0

I am working on dockerfile for ethereum chain deployment. I finished dockerfile with hardcoded parameters, but when I reference this parameters as environment variables some unclear issues have been rose.

Here is a Dockerfile:

FROM ethereum/client-go:v1.10.1

COPY ./chain/accounts/swap.ethash.genesis.json /tmp

COPY ./chain/accounts/boot.key /tmp

RUN mkdir -p /tmp/keystore

COPY ./chain/accounts/keystore/${NODE_ACCOUNT_PWD_FILENAME} /tmp/keystore

RUN geth --datadir /tmp init /tmp/swap.ethash.genesis.json \
    && rm -f ~/.ethereum/geth/nodekey 

COPY ./test-pwd.sh /tmp 
RUN chmod +x ./tmp/test-pwd.sh && ./tmp/test-pwd.sh

RUN geth --unlock 0x367103555b34Eb9a46D92833e7293D540bFd7143 --password /tmp/pwd.txt --keystore /tmp/keystore

ENTRYPOINT ["geth"]

I would like to avoid hardcoded parameters and put them into .env file which is referenced under the docker compose:

version: '3.8'

services:
  geth-bootnode:
    hostname: geth-bootnode
    env_file:
      - .env
    image: geth-client
    build:
      context: .
      args:
        - ACCOUNT_PASSWORD=${ACCOUNT_PASSWORD}
        - NODE_ACCOUNT_PWD_FILENAME=${NODE_1_ACCOUNT_PWD_FILENAME}
        - NODE_ACCOUNT_PWD=${NODE_1_ACCOUNT_PWD}
        - NODE_ACCOUNT=${NODE_1_ACCOUNT}
    command:
      --nodekeyhex="c26d705bd5933bc2be72813f1b74f140aa6b3726d2a71a43b163a5c084e9dcb4"
      --nodiscover
      --ipcdisable
      --networkid=${NETWORK_ID}
      --netrestrict="172.16.254.0/28"
    networks:
      priv-eth-net:
networks:
  priv-eth-net:
    driver: bridge
    ipam:
      config:
      - subnet: 172.16.254.0/28

Reference this env var, e.g. geth --unlock ${NODE_ACCOUNT}, gives an error of missed parameter:

> [9/9] RUN geth --unlock ${NODE_ACCOUNT} --password /tmp/pwd.txt --keystore /tmp/keystore:
#0 0.397 invalid command: "/tmp/pwd.txt"

Some users mentioned it should be converted into ENV variable to be available under Runtime, but it gives similar error.

Similar issue happened with ENV var for a password and this is a reason why preparation of pwd.txt was wrapped into a shell script. .env file parameters names and actual values are double checked.

In my perspective, reference variables like ${NODE_ACCOUNT} and ${NODE_PWD} should be enough; if the runtime visibility scope is an issue, then ENV node_acc=${NODE_ACCOUNT} and ENV node_pwd=${NODE_PWD} should work. However, neither any of this options doesn't give me successful account unlock and terminate container with an error. Do I miss something here?

Improve this question
7
  • 2
    You are setting build arguments in your docker-compose.yaml, but you have not declared any build arguments (using ARG) in your Dockerfile. Commented May 11, 2023 at 18:16
  • docker-compose build environment variable discusses ENV vs. ARG a little more. However, if you build the image with a specific NODE_1_ACCOUNT_FILENAME value, that specific file will be "baked in" to the image; the image isn't normally rebuilt if you rerun the container with different options. A bind mount for the file in /tmp/keystore might be a better approach. Commented May 12, 2023 at 1:14
  • @larsks, thank you. I missed the point then ENV vars from docker should be mirroring in a Dockerfile. ARG as entrypoint variable for ENV variables. Commented May 12, 2023 at 3:29
  • @DavidMaze, in my perspective if I define ARG NODE_ACCOUNT and pass different environment variables from each service in docker-compose.yaml, then image will pick up the actual value behind ARG. Do you want to say it doesn't work this way? Commented May 12, 2023 at 3:33
  • 1
    In the same way you don't recompile Docker every time you run it on a different container, you shouldn't have to rebuild your image either. Rebuilding the image every time will work, but it'll be slow and hard to use in some environments. Commented May 12, 2023 at 13:23

1 Answer 1

Reset to default
0

The final solution would look like this:

FROM ethereum/client-go:v1.10.1

ARG NODE_ACCOUNT
ARG NODE_ACCOUNT_PWD

COPY ./chain/accounts/swap.ethash.genesis.json /tmp

COPY ./chain/accounts/boot.key /tmp

RUN mkdir -p /tmp/keystore

COPY ./chain/accounts/keystore/${NODE_ACCOUNT_PWD_FILENAME} /tmp/keystore

RUN geth --datadir /tmp init /tmp/swap.ethash.genesis.json \
    && rm -f ~/.ethereum/geth/nodekey 

RUN echo ${NODE_ACCOUNT_PWD} >> /tmp/pwd.txt

COPY ./chain/accounts/entrypoint.sh /tmp

RUN chmod +x ./tmp/entrypoint.sh

ENV NODE_ACCOUNT=${NODE_ACCOUNT}

# This way entrypoint usage would ignore OS signals sent the container. That might cause some issues
# Is it root cause of issue to unable 'geth attach <ip address>'?
ENTRYPOINT ./tmp/entrypoint.sh ${NODE_ACCOUNT}

ENV vars from docker-compose.yaml should be mirrored in a Dockerfile. ARG serves as an entrypoint variable for ENV variables. Thank you, @larsks, for point out on this!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.