chore: docker validator support (#468)

ArkEcosystem · Mar 4, 2024 · 1a21e5c · 1a21e5c
1 parent f831da0
commit 1a21e5c
Show file tree

Hide file tree

Showing 9 changed files with 96 additions and 25 deletions.
diff --git a/docker/production/devnet/devnet.env b/docker/production/devnet/devnet.env
@@ -1,9 +1,10 @@
-#MODE must be one of: relay or forger
+#MODE must be one of: relay or validator 
 #relay: start a relay node only
-#forger: start relay and forger
+#validator: start a validator node
 MODE=relay
 NETWORK=devnet
 TOKEN=ark
+
 #Core variables
 CORE_LOG_LEVEL=debug
 CORE_LOG_LEVEL_FILE=info

diff --git a/docker/production/devnet/enc.sh b/docker/production/devnet/enc.sh
@@ -45,12 +45,12 @@ warning "Encrypting ..."
 
 openssl genrsa -out secret.key 2048
 openssl rsa -in secret.key -out secret.pub -outform PEM -pubout
-echo "${SECRET}" | openssl rsautl -encrypt -inkey secret.pub -pubin -out secret.dat
+echo "${SECRET}" | openssl pkeyutl -encrypt -inkey secret.pub -pubin -out secret.dat
 
 openssl genrsa -out bip.key 2048
 openssl rsa -in bip.key -out bip.pub -outform PEM -pubout
-echo "${BIP38}" | openssl rsautl -encrypt -inkey bip.pub -pubin -out bip.dat
+echo "${BIP38}" | openssl pkeyutl -encrypt -inkey bip.pub -pubin -out bip.dat
 
 success "Done! Created folder $(echo "${lila}enc${reset}") with all certificates and keys inside."
-success "You are now ready to run your docker $(echo "${yellow}forger")."
+success "You are now ready to run your docker $(echo "${yellow}validator node")."
 
diff --git a/docker/production/entrypoint.sh b/docker/production/entrypoint.sh
@@ -8,14 +8,14 @@ sudo chown node:node -R /home/node/.local
 mainsail config:publish --token=$TOKEN --network=$NETWORK
 
 if [ "$MODE" = "forger" ]; then
-  SECRET=`openssl rsautl -decrypt -inkey /run/secrets/secret.key -in /run/secrets/secret.dat`
-  CORE_FORGER_PASSWORD=`openssl rsautl -decrypt -inkey /run/secrets/bip.key -in /run/secrets/bip.dat`
+  SECRET=`openssl pkeyutl -decrypt -inkey /run/secrets/secret.key -in /run/secrets/secret.dat`
+  CORE_FORGER_PASSWORD=`openssl pkeyutl -decrypt -inkey /run/secrets/bip.key -in /run/secrets/bip.dat`
 
   # configure
   if [ "$MODE" = "forger" ] && [ -z "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
     echo "set SECRET and/or CORE_FORGER_PASWORD if you want to run a forger"
     exit
-  elif [ -n "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
+  elif [ -n "$SECRET" ] && [ -n "$CORE_FORGER_PASSWORD" ]; then
     mainsail --token=$TOKEN --network=$NETWORK config:forger:bip39 --bip39 "$SECRET"
   fi
 fi
@@ -29,6 +29,6 @@ fi
 if [ "$MODE" = "forger" ] && [ -z "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
     echo "set SECRET and/or CORE_FORGER_PASWORD if you want to run a forger"
     exit
-elif [ "$MODE" = "forger" ] && [ -n "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
+elif [ "$MODE" = "forger" ] && [ -n "$SECRET" ] && [ -n "$CORE_FORGER_PASSWORD" ]; then
     mainsail --token=$TOKEN --network=$NETWORK core:run
 fi
diff --git a/docker/production/mainnet/enc.sh b/docker/production/mainnet/enc.sh
@@ -45,12 +45,12 @@ warning "Encrypting ..."
 
 openssl genrsa -out secret.key 2048
 openssl rsa -in secret.key -out secret.pub -outform PEM -pubout
-echo "${SECRET}" | openssl rsautl -encrypt -inkey secret.pub -pubin -out secret.dat
+echo "${SECRET}" | openssl pkeyutl -encrypt -inkey secret.pub -pubin -out secret.dat
 
 openssl genrsa -out bip.key 2048
 openssl rsa -in bip.key -out bip.pub -outform PEM -pubout
-echo "${BIP38}" | openssl rsautl -encrypt -inkey bip.pub -pubin -out bip.dat
+echo "${BIP38}" | openssl pkeyutl -encrypt -inkey bip.pub -pubin -out bip.dat
 
 success "Done! Created folder $(echo "${lila}enc${reset}") with all certificates and keys inside."
-success "You are now ready to run your docker $(echo "${yellow}forger")."
+success "You are now ready to run your docker $(echo "${yellow}validator node")."
 
diff --git a/docker/production/mainnet/mainnet.env b/docker/production/mainnet/mainnet.env
@@ -1,6 +1,6 @@
-#MODE must be one of: relay or forger
+#MODE must be one of: relay or validator
 #relay: start a relay node only
-#forger: start relay and forger
+#validator: start a validator node
 MODE=relay
 NETWORK=mainnet
 TOKEN=ark

diff --git a/docker/testnet/README.md b/docker/testnet/README.md
@@ -13,9 +13,21 @@ Mainsail API Alpha images now available at [Docker Hub](https://hub.docker.com/r
 
 -   https://ark.dev/docs/mainsail
 
-## Mainsail Core Relay
+## Mainsail Core  
+
+Run Core node using [Docker Compose](https://docs.docker.com/compose/)
+
+## Mainsail Core Validator
+
+> [!NOTE]
+> Default configuration is for a Relay only node. If you would also like to run a `Validator` please set `MODE=validator` in your [`testnet.env`](./core/testnet.env) file in advance!
 
-Run Relay only node using [Docker Compose](https://docs.docker.com/compose/)
+Additionally you would need to protect your delegate secret with a password and encrypt it by using the script [`enc.sh`](./core/enc.sh). The script will generate the folder `enc` which is going to be mounted as a volume inside the container. 
+
+> [!NOTE]
+> From this point just follow [Relay running](#mainsail-core-relay) instructions. 
+
+## Mainsail Core Relay
 
 **_TestNet_**
 

diff --git a/docker/testnet/core/enc.sh b/docker/testnet/core/enc.sh
@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+##########################################################
+#                                                        #
+# This script encrypts your forging secret and password. #
+#                                                        #
+##########################################################
+
+type openssl >/dev/null 2>&1 || { echo >&2 "OpenSSL missing. Please install and run the script again."; exit 1; }
+
+yellow=$(tput setaf 3)
+green=$(tput setaf 2)
+lila=$(tput setaf 4)
+bold=$(tput bold)
+reset=$(tput sgr0)
+
+warning ()
+{
+    echo "    ${yellow}==>${reset}${bold} $1${reset}"
+}
+
+success ()
+{
+    echo "    ${green}==>${reset}${bold} $1${reset}"
+}
+
+read -sp "Please enter your delegate secret: " inputSecret
+echo
+
+while true; do
+    read -sp "Please enter your password: " inputPass
+    echo
+    read -sp "Please enter password again: " inputPassA
+    echo
+    [ "${inputPass}" = "${inputPassA}" ] && break
+    echo "Password do not match! Please try again."
+done
+
+SECRET="${inputSecret}"
+BIP38="${inputPass}"
+
+rm -rf enc > /dev/null 2>&1
+mkdir enc; cd enc
+
+warning "Encrypting ..."
+
+openssl genrsa -out secret.key 2048
+openssl rsa -in secret.key -out secret.pub -outform PEM -pubout
+echo "${SECRET}" | openssl pkeyutl -encrypt -inkey secret.pub -pubin -out secret.dat
+
+openssl genrsa -out bip.key 2048
+openssl rsa -in bip.key -out bip.pub -outform PEM -pubout
+echo "${BIP38}" | openssl pkeyutl -encrypt -inkey bip.pub -pubin -out bip.dat
+
+success "Done! Created folder $(echo "${lila}enc${reset}") with all certificates and keys inside."
+success "You are now ready to run your docker $(echo "${yellow}validator node")."
+
diff --git a/docker/testnet/core/entrypoint.sh b/docker/testnet/core/entrypoint.sh
@@ -1,8 +1,6 @@
 #!/usr/bin/env bash
 sudo /usr/sbin/ntpd
 
-MODE=${MODE:-relay}
-
 if [ "$DB_RESET" = "true" ]; then
   sudo rm -rf /home/node/.local/share/mainsail/core/*	
 fi
@@ -17,15 +15,15 @@ else
   mainsail config:publish:custom --token=$TOKEN --network=$NETWORK --app=https://raw.githubusercontent.com/ArkEcosystem/mainsail-network-config/main/testnet/mainsail/app.json --crypto=https://raw.githubusercontent.com/ArkEcosystem/mainsail-network-config/main/testnet/mainsail/crypto.json --peers=https://raw.githubusercontent.com/ArkEcosystem/mainsail-network-config/main/testnet/mainsail/peers.json --reset
 fi
 
-if [ "$MODE" = "forger" ]; then
-  SECRET=`openssl rsautl -decrypt -inkey /run/secrets/secret.key -in /run/secrets/secret.dat`
-  CORE_FORGER_PASSWORD=`openssl rsautl -decrypt -inkey /run/secrets/bip.key -in /run/secrets/bip.dat`
+if [ "$MODE" = "validator" ]; then
+  SECRET=`openssl pkeyutl -decrypt -inkey /run/secrets/secret.key -in /run/secrets/secret.dat`
+  CORE_FORGER_PASSWORD=`openssl pkeyutl -decrypt -inkey /run/secrets/bip.key -in /run/secrets/bip.dat`
 
   # configure
-  if [ "$MODE" = "forger" ] && [ -z "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
+  if [ "$MODE" = "validator" ] && [ -z "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
     echo "set SECRET and/or CORE_FORGER_PASWORD if you want to run a forger"
     exit
-  elif [ -n "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
+  elif [ -n "$SECRET" ] && [ -n "$CORE_FORGER_PASSWORD" ]; then
     mainsail --token=$TOKEN --network=$NETWORK config:forger:bip39 --bip39 "$SECRET"
   fi
 fi
@@ -36,9 +34,10 @@ if [[ "$MODE" = "relay" ]]; then
 fi
 
 # forging
-if [ "$MODE" = "forger" ] && [ -z "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
+if [ "$MODE" = "validator" ] && [ -z "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
     echo "set SECRET and/or CORE_FORGER_PASWORD if you want to run a forger"
     exit
-elif [ "$MODE" = "forger" ] && [ -n "$SECRET" ] && [ -z "$CORE_FORGER_PASSWORD" ]; then
+elif [ "$MODE" = "validator" ] && [ -n "$SECRET" ] && [ -n "$CORE_FORGER_PASSWORD" ]; then
     mainsail --token=$TOKEN --network=$NETWORK core:run
 fi
+
diff --git a/docker/testnet/core/testnet.env b/docker/testnet/core/testnet.env
@@ -1,3 +1,6 @@
+#relay: start a relay node only
+#validator: start a validator node
+MODE=relay
 TOKEN=ark
 NETWORK=testnet