From 787289aa9e5aff40f2a9e5cd9447d84e3a4dbb25 Mon Sep 17 00:00:00 2001 From: Linus Gasser Date: Tue, 19 Sep 2023 19:00:31 +0200 Subject: [PATCH] Making docker image for byzcoin and web --- .dockerignore | 2 + .github/workflows/build-docker.yml | 11 +++- .gitignore | 2 +- DEDIS_BYZCOIN.md | 53 --------------- Dockerfile | 63 ++++++++++++++++-- Dockerfile.web | 29 ++++++++ README.md | 18 ++++- TODO.md | 2 - docker-compose.deploy.yml | 55 ++++++++++++++++ docker-compose.yml | 102 +++++++++++++++-------------- docker/byzcoin.sh | 42 +++++++----- httpd.conf | 1 + pkg/cothority/personhood/README.md | 2 +- setup_demo_chain.sh | 48 ++++++++++++++ 14 files changed, 297 insertions(+), 133 deletions(-) create mode 100644 .dockerignore delete mode 100644 DEDIS_BYZCOIN.md create mode 100644 Dockerfile.web delete mode 100644 TODO.md create mode 100644 docker-compose.deploy.yml create mode 100644 httpd.conf create mode 100755 setup_demo_chain.sh diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..45089bf --- /dev/null +++ b/.dockerignore @@ -0,0 +1,2 @@ +Dockerfile* +docker-compose* \ No newline at end of file diff --git a/.github/workflows/build-docker.yml b/.github/workflows/build-docker.yml index d3dd624..dabe2f1 100644 --- a/.github/workflows/build-docker.yml +++ b/.github/workflows/build-docker.yml @@ -9,8 +9,6 @@ jobs: steps: - name: Checkout uses: actions/checkout@v2 - - name: Set up QEMU - uses: docker/setup-qemu-action@v1 - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@v1 @@ -25,5 +23,14 @@ jobs: with: context: . platforms: linux/amd64 + target: byzcoin push: true tags: ghcr.io/c4dt/byzcoin:latest + - name: Build and push + uses: docker/build-push-action@v2 + with: + context: . + platforms: linux/amd64 + target: web + push: true + tags: ghcr.io/c4dt/byzcoin-web:latest diff --git a/.gitignore b/.gitignore index 6f3868e..490e796 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,4 @@ /cached.db .godocker .idea -nodes +/nodes/ diff --git a/DEDIS_BYZCOIN.md b/DEDIS_BYZCOIN.md deleted file mode 100644 index 2c85bdb..0000000 --- a/DEDIS_BYZCOIN.md +++ /dev/null @@ -1,53 +0,0 @@ -# DEDIS ByzCoin - -This is a sign-up sheet to be part of DEDIS' ByzCoin deployment. -The DEDIS ByzCoin deployment is an experimental network for running a -decentralized public ledger available open to the internet. -You can be part of it by agreeing to the terms in this file, signing it, and -sending it to [byzcoin@groupes.epfl.ch](mailto:byzcoin@groupes.epfl.ch). - -## Purpose - -The purpose of the ... - -## Engagement - -I, the owner of the server running the new node, agree to the following terms: - -1. I will invest time to keep the node running, specifically: - - make sure it's started automatically after a server reboot - - make sure it's started automatically if it fails - - allocating it enough harddisk-space (10GB) - - allocating it enough RAM (2GB) - - allocating it enough CPU (2 x 2GHz) - - running it with a fixed, public, IP - - update to new versions within 24h -2. I follow the personhood-channel, either on slack or on matrix, and read it - at least once per day. -3. I give notice of at least 30 days in advance if I want to remove my node. -4. I agree that my node will be removed from the network if I miss on any of -these engagements -5. I agree that DEDIS can remove my node at any time - -## Reward - -As a reward for running a node, you will get: -- access to our matrix instance -- tokens to create and manage new users -- support for creating new apps - -# Roadmap - -The following tasks will be done in a near future - hopefully 2020: -- automatic update of nodes -- improvement of ByzCoin performance -- switching from permissioned to proof-of-personhood - -# Signature - -I, the owner of this node, accept the above engagements: - -Date: - - -Signature: diff --git a/Dockerfile b/Dockerfile index 224482f..68baae0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,9 @@ -FROM golang:1.15 as builder +FROM golang:1.15 as builder-byzcoin -COPY . /byzcoin +RUN apt update && apt install -y zsh && apt clean +COPY go.* /byzcoin/ +COPY cmd /byzcoin/cmd/ +COPY pkg /byzcoin/pkg/ WORKDIR /byzcoin ENV LDFLAGS="-s -w -X main.gitTag=archive" RUN go build -ldflags="$LDFLAGS" ./cmd/byzcoin @@ -9,8 +12,48 @@ WORKDIR /byzcoin/pkg/cothority RUN go build -ldflags="$LDFLAGS" ./byzcoin/bcadmin RUN go build -ldflags="$LDFLAGS" ./personhood/phapp RUN cd scmgr && go build -ldflags="$LDFLAGS" . +WORKDIR /byzcoin +RUN cp /byzcoin/pkg/cothority/bcadmin /byzcoin/pkg/cothority/phapp \ + /byzcoin/pkg/cothority/scmgr/scmgr /byzcoin +COPY docker/byzcoin.sh setup_demo_chain.sh ./ +RUN ./setup_demo_chain.sh + +FROM node:12 as builder-omniledger +RUN git clone https://github.com/c4dt/omniledger -b archive /omniledger +WORKDIR /omniledger/webapp +RUN npm ci && npm link ../dynacred +RUN npx ng build --prod --base-href /login/ --deploy-url /login/ --aot --output-path www +COPY --from=builder-byzcoin /byzcoin/nodes/config.toml www/assets/ + +FROM node:14 as builder-olexplorer +RUN git clone https://github.com/c4dt/ol-explorer -b archive /ol-explorer +WORKDIR /ol-explorer +RUN npm ci +RUN npx ng build --prod --base-href /ol-explorer/ --deploy-url /ol-explorer/ --output-path www +COPY --from=builder-byzcoin /byzcoin/nodes/config.toml www/assets/config.toml + +FROM node:14 as builder-columbus +RUN git clone https://github.com/c4dt/columbus-united -b archive /columbus +WORKDIR /columbus +RUN npm i +RUN npm run bundle +COPY --from=builder-byzcoin /byzcoin/nodes/config.toml assets/config.toml -FROM debian:bookworm-slim +FROM scratch as setup_log +COPY --from=builder-byzcoin /byzcoin/login.txt . +COPY --from=builder-byzcoin /byzcoin/nodes/config.toml . + +FROM lipanski/docker-static-website:latest as web +#FROM python:latest +COPY httpd.conf . +COPY --from=builder-omniledger /omniledger/webapp/www/ login/ +COPY --from=builder-olexplorer /ol-explorer/www/ ol-explorer/ +COPY --from=builder-columbus /columbus/index.html columbus/ +COPY --from=builder-columbus /columbus/dist/ columbus/dist/ +COPY --from=builder-columbus /columbus/assets/ columbus/assets/ +COPY --from=builder-byzcoin /byzcoin/login.txt login.txt + +FROM debian:bookworm-slim as byzcoin RUN apt update && apt install -y procps ca-certificates netcat-openbsd && apt clean WORKDIR /root/ @@ -18,9 +61,15 @@ RUN mkdir /byzcoin RUN mkdir -p .local/share .config RUN ln -s /byzcoin .local/share/conode RUN ln -s /byzcoin .config/conode -COPY --from=builder /byzcoin/byzcoin /byzcoin/full /root/ -COPY --from=builder /byzcoin/pkg/cothority/bcadmin /byzcoin/pkg/cothority/phapp /root/ -COPY --from=builder /byzcoin/pkg/cothority/scmgr/scmgr /root/ +COPY --from=builder-byzcoin /byzcoin/byzcoin /byzcoin/full \ + /byzcoin/bcadmin /byzcoin/phapp \ + /byzcoin/scmgr /root/ +COPY --from=builder-byzcoin /byzcoin/nodes/ /root/nodes/ COPY docker/byzcoin.sh /root/ -CMD ["./byzcoin.sh"] +ENV BYZCOIN=./full +ENV DEBUG_LVL=2 +ENV DEBUG_COLOR=false +ENV DEBUG_TIME=true + +CMD ./byzcoin.sh diff --git a/Dockerfile.web b/Dockerfile.web new file mode 100644 index 0000000..bae80f6 --- /dev/null +++ b/Dockerfile.web @@ -0,0 +1,29 @@ +FROM node:12 as builder-omniledger +RUN git clone https://github.com/c4dt/omniledger -b archive /omniledger +WORKDIR /omniledger/webapp +RUN npm ci && npm link ../dynacred +RUN npx ng build --prod --base-href /login/ --deploy-url /login/ --aot --output-path www +COPY --from=byzcoin-builder /byzcoin/nodes/config.toml www/assets/ + +FROM node:14 as builder-olexplorer +RUN git clone https://github.com/c4dt/ol-explorer -b archive /ol-explorer +WORKDIR /ol-explorer +RUN npm ci +RUN npx ng build --prod --base-href /ol-explorer/ --deploy-url /ol-explorer/ --output-path www +COPY --from=byzcoin-builder /byzcoin/nodes/config.toml www/assets/config.toml + +FROM node:14 as builder-columbus +RUN git clone https://github.com/c4dt/columbus-united -b archive /columbus +WORKDIR /columbus +RUN npm i +RUN npm run bundle +COPY --from=byzcoin-builder /byzcoin/nodes/config.toml assets/config.toml + +FROM lipanski/docker-static-website:latest as web +#FROM python:latest +COPY httpd.conf . +COPY --from=builder-omniledger /omniledger/webapp/www/ login/ +COPY --from=builder-olexplorer /ol-explorer/www/ ol-explorer/ +COPY --from=builder-columbus /columbus/index.html columbus/ +COPY --from=builder-columbus /columbus/dist/ columbus/dist/ +COPY --from=builder-columbus /columbus/assets/ columbus/assets/ diff --git a/README.md b/README.md index e61b6df..c5e2985 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,20 @@ -# Byzcoin node +# Byzcoin node - ARCHIVED + +This repo has been archived and is no longer supporter. +You can however run this as a demo to run on your local machine. +To run the demo, download the repo and run the `docker-compose.yaml` file. +Then point your browser to http://localhost:8080 +The upcoming page gives a short summary of the different tools available +to interact with the byzcoin-blockchain. +The following tools are incorporated: + +- ByzCoin itself, running 4 nodes locally +- [OmniLedger](https://) login tool + +If you have any questions, or remarks, don't hesitate to reach out to +us by [c4dt-services@listes.epfl.ch](mailto:c4dt-services@listes.epfl.ch) + +## Description Byzcoin is a high-performance permissioned blockchain that can safely run in public mode, meaning everybody with access tokens can use it. diff --git a/TODO.md b/TODO.md deleted file mode 100644 index 85d520d..0000000 --- a/TODO.md +++ /dev/null @@ -1,2 +0,0 @@ -- make conode.go so that it works with the environment variables -- fix status so `status --host https://test.com:7771` works diff --git a/docker-compose.deploy.yml b/docker-compose.deploy.yml new file mode 100644 index 0000000..e110d9f --- /dev/null +++ b/docker-compose.deploy.yml @@ -0,0 +1,55 @@ +version: "3.0" + +services: + byzcoin: + environment: + # ADDRESS_NODE should always be tls:// - tcp:// is insecure and should + # not be used. + - ADDRESS_NODE=tls://byzcoin.c4dt.org:7770 + # ADDRESS_WS can be either http:// or https:// - for most of the use-cases + # you want this to be https://, so that secure webpages can access the node. + - ADDRESS_WS=http://byzcoin.c4dt.org:7771 + # A short description of your node that will be visible to the outside. + - DESCRIPTION=New ByzCoin node + # Whether to use TLS in the conodes. It is tested against 'false'. So + # anything different from 'false' will be interpreted as true. + - USE_TLS=false + # WS_SSL_* is ignored if ADDRESS_WS is http or USE_TLS=false. These files + # need to be in the ~/byzcoin directory before the node is started. + - WS_SSL_CHAIN=fullchain.pem + - WS_SSL_KEY=privkey.pem + # ID of the byzcoin to follow - this corresponds to the DEDIS byzcoin. + - BYZCOIN_ID=9cc36071ccb902a1de7e0d21a2c176d73894b1cf88ae4cc2ba4c95cd76f474f3 + # How much debugging output - 0 is none, 1 is important ones, 2 is + # interesting, 3 is detailed, 4 is lots of details, and 5 is too detailed for + # most purposes. + - DEBUG_LVL=2 + # Whether to niceify the debug outputs. If you put this to `true`, you should + # have a black background in the terminal. + - DEBUG_COLOR=false + # If set to true, adds a timestamp to each log-message + - DEBUG_TIME=true + # Send the logging information to a graylog instance. Optional, can be put to + # "" if not needed. + - GRAYLOG= + # Send tracing information to honeycomb.io. The format is: api_key:dataset. + # If no key is set, tracing is disabled. + - HONEYCOMB_API_KEY= + ports: + - "7770-7771:7770-7771" + image: c4dt/byzcoin:latest + volumes: + # Where the byzcoin data resides on the host. Do not change the :/byzcoin + # part, only the ~/byzcoin. + - ~/byzcoin:/byzcoin + logging: + driver: "json-file" + options: + max-size: "10m" + max-file: "4" + restart: unless-stopped + watchtower: + image: containrrr/watchtower:latest + volumes: + - /var/run/docker.sock:/var/run/docker.sock + command: --interval 3600 --label-enable --cleanup diff --git a/docker-compose.yml b/docker-compose.yml index e110d9f..6a57b75 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,55 +1,57 @@ -version: "3.0" +version: "3.8" services: - byzcoin: - environment: - # ADDRESS_NODE should always be tls:// - tcp:// is insecure and should - # not be used. - - ADDRESS_NODE=tls://byzcoin.c4dt.org:7770 - # ADDRESS_WS can be either http:// or https:// - for most of the use-cases - # you want this to be https://, so that secure webpages can access the node. - - ADDRESS_WS=http://byzcoin.c4dt.org:7771 - # A short description of your node that will be visible to the outside. - - DESCRIPTION=New ByzCoin node - # Whether to use TLS in the conodes. It is tested against 'false'. So - # anything different from 'false' will be interpreted as true. - - USE_TLS=false - # WS_SSL_* is ignored if ADDRESS_WS is http or USE_TLS=false. These files - # need to be in the ~/byzcoin directory before the node is started. - - WS_SSL_CHAIN=fullchain.pem - - WS_SSL_KEY=privkey.pem - # ID of the byzcoin to follow - this corresponds to the DEDIS byzcoin. - - BYZCOIN_ID=9cc36071ccb902a1de7e0d21a2c176d73894b1cf88ae4cc2ba4c95cd76f474f3 - # How much debugging output - 0 is none, 1 is important ones, 2 is - # interesting, 3 is detailed, 4 is lots of details, and 5 is too detailed for - # most purposes. - - DEBUG_LVL=2 - # Whether to niceify the debug outputs. If you put this to `true`, you should - # have a black background in the terminal. - - DEBUG_COLOR=false - # If set to true, adds a timestamp to each log-message - - DEBUG_TIME=true - # Send the logging information to a graylog instance. Optional, can be put to - # "" if not needed. - - GRAYLOG= - # Send tracing information to honeycomb.io. The format is: api_key:dataset. - # If no key is set, tracing is disabled. - - HONEYCOMB_API_KEY= + node-1: + image: ghcr.io/c4dt/byzcoin:latest + build: + context: ./ + dockerfile: Dockerfile + target: byzcoin + args: + DOCKER_BUILDKIT: 1 + platform: linux/amd64 ports: - - "7770-7771:7770-7771" - image: c4dt/byzcoin:latest + - "7770-7777:7770-7777" + - "8080:3000" + environment: + - NODE=1 volumes: - # Where the byzcoin data resides on the host. Do not change the :/byzcoin - # part, only the ~/byzcoin. - - ~/byzcoin:/byzcoin - logging: - driver: "json-file" - options: - max-size: "10m" - max-file: "4" - restart: unless-stopped - watchtower: - image: containrrr/watchtower:latest + - ./nodes/node-1:/byzcoin + + node-2: + image: ghcr.io/c4dt/byzcoin:latest + platform: linux/amd64 + environment: + - NODE=2 volumes: - - /var/run/docker.sock:/var/run/docker.sock - command: --interval 3600 --label-enable --cleanup + - ./nodes/node-2:/byzcoin + network_mode: "service:node-1" + + node-3: + image: ghcr.io/c4dt/byzcoin:latest + platform: linux/amd64 + environment: + - NODE=3 + volumes: + - ./nodes/node-3:/byzcoin + network_mode: "service:node-1" + + node-4: + image: ghcr.io/c4dt/byzcoin:latest + platform: linux/amd64 + environment: + - NODE=4 + volumes: + - ./nodes/node-4:/byzcoin + network_mode: "service:node-1" + + login: + image: ghcr.io/c4dt/byzcoin-web:latest + platform: linux/amd64 + build: + context: ./ + dockerfile: Dockerfile + target: web + args: + DOCKER_BUILDKIT: 1 + network_mode: "service:node-1" diff --git a/docker/byzcoin.sh b/docker/byzcoin.sh index 59f7434..6d07b02 100755 --- a/docker/byzcoin.sh +++ b/docker/byzcoin.sh @@ -1,36 +1,46 @@ #!/usr/bin/env bash -echo "Using command ${BYZCOIN:=./byzcoin}" - export DEBUG_LVL DEBUG_COLOR DEBUG_TIME -ssl="" -if [[ ( $ADDRESS_WS =~ https.* ) && ( $USE_TLS != 'false' ) ]]; then +BYZCOIN="${BYZCOIN:-./byzcoin}" +DATA_DIR="${DATA_DIR:-/byzcoin}" + +config() { + ssl="" + if [[ ($ADDRESS_WS =~ https.*) && ($USE_TLS != 'false') ]]; then echo "Using TLS" WS_CHAIN="/byzcoin/$WS_SSL_CHAIN" WS_KEY="/byzcoin/$WS_SSL_KEY" if [[ ! -f $WS_CHAIN ]]; then - echo "Couldn't find SSL-certificate $WS_SSL_CHAIN, please provide it." - exit 1 + echo "Couldn't find SSL-certificate $WS_SSL_CHAIN, please provide it." + exit 1 fi if [[ ! -f $WS_KEY ]]; then - echo "Couldn't find SSL-key $WS_SSL_KEY, please provide it." - exit 1 + echo "Couldn't find SSL-key $WS_SSL_KEY, please provide it." + exit 1 fi ssl="--ws-ssl-chain $WS_CHAIN \ - --ws-ssl-key $WS_KEY" -fi + --ws-ssl-key $WS_KEY" + fi -echo "Configuring ByzCoin" -$BYZCOIN config --address-node "$ADDRESS_NODE" \ + echo "Configuring ByzCoin" + $BYZCOIN config --address-node "$ADDRESS_NODE" \ --address-ws "$ADDRESS_WS" --desc "$DESCRIPTION" \ - --byzcoin-id "$BYZCOIN_ID" --data-dir /byzcoin $ssl -echo "Starting ByzCoin" + --byzcoin-id "$BYZCOIN_ID" --data-dir "$DATA_DIR" $ssl +} + +if ! [[ -f /byzcoin/public.toml ]]; then + if [[ "$NODE" ]]; then + cp -a /root/nodes/node-"$NODE"/* /byzcoin + else + config + fi +fi if [[ -z "$GRAYLOG" ]]; then echo "Running without Graylog" - $BYZCOIN --debug $DEBUG_LVL run /byzcoin + $BYZCOIN --debug $DEBUG_LVL run "$DATA_DIR" else echo "Forwarding to Graylog: ${GRAYLOG/:/ }" - $BYZCOIN --debug $DEBUG_LVL run /byzcoin | tee /dev/stderr | \ + $BYZCOIN --debug $DEBUG_LVL run "$DATA_DIR" | tee /dev/stderr | netcat -v ${GRAYLOG/:/ } fi diff --git a/httpd.conf b/httpd.conf new file mode 100644 index 0000000..afef993 --- /dev/null +++ b/httpd.conf @@ -0,0 +1 @@ +E404:login/index.html diff --git a/pkg/cothority/personhood/README.md b/pkg/cothority/personhood/README.md index 9e00285..9d3a4db 100644 --- a/pkg/cothority/personhood/README.md +++ b/pkg/cothority/personhood/README.md @@ -57,7 +57,7 @@ register the following information: 1. Create a new email user in the https://login.c4dt.org frontend - make sure that there are appropriate recovery options in case - you loose the private key. + you lose the private key. 2. Add a new DARC to the email user and call it `EmailDarc` - of course you can choose another name. 3. Add a device to the user and call it `Email`. diff --git a/setup_demo_chain.sh b/setup_demo_chain.sh new file mode 100755 index 0000000..a3bb6d1 --- /dev/null +++ b/setup_demo_chain.sh @@ -0,0 +1,48 @@ +#!/bin/zsh + +NODES_DIR=/byzcoin/nodes +mkdir -p $NODES_DIR/node-{1,2,3,4} +export BYZCOIN=./full \ + DEBUG_LVL=2 \ + DEBUG_COLOR=false \ + DEBUG_TIME=true +for node in $( seq 4 ); do + PORT_N=$(( 7770 + node * 2 )) + PORT_W=$(( PORT_N + 1 )) + ADDRESS_NODE=tls://localhost:$PORT_N \ + ADDRESS_WS=http://localhost:$PORT_W \ + DESCRIPTION="Local Node $node" \ + DATA_DIR=$NODES_DIR/node-$node \ + ./byzcoin.sh & +done + +# Waiting for the nodes to come up +# shellcheck disable=SC2046 +# shellcheck disable=SC2005 +# shellcheck disable=SC2012 +while [[ "$(echo $(ls nodes/node*/public.toml | wc -l))" != 4 ]]; do sleep 1; done +sleep 1 +for node in nodes/node*; do + echo "[[servers]]" >> nodes/group.toml + sed -e "s/Services/servers.Services/" $node/public.toml >> nodes/group.toml +done + +# Initializing a new byzcoin chain and creating a user +./bcadmin -c $NODES_DIR/ create $NODES_DIR/group.toml +BC=/$( ls $NODES_DIR/bc*.cfg ) +KEY=/$( ls $NODES_DIR/key*.cfg ) +URL=http://localhost:8080/login/register/device +./phapp user "$BC" "$KEY" $URL demo | tee login.tmp +tail -n 1 login.tmp | sed -e "s/.*is: //" > login.txt +echo tail done +rm login.tmp +echo rm done + +# Create configuration files +echo -e "\nByzCoinID = \"${BC/(\/$NODES_DIR\/bc-|.cfg)/}\"" > nodes/config.toml +echo created config.toml +# TODO: add a real LTS +echo -e "LTSID = \"${BC/(\/$NODES_DIR\/bc-|.cfg)/}\"\n" >> nodes/config.toml +echo updated config.toml +cat nodes/group.toml >> nodes/config.toml +echo finalized config.toml