Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker: Additional private network options and container tweaks. #5525

Merged
merged 4 commits into from Jul 6, 2023
Merged

docker: Additional private network options and container tweaks. #5525

merged 4 commits into from Jul 6, 2023

Conversation

winder
Copy link
Contributor

@winder winder commented Jul 5, 2023
edited

Summary

Add support for configuring a private network with networking enabled, and for adding peers to a non-standard relay.

This is done by adding the following options:

  • GENESIS_ADDRESS - allows a peer node to resolve genesis.json through the REST API.
  • GOSSIP_PORT - sets the NetAddress, ensures DisableNetworking is false, and sets IncomingConnectionsLimit to 1000.

Additional tweaks:

  • Add ALGORAND_DATA value sanity check. It should not be overridden.
  • Switch from runuser to gosu to more closely follow conventions in other high quality docker images.

Test Plan

Manual testing:

  1. Same tests used previously for kmd startup delay docker: Start kmd in the background. #5514.
  2. The following docker-compose:
version: '3'

services:
  algod-private:
    #image: "algorand/algod:stable"
    image: "wwinder/algod:peertest"
    ports:
      - 4190:8080
      - 4191:7833
    environment:
      TOKEN: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
      ADMIN_TOKEN: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
      GOSSIP_PORT: 10000

  algod-follower:
    #image: "algorand/algod:stable"
    image: "wwinder/algod:peertest"
    # the genesis file must be downloaded from algod-private
    # if this image starts first, keep restarting until algod-private
    # is available.
    restart: unless-stopped
    # follower node is internal
    ports:
      - 5190:8080 # exposed for testing.
    environment:
      NETWORK: private
      TOKEN: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
      ADMIN_TOKEN: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
      PROFILE: conduit
      GENESIS_ADDRESS: algod-private:8080
      PEER_ADDRESS: algod-private:10000
    depends_on:
      - algod-private

@winder winder requested review from shiqizng, a team, excalq and algobarb July 5, 2023 14:58
@codecov
Copy link

codecov bot commented Jul 5, 2023
edited

Codecov Report

Merging #5525 (cbe25a5) into master (f54e7a7) will decrease coverage by 0.03%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master    #5525      +/-   ##
==========================================
- Coverage   55.83%   55.80%   -0.03%     
==========================================
  Files         446      446              
  Lines       63258    63258              
==========================================
- Hits        35321    35303      -18     
- Misses      25561    25577      +16     
- Partials     2376     2378       +2

see 8 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@winder winder marked this pull request as ready for review July 5, 2023 15:56
@winder winder changed the title docker: Additional private network options. docker: Additional private network options and container tweaks. Jul 5, 2023
@winder winder self-assigned this Jul 5, 2023
shiqizng
shiqizng reviewed Jul 5, 2023
View reviewed changes
docker/files/run/run.sh Show resolved Hide resolved
docker/files/run/run.sh Show resolved Hide resolved
docker/files/run/run.sh Show resolved Hide resolved
@winder winder requested a review from shiqizng July 5, 2023 19:59
excalq
excalq approved these changes Jul 6, 2023
View reviewed changes
Copy link
Contributor

@excalq excalq left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Makes sense to me. I've familiarized myself a bit with gosu, which directly Docker's own user handling code for privilege de-escalation.

I'd be interested to know more about testing this private network configuration. It could even be useful for dogfooding new telemetry configurations.

@winder winder merged commit cece133 into algorand:master Jul 6, 2023
17 checks passed
@winder winder deleted the will/listening-private-network branch July 6, 2023 00:29
@Algo-devops-service Algo-devops-service mentioned this pull request Jul 11, 2023
Merged
@onetechnical onetechnical mentioned this pull request Jul 24, 2023
Merged
@Algo-devops-service Algo-devops-service mentioned this pull request Aug 3, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@excalq excalq excalq approved these changes

@shiqizng shiqizng shiqizng approved these changes

@algobarb algobarb Awaiting requested review from algobarb algobarb was automatically assigned from algorand/devops

Assignees

@winder winder

Labels
Enhancement Team Lamprey
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@winder @excalq @shiqizng