Dockerfile, localnode, sentry node scripts changes

- Updated Dockerfile and created build-docker target
- Changed localnode docker image to set permissions to more permissive (docker has different user than host system)
- Added sentry node terraform and ansible script

DOCKER/.gitignore

@@ -0,0 +1 @@
+tendermint

DOCKER/Dockerfile

@@ -1,45 +1,22 @@
 FROM alpine:3.7
+MAINTAINER Greg Szabo <greg@tendermint.com>
 
-# This is the release of tendermint to pull in.
-ENV TM_VERSION 0.17.1
-ENV TM_SHA256SUM d57008c63d2d9176861137e38ed203da486febf20ae7d388fb810a75afff8f24
-
-# Tendermint will be looking for genesis file in /tendermint (unless you change
-# `genesis_file` in config.toml). You can put your config.toml and private
-# validator file into /tendermint.
-#
-# The /tendermint/data dir is used by tendermint to store state.
-ENV DATA_ROOT /tendermint
-ENV TMHOME $DATA_ROOT
-
-# Set user right away for determinism
-RUN addgroup tmuser && \
-    adduser -S -G tmuser tmuser
-
-# Create directory for persistence and give our user ownership
-RUN mkdir -p $DATA_ROOT && \
-    chown -R tmuser:tmuser $DATA_ROOT
-
-# jq and curl used for extracting `pub_key` from private validator while
-# deploying tendermint with Kubernetes. It is nice to have bash so the users
-# could execute bash commands.
-RUN apk add --no-cache bash curl jq
-
-RUN apk add --no-cache openssl && \
-    wget https://github.com/tendermint/tendermint/releases/download/v${TM_VERSION}/tendermint_${TM_VERSION}_linux_amd64.zip && \
-    echo "${TM_SHA256SUM}  tendermint_${TM_VERSION}_linux_amd64.zip" | sha256sum -c && \
-    unzip -d /bin tendermint_${TM_VERSION}_linux_amd64.zip && \
-    apk del openssl && \
-    rm -f tendermint_${TM_VERSION}_linux_amd64.zip
-
-# Expose the data directory as a volume since there's mutable state in there
-VOLUME $DATA_ROOT
-
-# p2p port
-EXPOSE 46656
-# rpc port
-EXPOSE 46657
-
-ENTRYPOINT ["tendermint"]
+#Default home for tendermint. The node command will look for $TMHOME/config/genesis.json at initialization.
+ENV TMHOME /tendermint
+RUN apk update && \
+    apk upgrade && \
+    apk --no-cache add curl jq && \
+    addgroup tmuser && \
+    adduser -S -G tmuser tmuser -h "$TMHOME"
 
+USER tmuser
+VOLUME [ $TMHOME ]
+WORKDIR $TMHOME
+EXPOSE 46656 46657
+ENTRYPOINT ["/usr/bin/tendermint"]
 CMD ["node", "--moniker=`hostname`"]
+STOPSIGNAL SIGTERM
+
+ARG BINARY=tendermint
+COPY $BINARY /usr/bin/tendermint
+

Makefile

@@ -178,6 +178,14 @@ metalinter_all:
 	@echo "--> Running linter (all)"
 	gometalinter.v2 --vendor --deadline=600s --enable-all --disable=lll ./...
 
+###########################################################
+### Docker image
+
+build-docker:
+	cp build/tendermint DOCKER/tendermint
+	docker build --label=tendermint --tag="tendermint/tendermint" DOCKER
+	rm -rf DOCKER/tendermint
+
 ###########################################################
 ### Local testnet using docker
 
@@ -199,22 +207,23 @@ docker-stop:
 
 # Server management
 server-setup:
+	@if [ -z "$(DO_API_TOKEN)" ]; then echo "DO_API_TOKEN environment variable not set." ; false ; fi
 	@if ! [ -f $(HOME)/.ssh/id_rsa.pub ]; then ssh-keygen ; fi
 	cd networks/remote/terraform && terraform init && terraform apply -var DO_API_TOKEN="$(DO_API_TOKEN)" -var SSH_KEY_FILE="$(HOME)/.ssh/id_rsa.pub"
-#	@if ! [ -f $(CURDIR)/build/node0/config/genesis.json ]; then docker run --rm -v $(CURDIR)/build:/tendermint:Z tendermint/localnode testnet --n 4 --o . ; fi
-	build/tendermint testnet --n 4 --o build/
-	cd networks/remote/ansible && ansible-playbook -i inventory/digital_ocean.py -l remotenet --ssh-common-args '-o StrictHostKeyChecking=False' install.yml
-	$(MAKE) server-config
-
-server-destroy:
-	cd networks/remote/terraform && terraform destroy
+	@if ! [ -f $(CURDIR)/build/node0/config/genesis.json ]; then docker run --rm -v $(CURDIR)/build:/tendermint:Z tendermint/localnode testnet --v 0 --n 4 --o . ; fi
+	cd networks/remote/ansible && ANSIBLE_HOST_KEY_CHECKING=False ansible-playbook -i inventory/digital_ocean.py -l remotenet install.yml
+	@echo "Next step: Add your validator setup in the genesis.json and config.tml files and run \"make server-config\". (Public key of validator, chain ID, peer IP and node ID.)"
 
 # Configuration management
 server-config:
-	cd networks/remote/ansible && ansible-playbook -i inventory/digital_ocean.py -l remotenet reconfig.yml -e BINARY=$(CURDIR)/build/tendermint -e CONFIGDIR=$(CURDIR)/build
+	cd networks/remote/ansible && ansible-playbook -i inventory/digital_ocean.py -l remotenet config.yml -e BINARY=$(CURDIR)/build/tendermint -e CONFIGDIR=$(CURDIR)/build
+
+server-destroy:
+	@if [ -z "$(DO_API_TOKEN)" ]; then echo "DO_API_TOKEN environment variable not set." ; false ; fi
+	cd networks/remote/terraform && terraform destroy -var DO_API_TOKEN="$(DO_API_TOKEN)" -var SSH_KEY_FILE="$(HOME)/.ssh/id_rsa.pub"
 
 # To avoid unintended conflicts with file names, always add to .PHONY
 # unless there is a reason not to.
 # https://www.gnu.org/software/make/manual/html_node/Phony-Targets.html
-.PHONY: check build build_race dist install check_tools get_tools update_tools get_vendor_deps draw_deps test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt build-linux docker-start docker-stop
+.PHONY: check build build_race dist install check_tools get_tools update_tools get_vendor_deps draw_deps test_cover test_apps test_persistence test_p2p test test_race test_integrations test_release test100 vagrant_test fmt build-linux docker-start docker-stop build-docker server-setup server-config server-destroy
 

networks/local/localnode/wrapper.sh

@@ -31,3 +31,5 @@ else
   "$BINARY" "$@"
 fi
 
+chmod 777 -R /tendermint
+

networks/remote/ansible/config.yml

@@ -1,16 +1,18 @@
 ---
 
 #Requires BINARY and CONFIGDIR variables set.
+#N=4 hosts by default.
 
 - hosts: all
   user: root
   any_errors_fatal: true
-  gather_facts: no
+  gather_facts: yes
   vars:
     - service: tendermint
+    - N: 4
   roles:
     - stop
-    - unsafe_reset
     - config
+    - unsafe_reset
     - start
 

networks/remote/ansible/roles/config/tasks/main.yml

@@ -7,9 +7,11 @@
     mode: 0755
 
 - name: Copy config
+  when: item <= N and ansible_hostname == 'remotenet-node' ~ item
   copy:
-    src: "{{CONFIGDIR}}/node0/"
+    src: "{{CONFIGDIR}}/node{{item}}/"
     dest: "/home/{{service}}/.{{service}}/"
     owner: "{{service}}"
     group: "{{service}}"
+  loop: [ 0, 1, 2, 3, 4, 5, 6, 7 ]
 

networks/remote/ansible/roles/unsafe_reset/tasks/main.yml

@@ -1,3 +1,4 @@
-- command: "{{service}} node unsafe_reset_all"
+- command: "{{service}} unsafe_reset_all {{ (service != 'tendermint') | ternary('node','') }} --home /home/{{service}}/.{{service}}"
   become_user: "{{service}}"
+  become: yes