devnet,docs: remove agent build and deployment
Change-Id: I04ab07f6db21918297e891de5475f61d22f58cc5
This commit is contained in:
parent
95473e1eb0
commit
ce6b39e3be
|
@ -19,8 +19,6 @@ RUN --mount=type=cache,target=/usr/local/cargo,from=rust,source=/usr/local/cargo
|
||||||
cargo install --version =1.7.0 solana-cli && \
|
cargo install --version =1.7.0 solana-cli && \
|
||||||
cargo install --version =2.0.12 spl-token-cli && \
|
cargo install --version =2.0.12 spl-token-cli && \
|
||||||
cargo build --manifest-path ./bridge/Cargo.toml --package client --release && \
|
cargo build --manifest-path ./bridge/Cargo.toml --package client --release && \
|
||||||
cargo build --manifest-path ./bridge/Cargo.toml --package agent --release && \
|
|
||||||
cp /usr/local/cargo/bin/solana /usr/local/bin && \
|
cp /usr/local/cargo/bin/solana /usr/local/bin && \
|
||||||
cp /usr/local/cargo/bin/spl-token /usr/local/bin && \
|
cp /usr/local/cargo/bin/spl-token /usr/local/bin && \
|
||||||
cp bridge/target/release/client /usr/local/bin && \
|
cp bridge/target/release/client /usr/local/bin
|
||||||
cp bridge/target/release/agent /usr/local/bin
|
|
8
Makefile
8
Makefile
|
@ -32,11 +32,3 @@ $(BIN)/guardiand: dirs generate
|
||||||
cd bridge && go build -ldflags "-X github.com/certusone/wormhole/bridge/pkg/version.version=${VERSION}" \
|
cd bridge && go build -ldflags "-X github.com/certusone/wormhole/bridge/pkg/version.version=${VERSION}" \
|
||||||
-mod=readonly -o ../$(BIN)/guardiand \
|
-mod=readonly -o ../$(BIN)/guardiand \
|
||||||
github.com/certusone/wormhole/bridge
|
github.com/certusone/wormhole/bridge
|
||||||
|
|
||||||
.PHONY: agent
|
|
||||||
agent: $(BIN)/guardiand-solana-agent
|
|
||||||
|
|
||||||
.PHONY: $(BIN)/guardiand-solana-agent
|
|
||||||
$(BIN)/guardiand-solana-agent: dirs
|
|
||||||
cd solana/agent && cargo build --release
|
|
||||||
cp solana/target/release/agent $(BIN)/guardiand-solana-agent
|
|
||||||
|
|
6
Tiltfile
6
Tiltfile
|
@ -77,13 +77,13 @@ k8s_resource(
|
||||||
],
|
],
|
||||||
)
|
)
|
||||||
|
|
||||||
# solana agent and cli (runs alongside bridge)
|
# solana client cli (used for devnet setup)
|
||||||
|
|
||||||
docker_build(
|
docker_build(
|
||||||
ref = "solana-agent",
|
ref = "solana-client",
|
||||||
context = ".",
|
context = ".",
|
||||||
only = ["./proto", "./solana"],
|
only = ["./proto", "./solana"],
|
||||||
dockerfile = "Dockerfile.agent",
|
dockerfile = "Dockerfile.client",
|
||||||
|
|
||||||
# Ignore target folders from local (non-container) development.
|
# Ignore target folders from local (non-container) development.
|
||||||
ignore = ["./solana/target", "./solana/agent/target", "./solana/cli/target"],
|
ignore = ["./solana/target", "./solana/agent/target", "./solana/cli/target"],
|
||||||
|
|
|
@ -107,19 +107,3 @@ spec:
|
||||||
- containerPort: 7070
|
- containerPort: 7070
|
||||||
name: public-grpc
|
name: public-grpc
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
- name: agent
|
|
||||||
image: solana-agent
|
|
||||||
volumeMounts:
|
|
||||||
- mountPath: /run/bridge
|
|
||||||
name: bridge-rundir
|
|
||||||
command:
|
|
||||||
- /usr/local/bin/agent
|
|
||||||
- --bridge=Bridge1p5gheXUvJ6jGWGeCsgPKgnE3YgdGKRVCMY9o
|
|
||||||
- --rpc=http://solana-devnet:8899
|
|
||||||
- --ws=ws://solana-devnet:8900
|
|
||||||
- --socket=/run/bridge/agent.sock
|
|
||||||
- --keypair=id.json
|
|
||||||
ports:
|
|
||||||
- containerPort: 9000
|
|
||||||
name: grpc
|
|
||||||
protocol: TCP
|
|
||||||
|
|
|
@ -78,7 +78,7 @@ spec:
|
||||||
port: rpc
|
port: rpc
|
||||||
path: /health
|
path: /health
|
||||||
- name: setup
|
- name: setup
|
||||||
image: solana-agent
|
image: solana-client
|
||||||
command:
|
command:
|
||||||
- /usr/src/solana/devnet_setup.sh
|
- /usr/src/solana/devnet_setup.sh
|
||||||
startupProbe:
|
startupProbe:
|
||||||
|
|
|
@ -78,15 +78,13 @@ git checkout v0.1.2
|
||||||
Then, compile the release binaries as an unprivileged build user:
|
Then, compile the release binaries as an unprivileged build user:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
make agent bridge
|
make bridge
|
||||||
```
|
```
|
||||||
|
|
||||||
You'll end up with the following binaries in `build/`:
|
You'll end up with the following binaries in `build/`:
|
||||||
|
|
||||||
- `guardiand` is the main Wormhole bridge node software.
|
- `guardiand` is the main Wormhole bridge node software.
|
||||||
- `guardiand-solana-agent` is a helper service which runs alongside Wormhole and exposes a gRPC API
|
|
||||||
for Wormhole to interact with Solana and the Wormhole contract on Solana.
|
|
||||||
|
|
||||||
Consider these recommendations, not a tutorial to be followed blindly. You'll want to integrate this with your
|
Consider these recommendations, not a tutorial to be followed blindly. You'll want to integrate this with your
|
||||||
existing build pipeline. If you need Dockerfile examples, you can take a look at our devnet deployment.
|
existing build pipeline. If you need Dockerfile examples, you can take a look at our devnet deployment.
|
||||||
|
|
||||||
|
@ -100,7 +98,7 @@ to disk. Please create a GitHub issue if this extra capability represents an ope
|
||||||
## Key Generation
|
## Key Generation
|
||||||
|
|
||||||
To generate a guardian key, install guardiand first. If you generate the key on a separate machine, you may want to
|
To generate a guardian key, install guardiand first. If you generate the key on a separate machine, you may want to
|
||||||
compile guardiand only, without compiling the agent or installing it:
|
compile guardiand only without installing it:
|
||||||
|
|
||||||
make bridge
|
make bridge
|
||||||
sudo setcap cap_ipc_lock=+ep ./build/bin/guardiand
|
sudo setcap cap_ipc_lock=+ep ./build/bin/guardiand
|
||||||
|
@ -125,7 +123,6 @@ Example systemd unit for `guardiand.service`, including the right capabilities a
|
||||||
Description=Wormhole Bridge guardian daemon
|
Description=Wormhole Bridge guardian daemon
|
||||||
Documentation=https://github.com/certusone/wormhole
|
Documentation=https://github.com/certusone/wormhole
|
||||||
Requires=network.target
|
Requires=network.target
|
||||||
Wants=guardiand-solana-agent.service
|
|
||||||
After=network.target
|
After=network.target
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
|
@ -140,7 +137,6 @@ ExecStart=/usr/local/bin/guardiand bridge \
|
||||||
--bridgeKey /path/to/your/guardian.key \
|
--bridgeKey /path/to/your/guardian.key \
|
||||||
--ethRPC ws://your-eth-node:8545 \
|
--ethRPC ws://your-eth-node:8545 \
|
||||||
--adminSocket /run/guardiand/admin.socket \
|
--adminSocket /run/guardiand/admin.socket \
|
||||||
--agentRPC /run/guardiand/agent.socket \
|
|
||||||
--solanaBridgeAddress "<see launch repo>" \
|
--solanaBridgeAddress "<see launch repo>" \
|
||||||
--solanaRPC http://solana-host:8899 \
|
--solanaRPC http://solana-host:8899 \
|
||||||
--solanaWS ws://solana-devnet:8900
|
--solanaWS ws://solana-devnet:8900
|
||||||
|
@ -163,39 +159,6 @@ LimitMEMLOCK=infinity
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
```
|
```
|
||||||
|
|
||||||
And `guardiand-solana-agent.service`:
|
|
||||||
|
|
||||||
```
|
|
||||||
# /etc/systemd/system/guardiand-solana-agent.service
|
|
||||||
[Unit]
|
|
||||||
Description=Wormhole Bridge Solana agent
|
|
||||||
Documentation=https://github.com/certusone/wormhole
|
|
||||||
Requires=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
User=wormhole
|
|
||||||
Group=wormhole
|
|
||||||
ExecStart=/usr/local/bin/guardiand-solana-agent \
|
|
||||||
--bridge "<see launch repo>" \
|
|
||||||
--rpc http://solana-host:8899 \
|
|
||||||
--ws ws://solana-devnet:8900 \
|
|
||||||
--keypair /path/to/feepayer.key \
|
|
||||||
--socket /run/guardiand/agent.socket
|
|
||||||
RuntimeDirectory=guardiand
|
|
||||||
RuntimeDirectoryMode=700
|
|
||||||
RuntimeDirectoryPreserve=yes
|
|
||||||
PermissionsStartOnly=yes
|
|
||||||
PrivateTmp=yes
|
|
||||||
PrivateDevices=yes
|
|
||||||
NoNewPrivileges=yes
|
|
||||||
Restart=on-failure
|
|
||||||
RestartSec=5s
|
|
||||||
LimitNOFILE=65536
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
```
|
|
||||||
|
|
||||||
You need to open port 8999/udp in your firewall for the P2P network. Nothing else has to be exposed externally.
|
You need to open port 8999/udp in your firewall for the P2P network. Nothing else has to be exposed externally.
|
||||||
|
|
||||||
### Kubernetes
|
### Kubernetes
|
||||||
|
@ -247,11 +210,6 @@ You'll have to manage the following keys:
|
||||||
An attacker could potentially use it to censor your messages on the network. Other than that, it's not very
|
An attacker could potentially use it to censor your messages on the network. Other than that, it's not very
|
||||||
critical and can be rotated. The node will automatically create a node key at the path you specify if it doesn't exist.
|
critical and can be rotated. The node will automatically create a node key at the path you specify if it doesn't exist.
|
||||||
|
|
||||||
- The **Solana fee payer** account supplied to wormhole-solana-agent. This is a hot wallet which should hold
|
|
||||||
~10 SOL to pay for VAA submissions. The Wormhole protocol includes a subsidization mechanism which uses transfer
|
|
||||||
fees to reimburse guardians, so during normal operation, you shouldn't have to top up the account (but by
|
|
||||||
all means, set up monitoring for it!).
|
|
||||||
|
|
||||||
- _\[The **Terra fee payer** account. Terra support is still a work in progress - more details on this later\]._
|
- _\[The **Terra fee payer** account. Terra support is still a work in progress - more details on this later\]._
|
||||||
|
|
||||||
For production, we strongly recommend to either encrypt your disks, and/or take care to never have keys touch the disk.
|
For production, we strongly recommend to either encrypt your disks, and/or take care to never have keys touch the disk.
|
||||||
|
|
Loading…
Reference in New Issue