octo
/
Zebra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(docker): Make default command work in docker images, disable optional listener ports (#5313) 

* Disable optional listener ports so the default config is secure

* Fix Zebra config file path in Dockerfile
This commit is contained in:
teor 2022-10-04 03:50:27 +10:00 committed by GitHub
parent 6767f31e48
commit f71bb74951
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
docker/Dockerfile
View File

@ -109,8 +109,8 @@ COPY ./docker/entrypoint.sh /
RUN chmod u+x /entrypoint.sh RUN chmod u+x /entrypoint.sh
# By default, runs the entrypoint tests specified by the environmental variables (if any are set) # By default, runs the entrypoint tests specified by the environmental variables (if any are set)
ENTRYPOINT ["/entrypoint.sh"] ENTRYPOINT [ "/entrypoint.sh" ]
CMD [ "cargo"] CMD [ "cargo" ]
# In this stage we build a release (generate the zebrad binary) # In this stage we build a release (generate the zebrad binary)
# #
@ -148,27 +148,35 @@ ENV ZEBRA_CONF_FILE ${ZEBRA_CONF_FILE}
# Build the `zebrad.toml` before starting the container, using the arguments from build # Build the `zebrad.toml` before starting the container, using the arguments from build
# time, or using the default values set just above. And create the conf path and file if # time, or using the default values set just above. And create the conf path and file if
# it does not exist # it does not exist.
# #
# TODO: move this file creation to an entrypoint as we can use default values at runtime, # It is safe to use multiple RPC threads in Docker, because we know we are the only running
# and modify those as needed when starting the container (at runtime and not at build time) # `zebrad` or `zcashd` process in the container.
#
# TODO:
# - move this file creation to an entrypoint as we can use default values at runtime,
# and modify those as needed when starting the container (at runtime and not at build time)
# - make `cache_dir`, `rpc.listen_addr`, `metrics.endpoint_addr`, and `tracing.endpoint_addr` into Docker arguments
RUN mkdir -p ${ZEBRA_CONF_PATH} \ RUN mkdir -p ${ZEBRA_CONF_PATH} \
&& touch ${ZEBRA_CONF_PATH}/${ZEBRA_CONF_FILE} && touch ${ZEBRA_CONF_PATH}/${ZEBRA_CONF_FILE}
RUN set -ex; \ RUN set -ex; \
{ \ { \
echo "[consensus]"; \
echo "checkpoint_sync = ${CHECKPOINT_SYNC}"; \
echo "[metrics]"; \
echo "endpoint_addr = '0.0.0.0:9999'"; \
echo "[network]"; \ echo "[network]"; \
echo "network = '${NETWORK}'"; \ echo "network = '${NETWORK}'"; \
echo "[consensus]"; \
echo "checkpoint_sync = ${CHECKPOINT_SYNC}"; \
echo "[state]"; \ echo "[state]"; \
echo "cache_dir = '/zebrad-cache'"; \ echo "cache_dir = '/zebrad-cache'"; \
echo "[rpc]"; \
echo "listen_addr = None"; \
echo "parallel_cpu_threads = 0"; \
echo "[metrics]"; \
echo "endpoint_addr = None"; \
echo "[tracing]"; \ echo "[tracing]"; \
echo "endpoint_addr = '0.0.0.0:3000'"; \ echo "endpoint_addr = None"; \
} > "${ZEBRA_CONF_PATH}/${ZEBRA_CONF_FILE}" } > "${ZEBRA_CONF_PATH}/${ZEBRA_CONF_FILE}"
EXPOSE 3000 8233 18233 EXPOSE 8233 18233
ARG SHORT_SHA ARG SHORT_SHA
ENV SHORT_SHA $SHORT_SHA ENV SHORT_SHA $SHORT_SHA
@ -177,4 +185,4 @@ ARG SENTRY_DSN
ENV SENTRY_DSN ${SENTRY_DSN} ENV SENTRY_DSN ${SENTRY_DSN}
# TODO: remove the specified config file location and use the default expected by zebrad # TODO: remove the specified config file location and use the default expected by zebrad
CMD [ "zebrad", "-c", "${ZEBRA_CONF_PATH}/${ZEBRA_CONF_FILE}", "start" ] CMD zebrad -c "${ZEBRA_CONF_PATH}/${ZEBRA_CONF_FILE}" start