DeBros/network
4
0
Fork 0
mirror of https://github.com/DeBrosOfficial/network.git synced 2025-12-15 03:18:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor: enhance DeBros network installation script

Browse Source 
- Updated script to support a complete DeBros network node installation with gateway.
- Improved user management by introducing a variable for the debros user.
- Added support for idempotent updates and secure systemd service management for both node and gateway services.
- Replaced the configuration wizard with automated configuration file generation using network-cli.
- Enhanced firewall configuration instructions and service management commands for better usability.
This commit is contained in:
anonpenguin23 2025-10-25 08:40:06 +03:00
parent 7c9851729e
commit a9d624c0f6
No known key found for this signature in database
GPG Key ID: 1CBB1FE35AFBEE30
2 changed files with 159 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -36,6 +36,7 @@ The format is based on [Keep a Changelog][keepachangelog] and adheres to [Semant
- Fixed indentation in bootstrapPeerSource function for consistency - Fixed indentation in bootstrapPeerSource function for consistency
- Fixed gateway.yaml generation with correct YAML indentation for bootstrap_peers - Fixed gateway.yaml generation with correct YAML indentation for bootstrap_peers
- Fixed script for running and added gateway running as well
### Security ### Security

301
scripts/install-debros-network.sh
View File

@ -1,8 +1,8 @@
#!/bin/bash #!/bin/bash
# DeBros Network Node Installation Script (Modern Node-Only Setup) # DeBros Network Production Installation Script
# Installs, configures, and manages a DeBros network node with secure defaults. # Installs and configures a complete DeBros network node (bootstrap) with gateway.
# Supports update-in-place, systemd service, and CLI management. # Supports idempotent updates and secure systemd service management.
set -e set -e
trap 'echo -e "${RED}An error occurred. Installation aborted.${NOCOLOR}"; exit 1' ERR trap 'echo -e "${RED}An error occurred. Installation aborted.${NOCOLOR}"; exit 1' ERR
@ -25,6 +25,7 @@ GATEWAY_PORT="6001"
RAFT_PORT="7001" RAFT_PORT="7001"
UPDATE_MODE=false UPDATE_MODE=false
NON_INTERACTIVE=false NON_INTERACTIVE=false
DEBROS_USER="debros"
log() { echo -e "${CYAN}[$(date '+%Y-%m-%d %H:%M:%S')]${NOCOLOR} $1"; } log() { echo -e "${CYAN}[$(date '+%Y-%m-%d %H:%M:%S')]${NOCOLOR} $1"; }
error() { echo -e "${RED}[ERROR]${NOCOLOR} $1"; } error() { echo -e "${RED}[ERROR]${NOCOLOR} $1"; }
@ -115,7 +116,7 @@ check_existing_installation() {
remove_existing_installation() { remove_existing_installation() {
log "Removing existing installation..." log "Removing existing installation..."
for service in debros-node; do for service in debros-node debros-gateway; do
if systemctl list-unit-files | grep -q "$service.service"; then if systemctl list-unit-files | grep -q "$service.service"; then
log "Stopping $service service..." log "Stopping $service service..."
sudo systemctl stop $service.service 2>/dev/null || true sudo systemctl stop $service.service 2>/dev/null || true
@ -128,8 +129,8 @@ remove_existing_installation() {
sudo rm -rf "$INSTALL_DIR" sudo rm -rf "$INSTALL_DIR"
log "Removed installation directory" log "Removed installation directory"
fi fi
if id "debros" &>/dev/null; then if id "$DEBROS_USER" &>/dev/null; then
sudo userdel debros 2>/dev/null || true sudo userdel "$DEBROS_USER" 2>/dev/null || true
log "Removed debros user" log "Removed debros user"
fi fi
success "Existing installation removed" success "Existing installation removed"
@ -260,50 +261,24 @@ check_ports() {
success "All required ports are available" success "All required ports are available"
} }
configuration_wizard() {
log "${BLUE}==================================================${NOCOLOR}"
log "${GREEN} DeBros Network Configuration Wizard ${NOCOLOR}"
log "${BLUE}==================================================${NOCOLOR}"
if [ "$NON_INTERACTIVE" = true ]; then
log "Non-interactive mode: using default configuration"
SOLANA_WALLET="11111111111111111111111111111111"
CONFIGURE_FIREWALL="yes"
log "Installation Directory: $INSTALL_DIR"
log "Firewall Configuration: $CONFIGURE_FIREWALL"
success "Configuration completed with defaults"
return 0
fi
log "${GREEN}Enter your Solana wallet address for node operator rewards:${NOCOLOR}"
while true; do
read -rp "Solana Wallet Address: " SOLANA_WALLET
if [[ -n "$SOLANA_WALLET" && ${#SOLANA_WALLET} -ge 32 ]]; then break; else error "Please enter a valid Solana wallet address"; fi
done
read -rp "Installation directory [default: $INSTALL_DIR]: " CUSTOM_INSTALL_DIR
if [[ -n "$CUSTOM_INSTALL_DIR" ]]; then INSTALL_DIR="$CUSTOM_INSTALL_DIR"; fi
read -rp "Configure firewall automatically? (yes/no) [default: yes]: " CONFIGURE_FIREWALL
CONFIGURE_FIREWALL="${CONFIGURE_FIREWALL:-yes}"
success "Configuration completed"
}
setup_directories() { setup_directories() {
log "Setting up directories and permissions..." log "Setting up directories and permissions..."
if ! id "debros" &>/dev/null; then if ! id "$DEBROS_USER" &>/dev/null; then
sudo useradd -r -s /bin/false -d "$INSTALL_DIR" debros sudo useradd -r -s /usr/sbin/nologin -d "$INSTALL_DIR" "$DEBROS_USER"
log "Created debros user" log "Created debros user"
else else
log "User 'debros' already exists" log "User 'debros' already exists"
fi fi
sudo mkdir -p "$INSTALL_DIR"/{bin,configs,keys,data,logs,src} sudo mkdir -p "$INSTALL_DIR"/{bin,src}
sudo mkdir -p "$INSTALL_DIR/keys/node" sudo chown -R "$DEBROS_USER:$DEBROS_USER" "$INSTALL_DIR"
sudo mkdir -p "$INSTALL_DIR/data/node"/{rqlite,storage}
sudo chown -R debros:debros "$INSTALL_DIR"
sudo chmod 755 "$INSTALL_DIR" sudo chmod 755 "$INSTALL_DIR"
sudo chmod 700 "$INSTALL_DIR/keys"
sudo chmod 700 "$INSTALL_DIR/keys/node"
sudo chmod 755 "$INSTALL_DIR/data"
sudo chmod 755 "$INSTALL_DIR/logs"
sudo chmod 755 "$INSTALL_DIR/configs"
sudo chmod 755 "$INSTALL_DIR/bin" sudo chmod 755 "$INSTALL_DIR/bin"
# Create ~/.debros for the debros user
DEBROS_HOME=$(sudo -u "$DEBROS_USER" sh -c 'echo ~')
sudo -u "$DEBROS_USER" mkdir -p "$DEBROS_HOME/.debros"
sudo chmod 0700 "$DEBROS_HOME/.debros"
success "Directory structure ready" success "Directory structure ready"
} }
@ -312,39 +287,20 @@ setup_source_code() {
if [ -d "$INSTALL_DIR/src/.git" ]; then if [ -d "$INSTALL_DIR/src/.git" ]; then
log "Updating existing repository..." log "Updating existing repository..."
cd "$INSTALL_DIR/src" cd "$INSTALL_DIR/src"
sudo -u debros git pull sudo -u "$DEBROS_USER" git pull
else else
log "Cloning repository..." log "Cloning repository..."
sudo -u debros git clone "$REPO_URL" "$INSTALL_DIR/src" sudo -u "$DEBROS_USER" git clone "$REPO_URL" "$INSTALL_DIR/src"
cd "$INSTALL_DIR/src" cd "$INSTALL_DIR/src"
fi fi
success "Source code ready" success "Source code ready"
} }
generate_identity() {
local identity_file="$INSTALL_DIR/keys/node/identity.key"
if [ -f "$identity_file" ]; then
if [ "$UPDATE_MODE" = true ]; then
log "Identity key already exists, keeping existing key"
success "Using existing node identity"
return 0
else
log "Identity key already exists, regenerating..."
sudo rm -f "$identity_file"
fi
fi
log "Generating node identity..."
cd "$INSTALL_DIR/src"
export PATH=$PATH:/usr/local/go/bin
sudo -u debros env "PATH=$PATH:/usr/local/go/bin" go run ./cmd/identity -output "$identity_file"
success "Node identity generated"
}
build_binaries() { build_binaries() {
log "Building DeBros Network binaries..." log "Building DeBros Network binaries..."
cd "$INSTALL_DIR/src" cd "$INSTALL_DIR/src"
export PATH=$PATH:/usr/local/go/bin export PATH=$PATH:/usr/local/go/bin
sudo -u debros env "PATH=$PATH:/usr/local/go/bin" make build
local services_were_running=() local services_were_running=()
if [ "$UPDATE_MODE" = true ]; then if [ "$UPDATE_MODE" = true ]; then
log "Update mode: checking for running services before binary update..." log "Update mode: checking for running services before binary update..."
@ -353,13 +309,22 @@ build_binaries() {
sudo systemctl stop debros-node.service sudo systemctl stop debros-node.service
services_were_running+=("debros-node") services_were_running+=("debros-node")
fi fi
if systemctl is-active --quiet debros-gateway.service 2>/dev/null; then
log "Stopping debros-gateway service to update binaries..."
sudo systemctl stop debros-gateway.service
services_were_running+=("debros-gateway")
fi
if [ ${#services_were_running[@]} -gt 0 ]; then if [ ${#services_were_running[@]} -gt 0 ]; then
log "Waiting for services to stop completely..." log "Waiting for services to stop completely..."
sleep 3 sleep 3
fi fi
fi fi
sudo -u "$DEBROS_USER" env "PATH=$PATH:/usr/local/go/bin" make build
sudo cp bin/* "$INSTALL_DIR/bin/" sudo cp bin/* "$INSTALL_DIR/bin/"
sudo chown debros:debros "$INSTALL_DIR/bin/"* sudo chown "$DEBROS_USER:$DEBROS_USER" "$INSTALL_DIR/bin/"*
sudo chmod 755 "$INSTALL_DIR/bin/"*
if [ "$UPDATE_MODE" = true ] && [ ${#services_were_running[@]} -gt 0 ]; then if [ "$UPDATE_MODE" = true ] && [ ${#services_were_running[@]} -gt 0 ]; then
log "Restarting previously running services..." log "Restarting previously running services..."
for service in "${services_were_running[@]}"; do for service in "${services_were_running[@]}"; do
@ -371,81 +336,75 @@ build_binaries() {
} }
generate_configs() { generate_configs() {
log "Generating configuration files..." log "Generating configuration files via network-cli..."
cat > /tmp/node.yaml << EOF DEBROS_HOME=$(sudo -u "$DEBROS_USER" sh -c 'echo ~')
node:
data_dir: "$INSTALL_DIR/data/node" # Generate bootstrap config
key_file: "$INSTALL_DIR/keys/node/identity.key" log "Generating bootstrap.yaml..."
listen_addresses: sudo -u "$DEBROS_USER" "$INSTALL_DIR/bin/network-cli" config init --type bootstrap --force
- "/ip4/0.0.0.0/tcp/$NODE_PORT"
solana_wallet: "$SOLANA_WALLET" # Generate gateway config
database: log "Generating gateway.yaml..."
rqlite_port: $RQLITE_PORT sudo -u "$DEBROS_USER" "$INSTALL_DIR/bin/network-cli" config init --type gateway --force
rqlite_raft_port: $RAFT_PORT
logging:
level: "info"
file: "$INSTALL_DIR/logs/node.log"
EOF
sudo mv /tmp/node.yaml "$INSTALL_DIR/configs/node.yaml"
sudo chown debros:debros "$INSTALL_DIR/configs/node.yaml"
success "Configuration files generated" success "Configuration files generated"
} }
configure_firewall() { configure_firewall() {
if [[ "$CONFIGURE_FIREWALL" == "yes" ]]; then log "Configuring firewall rules..."
log "Configuring firewall rules..." if command -v ufw &> /dev/null; then
if command -v ufw &> /dev/null; then log "Adding UFW rules for DeBros Network ports..."
log "Adding UFW rules for DeBros Network ports..." for port in $NODE_PORT $RQLITE_PORT $RAFT_PORT $GATEWAY_PORT; do
for port in $NODE_PORT $RQLITE_PORT $RAFT_PORT $GATEWAY_PORT; do if ! sudo ufw allow $port 2>/dev/null; then
if ! sudo ufw allow $port; then error "Failed to allow port $port"
error "Failed to allow port $port" exit 1
exit 1
fi
log "Added UFW rule: allow port $port"
done
UFW_STATUS=$(sudo ufw status | grep -o "Status: [a-z]\+" | awk '{print $2}' || echo "inactive")
if [[ "$UFW_STATUS" == "active" ]]; then
success "Firewall rules added and active"
else
success "Firewall rules added (UFW is inactive - rules will take effect when UFW is enabled)"
log "To enable UFW with current rules: sudo ufw enable"
fi fi
log "Added UFW rule: allow port $port"
done
UFW_STATUS=$(sudo ufw status | grep -o "Status: [a-z]\+" | awk '{print $2}' || echo "inactive")
if [[ "$UFW_STATUS" == "active" ]]; then
success "Firewall rules added and active"
else else
warning "UFW not found. Please configure firewall manually." success "Firewall rules added (UFW is inactive - rules will take effect when UFW is enabled)"
log "Required ports to allow:" log "To enable UFW with current rules: sudo ufw enable"
log " - Port $NODE_PORT (Node)"
log " - Port $RQLITE_PORT (RQLite)"
log " - Port $RAFT_PORT (Raft)"
fi fi
else
warning "UFW not found. Please configure firewall manually."
log "Required ports to allow:"
log " - Port $NODE_PORT (Node P2P)"
log " - Port $RQLITE_PORT (RQLite HTTP)"
log " - Port $RAFT_PORT (RQLite Raft)"
log " - Port $GATEWAY_PORT (Gateway)"
fi fi
} }
create_systemd_service() { create_systemd_services() {
local service_file="/etc/systemd/system/debros-node.service" log "Creating systemd service units..."
if [ -f "$service_file" ]; then
# Node service
local node_service_file="/etc/systemd/system/debros-node.service"
if [ -f "$node_service_file" ]; then
log "Cleaning up existing node service..." log "Cleaning up existing node service..."
sudo systemctl stop debros-node.service 2>/dev/null || true sudo systemctl stop debros-node.service 2>/dev/null || true
sudo systemctl disable debros-node.service 2>/dev/null || true sudo systemctl disable debros-node.service 2>/dev/null || true
sudo rm -f "$service_file" sudo rm -f "$node_service_file"
fi fi
sudo systemctl daemon-reload
log "Creating new systemd service..." log "Creating debros-node.service..."
local exec_start="$INSTALL_DIR/bin/node -data $INSTALL_DIR/data/node" cat > /tmp/debros-node.service << 'EOF'
cat > /tmp/debros-node.service << EOF
[Unit] [Unit]
Description=DeBros Network Node Description=DeBros Network Node (Bootstrap)
After=network.target After=network-online.target
Wants=network-online.target Wants=network-online.target
[Service] [Service]
Type=simple Type=simple
User=debros User=debros
Group=debros Group=debros
WorkingDirectory=$INSTALL_DIR WorkingDirectory=/opt/debros/src
Environment=ENVIRONMENT=production ExecStart=/opt/debros/bin/node --config bootstrap.yaml
ExecStart=$exec_start
Restart=always Restart=always
RestartSec=10 RestartSec=5
StandardOutput=journal StandardOutput=journal
StandardError=journal StandardError=journal
SyslogIdentifier=debros-node SyslogIdentifier=debros-node
@ -454,26 +413,78 @@ NoNewPrivileges=yes
PrivateTmp=yes PrivateTmp=yes
ProtectSystem=strict ProtectSystem=strict
ProtectHome=yes ProtectHome=yes
ReadWritePaths=$INSTALL_DIR ReadWritePaths=/opt/debros
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target
EOF EOF
sudo mv /tmp/debros-node.service "$service_file" sudo mv /tmp/debros-node.service "$node_service_file"
# Gateway service
local gateway_service_file="/etc/systemd/system/debros-gateway.service"
if [ -f "$gateway_service_file" ]; then
log "Cleaning up existing gateway service..."
sudo systemctl stop debros-gateway.service 2>/dev/null || true
sudo systemctl disable debros-gateway.service 2>/dev/null || true
sudo rm -f "$gateway_service_file"
fi
log "Creating debros-gateway.service..."
cat > /tmp/debros-gateway.service << 'EOF'
[Unit]
Description=DeBros Gateway (HTTP/WebSocket)
After=debros-node.service
Wants=debros-node.service
[Service]
Type=simple
User=debros
Group=debros
WorkingDirectory=/opt/debros/src
ExecStart=/opt/debros/bin/gateway
Restart=always
RestartSec=5
StandardOutput=journal
StandardError=journal
SyslogIdentifier=debros-gateway
NoNewPrivileges=yes
PrivateTmp=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/opt/debros
[Install]
WantedBy=multi-user.target
EOF
sudo mv /tmp/debros-gateway.service "$gateway_service_file"
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl enable debros-node.service sudo systemctl enable debros-node.service
success "Systemd service ready" sudo systemctl enable debros-gateway.service
success "Systemd services ready"
} }
start_service() { start_services() {
log "Starting DeBros Network service..." log "Starting DeBros Network services..."
sudo systemctl start debros-node.service sudo systemctl start debros-node.service
sleep 3 sleep 3
if systemctl is-active --quiet debros-node.service; then if systemctl is-active --quiet debros-node.service; then
success "DeBros Network service started successfully" success "DeBros Node service started successfully"
else else
error "Failed to start DeBros Network service" error "Failed to start DeBros Node service"
log "Check logs with: sudo journalctl -u debros-node.service" log "Check logs with: sudo journalctl -u debros-node.service -f"
exit 1
fi
sleep 2
sudo systemctl start debros-gateway.service
sleep 2
if systemctl is-active --quiet debros-gateway.service; then
success "DeBros Gateway service started successfully"
else
error "Failed to start DeBros Gateway service"
log "Check logs with: sudo journalctl -u debros-gateway.service -f"
exit 1 exit 1
fi fi
} }
@ -501,14 +512,8 @@ main() {
if ! check_go_installation; then install_go; fi if ! check_go_installation; then install_go; fi
install_dependencies install_dependencies
install_rqlite install_rqlite
if [ "$UPDATE_MODE" != true ]; then configuration_wizard; else
log "Update mode: skipping configuration wizard"
SOLANA_WALLET="11111111111111111111111111111111"
CONFIGURE_FIREWALL="yes"
fi
setup_directories setup_directories
setup_source_code setup_source_code
generate_identity
build_binaries build_binaries
if [ "$UPDATE_MODE" != true ]; then if [ "$UPDATE_MODE" != true ]; then
generate_configs generate_configs
@ -516,8 +521,11 @@ main() {
else else
log "Update mode: keeping existing configuration" log "Update mode: keeping existing configuration"
fi fi
create_systemd_service create_systemd_services
start_service start_services
DEBROS_HOME=$(sudo -u "$DEBROS_USER" sh -c 'echo ~')
log "${BLUE}==================================================${NOCOLOR}" log "${BLUE}==================================================${NOCOLOR}"
if [ "$UPDATE_MODE" = true ]; then if [ "$UPDATE_MODE" = true ]; then
log "${GREEN} Update Complete! ${NOCOLOR}" log "${GREEN} Update Complete! ${NOCOLOR}"
@ -526,21 +534,28 @@ main() {
fi fi
log "${BLUE}==================================================${NOCOLOR}" log "${BLUE}==================================================${NOCOLOR}"
log "${GREEN}Installation Directory:${NOCOLOR} ${CYAN}$INSTALL_DIR${NOCOLOR}" log "${GREEN}Installation Directory:${NOCOLOR} ${CYAN}$INSTALL_DIR${NOCOLOR}"
log "${GREEN}Configuration:${NOCOLOR} ${CYAN}$INSTALL_DIR/configs/node.yaml${NOCOLOR}" log "${GREEN}Config Directory:${NOCOLOR} ${CYAN}$DEBROS_HOME/.debros${NOCOLOR}"
log "${GREEN}Logs:${NOCOLOR} ${CYAN}$INSTALL_DIR/logs/node.log${NOCOLOR}"
log "${GREEN}LibP2P Port:${NOCOLOR} ${CYAN}$NODE_PORT${NOCOLOR}" log "${GREEN}LibP2P Port:${NOCOLOR} ${CYAN}$NODE_PORT${NOCOLOR}"
log "${GREEN}RQLite Port:${NOCOLOR} ${CYAN}$RQLITE_PORT${NOCOLOR}" log "${GREEN}RQLite Port:${NOCOLOR} ${CYAN}$RQLITE_PORT${NOCOLOR}"
log "${GREEN}Gateway Port:${NOCOLOR} ${CYAN}$GATEWAY_PORT${NOCOLOR}" log "${GREEN}Gateway Port:${NOCOLOR} ${CYAN}$GATEWAY_PORT${NOCOLOR}"
log "${GREEN}Raft Port:${NOCOLOR} ${CYAN}$RAFT_PORT${NOCOLOR}" log "${GREEN}Raft Port:${NOCOLOR} ${CYAN}$RAFT_PORT${NOCOLOR}"
log "${BLUE}==================================================${NOCOLOR}" log "${BLUE}==================================================${NOCOLOR}"
log "${GREEN}Management Commands:${NOCOLOR}" log "${GREEN}Service Management:${NOCOLOR}"
log "${CYAN} - sudo systemctl status debros-node${NOCOLOR} (Check status)" log "${CYAN} - sudo systemctl status debros-node${NOCOLOR} (Check node status)"
log "${CYAN} - sudo systemctl restart debros-node${NOCOLOR} (Restart service)" log "${CYAN} - sudo systemctl status debros-gateway${NOCOLOR} (Check gateway status)"
log "${CYAN} - sudo systemctl stop debros-node${NOCOLOR} (Stop service)" log "${CYAN} - sudo systemctl restart debros-node${NOCOLOR} (Restart node)"
log "${CYAN} - sudo systemctl start debros-node${NOCOLOR} (Start service)" log "${CYAN} - sudo systemctl restart debros-gateway${NOCOLOR} (Restart gateway)"
log "${CYAN} - sudo journalctl -u debros-node.service -f${NOCOLOR} (View logs)" log "${CYAN} - sudo systemctl stop debros-node${NOCOLOR} (Stop node)"
log "${CYAN} - $INSTALL_DIR/bin/network-cli${NOCOLOR} (Use CLI tools)" log "${CYAN} - sudo systemctl stop debros-gateway${NOCOLOR} (Stop gateway)"
log "${CYAN} - sudo journalctl -u debros-node.service -f${NOCOLOR} (View node logs)"
log "${CYAN} - sudo journalctl -u debros-gateway.service -f${NOCOLOR} (View gateway logs)"
log "${BLUE}==================================================${NOCOLOR}" log "${BLUE}==================================================${NOCOLOR}"
log "${GREEN}Verify Installation:${NOCOLOR}"
log "${CYAN} - Node health: curl http://127.0.0.1:5001/status${NOCOLOR}"
log "${CYAN} - Gateway health: curl http://127.0.0.1:6001/health${NOCOLOR}"
log "${CYAN} - Show bootstrap peer: cat $DEBROS_HOME/.debros/bootstrap/peer.info${NOCOLOR}"
log "${BLUE}==================================================${NOCOLOR}"
if [ "$UPDATE_MODE" = true ]; then if [ "$UPDATE_MODE" = true ]; then
success "DeBros Network has been updated and is running!" success "DeBros Network has been updated and is running!"
else else