Merge remote-tracking branch 'origin/master' into blockq-tweak

Dockerfile

@@ -11,7 +11,7 @@ ARG TARGETARCH
 ADD https://go.dev/dl/go${GO_VERSION}.linux-${TARGETARCH}.tar.gz /go.tar.gz
 
 # Basic dependencies.
-ENV HOME="/node" DEBIAN_FRONTEND="noninteractive" GOPATH="/node"
+ENV HOME="/node" DEBIAN_FRONTEND="noninteractive" GOPATH="/dist"
 
 RUN apt-get update && \
     apt-get install -y --no-install-recommends \
@@ -27,15 +27,15 @@ RUN apt-get update && \
 
 ENV PATH="/usr/local/go/bin:${PATH}"
 
-COPY ./docker/files/ /node/files
-COPY ./installer/genesis /node/files/run/genesis
-COPY ./cmd/updater/update.sh /node/files/build/update.sh
-COPY ./installer/config.json.example /node/files/run/config.json.example
+COPY ./docker/files/ /dist/files
+COPY ./installer/genesis /dist/files/run/genesis
+COPY ./cmd/updater/update.sh /dist/files/build/update.sh
+COPY ./installer/config.json.example /dist/files/run/config.json.example
 
 # Install algod binaries.
-RUN /node/files/build/install.sh \
+RUN /dist/files/build/install.sh \
     -p "${GOPATH}/bin" \
-    -d "/node/data" \
+    -d "/algod/data" \
     -c "${CHANNEL}" \
     -u "${URL}" \
     -b "${BRANCH}" \
@@ -55,10 +55,12 @@ RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates
 
 USER algorand
 
-COPY --chown=algorand:algorand --from=builder "/node/bin/" "/node/bin/"
-COPY --chown=algorand:algorand --from=builder "/node/files/run/" "/node/run/"
+COPY --chown=algorand:algorand --from=builder "/dist/bin/" "/node/bin/"
+COPY --chown=algorand:algorand --from=builder "/dist/files/run/" "/node/run/"
 
 # Expose Algod REST API, Algod Gossip, and Prometheus Metrics ports
 EXPOSE $ALGOD_PORT 4160 9100
 
+WORKDIR /algod
+
 CMD ["/node/run/run.sh"]

docker/README.md

@@ -1,5 +1,7 @@
 # Algod Container
 
+[![DockerHub](https://img.shields.io/badge/DockerHub-blue)](https://hub.docker.com/r/algorand/algod)
+
 General purpose algod container image.
 
 ## Image Configuration
@@ -39,11 +41,12 @@ Configuration can be modified by specifying certain files. These can be changed
 
 | File | Description |
 | ---- | ----------- |
-| /etc/config.json | Override default configurations by providing your own file. |
-| /etc/algod.token | Override default randomized REST API token. |
-| /etc/algod.admin.token | Override default randomized REST API admin token. |
+| /etc/algorand/config.json | Override default configurations by providing your own file. |
+| /etc/algorand/algod.token | Override default randomized REST API token. |
+| /etc/algorand/algod.admin.token | Override default randomized REST API admin token. |
+| /etc/algorand/logging.config | Use a custom [logging.config](https://developer.algorand.org/docs/run-a-node/reference/telemetry-config/#configuration) file for configuring telemetry. |
 
-TODO: `/etc/template.json` for overriding the private network topology.
+TODO: `/etc/algorand/template.json` for overriding the private network topology.
 
 ## Example Configuration
 
@@ -66,14 +69,45 @@ Explanation of parts:
 * `-p 4190:8080` maps the internal algod REST API to local port 4190
 * `-e NETWORK=` can be set to any of the supported public networks.
 * `-e FAST_CATCHUP=` causes fast catchup to start shortly after launching the network.
-* `-e TELEMETRY_NAME=` enables telemetry reporting to Algorand for network health analysis.
+* `-e TELEMETRY_NAME=` enables telemetry reporting to Algorand for network health analysis. The value of this variable takes precedence over the `name` attribute set in `/etc/algorand/logging.config`.
 * `-e TOKEN=` sets the REST API token to use.
 * `-v ${PWD}/data:/algod/data/` mounts a local volume to the data directory, which can be used to restart and upgrade the deployment.
 
 ## Mounting the Data Directory
 
 The data directory located at `/algod/data`. Mounting a volume at that location will allow you to shutdown and resume the node.
 
+### Volume Permissions
+
+The container executes in the context of the `algorand` user with it's own UID and GID which is handled differently depending on your operating system. Here are a few options for how to work with this environment:
+
+#### Named Volume
+
+Using a named volume will work without any specific configuration in most cases:
+
+```bash
+docker volume create algod-data
+docker run -it --rm -d -v algod-data:/algod/data algorand/algod
+```
+
+#### Local Directory without SELinux
+
+Explicitly set the UID and GID of the container:
+
+```bash
+docker run -it --rm -d -v /srv/data:/algod/data -u $UID:$GID algorand/algod
+```
+
+#### Local Directory with SELinux
+
+Set the UID and GID of the container while add the `Z` option to the volume definition:
+
+```bash
+docker run -it --rm -d -v /srv/data:/algod/data:Z -u $UID:$GID algorand/algod
+```
+
+> See the documentation on [configuring the selinux label](https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label).
+
 ### Private Network
 
 Private networks work a little bit differently. They are configured with, potentially, several data directories. The default topology supplied with this container is installed to `/algod/`, and has a single node named `data`. This means the private network has a data directory at `/algod/data`, matching the production configuration.

docker/files/build/install.sh

@@ -87,6 +87,6 @@ BUILD_NUMBER="" BRANCH="$BRANCH" make build
 
 shopt -s extglob
 
-cd "$BINDIR" && rm -vrf !(algocfg|algod|algoh|algokey|carpenter|catchupsrv|ddconfig.sh|diagcfg|find-nodes.sh|goal|kmd|msgpacktool|node_exporter|tealcut|tealdbg|update.sh|updater|COPYING)
+cd "$BINDIR" && rm -vrf !(algocfg|algod|algokey|diagcfg|goal|kmd|msgpacktool|node_exporter|tealdbg|update.sh|updater|COPYING)
 
 "$BINDIR"/algod -v

docker/files/run/run.sh

@@ -13,25 +13,25 @@ function apply_configuration() {
   cd "$ALGORAND_DATA"
 
   # check for config file overrides.
-  if [ -f "/etc/config.json" ]; then
-    cp /etc/config.json config.json
+  if [ -f "/etc/algorand/config.json" ]; then
+    cp /etc/algorand/config.json config.json
   fi
-  if [ -f "/etc/algod.token" ]; then
-    cp /etc/algod.token algod.token
+  if [ -f "/etc/algorand/algod.token" ]; then
+    cp /etc/algorand/algod.token algod.token
   fi
-  if [ -f "/etc/algod.admin.token" ]; then
-    cp /etc/algod.admin.token algod.admin.token
+  if [ -f "/etc/algorand/algod.admin.token" ]; then
+    cp /etc/algorand/algod.admin.token algod.admin.token
   fi
-  if [ -f "/etc/logging.config" ]; then
-    cp /etc/logging.config logging.config
+  if [ -f "/etc/algorand/logging.config" ]; then
+    cp /etc/algorand/logging.config logging.config
   fi
 
   # check for environment variable overrides.
   if [ "$TOKEN" != "" ]; then
-    echo "$TOKEN" > algod.token
+    echo "$TOKEN" >algod.token
   fi
   if [ "$ADMIN_TOKEN" != "" ]; then
-    echo "$ADMIN_TOKEN" > algod.admin.token
+    echo "$ADMIN_TOKEN" >algod.admin.token
   fi
 
   # configure telemetry
@@ -78,8 +78,8 @@ function configure_data_dir() {
 }
 
 function start_new_public_network() {
-  cd /node
-  if [ ! -d "run/genesis/$NETWORK" ]; then
+  cd /algod
+  if [ ! -d "/node/run/genesis/${NETWORK}" ]; then
     echo "No genesis file for '$NETWORK' is available."
     exit 1
   fi
@@ -88,7 +88,7 @@ function start_new_public_network() {
 
   cd "$ALGORAND_DATA"
 
-  cp "/node/run/genesis/$NETWORK/genesis.json" genesis.json
+  cp "/node/run/genesis/${NETWORK}/genesis.json" genesis.json
   cp /node/run/config.json.example config.json
 
   configure_data_dir
@@ -111,18 +111,17 @@ function start_private_network() {
   apply_configuration
 
   # TODO: Is there a way to properly exec a private network?
-  goal network start -r "$ALGORAND_DATA/.."
-  tail -f "$ALGORAND_DATA/node.log"
+  goal network start -r "${ALGORAND_DATA}/.."
+  tail -f "${ALGORAND_DATA}/node.log"
 }
 
 function start_new_private_network() {
-  cd /node
   local TEMPLATE="template.json"
   if [ "$DEV_MODE" ]; then
     TEMPLATE="devmode_template.json"
   fi
-  sed -i "s/NUM_ROUNDS/${NUM_ROUNDS:-30000}/" "run/$TEMPLATE"
-  goal network create -n dockernet -r "$ALGORAND_DATA/.." -t "run/$TEMPLATE"
+  sed -i "s/NUM_ROUNDS/${NUM_ROUNDS:-30000}/" "/node/run/$TEMPLATE"
+  goal network create --noclean -n dockernet -r "${ALGORAND_DATA}/.." -t "/node/run/$TEMPLATE"
   configure_data_dir
   start_private_network
 }