]:
Please choose how many validators you wish to run: 1
Type the password that secures your validator keystore(s):
Repeat for confirmation:
Usage: deposit.py new-mnemonic [OPTIONS]
Try 'deposit.py new-mnemonic --help' for help.
Error: Got unexpected extra argument (existing-mnemonic)
user@host:~/eth2-docker$ sudo docker-compose run --rm deposit-cli existing-mnemonic --help
Usage: deposit.py new-mnemonic [OPTIONS]
Generate a new mnemonic and keys
Options:
--mnemonic_language [spanish|italian|czech|english|chinese_traditional|chinese_simplified|korean]
The language that your mnemonic is in.
--num_validators INTEGER RANGE The number of validators keys you want to
generate (you can always generate more
later) [required]
--folder DIRECTORY The folder to place the generated keystores
and deposit_data.json in
--chain [mainnet|witti|altona|medalla|spadina|zinken|pyrmont]
The version of eth2 you are targeting. use
"mainnet" if you are depositing ETH
--keystore_password TEXT The password that will secure your
keystores. You will need to re-enter this to
decrypt them when you setup your eth2
validators. (It is reccomened not to use
this argument, and wait for the CLI to ask
you for your mnemonic as otherwise it will
appear in your shell history.)
--help Show this message and exit.
The option does work when I download the binary manually using instructions here: https://github.com/ethereum/eth2.0-deposit-cli#for-linux-or-macos-users
Lighthouse will improve beacon to do liveness check itself, remove the wrapper script when this is live in their code.
8 hours
Both LH and Prysm keep the wallet password inside their volume, in plain text. To read it would require breaching the container or breaching the host as root.
Better secrets management via Ansible or S3 is desirable.
I ran into a small bug when my Wallet password has a \
character in it. When the password is written to the password.txt file, the \
is omitted.
For example, a password entered as 12345\abcdef
is written to password.txt as 12345abcdef
. As a result, the validator complains that the wallet password is incorrect.
I'm trying to get eth2-docker setup for pyrmont... I decided to start from scratch... I did a system update, wiped all the containers, images and volumes from Docker, created a new eth2-docker directory, did a new clone, and started the build, but got a
ERROR: Service 'validator-import' failed to build: invalid reference format
... I see some red lines in the build log that say
file eth2deposit.py (for module eth2deposit) not found
The last output of the build is:
Building beacon
Step 1/11 : ARG DOCKER_TAG
Step 2/11 : FROM sigp/lighthouse:${DOCKER_TAG}
ERROR: Service 'beacon' failed to build: invalid reference format
Any thoughts?
See https://docs.teku.consensys.net/en/stable/HowTo/Voluntary-Exit/
Likely will require a wrapper script so the user doesn't need to dig out the json and password files for the validator to exit, --validator-keys=validator/keys/validator_888eef.json:validator/passwords/validator_888eef.txt
Metanull's Prysm Dashboard JSON
to GrafanaPrysm Dashboard JSON
to GrafanaPrysm Dashboard JSON for more than 10 validators
to GrafanaEither traefik or nginx to expose the grafana dashboard, for cloud-hosted. Requires DNS and let's encrypt.
Same thing for UI.
This work would likely immediately solve #10
Integrate these community dashboards into Grafana Dockerfile
8 hours
24
And restore from mnemonic also seems like a good idea to be documented.
This may already work through .env. Likely just needs testing, and a minimal change to docker-compose.yml to support client "stacks" that don't have geth in them.
Followed the guide but when bringing docker-compose up and importing my wallet through the Prysm web interface I first notice a bunch of errors popping up saying Head block of chain was nil
.
When restarting docker-compose and checking the validator container logs, I get the following:
"validator_1 | time="2021-05-03 19:11:21" level=warning msg="Running on the Prater Testnet" prefix=flags
validator_1 | time="2021-05-03 19:11:21" level=info msg="Enabling web portal to manage the validator client" prefix=node
validator_1 | time="2021-05-03 19:11:21" level=info msg="Opened validator wallet" keymanager-kind=direct prefix=node wallet="/var/lib/prysm/direct"
validator_1 | time="2021-05-03 19:11:21" level=error msg="could not read keymanager for wallet: could not initialize imported keymanager: failed to initialize account store: wrong password for wallet entered: invalid checksum" prefix=main
I have verified that the password stored in password.txt
in /var/lib/prysm/password.txt
is the exact same one I submitted through the web interface. I've scrapped the containers and volumes and run docker-compose run --rm validator-import
again to repeat the process multiple times with no results.
What am I missing here?
Exactly like /u/SomerEsat's guides. Questionable whether it should be in here or external, but it's part of the setup of a host.
I'd like to monitor trafic going in/out eth2-docker network. However each time i restart serviced / docker-compose down&&up i got generated new interface names.
example of autogenerated bridge interface name:
ifconfig
br-a7c4259c4b4c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.21.0.1 netmask 255.255.0.0 broadcast 172.21.255.255
br-fca541589d20: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.19.0.1 netmask 255.255.0.0 broadcast 172.19.255.255
br-8e9669b47913: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.18.0.1 netmask 255.255.0.0 broadcast 172.18.255.255
Keep an eye on NethermindEth/nethermind#2308 and consider offering Nethermind as an eth1 option when pruning is in.
To make it even easier to bring the client up. Questionable whether and how desirable this is.
It could make .env shenanigans easier and also handle options better than it does now, by copying in the "right" docker-compose.yml rather than having everything in one.
Add additional documentation to show how to use 3rd party ETH1 clients like infura
ddclient and --p2p-host-dns instead of running --p2p-host-ip. This would be more friendly to clients on dynamic IP, but require a dynamic DNS provider.
16 hours
Instead of compiled from source. What's the value prop compared to the client teams' own efforts, though?
This plus "with or without slasher" and "various geth/openethereum options" gets unwieldy in docker-compose.yml if the intent is still to have a one-command "up" option. That'd speak towards wanting #17 , shell script frontend, to be addressed, so it's a matter of configuring and then just docker-compose up -d eth2-client
and it'll do The Thing, whatever combination of things The Thing ends up being.
When a VPN is enabled and you run "sudo docker-compose up -d eth2", you'll see the following error:
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
This seems to be a common problem as documented here: docker/for-linux#599
I found a workaround by defining a custom network as part of the compose files, in my case I'm using lh-base.yml, geth.yml, and lh-grafana.yml. I added an entry like the following to those files:
networks:
eth2-net:
ipam:
config:
- subnet: 172.20.0.0/16
And then for each of the services in those files, adding the following:
networks:
- eth2-net
Now all the services and containers start up fine. Not sure why this works, but sharing this in case you want to incorporate something like this into the code base. With this change, and setting custom ports that map to my VPN's port forwarding options, I've been able to get the services running successfully under VPN.
When trying to run an ETH1 client in standalone mode, I get
ERROR: The Compose file is invalid because:
Service beacon has neither an image nor a build context specified. At least one must be provided.
Look into options
docker-compose build
Building validator-import
ERROR: Cannot locate specified Dockerfile: Dockerfile
Ubuntu 18.04
$ docker-compose --version
docker-compose version 1.24.0, build 0aa59064
$ docker --version
Docker version 19.03.6, build 369ce74a3c
.env:
# Please adjust the below variable to your local user ID if you are on Linux.
# This is vital for key import to work. You can find your UID with "echo $UID".
LOCAL_UID=1000
# Client choice: See SETUP.md for available options
COMPOSE_FILE=lh-base.yml:oe.yml:lh-grafana.yml
# ETH1 endpoint / chain source. This default uses the eth1 node container
ETH1_NODE=http://eth1:8545
# Graffiti to use for validator, in order to receive POAP
GRAFFITI=eth2-docker
# Number of validators to create with deposit-cli
NUMVAL=1
# Advanced: Start index for recovery of validators or adding validators
VAL_START_INDEX=0
# Restart policy: Set to no if you do not want services to automatically restart
RESTART=unless-stopped
# If you want debug logs, set this to debug instead of info
LOG_LEVEL=info
# Uncomment this if you need to restrict teku to use 6 GiB of heap
#TEKU_LOW_MEM=-Xmx6G
# Leave this as-is to compile nimbus with support for metrics via grafana.
# Change to empty (nothing after first =) to disable that functionality
NIM_METRICS=NIMFLAGS="-d:insecure"
# Network to use for eth2. If using main net, set to mainnet.
NETWORK=mainnet
# Network to use for eth1. If using OpenEthereum and main net, set to ethereum. For Nethermind and main net, set to mainnet. Not in use for Geth.
ETH1_NETWORK=ethereum
# If using Geth as the eth1 node and main net, comment out.
# GETH1_NETWORK=--goerli
32 hours
Following /u/SomerEsat's guide for it
As we get towards mainnet, more conservative default targets than "master" may be desirable.
Consider using something like travis or github actions to perform CI/CD
linting
shellcheck
formating
Changelog maybe
When building lighthouse with
COMPOSE_FILE=lh-base.yml:oe.yml:lh-grafana.yml:shared-eth1.yml
I got the error of
error: 'mainnet' isn't a valid value for '--testnet <testnet>'
[possible values: altona, medalla, spadina, zinken]
The current yaml has --testnet hard coded.
- --testnet
- ${NETWORK}
I don't think we want to remove it, because we want backwards compatibility with Pyrmont
. Maybe we could just do.
- ${USETESTNET}
where, if set, it would have a value like
USETESTNET=--"testnet Pyrmont"
Validator can start before beacon is fully up, leading to validator stopping.
Tracked at prysmaticlabs/prysm#7339
Until Prysm resolve this, I need to wrap the validator in a script, similar to what I am doing for the LH beacon
Can we add a timezone setting in the .env so to have the time of the docker logs in sync with the local time? Or should it be configured in another way?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.