Closed lcgogo closed 11 months ago
You can create a key in memory (not persisted) with staking-ephemeral-cert-enabled
, it would create a different cert in each run. Thanks for the feedback, we will look into this further.
It's also strongly dis-advised to use staking-enabled=false
for mainnet.
Similar issue here. This prevent avalanche to run in some kubernetes distribution like openshift which assign a random (non root) user when starting a container:
PS C:\Code> docker run --user 1005:1005 avax
couldn't load node config: couldn't generate staking key/cert: couldn't create path for cert: mkdir /.avalanchego: permission denied
I tried to give you a way to reproduce:
run the "base image" you use in your dockerfile "golang:1.17.1-buster" (https://github.com/ava-labs/avalanchego/blob/beb7ef948871748ccc4e560d156bc8c4610d62c7/scripts/local.Dockerfile#L13) with a random user (i put 1000)
docker run -it --user 1000:1000 golang:1.17.1-buster bash
then you will be in this docker and you can install avalanche (i simply use the last delivery)
mkdir /avax
cd /avax
curl -O -L https://github.com/ava-labs/avalanchego/releases/download/v1.6.5/avalanchego-linux-amd64-v1.6.5.tar.gz
ls -all
tar -xvf avalanchego-linux-amd64-v1.6.5.tar.gz
then start avalanche
./avalanchego-v1.6.5/avalanchego
couldn't load node config: couldn't generate staking key/cert: couldn't create path for cert: mkdir /.avalanchego: permission denied
I would suggest to not rely on "home" but rather the current folder and then everything on relative path or a parameter to specify a "main" folder like --path because it seems lot of options already have a default folder trying to write on /
--chain-config-dir string Chain specific configurations parent directory. Defaults to $HOME/.avalanchego/configs/chains/ (default "/.avalanchego/configs/chains") --db-dir string Path to database directory (default "/.avalanchego/db") --staking-tls-cert-file string Path to the TLS certificate for staking (default "/.avalanchego/staking/staker.crt") --staking-tls-key-file string Path to the TLS private key for staking (default "/.avalanchego/staking/staker.key") --subnet-config-dir string Subnet specific configurations parent directory. Defaults to $HOME/.avalanchego/configs/subnets/ (default "/.avalanchego/configs/subnets")
It would be more easy for users to have an option to fix a "base" path (my 2 cents)
You can create a key in memory (not persisted) with
staking-ephemeral-cert-enabled
, it would create a different cert in each run. Thanks for the feedback, we will look into this further. It's also strongly dis-advised to usestaking-enabled=false
for mainnet.
in memory is a solution but if the docker die you lost the information whereas if you use a file you can mount it as a volume and thus reattach it to another docker (not sure it make sense) to provide a redundancy/fail over solution (not sure if it make sense - do not know enough about the process behind)
Never ever try --staking-enabled option as false on MAINNET. it renders the complete OS useless and any avalanche binary would not work on that system. tried this -> ./avalanchego --http-host=0.0.0.0 --log-dir=./datadir --db-dir=./datadir --staking-enabled false NO OUTPUT/ NO LOGS, the process simply wont do anything..
So killed the process and this time ran with ./avalanchego --http-host=0.0.0.0 --log-dir=./datadir --db-dir=./datadir Again, nothing happens.
Deleted entire directory and the .avalanchego directory in the HOME Dir. Tried restarting nothing happens. Downloaded fresh new binary on the system (DEBIAN) -> NOTHING HAPPENS again, no logs and nothing.
This issue has become stale because it has been open 60 days with no activity. Adding the lifecycle/frozen
label will cause this issue to ignore lifecycle events.
It would be more easy for users to have an option to fix a "base" path
avalanchego supports this now with the --data-dir
flag.
Describe the bug I want to run avalanchego under nobody:nogroup by docker. But the staking key/cert is always created by avalanchego automatically under /home even after add
--staking-enabled false
optionTo Reproduce Steps to reproduce the behavior.
Expected behavior A clear and concise description of what you expected to happen.
Screenshots
Operating System ubuntu 20.04
Additional context I think need an option to define the homeDir instead of $HOME in config/flags.go and the db-dir chain-config-dir
By submitting this issue I agree to the Terms and Conditions of the Developer Accelerator Program.