diff --git a/Dockerfile b/Dockerfile index afec7404173..ca45b8df312 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,4 +17,8 @@ COPY --from=builder /app/build/bin/* /usr/local/bin/ WORKDIR /var/lib/erigon +RUN adduser -H -u 1000 -g 1000 -D erigon +RUN chown -R erigon:erigon /var/lib/erigon +USER erigon + EXPOSE 8545 8546 30303 30303/udp 30304 30304/udp 8080 9090 6060 diff --git a/Makefile b/Makefile index a3388e7bf16..f6b74cbffaf 100644 --- a/Makefile +++ b/Makefile @@ -21,9 +21,13 @@ go-version: docker: docker build -t turbo-geth:latest --build-arg git_commit='${GIT_COMMIT}' --build-arg git_branch='${GIT_BRANCH}' --build-arg git_tag='${GIT_TAG}' . +xdg_data_home := ~/.local/share +ifdef XDG_DATA_HOME + xdg_data_home = $(XDG_DATA_HOME) +endif docker-compose: - # Uses host's PID,UID,GID. It required to open Erigon's DB from another process (RPCDaemon local-mode) - UID_GID=$(shell id -u):$(shell id -g) docker-compose up + mkdir -p $(xdg_data_home)/erigon $(xdg_data_home)/erigon-grafana $(xdg_data_home)/erigon-prometheus; \ + docker-compose up # debug build allows see C stack traces, run it with GOTRACEBACK=crash. You don't need debug build for C pit for profiling. To profile C code use SETCGOTRCKEBACK=1 dbg: diff --git a/README.md b/README.md index f729f87fc89..490852d0f24 100644 --- a/README.md +++ b/README.md @@ -232,7 +232,7 @@ or XDG_DATA_HOME=/preferred/data/folder make docker-compose ``` -Makefile uses host's PID,UID,GID. It required to open Erigon's DB from another process (RPCDaemon local-mode). +Makefile creates the initial directories for erigon, prometheus and grafana. The PID namespace is shared between erigon and rpcdaemon which is required to open Erigon's DB from another process (RPCDaemon local-mode). See: https://github.com/ledgerwatch/erigon/pull/2392/files Windows support for docker-compose is not ready yet. Please help us with .ps1 port diff --git a/docker-compose.yml b/docker-compose.yml index ec2d985604e..6d2a25cff6a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,8 +6,6 @@ services: image: thorax/erigon:latest build: . command: erigon --datadir=/var/lib/erigon --metrics --metrics.addr=0.0.0.0 --metrics.port=6060 --private.api.addr=0.0.0.0:9090 --pprof --pprof.addr=0.0.0.0 --pprof.port=6061 - user: ${UID_GID:-1000:1000} # Uses host's PID,UID,GID. It required to open Erigon's DB from another process (RPCDaemon local-mode) - pid: host volumes: - ${XDG_DATA_HOME:-~/.local/share}/erigon:/var/lib/erigon ports: @@ -19,7 +17,7 @@ services: prometheus: image: prom/prometheus:v2.28.1 - user: ${UID_GID:-1000:1000} + user: 1000:1000 # Uses erigon user from Dockerfile command: --log.level=warn --config.file=/etc/prometheus/prometheus.yml --storage.tsdb.path=/prometheus --web.console.libraries=/usr/share/prometheus/console_libraries --web.console.templates=/usr/share/prometheus/consoles ports: - "9090:9090" @@ -30,7 +28,7 @@ services: grafana: image: grafana/grafana:8.0.6 - user: ${UID_GID:-1000:1000} + user: 1000:1000 # Uses erigon user from Dockerfile ports: - "3000:3000" volumes: @@ -43,8 +41,7 @@ services: rpcdaemon: image: thorax/erigon:latest command: rpcdaemon --datadir /var/lib/erigon --private.api.addr=erigon:9090 --http.addr=0.0.0.0 --http.vhosts=* --http.corsdomain=* --http.api=eth,debug,net - user: ${UID_GID:-1000:1000} # Uses host's PID,UID,GID. It required to open Erigon's DB from another process (RPCDaemon local-mode) - pid: host + pid: service:erigon # Use erigon's PID namespace. It's required to open Erigon's DB from another process (RPCDaemon local-mode) volumes: - ${XDG_DATA_HOME:-~/.local/share}/erigon:/var/lib/erigon ports: