diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 045c2ed97..0dc790ec5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,22 +39,18 @@ jobs: - name: Login to docker run: | echo ${{ secrets.GH_PAT }} | docker login ghcr.io --username ${{ secrets.GH_USER }} --password-stdin - - name: Build node image run: | docker build -f ci/docker/Dockerfile --no-cache -t cheqd-node . - - name: Build testnet image run: | docker build -f ci/docker_testnet/Dockerfile --no-cache -t cheqd-testnet . - - name: Push node image run: | docker tag cheqd-node ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}:${{ env.VERSION }} docker tag cheqd-node ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}:latest docker push ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}:${{ env.VERSION }} docker push ghcr.io/${{ env.GITHUB_REPOSITORY_NAME }}:latest - - name: Push testnet image run: | docker tag cheqd-testnet ghcr.io/${{ github.repository_owner }}/${{ env.TESTNET_IMAGE_NAME }}:${{ env.VERSION }} @@ -71,6 +67,7 @@ jobs: VERSION: ${{ needs.setup-workflow.outputs.VERSION }} OUTPUT_DIR: "output" PACKAGE_NAME: "cheqd-node" + RELEASE_TAG: ${{ needs.setup-workflow.outputs.VERSION }} steps: - name: Set up Go 1.x uses: actions/setup-go@v2 @@ -86,19 +83,20 @@ jobs: - name: Build run: starport chain build - - name: Create artifacts directory - run: mkdir ${{ env.OUTPUT_DIR }} + - name: Changing version for deb packaging + run: | + echo "VERSION=$(echo ${{ env.VERSION }} | sed 's/v//')" >> $GITHUB_ENV - name: Make archive run: | - touch ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz - tar -czf ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz /home/runner/go/bin/cheqd-noded + ./build_tar.sh ${{ env.PACKAGE_NAME }} ${{ env.VERSION }} + working-directory: ./build_tools - name: Upload archive uses: actions/upload-artifact@v2 with: name: ${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz - path: ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz + path: build_tools/${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz - name: Install fpm run: | @@ -107,28 +105,20 @@ jobs: - name: Create deb package run: | - fpm \ - --input-type "tar" \ - --output-type "deb" \ - --version ${{ env.VERSION }} \ - --name cheqd-node \ - --description "cheqd node" \ - --architecture "amd64" \ - --verbose \ - --package ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}_amd64.deb \ - ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz + ./build_deb.sh ${{ env.PACKAGE_NAME }} ${{ env.VERSION }} + working-directory: ./build_tools - name: Upload deb uses: actions/upload-artifact@v2 with: name: ${{ env.PACKAGE_NAME }}_${{ env.VERSION }}_amd64.deb - path: ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}_amd64.deb + path: build_tools/${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}_amd64.deb - uses: "marvinpinto/action-automatic-releases@latest" with: repo_token: "${{ secrets.GITHUB_TOKEN }}" - automatic_release_tag: "${{ env.VERSION }}" + automatic_release_tag: "${{ env.RELEASE_TAG }}" prerelease: false files: | - ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}_amd64.deb - ${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz + build_tools/${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}_amd64.deb + build_tools/${{ env.OUTPUT_DIR }}/${{ env.PACKAGE_NAME }}_${{ env.VERSION }}.tar.gz diff --git a/build_tools/build_deb.sh b/build_tools/build_deb.sh new file mode 100755 index 000000000..e6bc9f0f9 --- /dev/null +++ b/build_tools/build_deb.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +if [ -n "$1" ]; then + PKG_NAME=$1 +else + echo "It seems that parameter 'PKG_NAME' was missed. Try: " + echo "$0 " + exit 1 +fi + +if [ -n "$2" ]; then + VERSION=$2 +else + echo "It seems that parameter 'VERSION' was missed. Try: " + echo "$0 " + exit 1 +fi + +source ./common.sh + +ARCH="amd64" +FULL_PKG_NAME=${PKG_NAME}_${VERSION}_${ARCH}.deb +PKG_PATH=$OUTPUT_DIR/$FULL_PKG_NAME + +fpm \ + --input-type "tar" \ + --output-type "deb" \ + --version "${VERSION}" \ + --name "cheqd-node" \ + --description "cheqd node" \ + --architecture "${ARCH}" \ + --after-install "postinst" \ + --after-remove "postremove" \ + --depends "logrotate" \ + --verbose \ + --package "${PKG_PATH}" \ + $PATH_TAR diff --git a/build_tools/build_tar.sh b/build_tools/build_tar.sh new file mode 100755 index 000000000..2cf96cd10 --- /dev/null +++ b/build_tools/build_tar.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +if [ -n "$1" ]; then + PKG_NAME=$1 +else + echo "It seems that parameter 'PKG_NAME' was missed. Try: " + echo "$0 " + exit 1 +fi + +if [ -n "$2" ]; then + VERSION=$2 +else + echo "It seems that parameter 'VERSION' was missed. Try: " + echo "$0 " + exit 1 +fi + + +source ./common.sh + +mkdir -p output +mkdir -p $TMP_DIR +cp $PATH_TO_BIN $TMP_DIR + +tar -czf $PATH_TAR $TMP_DIR + + diff --git a/build_tools/common.sh b/build_tools/common.sh new file mode 100644 index 000000000..cd084258d --- /dev/null +++ b/build_tools/common.sh @@ -0,0 +1,7 @@ +BINARY_NAME=${PKG_NAME}d +PATH_TO_BIN=/home/runner/go/bin/${BINARY_NAME} +TMP_DIR=usr/bin +OUTPUT_DIR=output +TAR_ARCHIVE=${PKG_NAME}_${VERSION}.tar.gz +PATH_TAR=$OUTPUT_DIR/$TAR_ARCHIVE + diff --git a/build_tools/postinst b/build_tools/postinst new file mode 100644 index 000000000..dab519d5f --- /dev/null +++ b/build_tools/postinst @@ -0,0 +1,110 @@ +#!/bin/sh + +CHEQD_USER_NAME=cheqd +USER_HOME_DIR=/var/lib/${CHEQD_USER_NAME} +CHEQD_HOME_DIR=${USER_HOME_DIR}/.cheqdnode +CHEQD_CONFIG_DIR=/etc/cheqd-node + +# If there is an argument then assume using as binary + script instead of apt +if [ -n "$1" ] && [ -f "$1" ] ; then + cp "$1" /usr/bin/ +fi + +# Create cheqd user +if ! /usr/bin/getent passwd $CHEQD_USER_NAME > /dev/null 2>&1 ; then + + adduser --system ${CHEQD_USER_NAME} --home ${USER_HOME_DIR} --shell /bin/bash + + # Make directory for logs + mkdir -p /var/log/cheqd-node + + # Make directory for config + mkdir -p ${CHEQD_CONFIG_DIR} + + # Make directory for data + mkdir -p ${USER_HOME_DIR}/data + + # Make home directory for cheqd user + mkdir -p ${CHEQD_HOME_DIR} + + # Symlinks for data and configs + ln -s /etc/cheqd-node ${CHEQD_HOME_DIR}/config + ln -s ${USER_HOME_DIR}/data ${CHEQD_HOME_DIR}/data + + # Change permissions for config and data directories + chown -R $CHEQD_USER_NAME:$CHEQD_USER_NAME ${CHEQD_CONFIG_DIR} + chown -R $CHEQD_USER_NAME:$CHEQD_USER_NAME ${USER_HOME_DIR} +fi + +# Add rsyslogd configuration +if [ -d /etc/rsyslog.d/ ] ; then + if [ ! -f /etc/rsyslog.d/cheqd-node.conf ] ; then + cat < /etc/rsyslog.d/cheqd-node.conf +if \$programname == 'cheqd-noded' then /var/log/cheqd-node/stdout.log +& stop +EOF + + # Change permissions for logs: + chown -R syslog:$CHEQD_USER_NAME /var/log/cheqd-node/ + + # Restart syslog + systemctl restart rsyslog + fi +fi + +# Add config for logrotation +if [ ! -f /etc/logrotate.d/cheqd-node ] ; then + cat < /etc/logrotate.d/cheqd-node +/var/log/cheqd-node/stdout.log { + rotate 30 + maxsize 100M + notifempty + copytruncate + compress + maxage 30 +} +EOF +fi + +# Add crontab job for daily rotation +if [ ! -f /etc/cron.daily/cheqd-node ] ; then + cat < /etc/cron.daily/cheqd-node +#!/bin/bash +logrotate /etc/logrotate.d/cheqd-node +EOF + + # Make this script executable + chmod +x /etc/cron.daily/cheqd-node + +fi + +# Add systemd script +if [ ! -f /lib/systemd/system/cheqd-noded.service ] ; then + cat < /lib/systemd/system/cheqd-noded.service +[Unit] +Description=Service for running Cheqd node +After=network.target + +[Service] +Type=simple +User=cheqd +ExecStart=/usr/bin/cheqd-noded start +Restart=on-failure +RestartSec=10 +StartLimitBurst=10 +StartLimitInterval=200 +TimeoutSec=300 +StandardOutput=syslog +StandardError=syslog +SyslogFacility=syslog +SyslogIdentifier=cheqd-noded + +[Install] +WantedBy=multi-user.target +EOF + # Reload daemons for systemctl + systemctl daemon-reload + + # Enable cheqd-noded + systemctl enable cheqd-noded +fi diff --git a/build_tools/postremove b/build_tools/postremove new file mode 100644 index 000000000..8e61eddbb --- /dev/null +++ b/build_tools/postremove @@ -0,0 +1,11 @@ +#!/bin/bash + +# Get rid of systemd service +if test -f "/lib/systemd/system/cheqd-noded.service"; then + # Stop systemd service firstly + systemctl stop cheqd-noded + + rm /lib/systemd/system/cheqd-noded.service + # Reload systemd daemons + systemctl daemon-reload +fi diff --git a/docs/deb-package-installation.md b/docs/deb-package-installation.md index 9bfe440ec..68b798c68 100644 --- a/docs/deb-package-installation.md +++ b/docs/deb-package-installation.md @@ -7,16 +7,26 @@ By the way, debian package consists of binary, named `cheqd-noded` and script wi ## Post-install actions ### Create a special user "cheqd" By default, cosmos-sdk create all needed directories in the `HOME` directory. -That's why package creates a special user with home directory `/home/cheqd`. Also, this user will use for setting permissions to data and configs. +That's why package creates a special user with home directory `/var/lib/cheqd`. Also, this user will use for setting permissions to data and configs. ### Dividing configs, data and logs #### Directories According to general filesystem hierarchy standard (FHS), the next directories will be created: ``` /etc/cheqd-node - configs, permissions cheqd:cheqd -/var/lib/cheqd-node/ - data , permissions cheqd:cheqd +/var/lib/cheqd/data - data , permissions cheqd:cheqd /var/log/cheqd-node - logs , permissions syslog:adm (set by rsyslog) ``` + +After setting up the node, it's expected, then configs and data will be symlinked to the corresponded system directories. +For this purposes will be created the next symlinks to configs and data: +``` +sudo ln -s /etc/cheqd-node/ /var/lib/cheqd/.cheqdnode/config - for configs +sudo ln -s /var/lib/cheqd/data /var/lib/cheqd/.cheqdnode/ - for data +``` + +After this preparation, it would be possible to set up cheqd node in general but under `cheqd` user. + #### Rsyslog config The next config for rsyslog will be created: ``` @@ -65,18 +75,6 @@ WantedBy=multi-user.target ``` The main thing here is that it will restart on binary failures and put all output to the `rsyslog`. -## Actions that can be deployed manually -After setting up the node, it's expected, then configs and data will be symlinked to the corresponded system directories. -Please, make sure that service was stopped, by checking output: -``` -systemctl status cheqd-noded.service -``` -Commands can be: -``` -sudo ln -s /etc/cheqd-node/config /home/cheqd/.cheqdnode/config - for configs -sudo ln -s /var/lib/cheqd-node/data/ /home/cheqd/.cheqdnode/ - for data -``` - ## Exposing port diff --git a/docs/how-to-setup-a-new-node.md b/docs/how-to-setup-a-new-node.md index b2e0c0938..f083a6f83 100644 --- a/docs/how-to-setup-a-new-node.md +++ b/docs/how-to-setup-a-new-node.md @@ -53,12 +53,16 @@ Follow these steps to deploy a new node: Command: `cheqd-noded init ` Example: `cheqd-noded init alice-node` + + **FYI**, in case of installing cheqd-node as a `.deb` package, please log in as a `cheqd` user, by calling `sudo su cheqd`. 4. Set genesis: Genesis should be published for public networks. If not, you can ask any existing network participant for it. Location (destination) of the genesis file: `$HOME/.cheqdnode/config/genesis.json` + + **FYI**, in case of installing cheqd-node as a `.deb` package, please log in as a `cheqd` user, by calling `sudo su cheqd`. 5. Set persistent peers: @@ -77,6 +81,7 @@ Follow these steps to deploy a new node: ``` persistent_peers = "d45dcc54583d6223ba6d4b3876928767681e8ff6@node0:26656, 9fb6636188ad9e40a9caf86b88ffddbb1b6b04ce@node1:26656, abbcb709fb556ce63e2f8d59a76c5023d7b28b86@node2:26656, cda0d4dbe3c29edcfcaf4668ff17ddcb96730aec@node3:26656" ``` + **FYI**, in case of installing cheqd-node as a `.deb` package, please log in as a `cheqd` user, by calling `sudo su cheqd`. 6. (optional) Make RPC endpoint available externally: @@ -88,6 +93,8 @@ Follow these steps to deploy a new node: Example: `laddr = "tcp://0.0.0.0:26657"` + **FYI**, in case of installing cheqd-node as a `.deb` package, please log in as a `cheqd` user, by calling `sudo su cheqd`. + 7. Configure firewall rules: Allow incoming tcp connections on the P2P port - `26656` by default. @@ -97,10 +104,12 @@ Follow these steps to deploy a new node: Allow all outgoing tcp connections for P2P communication. You can restrict port to the default P2P port `26656` but your node will not be able to connect to nodes with non default P2P port in this case. 8. Start node: - + 8.1 In case of using tarball: `cheqd-noded start` - - 8.2 In case of using `.deb` package:`systemctl start cheqd-noded.service` + + It's highly recommended to use a process supervisor like `systemd` to run persistent nodes. + + 8.2 In case of using `.deb` package:`systemctl start cheqd-noded.service` 9. (optional) Setup sentry nodes for DDOS protection: