devnet,docs: remove agent build and deployment
Change-Id: I04ab07f6db21918297e891de5475f61d22f58cc5
This commit is contained in:
parent
95473e1eb0
commit
ce6b39e3be
|
@ -19,8 +19,6 @@ RUN --mount=type=cache,target=/usr/local/cargo,from=rust,source=/usr/local/cargo
|
|||
cargo install --version =1.7.0 solana-cli && \
|
||||
cargo install --version =2.0.12 spl-token-cli && \
|
||||
cargo build --manifest-path ./bridge/Cargo.toml --package client --release && \
|
||||
cargo build --manifest-path ./bridge/Cargo.toml --package agent --release && \
|
||||
cp /usr/local/cargo/bin/solana /usr/local/bin && \
|
||||
cp /usr/local/cargo/bin/spl-token /usr/local/bin && \
|
||||
cp bridge/target/release/client /usr/local/bin && \
|
||||
cp bridge/target/release/agent /usr/local/bin
|
||||
cp bridge/target/release/client /usr/local/bin
|
8
Makefile
8
Makefile
|
@ -32,11 +32,3 @@ $(BIN)/guardiand: dirs generate
|
|||
cd bridge && go build -ldflags "-X github.com/certusone/wormhole/bridge/pkg/version.version=${VERSION}" \
|
||||
-mod=readonly -o ../$(BIN)/guardiand \
|
||||
github.com/certusone/wormhole/bridge
|
||||
|
||||
.PHONY: agent
|
||||
agent: $(BIN)/guardiand-solana-agent
|
||||
|
||||
.PHONY: $(BIN)/guardiand-solana-agent
|
||||
$(BIN)/guardiand-solana-agent: dirs
|
||||
cd solana/agent && cargo build --release
|
||||
cp solana/target/release/agent $(BIN)/guardiand-solana-agent
|
||||
|
|
6
Tiltfile
6
Tiltfile
|
@ -77,13 +77,13 @@ k8s_resource(
|
|||
],
|
||||
)
|
||||
|
||||
# solana agent and cli (runs alongside bridge)
|
||||
# solana client cli (used for devnet setup)
|
||||
|
||||
docker_build(
|
||||
ref = "solana-agent",
|
||||
ref = "solana-client",
|
||||
context = ".",
|
||||
only = ["./proto", "./solana"],
|
||||
dockerfile = "Dockerfile.agent",
|
||||
dockerfile = "Dockerfile.client",
|
||||
|
||||
# Ignore target folders from local (non-container) development.
|
||||
ignore = ["./solana/target", "./solana/agent/target", "./solana/cli/target"],
|
||||
|
|
|
@ -107,19 +107,3 @@ spec:
|
|||
- containerPort: 7070
|
||||
name: public-grpc
|
||||
protocol: TCP
|
||||
- name: agent
|
||||
image: solana-agent
|
||||
volumeMounts:
|
||||
- mountPath: /run/bridge
|
||||
name: bridge-rundir
|
||||
command:
|
||||
- /usr/local/bin/agent
|
||||
- --bridge=Bridge1p5gheXUvJ6jGWGeCsgPKgnE3YgdGKRVCMY9o
|
||||
- --rpc=http://solana-devnet:8899
|
||||
- --ws=ws://solana-devnet:8900
|
||||
- --socket=/run/bridge/agent.sock
|
||||
- --keypair=id.json
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
name: grpc
|
||||
protocol: TCP
|
||||
|
|
|
@ -78,7 +78,7 @@ spec:
|
|||
port: rpc
|
||||
path: /health
|
||||
- name: setup
|
||||
image: solana-agent
|
||||
image: solana-client
|
||||
command:
|
||||
- /usr/src/solana/devnet_setup.sh
|
||||
startupProbe:
|
||||
|
|
|
@ -78,15 +78,13 @@ git checkout v0.1.2
|
|||
Then, compile the release binaries as an unprivileged build user:
|
||||
|
||||
```bash
|
||||
make agent bridge
|
||||
make bridge
|
||||
```
|
||||
|
||||
You'll end up with the following binaries in `build/`:
|
||||
|
||||
- `guardiand` is the main Wormhole bridge node software.
|
||||
- `guardiand-solana-agent` is a helper service which runs alongside Wormhole and exposes a gRPC API
|
||||
for Wormhole to interact with Solana and the Wormhole contract on Solana.
|
||||
|
||||
|
||||
Consider these recommendations, not a tutorial to be followed blindly. You'll want to integrate this with your
|
||||
existing build pipeline. If you need Dockerfile examples, you can take a look at our devnet deployment.
|
||||
|
||||
|
@ -100,7 +98,7 @@ to disk. Please create a GitHub issue if this extra capability represents an ope
|
|||
## Key Generation
|
||||
|
||||
To generate a guardian key, install guardiand first. If you generate the key on a separate machine, you may want to
|
||||
compile guardiand only, without compiling the agent or installing it:
|
||||
compile guardiand only without installing it:
|
||||
|
||||
make bridge
|
||||
sudo setcap cap_ipc_lock=+ep ./build/bin/guardiand
|
||||
|
@ -125,7 +123,6 @@ Example systemd unit for `guardiand.service`, including the right capabilities a
|
|||
Description=Wormhole Bridge guardian daemon
|
||||
Documentation=https://github.com/certusone/wormhole
|
||||
Requires=network.target
|
||||
Wants=guardiand-solana-agent.service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
|
@ -140,7 +137,6 @@ ExecStart=/usr/local/bin/guardiand bridge \
|
|||
--bridgeKey /path/to/your/guardian.key \
|
||||
--ethRPC ws://your-eth-node:8545 \
|
||||
--adminSocket /run/guardiand/admin.socket \
|
||||
--agentRPC /run/guardiand/agent.socket \
|
||||
--solanaBridgeAddress "<see launch repo>" \
|
||||
--solanaRPC http://solana-host:8899 \
|
||||
--solanaWS ws://solana-devnet:8900
|
||||
|
@ -163,39 +159,6 @@ LimitMEMLOCK=infinity
|
|||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
And `guardiand-solana-agent.service`:
|
||||
|
||||
```
|
||||
# /etc/systemd/system/guardiand-solana-agent.service
|
||||
[Unit]
|
||||
Description=Wormhole Bridge Solana agent
|
||||
Documentation=https://github.com/certusone/wormhole
|
||||
Requires=network.target
|
||||
|
||||
[Service]
|
||||
User=wormhole
|
||||
Group=wormhole
|
||||
ExecStart=/usr/local/bin/guardiand-solana-agent \
|
||||
--bridge "<see launch repo>" \
|
||||
--rpc http://solana-host:8899 \
|
||||
--ws ws://solana-devnet:8900 \
|
||||
--keypair /path/to/feepayer.key \
|
||||
--socket /run/guardiand/agent.socket
|
||||
RuntimeDirectory=guardiand
|
||||
RuntimeDirectoryMode=700
|
||||
RuntimeDirectoryPreserve=yes
|
||||
PermissionsStartOnly=yes
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
NoNewPrivileges=yes
|
||||
Restart=on-failure
|
||||
RestartSec=5s
|
||||
LimitNOFILE=65536
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
```
|
||||
|
||||
You need to open port 8999/udp in your firewall for the P2P network. Nothing else has to be exposed externally.
|
||||
|
||||
### Kubernetes
|
||||
|
@ -247,11 +210,6 @@ You'll have to manage the following keys:
|
|||
An attacker could potentially use it to censor your messages on the network. Other than that, it's not very
|
||||
critical and can be rotated. The node will automatically create a node key at the path you specify if it doesn't exist.
|
||||
|
||||
- The **Solana fee payer** account supplied to wormhole-solana-agent. This is a hot wallet which should hold
|
||||
~10 SOL to pay for VAA submissions. The Wormhole protocol includes a subsidization mechanism which uses transfer
|
||||
fees to reimburse guardians, so during normal operation, you shouldn't have to top up the account (but by
|
||||
all means, set up monitoring for it!).
|
||||
|
||||
- _\[The **Terra fee payer** account. Terra support is still a work in progress - more details on this later\]._
|
||||
|
||||
For production, we strongly recommend to either encrypt your disks, and/or take care to never have keys touch the disk.
|
||||
|
|
Loading…
Reference in New Issue