Skip to content
This repository has been archived by the owner on Aug 6, 2024. It is now read-only.

Commit

Permalink
Follow good practices for entrypoints (#66)
Browse files Browse the repository at this point in the history
  • Loading branch information
@dappnodedev
dappnodedev authored Jul 2, 2024
1 parent b6e5d2b commit c693ed8
Show file tree
Hide file tree
Showing 2 changed files with 29 additions and 28 deletions.
43 changes: 21 additions & 22 deletions dkg/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
OPERATOR_CONFIG_DIR=${OPERATOR_DATA_DIR}/config
DKG_LOGS_DIR=${DKG_DATA_DIR}/logs
DKG_OUTPUT_DIR=${DKG_DATA_DIR}/output
DKG_DB_PATH=${DKG_DATA_DIR}/db
DKG_CERT_DIR=${DKG_DATA_DIR}/ssl

PRIVATE_KEY_FILE=${OPERATOR_CONFIG_DIR}/encrypted_private_key.json
Expand All @@ -16,14 +15,14 @@ CERT_FILE="$DKG_CERT_DIR/tls.crt"
KEY_FILE="$DKG_CERT_DIR/tls.key"

create_directories() {
mkdir -p ${DKG_CONFIG_DIR} ${DKG_LOGS_DIR} ${DKG_OUTPUT_DIR}
mkdir -p "${DKG_CONFIG_DIR}" "${DKG_LOGS_DIR}" "${DKG_OUTPUT_DIR}"
}

wait_for_private_key() {
echo "[INFO] Waiting for the operator service to create the private key file..."
while [ ! -f "${PRIVATE_KEY_FILE}" ]; do
echo "[INFO] Waiting for ${PRIVATE_KEY_FILE} to be created..."
inotifywait -e create -qq $(dirname "${PRIVATE_KEY_FILE}")
inotifywait -e create -qq "$(dirname "${PRIVATE_KEY_FILE}")"
done

echo "[INFO] Private key file found."
Expand All @@ -39,21 +38,21 @@ get_operator_id() {

# Read operator ID from the file if it exists and is not empty
if [ -f "${OPERATOR_ID_FILE}" ] && [ -s "${OPERATOR_ID_FILE}" ]; then
OPERATOR_ID=$(cat ${OPERATOR_ID_FILE})
OPERATOR_ID=$(cat "${OPERATOR_ID_FILE}")
echo "[INFO] Using OPERATOR_ID from the file: ${OPERATOR_ID}"
else
fetch_operator_id_from_api
fi
else
echo "[INFO] Using provided OPERATOR_ID: ${OPERATOR_ID}"
echo "${OPERATOR_ID}" >${OPERATOR_ID_FILE}
echo "${OPERATOR_ID}" >"${OPERATOR_ID_FILE}"
fi
}

fetch_operator_id_from_api() {
echo "[INFO] OPERATOR_ID not provided. Fetching OPERATOR_ID from the API..."

PUBLIC_KEY=$(jq -r '.pubKey' ${PRIVATE_KEY_FILE})
PUBLIC_KEY=$(jq -r '.pubKey' "${PRIVATE_KEY_FILE}")

# If the PUBLIC_KEY is empty, try extracting using the '.publicKey' field (for previous SSV versions)
if [ -z "$PUBLIC_KEY" ] || [ "$PUBLIC_KEY" = "null" ]; then
Expand All @@ -73,7 +72,7 @@ fetch_operator_id_from_api() {
exit 0
else
echo "[INFO] Successfully fetched OPERATOR_ID: ${OPERATOR_ID}"
echo "${OPERATOR_ID}" >${OPERATOR_ID_FILE}
echo "${OPERATOR_ID}" >"${OPERATOR_ID_FILE}"
fi
}

Expand All @@ -84,27 +83,27 @@ generate_tls_cert() {

# Generate a self-signed SSL certificate only if it doesn't exist
if [ ! -f "$CERT_FILE" ] || [ ! -f "$KEY_FILE" ]; then
echo "[INFO] Certificate or key file not found. Generating new SSL certificate and key."
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout "$KEY_FILE" -out "$CERT_FILE" \
-subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io"
echo "[INFO] Certificate or key file not found. Generating new SSL certificate and key."
openssl req -x509 -newkey rsa:4096 -sha256 -days 3650 -nodes \
-keyout "$KEY_FILE" -out "$CERT_FILE" \
-subj "/C=IL/ST=Tel Aviv/L=Tel Aviv/O=Coin-Dash Ltd/CN=*.ssvlabs.io"
else
echo "[INFO] Existing SSL certificate and key found. Using them."
echo "[INFO] Existing SSL certificate and key found. Using them."
fi
}

start_dkg() {
exec /bin/ssv-dkg start-operator \
--operatorID ${OPERATOR_ID} \
--configPath ${DKG_CONFIG_FILE} \
--logFilePath ${DKG_LOG_FILE} \
--logLevel ${LOG_LEVEL} \
--outputPath ${DKG_OUTPUT_DIR} \
--port ${DKG_PORT} \
--privKey ${PRIVATE_KEY_FILE} \
--privKeyPassword ${PRIVATE_KEY_PASSWORD_FILE} \
--serverTLSCertPath ${CERT_FILE} \
--serverTLSKeyPath ${KEY_FILE}
--operatorID "${OPERATOR_ID}" \
--configPath "${DKG_CONFIG_FILE}" \
--logFilePath "${DKG_LOG_FILE}" \
--logLevel "${LOG_LEVEL}" \
--outputPath "${DKG_OUTPUT_DIR}" \
--port "${DKG_PORT}" \
--privKey "${PRIVATE_KEY_FILE}" \
--privKeyPassword "${PRIVATE_KEY_PASSWORD_FILE}" \
--serverTLSCertPath "${CERT_FILE}" \
--serverTLSKeyPath "${KEY_FILE}"
}

main() {
Expand Down
14 changes: 8 additions & 6 deletions operator/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ DEFAULT_PRIVATE_KEY_FILE=/encrypted_private_key.json
RAW_NODE_YML_CONFIG_FILE=${NODE_CONFIG_DIR}/raw-node-config.yml

create_directories() {
mkdir -p ${OPERATOR_CONFIG_DIR} ${OPERATOR_DB_DIR} ${OPERATOR_LOGS_DIR}
mkdir -p "${OPERATOR_CONFIG_DIR}" "${OPERATOR_DB_DIR}" "${OPERATOR_LOGS_DIR}"
}

assign_execution_endpoint() {
Expand Down Expand Up @@ -97,7 +97,7 @@ handle_private_key() {
}

post_pubkey_to_dappmanager() {
PUBLIC_KEY=$(jq -r '.pubKey' ${PRIVATE_KEY_FILE})
PUBLIC_KEY=$(jq -r '.pubKey' "${PRIVATE_KEY_FILE}")

# If the PUBLIC_KEY is empty, try extracting using the '.publicKey' field (for previous SSV versions)
if [ -z "$PUBLIC_KEY" ] || [ "$PUBLIC_KEY" = "null" ]; then
Expand Down Expand Up @@ -149,17 +149,19 @@ create_operator_config() {
start_operator() {
echo "[INFO] Starting SSV operator..."

/go/bin/ssvnode start-node --config ${NODE_CONFIG_FILE} ${EXTRA_OPTS} &
/go/bin/ssvnode start-node --config "${NODE_CONFIG_FILE}" "${EXTRA_OPTS}" &

wait $!
EXIT_STATUS=$?

# Backup restoring causes the operator to find a mismatch in the DB
if [ $EXIT_STATUS -ne 0 ] && grep -q "operator private key is not matching the one encrypted the storage" ${NODE_LOG_FILE}; then
if [ $EXIT_STATUS -ne 0 ] && grep -q "operator private key is not matching the one encrypted the storage" "${NODE_LOG_FILE}"; then
echo "[WARN] Detected private key mismatch, probably due to backup restoring. Removing DB and retrying..."
rm -rf ${OPERATOR_DB_DIR}/*

exec /go/bin/ssvnode start-node --config ${NODE_CONFIG_FILE} ${EXTRA_OPTS}
# Added :? to prevent accidental deletion of root directory (if $OPERATOR_DB_DIR is empty or unset)
rm -rf "${OPERATOR_DB_DIR:?}"/*

exec /go/bin/ssvnode start-node --config "${NODE_CONFIG_FILE}" "${EXTRA_OPTS}"
else
exit $EXIT_STATUS
fi
Expand Down

0 comments on commit c693ed8

Please sign in to comment.