Update Dockerfile for issue #567.

Hi @Bharathi-Chandrasekaran and @robert.hedler - Please let us know the behaviour with and without these changes so that we can decide the next steps for this MR.

Bharathi-Chandrasekaran commented

2023-11-22 13:24:53 +00:00

(Migrated from gitlab.com)

Hi @bobinson ,

I have verified the docker installation steps with 3 different docker images,

Findings from verification:

1. Image without workaround

The ./run.sh replay & ./run.sh remote_wallet command failed with below error message

root@peerplays-testnet-04:~/peerplays-docker# ./run.sh replay
[2023-11-20 16:34:14 UTC]  -> Removing old container 'seed'
[2023-11-20 16:34:14 UTC]  -> Running peerplays (image: datasecuritynode/peerplays:nofix) with replay in container 'seed'...
88765ab167014210891e9e04a14fa5bd86c1579583d948a34edd9189e416b82e
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "witness_node": executable file not found in $PATH: unknown.
[2023-11-20 16:34:15 UTC]  -> Started.

The run.sh replay & remote_wallet command from peerplays-docker fails because the witness_node and cli_wallet are not in $PATH. Thus, the fix has to be added into the Docker File

Reason: run.sh overrides CMD while starting the container.

# Peerplays CMD ["./witness_node", "-d", "./witness_node_data_dir"]

Attaching the screenshot for reference.
Before Fix1:

2.Image with fix1 - `ENV PATH="${PATH}:/home/peerplays/peerplays-network"

While using the docker image with fix1, the issue mentioned above is resolved. However, while executing run.sh remote_wallet a new issue was encountered,

root@peerplays-testnet-04:~/docker_with_fix_1/peerplays-docker# ./run.sh remote_wallet
Logging RPC to file: logs/rpc/rpc.log
Starting a new wallet with chain ID 6b6b5f0ce7a36d323768e534f3edb41c6d6332a541a95725b98e28d140850134 (from egenesis)
0 exception: unspecified
TLS handshake failed
    {"message":"TLS handshake failed"}
    asio  websocket.cpp:436 operator()

    {"uri":"wss://ca.peerplays.info/"}
    th_a  websocket.cpp:662 secure_connect

    {"uri":"wss://ca.peerplays.info/"}
    th_a  websocket.cpp:635 connect

TLS broke down on Ubuntu 20. This might be related to the FC library issue which has been merged-https://gitlab.com/PBSA/tools-libs/peerplays-fc/-/merge_requests/30

@serkixenos Could you please confirm whether this TLS issue is already fixed or this workaround to solve TLS issue has to be added into the dockerfile?

Attaching screen shot for reference:

3.Image with fix1+fix2

ENV PATH="${PATH}:/home/peerplays/peerplays-network"
RUN sed -i '/^oid_section.*/a openssl_conf=default_conf' /etc/ssl/openssl.cnf
RUN sed -i '/^ess_cert_id_alg.*/a\[default_conf]\nssl_conf=ssl_sect\n[ssl_sect]\nsystem_default=system_default_sect\n[system_default_sect]\nMinProtocol=TLSv1\nCipherString=DEFAULT@SECLEVEL=1' /etc/ssl/openssl.cnf

While using the docker image with the above mentioned fixes, both the issues were resolved.
Attaching screenshot for reference.

cc: @robert.hedler , Thanks for providing the images and steps to verify the issue. Could you please check the findings above and add your points (if necessary)?

@christophersanborn Thanks for your help in debugging the issue.

Hi @bobinson , I have verified the docker installation steps with 3 different docker images, **Findings from verification:** **1. Image without workaround** - The ./run.sh replay & ./run.sh remote_wallet command failed with below error message ``` root@peerplays-testnet-04:~/peerplays-docker# ./run.sh replay [2023-11-20 16:34:14 UTC] -> Removing old container 'seed' [2023-11-20 16:34:14 UTC] -> Running peerplays (image: datasecuritynode/peerplays:nofix) with replay in container 'seed'... 88765ab167014210891e9e04a14fa5bd86c1579583d948a34edd9189e416b82e docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: exec: "witness_node": executable file not found in $PATH: unknown. [2023-11-20 16:34:15 UTC] -> Started. ``` The `run.sh` replay & remote_wallet command from **peerplays-docker** fails because the witness_node and cli_wallet are not in $PATH. Thus, the fix has to be added into the Docker File **Reason:** run.sh overrides CMD while starting the container. `# Peerplays CMD ["./witness_node", "-d", "./witness_node_data_dir"] ` Attaching the screenshot for reference. Before Fix1:![Failed-without-workaround](/uploads/3f91a08b4bac1f45bccd28030738f410/Failed-without-workaround.JPG) **2.Image with fix1 - `ENV PATH="${PATH}:/home/peerplays/peerplays-network"** While using the docker image with fix1, the issue mentioned above is resolved. However, while executing run.sh remote_wallet a new issue was encountered, ``` root@peerplays-testnet-04:~/docker_with_fix_1/peerplays-docker# ./run.sh remote_wallet Logging RPC to file: logs/rpc/rpc.log Starting a new wallet with chain ID 6b6b5f0ce7a36d323768e534f3edb41c6d6332a541a95725b98e28d140850134 (from egenesis) 0 exception: unspecified TLS handshake failed {"message":"TLS handshake failed"} asio websocket.cpp:436 operator() {"uri":"wss://ca.peerplays.info/"} th_a websocket.cpp:662 secure_connect {"uri":"wss://ca.peerplays.info/"} th_a websocket.cpp:635 connect ``` TLS broke down on Ubuntu 20. This might be related to the FC library issue which has been merged-https://gitlab.com/PBSA/tools-libs/peerplays-fc/-/merge_requests/30 @serkixenos Could you please confirm whether this TLS issue is already fixed or this workaround to solve TLS issue has to be added into the dockerfile? Attaching screen shot for reference:![After-fix-1](/uploads/301204c50ea352f3bd456c4f17883f5b/After-fix-1.JPG) **3.Image with fix1+fix2** ``` ENV PATH="${PATH}:/home/peerplays/peerplays-network" RUN sed -i '/^oid_section.*/a openssl_conf=default_conf' /etc/ssl/openssl.cnf RUN sed -i '/^ess_cert_id_alg.*/a\[default_conf]\nssl_conf=ssl_sect\n[ssl_sect]\nsystem_default=system_default_sect\n[system_default_sect]\nMinProtocol=TLSv1\nCipherString=DEFAULT@SECLEVEL=1' /etc/ssl/openssl.cnf ``` While using the docker image with the above mentioned fixes, both the issues were resolved. Attaching screenshot for reference. ![With-Both-Fixes](/uploads/9679ab5dbc0fd3cc6e9eaf37ee63e191/With-Both-Fixes.JPG) cc: @robert.hedler , Thanks for providing the images and steps to verify the issue. Could you please check the findings above and add your points (if necessary)? @christophersanborn Thanks for your help in debugging the issue.

serkixenos commented

2023-11-22 23:46:28 +00:00

(Migrated from gitlab.com)

@Bharathi-Chandrasekaran Can you doublecheck that run.sh is actually building docker image using the Dockerfile from this project repo, or the Dockerfile in peerplays-docker project repo? Can you please share docker build log? Did you also consider that, if run.sh actually builds the image from the Dockerfile from this project repo, the run.sh might also try to use WORKDIR clearly stated in a Dockerfile? Is this also a solution?

Regarding SSL, what you are doing with this fix is decreasing SSL security on operating system level. SSL problem is resolved with https://gitlab.com/PBSA/tools-libs/peerplays-fc/-/merge_requests/30, an this one decreases SSL security on the executable level. What needs to be done here is to verify that the fix is included in the fc library version that is used for building Peerplays. Start with git submodule status, inspect commit IDs, verify that MR 30 is actually included, and if it is not, update the FC library to include it, and your problem will be resolved.

@Bharathi-Chandrasekaran Can you doublecheck that run.sh is actually building docker image using the Dockerfile from this project repo, or the Dockerfile in peerplays-docker project repo? Can you please share docker build log? Did you also consider that, if run.sh actually builds the image from the Dockerfile from this project repo, the run.sh might also try to use WORKDIR clearly stated in a Dockerfile? Is this also a solution? Regarding SSL, what you are doing with this fix is decreasing SSL security on operating system level. SSL problem is resolved with https://gitlab.com/PBSA/tools-libs/peerplays-fc/-/merge_requests/30, an this one decreases SSL security on the executable level. What needs to be done here is to verify that the fix is included in the fc library version that is used for building Peerplays. Start with `git submodule status`, inspect commit IDs, verify that MR 30 is actually included, and if it is not, update the FC library to include it, and your problem will be resolved.

Bharathi-Chandrasekaran commented

2023-11-26 01:20:11 +00:00

(Migrated from gitlab.com)

Hi @serkixenos ,

The Dockerfile used by run.sh to build docker image is from the peerplays-docker repository.
But, the repo has Dockerfile in three different sub-directory dkr, dkr_fullnode, dkr_local.

i) Values taken from .env file are,

A.LOCAL folder containing Dockerfile for ./run.sh build

DOCKER_DIR="$DIR/dkr"

B. Remote docker tags to pull when running ./run.sh install OR ./run.sh install_full with no arguments, respectively

DK_TAG="peerplays/peerplays-mainnet:latest"

ii) Values taken from run.sh,

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${DOCKER_DIR="$DIR/dkr"}
: ${FULL_DOCKER_DIR="$DIR/dkr_fullnode"}
: ${DATADIR="$DIR/data"}
: ${DOCKER_NAME="seed"}
: ${DOCKER_BITCOIN_NAME="bitcoind-node"}
: ${DOCKER_BITCOIN_VOLUME="bitcoind-data"}
: ${DOCKER_NETWORK="son"}
: ${SON_WALLET="son-wallet"}
: ${BTC_REGTEST_KEY="cSKyTeXidmj93dgbMFqgzD7yvxzA7QAYr5j9qDnY9seyhyv7gH2m"}

# the tag to use when running/replaying peerplaysd
: "${DOCKER_IMAGE="peerplays/peerplays-mainnet:latest"}"

@robert.hedler , could you please confirm the repository location?

I checked the merge request for openSSL and it has not been included into develop branch.

The steps suggested by Robert to verify the issue are as follows:

git clone https://gitlab.com/PBSA/tools-libs/peerplays-docker.git
cd peerplays-docker/
cp example.env .env

vim .env // updated env to the below value

DOCKER_IMAGE="datasecuritynode/peerplays:nofix" // Changed the image to check the fix

REMOTE_WS="wss://ca.peerplays.info/"

DK_TAG="datasecuritynode/peerplays:nofix" // Changed the tag to check the fix

sudo ./run.sh install

sudo ./run.sh replay

sudo ./run.sh logs

sudo ./run.sh stop

vim data/witness_node_data_dir/config.ini // updated the below value
`

p2p-endpoint = 0.0.0.0:9777

rpc-endpoint = 127.0.0.1:8090

seed-node = ca.peerplays.info:9777

seed-node = de.peerplays.xyz:9777

seed-node = pl.peerplays.org:9777

seed-nodes = []

sudo ./run.sh replay
sudo ./run.sh remote_wallet

Hi @serkixenos , 1. The Dockerfile used by run.sh to build docker image is from the peerplays-docker repository. But, the repo has Dockerfile in three different sub-directory dkr, dkr_fullnode, dkr_local. i) Values taken from `.env `file are, **A.LOCAL folder containing Dockerfile for ./run.sh build** ` DOCKER_DIR="$DIR/dkr" ` **B. Remote docker tags to pull when running ./run.sh install OR ./run.sh install_full with no arguments, respectively** ` DK_TAG="peerplays/peerplays-mainnet:latest" ` ii) Values taken from `run.sh`, ```shell DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" : ${DOCKER_DIR="$DIR/dkr"} : ${FULL_DOCKER_DIR="$DIR/dkr_fullnode"} : ${DATADIR="$DIR/data"} : ${DOCKER_NAME="seed"} : ${DOCKER_BITCOIN_NAME="bitcoind-node"} : ${DOCKER_BITCOIN_VOLUME="bitcoind-data"} : ${DOCKER_NETWORK="son"} : ${SON_WALLET="son-wallet"} : ${BTC_REGTEST_KEY="cSKyTeXidmj93dgbMFqgzD7yvxzA7QAYr5j9qDnY9seyhyv7gH2m"} # the tag to use when running/replaying peerplaysd : "${DOCKER_IMAGE="peerplays/peerplays-mainnet:latest"}" ``` @robert.hedler , could you please confirm the repository location? 2. I checked the merge request for openSSL and it has not been included into develop branch. ![Merge-request-Failed](/uploads/737d89bb0cf0d0130fe243a47e804f58/Merge-request-Failed.JPG) ![OpenSSL-status-Cancelled](/uploads/859c9754ede8d89ab30d580c5aeddfb7/OpenSSL-status-Cancelled.JPG) **The steps suggested by Robert to verify the issue are as follows:** ``` git clone https://gitlab.com/PBSA/tools-libs/peerplays-docker.git cd peerplays-docker/ cp example.env .env ``` `vim .env ` // updated env to the below value ``` DOCKER_IMAGE="datasecuritynode/peerplays:nofix" // Changed the image to check the fix REMOTE_WS="wss://ca.peerplays.info/" DK_TAG="datasecuritynode/peerplays:nofix" // Changed the tag to check the fix ``` ``` sudo ./run.sh install sudo ./run.sh replay sudo ./run.sh logs sudo ./run.sh stop ``` `vim data/witness_node_data_dir/config.ini` // updated the below value ` ``` p2p-endpoint = 0.0.0.0:9777 rpc-endpoint = 127.0.0.1:8090 seed-node = ca.peerplays.info:9777 seed-node = de.peerplays.xyz:9777 seed-node = pl.peerplays.org:9777 seed-nodes = [] ``` ``` sudo ./run.sh replay sudo ./run.sh remote_wallet ```

Bharathi-Chandrasekaran commented

2023-12-11 14:13:46 +00:00

(Migrated from gitlab.com)

Hi @robert.hedler ,

Could you please provide your input for the comment?

https://gitlab.com/PBSA/peerplays/-/merge_requests/253#note_1663082402

Hi @robert.hedler , Could you please provide your input for the comment? https://gitlab.com/PBSA/peerplays/-/merge_requests/253#note_1663082402

serkixenos (Migrated from gitlab.com) closed this pull request

2024-02-24 03:15:55 +00:00

Pull request closed

Please reopen this pull request to perform a merge.

Update Dockerfile for issue #567. #833

Pull request closed