Merge pull request #299 from dedis/fix-ports

fix: overhauled Docker environment

Author: PascalinDe

Dockerfiles/Dockerfile.backend

@@ -1,7 +1,8 @@
 FROM node:20-bookworm
 
+# install backend
 WORKDIR /web/backend
 COPY ../web/backend .
 RUN npm install
-ENTRYPOINT ["npm", "start"]
+ENTRYPOINT ["/bin/bash", "-c", "npm start"]
 

Dockerfiles/Dockerfile.dela

@@ -9,7 +9,5 @@ WORKDIR /go/d-voting/cli/memcoin
 RUN go build
 ENV PATH=/go/dela/cli/crypto:/go/d-voting/cli/memcoin:${PATH}
 WORKDIR /go
-RUN mkdir /data
-RUN crypto bls signer new --save /data/private.key
-ENTRYPOINT ["/bin/bash", "-c", "memcoin --config /tmp/node start --postinstall --proxyaddr :$PROXYPORT --proxykey $PROXYKEY --listen tcp://$HOSTNAME:2000 --routing tree"]
+ENTRYPOINT ["/bin/bash", "-c", "memcoin --config /data/node start --postinstall --proxyaddr :$PROXYPORT --proxykey $PROXYKEY --listen tcp://0.0.0.0:2000 --public http://$HOSTNAME:2000 --routing tree"]
 CMD []

Dockerfiles/Dockerfile.dela.debug

@@ -0,0 +1,18 @@
+FROM golang:1.20.6-bookworm
+
+# https://blog.jetbrains.com/go/2020/05/06/debugging-a-go-application-inside-a-docker-container/
+RUN go install github.com/go-delve/delve/cmd/dlv@latest
+
+RUN apt-get update && apt-get install git
+RUN git clone https://github.com/dedis/dela.git
+RUN git clone https://github.com/dedis/d-voting.git
+WORKDIR /go/dela/cli/crypto
+RUN go install
+WORKDIR /go/d-voting/cli/memcoin
+
+RUN go build -gcflags="all=-N -l"
+
+ENV PATH=/go/dela/cli/crypto:/go/d-voting/cli/memcoin:${PATH}
+WORKDIR /go
+ENTRYPOINT ["/bin/bash", "-c", "dlv --listen=:40000 --headless=true --api-version=2 --accept-multiclient exec /go/d-voting/cli/memcoin/memcoin -- --config /data/node start --postinstall --proxyaddr :$PROXYPORT --proxykey $PROXYKEY --listen tcp://0.0.0.0:2000 --public http://$HOSTNAME:2000 --routing tree"]
+CMD []

README.docker.md

@@ -11,14 +11,12 @@ The relevant files are:
 You need to create a local .env file with the following content:
 
 ```
-DELA_REPLICAS=3                                 # number of Dela nodes to deploy
-DELA_NODE_URL=http://localhost:8080             # Dela node URL (port must be in DELA_PROXY_PORT_RANGE)
-DELA_PORT_RANGE=2000-2002                       # Dela ports (at least DELA_REPLICAS ports)
-DELA_PROXY_PORT_RANGE=8080-8082                 # Dela proxy ports (at least DELA_REPLICAS ports)
+DELA_NODE_URL=http://127.0.0.1:80               # reverse proxy within backend container
 DATABASE_USERNAME=dvoting                       # choose any PostgreSQL username
 DATABASE_PASSWORD=                              # choose any PostgreSQL password
-DATABASE_HOST=db                                # PostgreSQL host
+DATABASE_HOST=db                                # PostgreSQL host *within the Docker network*
 DATABASE_PORT=5432                              # PostgreSQL port
+DB_PATH=dvoting                                 # LMDB database path
 FRONT_END_URL=http://localhost:3000             # frontend URL
 BACKEND_HOST=backend                            # backend host
 BACKEND_PORT=5000                               # backend port
@@ -52,6 +50,17 @@ to delete the volumes (this will reset your instance).
 
 ## Post-install commands
 
-1. run the script `DELA_REPLICAS=... init_dela.sh` to initialize the DELA network with `DELA_REPLICAS set to the same value as in .env`
-2. run `docker exec -it d-voting-backend-1 /bin/bash` to connect to the backend
+1. `./init_dela.sh`
+2. `docker compose exec backend /bin/bash`
 3. execute `npx cli addAdmin --sciper 123455` with your SCIPER to add yourself as admin
+5. exit the container and run `docker compose down && docker compose up -d`
+
+## Go debugging environment
+
+To use the Go debugging environment, pass the
+
+```
+--file docker-compose.debug.yml
+```
+
+flag to all `docker compose` invocations.

docker-compose.debug.yml

@@ -0,0 +1,131 @@
+services:
+
+  dela-worker-0:             # inital DELA leader node
+    image: dela
+    build:
+      dockerfile: ./Dockerfiles/Dockerfile.dela.debug
+    environment:
+      PROXYKEY: ${PUBLIC_KEY}
+      PROXYPORT: ${PROXYPORT}
+      LLVL: debug
+    volumes:
+      - dela-worker-0-data:/data
+    hostname: dela-worker-0
+    ports:
+      - 127.0.0.1:40000:40000
+    security_opt:
+      - apparmor:unconfined
+    cap_add:
+      - SYS_PTRACE
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.255
+  dela-worker-1:             # DELA worker node
+    image: dela
+    build:
+      dockerfile: ./Dockerfiles/Dockerfile.dela.debug
+    environment:
+      PROXYKEY: ${PUBLIC_KEY}
+      PROXYPORT: ${PROXYPORT}
+      LLVL: debug
+    volumes:
+      - dela-worker-1-data:/data
+    hostname: dela-worker-1
+    ports:
+      - 127.0.0.1:40001:40000
+    security_opt:
+      - apparmor:unconfined
+    cap_add:
+      - SYS_PTRACE
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.254
+  dela-worker-2:             # DELA worker node
+    image: dela
+    build:
+      dockerfile: ./Dockerfiles/Dockerfile.dela.debug
+    environment:
+      PROXYKEY: ${PUBLIC_KEY}
+      PROXYPORT: ${PROXYPORT}
+      LLVL: debug
+    volumes:
+      - dela-worker-2-data:/data
+    hostname: dela-worker-2
+    ports:
+      - 127.0.0.1:40002:40000
+    security_opt:
+      - apparmor:unconfined
+    cap_add:
+      - SYS_PTRACE
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.253
+
+  frontend:         # web service frontend
+    image: frontend
+    build:
+      dockerfile: ./Dockerfiles/Dockerfile.frontend
+    ports:
+      - 127.0.0.1:3000:3000
+    volumes:
+      - ./web/frontend/src:/web/frontend/src
+    environment:
+      BACKEND_HOST: ${BACKEND_HOST}
+      BACKEND_PORT: ${BACKEND_PORT}
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.2
+
+  backend:          # web service backend
+    image: backend
+    build:
+      dockerfile: ./Dockerfiles/Dockerfile.backend
+    environment:
+      DATABASE_USERNAME: ${DATABASE_USERNAME}
+      DATABASE_PASSWORD: ${DATABASE_PASSWORD}
+      DATABASE_HOST: ${DATABASE_HOST}
+      DATABASE_PORT: ${DATABASE_PORT}
+      DB_PATH: /data/${DB_PATH}
+      FRONT_END_URL: ${FRONT_END_URL}
+      DELA_NODE_URL: ${DELA_NODE_URL}
+      SESSION_SECRET: ${SESSION_SECRET}
+      PUBLIC_KEY: ${PUBLIC_KEY}
+      PRIVATE_KEY: ${PRIVATE_KEY}
+    ports:
+      - 127.0.0.1:5000:5000
+      - 127.0.0.1:80:80
+    depends_on:
+      db:
+        condition: service_started
+    volumes:
+      - backend-data:/data
+      - ./web/backend/src:/web/backend/src
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.3
+
+  db:               # PostgreSQL database
+    image: postgres:15
+    environment:
+      POSTGRES_USER: ${DATABASE_USERNAME}
+      POSTGRES_PASSWORD: ${DATABASE_PASSWORD}
+    volumes:
+      - postgres-data:/var/lib/postgresql/data
+      - ./web/backend/src/migration.sql:/docker-entrypoint-initdb.d/init.sql
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.4
+
+volumes:
+  postgres-data:    # PostgreSQL database
+  dela-worker-0-data:
+  dela-worker-1-data:
+  dela-worker-2-data:
+  backend-data:
+
+networks:
+  d-voting:
+    ipam:
+      config:
+        - subnet: 172.19.0.0/16
+          gateway: 172.19.0.1

docker-compose.yml

@@ -1,19 +1,47 @@
 services:
 
-  dela:             # DELA nodes
+  dela-worker-0:             # inital DELA leader node
     image: dela
     build:
-      dockerfile: ./Dockerfile.dela
-      context: ./Dockerfiles
-    deploy:
-      replicas: ${DELA_REPLICAS}
-    ports:
-      - 127.0.0.1:${DELA_PORT_RANGE}:2000
-      - 127.0.0.1:${DELA_PROXY_PORT_RANGE}:8080
+      dockerfile: ./Dockerfiles/Dockerfile.dela
+    environment:
+      PROXYKEY: ${PUBLIC_KEY}
+      PROXYPORT: ${PROXYPORT}
+      LLVL: info
+    volumes:
+      - dela-worker-0-data:/data
+    hostname: dela-worker-0
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.255
+  dela-worker-1:             # DELA worker node
+    image: dela
+    build:
+      dockerfile: ./Dockerfiles/Dockerfile.dela
     environment:
       PROXYKEY: ${PUBLIC_KEY}
       PROXYPORT: ${PROXYPORT}
       LLVL: info
+    volumes:
+      - dela-worker-1-data:/data
+    hostname: dela-worker-1
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.254
+  dela-worker-2:             # DELA worker node
+    image: dela
+    build:
+      dockerfile: ./Dockerfiles/Dockerfile.dela
+    environment:
+      PROXYKEY: ${PUBLIC_KEY}
+      PROXYPORT: ${PROXYPORT}
+      LLVL: info
+    volumes:
+      - dela-worker-2-data:/data
+    hostname: dela-worker-2
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.253
 
   frontend:         # web service frontend
     image: frontend
@@ -24,6 +52,9 @@ services:
     environment:
       BACKEND_HOST: ${BACKEND_HOST}
       BACKEND_PORT: ${BACKEND_PORT}
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.2
 
   backend:          # web service backend
     image: backend
@@ -34,6 +65,7 @@ services:
       DATABASE_PASSWORD: ${DATABASE_PASSWORD}
       DATABASE_HOST: ${DATABASE_HOST}
       DATABASE_PORT: ${DATABASE_PORT}
+      DB_PATH: /data/${DB_PATH}
       FRONT_END_URL: ${FRONT_END_URL}
       DELA_NODE_URL: ${DELA_NODE_URL}
       SESSION_SECRET: ${SESSION_SECRET}
@@ -44,6 +76,11 @@ services:
     depends_on:
       db:
         condition: service_started
+    volumes:
+      - backend-data:/data
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.3
 
   db:               # PostgreSQL database
     image: postgres:15
@@ -53,8 +90,20 @@ services:
     volumes:
       - postgres-data:/var/lib/postgresql/data
       - ./web/backend/src/migration.sql:/docker-entrypoint-initdb.d/init.sql
-    ports:
-      - 127.0.0.1:5432:${DATABASE_PORT}
+    networks:
+      d-voting:
+        ipv4_address: 172.19.0.4
 
 volumes:
   postgres-data:    # PostgreSQL database
+  dela-worker-0-data:
+  dela-worker-1-data:
+  dela-worker-2-data:
+  backend-data:
+
+networks:
+  d-voting:
+    ipam:
+      config:
+        - subnet: 172.19.0.0/16
+          gateway: 172.19.0.1

init_dela.sh

@@ -1,45 +1,44 @@
 #!/bin/bash
 
-# check if DELA_REPLICAS environment variable is set
-if [ -z ${DELA_REPLICAS} ]; then
-  echo "DELA_REPLICAS environment variable needs to be set to use this script";
-  exit 1;
-fi
-
-LEADER_IP=$(docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' d-voting-dela-1);
 MEMBERS="";
 
+
 # share the certificate
-for i in $(seq 2 "$DELA_REPLICAS"); do
-  TOKEN_ARGS=$(docker exec d-voting-dela-1 /bin/bash -c 'LLVL=error memcoin --config /tmp/node minogrpc token');
-  docker exec d-voting-dela-"$i" memcoin --config /tmp/node minogrpc join --address //"$LEADER_IP":2000 $TOKEN_ARGS;
+for container in dela-worker-1 dela-worker-2; do
+  TOKEN_ARGS=$(docker compose exec dela-worker-0 /bin/bash -c 'LLVL=error memcoin --config /data/node minogrpc token');
+  docker compose exec "$container" memcoin --config /data/node minogrpc join --address //dela-worker-0:2000 $TOKEN_ARGS;
 done
 
 # create a new chain with the nodes
-for i in $(seq 1 "$DELA_REPLICAS"); do
+for container in dela-worker-0 dela-worker-1 dela-worker-2; do
   # add node to the chain
-  MEMBERS="$MEMBERS --member $(docker exec d-voting-dela-$i /bin/bash -c 'LLVL=error memcoin --config /tmp/node ordering export')";
+  MEMBERS="$MEMBERS --member $(docker compose exec $container /bin/bash -c 'LLVL=error memcoin --config /data/node ordering export')";
 done
-docker exec d-voting-dela-1 memcoin --config /tmp/node ordering setup $MEMBERS;
+docker compose exec dela-worker-0 memcoin --config /data/node ordering setup $MEMBERS;
 
 # authorize the signer to handle the access contract on each node
-for i in $(seq 1 "$DELA_REPLICAS"); do
-  docker exec d-voting-dela-"$i" /bin/bash -c 'memcoin --config /tmp/node access add --identity $(crypto bls signer read --path /data/private.key --format BASE64_PUBKEY)';
+for signer in dela-worker-0 dela-worker-1 dela-worker-2; do
+  IDENTITY=$(docker compose exec "$signer" crypto bls signer read --path /data/node/private.key --format BASE64_PUBKEY);
+  for node in dela-worker-0 dela-worker-1 dela-worker-2; do
+    docker compose exec "$node" memcoin --config /data/node access add --identity "$IDENTITY";
+  done
 done
 
-IDENTITY=$(docker exec d-voting-dela-1 crypto bls signer read --path /data/private.key --format BASE64_PUBKEY);
 # update the access contract
-docker exec d-voting-dela-1 memcoin --config /tmp/node pool add\
-    --key /data/private.key\
-    --args go.dedis.ch/dela.ContractArg\
-    --args go.dedis.ch/dela.Access\
-    --args access:grant_id\
-    --args 0200000000000000000000000000000000000000000000000000000000000000\
-    --args access:grant_contract\
-    --args go.dedis.ch/dela.Value\
-    --args access:grant_command\
-    --args all\
-    --args access:identity\
-    --args $IDENTITY\
-    --args access:command\
-    --args GRANT
+for container in dela-worker-0 dela-worker-1 dela-worker-2; do
+  IDENTITY=$(docker compose exec "$container" crypto bls signer read --path /data/node/private.key --format BASE64_PUBKEY);
+  docker compose exec dela-worker-0 memcoin --config /data/node pool add\
+      --key /data/node/private.key\
+      --args go.dedis.ch/dela.ContractArg\
+      --args go.dedis.ch/dela.Access\
+      --args access:grant_id\
+      --args 0300000000000000000000000000000000000000000000000000000000000000\
+      --args access:grant_contract\
+      --args go.dedis.ch/dela.Evoting \
+      --args access:grant_command\
+      --args all\
+      --args access:identity\
+      --args $IDENTITY\
+      --args access:command\
+      --args GRANT
+done