Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docker/sapphire: Include Envoy proxy #626

Merged
merged 1 commit into from
Oct 3, 2024
Merged

docker/sapphire: Include Envoy proxy #626

merged 1 commit into from
Oct 3, 2024

Conversation

ptrus
Copy link
Member

@ptrus ptrus commented Sep 26, 2024

Fixes: #423

Envoy proxy is now included which exposes the clients node internal.sock on port 8544 (by default). Envoy is used because it also supports grpc-web, which might be useful/needed when testing any dapps.

@ptrus ptrus requested a review from kostko as a code owner September 26, 2024 17:01
@ptrus ptrus requested a review from matevz September 26, 2024 17:02
matevz
matevz reviewed Sep 27, 2024
View reviewed changes
Copy link
Member

@matevz matevz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you also please add envoy support to emerald-localnet.

docker/common/start.sh Outdated Show resolved Hide resolved
docker/common/start.sh Show resolved Hide resolved
docker/sapphire-localnet/Dockerfile Outdated Show resolved Hide resolved
@ptrus ptrus requested a review from matevz September 27, 2024 09:26
@ptrus ptrus force-pushed the ptrus/feature/envoy-docker branch 4 times, most recently from ed82904 to 8df5cd9 Compare September 27, 2024 09:46
matevz
matevz reviewed Sep 27, 2024
View reviewed changes
Copy link
Member

@matevz matevz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried testing it locally with the Oasis CLI, but it seems a TLS connection is required. Do you think we could simply use a self-signed cert?

oasis net add localnet a41bd4bc75f31e68ceb1e8543f1a08ca54069b155f980bdf0316ec16ed194772 localhost:8544
oasis net status --network localnet
Error: failed to retrieve remote node's chain context: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: first record does not look like a TLS handshake"

README.md Show resolved Hide resolved
docker/common/start.sh Outdated Show resolved Hide resolved
docker/common/start.sh Outdated Show resolved Hide resolved
docker/common/start.sh Show resolved Hide resolved
docker/emerald-localnet/Dockerfile Outdated Show resolved Hide resolved
docker/sapphire-localnet/Dockerfile Outdated Show resolved Hide resolved
@ptrus
Copy link
Member Author

ptrus commented Sep 28, 2024

I tried testing it locally with the Oasis CLI, but it seems a TLS connection is required. Do you think we could simply use a self-signed cert?

Added. The GRPC port now supports both TLS with self-signed certs and unsecured traffic as well.

oasis net add localnet 761298f959ad9f7fd8f832cb62fa0c15c2ba9a112a27fabfcb6bd6fca6d47843 localhost:8544
? Description: just testing
? Denomination symbol: TEST
? Denomination decimal places: 9

@matevz
Copy link
Member

matevz commented Sep 30, 2024

Oasis CLI is still not entirely satisfied ;)

$ oasis net add localnet 0b91b8e4e44b2003a7c5e23ddadb5e14ef5345c0ebcb3ddcae07fa2f244cab76 localhost:8544
? Description: 
? Denomination symbol: TEST
? Denomination decimal places: 9
$ oasis net status --network localnet
Error: failed to retrieve remote node's chain context: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead"

@ptrus
Copy link
Member Author

ptrus commented Sep 30, 2024

Fixed, but it turns out that the oasis-cli doesn't allow self-signed certs

oasis net status --network localnet_test
Error: failed to retrieve remote node's chain context: rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate signed by unknown authority"

IMO this should be fixed this in the CLI so that it supports untrusted connection for localhost (or via a flag).

This was referenced Oct 1, 2024
Merged
Merged
@ptrus ptrus force-pushed the ptrus/feature/envoy-docker branch from 3679404 to fa7b464 Compare October 2, 2024 09:52
@ptrus ptrus force-pushed the ptrus/feature/envoy-docker branch from fa7b464 to 08e8d1e Compare October 2, 2024 09:53
@ptrus
Copy link
Member Author

ptrus commented Oct 2, 2024

Removed TLS support as discused. oasis-cli and oasis-node will start working once the new releases will be made and binaries will be updated. I suggest we merge this PR, not blocking on that.

@ptrus ptrus requested a review from matevz October 2, 2024 09:54
matevz
matevz approved these changes Oct 2, 2024
View reviewed changes
Copy link
Member

@matevz matevz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tested this with the fork of Oasis CLI using oasisprotocol/oasis-sdk#2013 and works. Good job!

@ptrus ptrus merged commit bad082f into main Oct 3, 2024
6 checks passed
@ptrus ptrus deleted the ptrus/feature/envoy-docker branch October 3, 2024 08:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@matevz matevz matevz approved these changes

@kostko kostko Awaiting requested review from kostko kostko is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

sapphire-localnet: expose internal.sock
2 participants
@ptrus @matevz