From b8899f064447bd0734d0ba69f7a4a4fdb5d97428 Mon Sep 17 00:00:00 2001 From: yorickdowne <71337066+yorickdowne@users.noreply.github.com> Date: Thu, 1 Aug 2024 10:25:43 -0400 Subject: [PATCH] Support Siren 2.0 (#1888) --- README.md | 2 +- default.env | 8 +++++--- ethd | 16 +++++++++++++++- siren-shared.yml | 2 +- siren.yml | 11 +++++++++++ siren/docker-entrypoint.sh | 14 ++++++++++++++ 6 files changed, 47 insertions(+), 6 deletions(-) create mode 100755 siren/docker-entrypoint.sh diff --git a/README.md b/README.md index 68975f92..83a6ee4e 100644 --- a/README.md +++ b/README.md @@ -34,4 +34,4 @@ Eth Docker uses a "semver-ish" scheme. large. - Second through fourth digit, [semver](https://semver.org/). -This is Eth Docker v2.11.0.1 +This is Eth Docker v2.11.1.0 diff --git a/default.env b/default.env index d154b8f6..984a7abd 100644 --- a/default.env +++ b/default.env @@ -33,6 +33,8 @@ IPV6=false # Directory to keep ancient/static data. In use for Reth and Geth, optional. # If you use this, make sure to chown the directory to uid 10001 ANCIENT_DIR= +# Password for Lighthouse Siren +SIREN_PASSWORD= # Promtail logs label, something unique like the server name LOGS_LABEL=eth-docker @@ -86,8 +88,8 @@ PRYSM_UDP_PORT=9000 CL_QUIC_PORT=9001 # Local grafana dashboard port. Do not expose to Internet, it is insecure http GRAFANA_PORT=3000 -# Local Siren UI port. Do not expose to Internet, it is insecure http -SIREN_PORT=8080 +# Local Siren UI port +SIREN_PORT=2443 # Prometheus port used when exposing directly on host; used for federation PROMETHEUS_PORT=9090 # Local key manager port. Reachable only via localhost. Also doubles as Prysm web port @@ -306,4 +308,4 @@ DDNS_TAG=v2 NODE_EXPORTER_IGNORE_MOUNT_REGEX='^/(dev|proc|sys|run|var/lib/docker/.+)($|/)' # Used by ethd update - please do not adjust -ENV_VERSION=12 +ENV_VERSION=13 diff --git a/ethd b/ethd index 4b42d23a..f4549fc5 100755 --- a/ethd +++ b/ethd @@ -965,7 +965,7 @@ envmigrate() { PRYSM_UDP_PORT CL_QUIC_PORT GRAFANA_PORT SIREN_PORT PROMETHEUS_PORT KEY_API_PORT TRAEFIK_WEB_PORT \ TRAEFIK_WEB_HTTP_PORT CL_REST_PORT EL_RPC_PORT EL_WS_PORT EE_PORT ERIGON_TORRENT_PORT LOG_LEVEL JWT_SECRET \ EL_EXTRAS CL_EXTRAS VC_EXTRAS ARCHIVE_NODE SSV_P2P_PORT SSV_P2P_PORT_UDP ERIGON_P2P_PORT_2 \ - ERIGON_P2P_PORT_3 LODESTAR_HEAP SSV_DKG_PORT ) + ERIGON_P2P_PORT_3 LODESTAR_HEAP SSV_DKG_PORT SIREN_PASSWORD ) TARGET_VARS=( ETH_DOCKER_TAG NIM_SRC_BUILD_TARGET NIM_SRC_REPO NIM_DOCKER_TAG NIM_DOCKER_VC_TAG NIM_DOCKER_REPO \ NIM_DOCKER_VC_REPO NIM_DOCKERFILE TEKU_SRC_BUILD_TARGET TEKU_SRC_REPO TEKU_DOCKER_TAG TEKU_DOCKER_REPO \ TEKU_DOCKERFILE LH_SRC_BUILD_TARGET LH_SRC_REPO LH_DOCKER_TAG LH_DOCKER_REPO LH_DOCKERFILE \ @@ -985,6 +985,14 @@ envmigrate() { OLD_VARS=( ) NEW_VARS=( ) +# Always make sure we have a SIREN password + var="SIREN_PASSWORD" + SIREN_PASSWORD=$(sed -n -e "s/^${var}=\(.*\)/\1/p" "${ENV_FILE}" || true) + if [ -z "${SIREN_PASSWORD}" ]; then + SIREN_PASSWORD=$(head -c 8 /dev/urandom | od -A n -t u8 | tr -d '[:space:]' | sha256sum | head -c 32) + set_value_in_env + fi + var=ENV_VERSION __target_ver=$(sed -n -e "s/^${var}=\(.*\)/\1/p" "default.env" || true) __source_ver=$(sed -n -e "s/^${var}=\(.*\)/\1/p" "${ENV_FILE}" || true) @@ -3192,6 +3200,12 @@ config() { var=GETH_DOCKERFILE set_value_in_env fi + var="SIREN_PASSWORD" + SIREN_PASSWORD=$(sed -n -e "s/^${var}=\(.*\)/\1/p" "${ENV_FILE}" || true) + if [ -z "${SIREN_PASSWORD}" ]; then + SIREN_PASSWORD=$(head -c 8 /dev/urandom | od -A n -t u8 | tr -d '[:space:]' | sha256sum | head -c 32) + set_value_in_env + fi ${__as_owner} rm .env.original diff --git a/siren-shared.yml b/siren-shared.yml index c5f37da2..1bd7f1ab 100644 --- a/siren-shared.yml +++ b/siren-shared.yml @@ -2,4 +2,4 @@ services: siren: ports: - - ${SHARE_IP:-}:${SIREN_PORT}:80/tcp + - ${SHARE_IP:-}:${SIREN_PORT}:443/tcp diff --git a/siren.yml b/siren.yml index 689a6c20..90724f37 100644 --- a/siren.yml +++ b/siren.yml @@ -12,8 +12,19 @@ services: restart: "unless-stopped" image: ${SIREN_DOCKER_REPO}:${SIREN_DOCKER_TAG} volumes: + - lhvalidator-data:/var/lib/lighthouse + - ./siren/docker-entrypoint.sh:/usr/local/bin/docker-entrypoint.sh - /etc/localtime:/etc/localtime:ro + environment: + - BEACON_URL=${CL_NODE} + - VALIDATOR_URL=http://vc:7500 + - SESSION_PASSWORD=${SIREN_PASSWORD} + - SSL_ENABLED=true + - DEBUG=false + - SIREN_PORT=${SIREN_PORT} <<: *logging + entrypoint: + - docker-entrypoint.sh labels: - traefik.enable=true - traefik.http.routers.$(SIREN_HOST:-siren}.service=${SIREN_HOST:-siren} diff --git a/siren/docker-entrypoint.sh b/siren/docker-entrypoint.sh new file mode 100755 index 00000000..cc775d8c --- /dev/null +++ b/siren/docker-entrypoint.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash +set -Eeuo pipefail + +if [ ! -f /var/lib/lighthouse/validators/api-token.txt ]; then + echo "Validator client API token not found. Waiting 30s before restarting." + sleep 30 + exit 1 +fi + +API_TOKEN=$(cat /var/lib/lighthouse/validators/api-token.txt) +export API_TOKEN + +echo "Log into Siren at https://my-node-ip/${SIREN_PORT} with password ${SESSION_PASSWORD}" +exec /app/docker-assets/docker-entrypoint.sh