packaging updates (#3974)
* packaging updates * one package per binary (nimbus_beacon_node, nimbus_validator_client) * use `-` in package name (`_` is separating the version) * don't include (un)installation scripts in package * default metrics port 8108 for vc * fix several upgrade/install errors in scripts * add JWT option to service files * don't attempt to remove user on purge
This commit is contained in:
parent
ca3245c4f0
commit
255be39e69
|
@ -61,7 +61,9 @@ jobs:
|
|||
with:
|
||||
ruby-version: '3.1' # Not needed with a .ruby-version file
|
||||
- name: Create RPM/DEB
|
||||
run: scripts/make_packages.sh -t dist/*.tar.gz --install-fpm
|
||||
run: |
|
||||
scripts/make_packages.sh -b nimbus_beacon_node -t dist/*.tar.gz --install-fpm
|
||||
scripts/make_packages.sh -b nimbus_validator_client -t dist/*.tar.gz --install-fpm
|
||||
- name: Upload DEB
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
|
@ -133,7 +135,9 @@ jobs:
|
|||
with:
|
||||
ruby-version: '3.1' # Not needed with a .ruby-version file
|
||||
- name: Create RPM/DEB
|
||||
run: scripts/make_packages.sh -t dist/*.tar.gz --install-fpm
|
||||
run: |
|
||||
scripts/make_packages.sh -b nimbus_beacon_node -t dist/*.tar.gz --install-fpm
|
||||
scripts/make_packages.sh -b nimbus_validator_client -t dist/*.tar.gz --install-fpm
|
||||
- name: Upload DEB
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
|
@ -205,7 +209,9 @@ jobs:
|
|||
with:
|
||||
ruby-version: '3.1' # Not needed with a .ruby-version file
|
||||
- name: Create RPM/DEB
|
||||
run: scripts/make_packages.sh -t dist/*.tar.gz --install-fpm
|
||||
run: |
|
||||
scripts/make_packages.sh -b nimbus_beacon_node -t dist/*.tar.gz --install-fpm
|
||||
scripts/make_packages.sh -b nimbus_validator_client -t dist/*.tar.gz --install-fpm
|
||||
- name: Upload DEB
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
|
|
|
@ -841,7 +841,7 @@ type
|
|||
|
||||
metricsPort* {.
|
||||
desc: "Listening HTTP port of the metrics server"
|
||||
defaultValue: 8008
|
||||
defaultValue: 8108
|
||||
name: "metrics-port" .}: Port
|
||||
|
||||
graffiti* {.
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
*.rpm
|
||||
*.deb
|
||||
package_image
|
||||
|
||||
|
|
|
@ -26,10 +26,11 @@ if [ ${PIPESTATUS[0]} != 4 ]; then
|
|||
exit 1
|
||||
fi
|
||||
|
||||
OPTS="ht:"
|
||||
LONGOPTS="help,tarball:,install-fpm"
|
||||
OPTS="hb:t:"
|
||||
LONGOPTS="help,binary:,tarball:,install-fpm"
|
||||
|
||||
# default values
|
||||
BINARY=""
|
||||
TARBALL=""
|
||||
PKG_ARCH=""
|
||||
|
||||
|
@ -38,6 +39,7 @@ print_help() {
|
|||
Usage: $(basename "$0") --tarball dist/nimbus-eth2_Linux_amd64_1.5.4_382be3fd.tar.gz
|
||||
|
||||
-h, --help this help message
|
||||
-b, --binary which binary to package (nimbus_beacon_node, nimbus_validator_client, ...)
|
||||
-t, --tarball tarball produced by "make dist-..."
|
||||
--install-fpm install the appropriate fpm version with "gem'
|
||||
EOF
|
||||
|
@ -57,6 +59,10 @@ while true; do
|
|||
print_help
|
||||
exit
|
||||
;;
|
||||
-b|--binary)
|
||||
BINARY="$2"
|
||||
shift 2
|
||||
;;
|
||||
-t|--tarball)
|
||||
TARBALL="$2"
|
||||
shift 2
|
||||
|
@ -96,14 +102,16 @@ case "${TARBALL}" in
|
|||
esac
|
||||
|
||||
SCRIPT_DIR="$(dirname "${BASH_SOURCE[0]}")"
|
||||
PKG_NAME="nimbus_beacon_node"
|
||||
PKG_IMG_DIR="${SCRIPT_DIR}/package_image"
|
||||
BINARIES="nimbus_beacon_node"
|
||||
PKG_NAME="$(echo ${BINARY} | tr '_' '-')"
|
||||
PKG_IMG_DIR="${SCRIPT_DIR}/package_image/${BINARY}"
|
||||
PKG_SRC_DIR="${SCRIPT_DIR}/package_src/${BINARY}"
|
||||
PKG_VERSION="$(echo "${TARBALL}" | sed 's/^.*_\([^_]\+\)_[^_]\+$/\1/')"
|
||||
TARBALL_TOP_DIR="$(echo "${TARBALL}" | sed 's#^.*/\([^/]\+\)\.tar\.gz$#\1#')"
|
||||
PKG_PATH_DEB="${SCRIPT_DIR}/../dist/${PKG_NAME}_${PKG_VERSION}_${PKG_ARCH_DEB}.deb"
|
||||
PKG_PATH_RPM="${SCRIPT_DIR}/../dist/${PKG_NAME}_${PKG_VERSION}_${PKG_ARCH_RPM}.rpm"
|
||||
|
||||
[ -d $PKG_SRC_DIR ] || { echo Unsupported binary "${BINARY}"; exit 1; }
|
||||
|
||||
FPM_VERSION=1.14.2
|
||||
if [[ "$(fpm -v)" != "$FPM_VERSION" ]] ; then
|
||||
if [[ "$INSTALL_FPM" == "1" ]] ; then
|
||||
|
@ -118,12 +126,12 @@ EOF
|
|||
fi
|
||||
fi
|
||||
|
||||
rm -rf "${PKG_IMG_DIR}"
|
||||
BIN_DIR="${PKG_IMG_DIR}/usr/bin"
|
||||
rm -rf "${BIN_DIR}"
|
||||
mkdir -p "${BIN_DIR}"
|
||||
for BINARY in ${BINARIES}; do
|
||||
tar -xzf "${TARBALL}" --strip-components 2 -C "${BIN_DIR}" "${TARBALL_TOP_DIR}/build/${BINARY}"
|
||||
done
|
||||
tar -xzf "${TARBALL}" --strip-components 2 -C "${BIN_DIR}" "${TARBALL_TOP_DIR}/build/${BINARY}"
|
||||
cp -ar ${PKG_SRC_DIR}/image/* ${PKG_IMG_DIR}
|
||||
|
||||
# delete existing packages
|
||||
rm -f "${PKG_PATH_DEB}" "${PKG_PATH_RPM}"
|
||||
|
@ -135,14 +143,14 @@ fpm -s dir -t deb -n "${PKG_NAME}" \
|
|||
-p "${PKG_PATH_DEB}" \
|
||||
-a "${PKG_ARCH_DEB}" \
|
||||
--depends lsb-release \
|
||||
--after-install "${PKG_IMG_DIR}/after_install" \
|
||||
--before-remove "${PKG_IMG_DIR}/before_remove" \
|
||||
--after-remove "${PKG_IMG_DIR}/after_remove" \
|
||||
--after-upgrade "${PKG_IMG_DIR}/after_upgrade" \
|
||||
--deb-after-purge "${PKG_IMG_DIR}/deb_after_purge" \
|
||||
--after-install "${PKG_SRC_DIR}/after_install" \
|
||||
--before-remove "${PKG_SRC_DIR}/before_remove" \
|
||||
--after-remove "${PKG_SRC_DIR}/after_remove" \
|
||||
--after-upgrade "${PKG_SRC_DIR}/after_upgrade" \
|
||||
--deb-after-purge "${PKG_SRC_DIR}/deb_after_purge" \
|
||||
--license "Apache 2.0 + MIT" \
|
||||
--maintainer "The Nimbus Team" \
|
||||
--description "Nimbus Beacon Chain / Ethereum Consensus client" \
|
||||
--description "$(cat ${PKG_SRC_DIR}/description)" \
|
||||
--url "https://nimbus.team/" \
|
||||
2>/dev/null
|
||||
|
||||
|
@ -152,13 +160,13 @@ fpm -s dir -t rpm -n "${PKG_NAME}" \
|
|||
-p "${PKG_PATH_RPM}" \
|
||||
-a "${PKG_ARCH_RPM}" \
|
||||
--depends redhat-lsb-core \
|
||||
--after-install "${PKG_IMG_DIR}/after_install" \
|
||||
--before-remove "${PKG_IMG_DIR}/before_remove" \
|
||||
--after-remove "${PKG_IMG_DIR}/after_remove" \
|
||||
--after-upgrade "${PKG_IMG_DIR}/after_upgrade" \
|
||||
--after-install "${PKG_SRC_DIR}/after_install" \
|
||||
--before-remove "${PKG_SRC_DIR}/before_remove" \
|
||||
--after-remove "${PKG_SRC_DIR}/after_remove" \
|
||||
--after-upgrade "${PKG_SRC_DIR}/after_upgrade" \
|
||||
--license "Apache 2.0 + MIT" \
|
||||
--maintainer "The Nimbus Team" \
|
||||
--description "Nimbus Beacon Chain / Ethereum Consensus client" \
|
||||
--description "$(cat ${PKG_SRC_DIR}/description)" \
|
||||
--url "https://nimbus.team/" \
|
||||
2>/dev/null
|
||||
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
systemctl is-active --quiet nimbus_beacon_node.service &&
|
||||
echo "Nimbus has been upgraded, don't forget to restart with 'sudo systemctl restart nimbus_beacon_node.service'!"
|
|
@ -1,6 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
systemctl stop 'nimbus_beacon_node.service'
|
||||
systemctl disable 'nimbus_beacon_node.service'
|
|
@ -1,9 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
rm -rf /var/lib/nimbus
|
||||
|
||||
if id -u nimbus > /dev/null 2>&1; then
|
||||
userdel nimbus # userdel will also delete the nimbus group
|
||||
fi
|
|
@ -6,13 +6,12 @@ DISTRO=$(lsb_release -si)
|
|||
if ! id -u nimbus > /dev/null 2>&1; then
|
||||
case $DISTRO in
|
||||
Ubuntu|Debian)
|
||||
# Debian uses `adduser` to create user...
|
||||
adduser --system --no-create-home --group nimbus
|
||||
;;
|
||||
Fedora|CentOS*|RedHat*|Scientific|Amazon*|Oracle*)
|
||||
adduser --system --no-create-home --user-group nimbus
|
||||
;;
|
||||
*) # blind shot... ToDo: add more DISTRO cases here
|
||||
adduser --system --no-create-home --group nimbus
|
||||
*)
|
||||
# ... while `useradd` is more standard
|
||||
useradd --system --no-create-home --user-group nimbus
|
||||
;;
|
||||
esac
|
||||
fi
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
( systemctl is-active --quiet nimbus_beacon_node.service && \
|
||||
echo "Nimbus has been upgraded, don't forget to restart with 'sudo systemctl restart nimbus_beacon_node.service'!" ) || true
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
SERVICE_NAME="nimbus_beacon_node"
|
||||
|
||||
if systemctl --all --type service | grep -q "$SERVICE_NAME"; then
|
||||
systemctl stop "$SERVICE_NAME"
|
||||
systemctl disable "$SERVICE_NAME"
|
||||
fi
|
||||
|
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
rm -rf /var/lib/nimbus
|
||||
|
||||
# https://wiki.debian.org/AccountHandlingInMaintainerScripts argues "mostly"
|
||||
# that users should not be removed, as do several debian bug debates that have
|
||||
# been ongoing since forever. Fedora is clear on the topic: don't remove
|
||||
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Allocation_Strategies
|
||||
if id -u `nimbus` > /dev/null 2>&1; then
|
||||
echo User `nimbus` needs to be removed manually
|
||||
fi
|
|
@ -0,0 +1 @@
|
|||
Nimbus Beacon Node / Ethereum Consensus client
|
|
@ -4,9 +4,11 @@
|
|||
# Environment="WEB3_URL=wss://provider/"
|
||||
#
|
||||
# To completely override the start command (to add custom parameters such as
|
||||
# graffiti), override the `ExecStart` value instead:
|
||||
# graffiti), override the `ExecStart` value instead by first emptying it, then
|
||||
# specifying a new one:
|
||||
#
|
||||
# [Service]
|
||||
# ExecStart=
|
||||
# ExecStart=/usr/bin/nimbus_beacon_node --network=${NETWORK} \
|
||||
# --data-dir="${DATA_DIR_PREFIX}/shared_${NETWORK}_${NODE_ID}" \
|
||||
# --graffiti=123
|
||||
|
@ -27,8 +29,10 @@ Environment=NETWORK=mainnet
|
|||
|
||||
# You need to have have access to an execution client - by default, we assume
|
||||
# a compatible execution client is running on the same machine on the default
|
||||
# websocket port.
|
||||
# websocket port. Make sure to supply the right path to the JWT secret.
|
||||
|
||||
Environment=WEB3_URL=ws://127.0.0.1:8546
|
||||
Environment=JWT_SECRET=/tmp/jwtsecret
|
||||
|
||||
# Where to store chain data
|
||||
Environment=DATA_DIR_PREFIX=/var/lib/nimbus
|
||||
|
@ -60,4 +64,5 @@ ExecStart=/usr/bin/nimbus_beacon_node \
|
|||
--udp-port=${UDP_PORT} \
|
||||
--rest=${REST_ENABLED} --rest-port=${REST_PORT} \
|
||||
--metrics=${METRICS_ENABLED} --metrics-port=${METRICS_PORT} \
|
||||
--web3-url=${WEB3_URL}
|
||||
--web3-url=${WEB3_URL} \
|
||||
--jwt-secret=${JWT_SECRET}
|
|
@ -0,0 +1,22 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
DISTRO=$(lsb_release -si)
|
||||
if ! id -u nimbus > /dev/null 2>&1; then
|
||||
case $DISTRO in
|
||||
Ubuntu|Debian)
|
||||
# Debian uses `adduser` to create user...
|
||||
adduser --system --no-create-home --group nimbus
|
||||
;;
|
||||
*)
|
||||
# ... while `useradd` is more standard
|
||||
useradd --system --no-create-home --user-group nimbus
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
||||
mkdir -p /var/lib/nimbus
|
||||
chown nimbus:nimbus /var/lib/nimbus
|
||||
|
||||
systemctl daemon-reload
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
# We don't do anything here since a normal "uninstall" should generally not
|
||||
# remove data - debian has "purge" to deal with this, others don't.
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
( systemctl is-active --quiet nimbus_validator_client.service && \
|
||||
echo "Nimbus has been upgraded, don't forget to restart with 'sudo systemctl restart nimbus_validator_client.service'!" ) || true
|
|
@ -0,0 +1,11 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
SERVICE_NAME="nimbus_validator_client"
|
||||
|
||||
if systemctl --all --type service | grep -q "$SERVICE_NAME";then
|
||||
systemctl stop "$SERVICE_NAME"
|
||||
systemctl disable "$SERVICE_NAME"
|
||||
fi
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
# The data folder will be removed as part of uninstallin the beacon node - this
|
||||
# is not ideal, but otoh, the VC data folder is small.
|
||||
|
||||
# https://wiki.debian.org/AccountHandlingInMaintainerScripts argues "mostly"
|
||||
# that users should not be removed, as do several debian bug debates that have
|
||||
# been ongoing since forever. Fedora is clear on the topic: don't remove
|
||||
# https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Allocation_Strategies
|
||||
if id -u `nimbus` > /dev/null 2>&1; then
|
||||
echo User `nimbus` needs to be removed manually
|
||||
fi
|
|
@ -0,0 +1 @@
|
|||
Nimbus Validator Client
|
|
@ -0,0 +1,54 @@
|
|||
# To configure the service, use `systemctl edit nimbus_beacon_node.service`
|
||||
# and override the environment variables in this file:
|
||||
# [Service]
|
||||
# Environment="BEACON_NODE=http://backup-beacon:8551"
|
||||
#
|
||||
# To completely override the start command (to add custom parameters such as
|
||||
# graffiti), override the `ExecStart` value instead by first emptying it, then
|
||||
# specifying a new one:
|
||||
#
|
||||
# [Service]
|
||||
# ExecStart=
|
||||
# ExecStart=/usr/bin/nimbus_validator_client --network=${NETWORK} \
|
||||
# --data-dir="${DATA_DIR_PREFIX}/vc \
|
||||
# --graffiti=123
|
||||
#
|
||||
# See https://nimbus.guide/ for more information
|
||||
|
||||
[Unit]
|
||||
Description=Nimbus Validator Client
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
[Service]
|
||||
# You need to have have access to a beacon node exposing the beacon API - by
|
||||
# default, we assume a compatible beacon node is running on the same machine.
|
||||
# You can add more beacon nodes by editing `ExecStart` instead.
|
||||
Environment=BEACON_NODE=http://127.0.0.1:5052
|
||||
|
||||
# Where to store chain data
|
||||
Environment=DATA_DIR_PREFIX=/var/lib/nimbus
|
||||
|
||||
# Default ports - if you want to run multiple instances of nimbus, for example
|
||||
# to run both prater and mainnet, separate ports must be used
|
||||
Environment=METRICS_PORT=8108
|
||||
|
||||
# Interaction and monitoring
|
||||
Environment=METRICS_ENABLED=Yes
|
||||
|
||||
# Default group = nimbus
|
||||
User=nimbus
|
||||
WorkingDirectory=/var/lib/nimbus
|
||||
TimeoutSec=1200
|
||||
Restart=always
|
||||
|
||||
# Don't restart when Doppelganger detection has been activated
|
||||
RestartPreventExitStatus=129
|
||||
|
||||
ExecStart=/usr/bin/nimbus_validator_client \
|
||||
--data-dir="${DATA_DIR_PREFIX}/vc" \
|
||||
--metrics=${METRICS_ENABLED} --metrics-port=${METRICS_PORT} \
|
||||
--beacon-node=${BEACON_NODE}
|
Loading…
Reference in New Issue