Merge pull request #250 from andkononykhin/issue-238-ceremony-verification

[issue 238] deployment script fixes

Author: ashcherbakov

Makefile

@@ -90,7 +90,7 @@ LICENSED_FILES = $(shell find . -type f -not -path '*/.*' -not -name '*.md' -not
 
 MK_TEST = "Makefile.test"
 LOCALNET_TARGETS = image localnet_init localnet_start localnet_stop localnet_clean localnet_export localnet_reset localnet_rebuild
-TEST_DEPLOY_TARGETS = test_deploy_image test_deploy_env_build test_deploy_env_clean
+TEST_DEPLOY_TARGETS = test_deploy_image test_deploy_env_build make test_deploy_genesis_env_build test_deploy_env_clean
 TEST_TARGETS= ${LOCALNET_TARGETS} ${TEST_DEPLOY_TARGETS}
 
 all: install

Makefile.test

@@ -20,7 +20,9 @@ clean_network = $(call remove_containers,$(call localnet_containers))
 
 # test deploy vars
 TEST_DEPLOY_IMAGE_NAME = "dcledger_deploy"
-TEST_DEPLOY_NODE = "test_deploy_node"
+TEST_DEPLOY_GVN = "test_deploy_gvn"
+TEST_DEPLOY_VN = "test_deploy_vn"
+TEST_DEPLOY_ON = "test_deploy_on"
 
 image:
 	docker build -t ${IMAGE_NAME} --build-arg TEST_UID=${UID} \
@@ -69,11 +71,18 @@ test_deploy_image: integration_tests/deploy/Dockerfile
 	cat $< | docker build -t ${TEST_DEPLOY_IMAGE_NAME} -
 
 test_deploy_env_build: image test_deploy_image
-	docker run -d --name ${TEST_DEPLOY_NODE} --tmpfs /tmp --tmpfs /run --tmpfs /run/lock \
+	docker run -d --name ${TEST_DEPLOY_VN} --tmpfs /tmp --tmpfs /run --tmpfs /run/lock \
 		-v /sys/fs/cgroup:/sys/fs/cgroup:ro --network ${LOCALNET_DOCKER_NETWORK} ${TEST_DEPLOY_IMAGE_NAME}
 
+test_deploy_genesis_env_build: image test_deploy_image
+	docker run -d --name ${TEST_DEPLOY_GVN} --tmpfs /tmp --tmpfs /run --tmpfs /run/lock \
+		-v /sys/fs/cgroup:/sys/fs/cgroup:ro ${TEST_DEPLOY_IMAGE_NAME}
+	docker run -d --name ${TEST_DEPLOY_VN} --tmpfs /tmp --tmpfs /run --tmpfs /run/lock \
+		-v /sys/fs/cgroup:/sys/fs/cgroup:ro ${TEST_DEPLOY_IMAGE_NAME}
+
+
 test_deploy_env_clean:
-	docker rm -f ${TEST_DEPLOY_NODE}
+	docker rm -f ${TEST_DEPLOY_GVN} ${TEST_DEPLOY_VN} ${TEST_DEPLOY_ON}
 
 .PHONY: localnet_init localnet_start localnet_stop localnet_clean localnet_export \
 		localnet_reset localnet_rebuild \

deployment/persistent_chains/testnet-2.0/testnet-2.0-launch.md

@@ -47,6 +47,7 @@ The following steps are expected to be done **before** the ceremony.
     $ sudo cp -f ./dcld -t /usr/bin
     $ sudo chown "<dcl-user>" /usr/bin/dcld
     $ sudo chmod u+x /usr/bin/dcld
+
     # verification
     $ dcld version
     ```
@@ -77,7 +78,8 @@ The following steps are expected to be done **before** the ceremony.
 
     3.1. Share VN's IP address
 
-    3.2. Share VN's `id` (`id` field in `dcld status` command output)
+    3.2. Share VN's `id` (`node_id` field in `dcld init` command output
+         or `id` field in `dcld status` command output in case node is running)
 
 4.  **Generate NodeAdmin keys**
 
@@ -93,9 +95,9 @@ The following steps are expected to be done **before** the ceremony.
 
     4.3. Share generated `address` and `pubkey` (in Slack or in a special doc).
 
-    `address` and `pubkey` can be found in the `dcld keys show "<key-name>"` output.
+    `address` and `pubkey` can be found in the `dcld keys show --output text "<key-name>"` output.
 
-5.  **\[Optional] Generate Trustee keys**
+5.  **[Optional] Generate Trustee keys**
 
     5.1. Choose a machine where Trustee keys will be hold (it can be either VN Node, or a separate machine with `dcld` binary)
 
@@ -109,13 +111,13 @@ The following steps are expected to be done **before** the ceremony.
 
     5.3. Share generated `address` and `pubkey` (in Slack or in a special doc).
 
-    `address` and `pubkey` can be found in the `dcld keys show "<key-name>"` output.
+    `address` and `pubkey` can be found in the `dcld keys show --output text "<key-name>"` output.
 
-6.  **\[Optional] Configure ON Nodes**
+6.  **[Optional] Configure ON Nodes**
 
     Do steps 1.1 - 1.7 for all ON Nodes.
 
-7.  \[CSA Only] Create `persistent_peers.txt` file containing `<node1-ID>@<node1-IP>:26656,...`  for all VNs. Share in Slack/doc.
+7.  [CSA Only] Create `persistent_peers.txt` file containing `<node1-ID>@<node1-IP>:26656,...`  for all VNs. Share in Slack/doc.
 
 ## II. Ceremony: Genesis Node (CSA Only)
 
@@ -132,14 +134,14 @@ The following steps are expected to be done **during** the ceremony.
     # fetch the helper script
     curl -L -O https://raw.githubusercontent.com/zigbee-alliance/distributed-compliance-ledger/master/deployment/scripts/test_peers_conn
 
-    # run, by default it expectes persistent_peers.txt in the current directory
+    # run, by default it expects persistent_peers.txt in the current directory
     ./test_peers_conn
     ```
 
     8.3. Run genesis VN
 
     ```bash
-    ./run_dcl_node -t genesis -c testnet-2.0 --gen-key-name "<node-admin-key>" [--gen-key-name-trustee "<trustee-key>"] node0
+    ./run_dcl_node -t genesis -c testnet-2.0 --gen-key-name "<node-admin-key>" [--gen-key-name-trustee "<trustee-key>"] "<node-name>"
     ```
 
     8.4. Put genesis file to GitHub (`zigbee-alliance/distributed-compliance-ledger/master/deployment/persistent_chains/testnet-2.0/genesis.json`)
@@ -153,16 +155,30 @@ The following steps are expected to be done **during** the ceremony.
     9.1. A Trustee proposes a NodeAdmin account
 
     ```bash
-    dcld tx auth propose-add-account --address="<bench32 encoded string>" --pubkey="<protobuf JSON encoded>" --roles=NodeAdmin --from="<account-name>"
+    dcld tx auth propose-add-account --address='<bench32 encoded string>' --pubkey='<protobuf JSON encoded>' --roles=NodeAdmin --from='<account-name>'
     ```
 
     9.2. Trustees approve the NodeAdmin account
 
     ```bash
-    dcld tx auth approve-add-account --address="<bench32 encoded string>" --from="<account-name>"
+    dcld tx auth approve-add-account --address='<bench32 encoded string>' --from='<account-name>'
+    ```
+
+10. **[Optional] Add Trustee account**
+
+    12.1. A Trustee proposes Trustee account
+
+    ```bash
+    dcld tx auth propose-add-account --address='<bench32 encoded string>' --pubkey='<protobuf JSON encoded>' --roles=Trustee --from='<account-name>'
+    ```
+
+    12.2. Trustees approve Trustee account
+
+    ```bash
+    dcld tx auth approve-add-account --address='<bench32 encoded string>' --from='<account-name>'
     ```
 
-10. **Run VN node**
+11. **Run VN node**
 
     10.1. Download genesis
 
@@ -179,7 +195,7 @@ The following steps are expected to be done **during** the ceremony.
     # fetch the helper script
     curl -L -O https://raw.githubusercontent.com/zigbee-alliance/distributed-compliance-ledger/master/deployment/scripts/test_peers_conn
 
-    # run, by default it expectes persistent_peers.txt in the current directory
+    # run, by default it expects persistent_peers.txt in the current directory
     ./test_peers_conn
     ```
 
@@ -199,7 +215,7 @@ The following steps are expected to be done **during** the ceremony.
 
     (once transaction is successfully written you should see `"code": 0` in the JSON output.)
 
-11. **VN Deployment Verification**
+12. **VN Deployment Verification**
 
     11.1. Check the account presence on the ledger: `dcld query auth account --address="<address>"`.
 
@@ -209,20 +225,6 @@ The following steps are expected to be done **during** the ceremony.
 
     11.4. Make sure the VN participates in consensus: `dcld query tendermint-validator-set` must contain the VN's address.
 
-12. **\[Optional] Add Trustee account**
-
-    12.1. A Trustee proposes Trustee account
-
-    ```bash
-    dcld tx auth propose-add-account --address="<bench32 encoded string>" --pubkey="<protobuf JSON encoded>" --roles=Trustee --from="<account-name>"
-    ```
-
-    12.2. Trustees approve Trustee account
-
-    ```bash
-    dcld tx auth approve-add-account --address="<bench32 encoded string>" --from="<account-name>"
-    ```
-
 ## IV. Post-Ceremony: For every Observer Node
 
 The following steps can be done **after** the ceremony.
@@ -278,7 +280,7 @@ The following steps can be done **after** the ceremony.
         ```
 *   Useful commands
     *   keys:
-        *   `dcld keys show "<name>"`: to get address and pubkey for a keyname
+        *   `dcld keys show --output text "<name>"`: to get address and pubkey for a keyname
     *   node status:
         *   `systemctl status dcld`: to get the node service status.
         *   `journalctl -u dcld.service -f`: to see node logs.

deployment/scripts/run_dcl_node

@@ -61,7 +61,10 @@ PEER=
 
 NODE_TYPE="$DEF_NODE_TYPE"
 CHAIN_ID="$DEF_CHAIN_ID"
-NODE_USER="${USER:-$DEF_NODE_USER}"
+
+CURR_USER="${USER:-$(whoami 2>/dev/null)}"
+
+NODE_USER="${CURR_USER:-$DEF_NODE_USER}"
 
 
 function usage {
@@ -252,7 +255,7 @@ function node_init {
     rm -rf "$DCL_HOME/config/gentx"
     rm -f "$GENESIS_FILE"
 
-    # dcld init "$_name" --chain-id "$_chain_id"
+    dcld init "$_name" --chain-id "$_chain_id"
 }
 
 
@@ -266,11 +269,11 @@ function build_genesis {
     local _acc_address_tr="${4:-}"
     local _acc_pubkey_tr="${5:-}"
 
-    dcld add-genesis-account --address="$_acc_address" --pubkey="$_acc_pubkey" --roles="NodeAdmin"
+    dcld add-genesis-account --address "$_acc_address" --pubkey "$_acc_pubkey" --roles "NodeAdmin"
     if [[ -n "$_acc_address_tr" && -n "$_acc_pubkey_tr" ]]; then
-        dcld add-genesis-account --address="$_acc_address_tr" --pubkey="$_acc_pubkey_tr" --roles="Trustee"
+        dcld add-genesis-account --address "$_acc_address_tr" --pubkey "$_acc_pubkey_tr" --roles "Trustee"
     fi
-    dcld gentx --from "$_key_name_admin"
+    dcld gentx --chain-id "$CHAIN_ID" "$_key_name_admin"
     dcld collect-gentxs
     dcld validate-genesis
 }
@@ -402,8 +405,8 @@ function add_account {
     local _acc_roles="$3"
     local _from="$4"
 
-    dcld tx auth propose-add-account --address="$_acc_address" --pubkey="$_acc_pubkey" \
-        --roles="$_acc_roles" --from="$_from"
+    dcld tx auth propose-add-account --address "$_acc_address" --pubkey "$_acc_pubkey" \
+        --roles "$_acc_roles" --from "$_from"
 
     echo "Account added"
     echo "To approve run: dcld tx auth approve-add-account --address=<string> --from=<account>"
@@ -417,7 +420,7 @@ function approve_account {
     local _acc_address="$1"
     local _from="$2"
 
-    dcld tx auth approve-add-account --address="$_acc_address" --from="$_from"
+    dcld tx auth approve-add-account --address "$_acc_address" --from "$_from"
 
     echo "Account approved by $_from"
 }
@@ -451,19 +454,19 @@ config_cli "$CHAIN_ID"
 ACC_ADDR="<acc-addr>"
 ACC_PUBKEY="<acc-pubkey>"
 if [[ -n "$KEY_NAME" ]]; then
-    KEY_INFO="$(dcld keys show "${KEY_NAME}")"
-    ACC_ADDR="$(_jq "$KEY_INFO" | grep address | awk -F'"' '{print $4}')"
-    ACC_PUBKEY="$(_jq "$KEY_INFO" | grep pubkey | awk -F'"' '{print $4}')"
+    KEY_INFO="$(dcld keys show --output text "${KEY_NAME}")"
+    ACC_ADDR="$(grep address <<<"$KEY_INFO" | awk '{print $NF}')"
+    ACC_PUBKEY="$(grep pubkey <<<"$KEY_INFO" | awk '{print $NF}' | sed -e "s/^'//" -e "s/'$//")"
 fi
 
 if [[ -n "$KEY_NAME_GEN_TRUSTEE" ]]; then
-    KEY_INFO="$(dcld keys show "${KEY_NAME_GEN_TRUSTEE}")"
-    ACC_ADDR_TR="$(_jq "$KEY_INFO" | grep address | awk -F'"' '{print $4}')"
-    ACC_PUBKEY_TR="$(_jq "$KEY_INFO" | grep pubkey | awk -F'"' '{print $4}')"
+    KEY_INFO="$(dcld keys show --output text "${KEY_NAME_GEN_TRUSTEE}")"
+    ACC_ADDR_TR="$(grep address <<<"$KEY_INFO" | awk '{print $NF}')"
+    ACC_PUBKEY_TR="$(grep pubkey <<<"$KEY_INFO" | awk '{print $NF}' | sed -e "s/^'//" -e "s/'$//")"
 fi
 
-echo "Initializing the node"
-node_init "$NODE_NAME" "$CHAIN_ID"
+#echo "Initializing the node"
+#node_init "$NODE_NAME" "$CHAIN_ID"
 
 
 if [[ "$NODE_TYPE" == "$NT_GENESIS" ]]; then
@@ -486,7 +489,7 @@ VAL_ID="unknown"
 wait_node_up
 
 STATUS="$(dcld status)"
-VAL_ID="$(_jq "$STATUS"| grep '"id"' | awk -F'"' '{print $4}')"
+VAL_ID="$(_jq "$STATUS"| grep '"id"' | awk '{print $NF}' | sed -e 's/^"//' -e 's/[",]\+$//')"
 VAL_ADDR="$(dcld tendermint show-address)"
 VAL_PUBKEY="$(dcld tendermint show-validator)"
 
@@ -511,7 +514,7 @@ elif [[ "$NODE_TYPE" == "$NT_VALIDATOR" ]]; then
 
     echo -e "\nNext steps:"
     echo -e "\n\t1. If you have an approved NodeAdmin account please run the following command to make the node a validator:"
-    echo -e "\t\t'dcld tx validator add-node --pubkey='$VAL_PUBKEY' --moniker=$NODE_NAME --from=$KEY_NAME'"
+    echo -e "\t\tdcld tx validator add-node --pubkey '$VAL_PUBKEY' --moniker '$NODE_NAME' --from '$KEY_NAME'"
     echo -e "\n\t2. Explore the node external IP and provide it along with validator ID '$VAL_ID'"
     echo -e "\t\t to DCLedger '$CHAIN_ID' network validator administrators"
 

deployment/scripts/test_peers_conn

@@ -19,14 +19,18 @@ set -o pipefail
 TIMEOUT_DEF=3
 PERSISTENT_PEERS_FILE="${1:-./persistent_peers.txt}"
 
-TIMEOUT="${TIMEOUT:-TIMEOUT_DEF}"
+TIMEOUT="${TIMEOUT:-$TIMEOUT_DEF}"
 
 PASSED_RES=PASSED
+SKIPPED_RES=SKIPPED
 FAILED_RES=FAILED
-final_res=true
 NETCAT=""
+IP_TOOL=ip
+SELF_IPS=""
 CHECK_TOOL=""
 
+final_res=true
+
 function usage {
   echo "\
 Usage: $0 [persistent-peers-file]
@@ -63,6 +67,13 @@ function test_env {
             exit 1
         fi
     fi
+
+    if [[ -n "$(which "$IP_TOOL")" ]]; then
+        # TODO may fail for specific cases
+        SELF_IPS="$(ip -br -f inet a | grep -v 127.0.0.1 | awk '{print $NF}' | paste -s)"
+    else
+        echo "WARNING: 'ip' tool is not found, skipping self IP filtering"
+    fi
 }
 
 function telnet_check {
@@ -115,7 +126,13 @@ IFS=',' read -a peers <<< "$(cat "$PERSISTENT_PEERS_FILE")"
 for peer in "${peers[@]}"
 do
     IFS=':' read -a _arr <<< "$(echo "$peer" | cut -d @ -f 2)"
-    res="$(check "${_arr[0]}" "${_arr[1]}")"
+
+    if [[ "$SELF_IPS" == *"${_arr[0]}/"* ]]; then
+        res="$SKIPPED_RES"
+    else
+        res="$(check "${_arr[0]}" "${_arr[1]}")"
+    fi
+
     echo "Connection to peer '${_arr[0]}:${_arr[1]}' $res"
 
     if [[ "$res" == "$FAILED_RES" ]]; then

integration_tests/deploy/Dockerfile

@@ -16,6 +16,9 @@ FROM jrei/systemd-ubuntu:20.04
 
 RUN apt-get update && apt-get install -y \
         sudo \
+        curl \
+        netcat \
+        iproute2 \
     && rm -rf /var/lib/apt/lists/*
 
 # test user

integration_tests/deploy/test_deploy.sh

@@ -22,7 +22,7 @@ source integration_tests/cli/common.sh
 DCL_USER="dcl"
 DCL_USER_HOME="/var/lib/dcl"
 DCL_DIR="$DCL_USER_HOME/.dcl"
-TEST_NODE="test_deploy_node"
+TEST_NODE="test_deploy_vn"
 
 random_string account
 
@@ -56,7 +56,7 @@ docker exec -u "$DCL_USER" "$TEST_NODE" /bin/sh -c "
 
 echo "Configure and start new node"
 docker exec -u "$DCL_USER" "$TEST_NODE" dcld init $TEST_NODE --chain-id  $chain_id
-docker exec -u "$DCL_USER" "$TEST_NODE" ./run_dcl_node -u $DCL_USER -c $chain_id $TEST_NODE
+docker exec -u "$DCL_USER" "$TEST_NODE" ./run_dcl_node -c $chain_id $TEST_NODE
 docker exec "$TEST_NODE" systemctl status dcld
 vaddress=$(docker exec -u "$DCL_USER" "$TEST_NODE" dcld tendermint show-address)
 vpubkey=$(docker exec -u "$DCL_USER" "$TEST_NODE" dcld tendermint show-validator)