EVM Rollup + DAL Nodes support (#579)

* introduce smart rollups statefulsets * ensure it starts * fix rpc endpoint * add bootstrap param injection * add an empty boot sector for now * put bootstrap rollup params that work in values.yaml example * fix example * remove leftover signer code * add rollup ingress * set path type properly * make rollup node listen on 0.0.0.0 * use debug container, pass boot sector of evm rollup * use debug image in chain initiator to inject wasm * make debug image work * put hex of kernel in activation * add debug statements * fix typo * fix enumerate * revert config gen changes as the rollup is not in utils container * add a function to replace file with its content in hex * remove sleep * add evm proxy * add evm proxy script * add "run" to evm-proxy cmd * add evm proxy service * add ingress for evm proxy * add comment to chain-initiator * add persistent data dir for rollup node * support several evm rollups * fix path type for nginx * DAL initial * add service ports * new syntax for evm proxy * fix ports, remove wrong DAL vars * DAL permissions fix * DAL: use unsafe SRS in config-init * dal node new syntax * add ability for the baker to pick a DAL node * remove debug container workaround - evm rollup is now in main container * new EVM rollup model: installer kernel + small files * remove usafe srs param * fix xxd command * fix xxd in activation script as well * set -e: fail activation when a command fails * support for bootstrap profile in DAL * fix newlines in dal script * switch to --mode dev on evm proxy * switch to universal smart rollup node (instead of proto-dependent) * ensure you can add annotations to your evm proxy and evm node * proper match for annotation * add option to pass public IP to dal nodes * add ability to pass attester profiles to DAL node * dal: add ability to specify peer * new evm proxy CLI * actually mondaynet doesn't have evm rollup * remove --mode dev for evm proxy * put evm proxy in dev mode again * replace `--version dev` with `--devmode` * fix disappearing ingress issue * DAL update to 50Gi * DAL comments * optional hardcoded identity for DAL nodes * add ability to set storage size of dal nodes in values.yaml * remove tmp changes * fix tests
oxheadalpha · Dec 10, 2023 · dbc851c · dbc851c
1 parent 6aea0dc
commit dbc851c
Show file tree

Hide file tree

Showing 13 changed files with 716 additions and 5 deletions.
diff --git a/charts/tezos/scripts/baker.sh b/charts/tezos/scripts/baker.sh
@@ -42,6 +42,10 @@ if [ -f /etc/tezos/baker-config/${my_baker_account}_operations_pool ]; then
   extra_args="${extra_args} --operations-pool $(cat /etc/tezos/baker-config/${my_baker_account}_operations_pool)"
 fi
 
+if [ -f /etc/tezos/baker-config/${my_baker_account}_dal_node ]; then
+  extra_args="${extra_args} --dal-node $(cat /etc/tezos/baker-config/${my_baker_account}_dal_node)"
+fi
+
 CLIENT="$TEZ_BIN/octez-client -d $CLIENT_DIR"
 CMD="$TEZ_BIN/octez-baker-$proto_command -d $CLIENT_DIR"
 

diff --git a/charts/tezos/scripts/chain-initiator.sh b/charts/tezos/scripts/chain-initiator.sh
@@ -1,17 +1,93 @@
+set -e
 CLIENT="/usr/local/bin/octez-client --endpoint http://tezos-node-rpc:8732"
 
 OUTPUT=""
 until OUTPUT=$($CLIENT rpc get /chains/main/blocks/head/header) && echo "$OUTPUT" | grep '"level":'; do
     sleep 2
 done
 
-set -x
 set -o pipefail
 if ! echo "$OUTPUT" | grep '"level": 0,'; then
     echo "Chain already activated, considering activation successful and exiting"
     exit 0
 fi
 
+# Substitute #fromfile with the hex encoded files in question.
+# This is for bootstrapped smart rollups.
+
+# Note that this is low-level string substitution with `read`
+# Due to the size of the hex-encoded kernel, using `sed` was not possible.
+
+PARAMETERS_FILE='/etc/tezos/parameters.json'
+TMP_PARAMETERS_FILE='/etc/tezos/tmp_parameters.json'
+
+# Pattern to search for
+pattern='fromfile#'
+
+# Buffer for characters
+buffer=''
+
+# Whether 'fromfile#' was detected
+detected_fromfile=false
+
+# Process each character
+while IFS= read -r -n1 char
+do
+  # Add the character to the buffer
+  buffer=$(printf "%s%s" "$buffer" "$char")
+
+  # If the buffer ends with the pattern
+  if [ "${buffer%"$pattern"}" != "$buffer" ]
+  then
+    detected_fromfile=true
+
+    # Clear the buffer
+    buffer=''
+
+    # Read the filename
+    filename=''
+    while IFS= read -r -n1 char && [ "$char" != '"' ]
+    do
+      filename=$(printf "%s%s" "$filename" "$char")
+    done
+
+    echo "Found kernel file: $filename"
+
+    # Check if file exists
+    if [ ! -f "$filename" ]; then
+      echo "Kernel file $filename not found!"
+      exit 1
+    fi
+
+    # Convert the file content to hex and append to the temp file
+    xxd -p -c 0 "$filename" | tr -d '\n' >> $TMP_PARAMETERS_FILE
+
+    # Add a closing double quote
+    printf '"' >> $TMP_PARAMETERS_FILE
+  elif [ ${#buffer} -ge ${#pattern} ]
+  then
+    # Write the oldest character in the buffer to the temporary file
+    printf "%s" "${buffer%"${buffer#?}"}" >> $TMP_PARAMETERS_FILE
+
+    # Remove the oldest character from the buffer
+    buffer=${buffer#?}
+  fi
+done < "$PARAMETERS_FILE"
+
+# If there's anything left in the buffer, write it to the file
+if [ -n "$buffer" ]
+then
+  printf "%s" "$buffer" >> $TMP_PARAMETERS_FILE
+fi
+
+# Replace the original parameters.json file with the modified one only if 'fromfile#' was detected
+if $detected_fromfile; then
+  mv $TMP_PARAMETERS_FILE $PARAMETERS_FILE
+  echo "Updated JSON saved in '$PARAMETERS_FILE'"
+else
+  rm -f $TMP_PARAMETERS_FILE
+  echo "No 'fromfile#' detected in '$PARAMETERS_FILE', no changes made."
+fi
 echo Activating chain:
 $CLIENT -d /var/tezos/client --block                                    \
         genesis activate protocol                                       \

diff --git a/charts/tezos/scripts/dal-node.sh b/charts/tezos/scripts/dal-node.sh
@@ -0,0 +1,35 @@
+set -ex
+
+TEZ_VAR=/var/tezos
+TEZ_BIN=/usr/local/bin
+DAL_DATA_DIR="$TEZ_VAR/dal"
+
+mkdir -p ${DAL_DATA_DIR}
+
+extra_args=""
+if [ "${BOOTSTRAP_PROFILE}" == "true" ]; then
+  extra_args="--bootstrap-profile"
+fi
+if [ "${ATTESTER_PROFILES}" != "" ]; then
+  extra_args="${extra_args} --attester-profiles ${ATTESTER_PROFILES}"
+fi
+if [ "${PEER}" != "" ]; then
+  extra_args="${extra_args} --peer ${PEER}"
+fi
+if [ "${PUBLIC_ADDR}" != "" ]; then
+  extra_args="${extra_args} --public-addr ${PUBLIC_ADDR}"
+fi
+# populate identity, if provided
+if [ -n "$IDENTITY_JSON" ]; then
+    identity_path=/var/tezos/dal/identity.json
+    printf "Found persistent identity, writing to $identity_path"
+    echo "$IDENTITY_JSON" >  $identity_path
+fi
+#
+
+CMD="$TEZ_BIN/octez-dal-node run ${extra_args} --data-dir ${DAL_DATA_DIR} \
+  --endpoint http://tezos-node-rpc:8732 \
+  --net-addr 0.0.0.0:11732 \
+  --rpc-addr 0.0.0.0:10732"
+
+exec $CMD
diff --git a/charts/tezos/scripts/evm-proxy.sh b/charts/tezos/scripts/evm-proxy.sh
@@ -0,0 +1,10 @@
+set -ex
+
+TEZ_BIN=/usr/local/bin
+
+CMD="$TEZ_BIN/octez-evm-node run proxy \
+  with endpoint http://rollup-${MY_POD_NAME}:8932 \
+  --devmode \
+  --rpc-addr 0.0.0.0"
+
+exec $CMD
diff --git a/charts/tezos/scripts/smart-rollup-node.sh b/charts/tezos/scripts/smart-rollup-node.sh
@@ -0,0 +1,20 @@
+set -ex
+
+TEZ_VAR=/var/tezos
+TEZ_BIN=/usr/local/bin
+CLIENT_DIR="$TEZ_VAR/client"
+ROLLUP_DATA_DIR="$TEZ_VAR/rollup"
+ROLLUP_DATA_DIR_PREIMAGES="$ROLLUP_DATA_DIR/wasm_2_0_0"
+
+xxd -p -c 0 /usr/local/share/tezos/evm_kernel/evm_installer.wasm | tr -d '\n' > /var/tezos/smart-rollup-boot-sector
+mkdir -p "$ROLLUP_DATA_DIR_PREIMAGES"
+cp /usr/local/share/tezos/evm_kernel/* "$ROLLUP_DATA_DIR_PREIMAGES"
+CMD="$TEZ_BIN/octez-smart-rollup-node \
+  --endpoint http://tezos-node-rpc:8732 \
+  -d $CLIENT_DIR \
+  run operator for ${ROLLUP_ADDRESS} with operators ${OPERATOR_ACCOUNT} \
+  --data-dir ${ROLLUP_DATA_DIR} \
+  --boot-sector-file /var/tezos/smart-rollup-boot-sector \
+  --rpc-addr 0.0.0.0"
+
+exec $CMD
diff --git a/charts/tezos/templates/configs.yaml b/charts/tezos/templates/configs.yaml
@@ -59,6 +59,8 @@ data:
     {{- $_ := set $tacoinfraSigners $signerName (pick $signerConfig "accounts") }}
 {{- end }}
 {{ $tacoinfraSigners | default dict | mustToPrettyJson | indent 4 }}
+  OCTEZ_ROLLUP_NODES: |
+{{ $.Values.smartRollupNodes | default dict | mustToPrettyJson | indent 4 }}
 
 ---
 
@@ -94,6 +96,9 @@ data:
   {{- if $account.operations_pool }}
     {{ $accountName }}_operations_pool: {{ $account.operations_pool | quote }}
   {{- end }}
+  {{- if $account.dal_node }}
+    {{ $accountName }}_dal_node: {{ $account.dal_node | quote }}
+  {{- end }}
 {{- end }}
 kind: ConfigMap
 metadata:

diff --git a/charts/tezos/templates/octez-dal-node.yaml b/charts/tezos/templates/octez-dal-node.yaml
@@ -0,0 +1,135 @@
+{{- range $k, $v := .Values.dalNodes }}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: dal-{{ $k }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  type: NodePort
+  ports:
+    - port: 10732
+      name: rpc
+    - port: 11732
+      name: p2p
+  selector:
+    app: dal-{{ $k }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: dal-{{ $k }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  podManagementPolicy: Parallel
+  replicas: 1
+  serviceName: dal-{{ $k }}
+  selector:
+    matchLabels:
+      app: dal-{{ $k }}
+  template:
+    metadata:
+      labels:
+        app: dal-{{ $k }}
+    spec:
+      containers:
+      - name: octez-dal-node
+        image: "{{ $.Values.images.octez }}"
+        imagePullPolicy: IfNotPresent
+        ports:
+        - containerPort: 10732
+          name: rpc
+        - containerPort: 11732
+          name: p2p
+        command:
+          - /bin/sh
+        volumeMounts:
+        - mountPath: /var/tezos
+          name: var-volume
+        args:
+          - "-c"
+          - |
+{{ tpl ($.Files.Get "scripts/dal-node.sh") $ | indent 12 }}
+{{- if $v | default false }}
+        env:
+{{- if $v.bootstrapProfile | default false }}
+        - name: BOOTSTRAP_PROFILE
+          value: "true"
+{{- end }}
+{{- if $v.attesterProfiles | default false }}
+        - name: ATTESTER_PROFILES
+          value: "{{ $v.attesterProfiles }}"
+{{- end }}
+{{- if $v.peer | default false }}
+        - name: PEER
+          value: "{{ $v.peer }}"
+{{- end }}
+{{- if $v.publicAddr | default false }}
+        - name: PUBLIC_ADDR
+          value: "{{ $v.publicAddr }}"
+{{- end }}
+{{- if $v.identity | default false }}
+        - name: IDENTITY_JSON
+          value: {{ toJson $v.identity | quote }}
+{{- end }}
+{{- end }}
+      securityContext:
+        fsGroup: 1000
+  volumeClaimTemplates:
+    - metadata:
+        name: var-volume
+      spec:
+        accessModes:
+          - ReadWriteOnce
+        resources:
+          requests:
+{{- if $v.storageSize | default false }}
+            storage: "{{ $v.storageSize }}"
+{{- else }}
+            storage: "50Gi"
+{{- end }}
+---
+{{- if $v | default false }}
+{{- if $v.ingress | default false }}
+{{- if $v.ingress.enabled | default false }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: dal-{{ $k }}
+  namespace: {{ $.Release.Namespace }}
+{{- with $v.ingress.labels }}
+  labels:
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with $v.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+  ingressClassName: {{ $v.ingress.className }}
+  {{- if $v.ingress.tls }}
+  tls:
+    {{- range $v.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    - host: {{ $v.ingress.host }}
+      http:
+        paths:
+          - pathType: Prefix
+            path: /
+            backend:
+              service:
+                name: dal-{{ $k }}
+                port:
+                  name: rpc
+---
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}