Skip to content

Instantly share code, notes, and snippets.

@44uk

44uk/symbol-testnet-bootstrap-setup.sh

Last active August 24, 2020 23:57
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save 44uk/874a8380cff0dd7dd1e41ed3d8ff6f2e to your computer and use it in GitHub Desktop.
Save 44uk/874a8380cff0dd7dd1e41ed3d8ff6f2e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
symbol-testnet-bootstrap-setup.sh
#!/bin/bash
#
# curl -sL https://gist.githubusercontent.com/44uk/874a8380cff0dd7dd1e41ed3d8ff6f2e/raw/symbol-testnet-bootstrap-setup.sh | sudo bash
#
# for Ubuntu Server 18.04
# AWS EC2 の ステップ3: インスタンスの詳細の設定 高度な詳細 > ユーザーデータ に貼り付けることで、
# インスタンス起動時にsymbol-testnet-bootstrapのpeerノードのセットアップを行います。
#
# 次の作業を行います。
# * ノード動作用ユーザの作成
# * ssh接続ポートの変更
# * docker,docker-composeのインストール
# * symbol-testnet-bootstrapのdocker-composeをサービス化
# * 任意のfriendly_nameを設定(変数に値を入れてください)
# * 任意のhostを設定(変数に値を入れてください)
#
# セキュリティグループでは次のポートを公開してください。
# * 7900 peerノード間の通信用
# * 7901
# * 7902 ブローカーノード間の通信用(API起動時)
# * 3000 ゲートウェイの通信用(API起動時)
# * 50022 sshd (変数で任意に変更可)
BOOTSTRAP_TAG=0.9.6.4-beta1
DOCKER_COMPOSE_VER=1.26.2
ASSEMBLY=api-harvest # peer, api, api-harvest
FRIENDLY_NAME=
NODE_HOST=
USE_HTTPS=
FQDN=
AUDIT=
USER=symbol
PSWD=symbol # 変更を推奨
SSHD_PORT=50022
# -------------------------------------------------------------
[ "$ASSEMBLY" = "peer" ] && ROLE=peer || ROLE=api
USER_HOME=/home/$USER
BOOTSTRAP_HOME=$USER_HOME/symbol-testnet-bootstrap
ASSEMBLY_HOME=$BOOTSTRAP_HOME/$ASSEMBLY-assembly
RESOURCES_HOME=$ROLE-node/userconfig/resources
# Create Swap 2GB
dd if=/dev/zero of=/swapfile bs=128M count=16
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
swapon -s
echo '/swapfile swap swap defaults 0 0' >> /etc/fstab
# 不必要なパッケージを削除
apt-get remove --purge -y \
byobu \
nano \
screen \
telnet
# パッケージを最新へアップデート
apt-get update -y && apt-get upgrade -y
# Install packages
apt-get install -y git fail2ban
# Install docker
apt-get install -y apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
apt-get update -y && apt-get install -y docker-ce
# Install docker-compose
curl -L https://github.com/docker/compose/releases/download/$DOCKER_COMPOSE_VER/docker-compose-$(uname -s)-$(uname -m) -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
# sshdの接続ポート変更
/bin/sed -i.bak -e "s/^#Port 22$/Port $SSHD_PORT/" /etc/ssh/sshd_config
systemctl restart sshd
# Configure firewall
ufw --force enable
ufw default DENY
ufw allow $SSHD_PORT
ufw reload
# ノード用ユーザ作成
adduser --disabled-password --gecos "" "$USER"
echo "$USER:$PSWD" | chpasswd
# Configure docker
usermod -a -G docker "$USER"
## Set dockremap
echo '{"userns-remap":"default","log-driver":"json-file","log-opts":{"max-size":"100m","max-file":"3"}}' > /etc/docker/daemon.json
systemctl restart docker
sed -Ei.bak "/dockremap:/,/:/ s/[0-9]+/$(id -u $USER)/" /etc/subuid
sed -Ei.bak "/dockremap:/,/:/ s/[0-9]+/$(id -g $USER)/" /etc/subgid
systemctl restart docker
# Move to user home
cd $USER_HOME
# Clone symbol-testnet-bootstrap
git clone https://github.com/nemgrouplimited/symbol-testnet-bootstrap.git --depth 1 -b $BOOTSTRAP_TAG
chown -R $USER: symbol-testnet-bootstrap
cd $ASSEMBLY_HOME
# HACK: use 0.9.6.4 escape issue https://github.com/nemtech/catapult-server/issues/81 # Download symbol-testnet-bootstrap
sed -i.bak '/catapult-server:gcc/ s/0.9.6.3/0.9.6.4/g' ./docker-compose.yaml
if [ "$USE_HTTPS" = "on" ] && [ "$FDQN" ]; then
# Add https-portal container
cat << __EOD__ >> ./docker-compose.yaml
https-portal:
image: steveltn/https-portal:1
ports:
- "80:80"
- "3001:443"
restart: always
environment:
WEBSOCKET: 'true'
DOMAINS: '$FDQN -> http://rest-gateway:3000'
STAGE: production
# DOMAINS: 'symbol.local -> http://rest-gateway:3000'
# STAGE: local
volumes:
- ./ssl-certs:/var/lib/https-portal:rw
depends_on:
- rest-gateway
__EOD__
fi
# 設定ファイルを修正するために、起動前に生成
sudo -u $USER docker-compose -f docker-compose.yaml up --build update_configs
if [ -n "$FRIENDLY_NAME" ]; then
sed -i.bak "/friendly_name:/ s/: [0-9a-z]\{8\}/: $FRIENDLY_NAME/" ../identity/config-input.yaml
fi
if [ -n "$NODE_HOST" ]; then
sed -i.bak "/^host/ s/$/$NODE_HOST/" $RESOURCES_HOME/config-node.properties.template
fi
if [ "$AUDIT" = "ON" ]; then
sed -i.bak "s/enableDispatcherInputAuditing = false/enableDispatcherInputAuditing = true/" $RESOURCES_HOME/config-node.properties.template
fi
# 設定ファイルの適用
sudo -u $USER docker-compose -f docker-compose.yaml up --build update_configs
# symbol.service
cat << __EOD__ > /etc/systemd/system/symbol.service
[Unit]
Description=Symbol Bootstrap Service Daemon
After=docker.service
[Service]
Type=simple
User=$USER
WorkingDirectory=$ASSEMBLY_HOME
Environment=COMPOSE_FILE=$ASSEMBLY_HOME/docker-compose.yaml
ExecStartPre=/usr/local/bin/docker-compose -f \$COMPOSE_FILE rm -v -f
ExecStartPre=/usr/local/bin/docker-compose -f \$COMPOSE_FILE down
ExecStart=/usr/local/bin/docker-compose -f \$COMPOSE_FILE up --build
ExecStop=/usr/local/bin/docker-compose -f \$COMPOSE_FILE stop
ExecStopPost=/usr/local/bin/docker-compose -f \$COMPOSE_FILE rm -v -f
ExecStopPost=/usr/local/bin/docker-compose -f \$COMPOSE_FILE down
ExecReload=/usr/local/bin/docker-compose -f \$COMPOSE_FILE restart
Restart=always
RestartSec=60s
[Install]
WantedBy=multi-user.target
__EOD__
# ブートストラップの常時起動設定とサービスの開始
systemctl daemon-reload
systemctl enable symbol && systemctl start symbol
apt-get clean -y && apt-get autoremove -y
dpkg -l 'linux-image-*' | sed '/^ii/!d;/'"$(uname -r | sed "s/\(.*\)-\([^0-9]\+\)/\1/")"'/d;s/^[^ ]* [^ ]* \([^ ]*\).*/\1/;/[0-9]/!d' | xargs sudo apt-get -y purge
update-grub
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment