Support Nimbus v22.12.0 binary build (eth-educators#1114)

default.env

@@ -138,6 +138,7 @@ MEV_DOCKERFILE=Dockerfile.binary
 # SRC build target can be a tag, a branch, or a pr as "pr-ID"
 NIM_SRC_BUILD_TARGET='$(git describe --tags $(git rev-list --tags --max-count=1))'
 NIM_DOCKER_TAG=multiarch-latest
+NIM_DOCKER_VC_TAG=multiarch-latest
 NIM_DOCKERFILE=Dockerfile.binary
 
 # Teku
@@ -157,6 +158,7 @@ LH_DOCKERFILE=Dockerfile.binary
 # SRC build target can be a tag or a branch
 PRYSM_SRC_BUILD_TARGET='$(git describe --tags $(git rev-list --tags --max-count=1))'
 PRYSM_DOCKER_TAG=stable
+PRYSM_DOCKER_VC_TAG=stable
 PRYSM_DOCKERFILE=Dockerfile.binary
 
 # Lodestar

ethd

@@ -390,10 +390,10 @@ envmigrate() {
             PRYSM_PORT DOPPELGANGER PRYSM_UDP_PORT GRAFANA_PORT KEY_API_PORT TRAEFIK_WEB_PORT TRAEFIK_WEB_HTTP_PORT \
             CL_REST_PORT EL_RPC_PORT EL_WS_PORT EE_PORT ERIGON_TORRENT_PORT LOG_LEVEL JWT_SECRET EL_EXTRAS CL_EXTRAS \
             VC_EXTRAS SSV_P2P_PORT SSV_P2P_PORT_UDP ERIGON_P2P_PORT_2 ERIGON_P2P_PORT_3 )
-    TARGET_VARS=( NIM_SRC_BUILD_TARGET NIM_DOCKER_TAG NIM_DOCKERFILE TEKU_SRC_BUILD_TARGET TEKU_DOCKER_TAG \
+    TARGET_VARS=( NIM_SRC_BUILD_TARGET NIM_DOCKER_TAG NIM_DOCKER_VC_TAG NIM_DOCKERFILE TEKU_SRC_BUILD_TARGET TEKU_DOCKER_TAG \
                 TEKU_DOCKERFILE LH_SRC_BUILD_TARGET LH_DOCKER_TAG LH_DOCKERFILE PRYSM_SRC_BUILD_TARGET \
-                PRYSM_DOCKER_TAG PRYSM_DOCKERFILE ERIGON_SRC_BUILD_TARGET ERIGON_DOCKER_TAG ERIGON_DOCKERFILE \
-                MEV_DOCKERFILE MEV_DOCKER_TAG NIMEL_SRC_BUILD_TARGET NIMEL_DOCKER_TAG NIMEL_DOCKERFILE \
+                PRYSM_DOCKER_TAG PRYSM_DOCKER_VC_TAG PRYSM_DOCKERFILE ERIGON_SRC_BUILD_TARGET ERIGON_DOCKER_TAG \
+                ERIGON_DOCKERFILE MEV_DOCKERFILE MEV_DOCKER_TAG NIMEL_SRC_BUILD_TARGET NIMEL_DOCKER_TAG NIMEL_DOCKERFILE \
                 LS_SRC_BUILD_TARGET LS_DOCKER_TAG LS_DOCKERFILE GETH_SRC_BUILD_TARGET GETH_DOCKER_TAG \
                 GETH_DOCKERFILE NM_SRC_BUILD_TARGET NM_DOCKER_TAG NM_DOCKERFILE BESU_SRC_BUILD_TARGET \
                 BESU_DOCKER_TAG BESU_DOCKERFILE SSV2_NODE_TAG DEPCLI_SRC_BUILD_TARGET DEPCLI_DOCKER_TAG \

nimbus-cl-only.yml

@@ -11,10 +11,12 @@ services:
   consensus:
     restart: "unless-stopped"
     build:
+      target: consensus
       context: ./nimbus
       args:
         - BUILD_TARGET=${NIM_SRC_BUILD_TARGET}
         - DOCKER_TAG=${NIM_DOCKER_TAG}
+        - DOCKER_VC_TAG=${NIM_DOCKER_VC_TAG}
       dockerfile: ${NIM_DOCKERFILE}
     image: nimbus:local
     user: user
@@ -29,6 +31,8 @@ services:
       - JWT_SECRET=${JWT_SECRET}
       - MEV_BOOST=${MEV_BOOST}
       - MEV_NODE=${MEV_NODE}
+      - LOG_LEVEL=${LOG_LEVEL}
+      - DOPPELGANGER=false
       - CL_EXTRAS=${CL_EXTRAS:-}
       - VC_EXTRAS=
     ports:
@@ -52,12 +56,10 @@ services:
       - --web3-url=${EL_NODE}
       - --jwt-secret=/var/lib/nimbus/ee-secret/jwtsecret
       - --graffiti=${GRAFFITI}
-      - --log-level=${LOG_LEVEL}
       - --rest
       - --rest-address=0.0.0.0
       - --rest-port=${CL_REST_PORT:-5052}
       - --enr-auto-update=true
-      - --doppelganger-detection=false
       - --metrics
       - --metrics-port=8008
       - --metrics-address=0.0.0.0

nimbus-vc-only.yml

@@ -11,47 +11,49 @@ services:
   validator:
     restart: "unless-stopped"
     build:
+      target: validator
       context: ./nimbus
       args:
         - BUILD_TARGET=${NIM_SRC_BUILD_TARGET}
         - DOCKER_TAG=${NIM_DOCKER_TAG}
+        - DOCKER_VC_TAG=${NIM_DOCKER_VC_TAG}
       dockerfile: ${NIM_DOCKERFILE}
-    image: nimbus:local
-    user: vc-user
+    image: nimbus-validator:local
+    user: user
     volumes:
-      - nimbus-vc-data:/var/lib/nimbus-vc
+      - nimbus-vc-data:/var/lib/nimbus
       - /etc/localtime:/etc/localtime:ro
       - jwtsecret:/var/lib/nimbus/ee-secret
     environment:
       - MEV_BOOST=${MEV_BOOST}
       - DOPPELGANGER=${DOPPELGANGER}
+      - LOG_LEVEL=${LOG_LEVEL}
       - VC_EXTRAS=${VC_EXTRAS:-}
     <<: *logging
     entrypoint:
       - docker-entrypoint-vc.sh
       - /usr/local/bin/nimbus_validator_client
-      - --data-dir=/var/lib/nimbus-vc
+      - --data-dir=/var/lib/nimbus
       - --non-interactive
       - --beacon-node=${CL_NODE}
       - --graffiti=${GRAFFITI}
-      - --log-level=${LOG_LEVEL}
       - --metrics
       - --metrics-port=8009
       - --metrics-address=0.0.0.0
       - --keymanager
       - --keymanager-port=${KEY_API_PORT:-7500}
       - --keymanager-address=0.0.0.0
       - --keymanager-allow-origin=*
-      - --keymanager-token-file=/var/lib/nimbus-vc/api-token.txt
+      - --keymanager-token-file=/var/lib/nimbus/api-token.txt
       - --suggested-fee-recipient=${FEE_RECIPIENT}
 
   validator-import:
     profiles: ["tools"]
     restart: "no"
-    image: nimbus:local
+    image: nimbus-validator:local
     user: root
     volumes:
-      - nimbus-vc-data:/var/lib/nimbus-vc
+      - nimbus-vc-data:/var/lib/nimbus
       - ./.eth/validator_keys:/validator_keys
       - /etc/localtime:/etc/localtime:ro
     environment:
@@ -60,7 +62,7 @@ services:
     entrypoint:
       - validator-import.sh
       - /usr/local/bin/nimbus_beacon_node
-      - --data-dir=/var/lib/nimbus-vc
+      - --data-dir=/var/lib/nimbus
       - --network=${NETWORK}
       - deposits
       - import
@@ -69,14 +71,14 @@ services:
   validator-exit:
     profiles: ["tools"]
     restart: "no"
-    image: nimbus:local
-    user: vc-user
+    image: nimbus-validator:local
+    user: user
     volumes:
-      - nimbus-vc-data:/var/lib/nimbus-vc
+      - nimbus-vc-data:/var/lib/nimbus
       - /etc/localtime:/etc/localtime:ro
     entrypoint:
       - /usr/local/bin/nimbus_beacon_node
-      - --data-dir=/var/lib/nimbus-vc
+      - --data-dir=/var/lib/nimbus
       - --network=${NETWORK}
       - --log-level=${LOG_LEVEL}
       - deposits
@@ -92,7 +94,7 @@ services:
     image: vc-utils:local
     user: root
     volumes:
-      - nimbus-vc-data:/var/lib/nimbus-vc
+      - nimbus-vc-data:/var/lib/nimbus
       - ./.eth/validator_keys:/validator_keys
       - /etc/localtime:/etc/localtime:ro
     environment:
@@ -102,7 +104,7 @@ services:
       - validator
     entrypoint:
       - keymanager.sh
-      - /var/lib/nimbus-vc/api-token.txt
+      - /var/lib/nimbus/api-token.txt
       - validator
 
 volumes:

nimbus.yml

@@ -11,10 +11,12 @@ services:
   consensus:
     restart: "unless-stopped"
     build:
+      target: consensus
       context: ./nimbus
       args:
         - BUILD_TARGET=${NIM_SRC_BUILD_TARGET}
         - DOCKER_TAG=${NIM_DOCKER_TAG}
+        - DOCKER_VC_TAG=${NIM_DOCKER_VC_TAG}
       dockerfile: ${NIM_DOCKERFILE}
     image: nimbus:local
     user: user
@@ -30,6 +32,7 @@ services:
       - MEV_BOOST=${MEV_BOOST}
       - MEV_NODE=${MEV_NODE}
       - DOPPELGANGER=${DOPPELGANGER}
+      - LOG_LEVEL=${LOG_LEVEL}
       - CL_EXTRAS=${CL_EXTRAS:-}
       - VC_EXTRAS=${VC_EXTRAS:-}
     ports:
@@ -53,7 +56,6 @@ services:
       - --web3-url=${EL_NODE}
       - --jwt-secret=/var/lib/nimbus/ee-secret/jwtsecret
       - --graffiti=${GRAFFITI}
-      - --log-level=${LOG_LEVEL}
       - --rest
       - --rest-address=0.0.0.0
       - --rest-port=${CL_REST_PORT:-5052}

nimbus/Dockerfile.binary

@@ -1,6 +1,7 @@
 ARG DOCKER_TAG
+ARG DOCKER_VC_TAG
 
-FROM statusim/nimbus-eth2:${DOCKER_TAG}
+FROM statusim/nimbus-eth2:${DOCKER_TAG} as consensus
 
 # Included here to avoid build-time complaints
 ARG BUILD_TARGET
@@ -21,30 +22,40 @@ RUN set -eux; \
 # Create data mount point with permissions
 RUN mkdir -p /var/lib/nimbus/ee-secret && chown -R user:user /var/lib/nimbus && chmod -R 700 /var/lib/nimbus && chmod 777 /var/lib/nimbus/ee-secret
 
-ARG USER=vc-user
+# Copy beacon_node into $PATH
+RUN cp /home/user/nimbus_beacon_node /usr/local/bin/nimbus_beacon_node
+COPY ./docker-entrypoint.sh /usr/local/bin/
+USER user
+
+ENTRYPOINT ["nimbus_beacon_node"]
+
+FROM statusim/nimbus-validator-client:${DOCKER_VC_TAG} as validator
+
+# Included here to avoid build-time complaints
+ARG BUILD_TARGET
+
 ARG UID=10000
 
-# See https://stackoverflow.com/a/55757473/12429735RUN
-RUN adduser \
-    --disabled-password \
-    --gecos "" \
-    --home "/nonexistent" \
-    --shell "/sbin/nologin" \
-    --no-create-home \
-    --uid "${UID}" \
-    "${USER}"
+USER root
+
+RUN groupmod -g "${UID}" user && usermod -u "${UID}" -g "${UID}" user
+
+RUN set -eux; \
+        apt-get update; \
+        DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC apt-get install -y gosu ca-certificates bash tzdata; \
+        rm -rf /var/lib/apt/lists/*; \
+# verify that the binary works
+        gosu nobody true
 
 # Create data mount point with permissions
-RUN mkdir -p /var/lib/nimbus-vc && chown -R vc-user:vc-user /var/lib/nimbus-vc && chmod -R 700 /var/lib/nimbus-vc
+RUN mkdir -p /var/lib/nimbus && chown -R user:user /var/lib/nimbus && chmod -R 700 /var/lib/nimbus
 
-# Copy beacon_node into $PATH
-RUN cp /home/user/nimbus-eth2/build/nimbus_beacon_node /usr/local/bin/nimbus_beacon_node
-RUN cp /home/user/nimbus-eth2/build/nimbus_validator_client /usr/local/bin/nimbus_validator_client
+# Copy nimbus_validator_client into $PATH
+RUN cp /home/user/nimbus_validator_client /usr/local/bin/nimbus_validator_client
 # Scripts for privilege change and validator import
-COPY ./validator-import.sh /usr/local/bin/
-COPY ./docker-entrypoint.sh /usr/local/bin/
 COPY ./docker-entrypoint-vc.sh /usr/local/bin/
+COPY ./validator-import.sh /usr/local/bin/
 
 USER user
 
-ENTRYPOINT ["nimbus_beacon_node"]
+ENTRYPOINT ["nimbus_validator_client"]

nimbus/docker-entrypoint-vc.sh

@@ -1,13 +1,13 @@
 #!/usr/bin/env bash
 
 if [ "$(id -u)" = '0' ]; then
-  chown -R vc-user:vc-user /var/lib/nimbus-vc
-  exec gosu vc-user docker-entrypoint-vc.sh "$@"
+  chown -R user:user /var/lib/nimbus
+  exec gosu user docker-entrypoint-vc.sh "$@"
 fi
 
-if [ ! -f /var/lib/nimbus-vc/api-token.txt ]; then
+if [ ! -f /var/lib/nimbus/api-token.txt ]; then
     __token=api-token-0x$(echo $RANDOM | md5sum | head -c 32)$(echo $RANDOM | md5sum | head -c 32)
-    echo "$__token" > /var/lib/nimbus-vc/api-token.txt
+    echo "$__token" > /var/lib/nimbus/api-token.txt
 fi
 
 # Check whether we should enable doppelganger protection
@@ -18,6 +18,8 @@ else
   __doppel="--doppelganger-detection=false"
 fi
 
+__log_level="--log-level=${LOG_LEVEL^^}"
+
 # Word splitting is desired for the command line parameters
 # shellcheck disable=SC2086
-exec "$@" ${__doppel} ${VC_EXTRAS}
+exec "$@" ${__log_level} ${__doppel} ${VC_EXTRAS}

nimbus/docker-entrypoint.sh

@@ -45,6 +45,7 @@ else
   __doppel="--doppelganger-detection=false"
 fi
 
+__log_level="--log-level=${LOG_LEVEL^^}"
 # Word splitting is desired for the command line parameters
 # shellcheck disable=SC2086
-exec "$@" ${__mev_boost} ${__doppel} ${CL_EXTRAS} ${VC_EXTRAS}
+exec "$@" ${__mev_boost} ${__log_level} ${__doppel} ${CL_EXTRAS} ${VC_EXTRAS}

prysm-cl-only.yml

@@ -13,6 +13,7 @@ x-build: &prysm-build
   args:
     - BUILD_TARGET=${PRYSM_SRC_BUILD_TARGET}
     - DOCKER_TAG=${PRYSM_DOCKER_TAG}
+    - DOCKER_VC_TAG=${PRYSM_DOCKER_VC_TAG}
 
 services:
   consensus:

prysm-vc-only.yml

@@ -13,6 +13,7 @@ x-build: &prysm-build
   args:
     - BUILD_TARGET=${PRYSM_SRC_BUILD_TARGET}
     - DOCKER_TAG=${PRYSM_DOCKER_TAG}
+    - DOCKER_VC_TAG=${PRYSM_DOCKER_VC_TAG}
 
 services:
   validator:

prysm.yml

@@ -13,6 +13,7 @@ x-build: &prysm-build
   args:
     - BUILD_TARGET=${PRYSM_SRC_BUILD_TARGET}
     - DOCKER_TAG=${PRYSM_DOCKER_TAG}
+    - DOCKER_VC_TAG=${PRYSM_DOCKER_VC_TAG}
 
 services:
   consensus:

prysm/Dockerfile.binary

@@ -1,4 +1,5 @@
 ARG DOCKER_TAG
+ARG DOCKER_VC_TAG
 FROM prysmaticlabs/prysm-beacon-chain:${DOCKER_TAG} as ccsource
 
 FROM debian:bullseye-slim as consensus
@@ -41,7 +42,7 @@ USER ${USER}
 
 ENTRYPOINT ["beacon-chain"]
 
-FROM prysmaticlabs/prysm-validator:${DOCKER_TAG} as vcsource
+FROM prysmaticlabs/prysm-validator:${DOCKER_VC_TAG} as vcsource
 
 FROM consensus as validator