node preparation basic script

Signed-off-by: Uncle Stinky <uncle.stinky@ghostchain.io>
This commit is contained in:
Uncle Stinky 2024-10-06 21:32:47 +03:00
parent a025d3b032
commit ba848bd479
Signed by: st1nky
GPG Key ID: 016064BD97603B40
2 changed files with 233 additions and 0 deletions

195
scripts/local-builder.sh Executable file
View File

@ -0,0 +1,195 @@
#!/bin/bash
set -e
UNIT_FILE=false
SKIP_BUILD=false
EXECUTABLE_PATH="/usr/bin/"
SPECIFICATION_PATH="/etc/ghost/"
SPECIFICATION_NAME="casper"
TARGET="debug"
CURRENT_PATH=$(pwd)
CURRENT_SCRIPT=$(realpath "$0")
SCRIPT_FOLDER=$(dirname "$CURRENT_SCRIPT")
PROJECT_FOLDER=("$SCRIPT_FOLDER/..")
prompt() {
while true; do
printf "$1 [y/N]: "
read yn
case $yn in
[Yy]* ) return 0;;
* ) return 1;;
esac
done
}
clear
echo " ____ _ _ _ _ _"
echo " / ___| |__ ___ ___| |_ | \ | | ___ __| | ___"
echo "| | _| '_ \ / _ \/ __| __| | \| |/ _ \ / _' |/ _ \\"
echo "| |_| | | | | (_) \__ \ |_ | |\ | (_) | (_| | __/"
echo " \____|_| |_|\___/|___/\__| |_| \_|\___/ \__,_|\___|"
echo -e "\n"
while [ $# -gt 0 ]; do
case "$1" in
--unit-file|-u)
UNIT_FILE=true
;;
--make-global|-m)
MAKE_GLOBAL=true
;;
--arguments|-a)
ARGUMENTS=true
;;
--release|-r)
RELEASE="--release"
TARGET="release"
;;
--profile*|-p*)
if [[ "$1" != *=* ]]; then shift; fi
RELEASE="--profile=${1#*=}"
TARGET="${1#*=}"
;;
--feature*|-f*)
if [[ "$1" != *=* ]]; then shift; fi
FEATURES="--features=${1#*=}"
;;
--executable-path*|-e*)
if [[ "$1" != *=* ]]; then shift; fi
EXECUTABLE_PATH=$(echo ${1#*=}/ | tr -s /)
;;
--specification-path*|-f*)
if [[ "$1" != *=* ]]; then shift; fi
SPECIFICATION_PATH=$(echo ${1#*=}/ | tr -s /)
;;
--specification-name*|-n*) if [[ "$1" != *=* ]]; then shift; fi
SPECIFICATION_NAME="${1#*=}"
;;
--help|-h)
echo "Ghost Node Build automation tool."
echo -e "Use wisely, the main purpose of this script is to help people not to mess up with pathes/folders to the ghost node.\n"
echo "Options:"
echo -e "-b, --skip-build\n\tSkip build only copying."
echo -e "-e, --executable-path\n\tPath to executable ('/usr/lib/' is default)."
echo -e "-a, --specification-path\n\tPath to specification ('/etc/ghost' is default)."
echo -e "-n, --specification-name\n\tSpecification name to be used ('casper' is default)."
echo -e "-r, --release\n\tBuild optimized artifacts with the release profile."
echo -e "-p, --profile\n\tBuild with the given and predefined profile."
echo -e "-h, --help\n\tPrints help information."
exit 0
;;
*)
echo -e "[-] Wrong arguments\n"
echo "Ghost Node Build automation tool."
echo -e "Use wisely, the main purpose of this script is to help people not to mess up with pathes/folders to the ghost node.\n"
echo "Options:"
echo -e "-b, --skip-build\n\tSkip build only copying."
echo -e "-e, --executable-path\n\tPath to executable ('/usr/lib/' is default)."
echo -e "-a, --specification-path\n\tPath to specification ('/etc/ghost' is default)."
echo -e "-n, --specification-name\n\tSpecification name to be used ('casper' is default)."
echo -e "-r, --release\n\tBuild optimized artifacts with the release profile."
echo -e "-p, --profile\n\tBuild with the given and predefined profile."
echo -e "-h, --help\n\tPrints help information."
exit 1
;;
esac
shift
done
if [[ ! -z $RELEASE ]]; then
if prompt "[?] 'cargo build $RELEASE $FEATURES' is what you want?"; then
cd $PROJECT_FOLDER
echo "[+] Starting build in 3 seconds..."
sleep 3
cargo build $RELEASE $FEATURES
fi
fi
if [[ $MAKE_GLOBAL = true ]]; then
cd $PROJECT_FOLDER
sudo cp target/$TARGET/ghost $EXECUTABLE_PATH
cp service/chain-specs/$SPECIFICATION_NAME.json $SPECIFICATION_PATH
cd $SCRIPT_FOLDER
cp packaging/environment $SPECIFICATION_PATH
echo "[+] ghost executable copied in '$EXECUTABLE_PATH' from '$TARGET'"
echo "[+] specification '$SPECIFICATION_NAME.json' copied to '$SPECIFICATION_PATH'"
echo "[+] default CLI arguments exported into '$SPECIFICATION_NAME'"
fi
if [ $UNIT_FILE = true ]; then
cd $SCRIPT_FOLDER
read -p "[?] name for the unit file (default: ghost-node.service) " unit_name
if [ -z $unit_name ]; then
unit_name="ghost-node"
fi
unit_name=$(echo "$unit_name" | sed -e "s/.service//g")
unit_name="$unit_name.service"
cp /packaging/template.service /etc/systemd/user
sudo systemctl daemon-reload
if prompt "[?] do you want to start the $unit_name?"; then
sudo systemctl restart $unit_name
fi
if prompt "[?] do you want to enable the $unit_name?"; then
sudo systemctl enable $unit_name
fi
fi
if [[ $ARGUMENTS = true ]]; then
echo "[+] setting-up basic CLI arguments"
CLI_ARGS=()
read -p "[?] specify p2p protocol TCP port (default: 30333): " port
CLI_ARGS+=("--port=${port:-30333}")
read -p "[?] specify JSON-RPC server TCP port: (default: 9945): " rpc_port
CLI_ARGS+=("--rpc-port=${rpc_port:-9945}")
read -p "[?] specify the chain specification (default: /etc/ghost/casper.json): " chain
CLI_ARGS+=("--chain=${chain:-/etc/ghost/casper.json}")
read -p "[?] specify file from which to read the node's secret key for p2p networking (default: /etc/ghost/node-key): " node_key
CLI_ARGS+=("--node-key-file=${node_key:-/etc/ghost/node-key}")
read -p "[?] specify name for the node (default: RANDOM_NAME): " node_name
if [[ ! -z $node_name ]]; then
CLI_ARGS+=("--name='$node_name'")
fi
read -p "[?] specify custom base path for the node (default: /var/lib/ghost): " base_path
CLI_ARGS+=("--base-path=${base_path:-/var/lib/ghost}")
if prompt "[?] enable validator mode?"; then
CLI_ARGS+=("--validator")
fi
if prompt "[?] enable prometheus?"; then
read -p "[?] specify prometheus exporter TCP port: (default: 9615)" prometheus_port
CLI_ARGS+=("--prometheus-port=${prometheus_port:-9615}")
else
CLI_ARGS+=("--no-prometheus")
fi
# default for now
CLI_ARGS+=("--state-prunning=archieve")
CLI_ARGS+=("--rpc-external=local")
CLI_ARGS+=("--rpc-methods=auto")
CLI_ARGS+=("--no-telemetry")
CLI_ARGS+=("--no-private-ip")
CLI_ARGS+=("--no-mdns")
CLI_ARGS+=("--no-hardware-benchmarks")
sudo echo "GHOST_CLI_ARGS=\"$(IFS=' '; echo "${CLI_ARGS[*]}")\"" > /etc/default/ghost
echo "[+] new CLI arguments stored in '/etc/default/ghost'"
cat /etc/default/ghost
fi
# back to the starting point
cd $CURRENT_PATH
echo "[+] execution finished"

View File

@ -0,0 +1,38 @@
[Unit]
Description=Ghost Node
After=network.target
Documentation=https://git.ghostchain.io/ghostchain/ghost-node
[Service]
EnvironmentFile=-/etc/default/ghost
ExecStart=/usr/bin/ghost $GHOST_CLI_ARGS
User=ghost
Group=ghost
Restart=always
RestartSec=30
TODO CapabilityBoundingSet=
LockPersonality=true
NoNewPrivileges=true
PrivateDevices=true
PrivateMounts=true
PrivateTmp=true
PrivateUsers=true
ProtectClock=true
ProtectControlGroups=true
ProtectHostname=true
ProtectKernelModules=true
ProtectKernelTunables=true
TODO ProtectSystem=strict
RemoveIPC=true
TODO RestrictAddressFamilies=AF_INET AF_INET6 AF_NETLINK AF_UNIX
gRestrictNamespaces=false
RestrictSUIDSGID=true
SystemCallArchitectures=native
SystemCallFilter=@system-service
SystemCallFilter=landlock_add_rule landlock_create_ruleset landlock_restrict_self seccomp mount umount2
SystemCallFilter=~@clock @module @reboot @swap @privileged
SystemCallFilter=pivot_root
UMask=0027
[Install]
WantedBy=multi-user.target