Merge remote-tracking branch 'origin/master' into develop

infrastructure/gcp-nitro-node/main.tf

@@ -11,14 +11,14 @@ provider "google" {
   zone    = var.gcp_zone
 }
 
-locals {
-  startup_script = file("${path.module}/scripts/startup_script.tpl")
-}
-
 resource "google_compute_address" "default" {
   name = "node-static-ip"
 }
 
+resource "google_compute_address" "static_ip" {
+  name = "my-static-ip"
+}
+
 resource "google_service_account" "bucket_updater" {
   account_id   = "bucket-updater"
   display_name = "Bucket Updater Service Account"
@@ -29,15 +29,43 @@ resource "google_service_account_key" "bucket_updater_key" {
   service_account_id = google_service_account.bucket_updater.name
 }
 
+locals {
+  startup_script = templatefile("${path.module}/scripts/startup_script.tpl", {
+    gcp_project_id          = var.gcp_project_id,
+    bucket_name             = var.bucket_name,
+    service_account_email   = google_service_account.bucket_updater.email,
+    service_account_api_key = google_service_account_key.bucket_updater_key.private_key,
+    eth_rpc_url             = var.eth_rpc_url
+  })
+}
+
+
 resource "google_storage_bucket_iam_member" "bucket_updater" {
   bucket = google_storage_bucket.public_bucket.name
   role   = "roles/storage.objectAdmin"
   member = "serviceAccount:${google_service_account.bucket_updater.email}"
 }
 
+resource "google_compute_firewall" "outbound_access" {
+  name    = "allow-outbound"
+  network = "default"
+
+  allow {
+    protocol = "tcp"
+    ports    = ["80", "443"]
+  }
+
+  direction = "EGRESS"
+  destination_ranges = ["0.0.0.0/0"]
+}
+
+// n1-standard-4 =  4 vCPUs and 15 GB RAM
+// size=2000 =  2000 GB
 resource "google_compute_instance" "default" {
-  name         = "arbitrum-full-node"
-  machine_type = "n1-standard-4"
+  name                = "arbitrum-full-node"
+  machine_type        = "n1-standard-4"
+  deletion_protection = true
+
   boot_disk {
     initialize_params {
       image = "ubuntu-os-cloud/ubuntu-2204-lts"
@@ -47,11 +75,14 @@ resource "google_compute_instance" "default" {
   }
   network_interface {
     network = "default"
+    access_config {
+      nat_ip = google_compute_address.default.address
+    }
   }
 
   metadata_startup_script = local.startup_script
 
-  metadata = {  
+  metadata = {
     service_account_key = google_service_account_key.bucket_updater_key.private_key
   }
 
@@ -67,16 +98,16 @@ resource "google_storage_bucket" "public_bucket" {
 
 # allow public access to the sitemap bucket
 data "google_iam_policy" "viewer" {
-	binding {
-		role    = "roles/storage.objectViewer"
-		members = [
-			"allUsers",
-		]
-	}
+  binding {
+    role = "roles/storage.objectViewer"
+    members = [
+      "allUsers",
+    ]
+  }
 }
 
 locals {
-  
+
   markdown = <<-EOF
 # OUTPUT
 Service Account Key: `${google_service_account_key.bucket_updater_key.private_key}`

infrastructure/gcp-nitro-node/scripts/startup_script.tpl

@@ -1,17 +1,23 @@
 #!/bin/bash
 
+if ! id "tfadmin" &>/dev/null; then
+    sudo useradd -m -s /bin/bash tfadmin
+    # Set password or SSH keys as appropriate
+fi
+
 # Check if docker is installed
 if ! command -v docker &> /dev/null
 then
-    # Update the package lists for upgrades and new package installations
-    sudo apt-get update && 
-
-    # Install Docker
-    sudo apt-get install docker.io -y
+    sudo apt-get update
+    sudo apt-get install apt-transport-https ca-certificates curl software-properties-common -y
+    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
+    echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
+    sudo apt-get update
+    sudo apt-get install docker-ce -y
 fi
 
 # Add the user to the docker group
-sudo usermod -aG docker ${USER}
+sudo usermod -aG docker tfadmin
 
 # Modify useradd defaults to add new users to the docker group
 if grep -q "^GROUP=" /etc/default/useradd; then
@@ -20,121 +26,31 @@ else
     echo "GROUP=docker" | sudo tee -a /etc/default/useradd
 fi
 
-# Check if the docker image is present
-if ! docker image inspect offchainlabs/nitro-node:v2.1.0-72ccc0c &> /dev/null
-then
-    # Pull the docker image
-    docker pull offchainlabs/nitro-node:v2.1.0-72ccc0c
-fi
+# Create the node data directories
+sudo mkdir -p /opt/public-node/build
 
-# Check if the directory exists
-if [ ! -d "/opt/arbitrum" ]; then
-    # Create the directory
-    sudo mkdir -p /opt/arbitrum
-fi
+cd /opt/public-node/build
 
-# Change the owner of the directory to the current user and group
-sudo chown -R $(whoami):$(id -gn) /opt/arbitrum
+if [ -f "/opt/public-node/build/docker-compose.yml" ]; then
+    # If we already have a docker-compsoe we will try to remove all containers and delete the outdated versions
+    docker compose stop -t 300
+    docker compose down
+    sudo rm -f docker-compose.yml
+    sudo rm -f xai-mainnet.config.json
+fi
 
-# Change the permissions of the directory so that any user can edit files in it
-sudo chmod -R a+rwX /opt/arbitrum
+# Download the current docker compose and xai config
+curl -o docker-compose.yml https://storage.googleapis.com/xai-sentry-public-node/node-config/docker-compose.yml
+curl -o xai-mainnet.config.json https://storage.googleapis.com/xai-sentry-public-node/node-config/xai-mainnet.config.json
 
-# Check if the docker container is running
-if docker ps | grep -q 'offchainlabs/nitro-node:v2.1.0-72ccc0c'; then
-    # Stop the docker container
-    docker stop $(docker ps -q --filter ancestor=offchainlabs/nitro-node:v2.1.0-72ccc0c)
-fi
+# Change the owner of the directory to the current user and group
+sudo chown -R tfadmin:tfadmin /opt/public-node
 
-# Create a JSON file with the configuration parameters
-cat > /opt/arbitrum/config.json <<EOF
-{
-    "chain": {
-        "id": 47279324479,
-        "info-json": "[{\"chain-id\":47279324479,\"parent-chain-id\":421613,\"chain-name\":\"Xai Orbit Testnet\",\"chain-config\":{\"chainId\":47279324479,\"homesteadBlock\":0,\"daoForkBlock\":null,\"daoForkSupport\":true,\"eip150Block\":0,\"eip150Hash\":\"0x0000000000000000000000000000000000000000000000000000000000000000\",\"eip155Block\":0,\"eip158Block\":0,\"byzantiumBlock\":0,\"constantinopleBlock\":0,\"petersburgBlock\":0,\"istanbulBlock\":0,\"muirGlacierBlock\":0,\"berlinBlock\":0,\"londonBlock\":0,\"clique\":{\"period\":0,\"epoch\":0},\"arbitrum\":{\"EnableArbOS\":true,\"AllowDebugPrecompiles\":false,\"DataAvailabilityCommittee\":true,\"InitialArbOSVersion\":10,\"InitialChainOwner\":\"0x9eA24417Ee7722e7EFaf87d2D68d4bC6b41231F7\",\"GenesisBlockNum\":0}},\"rollup\":{\"bridge\":\"0xf958e56d431eA78C7444Cf6A6184Af732Ae6a8A3\",\"inbox\":\"0x8b842ad88AAffD63d52EC54f6428fb7ff83060a8\",\"sequencer-inbox\":\"0x5fD0cCc5D31748A44b43cf8DFBFA0FAA32665464\",\"rollup\":\"0x082742561295f6e1b43c4f5d1e2d52d7FfE082f1\",\"validator-utils\":\"0x32E35dBDCC3558F6A0f7c3af6B13380FC3E6ce97\",\"validator-wallet-creator\":\"0x237aed14AEA28032B12A389590875Ed8d1D12811\",\"deployed-at\":32449497}}]",
-        "name": "Xai Orbit Testnet"
-    },
-    "conf": {
-        "env-prefix": "NITRO"
-    },
-    "http": {
-        "addr": "0.0.0.0",
-        "api": [
-            "eth",
-            "net",
-            "web3",
-            "arb",
-            "debug"
-        ],
-        "corsdomain": "*",
-        "port": 8547,
-        "rpcprefix": "/rpc",
-        "vhosts": "*"
-    },
-    "log-type": "json",
-    "metrics": true,
-    "metrics-server": {
-        "addr": "0.0.0.0",
-        "port": 6070
-    },
-    "node": {
-        "caching": {
-            "archive": true
-        },
-        "data-availability": {
-            "enable": true,
-            "parent-chain-node-url": "https://icy-thrilling-frog.arbitrum-goerli.quiknode.pro/4d27f3253823ff8ec0afbabc49cbe924bfc9acdb/",
-            "request-timeout": "5s",
-            "rest-aggregator": {
-                "enable": true,
-                "urls": [
-                    "https://testnet-das-mirror.xai-chain.net/"
-                ],
-                "wait-before-try-next": "2s"
-            },
-            "sequencer-inbox-address": "0x5fD0cCc5D31748A44b43cf8DFBFA0FAA32665464"
-        },
-        "feed": {
-            "input": {
-                "reconnect-initial-backoff": "50ms",
-                "reconnect-maximum-backoff": "800ms",
-                "timeout": "10s",
-                "url": "wss://testnet.xai-chain.net/feed"
-            }
-        },
-        "forwarding-target": "https://testnet.xai-chain.net/rpc/",
-        "rpc": {
-            "tx-fee-cap": 0
-        },
-        "tx-lookup-limit": 0
-    },
-    "parent-chain": {
-        "connection": {
-            "url": "https://icy-thrilling-frog.arbitrum-goerli.quiknode.pro/4d27f3253823ff8ec0afbabc49cbe924bfc9acdb/"
-        },
-        "id": 421613
-    },
-    "persistent": {
-        "chain": "/home/user/data/"
-    },
-    "pprof": true,
-    "pprof-cfg": {
-        "addr": "0.0.0.0",
-        "port": "6071"
-    },
-    "ws": {
-        "addr": "0.0.0.0",
-        "api": [
-            "net",
-            "web3",
-            "eth",
-            "arb"
-        ],
-        "port": 8548,
-        "rpcprefix": "/ws",
-        "origins": "*"
-    }
-}
-EOF
+# EPORT ENV VARS
+export ETH_RPC_URL=${eth_rpc_url}
+export PROJECT_ID=${gcp_project_id}
+export SERVICE_ACCOUNT_EMAIL=${service_account_email}
+export SERVICE_ACCOUNT_PRIVATE_KEY=${service_account_api_key}
+export BUCKET_NAME=${bucket_name}
 
-# Run the docker container with the configuration file
-docker run --rm -v /opt/arbitrum:/home/user/.arbitrum -p 0.0.0.0:8547:8547 -p 0.0.0.0:8548:8548 -p 0.0.0.0:9642:9642 offchainlabs/nitro-node:v2.1.0-72ccc0c --conf.file /home/user/.arbitrum/config.json --metrics --ws.port=8548 --ws.addr=0.0.0.0 --ws.origins=*
+sudo -u tfadmin docker compose up -d

infrastructure/gcp-nitro-node/terraform.tfvars.example

@@ -1,4 +1,5 @@
 gcp_project_id             = "your-gcp-project-id"
 gcp_region                 = "asia-east1"
 gcp_zone                   = "asia-east1-a"
-parent_chain_rpc_url       = "your-ethereum-rpc-url"
+bucket_name                = "bucket-name"
+eth_rpc_url                = "https://eth.public-rpc.com"

infrastructure/gcp-nitro-node/variables.tf

@@ -13,12 +13,20 @@ variable "gcp_zone" {
   type        = string
 }
 
-variable "parent_chain_rpc_url" {
-  description = "The URL of the parent chain RPC node"
-  type        = string
-}
+//In config.json - will be the local arb1 node once synced
+# variable "parent_chain_rpc_url" {
+#   description = "The URL of the parent chain RPC node"
+#   type        = string
+# }
 
 variable "bucket_name" {
   description = "The name of the bucket to be used to store challenge information in for the public node. This needs to be unique across all of GCP."
   type        = string
 }
+
+variable "eth_rpc_url" {
+  description = "The ETH RPC for the Arb1 node to sync with"
+  type        = string
+}
+
+# ADD ALL NEEDED ENV VARS IN HERE 

infrastructure/nitro-node-wrapper/README.md

@@ -0,0 +1,19 @@
+# XAI Public Node
+
+The XAI public node should functions as a backup for posting the assertions to a public CDN
+
+The XAI Mainnet node needs a Arb1 Node to sync from. THis can either be a public / third party RPC or a Arb1 Nitro node
+
+In this setup we run a Arb1 Nitro node and use its RPC for the XAI mainnet node.
+Since the XAI mainnet node can only sync from a already synced Arb1 node, we use a public RPC until the Arb1 Node is fully synced.
+
+Make sure the ENV variables are set either on the machine or by providing a .env file in the dir where the docker-compose.yml is stored (/opt/node/build)
+
+An example of the needed variables is in example.env
+
+
+## Important notice
+
+Stop the containers gently by using a delay
+
+- `docker stop --time=300 $(docker ps -aq)`