From 0d981b4be83e56c38558248b09577d5c17b9e508 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Mon, 28 Jul 2025 20:14:56 -0600 Subject: [PATCH 01/18] Rename to testnet --- {container => testnet}/README.md | 0 {container => testnet}/compose.yaml | 0 {container => testnet}/entrypoint.sh | 0 {container => testnet}/for-registry/Containerfile | 0 {container => testnet}/install_runtime.sh | 0 {container => testnet}/reset.sh | 0 {container => testnet}/watch_testnet.sh | 0 7 files changed, 0 insertions(+), 0 deletions(-) rename {container => testnet}/README.md (100%) rename {container => testnet}/compose.yaml (100%) rename {container => testnet}/entrypoint.sh (100%) rename {container => testnet}/for-registry/Containerfile (100%) rename {container => testnet}/install_runtime.sh (100%) rename {container => testnet}/reset.sh (100%) rename {container => testnet}/watch_testnet.sh (100%) diff --git a/container/README.md b/testnet/README.md similarity index 100% rename from container/README.md rename to testnet/README.md diff --git a/container/compose.yaml b/testnet/compose.yaml similarity index 100% rename from container/compose.yaml rename to testnet/compose.yaml diff --git a/container/entrypoint.sh b/testnet/entrypoint.sh similarity index 100% rename from container/entrypoint.sh rename to testnet/entrypoint.sh diff --git a/container/for-registry/Containerfile b/testnet/for-registry/Containerfile similarity index 100% rename from container/for-registry/Containerfile rename to testnet/for-registry/Containerfile diff --git a/container/install_runtime.sh b/testnet/install_runtime.sh similarity index 100% rename from container/install_runtime.sh rename to testnet/install_runtime.sh diff --git a/container/reset.sh b/testnet/reset.sh similarity index 100% rename from container/reset.sh rename to testnet/reset.sh diff --git a/container/watch_testnet.sh b/testnet/watch_testnet.sh similarity index 100% rename from container/watch_testnet.sh rename to testnet/watch_testnet.sh From 9e49858771c45de89c44ed3996ee8e43b9f3c0bb Mon Sep 17 00:00:00 2001 From: David Boreham Date: Mon, 28 Jul 2025 20:15:48 -0600 Subject: [PATCH 02/18] Restore container directory --- {testnet/for-registry => container}/Containerfile | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {testnet/for-registry => container}/Containerfile (100%) diff --git a/testnet/for-registry/Containerfile b/container/Containerfile similarity index 100% rename from testnet/for-registry/Containerfile rename to container/Containerfile From bce5541848121ac9a705f891a9293a195723d394 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Mon, 28 Jul 2025 20:18:39 -0600 Subject: [PATCH 03/18] Update build script --- .github/workflows/container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 995846ad4..91b22abf9 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -53,7 +53,7 @@ jobs: uses: docker/build-push-action@v6 with: context: . - file: ./container/for-registry/Containerfile + file: ./container/Containerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} From e99fe141646356dddd4a61f0213d53b45aeb07d5 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Tue, 29 Jul 2025 10:24:45 -0600 Subject: [PATCH 04/18] Specify a rust builder container image version --- container/Containerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/container/Containerfile b/container/Containerfile index f697d4497..0c22e5504 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -1,6 +1,8 @@ # Built from https://github.com/rust-lang/docker-rust -# "latest" has a Debian base -FROM rust:latest AS builder +# Note we specify an explicit version of the image as a workaround for the fact that +# on developer machines "latest" gets pulled once at the beginning of time then never +# updated. So unfortunately we will need to maintain the version here. +FROM rust:1.88 AS builder # Install build dependencies RUN apt update && apt install -y build-essential lld pkg-config libssl-dev libgmp-dev clang From 93f270dcb1131c8f8da91a0285985a11a4d2065f Mon Sep 17 00:00:00 2001 From: David Boreham Date: Tue, 29 Jul 2025 15:46:37 -0600 Subject: [PATCH 05/18] Limit to one compile projecess at a time --- container/Containerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/container/Containerfile b/container/Containerfile index 0c22e5504..123a2d643 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -9,7 +9,8 @@ RUN apt update && apt install -y build-essential lld pkg-config libssl-dev libgm WORKDIR /usr/libra COPY . . -RUN cargo build --release +# We specify -j 1 to avoid OOM-killing the build +RUN cargo build -j 1 --release FROM ubuntu:latest RUN apt update && apt install -y ca-certificates From 2af409bc8443b008489fe8b11b49441af0d6dd27 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Wed, 30 Jul 2025 13:30:40 -0600 Subject: [PATCH 06/18] Force container build on branch for testing --- .github/workflows/container.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 91b22abf9..80ed89508 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -6,6 +6,7 @@ on: # make binaries which may be ahead of releases to use in CI jobs - "canary*" - "ci-bins*" + - "refactor-container" tags: # run this also on release candidates - "[0-9]+.[0-9]+.[0-9]*" env: From 51315d9895eefc5fd20dd451e2d941433e71de2f Mon Sep 17 00:00:00 2001 From: David Boreham Date: Wed, 30 Jul 2025 15:17:58 -0600 Subject: [PATCH 07/18] Fix container tag --- .github/workflows/container.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 80ed89508..713713633 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -28,7 +28,7 @@ jobs: uses: docker/metadata-action@v5 with: images: | - ghcr.io/${{ github.repository }}/libra-node + ghcr.io/${{ github.repository_owner }}/libra-node tags: | # tag as branch name type=sha,enable=true,priority=100,prefix=,suffix=,format=long From 67a8c5674bed1b1db26e5e4a447d9716450bee2b Mon Sep 17 00:00:00 2001 From: David Boreham Date: Wed, 30 Jul 2025 19:25:54 -0600 Subject: [PATCH 08/18] Add simple config/run script for container --- container/Containerfile | 21 ++++++++++++++++++++- container/run.sh | 17 +++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) create mode 100755 container/run.sh diff --git a/container/Containerfile b/container/Containerfile index 123a2d643..9213c54e9 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -12,7 +12,26 @@ COPY . . # We specify -j 1 to avoid OOM-killing the build RUN cargo build -j 1 --release -FROM ubuntu:latest +# Note we specify an explicit version of the image as a workaround for the fact that +# on developer machines "latest" gets pulled once at the beginning of time then never +# updated. So unfortunately we will need to maintain the version here. +FROM ubuntu:24.04 RUN apt update && apt install -y ca-certificates COPY --from=builder /usr/libra/target/release/libra /usr/libra/target/release/libra-* /usr/local/bin/ + +COPY container/run.sh /run.sh + +# Mount this path to persist node config and storage +VOLUME /home/root/.libra +# Validator p2p port (not used by FN) +EXPOSE 6180/tcp +# VFN p2p port (not used by FN) +EXPOSE 6181/tcp +# FN p2p port (not used by Validators) +EXPOSE 6182/tcp +# API http service +EXPOSE 8080/tcp + +CMD /run.sh + diff --git a/container/run.sh b/container/run.sh new file mode 100755 index 000000000..d1921715f --- /dev/null +++ b/container/run.sh @@ -0,0 +1,17 @@ +# LIBRA_CONTAINER_MODE : validator|vfn|fullnode +# Check if this container has already been configured +libra_home=/root/.libra +file_indicating_already_configured="fullnode.yml" +if [[ ! -f ${libra_home}/${file_indicating_already_configured} ]]; then + echo "No existing config detected, initializing as a fullnode..." + # If not, run libra config + libra config fullnode-init + echo "Initialized" +else + echo "Container already configured" +fi +# Otherwise fall through to start node +# Start node +echo "Starting libra node" +libra node + From f7c00fc965b20b93bf17fc5410a9909f9964e81e Mon Sep 17 00:00:00 2001 From: David Boreham Date: Wed, 30 Jul 2025 19:56:21 -0600 Subject: [PATCH 09/18] Allow build concurrency to be overridden --- container/Containerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/container/Containerfile b/container/Containerfile index 9213c54e9..272f95eda 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -10,7 +10,8 @@ RUN apt update && apt install -y build-essential lld pkg-config libssl-dev libgm WORKDIR /usr/libra COPY . . # We specify -j 1 to avoid OOM-killing the build -RUN cargo build -j 1 --release +ARG LIBRA_CARGO_CONCURRENCY=1 +RUN cargo build -j $LIBRA_CARGO_CONCURRENCY --release # Note we specify an explicit version of the image as a workaround for the fact that # on developer machines "latest" gets pulled once at the beginning of time then never From 7cccdc0bb2d7a843cb42fa8b9c0dc1606bfe707e Mon Sep 17 00:00:00 2001 From: David Boreham Date: Wed, 30 Jul 2025 20:26:47 -0600 Subject: [PATCH 10/18] JSON Args --- container/Containerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container/Containerfile b/container/Containerfile index 272f95eda..7b62ecf5f 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -34,5 +34,5 @@ EXPOSE 6182/tcp # API http service EXPOSE 8080/tcp -CMD /run.sh +CMD ["/run.sh"] From 412e9ea3a265e6f6fa2bf2c4c9423d8db475b02e Mon Sep 17 00:00:00 2001 From: David Boreham Date: Thu, 31 Jul 2025 06:25:08 -0600 Subject: [PATCH 11/18] Use fixed container tag --- testnet/compose.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/testnet/compose.yaml b/testnet/compose.yaml index 9b74649f8..7eff35be8 100644 --- a/testnet/compose.yaml +++ b/testnet/compose.yaml @@ -1,7 +1,7 @@ services: alice: #image: ubuntu:22.04 - image: ghcr.io/0lnetworkcommunity/libra-framework/libra-node:latest + image: ghcr.io/0lnetworkcommunity/libra-node:latest container_name: libra_alice hostname: alice environment: @@ -17,7 +17,7 @@ services: bob: #image: ubuntu:22.04 - image: ghcr.io/0lnetworkcommunity/libra-framework/libra-node:latest + image: ghcr.io/0lnetworkcommunity/libra-node:latest container_name: libra_bob hostname: bob depends_on: @@ -35,7 +35,7 @@ services: carol: #image: ubuntu:22.04 - image: ghcr.io/0lnetworkcommunity/libra-framework/libra-node:latest + image: ghcr.io/0lnetworkcommunity/libra-node:latest container_name: libra_carol hostname: carol depends_on: From 5991758d0474ee74600137e507c00de2c53f26f4 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Thu, 31 Jul 2025 06:26:39 -0600 Subject: [PATCH 12/18] Use SHELL directive --- container/Containerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/container/Containerfile b/container/Containerfile index 7b62ecf5f..459d63c8d 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -34,5 +34,6 @@ EXPOSE 6182/tcp # API http service EXPOSE 8080/tcp -CMD ["/run.sh"] +SHELL ["/bin/bash", "-c"] +CMD "/run.sh" From e926af16a6a10c625af65c4851e8e68148cbe491 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Thu, 31 Jul 2025 09:04:58 -0600 Subject: [PATCH 13/18] Add todo comment --- container/run.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/container/run.sh b/container/run.sh index d1921715f..13b09bbb5 100755 --- a/container/run.sh +++ b/container/run.sh @@ -1,4 +1,6 @@ # LIBRA_CONTAINER_MODE : validator|vfn|fullnode +# Currently only supports fullnode mode +# # Check if this container has already been configured libra_home=/root/.libra file_indicating_already_configured="fullnode.yml" @@ -14,4 +16,3 @@ fi # Start node echo "Starting libra node" libra node - From a3599acd48610ebc03e25321ed457eb32ca20e52 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Thu, 31 Jul 2025 14:43:08 -0600 Subject: [PATCH 14/18] Update for new libra config --- container/run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/container/run.sh b/container/run.sh index 13b09bbb5..4b3b9c029 100755 --- a/container/run.sh +++ b/container/run.sh @@ -7,7 +7,7 @@ file_indicating_already_configured="fullnode.yml" if [[ ! -f ${libra_home}/${file_indicating_already_configured} ]]; then echo "No existing config detected, initializing as a fullnode..." # If not, run libra config - libra config fullnode-init + libra config fullnode-init --archive-mode false echo "Initialized" else echo "Container already configured" From d4a3f09e3d47654b18670094450e867fc4904cad Mon Sep 17 00:00:00 2001 From: David Boreham Date: Thu, 31 Jul 2025 18:58:52 -0600 Subject: [PATCH 15/18] Harden startup script --- container/Containerfile | 3 ++- container/run.sh | 5 +++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/container/Containerfile b/container/Containerfile index 459d63c8d..085dbe4b0 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -24,7 +24,8 @@ COPY --from=builder /usr/libra/target/release/libra /usr/libra/target/release/li COPY container/run.sh /run.sh # Mount this path to persist node config and storage -VOLUME /home/root/.libra +# (note at present this depends on the uid/gid the container is run with) +VOLUME /home/ubuntu/.libra # Validator p2p port (not used by FN) EXPOSE 6180/tcp # VFN p2p port (not used by FN) diff --git a/container/run.sh b/container/run.sh index 4b3b9c029..7a7cacd89 100755 --- a/container/run.sh +++ b/container/run.sh @@ -8,6 +8,11 @@ if [[ ! -f ${libra_home}/${file_indicating_already_configured} ]]; then echo "No existing config detected, initializing as a fullnode..." # If not, run libra config libra config fullnode-init --archive-mode false + result=$? + if [[ $result != 0 ]]; then + echo "Fatal Error: libra config failed" + exit 1 + fi echo "Initialized" else echo "Container already configured" From d9ff549cc846dd0816a34f5bec38e19ceade9e2d Mon Sep 17 00:00:00 2001 From: David Boreham Date: Sat, 2 Aug 2025 13:59:03 -0600 Subject: [PATCH 16/18] Add script to change uid --- container/Containerfile | 6 +++--- container/change-uid.sh | 32 ++++++++++++++++++++++++++++++++ container/run.sh | 9 +++++++-- 3 files changed, 42 insertions(+), 5 deletions(-) create mode 100755 container/change-uid.sh diff --git a/container/Containerfile b/container/Containerfile index 085dbe4b0..1f8e6b06b 100644 --- a/container/Containerfile +++ b/container/Containerfile @@ -22,10 +22,10 @@ RUN apt update && apt install -y ca-certificates COPY --from=builder /usr/libra/target/release/libra /usr/libra/target/release/libra-* /usr/local/bin/ COPY container/run.sh /run.sh +COPY container/change-uid.sh /change-uid.sh # Mount this path to persist node config and storage -# (note at present this depends on the uid/gid the container is run with) -VOLUME /home/ubuntu/.libra +VOLUME ["/mnt/libra"] # Validator p2p port (not used by FN) EXPOSE 6180/tcp # VFN p2p port (not used by FN) @@ -37,4 +37,4 @@ EXPOSE 8080/tcp SHELL ["/bin/bash", "-c"] CMD "/run.sh" - +CMD ["/change-uid.sh", "/run.sh"] diff --git a/container/change-uid.sh b/container/change-uid.sh new file mode 100755 index 000000000..40b692458 --- /dev/null +++ b/container/change-uid.sh @@ -0,0 +1,32 @@ +#!/usr/bin/env bash + +set -e + +# If USER_UID is not defined we skip everything and run as the default user (usually root) +if [[ ${USER_UID} ]]; then + # If USER_UID set but USER_GID was not set then we set it to the value of USER_UID + if [[ -z ${USER_GID} ]]; then + USER_GID=$USER_UID + fi + # Now we have USER_UID and USER_GID + # Check if USER_UID is 1000 + if [[ ${USER_UID} == "1000" ]]; then + # If so we don't need to create a user because the Ubuntu continer already has uid=1000 setup + echo "Running as default user: ubuntu" + else + # We need to change the uid/gid on the ubuntu user + usermod -u $USER_UID ubuntu + groupmod -g $USER_GID ubuntu + echo "Changed uid:gid for user ubuntu to: ${USER_UID}:${USER_GID}" + # Change ownership of the ubuntu user's homedir to the new uid + chown -R ubuntu:ubuntu /home/ubuntu + fi + run_as_ubuntu=1 +fi # USER_UID wasn't defined + +# Now run the container's workload as either the current user or the ubuntu user +if [[ ${run_as_ubuntu} ]]; then + su - ubuntu -c $1 +else + $1 +fi diff --git a/container/run.sh b/container/run.sh index 7a7cacd89..72c63ccdc 100755 --- a/container/run.sh +++ b/container/run.sh @@ -1,8 +1,13 @@ +#!/usr/bin/env bash +# # LIBRA_CONTAINER_MODE : validator|vfn|fullnode # Currently only supports fullnode mode -# + +# Hack to work around the libra tools not allowing arbitrary config paths +export HOME=/mnt/libra + # Check if this container has already been configured -libra_home=/root/.libra +libra_home=${HOME}/.libra file_indicating_already_configured="fullnode.yml" if [[ ! -f ${libra_home}/${file_indicating_already_configured} ]]; then echo "No existing config detected, initializing as a fullnode..." From daa1d4ce0815b2eece85898dc5bf1b397af2877c Mon Sep 17 00:00:00 2001 From: David Boreham Date: Sat, 2 Aug 2025 16:09:48 -0600 Subject: [PATCH 17/18] Remove working branch --- .github/workflows/container.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 713713633..127e00df6 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -6,7 +6,6 @@ on: # make binaries which may be ahead of releases to use in CI jobs - "canary*" - "ci-bins*" - - "refactor-container" tags: # run this also on release candidates - "[0-9]+.[0-9]+.[0-9]*" env: From a9a1ef40a908a3cb40883c964f5d0445c9813799 Mon Sep 17 00:00:00 2001 From: David Boreham Date: Sun, 3 Aug 2025 13:26:40 -0600 Subject: [PATCH 18/18] Remove unnecessary latest tag specifier --- .github/workflows/container.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index 127e00df6..98b0f1fb8 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -29,14 +29,12 @@ jobs: images: | ghcr.io/${{ github.repository_owner }}/libra-node tags: | - # tag as branch name + # tag as git sha type=sha,enable=true,priority=100,prefix=,suffix=,format=long # tag canary releases type=raw,value=canary,enable=${{contains(env.BRANCH_NAME, 'canary')}} # tag ci bins releases type=raw,value=ci-bins,enable=${{contains(env.BRANCH_NAME, 'ci-bins')}} - # if is in MAIN branch, also tag as latest - type=raw,value=latest,enable={{is_default_branch}} # tag version type=semver,pattern={{version}}