From 70f2768d09b0872e744aff9d0dd8337590a0d1a5 Mon Sep 17 00:00:00 2001 From: Sebastian <379651+czarly@users.noreply.github.com> Date: Tue, 21 Dec 2021 15:47:00 +0100 Subject: [PATCH] split the monolytic dockerfile --- docker-compose.base.yml | 139 ++++++++++++++++ docker-compose.nodes.yml | 104 ++++++++++++ docker-compose.pokt-mainnet.yml | 40 +++++ docker-compose.pokt-testnet.yml | 30 ++++ docker-compose.yml | 287 -------------------------------- 5 files changed, 313 insertions(+), 287 deletions(-) create mode 100644 docker-compose.base.yml create mode 100644 docker-compose.nodes.yml create mode 100644 docker-compose.pokt-mainnet.yml create mode 100644 docker-compose.pokt-testnet.yml delete mode 100644 docker-compose.yml diff --git a/docker-compose.base.yml b/docker-compose.base.yml new file mode 100644 index 00000000..c3349689 --- /dev/null +++ b/docker-compose.base.yml @@ -0,0 +1,139 @@ +version: '3.1' + +services: + +### TRAEFIK +# Basic Auth not working. Problems with parsing var from .env + traefik: + image: traefik:latest + container_name: traefik + restart: always + ports: + - "443:443" + - "127.0.0.1:8080:8080" + networks: + - $NET_POKT + command: + - "--api=true" + - "--api.insecure=true" + - "--api.dashboard=true" + - "--log.level=DEBUG" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.websecure.address=:443" + - "--certificatesresolvers.myresolver.acme.tlschallenge=true" + # TESTING + # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email=$MAIL" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + volumes: + - "./traefik/letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + labels: + - "traefik.enable=true" + - "traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP" + + +### WIREGUARD + + wireguard: + image: lscr.io/linuxserver/wireguard + container_name: wireguard + cap_add: + - NET_ADMIN + - SYS_MODULE + environment: + - PUID=$PUID + - PGID=$PGID + volumes: + - ./wireguard/config/wg0.conf:/config/wg0.conf + - /lib/modules:/lib/modules + # Expose prometheus port + expose: + - 9090 + ports: + - $SERVERPORT:$SERVERPORT/udp + sysctls: + - net.ipv4.conf.all.src_valid_mark=1 + restart: unless-stopped + + +### MONITORING + + prometheus: + image: prom/prometheus:v2.30.3 + container_name: prometheus + volumes: + - ./prometheus:/etc/prometheus + - prometheus_data:/prometheus + command: + - '--config.file=/etc/prometheus/prometheus.yml' + - '--storage.tsdb.path=/prometheus' + - '--web.console.libraries=/etc/prometheus/console_libraries' + - '--web.console.templates=/etc/prometheus/consoles' + - '--storage.tsdb.retention.time=200h' + - '--web.enable-lifecycle' + restart: unless-stopped + network_mode: "service:wireguard" + labels: + org.label-schema.group: "monitoring" + depends_on: + - wireguard + + nodeexporter: + image: prom/node-exporter:v1.2.2 + container_name: nodeexporter + volumes: + - /proc:/host/proc:ro + - /sys:/host/sys:ro + - /:/rootfs:ro + command: + - '--path.procfs=/host/proc' + - '--path.rootfs=/rootfs' + - '--path.sysfs=/host/sys' + - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' + restart: unless-stopped + expose: + - 9100 + labels: + org.label-schema.group: "monitoring" + + cadvisor: + image: gcr.io/cadvisor/cadvisor:v0.42.0 + container_name: cadvisor + privileged: true + devices: + - /dev/kmsg:/dev/kmsg + volumes: + - /:/rootfs:ro + - /var/run:/var/run:ro + - /sys:/sys:ro + - /var/lib/docker:/var/lib/docker:ro + #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux + restart: unless-stopped + expose: + - 8080 + labels: + org.label-schema.group: "monitoring" + + pushgateway: + image: prom/pushgateway:v1.4.2 + container_name: pushgateway + restart: unless-stopped + expose: + - 9091 + labels: + org.label-schema.group: "monitoring" + +### VOLUMES + +volumes: + prometheus_data: + +### NETWORKS + +networks: + pocket: + driver: bridge + monitor-net: + driver: bridge diff --git a/docker-compose.nodes.yml b/docker-compose.nodes.yml new file mode 100644 index 00000000..781625c1 --- /dev/null +++ b/docker-compose.nodes.yml @@ -0,0 +1,104 @@ +version: '3.1' + +services: + +### NODES + geth-goerli: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-goerli:/.goerli + command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3" + networks: + - $NET_POKT + + geth-rinkeby: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-rinkeby:/.rinkeby + command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + geth-ropsten: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-ropsten:/.ropsten + command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + geth-mainnet: + image: ethereum/client-go:latest + expose: + - "8545" + - "8546" + - "30303" + volumes: + - geth-mainnet:/.mainnet + command: "--http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3" + networks: + - $NET_POKT + restart: unless-stopped + + erigon-trace: + image: thorax/erigon + expose: + - "30303" + - "30304" + volumes: + - erigon-trace:/home/erigon/.local/share/erigon + command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061 + networks: + - $NET_POKT + restart: unless-stopped + + rpcdaemon: + image: thorax/erigon:latest + command: rpcdaemon --datadir=/home/erigon/.local/share/erigon --private.api.addr=erigon:9090 --txpool.api.addr=erigon:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,debug,net,trace --ws + pid: service:erigon-trace # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode) + volumes: + - erigon-trace:/home/erigon/.local/share/erigon + expose: + - "8545" + restart: unless-stopped + depends_on: + - "erigon-trace" + networks: + - $NET_POKT + + avalanche: + image: avaplatform/avalanchego + expose: + - "8545" + - "8546" + - "30303" + volumes: + - avalanche:/root/.avalanche + command: "/avalanchego/build/avalanchego --http-host=" + networks: + - $NET_POKT + restart: unless-stopped + +### VOLUMES + +volumes: + geth-goerli: + geth-rinkeby: + geth-ropsten: + geth-mainnet: + erigon-trace: + avalanche: diff --git a/docker-compose.pokt-mainnet.yml b/docker-compose.pokt-mainnet.yml new file mode 100644 index 00000000..f5292d77 --- /dev/null +++ b/docker-compose.pokt-mainnet.yml @@ -0,0 +1,40 @@ +version: '3.1' + +services: + + pocket-mainnet: + image: poktnetwork/pocket-core:stagenet-latest + ports: + - "127.0.0.1:8081:8081" + - "127.0.0.1:26656:26656" + expose: + - 26656 + - 8081 + #command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet + command: pocket start --simulateRelay + environment: + - POCKET_CORE_KEY=$POCKET_CORE_KEY + - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE + - POCKET_SNAPSHOT=$POCKET_SNAPSHOT + volumes: + - ./chains/chains_mainnet.json:/home/app/.pocket/config/chains.json + - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh + - pocket-mainnet:/home/app/.pocket + networks: + - $NET_POKT + labels: + - "traefik.enable=true" + - "traefik.http.services.myservice.loadbalancer.server.port=8081" + - "traefik.http.routers.pocket-mainnet.rule=Host(`$DOMAIN`)" + - "traefik.http.routers.pocket-mainnet.entrypoints=websecure" + - "traefik.http.routers.pocket-mainnet.tls.certresolver=myresolver" + - "traefik.http.routers.pocket-mainnet.middlewares=auth" + restart: unless-stopped + + +### VOLUMES + +volumes: + pocket-mainnet: + + diff --git a/docker-compose.pokt-testnet.yml b/docker-compose.pokt-testnet.yml new file mode 100644 index 00000000..f484f5dc --- /dev/null +++ b/docker-compose.pokt-testnet.yml @@ -0,0 +1,30 @@ +version: '3.1' + +services: + + pocket-testnet: + image: poktnetwork/pocket-core:stagenet-latest + ports: + - "127.0.0.1:8082:8081" + - "127.0.0.1:26657:26656" + expose: + - 26656 + - 8081 + command: pocket start --seeds=$POCKET_TEST_SEEDS --testnet + #command: pocket start --simulateRelay + environment: + - POCKET_CORE_KEY=$POCKET_CORE_KEY_TEST + - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE_TEST + volumes: + - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json + - pocket-testnet:/home/app/.pocket + networks: + - $NET_POKT + restart: unless-stopped + +### VOLUMES + +volumes: + pocket-testnet: + + diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index fc7d1859..00000000 --- a/docker-compose.yml +++ /dev/null @@ -1,287 +0,0 @@ -version: '3.1' - -services: - -### TRAEFIK -# Basic Auth not working. Problems with parsing var from .env - traefik: - image: traefik:latest - container_name: traefik - restart: always - ports: - - "443:443" - - "127.0.0.1:8080:8080" - networks: - - $NET_POKT - command: - - "--api=true" - - "--api.insecure=true" - - "--api.dashboard=true" - - "--log.level=DEBUG" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.websecure.address=:443" - - "--certificatesresolvers.myresolver.acme.tlschallenge=true" - # TESTING - # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.email=$MAIL" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - volumes: - - "./traefik/letsencrypt:/letsencrypt" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - labels: - - "traefik.enable=true" - - "traefik.http.middlewares.auth.basicauth.users=$AUTH_HTTP" - -### NODES - geth-goerli: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-goerli:/.goerli - command: "--goerli --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .goerli --verbosity 3" - networks: - - $NET_POKT - - geth-rinkeby: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-rinkeby:/.rinkeby - command: "--rinkeby --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .rinkeby --verbosity 3" - networks: - - $NET_POKT - restart: unless-stopped - - geth-ropsten: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-ropsten:/.ropsten - command: "--ropsten --http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .ropsten --verbosity 3" - networks: - - $NET_POKT - restart: unless-stopped - - geth-mainnet: - image: ethereum/client-go:latest - expose: - - "8545" - - "8546" - - "30303" - volumes: - - geth-mainnet:/.mainnet - command: "--http --http.api eth,net --http.addr 0.0.0.0 --http.port 8545 --http.vhosts=* --syncmode full --datadir .mainnet --verbosity 3" - networks: - - $NET_POKT - restart: unless-stopped - - erigon-trace: - image: thorax/erigon - expose: - - "30303" - - "30304" - volumes: - - erigon-trace:/home/erigon/.local/share/erigon - command: erigon --chain mainnet --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061 - networks: - - $NET_POKT - restart: unless-stopped - - rpcdaemon: - image: thorax/erigon:latest - command: rpcdaemon --datadir=/home/erigon/.local/share/erigon --private.api.addr=erigon:9090 --txpool.api.addr=erigon:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,debug,net,trace --ws - pid: service:erigon-trace # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode) - volumes: - - erigon-trace:/home/erigon/.local/share/erigon - expose: - - "8545" - restart: unless-stopped - depends_on: - - "erigon-trace" - networks: - - $NET_POKT - - avalanche: - image: avaplatform/avalanchego - expose: - - "8545" - - "8546" - - "30303" - volumes: - - avalanche:/root/.avalanche - command: "/avalanchego/build/avalanchego --http-host=" - networks: - - $NET_POKT - restart: unless-stopped - - pocket-testnet: - image: poktnetwork/pocket-core:stagenet-latest - ports: - - "127.0.0.1:8082:8081" - - "127.0.0.1:26657:26656" - expose: - - 26656 - - 8081 - command: pocket start --seeds=$POCKET_TEST_SEEDS --testnet - #command: pocket start --simulateRelay - environment: - - POCKET_CORE_KEY=$POCKET_CORE_KEY_TEST - - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE_TEST - volumes: - - ./chains/chains_testnet.json:/home/app/.pocket/config/chains.json - - pocket-testnet:/home/app/.pocket - networks: - - $NET_POKT - restart: unless-stopped - - pocket-mainnet: - image: poktnetwork/pocket-core:stagenet-latest - ports: - - "127.0.0.1:8081:8081" - - "127.0.0.1:26656:26656" - expose: - - 26656 - - 8081 - #command: /home/app/.pocket/pokt_mainnet.sh && pocket start --seeds=$POCKET_MAIN_SEEDS --mainnet - command: pocket start --simulateRelay - environment: - - POCKET_CORE_KEY=$POCKET_CORE_KEY - - POCKET_CORE_PASSPHRASE=$POCKET_CORE_PASSPHRASE - - POCKET_SNAPSHOT=$POCKET_SNAPSHOT - volumes: - - ./chains/chains_mainnet.json:/home/app/.pocket/config/chains.json - - ./bootstrap_skript/pokt_mainnet.sh:/home/app/.pocket/pokt_mainnet.sh - - pocket-mainnet:/home/app/.pocket - networks: - - $NET_POKT - labels: - - "traefik.enable=true" - - "traefik.http.services.myservice.loadbalancer.server.port=8081" - - "traefik.http.routers.pocket-mainnet.rule=Host(`$DOMAIN`)" - - "traefik.http.routers.pocket-mainnet.entrypoints=websecure" - - "traefik.http.routers.pocket-mainnet.tls.certresolver=myresolver" - - "traefik.http.routers.pocket-mainnet.middlewares=auth" - restart: unless-stopped - - -### WIREGUARD - - wireguard: - image: lscr.io/linuxserver/wireguard - container_name: wireguard - cap_add: - - NET_ADMIN - - SYS_MODULE - environment: - - PUID=$PUID - - PGID=$PGID - volumes: - - ./wireguard/config/wg0.conf:/config/wg0.conf - - /lib/modules:/lib/modules - # Expose prometheus port - expose: - - 9090 - ports: - - $SERVERPORT:$SERVERPORT/udp - sysctls: - - net.ipv4.conf.all.src_valid_mark=1 - restart: unless-stopped - - -### MONITORING - - prometheus: - image: prom/prometheus:v2.30.3 - container_name: prometheus - volumes: - - ./prometheus:/etc/prometheus - - prometheus_data:/prometheus - command: - - '--config.file=/etc/prometheus/prometheus.yml' - - '--storage.tsdb.path=/prometheus' - - '--web.console.libraries=/etc/prometheus/console_libraries' - - '--web.console.templates=/etc/prometheus/consoles' - - '--storage.tsdb.retention.time=200h' - - '--web.enable-lifecycle' - restart: unless-stopped - network_mode: "service:wireguard" - labels: - org.label-schema.group: "monitoring" - depends_on: - - wireguard - - nodeexporter: - image: prom/node-exporter:v1.2.2 - container_name: nodeexporter - volumes: - - /proc:/host/proc:ro - - /sys:/host/sys:ro - - /:/rootfs:ro - command: - - '--path.procfs=/host/proc' - - '--path.rootfs=/rootfs' - - '--path.sysfs=/host/sys' - - '--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|host|etc)($$|/)' - restart: unless-stopped - expose: - - 9100 - labels: - org.label-schema.group: "monitoring" - - cadvisor: - image: gcr.io/cadvisor/cadvisor:v0.42.0 - container_name: cadvisor - privileged: true - devices: - - /dev/kmsg:/dev/kmsg - volumes: - - /:/rootfs:ro - - /var/run:/var/run:ro - - /sys:/sys:ro - - /var/lib/docker:/var/lib/docker:ro - #- /cgroup:/cgroup:ro #doesn't work on MacOS only for Linux - restart: unless-stopped - expose: - - 8080 - labels: - org.label-schema.group: "monitoring" - - pushgateway: - image: prom/pushgateway:v1.4.2 - container_name: pushgateway - restart: unless-stopped - expose: - - 9091 - labels: - org.label-schema.group: "monitoring" - -### VOLUMES - -volumes: - geth-goerli: - geth-rinkeby: - geth-ropsten: - geth-mainnet: - erigon-trace: - avalanche: - pocket-testnet: - pocket-mainnet: - prometheus_data: - -### NETWORKS - -networks: - pocket: - driver: bridge - monitor-net: - driver: bridge