Unverified Commit f9f47540 authored by Chevdor's avatar Chevdor Committed by GitHub
Browse files

staking-miner: docker images (#3682)

* staking-miner: docker image

* renaming

* add doc

* fix readme

* remove the creation of home for the polkadot user

* new builder image for the staking-miner

* remove mentions of the polkadot binary and add env

* foc: fix doc

* fix typos and dictionnary

* doc + sync up the 2 images

* doc: fine tuning the doc

* doc: security warning
parent 84a3962e
Pipeline #155858 passed with stages
in 44 minutes and 51 seconds
......@@ -6,7 +6,7 @@ description = "Polkadot Relay-chain Client Node"
edition = "2018"
[package.metadata.wasm-pack.profile.release]
# `wasm-opt` has some problems on linux, see
# `wasm-opt` has some problems on Linux, see
# https://github.com/rustwasm/wasm-pack/issues/781 etc.
wasm-opt = false
......@@ -46,7 +46,7 @@ cli = [
"frame-benchmarking-cli",
"try-runtime-cli",
"polkadot-node-core-pvf",
# memory stats require jemalloc, which we know is enabled for linux
# memory stats require jemalloc, which we know is enabled for Linux
# but not present on wasm or windows
# https://github.com/paritytech/parity-common/blob/master/parity-util-mem/src/allocators.rs#L9-L34
# Once
......
# Self built Docker image
The Polkadot repo contains several options to build Docker images for Polkadot.
This folder contains a self-contained image that does not require a Linux pre-built binary.
Instead, building the image is possible on any host having docker installed and will
build Polkadot inside Docker. That also means that no Rust toolchain is required on the host
machine for the build to succeed.
FROM paritytech/ci-linux:production as builder
# metadata
ARG VCS_REF
ARG BUILD_DATE
ARG IMAGE_NAME="staking-miner"
ARG PROFILE=release
LABEL description="This is the build stage. Here we create the binary."
WORKDIR /app
COPY . /app
RUN cargo build --locked --$PROFILE --package staking-miner
# ===== SECOND STAGE ======
FROM debian:buster-slim
LABEL description="This is the 2nd stage: a very small image where we copy the binary."
LABEL io.parity.image.authors="devops-team@parity.io" \
io.parity.image.vendor="Parity Technologies" \
io.parity.image.title="${IMAGE_NAME}" \
io.parity.image.description="staking-miner for substrate based chains" \
io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/docker/staking-miner/staking_miner-builder.Dockerfile" \
io.parity.image.revision="${VCS_REF}" \
io.parity.image.created="${BUILD_DATE}" \
io.parity.image.documentation="https://github.com/paritytech/polkadot/"
ARG PROFILE=release
COPY --from=builder /app/target/$PROFILE/staking-miner /usr/local/bin
RUN useradd -u 1000 -U -s /bin/sh miner && \
rm -rf /usr/bin /usr/sbin
# show backtraces
ENV RUST_BACKTRACE 1
USER miner
ENV SEED=""
ENV URI="wss://rpc.polkadot.io"
ENV RUST_LOG="info"
# check if the binary works in this container
RUN /usr/local/bin/staking-miner --version
ENTRYPOINT [ "/usr/local/bin/staking-miner"]
FROM debian:buster-slim
# metadata
ARG VCS_REF
ARG BUILD_DATE
ARG IMAGE_NAME="staking-miner"
LABEL io.parity.image.authors="devops-team@parity.io" \
io.parity.image.vendor="Parity Technologies" \
io.parity.image.title="${IMAGE_NAME}" \
io.parity.image.description="staking-miner for substrate based chains" \
io.parity.image.source="https://github.com/paritytech/polkadot/blob/${VCS_REF}/scripts/docker/staking-miner/staking_miner-injected.Dockerfile" \
io.parity.image.revision="${VCS_REF}" \
io.parity.image.created="${BUILD_DATE}" \
io.parity.image.documentation="https://github.com/paritytech/polkadot/"
# show backtraces
ENV RUST_BACKTRACE 1
# install tools and dependencies
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \
libssl1.1 \
ca-certificates && \
apt-get autoremove -y && \
apt-get clean && \
find /var/lib/apt/lists/ -type f -not -name lock -delete; \
useradd -u 1000 -U -s /bin/sh miner
# add binary to docker image
COPY ./staking-miner /usr/local/bin
USER miner
ENV SEED=""
ENV URI="wss://rpc.polkadot.io"
ENV RUST_LOG="info"
# check if the binary works in this container
RUN /usr/local/bin/staking-miner --version
ENTRYPOINT [ "/usr/local/bin/staking-miner" ]
......@@ -155,6 +155,7 @@ natively
NFA
NFT/SM
nonces
NPoS
no_std
NTB
offboard/DMSG
......
# Staking Miner
Substrate chains validators compute a basic solution for the NPoS election. The optimization of the solution is computing-intensive and can be delegated to the `staking-miner`. The `staking-miner` does not act as validator and focuses solely on the optimization of the solution.
The staking miner connects to a specified chain and keeps listening to new Signed phase of the [pallet-election-provider-multi-phase](https://crates.parity.io/pallet_election_provider_multi_phase/index.html) in order to submit solutions to the NPoS election. When the correct time comes, it computes its solution and submit it to the chain.
The default miner algorithm is [sequential-phragmen](https://crates.parity.io/sp_npos_elections/phragmen/fn.seq_phragmen_core.html)] with a configurable number of balancing iterations that improve the score.
Running the staking-miner requires passing the seed of a funded account in order to pay the fees for the transactions that will be sent. The same account's balance is used to reserve deposits as well. The best solution in each round is rewarded. All correct solutions will get their bond back. Any invalid solution will lose their bond.
You can check the help with:
```
staking-miner --help
```
## Building
You can build from the root of the Polkadot repository using:
```
cargo build --release --locked --package staking-miner
```
## Docker
There are 2 options to build a staking-miner Docker image:
- injected binary: the binary is first built on a Linux host and then injected into a Docker base image. This method only works if you have a Linux host or access to a pre-built binary from a Linux host.
- multi-stage: the binary is entirely built within the multi-stage Docker image. There is no requirement on the host in terms of OS and the host does not even need to have any Rust toolchain installed.
### Building the injected image
First build the binary as documented [above](#building).
You may then inject the binary into a Docker base image usingfrom the root of the Polkadot repository:
```
docker build -t staking-miner -f scripts/docker/staking-miner/staking_miner-injected.Dockerfile target/release
```
### Building the multi-stage image
Unlike the injected image that requires a Linux pre-built binary, this option does not requires a Linux host, nor Rust to be installed.
The trade-off however is that it takes a little longer to build and this option is less ideal for CI tasks.
You may build the multi-stage image the root of the Polkadot repository with:
```
docker build -t staking-miner -f scripts/docker/staking-miner/staking_miner-builder.Dockerfile .
```
### Running
A Docker container, especially one holding one of your `SEED` should be kept as secure as possible.
While it won't prevent a malicious actor to read your `SEED` if they gain access to your container, it is nonetheless recommended running this container in `read-only` mode:
```
# The following line starts with an extra space on purpose:
SEED=0x1234...
docker run --rm -it \
--name staking-miner \
--read-only \
-e RUST_LOG=info \
-e SEED=$SEED \
-e URI=wss://your-node:9944 \
staking-miner dry-run
```
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment