testnet-0.2: strip v0.1 deploy infra, switch to mix-only fleet

This commit is contained in:
akshaya 2026-06-30 09:02:13 -04:00
parent bbea62ca00
commit 44c1f2a5c1
No known key found for this signature in database
GPG Key ID: 12C1A9E9F5629D18
3 changed files with 37 additions and 303 deletions

1
.gitignore vendored
View File

@ -3,3 +3,4 @@
keystore
postgresql
.env
/data/

View File

@ -1,40 +1,13 @@
version: "3.7"
# Environment variable definitions
x-rln-relay-eth-client-address: &rln_relay_eth_client_address ${RLN_RELAY_ETH_CLIENT_ADDRESS:-} # Add your RLN_RELAY_ETH_CLIENT_ADDRESS after the "-"
x-rln-environment: &rln_env
RLN_RELAY_CONTRACT_ADDRESS: ${RLN_RELAY_CONTRACT_ADDRESS:-0xB9cd878C90E49F797B4431fBF4fb333108CB90e6}
RLN_RELAY_CRED_PATH: ${RLN_RELAY_CRED_PATH:-} # Optional: Add your RLN_RELAY_CRED_PATH after the "-"
RLN_RELAY_CRED_PASSWORD: ${RLN_RELAY_CRED_PASSWORD:-} # Optional: Add your RLN_RELAY_CRED_PASSWORD after the "-"
x-pg-pass: &pg_pass ${POSTGRES_PASSWORD:-test123}
x-pg-user: &pg_user ${POSTGRES_USER:-postgres}
x-pg-environment: &pg_env
POSTGRES_USER: *pg_user
POSTGRES_PASSWORD: *pg_pass
x-pg-exporter-env: &pg_exp_env
environment:
POSTGRES_PASSWORD: *pg_pass
DATA_SOURCE_URI: postgres?sslmode=disable
DATA_SOURCE_USER: *pg_user
DATA_SOURCE_PASS: *pg_pass
PG_EXPORTER_EXTEND_QUERY_PATH: /etc/pgexporter/queries.yml
# Services definitions
services:
nwaku:
image: ${NWAKU_IMAGE:-quay.io/wakuorg/nwaku-pr:3587}
image: ${NWAKU_IMAGE:-quay.io/wakuorg/nwaku-pr:3807}
restart: on-failure
ports:
- 30304:30304/tcp
- 30304:30304/udp
- 9005:9005/udp
- 127.0.0.1:8003:8003
- 80:80 #Let's Encrypt
- 8000:8000/tcp #WSS
- 127.0.0.1:8645:8645
logging:
driver: json-file
options:
@ -43,156 +16,21 @@ services:
compress: "true"
tag: "nwaku-{{.ID}}"
environment:
DOMAIN: ${DOMAIN}
NODEKEY: ${NODEKEY}
RLN_RELAY_CRED_PASSWORD: "${RLN_RELAY_CRED_PASSWORD}"
RLN_RELAY_ETH_CLIENT_ADDRESS: *rln_relay_eth_client_address
KAD_BOOTSTRAP_NODES: ${KAD_BOOTSTRAP_NODES}
CLUSTER_ID: ${CLUSTER_ID}
MIX_DISABLE_COVER_TRAFFIC: ${MIX_DISABLE_COVER_TRAFFIC}
NUM_SHARDS_IN_NETWORK: ${NUM_SHARDS_IN_NETWORK}
SHARD: ${SHARD}
TCP_PORT: ${TCP_PORT}
METRICS_PORT: ${METRICS_PORT}
LOG_LEVEL: ${LOG_LEVEL}
MAX_CONNECTIONS: ${MAX_CONNECTIONS}
EXTRA_ARGS: ${EXTRA_ARGS}
STORAGE_SIZE: ${STORAGE_SIZE}
<<:
- *pg_env
- *rln_env
volumes:
- ./run_node.sh:/opt/run_node.sh:Z
- ${CERTS_DIR:-./certs}:/etc/letsencrypt/:Z
- ./keystore:/keystore:Z
- ./data:/data
working_dir: /data
entrypoint: sh
command:
- /opt/run_node.sh
depends_on:
- postgres
# TODO: Commented until ready
#waku-frontend:
# # TODO: migrate to waku-org
# image: docker.io/alrevuelta/waku-frontend:latest
# #command:
# # - xxx
# ports:
# - 127.0.0.1:4000:3000
# restart: on-failure:5
# depends_on:
# - nwaku
prometheus:
image: docker.io/prom/prometheus:latest
volumes:
- ./monitoring/prometheus-config.yml:/etc/prometheus/prometheus.yml:Z
command:
- --config.file=/etc/prometheus/prometheus.yml
- --storage.tsdb.retention.size=${PROMETHEUS_RETENTION_SIZE:-5GB}
# ports:
# - 127.0.0.1:9090:9090
restart: on-failure:5
depends_on:
- postgres-exporter
- nwaku
grafana:
image: docker.io/grafana/grafana:latest
env_file:
- ./monitoring/configuration/grafana-plugins.env
volumes:
- ./monitoring/configuration/grafana.ini:/etc/grafana/grafana.ini:Z
- ./monitoring/configuration/dashboards.yaml:/etc/grafana/provisioning/dashboards/dashboards.yaml:Z
- ./monitoring/configuration/datasources.yaml:/etc/grafana/provisioning/datasources/datasources.yaml:Z
- ./monitoring/configuration/dashboards:/var/lib/grafana/dashboards/:Z
- ./monitoring/configuration/customizations/custom-logo.svg:/usr/share/grafana/public/img/grafana_icon.svg:Z
- ./monitoring/configuration/customizations/custom-logo.svg:/usr/share/grafana/public/img/grafana_typelogo.svg:Z
- ./monitoring/configuration/customizations/custom-logo.png:/usr/share/grafana/public/img/fav32.png:Z
ports:
- 0.0.0.0:3000:3000
restart: on-failure:5
depends_on:
- prometheus
postgres:
# This service is used when the Waku node has the 'store' protocol enabled
# and the store-message-db-url is set to use Postgres
image: postgres:15.4-alpine3.18
restart: on-failure:5
shm_size: "${POSTGRES_SHM:-1g}" # Set default shared memory size to 1 GB
environment:
<<: *pg_env
volumes:
- ./postgres_cfg/postgresql.conf:/etc/postgresql/postgresql.conf:Z
- ./postgres_cfg/db.sql:/docker-entrypoint-initdb.d/db.sql:Z
- ${PG_DATA_DIR:-./postgresql}:/var/lib/postgresql/data:Z
command: postgres -c config_file=/etc/postgresql/postgresql.conf
ports:
- 127.0.0.1:5432:5432
healthcheck:
test: ["CMD-SHELL", "pg_isready -U postgres -d postgres"]
interval: 30s
timeout: 60s
retries: 5
start_period: 80s
postgres-exporter:
# Service aimed to scrape information from Postgres and post it to Prometeus
image: quay.io/prometheuscommunity/postgres-exporter:v0.12.0
restart: on-failure:5
<<: *pg_exp_env
volumes:
- ./monitoring/configuration/postgres-exporter.yml:/etc/pgexporter/postgres-exporter.yml:Z
- ./monitoring/configuration/pg-exporter-queries.yml:/etc/pgexporter/queries.yml:Z
command:
# Both the config file and 'DATA_SOURCE_NAME' should contain valid connection info
- --config.file=/etc/pgexporter/postgres-exporter.yml
depends_on:
- postgres
## Uncomment if you have RLN credentials and want to use play with a front end to send messages
# waku-frontend:
# # TODO: migrate to waku-org
# image: alrevuelta/waku-frontend:aad9628
# ports:
# - 127.0.0.1:4000:4000
# restart: on-failure:5
# depends_on:
# - nwaku
## Uncomment if you need pgadmin support in your container.
## Commented for backward version compatibility of docker-compose.
# pgadmin:
# image: dpage/pgadmin4:latest
# environment:
# - PGADMIN_DEFAULT_EMAIL=waku@waku.com
# - PGADMIN_DEFAULT_PASSWORD=wakuwaku
# - PGADMIN_CONFIG_SERVER_MODE=False
# - PGADMIN_CONFIG_MASTER_PASSWORD_REQUIRED=False
# - PGADMIN_LISTEN_PORT=80
# ports:
# - 15432:80
# user: root
# entrypoint: /bin/sh -c "chmod 600 /pgpass; /entrypoint.sh;"
# volumes:
# - pgadmin:/var/lib/pgadmin
# configs:
# - source: servers.json
# target: /pgadmin4/servers.json
# - source: pgpass
# target: /pgpass
# depends_on:
# - postgres
# profiles:
# - dbadmin
# volumes:
# pgadmin:
# configs:
# pgpass:
# content: postgres:5432:*:${POSTGRES_USER:-postgres}:${POSTGRES_PASSWORD:-test123}
# servers.json:
# content: |
# {"Servers": {"1": {
# "Group": "Servers",
# "Name": "WakuStoreDB",
# "Host": "postgres",
# "Port": 5432,
# "MaintenanceDB": "postgres",
# "Username": "postgres",
# "PassFile": "/pgpass",
# "SSLMode": "disable"
# }}}

View File

@ -1,144 +1,39 @@
#!/bin/sh
echo "I am a nwaku node"
echo "I am a nwaku mix node (testnet-0.2)"
if [ -n "${ETH_CLIENT_ADDRESS}" ] ; then
echo "ETH_CLIENT_ADDRESS variable was renamed to RLN_RELAY_ETH_CLIENT_ADDRESS"
echo "Please update your .env file"
exit 1
fi
if [ -z "${RLN_RELAY_ETH_CLIENT_ADDRESS}" ]; then
echo "Missing Eth client address, please refer to README.md for detailed instructions"
exit 1
fi
MY_EXT_IP=$(wget -qO- https://api4.ipify.org)
DNS_WSS_CMD=
if [ -z "${DOMAIN}" ]; then
echo "auto-domain: DOMAIN is unset, trying to guess it"
# Check if we have an IP
IPCHECK=$(echo "${MY_EXT_IP}" | grep -c '^[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+$')
if [ "${IPCHECK}" -ne 1 ]; then
echo "Failed to get ip, received: '${MY_EXT_IP}'"
else
echo "auto-domain: ip is '${MY_EXT_IP}'"
# Get reverse DNS
DNS=$(dig +short -x "${MY_EXT_IP}")
# Check if looks like a DNS
DNSCHECK=$(echo "${DNS}" | grep -c '^\([a-zA-Z0-9_\-]\+\.\)\+$')
if [ "${DNSCHECK}" -ne 1 ]; then
echo "Failed to get DNS, received: '${DNS}'"
else
DOMAIN=$(echo "${DNS}" | sed s/\.$//)
echo "auto-domain: DOMAIN deduced and set to ${DOMAIN}"
# Double check the domain is setup to return right IP
# OpenDNS servers are used to bypass /etc/hosts as it may return loopback address
DNS_IP=$(dig +short @208.67.222.222 "${DNS}")
if [ "${DNS_IP}" != "${MY_EXT_IP}" ]; then
echo "auto-domain: DNS queried returned a different ip: '${DNS_IP}', unsetting DOMAIN"
unset DOMAIN
else
echo "auto-domain: last verification successful, DOMAIN=${DOMAIN}"
fi
fi
fi
fi
if [ -n "${DOMAIN}" ]; then
LETSENCRYPT_PATH=/etc/letsencrypt/live/${DOMAIN}
if ! [ -d "${LETSENCRYPT_PATH}" ]; then
apk add --no-cache certbot
certbot certonly\
--non-interactive\
--agree-tos\
--no-eff-email\
--no-redirect\
--email admin@${DOMAIN}\
-d ${DOMAIN}\
--standalone
fi
if ! [ -e "${LETSENCRYPT_PATH}/privkey.pem" ]; then
echo "The certificate does not exist. Proceeding without supporting websocket"
else
WS_SUPPORT="--websocket-support=true"
WSS_SUPPORT="--websocket-secure-support=true"
WSS_KEY="--websocket-secure-key-path=${LETSENCRYPT_PATH}/privkey.pem"
WSS_CERT="--websocket-secure-cert-path=${LETSENCRYPT_PATH}/fullchain.pem"
DNS4_DOMAIN="--dns4-domain-name=${DOMAIN}"
DNS_WSS_CMD="${WS_SUPPORT} ${WSS_SUPPORT} ${WSS_CERT} ${WSS_KEY} ${DNS4_DOMAIN}"
fi
fi
MY_EXT_IP="${MY_EXT_IP:-$(wget -qO- https://api4.ipify.org)}"
# NODEKEY env -> --nodekey flag for stable peer ID
if [ -n "${NODEKEY}" ]; then
NODEKEY=--nodekey=${NODEKEY}
NODEKEY_FLAG="--nodekey=${NODEKEY}"
fi
if [ -n "${RLN_RELAY_CRED_PASSWORD}" ]; then
RLN_RELAY_CRED_PASSWORD=--rln-relay-cred-password="${RLN_RELAY_CRED_PASSWORD}"
## Enable Light Push (RLNaaS) if RLN credentials are used
LIGHTPUSH=--lightpush=true
## Pass default value for credentials path if not set
RLN_RELAY_CRED_PATH=--rln-relay-cred-path=${RLN_RELAY_CRED_PATH:-/keystore/keystore.json}
echo "Using RLN credentials from ${RLN_RELAY_CRED_PATH}"
else
LIGHTPUSH=--lightpush=false
# Ensure no empty values are passed
RLN_RELAY_CRED_PATH=""
RLN_RELAY_CRED_PASSWORD=""
fi
STORE_RETENTION_POLICY=--store-message-retention-policy=size:1GB
if [ -n "${STORAGE_SIZE}" ]; then
STORE_RETENTION_POLICY=--store-message-retention-policy=size:"${STORAGE_SIZE}"
# KAD_BOOTSTRAP_NODES env (comma-separated multiaddrs) -> repeated --kad-bootstrap-node flags
# Each entry must be /dns4/<host>/tcp/<port>/p2p/<peerID> (peerID required by libp2p).
KAD_BOOTSTRAP_FLAGS=""
if [ -n "${KAD_BOOTSTRAP_NODES}" ]; then
KAD_BOOTSTRAP_FLAGS=$(echo "${KAD_BOOTSTRAP_NODES}" | tr ',' '\n' | sed 's/^/--kad-bootstrap-node=/' | tr '\n' ' ')
fi
exec /usr/bin/wakunode\
--mix=true\
--mix-disable-cover-traffic=${MIX_DISABLE_COVER_TRAFFIC:-true}\
--enable-kad-discovery=true\
--relay=true\
--filter=true\
--mix=true\
--peer-exchange=true\
${LIGHTPUSH}\
--lightpush=true\
--cluster-id=${CLUSTER_ID:-2}\
--num-shards-in-network=${NUM_SHARDS_IN_NETWORK:-1}\
--shard=${SHARD:-0}\
--keep-alive=true\
--max-connections=150\
--cluster-id=1\
--discv5-discovery=true\
--discv5-udp-port=9005\
--discv5-enr-auto-update=True\
--log-level=DEBUG\
--tcp-port=30304\
--metrics-server=True\
--metrics-server-port=8003\
--metrics-server-address=0.0.0.0\
--rest=true\
--rest-admin=true\
--rest-address=0.0.0.0\
--rest-port=8645\
--rest-allow-origin="waku-org.github.io"\
--rest-allow-origin="localhost:*"\
--max-connections=${MAX_CONNECTIONS:-150}\
--log-level=${LOG_LEVEL:-INFO}\
--tcp-port=${TCP_PORT:-30304}\
--nat=extip:"${MY_EXT_IP}"\
--store=true\
--store-message-db-url="postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/postgres"\
--rln-relay-eth-client-address="${RLN_RELAY_ETH_CLIENT_ADDRESS}"\
${RLN_RELAY_CRED_PATH}\
${RLN_RELAY_CRED_PASSWORD}\
${DNS_WSS_CMD}\
${NODEKEY}\
${STORE_RETENTION_POLICY}\
--metrics-server=true\
--metrics-server-port=${METRICS_PORT:-8003}\
--metrics-server-address=0.0.0.0\
${NODEKEY_FLAG}\
${KAD_BOOTSTRAP_FLAGS}\
${EXTRA_ARGS}