diff --git a/orchestration/src/coins/bitcoin.rs b/orchestration/src/coins/bitcoin.rs index 13c86bad..f8b6b7fc 100644 --- a/orchestration/src/coins/bitcoin.rs +++ b/orchestration/src/coins/bitcoin.rs @@ -44,7 +44,7 @@ CMD ["/run.sh"] ); let run = - os(Os::Debian, "RUN mkdir /volume && chown bitcoin:bitcoin /volume", "bitcoin") + &run_bitcoin; + os(Os::Debian, "", "bitcoin") + &run_bitcoin; let res = setup + &run; let mut bitcoin_path = orchestration_path.to_path_buf(); diff --git a/orchestration/src/coins/monero.rs b/orchestration/src/coins/monero.rs index f64f0a04..7df874d2 100644 --- a/orchestration/src/coins/monero.rs +++ b/orchestration/src/coins/monero.rs @@ -57,8 +57,7 @@ CMD ["/run.sh"] let run = crate::os( os, - &("RUN mkdir /volume && chown monero /volume\r\n".to_string() + - if os == Os::Alpine { "RUN apk --no-cache add gcompat" } else { "" }), + if os == Os::Alpine { "RUN apk --no-cache add gcompat" } else { "" }, "monero", ) + &run_monero; let res = setup + &run; diff --git a/orchestration/src/coordinator.rs b/orchestration/src/coordinator.rs index 9995dbbf..67a24527 100644 --- a/orchestration/src/coordinator.rs +++ b/orchestration/src/coordinator.rs @@ -33,7 +33,7 @@ RUN apt install -y ca-certificates let env_vars = [ ("MESSAGE_QUEUE_RPC", format!("serai-{}-message-queue", network.label())), ("MESSAGE_QUEUE_KEY", hex::encode(coordinator_key.to_repr())), - ("DB_PATH", "./coordinator-db".to_string()), + ("DB_PATH", "/volume/coordinator-db".to_string()), ("SERAI_KEY", hex::encode(serai_key.to_repr())), ("SERAI_HOSTNAME", format!("serai-{}-serai", network.label())), ("RUST_LOG", DEFAULT_RUST_LOG.to_string()), diff --git a/orchestration/src/main.rs b/orchestration/src/main.rs index 548aca8b..c942efe2 100644 --- a/orchestration/src/main.rs +++ b/orchestration/src/main.rs @@ -92,6 +92,9 @@ RUN apk update && apk upgrade # System user (not a human), shell of nologin, no password assigned RUN adduser -S -s /sbin/nologin -D {user} +# Make the /volume directory and transfer it to the user +RUN mkdir /volume && chown {user}:{user} /volume + {additional_root} # Switch to a non-root user @@ -112,6 +115,9 @@ RUN apt update && apt upgrade -y && apt autoremove -y && apt clean RUN useradd --system --create-home --shell /sbin/nologin {user} +# Make the /volume directory and transfer it to the user +RUN mkdir /volume && chown {user}:{user} /volume + {additional_root} # Switch to a non-root user @@ -416,6 +422,10 @@ fn start(network: Network, services: HashSet) { .arg("container") .arg("inspect") .arg(&docker_name) + // Use null for all IO to silence 'container does not exist' + .stdin(Stdio::null()) + .stdout(Stdio::null()) + .stderr(Stdio::null()) .status() .unwrap() .success() @@ -429,38 +439,46 @@ fn start(network: Network, services: HashSet) { let command = command.arg("--restart").arg("always"); let command = command.arg("--log-opt").arg("max-size=100m"); let command = command.arg("--log-opt").arg("max-file=3"); + let command = if network == Network::Dev { + command + } else { + // Assign a persistent volume if this isn't for Dev + command.arg("--volume").arg(volume); + } let command = match name { "bitcoin" => { + // Expose the RPC for tests if network == Network::Dev { command.arg("-p").arg("8332:8332") - } else { - command.arg("--volume").arg(volume) } } "monero" => { + // Expose the RPC for tests if network == Network::Dev { command.arg("-p").arg("18081:18081") - } else { - command.arg("--volume").arg(volume) } } "monero-wallet-rpc" => { assert_eq!(network, Network::Dev, "monero-wallet-rpc is only for dev"); + // Expose the RPC for tests command.arg("-p").arg("18082:18082") } "coordinator" => { - if network != Network::Dev { - command.arg("-p").arg("30563:30563") - } else { + if network == Network::Dev { command + else { + // Publish the port + command.arg("-p").arg("30563:30563") } } "serai" => { - let mut command = command; - if network != Network::Dev { - command = command.arg("-p").arg("30333:30333"); + let mut command = command.arg("--volume").arg(format!("{serai_runtime_volume}:/runtime"); + if network == Network::Dev { + command + } else { + // Publish the port + command.arg("-p").arg("30333:30333") } - command.arg("--volume").arg(format!("{serai_runtime_volume}:/runtime")) } _ => command, }; diff --git a/orchestration/src/message_queue.rs b/orchestration/src/message_queue.rs index 3e47571c..f16c6cbe 100644 --- a/orchestration/src/message_queue.rs +++ b/orchestration/src/message_queue.rs @@ -20,7 +20,7 @@ pub fn message_queue( ("BITCOIN_KEY", hex::encode(bitcoin_key.to_bytes())), ("ETHEREUM_KEY", hex::encode(ethereum_key.to_bytes())), ("MONERO_KEY", hex::encode(monero_key.to_bytes())), - ("DB_PATH", "./message-queue-db".to_string()), + ("DB_PATH", "/volume/message-queue-db".to_string()), ("RUST_LOG", "info,serai_message_queue=trace".to_string()), ]; let mut env_vars_str = String::new(); diff --git a/orchestration/src/processor.rs b/orchestration/src/processor.rs index 3d76a6c9..7ee69d11 100644 --- a/orchestration/src/processor.rs +++ b/orchestration/src/processor.rs @@ -47,7 +47,7 @@ RUN apt install -y ca-certificates ("NETWORK_RPC_LOGIN", format!("{RPC_USER}:{RPC_PASS}")), ("NETWORK_RPC_HOSTNAME", hostname), ("NETWORK_RPC_PORT", format!("{port}")), - ("DB_PATH", "./processor-db".to_string()), + ("DB_PATH", "/volume/processor-db".to_string()), ("RUST_LOG", "info,serai_processor=debug".to_string()), ]; let mut env_vars_str = String::new(); diff --git a/orchestration/testnet/serai/run.sh b/orchestration/testnet/serai/run.sh index 7400ff50..ab3b59df 100755 --- a/orchestration/testnet/serai/run.sh +++ b/orchestration/testnet/serai/run.sh @@ -1,3 +1,3 @@ #!/bin/sh -serai-node --unsafe-rpc-external --rpc-cors all --chain testnet --validator +serai-node --base-path /volume --unsafe-rpc-external --rpc-cors all --chain testnet --validator