Merge pull request #3315 from input-output-hk/devops-978-demo-cluster…

…-client-cert-disabled

[DEVOPS-978] Add option to demo cluster to disable client auth

default.nix

@@ -159,6 +159,7 @@ let
   other = rec {
     validateJson = pkgs.callPackage ./tools/src/validate-json {};
     demoCluster = pkgs.callPackage ./scripts/launch/demo-cluster { inherit gitrev; };
+    demoClusterDaedalusDev = pkgs.callPackage ./scripts/launch/demo-cluster { inherit gitrev; disableClientAuth = true; numImportedWallets = 0; };
     shellcheckTests = pkgs.callPackage ./scripts/test/shellcheck.nix { src = ./.; };
     swaggerSchemaValidation = pkgs.callPackage ./scripts/test/wallet/swaggerSchemaValidation.nix { inherit gitrev; };
     walletIntegrationTests = pkgs.callPackage ./scripts/test/wallet/integration { inherit gitrev; };

docs/how-to/demo-cluster.md

@@ -0,0 +1,12 @@
+# How to launch a local demo cluster with nix
+
+1. Make sure nix is installed and IOHK binary cache is configured [nix setup] (https://github.com/input-output-hk/cardano-sl/blob/develop/docs/how-to/build-cardano-sl-and-daedalus-from-source-code.md#nix-build-mode-recommended)
+2. To generate a script that will launch the demo cluster run `nix-build -A demoCluster -o launch_demo_cluster`
+3. To generate a script that will launch demo cluster suitable for Daedalus development, run `nix-build -A demoClusterDaedalusDev -o launch_demo_cluster`
+4. To launch cluster, run `./launch_demo_cluster`
+5. To stop, hit `ctrl-c` and it will terminate all the nodes.
+6. A `state-demo` state folder will be automatically created relative to your current
+   working directory.
+  * Logs will be found in `state-demo/logs`
+  * TLS certs/keys will be found in `state-demo/tls`
+  * 11 genesis wallets will be pre-loaded with 37 million Ada each

scripts/README.md

@@ -13,6 +13,7 @@ mode, it will run in `dev` mode as well, and if you built it in `prod` mode, it
 ## Launch
 
 * `launch/demo.sh` - run nodes in `tmux`-session (3 nodes by default).
+* `launch/demo-nix.sh` - run demo cluster using nix with 4 core nodes, 1 relay, 1 wallet in background
 * `launch/demo-with-wallet-api.sh` - run nodes in `tmux`-session, with enabled wallet web API (3 nodes by default).
 * `launch/kill-demo.sh` - kill `tmux`-session with running nodes.
 * `launch/testnet-{public,staging}.sh` - connect one node to the cluster (testnet or testnet staging

scripts/launch/connect-to-cluster/default.nix

@@ -99,7 +99,7 @@ in pkgs.writeScript "${executable}-connect-to-${environment}" ''
   fi
   ''}
 
-  ${executables.${executable}}                                     \
+  exec ${executables.${executable}}                                     \
     --configuration-file ${configFiles}/lib/configuration.yaml \
     --configuration-key ${environments.${environment}.confKey}     \
     ${ ifWallet "--tlscert ${stateDir}/tls/server/server.crt"}     \

scripts/launch/demo-cluster/default.nix

@@ -5,13 +5,15 @@
 , runExplorer ? false
 , numCoreNodes ? 4
 , numRelayNodes ? 1
+, numImportedWallets ? 11
 , assetLockAddresses ? []
 , system ? builtins.currentSystem
 , pkgs ? import localLib.fetchNixPkgs { inherit system config; }
 , gitrev ? localLib.commitIdFromGitRepo ./../../../.git
 , ghcRuntimeArgs ? "-N2 -qg -A1m -I0 -T"
 , additionalNodeArgs ? ""
 , keepAlive ? true
+, disableClientAuth ? false
 }:
 
 with localLib;
@@ -26,10 +28,11 @@ let
   };
   demoClusterDeps = with pkgs; (with iohkPkgs; [ jq coreutils pkgs.curl gnused openssl cardano-sl-tools cardano-sl-wallet-new cardano-sl-node-static ]);
   walletConfig = {
-    inherit stateDir;
+    inherit stateDir disableClientAuth;
     topologyFile = walletTopologyFile;
+    environment = "demo";
   };
-  demoWallet = pkgs.callPackage ./../connect-to-cluster ({ inherit gitrev; debug = false; environment = "demo"; } // walletConfig);
+  demoWallet = pkgs.callPackage ./../connect-to-cluster ({ inherit gitrev; } // walletConfig);
   ifWallet = localLib.optionalString (runWallet);
   ifKeepAlive = localLib.optionalString (keepAlive);
   iohkPkgs = import ./../../.. { inherit config system pkgs gitrev; };
@@ -137,19 +140,22 @@ in pkgs.writeScript "demo-cluster" ''
   done
   echo Blockchain Synced: $PERC%
   # import keys
-  echo "Importing poor HD keys/wallet..."
 
-  for i in {0..11}
-  do
-      echo "Importing key$i.sk ..."
-      curl https://localhost:8090/api/wallets/keys \
-      --cacert ${stateDir}/tls/client/ca.crt \
-      --cert ${stateDir}/tls/client/client.pem \
-      -X POST \
-      -H 'cache-control: no-cache' \
-      -H 'content-type: application/json' \
-      -d "\"${stateDir}/genesis-keys/generated-keys/poor/key$i.sk\"" | jq .
-  done
+  if [ ${builtins.toString numImportedWallets} -gt 0 ]
+  then
+    echo "Importing ${builtins.toString numImportedWallets} poor HD keys/wallet..."
+    for i in {0..${builtins.toString numImportedWallets}}
+    do
+        echo "Importing key$i.sk ..."
+        curl https://localhost:8090/api/wallets/keys \
+        --cacert ${stateDir}/tls/client/ca.crt \
+        --cert ${stateDir}/tls/client/client.pem \
+        -X POST \
+        -H 'cache-control: no-cache' \
+        -H 'content-type: application/json' \
+        -d "\"${stateDir}/genesis-keys/generated-keys/poor/key$i.sk\"" | jq .
+    done
+  fi
   ${ifKeepAlive ''
     sleep infinity
   ''}

scripts/launch/demo-nix.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+
+if ! [ -x "$(command -v nix-build)" ]; then
+  echo 'Error: nix is not installed.' >&2
+  # shellcheck disable=SC2016
+  echo 'Run `curl https://nixos.org/nix/install | sh` and re-run this script' >&2
+  exit 1
+fi
+
+GITREV=$(git rev-parse HEAD)
+
+nix-build -A demoClusterDaedalusDev --argstr gitrev "$GITREV" -o "launch_$GITREV"
+exec ./launch_"$GITREV"