diff --git a/build/Dockerfile b/build/Dockerfile index 191142b..5f7361c 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -1,11 +1,10 @@ ARG UPSTREAM_VERSION -########### -# BUILDER # -########### -# Get jq binaries (curl is already in the consensys image) -FROM debian:bullseye-slim as builder -RUN apt update && apt install cron jq --yes +FROM golang:1.16.15-alpine3.15 as builder +WORKDIR /app +RUN apk update && apk add git && git clone https://github.com/dappnode/eth2-pubkeys-autocheck.git +WORKDIR /app/eth2-pubkeys-autocheck/build +RUN go build -o auto-check-remote-keys main.go ######## # TEKU # @@ -17,20 +16,10 @@ FROM consensys/teku:$UPSTREAM_VERSION COPY --from=builder /usr/bin/jq /usr/bin/jq COPY --from=builder /usr/lib/x86_64-linux-gnu/libjq* /usr/lib/x86_64-linux-gnu/ COPY --from=builder /usr/lib/x86_64-linux-gnu/libonig* /usr/lib/x86_64-linux-gnu/ -# Copy crontab and cron binary -COPY --from=builder /usr/sbin/cron /usr/sbin/cron -COPY --from=builder /usr/bin/crontab /usr/bin/crontab -COPY --from=builder /var/spool/cron /var/spool/cron - -# Setup cronjob -COPY get-keys-cron /etc/cron.d/ -COPY get-keys.sh /usr/local/bin/get-keys.sh -# Apply cron job -RUN crontab /etc/cron.d/get-keys-cron - ENV JAVA_OPTS="-Xmx4g" +COPY --from=builder /app/build/auto-check-remote-keys /usr/local/bin/auto-check-remote-keys COPY entrypoint.sh /usr/bin/entrypoint.sh # API port: https://docs.teku.consensys.net/en/latest/Reference/CLI/CLI-Syntax/#rest-api-port diff --git a/build/entrypoint.sh b/build/entrypoint.sh index 73b8faa..788ec8a 100755 --- a/build/entrypoint.sh +++ b/build/entrypoint.sh @@ -96,7 +96,7 @@ if [ ! -z "${PUBLIC_KEYS_API}" ]; then fi echo "${INFO} starting cronjob" -cron +CLIENT_ADDRESS=http://teku-prater.dappnode CLIENT_PORT=9000 NETWORK=prater auto-check-remote-keys & # Concatenate EXTRA_OPTS string [ ! -z "$INITIAL_STATE" ] && EXTRA_OPTS="${EXTRA_OPTS} --initial-state=${INITIAL_STATE}" diff --git a/build/get-keys-cron b/build/get-keys-cron deleted file mode 100644 index 0e25098..0000000 --- a/build/get-keys-cron +++ /dev/null @@ -1,2 +0,0 @@ -# Run cron job to fetch public keys and redirect output to stdout. This file has permissions 0644. This file must have empty line at the end -* * * * * root /usr/local/bin/get-keys.sh > /proc/1/fd/1 2>&1 diff --git a/build/get-keys.sh b/build/get-keys.sh deleted file mode 100755 index fd0fea2..0000000 --- a/build/get-keys.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash -# -# This script must fetch and compare the public keys returned from the web3signer api -# with the public keys in the public_keys.txt file used to start the validator -# if the public keys are different, the script will kill the process 1 to restart the process -# if the public keys are the same, the script will do nothing - -ERROR="[ ERROR-cronjob ]" -WARN="[ WARN-cronjob ]" -INFO="[ INFO-cronjob ]" - -# This var must be set here and must be equal to the var defined in the compose file -PUBLIC_KEYS_FILE="/public_keys.txt" -HTTP_WEB3SIGNER="http://web3signer.web3signer-prater.dappnode:9000" - -# Get public keys in format: string[] -function get_public_keys() { - # Try for 30 seconds - if PUBLIC_KEYS_API=$(curl -s -X GET \ - -H "Content-Type: application/json" \ - --retry 10 \ - --retry-delay 3 \ - --retry-connrefused \ - "${HTTP_WEB3SIGNER}/eth/v1/keystores"); then - if PUBLIC_KEYS_API=($(echo ${PUBLIC_KEYS_API} | jq -r '.data[].validating_pubkey')); then - if [ ! -z "$PUBLIC_KEYS_API" ]; then - echo "${INFO} found public keys: $PUBLIC_KEYS_API" - else - echo "${WARN} no public keys found" - PUBLIC_KEYS_API=() - fi - else - { echo "${ERROR} something wrong happened parsing the public keys"; exit 1; } - fi - else - { echo "${ERROR} web3signer not available"; exit 1; } - fi -} - -# Reads public keys from file by new line separated and converts to string array -function read_old_public_keys() { - if [ -f ${PUBLIC_KEYS_FILE} ]; then - echo "${INFO} reading public keys from file" - PUBLIC_KEYS_OLD=($(cat ${PUBLIC_KEYS_FILE} | tr '\n' ' ')) - else - echo "${WARN} file ${PUBLIC_KEYS_FILE} not found" - PUBLIC_KEYS_OLD=() - fi -} - -# Compares the public keys from the file with the public keys from the api -# - kill main process if public keys from web3signer api does not contain the public keys from the file -# - kill main process if public keys from file does not contain the public keys from the web3signer api -# - kill main process if bash array length different -function compare_public_keys() { - echo "${INFO} comparing public keys" - - # compare array lentghs - if [ ${#PUBLIC_KEYS_OLD[@]} -ne ${#PUBLIC_KEYS_API[@]} ]; then - echo "${WARN} public keys from file and api are different. Killing process to restart" - kill 1 - exit 0 - else - if [ ${#PUBLIC_KEYS_API[@]} -eq 0 ]; then - echo "${INFO} public keys from file and api are empty. Not comparision needed" - exit 0 - else - echo "${INFO} same number of public keys, comparing" - # Compare public keys - for i in "${PUBLIC_KEYS_OLD[@]}"; do - if [[ "${PUBLIC_KEYS_API[@]}" =~ "${i}" ]]; then - echo "${INFO} public key ${i} found in api" - else - echo "${WARN} public key ${i} from file not found in api. Killing process to restart" - kill 1 - exit 0 - fi - done - fi - fi -} - -######## -# MAIN # -######## - -echo "${INFO} starting cronjob" -get_public_keys -read_old_public_keys -compare_public_keys -echo "${INFO} finished cronjob" -exit 0 \ No newline at end of file