You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
nolash b131ec9ff2
Bump clicada
6 months ago
aux Add explicit python3 to pylocation 7 months ago
keys Add readme, avoid forced gpg import (and trust) for main user gpg config 8 months ago
systemd Skip python plugin directive for uwsgi (doesn't work in ubuntu), explicit python3 7 months ago
var Add bloxberg systemd installer 8 months ago
DEPENDENCIES WIP bloxberg installer scripts 8 months ago
LICENSE WIP bloxberg installer scripts 8 months ago
README.md Add alternate settings topic to readme 7 months ago
requirements.txt Bump clicada 6 months ago
root_requirements.txt Bump clicada 6 months ago
setup.sh Bump clicada 6 months ago
setup_bloxberg.sh Add bloxberg systemd installer 8 months ago
setup_check.sh Add readme, avoid forced gpg import (and trust) for main user gpg config 8 months ago
setup_key.sh Add readme, avoid forced gpg import (and trust) for main user gpg config 8 months ago
setup_path.sh Add systemd initialization 8 months ago
setup_systemd.sh Add pylocation script 7 months ago

README.md

CIC STAFF CLIENT

Services installer temporarily for internal use by GE.

Dependencies

The os-level dependencies below must be met both at install and run time.

The version numbers are the version numbers used at implmentation time. It may very well work with earlier versions of the components, as long as they are not too old. An internet connection will be needed if the python dependencies cannot be resolved locally, either through a local repository or an existing package cache.

  • systemd (249)
  • gcc (11.1.0)
  • git (2.33.0)
  • python (>= 3.9)
  • pip (20.3.4)
  • sqlite (3.36.0)

For the optional bloxberg node build (INSTALL_EVM=bloxberg), additionally these dependencies must be met, aswell as a working internet connection:

  • rustup (1.24.3)
  • clang (12.0.1)
  • cmake (3.21.2)

Installation settings

The examples below assume working directory of the cic-staff-installer repository root.

cic-stack docker-compose cluster settings

To use against the cic-stack docker-compose local cluster:

export RPC_PROVIDER=http://localhost:63545
export CIC_ROOT_URL=file://`pwd`/var

If you want to select python packages from a specific repository only, also add:

export PIP_INDEX_URL=<url>
export PIP_EXTRA_INDEX_URL=<url>

Bloxberg

If you want to build the bloxberg mode executable (be warned, that's a long wait), add:

export INSTALL_EVM=bloxberg

If you wish, you can use an existing openethereum executable instead. Make sure <path_to_binary> --version shows 2.7.2, and then set:

export OPENETHEREUM_PATH=<path_to_binary>

Installation

To proceed with the installation, enter:

bash setup.sh

During the installation you will be prompted to enter your name, email and as password for the gnupg setup.

The gnupg key will both be used to authenticate using HTTP HOBA when necessary, aswell as encrypt local cached content.

Running the services

systemctl --user start cic-cache-tracker
systemctl --user start cic-cache-server

Verify that they are running

systemctl --user status cic-cache-tracker
systemctl --user status cic-cache-server

The bloxberg node, if installed, runs in the same manner:

systemctl --user start bloxberg
systemctl --user status bloxberg

Using clicada

It should now be possible to run clicada without any extra settings needed.

Please refer to the documentation on clicada for details on how to use the tool.

Files and directories

The installation produces a number of files in the user home directory, some of which may be edited directly to change behavior of the program.

All paths relative to $HOME

location description editable
.config/cic/cache/*.ini Configuration file(s) for the cic-cache-* services yes
.config/cic/cache/*.ini Configuration file(s) for the cic-cache-* services yes
.config/cic/clicada/*.ini Configuration file(s) for the clicada tool yes
.config/cic/staff-client/key_fingerprint gnupg key fingerprint for key used by clicada for authentication no
.config/cic/staff-client/user.asc gnupg public key used by cicada for authentication no
.config/cic/staff-client/.gnupg gnupg homedir used by cicada for authentication no
.config/systemd/user/cic-cache-*.service systemd user service definition file for cic-cache-* services yes, with systemctl --user edit <service>
.config/systemd/user/bloxberg.service systemd user service definition file for bloxberg yes, with systemctl --user edit <service>
.config/environment.d/01-cic-cache-*.conf environment variables for systemd user services yes
.local/share/cic/.gnupg gnupg homedir for holding trust keys for global cic configurations no
.local/share/cic/clicada/.secret A gnupg encrypted symmetric secret used to encrypt local cached content no
.local/share/io.parity.ethereum/bloxberg Bloxberg chain data no
.config/io.parity.ethereum/bloxberg Bloxberg configurations and chain data bootnode.toml and bootnode.txt only

Installing as a different user

You may want to create a dedicated user for the installation, so as to not pollute your regular user data directories.

Since the services are run using systemd, a simple su or sudo will not be sufficient in this case.

Perhaps the simplest solution is to launch a new login shell within the systemd vm using the following command:

machinectl login

Another alternative can be to open an ssh session.

Advanced topics

Changing the resource settings trusted key

The top-level settings for the applications are set from files in <repo_root>/var/cic-staff-client. These files are signed with PGP, and the trusted key(s) for signing are in <repo_root>/keys.

In order to define alternate settings, a different key must be imported and trusted, and this key must sign the new settings files.

The code below assumes the key with fingerprint F3FAF668E82EF5124D5187BAEF26F4682343F692:

echo "F3FAF668E82EF5124D5187BAEF26F4682343F692:6:" >> <repo_root>/keys/trust
gpg -a F3FAF668E82EF5124D5187BAEF26F4682343F692 --export  > <repo_root>/keys/F3FAF668E82EF5124D5187BAEF26F4682343F692.asc

Now the private key holder can ceate the same contents as in <repo_root>/var, e.g. to set CIC_REGISTRY_ADDRESS in <repo_root>/var/alt:

mkdir -vp var/alt/cic-staff-client
d=`mktemp -d`
echo -n 0xcf60ebc445b636a5ab787f9e8bc465a2a3ef8299 > $d/CIC_REGISTRY_ADDRESS
gpg -a -s -u F3FAF668E82EF5124D5187BAEF26F4682343F692 -o var/alt/cic-staff-client/CIC_REGISTRY_ADDRESS $d/CIC_REGISTRY_ADDRESS

Running the process again you would replace this:

export CIC_ROOT_URL=file://`pwd`/var/alt