Removed user on build, added user on run

2026-01-01 04:25:58 -08:00 · 2018-10-11 13:45:51 -04:00
parent c6a3798b69
commit 6f535d575d
8 changed files with 96 additions and 96 deletions
--- a/doc/INSTALL-MANUAL-STEPS.md
+++ b/doc/INSTALL-MANUAL-STEPS.md
@@ -49,8 +49,8 @@ vi pycoin_docker/env.properties
 sudo useradd cyphernode
 mkdir ~/btcproxydb ; sudo chown -R cyphernode:debian ~/btcproxydb ; sudo chmod g+ws ~/btcproxydb
 docker build -t proxycronimg cron_docker/.
-docker build -t btcproxyimg --build-arg USER_ID=$(id -u cyphernode) --build-arg GROUP_ID=$(id -g cyphernode) proxy_docker/.
+docker build -t btcproxyimg proxy_docker/.
-docker build -t pycoinimg --build-arg USER_ID=$(id -u cyphernode) --build-arg GROUP_ID=$(id -g cyphernode) pycoin_docker/.
+docker build -t pycoinimg pycoin_docker/.
 ```
 ## Build images from Satoshi Portal's dockers repo
@@ -75,16 +75,16 @@ rpcwallet=ln01.dat
 ```shell
 vi config
-mkdir ~/.lightning
+mkdir ~/lndata
-cp config ~/.lightning/
+cp config ~/lndata/
-sudo chown -R cyphernode:debian ~/.lightning ; sudo chmod g+ws ~/.lightning
+sudo chown -R cyphernode:debian ~/lndata ; sudo chmod g+ws ~/lndata
-sudo find ~/.lightning -type d -exec chmod 2775 {} \; ; sudo find ~/.lightning -type f -exec chmod g+rw {} \;
+sudo find ~/lndata -type d -exec chmod 2775 {} \; ; sudo find ~/lndata -type f -exec chmod g+rw {} \;
-docker build -t clnimg --build-arg USER_ID=$(id -u cyphernode) --build-arg GROUP_ID=$(id -g cyphernode) .
+docker build -t clnimg .
 cd ../../bitcoin-core/
-mkdir ~/.bitcoin
+mkdir ~/btcdata
-sudo chown -R cyphernode:debian ~/.bitcoin ; sudo chmod g+ws ~/.bitcoin
+sudo chown -R cyphernode:debian ~/btcdata ; sudo chmod g+ws ~/btcdata
-sudo find ~/.bitcoin -type d -exec chmod 2775 {} \; ; sudo find ~/.bitcoin -type f -exec chmod g+rw {} \;
+sudo find ~/btcdata -type d -exec chmod 2775 {} \; ; sudo find ~/btcdata -type f -exec chmod g+rw {} \;
-docker build -t btcnode --build-arg USER_ID=$(id -u cyphernode) --build-arg GROUP_ID=$(id -g cyphernode) --build-arg CORE_VERSION="0.16.3" .
+docker build -t btcnode .
 ```
 ## Mount bitcoin data volume and make sure bitcoin configuration is ok
@@ -92,8 +92,8 @@ docker build -t btcnode --build-arg USER_ID=$(id -u cyphernode) --build-arg GROU
 (Watcher and spender is the same bitcoin node, with different wallets)
 ```shell
-sudo mount /dev/vdc ~/.bitcoin/
+sudo mount /dev/vdc ~/btcdata/
-vi ~/.bitcoin/bitcoin.conf
+vi ~/btcdata/bitcoin.conf
 ```
 *Make sure testnet, rpcuser and rpcpassword have the same value as in c-lightning node's bitcoin.conf file (see above)*
@@ -119,16 +119,16 @@ walletnotify=curl cyphernode:8888/conf/%s
 ```shell
 cd ~/cyphernode/
-docker stack deploy --compose-file docker-compose.yml cyphernodestack
+USER=`id -u cyphernode`:`id -g cyphernode` docker stack deploy --compose-file docker-compose.yml cyphernodestack
 ```
 ## Wait a few minutes and re-apply permissions
 ```shell
-sudo chown -R cyphernode:debian ~/.lightning ; sudo chmod g+ws ~/.lightning
+sudo chown -R cyphernode:debian ~/lndata ; sudo chmod g+ws ~/lndata
-sudo chown -R cyphernode:debian ~/.bitcoin ; sudo chmod g+ws ~/.bitcoin
+sudo chown -R cyphernode:debian ~/btcdata ; sudo chmod g+ws ~/btcdata
-sudo find ~/.lightning -type d -exec chmod 2775 {} \; ; sudo find ~/.lightning -type f -exec chmod g+rw {} \;
+sudo find ~/lndata -type d -exec chmod 2775 {} \; ; sudo find ~/lndata -type f -exec chmod g+rw {} \;
-sudo find ~/.bitcoin -type d -exec chmod 2775 {} \; ; sudo find ~/.bitcoin -type f -exec chmod g+rw {} \;
+sudo find ~/btcdata -type d -exec chmod 2775 {} \; ; sudo find ~/btcdata -type f -exec chmod g+rw {} \;
  ```
 ## Test the deployment
--- a/doc/INSTALL.md
+++ b/doc/INSTALL.md
@@ -81,7 +81,7 @@ debian@dev:~/dev/Cyphernode$ vi pycoin_docker/env.properties
 **Edit docker-compose.yml to specify special deployment constraints or if you want to run the Bitcoin node on the same machine: uncomment corresponding lines.**
 ```shell
-debian@dev:~/dev/Cyphernode$ docker stack deploy --compose-file docker-compose.yml cyphernodestack
+debian@dev:~/dev/Cyphernode$ USER=`id -u cyphernode`:`id -g cyphernode` docker stack deploy --compose-file docker-compose.yml cyphernodestack
 Creating service cyphernodestack_cyphernode
 Creating service cyphernodestack_proxycronnode
 Creating service cyphernodestack_pycoinnode
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,11 +11,12 @@ services:
    volumes:
      # Variable substitutions don't work
      # Match with DB_PATH in proxy_docker/env.properties
-      - "~/btcproxydb:/proxyuser/db"
+      - "~/btcproxydb:/proxy/db"
-      - "~/.lightning:/proxyuser/.lightning"
+      - "~/lndata:/proxy/.lightning"
 #    deploy:
 #      placement:
 #        constraints: [node.hostname==dev]
    command: $USER /proxy/startproxy.sh
    networks:
      - cyphernodenet
@@ -40,6 +41,7 @@ services:
 #    deploy:
 #      placement:
 #        constraints: [node.hostname==dev]
    command: $USER /pycoin/startpycoin.sh
    networks:
      - cyphernodenet
@@ -49,10 +51,11 @@ services:
    ports:
      - "9735:9735"
    volumes:
-      - "~/.lightning:/lnuser/.lightning"
+      - "~/lndata:/.lightning"
 #    deploy:
 #      placement:
 #        constraints: [node.hostname==dev]
    command: $USER lightningd
    networks:
      - cyphernodenet
@@ -66,7 +69,8 @@ services:
 #      - "8333:8333"
 #      - "8332:8332"
    volumes:
-      - "~/.bitcoin:/bitcoinuser/.bitcoin"
+      - "~/btcdata:/.bitcoin"
    command: $USER bitcoind
    networks:
      - cyphernodenet
--- a/proxy_docker/Dockerfile
+++ b/proxy_docker/Dockerfile
@@ -1,56 +1,58 @@
 FROM alpine
-ARG USER_ID
+#ARG USER_ID
-ARG GROUP_ID
+#ARG GROUP_ID
-ENV USERNAME proxyuser
+#ENV USERNAME proxyuser
-ENV HOME /${USERNAME}
+ENV HOME /proxy
-ENV USER_ID ${USER_ID:-1000}
+#ENV USER_ID ${USER_ID:-1000}
-ENV GROUP_ID ${GROUP_ID:-1000}
+#ENV GROUP_ID ${GROUP_ID:-1000}
-RUN addgroup -g ${GROUP_ID} ${USERNAME} \
+#RUN addgroup -g ${GROUP_ID} ${USERNAME} \
-    && adduser -u ${USER_ID} -G ${USERNAME} -D -s /bin/sh -h ${HOME} ${USERNAME}
+#    && adduser -u ${USER_ID} -G ${USERNAME} -D -s /bin/sh -h ${HOME} ${USERNAME}
 RUN apk add --update --no-cache \
    sqlite \
    jq \
-    curl
+    curl \
    su-exec
-COPY --chown=proxyuser app/script/callbacks_job.sh ${HOME}/callbacks_job.sh
+COPY app/script/callbacks_job.sh ${HOME}/callbacks_job.sh
-COPY --chown=proxyuser app/script/blockchainrpc.sh ${HOME}/blockchainrpc.sh
+COPY app/script/blockchainrpc.sh ${HOME}/blockchainrpc.sh
-COPY --chown=proxyuser app/script/call_lightningd.sh ${HOME}/call_lightningd.sh
+COPY app/script/call_lightningd.sh ${HOME}/call_lightningd.sh
-COPY --chown=proxyuser app/script/bitcoin.sh ${HOME}/bitcoin.sh
+COPY app/script/bitcoin.sh ${HOME}/bitcoin.sh
-COPY --chown=proxyuser app/script/requesthandler.sh ${HOME}/requesthandler.sh
+COPY app/script/requesthandler.sh ${HOME}/requesthandler.sh
-COPY --chown=proxyuser app/script/watchrequest.sh ${HOME}/watchrequest.sh
+COPY app/script/watchrequest.sh ${HOME}/watchrequest.sh
-COPY --chown=proxyuser app/script/walletoperations.sh ${HOME}/walletoperations.sh
+COPY app/script/walletoperations.sh ${HOME}/walletoperations.sh
-COPY --chown=proxyuser app/script/confirmation.sh ${HOME}/confirmation.sh
+COPY app/script/confirmation.sh ${HOME}/confirmation.sh
-COPY --chown=proxyuser app/config/watcher_btcnode_curlcfg.properties ${HOME}/watcher_btcnode_curlcfg.properties
+COPY app/config/watcher_btcnode_curlcfg.properties ${HOME}/watcher_btcnode_curlcfg.properties
-COPY --chown=proxyuser app/config/spender_btcnode_curlcfg.properties ${HOME}/spender_btcnode_curlcfg.properties
+COPY app/config/spender_btcnode_curlcfg.properties ${HOME}/spender_btcnode_curlcfg.properties
-COPY --chown=proxyuser app/config/config.properties ${HOME}/config.properties
+COPY app/config/config.properties ${HOME}/config.properties
-COPY --chown=proxyuser app/script/startproxy.sh ${HOME}/startproxy.sh
+COPY app/script/startproxy.sh ${HOME}/startproxy.sh
-COPY --chown=proxyuser app/script/trace.sh ${HOME}/trace.sh
+COPY app/script/trace.sh ${HOME}/trace.sh
-COPY --chown=proxyuser app/script/sendtobitcoinnode.sh ${HOME}/sendtobitcoinnode.sh
+COPY app/script/sendtobitcoinnode.sh ${HOME}/sendtobitcoinnode.sh
-COPY --chown=proxyuser app/script/responsetoclient.sh ${HOME}/responsetoclient.sh
+COPY app/script/responsetoclient.sh ${HOME}/responsetoclient.sh
-COPY --chown=proxyuser app/script/importaddress.sh ${HOME}/importaddress.sh
+COPY app/script/importaddress.sh ${HOME}/importaddress.sh
-COPY --chown=proxyuser app/script/sql.sh ${HOME}/sql.sh
+COPY app/script/sql.sh ${HOME}/sql.sh
-COPY --chown=proxyuser app/data/watching.sql ${HOME}/watching.sql
+COPY app/data/watching.sql ${HOME}/watching.sql
-COPY --chown=proxyuser app/script/computefees.sh ${HOME}/computefees.sh
+COPY app/script/computefees.sh ${HOME}/computefees.sh
-COPY --chown=proxyuser app/script/unwatchrequest.sh ${HOME}/unwatchrequest.sh
+COPY app/script/unwatchrequest.sh ${HOME}/unwatchrequest.sh
-COPY --chown=proxyuser app/script/getactivewatches.sh ${HOME}/getactivewatches.sh
+COPY app/script/getactivewatches.sh ${HOME}/getactivewatches.sh
-COPY --chown=proxyuser app/script/utils.sh ${HOME}/utils.sh
+COPY app/script/utils.sh ${HOME}/utils.sh
-COPY --chown=proxyuser app/script/manage_missed_conf.sh ${HOME}/manage_missed_conf.sh
+COPY app/script/manage_missed_conf.sh ${HOME}/manage_missed_conf.sh
-COPY --chown=proxyuser app/script/tests.sh ${HOME}/tests.sh
+COPY app/script/tests.sh ${HOME}/tests.sh
-COPY --chown=proxyuser app/script/tests-cb.sh ${HOME}/tests-cb.sh
+COPY app/script/tests-cb.sh ${HOME}/tests-cb.sh
-COPY --chown=proxyuser app/bin/lightning-cli_x86 ${HOME}/lightning-cli
+COPY app/bin/lightning-cli_x86 ${HOME}/lightning-cli
-USER ${USERNAME}
+#USER ${USERNAME}
 WORKDIR ${HOME}
 RUN chmod +x startproxy.sh requesthandler.sh lightning-cli \
- && chmod 600 watcher_btcnode_curlcfg.properties \
+# && chmod 600 watcher_btcnode_curlcfg.properties \
- && chmod 600 spender_btcnode_curlcfg.properties \
+# && chmod 600 spender_btcnode_curlcfg.properties \
- && chmod 600 config.properties \
+# && chmod 600 config.properties \
 && mkdir db
 VOLUME ["${HOME}/db", "${HOME}/.lightning"]
-ENTRYPOINT ["./startproxy.sh"]
+ENTRYPOINT ["su-exec"]
 #CMD ["./startproxy.sh"]
--- a/proxy_docker/README.md
+++ b/proxy_docker/README.md
@@ -2,14 +2,6 @@
 We assume you are the user pi on a Raspberry Pi.
 ## Create proxyuser that will run the processes
 Log in your host and:
 ```shell
 sudo useradd proxyuser
 ```
 ## Configure your container by modifying `env.properties` file
 ```properties
@@ -18,8 +10,8 @@ WATCHER_BTC_NODE_RPC_URL=btcnode:18332/wallet/watching01.dat
 SPENDER_BTC_NODE_RPC_URL=btcnode:18332/wallet/spending01.dat
 PROXY_LISTENING_PORT=8888
 # Variable substitutions don't work
-DB_PATH=/proxyuser/db
+DB_PATH=/proxy/db
-DB_FILE=/proxyuser/db/proxydb
+DB_FILE=/proxy/db/proxydb
 # Pycoin container
 PYCOIN_CONTAINER=pycoinnode:7777
 # OTS container
@@ -49,13 +41,13 @@ watchingnode.pruned=false
 ## Building docker image
 ```shell
-docker build -t btcproxyimg --build-arg USER_ID=$(id -u proxyuser) --build-arg GROUP_ID=$(id -g proxyuser) .
+docker build -t btcproxyimg .
 ```
 ## Create sqlite3 database path and give rights
 ```shell
-mkdir ~/btcproxydb ; sudo chown -R proxyuser:pi ~/btcproxydb ; sudo chmod g+ws ~/btcproxydb
+mkdir ~/btcproxydb ; sudo chown -R cyphernode:pi ~/btcproxydb ; sudo chmod g+ws ~/btcproxydb
 ```
 ## What you MUST have in your Watching Bitcoin node's bitcoin.conf file
--- a/proxy_docker/env.properties
+++ b/proxy_docker/env.properties
@@ -3,8 +3,8 @@ WATCHER_BTC_NODE_RPC_URL=btcnode:18332/wallet/watching01.dat
 SPENDER_BTC_NODE_RPC_URL=btcnode:18332/wallet/spending01.dat
 PROXY_LISTENING_PORT=8888
 # Variable substitutions don't work
-DB_PATH=/proxyuser/db
+DB_PATH=/proxy/db
-DB_FILE=/proxyuser/db/proxydb
+DB_FILE=/proxy/db/proxydb
 # Pycoin container
 PYCOIN_CONTAINER=pycoinnode:7777
 # OTS container
--- a/pycoin_docker/Dockerfile
+++ b/pycoin_docker/Dockerfile
@@ -1,31 +1,33 @@
 #FROM resin/raspberry-pi-alpine-python:3.6
 FROM python:3.6-alpine
-ARG USER_ID
+#ARG USER_ID
-ARG GROUP_ID
+#ARG GROUP_ID
-ENV USERNAME proxyuser
+#ENV USERNAME proxyuser
-ENV HOME /${USERNAME}
+ENV HOME /pycoin
-ENV USER_ID ${USER_ID:-1000}
+#ENV USER_ID ${USER_ID:-1000}
-ENV GROUP_ID ${GROUP_ID:-1000}
+#ENV GROUP_ID ${GROUP_ID:-1000}
-RUN addgroup -g ${GROUP_ID} ${USERNAME} \
+#RUN addgroup -g ${GROUP_ID} ${USERNAME} \
-    && adduser -u ${USER_ID} -G ${USERNAME} -D -s /bin/sh -h ${HOME} ${USERNAME}
+#    && adduser -u ${USER_ID} -G ${USERNAME} -D -s /bin/sh -h ${HOME} ${USERNAME}
-RUN apk add --update --no-cache git jq \
+RUN apk add --update --no-cache git jq su-exec \
 && pip install --no-cache-dir pycoin \
-&& cd \
+&& cd / \
 && git clone https://github.com/Kexkey/pycoin.git \
-&& cp -rf pycoin/pycoin/* /usr/local/lib/python3.6/site-packages/pycoin
+&& cp -rf pycoin/pycoin/* /usr/local/lib/python3.6/site-packages/pycoin \
 && rm -rf pycoin/*
-COPY --chown=proxyuser script/pycoin.sh ${HOME}/pycoin.sh
+COPY script/pycoin.sh ${HOME}/pycoin.sh
-COPY --chown=proxyuser script/requesthandler.sh ${HOME}/requesthandler.sh
+COPY script/requesthandler.sh ${HOME}/requesthandler.sh
-COPY --chown=proxyuser script/responsetoclient.sh ${HOME}/responsetoclient.sh
+COPY script/responsetoclient.sh ${HOME}/responsetoclient.sh
-COPY --chown=proxyuser script/startpycoin.sh ${HOME}/startpycoin.sh
+COPY script/startpycoin.sh ${HOME}/startpycoin.sh
-COPY --chown=proxyuser script/trace.sh ${HOME}/trace.sh
+COPY script/trace.sh ${HOME}/trace.sh
-USER ${USERNAME}
+#USER ${USERNAME}
 WORKDIR ${HOME}
 RUN chmod +x startpycoin.sh requesthandler.sh
-ENTRYPOINT ["./startpycoin.sh"]
+ENTRYPOINT ["su-exec"]
 #CMD ["./startpycoin.sh"]
--- a/pycoin_docker/README.md
+++ b/pycoin_docker/README.md
@@ -1,7 +1,7 @@
 # Build image
 ```shell
-docker build -t pycoinimg --build-arg USER_ID=$(id -u proxyuser) --build-arg GROUP_ID=$(id -g proxyuser) .
+docker build -t pycoinimg .
 ```
 # Usefull examples