Cluster Orchestration with Docker Compose (#114)

* add file * builds + caching fixed * bitcoin orchestration * remove default entrypoint * eth image and cleanup * working monero * remove signature file * cleanup on aisle eth * cleanup on aisle btc * eth working * remove docker ignore * remove bitcoin image readme * fix serai builds * serai clusters * added readme for docker * formatting * share the image * newlines at EOF * add multi profile example * coin order * coin order * profile order * fix grammar * fix whitespace * reduce trusted signature set, require at least 3 signatures. * remove echo * update comment to ref trusted keys * comment fix * use 16 keys, check for laanwj, name compose * don't use bash * monero fingerprints & eth fixes * eth fixes * remove extra eth keys
2025-12-08 12:19:24 +00:00 · 2022-09-12 15:01:14 -05:00
parent 31b64b3082
commit 978304e224
14 changed files with 587 additions and 67 deletions
--- a/deploy/coins/bitcoin/Dockerfile
+++ b/deploy/coins/bitcoin/Dockerfile
@@ -0,0 +1,55 @@
+# Configure Environment
+FROM alpine:latest as builder
+
+ENV BITCOIN_VERSION=23.0
+ENV GLIBC_VERSION=2.28-r0
+ENV BITCOIN_DATA=/home/bitcoin/.bitcoin
+
+WORKDIR /home/bitcoin
+
+
+RUN apk update \
+	&& apk --no-cache add ca-certificates gnupg bash su-exec 
+
+# Get Binary
+# TODO: When bitcoin.org publishes 23.0, retrieve checksums from there.
+RUN wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz \
+	&& wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS \
+	&& wget https://bitcoincore.org/bin/bitcoin-core-${BITCOIN_VERSION}/SHA256SUMS.asc
+
+# Verify Binary
+# For the PGP keys of builders and developers, refer to 
+# https://github.com/bitcoin/bitcoin/tree/master/contrib/builder-keys
+# Serai recognizes the builder keys for 16/17 signatures
+# from the 23.0 release
+ENV KEYS 152812300785C96444D3334D17565732E08E5E41 0AD83877C1F0CD1EE9BD660AD7CC770B81FD22A8 590B7292695AFFA5B672CBB2E13FC145CD3F4304 948444FCE03B05BA5AB0591EC37B1C1D44C786EE 9EDAFF80E080659604F4A76B2EBB056FD847F8A7 E777299FC265DD04793070EB944D35F9AC3DB76A F4FC70F07310028424EFC20A8E4256593F177720 D1DBF2C4B96F2DEBF4C16654410108112E7EA81F
+ENV KEYS2 4DAF18FE948E7A965B30F9457E296D555E7F63A7 28E72909F1717FE9607754F8A7BEB2621678D37D 74E2DEF5D77260B98BC19438099BAD163C70FBFA 71A3B16735405025D447E8F274810B012346C9A6 E463A93F5F3117EEDE6C7316BD02942421F4889F 9D3CC86A72F8494342EA5FD10A41BDC3F4FAFF1C 287AE4CA1187C68C08B49CB2D11BD4F33F1DB499 F9A8737BF4FF5C89C903DF31DD78544CF91B1514
+
+# Use hardcoded prints to get keys from servers. 2 Different servers used.
+RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ${KEYS} \
+	&& gpg --keyserver hkp://keys.openpgp.org:80 --recv-keys ${KEYS2}
+
+# verify all sigs and check for valid signature from laanwj -- 71A3
+RUN gpg --verify --status-fd 1 --verify SHA256SUMS.asc SHA256SUMS | grep "^\[GNUPG:\] VALIDSIG.*71A3B16735405025D447E8F274810B012346C9A6" 
+
+RUN grep bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz SHA256SUMS | sha256sum -c
+
+# Prepare Image
+RUN tar xzvf bitcoin-${BITCOIN_VERSION}-x86_64-linux-gnu.tar.gz
+
+# Prepare Image
+FROM ubuntu:latest as image
+WORKDIR /home/bitcoin
+COPY --from=builder /home/bitcoin/* .
+
+RUN mv bin/* /bin \
+&& mv lib/* /lib \
+&& mv share/* /share
+
+COPY ./scripts /scripts
+
+EXPOSE 8332 8333 18332 18333 18443 18444
+VOLUME ["/home/bitcoin/.bitcoin"]
+
+# Run
+CMD ["bitcoind"]
--- a/deploy/coins/bitcoin/scripts/entry-dev.sh
+++ b/deploy/coins/bitcoin/scripts/entry-dev.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+RPC_USER="${RPC_USER:=serai}"
+RPC_PASS="${RPC_PASS:=seraidex}"
+
+# address: bcrt1q7kc7tm3a4qljpw4gg5w73cgya6g9nfydtessgs
+# private key: cV9X6E3J9jq7R1XR8uPED2JqFxqcd6KrC8XWPy1GchZj7MA7G9Wx
+MINER="${MINER:=bcrt1q7kc7tm3a4qljpw4gg5w73cgya6g9nfydtessgs}"
+PRIV_KEY="${PRIV_KEY:=cV9X6E3J9jq7R1XR8uPED2JqFxqcd6KrC8XWPy1GchZj7MA7G9Wx}"
+BLOCK_TIME=${BLOCK_TIME:=5}
+
+bitcoind -regtest -txindex -fallbackfee=0.000001 -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS -rpcallowip=0.0.0.0/0 -rpcbind=127.0.0.1 -rpcbind=$(hostname) &
+
+# give time to bitcoind to start
+while true
+do
+	bitcoin-cli -regtest -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS generatetoaddress 100 $MINER && break
+	sleep 5
+done
+
+bitcoin-cli -regtest -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS createwallet "miner" false false $RPC_PASS false false true &&
+bitcoin-cli -regtest -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS walletpassphrase $RPC_PASS 60 &&
+bitcoin-cli -regtest -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS importprivkey $PRIV_KEY
+
+# mine a new block every BLOCK_TIME
+while true
+do
+	bitcoin-cli -regtest -rpcuser=$RPC_USER -rpcpassword=$RPC_PASS generatetoaddress 1 $MINER
+	sleep $BLOCK_TIME
+done
--- a/deploy/coins/ethereum/Dockerfile
+++ b/deploy/coins/ethereum/Dockerfile
@@ -0,0 +1,37 @@
+# Prepare Environment
+FROM alpine:latest as builder
+
+ENV GETH_VERSION=1.10.23-d901d853
+
+WORKDIR /home/ethereum
+
+RUN apk update \
+	&& apk --no-cache add ca-certificates gnupg bash su-exec
+
+# Get Binary
+RUN wget https://gethstore.blob.core.windows.net/builds/geth-linux-amd64-${GETH_VERSION}.tar.gz\
+	&& wget https://gethstore.blob.core.windows.net/builds/geth-linux-amd64-${GETH_VERSION}.tar.gz.asc
+
+# Verify Binary
+# refer to https://geth.ethereum.org/downloads/#openpgp_signatures
+# for the PGP keys of builders and developers
+ENV KEYS 9BA28146 E058A81C 05A5DDF0 1CCB7DD2
+
+RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys ${KEYS} \
+	&& gpg --verify geth-linux-amd64-${GETH_VERSION}.tar.gz.asc geth-linux-amd64-${GETH_VERSION}.tar.gz
+
+# Prepare Image
+RUN tar xzvf geth-linux-amd64-${GETH_VERSION}.tar.gz
+
+# Prepare Image
+FROM ubuntu:latest as image
+
+WORKDIR /home/ethereum
+COPY --from=builder /home/ethereum/* .
+RUN mv * /bin/
+COPY ./scripts /scripts
+
+EXPOSE 8545 8546 30303 30303/udp
+
+# Run
+CMD ["geth"]
--- a/deploy/coins/ethereum/scripts/entry-dev.sh
+++ b/deploy/coins/ethereum/scripts/entry-dev.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+geth --dev --dev.period 5 --verbosity 2 --networkid 15 --datadir "data" -mine --miner.threads 1 -http --http.addr 0.0.0.0 --http.port 8545 --allow-insecure-unlock --http.api "eth,net,web3,miner,personal,txpool,debug" --http.corsdomain "*" -nodiscover --http.vhosts="*"
--- a/deploy/coins/monero/Dockerfile
+++ b/deploy/coins/monero/Dockerfile
@@ -0,0 +1,42 @@
+# Prepare Environment
+FROM alpine:latest as builder
+# https://downloads.getmonero.org/cli/monero-linux-x64-v0.18.1.0.tar.bz2
+# Verification will fail if MONERO_VERSION doesn't match the latest
+# due to the way monero publishes releases. They overwrite a single hashes.txt file
+# each release, meaning we can only grab the SHA256 of the latest release.
+# Most publish a asc file for each release / build architecture ¯\_(ツ)_/¯ 
+ENV MONERO_VERSION=0.18.1.0
+# monero-linux-x64-v0.18.1.0.tar.bz2 - https://github.com/monero-project/monero-site/commit/9dda1e3ccb84aa14dc09ed598a6d438c18363833
+ENV GLIBC_VERSION=2.28-r0
+
+WORKDIR /home/monero
+
+RUN apk update \
+	&& apk --no-cache add ca-certificates gnupg bash su-exec
+
+# Get Binary
+RUN wget https://downloads.getmonero.org/cli/monero-linux-x64-v${MONERO_VERSION}.tar.bz2
+
+# Verify Binary -- fingerprint from https://github.com/monero-project/monero-site/issues/1949
+ENV KEYS F0AF4D462A0BDF92
+RUN gpg --keyserver hkp://keyserver.ubuntu.com:80 --keyserver-options no-self-sigs-only --receive-keys ${KEYS}
+
+ADD ./temp/hashes-v${MONERO_VERSION}.txt .
+RUN gpg --verify hashes-v${MONERO_VERSION}.txt \
+    && cat hashes-v${MONERO_VERSION}.txt | grep "$(sha256sum monero-linux-x64-v${MONERO_VERSION}.tar.bz2 | cut -c 1-64)"
+
+# Cleanup
+RUN tar -xvjf monero-linux-x64-v${MONERO_VERSION}.tar.bz2 --strip-components=1
+
+# Prepare Image
+FROM ubuntu:latest as image
+
+WORKDIR /home/monero
+COPY --from=builder /home/monero/* .
+RUN mv * /bin/
+COPY ./scripts /scripts
+
+EXPOSE 18080 18081
+VOLUME /home/monero/.bitmonero
+
+CMD ["monerod"]
--- a/deploy/coins/monero/scripts/entry-dev.sh
+++ b/deploy/coins/monero/scripts/entry-dev.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+# Setup Environment
+RPC_USER="${RPC_USER:=serai}"
+RPC_PASS="${RPC_PASS:=seraidex}"
+MINER="${MINER:=xmraddr}"
+BLOCK_TIME=${BLOCK_TIME:=5}
+
+
+# Run Monero
+monerod --regtest --rpc-login ${RPC_USER}:${RPC_PASS} \
+--rpc-access-control-origins * --rpc-bind-ip=0.0.0.0 --offline \
+--fixed-difficulty=1 --non-interactive --start-mining ${MINER} \
+--mining-threads 1 --bg-mining-enable --detach
+
+# give time to monerod to start
+while true; do
+    sleep 5
+done
+
+# Create wallet from PRIV_KEY in monero wallet
--- a/deploy/coins/monero/temp/hashes-v0.18.1.0.txt
+++ b/deploy/coins/monero/temp/hashes-v0.18.1.0.txt
@@ -0,0 +1,48 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+# This GPG-signed message exists to confirm the SHA256 sums of Monero binaries.
+#
+# Please verify the signature against the key for binaryFate in the
+# source code repository (/utils/gpg_keys).
+#
+#
+## CLI
+0ea5ddb0630d6657810d38b1968ae76ba8e54806f46a2cc9bd02602f999aa741  monero-android-armv7-v0.18.1.0.tar.bz2
+ca8c9daeaee758d482d5cde94912d33b2f62656719c821b2a496fd81c0d52a79  monero-android-armv8-v0.18.1.0.tar.bz2
+1076d260b8b8fe513653916dabfa3c3790030836750d3af6bca56fc138a06af1  monero-freebsd-x64-v0.18.1.0.tar.bz2
+ecba059a2dbbef9f059e37c0f329df037501752dd871719b41104c5d4c6d358b  monero-linux-armv7-v0.18.1.0.tar.bz2
+69e2bba6d5bd8fcf4986f59f232fdfd33b4ae2ce0959fd59567b153b923e057e  monero-linux-armv8-v0.18.1.0.tar.bz2
+9318e522a5cf95bc856772f15d7507fdef2c028e01f70d020078ad5e208f1304  monero-linux-x64-v0.18.1.0.tar.bz2
+3d54dc813116955537a4a5ae4a0a3943d9d32842e076c223ea096551db438158  monero-linux-x86-v0.18.1.0.tar.bz2
+065766f5799c6b972145e2b27830a584c18f64bdd276f31801493b7ef9e51b3c  monero-mac-armv8-v0.18.1.0.tar.bz2
+da87ac5c713f17985cd57bcd007ec76ffe75123cb546cd655edb14fdd8c3d745  monero-mac-x64-v0.18.1.0.tar.bz2
+d0e2b3255163ec0499de42639cc86cf4ddae0bc5fa65aa7377ff9c40305da8fd  monero-win-x64-v0.18.1.0.zip
+ed18233503b6135a29732a79b261b50aced24b99686843bc11e7e9fb2d50cf42  monero-win-x86-v0.18.1.0.zip
+0e4cb82d5f0c455536526c9f3105d1c8f683d4c0ad18a69972c0863944b01328  monero-source-v0.18.1.0.tar.bz2
+#
+## GUI
+9b2c8978f96e8c9662373b427ef320ccd9d652d346435a8487a756bf55cf43ff  monero-gui-install-win-x64-v0.18.1.0.exe
+6c993b622516d85555d8962767b39c79a3b3614cbdf0ab9f62fa07e3826498d0  monero-gui-linux-x64-v0.18.1.0.tar.bz2
+0b06351b370863dce8fff9d8659a8235b98505c61c7e4f5af23843b161d92186  monero-gui-mac-x64-v0.18.1.0.dmg
+39c4290a01072cc8fe8eabaa2c61598421a72eac6011eccd16a2a63e89323fa2  monero-gui-win-x64-v0.18.1.0.zip
+ecb33e329af5cf671b562a0c14a562a7b061736a0f75733dc862b29e9176797c  monero-gui-source-v0.18.1.0.tar.bz2
+#
+#
+# ~binaryFate
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEEgaxZH+nEtlxYBq/D8K9NRioL35IFAmL04d8ACgkQ8K9NRioL
+35II+A/+J2z+VbOIc4ZZdHRuwOchGcyyafpmtQM3JqSNCtlo3y2973yuUSWen26T
+MSkwsOIinGxsRllAdTyoJPTvv0Ohl2vVqbigAvrtuti9h0C75mX1AdBY7C2ot37L
+6flWDcBdE1VJOsZqPpUj6MsF8738H/n1z4KAjA5WZB7bJerHB3bFu4J5TjUFmhM1
+Uf+uH28V7hJUd3sWAe6okbJWsexfLdof1jvpg5sH7Mb2XhP6C8bJVDVXYzDOZoan
+zYB9IcBAP9pY9xp6F1M33n5Un+75ShyyTrGjRc8Fbbgr/SpsTZZ5YKwoVAEnMH3K
+AEOLFDZEhzO4j0BoyeV/K9q6bzSSsrbyo1yQ38UWT3yCJYpQJWKmFJHvMz0/N1xH
+pMpuc5otmRiYddB/PgRp+uKzQzq6ye1LYh3PmvU8b9yaE+2XxqXR8cTUNid0E5gQ
+iXZjuLD06nDCtSe7m2Duj9W39PeB3M+kALU27KOjcio7WG0H2O0TJqVyBnBbviYi
+PpCa5sBbr9NxdgRLWEaFfynaVa7ls3NkaO9ipN0tRJ6uUuAxuEgzBRpL+cYHK+fo
+ZD223xP8Z33ZF+DIe6D+sCDW/UJNGCK3PBuDSQrzXSQkysQj2+mcQ9JNFIkY+Xm2
+SvDIaTuLAZLo6DXxzPPBuKB1iYWh0LUmAMaCOM220j/eKq9Y5yA=
+=M0wB
+-----END PGP SIGNATURE-----