certusone
/
wormhole
mirror of https://github.com/certusone/wormhole.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

devnet,docs: remove agent build and deployment 

Change-Id: I04ab07f6db21918297e891de5475f61d22f58cc5
This commit is contained in:
Leo 2021-07-20 22:39:32 +02:00
parent 95473e1eb0
commit ce6b39e3be
6 changed files with 8 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile.agent → Dockerfile.client
View File

@ -19,8 +19,6 @@ RUN --mount=type=cache,target=/usr/local/cargo,from=rust,source=/usr/local/cargo
cargo install --version =1.7.0 solana-cli && \ cargo install --version =1.7.0 solana-cli && \
cargo install --version =2.0.12 spl-token-cli && \ cargo install --version =2.0.12 spl-token-cli && \
cargo build --manifest-path ./bridge/Cargo.toml --package client --release && \ cargo build --manifest-path ./bridge/Cargo.toml --package client --release && \
cargo build --manifest-path ./bridge/Cargo.toml --package agent --release && \
cp /usr/local/cargo/bin/solana /usr/local/bin && \ cp /usr/local/cargo/bin/solana /usr/local/bin && \
cp /usr/local/cargo/bin/spl-token /usr/local/bin && \ cp /usr/local/cargo/bin/spl-token /usr/local/bin && \
cp bridge/target/release/client /usr/local/bin && \ cp bridge/target/release/client /usr/local/bin
cp bridge/target/release/agent /usr/local/bin

8
Makefile
View File

@ -32,11 +32,3 @@ $(BIN)/guardiand: dirs generate
cd bridge && go build -ldflags "-X github.com/certusone/wormhole/bridge/pkg/version.version=${VERSION}" \ cd bridge && go build -ldflags "-X github.com/certusone/wormhole/bridge/pkg/version.version=${VERSION}" \
-mod=readonly -o ../$(BIN)/guardiand \ -mod=readonly -o ../$(BIN)/guardiand \
github.com/certusone/wormhole/bridge github.com/certusone/wormhole/bridge
.PHONY: agent
agent: $(BIN)/guardiand-solana-agent
.PHONY: $(BIN)/guardiand-solana-agent
$(BIN)/guardiand-solana-agent: dirs
cd solana/agent && cargo build --release
cp solana/target/release/agent $(BIN)/guardiand-solana-agent

6
Tiltfile
View File

@ -77,13 +77,13 @@ k8s_resource(
], ],
) )
# solana agent and cli (runs alongside bridge) # solana client cli (used for devnet setup)
docker_build( docker_build(
ref = "solana-agent", ref = "solana-client",
context = ".", context = ".",
only = ["./proto", "./solana"], only = ["./proto", "./solana"],
dockerfile = "Dockerfile.agent", dockerfile = "Dockerfile.client",
# Ignore target folders from local (non-container) development. # Ignore target folders from local (non-container) development.
ignore = ["./solana/target", "./solana/agent/target", "./solana/cli/target"], ignore = ["./solana/target", "./solana/agent/target", "./solana/cli/target"],

16
devnet/bridge.yaml
View File

@ -107,19 +107,3 @@ spec:
- containerPort: 7070 - containerPort: 7070
name: public-grpc name: public-grpc
protocol: TCP protocol: TCP
- name: agent
image: solana-agent
volumeMounts:
- mountPath: /run/bridge
name: bridge-rundir
command:
- /usr/local/bin/agent
- --bridge=Bridge1p5gheXUvJ6jGWGeCsgPKgnE3YgdGKRVCMY9o
- --rpc=http://solana-devnet:8899
- --ws=ws://solana-devnet:8900
- --socket=/run/bridge/agent.sock
- --keypair=id.json
ports:
- containerPort: 9000
name: grpc
protocol: TCP

2
devnet/solana-devnet.yaml
View File

@ -78,7 +78,7 @@ spec:
port: rpc port: rpc
path: /health path: /health
- name: setup - name: setup
image: solana-agent image: solana-client
command: command:
- /usr/src/solana/devnet_setup.sh - /usr/src/solana/devnet_setup.sh
startupProbe: startupProbe:

48
docs/operations.md
View File

@ -78,15 +78,13 @@ git checkout v0.1.2
Then, compile the release binaries as an unprivileged build user: Then, compile the release binaries as an unprivileged build user:
```bash ```bash
make agent bridge make bridge
``` ```
You'll end up with the following binaries in `build/`: You'll end up with the following binaries in `build/`:
- `guardiand` is the main Wormhole bridge node software. - `guardiand` is the main Wormhole bridge node software.
- `guardiand-solana-agent` is a helper service which runs alongside Wormhole and exposes a gRPC API
for Wormhole to interact with Solana and the Wormhole contract on Solana.
Consider these recommendations, not a tutorial to be followed blindly. You'll want to integrate this with your Consider these recommendations, not a tutorial to be followed blindly. You'll want to integrate this with your
existing build pipeline. If you need Dockerfile examples, you can take a look at our devnet deployment. existing build pipeline. If you need Dockerfile examples, you can take a look at our devnet deployment.
@ -100,7 +98,7 @@ to disk. Please create a GitHub issue if this extra capability represents an ope
## Key Generation ## Key Generation
To generate a guardian key, install guardiand first. If you generate the key on a separate machine, you may want to To generate a guardian key, install guardiand first. If you generate the key on a separate machine, you may want to
compile guardiand only, without compiling the agent or installing it: compile guardiand only without installing it:
make bridge make bridge
sudo setcap cap_ipc_lock=+ep ./build/bin/guardiand sudo setcap cap_ipc_lock=+ep ./build/bin/guardiand
@ -125,7 +123,6 @@ Example systemd unit for `guardiand.service`, including the right capabilities a
Description=Wormhole Bridge guardian daemon Description=Wormhole Bridge guardian daemon
Documentation=https://github.com/certusone/wormhole Documentation=https://github.com/certusone/wormhole
Requires=network.target Requires=network.target
Wants=guardiand-solana-agent.service
After=network.target After=network.target
[Service] [Service]
@ -140,7 +137,6 @@ ExecStart=/usr/local/bin/guardiand bridge \
--bridgeKey /path/to/your/guardian.key \ --bridgeKey /path/to/your/guardian.key \
--ethRPC ws://your-eth-node:8545 \ --ethRPC ws://your-eth-node:8545 \
--adminSocket /run/guardiand/admin.socket \ --adminSocket /run/guardiand/admin.socket \
--agentRPC /run/guardiand/agent.socket \
--solanaBridgeAddress "<see launch repo>" \ --solanaBridgeAddress "<see launch repo>" \
--solanaRPC http://solana-host:8899 \ --solanaRPC http://solana-host:8899 \
--solanaWS ws://solana-devnet:8900 --solanaWS ws://solana-devnet:8900
@ -163,39 +159,6 @@ LimitMEMLOCK=infinity
WantedBy=multi-user.target WantedBy=multi-user.target
``` ```
And `guardiand-solana-agent.service`:
```
# /etc/systemd/system/guardiand-solana-agent.service
[Unit]
Description=Wormhole Bridge Solana agent
Documentation=https://github.com/certusone/wormhole
Requires=network.target
[Service]
User=wormhole
Group=wormhole
ExecStart=/usr/local/bin/guardiand-solana-agent \
--bridge "<see launch repo>" \
--rpc http://solana-host:8899 \
--ws ws://solana-devnet:8900 \
--keypair /path/to/feepayer.key \
--socket /run/guardiand/agent.socket
RuntimeDirectory=guardiand
RuntimeDirectoryMode=700
RuntimeDirectoryPreserve=yes
PermissionsStartOnly=yes
PrivateTmp=yes
PrivateDevices=yes
NoNewPrivileges=yes
Restart=on-failure
RestartSec=5s
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
```
You need to open port 8999/udp in your firewall for the P2P network. Nothing else has to be exposed externally. You need to open port 8999/udp in your firewall for the P2P network. Nothing else has to be exposed externally.
### Kubernetes ### Kubernetes
@ -247,11 +210,6 @@ You'll have to manage the following keys:
An attacker could potentially use it to censor your messages on the network. Other than that, it's not very An attacker could potentially use it to censor your messages on the network. Other than that, it's not very
critical and can be rotated. The node will automatically create a node key at the path you specify if it doesn't exist. critical and can be rotated. The node will automatically create a node key at the path you specify if it doesn't exist.
- The **Solana fee payer** account supplied to wormhole-solana-agent. This is a hot wallet which should hold
~10 SOL to pay for VAA submissions. The Wormhole protocol includes a subsidization mechanism which uses transfer
fees to reimburse guardians, so during normal operation, you shouldn't have to top up the account (but by
all means, set up monitoring for it!).
- _\[The **Terra fee payer** account. Terra support is still a work in progress - more details on this later\]._ - _\[The **Terra fee payer** account. Terra support is still a work in progress - more details on this later\]._
For production, we strongly recommend to either encrypt your disks, and/or take care to never have keys touch the disk. For production, we strongly recommend to either encrypt your disks, and/or take care to never have keys touch the disk.