Adapt dockerfile to stardust version

config.json

@@ -83,7 +83,7 @@
       "reconnectAttemptIntervalSeconds": 60
     },
     "autopeering": {
-      "bindAddress": "0.0.0.0:14626",
+      "bindAddress": "0.0.0.0:14627",
       "runAsEntryNode": false,
       "entryNodes": [
         "[email protected]:14626",

docker-compose.yml

@@ -1,24 +1,32 @@
-version: "3"
+version: '3'
 services:
   hornet:
     build:
       context: .
-      # For aarch64/arm64 use Dockerfile.arm64
       dockerfile: docker/Dockerfile
-    image: hornet:latest
+    image: hornet:legacy
+    ulimits:
+      nofile:
+        soft: 8192
+        hard: 8192
+    stop_grace_period: 5m
     # Best performance via host network:
     network_mode: host
     # Else:
     #ports:
-    #  - "14265:14265"
-    #  - "15600:15600"
+    #  - "15601:15601/tcp"
+    #  - "14627:14627/udp"
+    #  - "14266:14266/tcp"
+    #  - "8082:8082/tcp"
+    #  - "5556:5556/tcp"
+    #  - "1883:1883/tcp"
+    #  - "9312:9312/tcp"
     cap_drop:
       - ALL
-
     volumes:
       - ./config.json:/app/config.json:ro
-      - ./mqtt_config.json:/app/mqtt_config.json
-      - ./profiles.json:/app/profiles.json
       - ./peering.json:/app/peering.json
-      - ./snapshots/mainnet:/app/snapshots/mainnet
+      - ./profiles.json:/app/profiles.json
+      - ./mqtt_config.json:/app/mqtt_config.json
       - ./mainnetdb:/app/mainnetdb
+      - ./snapshots/mainnet:/app/snapshots/mainnet

docker/Dockerfile

@@ -1,48 +1,59 @@
-FROM alpine:latest
+# https://hub.docker.com/_/golang
+FROM golang:1.20-bullseye AS build
 
-ARG REPO="iotaledger/hornet"
-ARG TAG=latest
-ARG ARCH=x86_64
-ARG OS=Linux
-
-LABEL org.label-schema.description="HORNET - The IOTA community node"
+LABEL org.label-schema.description="HORNET - The IOTA node"
 LABEL org.label-schema.name="iotaledger/hornet"
 LABEL org.label-schema.schema-version="1.0"
 LABEL org.label-schema.vcs-url="https://github.com/iotaledger/hornet"
-LABEL org.label-schema.usage="https://github.com/iotaledger/hornet/blob/master/DOCKER.md"
+
+# Ensure ca-certificates are up to date
+RUN update-ca-certificates
+
+# Set the current Working Directory inside the container
+RUN mkdir /scratch
+WORKDIR /scratch
+
+# Prepare the folder where we are putting all the files
+RUN mkdir /app
+
+# Make sure that modules only get pulled when the module file has changed
+COPY go.mod go.sum ./
+
+# Download go modules
+RUN go mod download
+RUN go mod verify
+
+# Copy everything from the current directory to the PWD(Present Working Directory) inside the container
+COPY . .
+
+# Build the binary
+RUN go build -o /app/hornet -a -tags="$BUILD_TAGS" -ldflags='-w -s'
+
+# Copy the assets
+COPY ./config.json /app/config.json
+COPY ./peering.json /app/peering.json
+COPY ./profiles.json /app/profiles.json
+COPY ./mqtt_config.json /app/mqtt_config.json
+
+############################
+# Image
+############################
+# https://console.cloud.google.com/gcr/images/distroless/global/cc-debian11
+# using distroless cc "nonroot" image, which includes everything in the base image (glibc, libssl and openssl)
+FROM gcr.io/distroless/cc-debian11:nonroot
+
+EXPOSE 15601/tcp
+EXPOSE 14627/udp
+EXPOSE 14266/tcp
+EXPOSE 8082/tcp
+EXPOSE 5556/tcp
+EXPOSE 1883/tcp
+EXPOSE 9312/tcp
+
+# Copy the app dir into distroless image
+COPY --chown=nonroot:nonroot --from=build /app /app
 
 WORKDIR /app
+USER nonroot
 
-RUN apk --no-cache add ca-certificates curl jq tini tar\
-  && update-ca-certificates 2>/dev/null || true\
-  && if [ "$TAG" = "latest" ];\
-  then\
-  HORNET_TAG=$(curl --retry 3 -f -s https://api.github.com/repos/${REPO}/releases/latest | jq -r .tag_name | tr -d 'v');\
-  else\
-  HORNET_TAG="${TAG//v}";\
-  fi\
-  && echo "Downloading from https://github.com/${REPO}/releases/download/v${HORNET_TAG}/HORNET-legacy-${HORNET_TAG}_${OS}_${ARCH}.tar.gz ..."\
-  && curl -f -L --retry 3 "https://github.com/${REPO}/releases/download/v${HORNET_TAG}/HORNET-legacy-${HORNET_TAG}_${OS}_${ARCH}.tar.gz" -o /tmp/hornet.tgz\
-  && tar --wildcards --strip-components=1 -xf /tmp/hornet.tgz -C /app/ */hornet-legacy */config.json */peering.json\
-  && if [ "$ARCH" = "x86_64" ];\
-  then\
-  curl -f -L --retry 3 -o /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub;\
-  curl -f -L --retry 3 -o glibc-2.35-r1.apk https://github.com/sgerrand/alpine-pkg-glibc/releases/download/2.35-r1/glibc-2.35-r1.apk;\
-  apk add glibc-2.35-r1.apk;\
-  rm glibc-2.35-r1.apk;\
-  fi\
-  && addgroup --gid 39999 hornet\
-  && adduser -h /app -s /bin/sh -G hornet -u 39999 -D hornet\
-  && chmod +x /app/hornet-legacy\
-  && chown hornet:hornet -R /app\
-  && rm /tmp/hornet.tgz\
-  && apk del jq curl
-
-# Not exposing ports, as it might be more efficient to run this on host network because of performance gain.
-# | Host mode networking can be useful to optimize performance, and in situations where a container needs
-# | to handle a large range of ports, as it does not require network address translation (NAT), and no
-# | “userland-proxy” is created for each port.
-# Source: https://docs.docker.com/network/host/
-
-USER hornet
-ENTRYPOINT ["/sbin/tini", "--", "/app/hornet-legacy"]
+ENTRYPOINT ["/app/hornet"]

integration-tests/tester/framework/autopeered_network.go

@@ -103,7 +103,7 @@ func (n *AutopeeredNetwork) CreatePeer(cfg *NodeConfig) (*Node, error) {
 		return nil, err
 	}
 	cfg.Network.EntryNodes = []string{
-		fmt.Sprintf("%s@%s:14626", n.entryNodePublicKey(), ip),
+		fmt.Sprintf("%s@%s:14627", n.entryNodePublicKey(), ip),
 	}
 	return n.Network.CreateNode(cfg)
 }

integration-tests/tester/framework/config.go

@@ -16,7 +16,7 @@ const (
 	GenesisAddress = "9QJKPJPYTNPF9AFCLGLMAGXOR9ZIPYTRISKOGJPM9ZKKDXGRXWFJZMQTETDJJOGYEVRMLAOECBPWTUZ9B"
 
 	// The default web API port of every node.
-	WebAPIPort = 14265
+	WebAPIPort = 14266
 
 	autopeeringMaxTries = 50
 
@@ -60,8 +60,8 @@ func DefaultConfig() *NodeConfig {
 	}
 	cfg.ExposedPorts = nat.PortSet{
 		nat.Port(fmt.Sprintf("%s/tcp", strings.Split(cfg.WebAPI.BindAddress, ":")[1])): {},
-		"6060/tcp": {},
-		"8081/tcp": {},
+		"6061/tcp": {},
+		"8082/tcp": {},
 	}
 	return cfg
 }
@@ -168,7 +168,7 @@ func (webAPIConfig *WebAPIConfig) CLIFlags() []string {
 // DefaultWebAPIConfig returns the default web API config.
 func DefaultWebAPIConfig() WebAPIConfig {
 	return WebAPIConfig{
-		BindAddress: "0.0.0.0:14265",
+		BindAddress: "0.0.0.0:14266",
 		PermittedAPICalls: []string{
 			"getNodeInfo",
 			"attachToTangle",
@@ -326,7 +326,7 @@ func (profilingConfig *ProfilingConfig) CLIFlags() []string {
 // DefaultProfilingConfig returns the default profiling config.
 func DefaultProfilingConfig() ProfilingConfig {
 	return ProfilingConfig{
-		BindAddress: "0.0.0.0:6060",
+		BindAddress: "0.0.0.0:6061",
 	}
 }
 
@@ -346,6 +346,6 @@ func (dashboardConfig *DashboardConfig) CLIFlags() []string {
 // DefaultDashboardConfig returns the default profiling config.
 func DefaultDashboardConfig() DashboardConfig {
 	return DashboardConfig{
-		BindAddress: "0.0.0.0:8081",
+		BindAddress: "0.0.0.0:8082",
 	}
 }

integration-tests/tester/framework/node.go

@@ -57,8 +57,8 @@ func newNode(name string, identity *identity.Identity, cfg *NodeConfig, dockerCo
 	return &Node{
 		Name: name,
 		Profiler: Profiler{
-			pprofURI:     fmt.Sprintf("http://%s:6060", ip),
-			websocketURI: fmt.Sprintf("ws://%s:8081/ws", ip),
+			pprofURI:     fmt.Sprintf("http://%s:6061", ip),
+			websocketURI: fmt.Sprintf("ws://%s:8082/ws", ip),
 			targetName:   name,
 			Client: http.Client{
 				Timeout: 2 * time.Minute,

integration-tests/tester/framework/static_network.go

@@ -81,7 +81,7 @@ func (n *StaticNetwork) ConnectNodes() error {
 			if alreadyPeered := n.layout[peerIndex][i]; alreadyPeered {
 				continue
 			}
-			uri := fmt.Sprintf("tcp://%s:15600", peer.IP)
+			uri := fmt.Sprintf("tcp://%s:15601", peer.IP)
 			n.layout[i][peerIndex] = true
 			n.layout[peerIndex][i] = true
 			if _, err := node.WebAPI.AddNeighbors(uri); err != nil {
@@ -119,7 +119,7 @@ func (n *StaticNetwork) AwaitPeering(ctx context.Context) error {
 			for layoutNeighbor := range layoutNeighbors {
 				layoutNode := n.Nodes[layoutNeighbor]
 				for _, neighbor := range neighbors {
-					if neighbor.Address == fmt.Sprintf("%s:15600", layoutNode.IP) {
+					if neighbor.Address == fmt.Sprintf("%s:15601", layoutNode.IP) {
 						peered++
 					}
 				}

nfpm/shared_files/hornet-legacy.env

@@ -10,13 +10,13 @@
 
 #USEPROFILE="auto"
 
-#HTTPAPI_BINDADDRESS="0.0.0.0:14265"
+#HTTPAPI_BINDADDRESS="0.0.0.0:14266"
 #HTTPAPI_BASICAUTH_ENABLED=true
 #HTTPAPI_BASICAUTH_USERNAME=""
 #HTTPAPI_BASICAUTH_PASSWORDHASH=""
 #HTTPAPI_BASICAUTH_PASSWORDSALT=""
 
-#DASHBOARD_BINDADDRESS="0.0.0.0:8081"
+#DASHBOARD_BINDADDRESS="0.0.0.0:8082"
 #DASHBOARD_BASICAUTH_ENABLED=true
 #DASHBOARD_BASICAUTH_USERNAME=""
 #DASHBOARD_BASICAUTH_PASSWORDHASH=""
@@ -32,8 +32,8 @@
 #SPENTADDRESSES_ENABLED=false
 
 #NETWORK_PREFERIPV6=true
-#NETWORK_GOSSIP_BINDADDRESS="0.0.0.0:15600"
-#NETWORK_AUTOPEERING_BINDADDRESS="0.0.0.0:14626"
+#NETWORK_GOSSIP_BINDADDRESS="0.0.0.0:15601"
+#NETWORK_AUTOPEERING_BINDADDRESS="0.0.0.0:14627"
 
 #NODE_ALIAS="my hornet node"
 
@@ -51,9 +51,9 @@
 
 #ZMQ_BINDADDRESS="0.0.0.0:5556"
 
-#PROFILING_BINDADDRESS="0.0.0.0:6060"
+#PROFILING_BINDADDRESS="0.0.0.0:6061"
 
-#PROMETHEUS_BINDADDRESS="0.0.0.0:9311"
+#PROMETHEUS_BINDADDRESS="0.0.0.0:9312"
 #PROMETHEUS_GOMETRICS=true
 #PROMETHEUS_PROCESSMETRICS=true
 #PROMETHEUS_PROMHTTPMETRICS=true