diff --git a/.deploy/.gitignore b/.deploy/.gitignore new file mode 100644 index 00000000..c60bb1cf --- /dev/null +++ b/.deploy/.gitignore @@ -0,0 +1,2 @@ +*.secrets.json +!example.secrets.json diff --git a/.deploy/copy-secrets.sh b/.deploy/copy-secrets.sh new file mode 100755 index 00000000..dadbb38b --- /dev/null +++ b/.deploy/copy-secrets.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +# Set working directory to script location +cd "$(dirname "$0")" || exit 1 + +# Source file path (in current directory) +SOURCE="example.secrets.json" + +# Color codes +RED='\033[0;31m' +YELLOW='\033[1;33m' +NC='\033[0m' # No Color + +# List of target files +TARGETS=("cn1" "cn2" "cn3" "agg") + +# Check if source file exists +if [ ! -f "$SOURCE" ]; then + echo "Error: Source file $SOURCE not found!" + exit 1 +fi + +# Copy file to each target, skipping if exists +for target in "${TARGETS[@]}"; do + if [ -f "${target}.secrets.json" ]; then + echo "Skipping ${target}.secrets.json - file already exists" + else + cp "$SOURCE" "${target}.secrets.json" + echo "Created ${target}.secrets.json" + fi +done + +echo "Copy operation completed!" + +# Check for unchanged files +echo -e "\nChecking for unchanged secret files..." +UNCHANGED_FILES=() + +for target in "${TARGETS[@]}"; do + if [ -f "${target}.secrets.json" ]; then + if cmp -s "$SOURCE" "${target}.secrets.json"; then + UNCHANGED_FILES+=("${target}.secrets.json") + fi + fi +done + +# Display warning if unchanged files found +if [ ${#UNCHANGED_FILES[@]} -gt 0 ]; then + echo -e "${RED}WARNING: The following files are identical to example.secrets.json:${NC}" + for file in "${UNCHANGED_FILES[@]}"; do + echo -e "${YELLOW}==> ${NC}${file}${YELLOW} <==${NC}" + done + echo -e "${RED}These files should be modified before use in production!${NC}" +fi diff --git a/docker-compose.yml b/.deploy/docker-compose.yml similarity index 55% rename from docker-compose.yml rename to .deploy/docker-compose.yml index 5573cce5..9de87760 100644 --- a/docker-compose.yml +++ b/.deploy/docker-compose.yml @@ -2,10 +2,11 @@ services: cn1: image: ghcr.io/gnosisguild/ciphernode:latest volumes: - - ./configs/cn1.yaml:/home/ciphernode/.config/enclave/config.yaml:ro + - ./.deploy/cn1.yaml:/home/ciphernode/.config/enclave/config.yaml:ro - cn1-data:/home/ciphernode/.local/share/enclave secrets: - - secrets.json + - source: secrets_cn1 + target: secrets.json environment: RUST_LOG: "info" AGGREGATOR: "false" @@ -14,8 +15,14 @@ services: published: 9091 protocol: udp mode: host - deploy: + deploy: replicas: 1 + update_config: + parallelism: 1 + order: stop-first + failure_action: rollback + restart_policy: + condition: any networks: - global-network @@ -25,10 +32,11 @@ services: depends_on: - cn1 volumes: - - ./configs/cn2.yaml:/home/ciphernode/.config/enclave/config.yaml:ro + - ./.deploy/cn2.yaml:/home/ciphernode/.config/enclave/config.yaml:ro - cn2-data:/home/ciphernode/.local/share/enclave secrets: - - secrets.json + - source: secrets_cn2 + target: secrets.json environment: RUST_LOG: "info" AGGREGATOR: "false" @@ -37,8 +45,14 @@ services: published: 9092 protocol: udp mode: host - deploy: + deploy: replicas: 1 + update_config: + parallelism: 1 + order: stop-first + failure_action: rollback + restart_policy: + condition: any networks: - global-network @@ -47,10 +61,11 @@ services: depends_on: - cn1 volumes: - - ./configs/cn3.yaml:/home/ciphernode/.config/enclave/config.yaml:ro + - ./.deploy/cn3.yaml:/home/ciphernode/.config/enclave/config.yaml:ro - cn3-data:/home/ciphernode/.local/share/enclave secrets: - - secrets.json + - source: secrets_cn3 + target: secrets.json environment: RUST_LOG: "info" AGGREGATOR: "false" @@ -59,8 +74,14 @@ services: published: 9093 protocol: udp mode: host - deploy: + deploy: replicas: 1 + update_config: + parallelism: 1 + order: stop-first + failure_action: rollback + restart_policy: + condition: any networks: - global-network @@ -70,10 +91,11 @@ services: depends_on: - cn1 volumes: - - ./configs/agg.yaml:/home/ciphernode/.config/enclave/config.yaml:ro + - ./.deploy/agg.yaml:/home/ciphernode/.config/enclave/config.yaml:ro - agg-data:/home/ciphernode/.local/share/enclave secrets: - - secrets.json + - source: secrets_agg + target: secrets.json environment: RUST_LOG: "info" AGGREGATOR: "true" @@ -82,15 +104,27 @@ services: published: 9094 protocol: udp mode: host - deploy: + deploy: replicas: 1 + update_config: + parallelism: 1 + order: stop-first + failure_action: rollback + restart_policy: + condition: any networks: - global-network secrets: - secrets.json: - file: ./configs/secrets.json - + secrets_cn1: + file: .deploy/cn1.secrets.json + secrets_cn2: + file: .deploy/cn2.secrets.json + secrets_cn3: + file: .deploy/cn3.secrets.json + secrets_agg: + file: .deploy/agg.secrets.json + volumes: cn1-data: cn2-data: diff --git a/.deploy/example.secrets.json b/.deploy/example.secrets.json new file mode 100644 index 00000000..f01ec15a --- /dev/null +++ b/.deploy/example.secrets.json @@ -0,0 +1,4 @@ +{ + "password": "changeme", + "private_key": "0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80" +} diff --git a/.deploy/swarm_deployment.md b/.deploy/swarm_deployment.md new file mode 100644 index 00000000..e252ab75 --- /dev/null +++ b/.deploy/swarm_deployment.md @@ -0,0 +1,31 @@ + +# Secrets Setup Script + +To deploy with swarm we need to set up the secrets file for our cluster. + +## Run +```bash +./.deploy/copy-secrets.sh +``` + +## What it does +- Copies `example.secrets.json` to create `cn1/2/3` and `agg.secrets.json` files +- Skips existing files +- Warns with yellow arrows (==>) if any files are identical to the example + +## Example output +```bash +Created cn1.secrets.json +Skipping cn2.secrets.json - file already exists + +==> cn1.secrets.json <== # Yellow arrows indicate files that need customization +``` + +Remember to modify any highlighted files before use. + +# Run docker swarm + +``` +docker stack deploy -c .deploy/docker-compose.yml p2p-stack +``` +