Infra repo, add op-replica

Author: optimisticben

infra/op-replica/README.md

@@ -0,0 +1,11 @@
+# op-replica infra
+
+Deployment examples and resources for running an Optimism replica.
+
+[./envs](./envs) contains working example environmenatal files to configure a replica for different networks.
+
+[./scripts](./scripts/) contains helper scripts to prepare or verify an environment.
+
+[./docker-compose](./docker-compose/) provides working docker-compose example deployments
+
+[./kustomize](./kustomize/) has kubernetes base overlays and network examples

infra/op-replica/docker-compose/README.md

@@ -0,0 +1,95 @@
+# Running a Network Node
+
+This project lets you set up a local replica of the Optimistic Ethereum chain (either the main one or the Kovan testnet). [New
+transactions are submitted either to the sequencer outside of Ethereum or to the Canonical Transaction Chain on
+L1](https://research.paradigm.xyz/optimism#data-availability-batches). To submit transactions via a replica, set
+`SEQUENCER_CLIENT_HTTP` to a sequencer URL.
+
+## Architecture
+
+You need two components to replicate Optimistic Ethereum:
+
+- `data-transport-layer`, which retrieves and indexes blocks from L1. To access L1 you need an Ethereum Layer 1 provider, such as
+  [Infura](https://infura.io/).
+
+- `l2geth`, which provides an Ethereum node where you applications can connect and run API calls.
+
+## Resource requirements
+
+The `data-transport-layer` should run with 1 CPU and 256Mb of memory.
+
+The `l2geth` process should run with 1 or 2 CPUs and between 4 and 8Gb of memory.
+
+With this configuration a synchronization from block 0 to current height is expect to take about 8 hours.
+
+## Software Packages
+
+These packages are required to run the replica:
+
+1. [Docker](https://www.docker.com/)
+1. [Docker compose](https://docs.docker.com/compose/install/)
+
+## Configuration
+
+To configure the project, clone this repository and copy either `default-kovan.env` or `default-mainnet.env` file to `.env`.
+
+Review the `SHARED_ENV_PATH` configurations, no changes are required, but depending on the use case, you may need copy these examples to a new directory and make your changes.
+
+!! Update DATA_TRANSPORT_LAYER__L1_RPC_ENDPOINT to a valid endpoint !!
+
+### Settings
+
+Change any other settings required for your environment
+
+| Variable                 | Purpose                                                  | Default
+| ------------------------ | -------------------------------------------------------- | -----------
+| COMPOSE_FILE             | The yml files to use with docker-compose                 | replica.yml:replica-shared.yml
+| ETH_NETWORK              | Ethereum Layer1 and Layer2 network (mainnet,kovan)       | kovan (change to `mainnet` for the production network)
+| DATA_TRANSPORT_LAYER__L1_RPC_ENDPOINT | An endpoint for the L1 network, either kovan or mainnet.
+| DATA_TRANSPORT_LAYER__L2_RPC_ENDPOINT | Optimistic endpoint, such as https://kovan.optimism.io or https://mainnet.optimism.io
+| REPLICA_HEALTHCHECK__ETH_NETWORK_RPC_PROVIDER | The L2 endpoint to check the replica against | (typically the same as the DATA_TRANSPORT_LAYER__L2_RPC_ENDPOINT)
+| SEQUENCER_CLIENT_HTTP | The L2 sequencer to forward tx to  | (typically the same as the DATA_TRANSPORT_LAYER__L2_RPC_ENDPOINT)
+| SHARED_ENV_PATH          | Path to a directory containing env files                 | [a directory under ./kustomize/replica/envs](https://github.com/optimisticben/op-replica/tree/main/kustomize/replica/envs)
+| GCMODE                   | Whether to run l2geth as an `archive` or `full` node     | archive
+| L2GETH_IMAGE_TAG         | L2geth version                                           | 0.5.8 (see below)
+| DTL_IMAGE_TAG            | Data transport layer version                             | latest (see below)
+| HC_IMAGE_TAG             | Health check version                                     | latest (see below)
+| L2GETH_HTTP_PORT         | Port number for the l2geth RPC endpoint                  | 9991
+| L2GETH_WS_PORT           | Port number for the l2geth WebSockets endpoint           | 9992
+| DTL_PORT                 | Port number for the DTL endpoint, for troubleshooting    | 7878
+| GETH_INIT_SCRIPT         | The script name to run when initializing l2geth          | A file under kustomize/replica/bases/configmaps/
+
+### Docker Image Versions
+
+We recommend using the latest versions of both docker images. Find them as GitHub tags
+[here](https://github.com/ethereum-optimism/optimism/tags) and as published Docker images linked in the badges:
+
+| Package                                                                                                                         | Docker                                                                                                                                                                                                              |
+| ------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [`@eth-optimism/l2geth`](https://github.com/ethereum-optimism/optimism/tree/master/l2geth)                                      | [![Docker Image Version (latest by date)](https://img.shields.io/docker/v/ethereumoptimism/l2geth)](https://hub.docker.com/r/ethereumoptimism/l2geth/tags?page=1&ordering=last_updated)                             |
+| [`@eth-optimism/data-transport-layer`](https://github.com/ethereum-optimism/optimism/tree/master/packages/data-transport-layer) | [![Docker Image Version (latest by date)](https://img.shields.io/docker/v/ethereumoptimism/data-transport-layer)](https://hub.docker.com/r/ethereumoptimism/data-transport-layer/tags?page=1&ordering=last_updated) |
+| [`@eth-optimism/replica-healthcheck`](https://github.com/ethereum-optimism/optimism/tree/master/packages/replica-healthcheck) | [![Docker Image Version (latest by date)](https://img.shields.io/docker/v/ethereumoptimism/replica-healthcheck)](https://hub.docker.com/r/ethereumoptimism/replica-healthcheck/tags?page=1&ordering=last_updated) |
+
+
+## Usage
+
+
+| Action | Command |
+| - | - |
+| Start the replica (after which you can access it at `http://localhost:L2GETH_HTTP_PORT` | `docker-compose up -d` |
+| Get the logs for `l2geth` | `docker-compose logs -f l2geth-replica` |
+| Get the logs for `data-transport-layer` | `docker-compose logs -f data-transport-layer` |
+| Stop the replica | `docker-compose down` |
+
+
+## Sync Check
+ 
+There is a sync check container. It fails at startup because at that point the replica is not running yet. It exposes metrics on port 3000, which you could pick up with a Prometheus. You can view its status with this command:
+
+```sh
+docker-compose logs -f replica-healthcheck
+```
+
+## Registration
+
+[Register here](https://groups.google.com/a/optimism.io/g/optimism-announce) to get announcements, such as notifications of when you're supposed to update your replica.

infra/op-replica/docker-compose/contrib/traefik-haproxy/README.md

@@ -0,0 +1,38 @@
+# Overview
+
+These files allow you to expose the l2geth RPC/WS ports to the Internet, TLS-encrypted,
+via a traefik reverse proxy and Let's Encrypt Certs.
+
+Instructions for the CloudFlare and AWS options are kept up-to-date at https://eth-docker.net/docs/Usage/ReverseProxy
+
+Please open issues for this contribution in the fork at https://github.com/CryptoManufaktur-io/op-replica
+
+## Usage
+
+The `.env` in the main project directory needs to contain traefik-specific variables. Make a backup copy with
+`cp .env .env.bak`, then bring in the `default.env` from this directory: `cp contrib/traefik-haproxy/default.env .env`.
+Adjust replica variables to match what they were and add either `contrib/traefik-haproxy/traefik-cf.yml` or 
+`contrib/traefik-haproxy/traefik-aws.yml` to `COMPOSE_FILE`.
+
+Then edit traefik-specific variables for CloudFlare or AWS as per above-linked instructions.
+
+Alternatively, if you have traefik running in its own stack, you can add `contrib/traefik-haproxy/ext-network.yml`
+and adjust it for the network traefik runs in.
+
+The haproxy files are examples taken from a docker swarm mode installation. They should work
+with minor modifications in k8s via kompose or Portainer.
+
+`optimism-haproxy.cfg` is the configuration file for haproxy, adjust the host and domain names you'll
+use in there
+
+`haproxy-docker-sample.yml` is an example docker-compose style deployment in docker swarm.
+
+For example, you may have two replicas called `optimism-a.example.com` and `optimism-b.example.com`.
+Both are configured in their `traefik.env` to respond to `optimism-lb.example.com`. Haproxy has
+a local alias `optimism-lb.example.com` and will forward traffic to a and b servers, which know to respond
+to the `optimism-lb` hostname.
+
+`check-ecsync-optimism.sh` is an external check script to take a server out of rotation when it is not
+in sync. It relies on the sequencer-health metrics being available via traefik, and assumes that
+servers have `-a`, `-b`, `-c` etc suffixes. The maximum slot distance and name of the healthcheck host
+without suffix are configured in the script.

infra/op-replica/docker-compose/contrib/traefik-haproxy/check-ecsync-optimism.sh

@@ -0,0 +1,23 @@
+#!/bin/sh
+MAX_LAG=2
+# Assumes that servers are labeled -a, -b, -c etc and contain their domain name, and that corresponding
+# sequencer health hosts exist
+HEALTH_HOST=optimismhealth
+
+__domain=$(echo -n $HAPROXY_SERVER_NAME | cut -d '.' -f2-)
+__host=$(echo -n $HAPROXY_SERVER_NAME | cut -d '.' -f1)
+__dashcount=$(echo -n $__host | grep -o "-" | wc -w)
+__suffix=$(echo -n $__host | cut -d '-' -f$(($__dashcount+1)))
+
+__sequencerheight=$(curl -s -m2 -N -L "$HEALTH_HOST-$__suffix.$__domain/metrics" | grep  ^replica_health_sequencer_height | cut -d' ' -f2)
+__replicaheight=$(curl -s -m2 -N -L "$HEALTH_HOST-$__suffix.$__domain/metrics" | grep ^replica_health_height | cut -d' ' -f2)
+if [ -z "$__sequencerheight" -o -z "$__replicaheight" ]; then
+  exit 1
+fi
+__distance=$(expr $__sequencerheight - $__replicaheight)
+if [ $__distance -le $MAX_LAG ]; then
+  exit 0
+else
+  exit 1
+fi
+

infra/op-replica/docker-compose/contrib/traefik-haproxy/default-kovan.env

@@ -0,0 +1,35 @@
+COMPOSE_FILE=replica.yml:replica-shared.yml:replica-toml.yml
+ETH_NETWORK=kovan
+DATA_TRANSPORT_LAYER__L1_RPC_ENDPOINT=WONT_WORK_UNLESS_YOU_PROVIDE_A_VALID_ETHEREUM_L1_ENDPOINT
+DATA_TRANSPORT_LAYER__L2_RPC_ENDPOINT=https://kovan.optimism.io
+REPLICA_HEALTHCHECK__ETH_NETWORK_RPC_PROVIDER=https://kovan.optimism.io
+SEQUENCER_CLIENT_HTTP=https://kovan.optimism.io
+SHARED_ENV_PATH=../envs/kovan
+GCMODE=archive
+L2GETH_IMAGE_TAG=0.5.12
+DTL_IMAGE_TAG=
+HC_IMAGE_TAG=
+L2GETH_HTTP_PORT=9991
+L2GETH_WS_PORT=9992
+DTL_PORT=7878
+GETH_INIT_SCRIPT=check-for-chaindata-berlin.sh
+
+RESTART=unless-stopped
+
+# Secure web proxy - advanced use, please see instructions at https://eth-docker.net/docs/Usage/ReverseProxy
+DOMAIN=example.com
+ACME_EMAIL=[email protected]
+CF_EMAIL=[email protected]
+CF_API_TOKEN=SECRETTOKEN
+AWS_PROFILE=myprofile
+AWS_HOSTED_ZONE_ID=myzoneid
+L2GETH_HOST=optimism
+L2GETH_LB=optimism-lb
+L2GETH_WS_HOST=optimismws
+L2GETH_WS_LB=optimismws-lb
+L2GETH_HEALTH_HOST=optimismhealth
+DDNS_SUBDOMAIN=
+DDNS_PROXY=false
+
+TRAEFIK_WEB_PORT=443
+TRAEFIK_WEB_HTTP_PORT=80

infra/op-replica/docker-compose/contrib/traefik-haproxy/default-mainnet.env

@@ -0,0 +1,35 @@
+COMPOSE_FILE=replica.yml:replica-shared.yml:replica-toml.yml
+ETH_NETWORK=mainnet
+DATA_TRANSPORT_LAYER__L1_RPC_ENDPOINT=WONT_WORK_UNLESS_YOU_PROVIDE_A_VALID_ETHEREUM_L1_ENDPOINT
+DATA_TRANSPORT_LAYER__L2_RPC_ENDPOINT=https://mainnet.optimism.io
+REPLICA_HEALTHCHECK__ETH_NETWORK_RPC_PROVIDER=https://mainnet.optimism.io
+SEQUENCER_CLIENT_HTTP=https://mainnet.optimism.io
+SHARED_ENV_PATH=../envs/mainnet
+GCMODE=archive
+L2GETH_IMAGE_TAG=0.5.12
+DTL_IMAGE_TAG=
+HC_IMAGE_TAG=
+L2GETH_HTTP_PORT=9991
+L2GETH_WS_PORT=9992
+DTL_PORT=7878
+GETH_INIT_SCRIPT=check-for-chaindata-berlin.sh
+
+RESTART=unless-stopped
+
+# Secure web proxy - advanced use, please see instructions at https://eth-docker.net/docs/Usage/ReverseProxy
+DOMAIN=example.com
+ACME_EMAIL=[email protected]
+CF_EMAIL=[email protected]
+CF_API_TOKEN=SECRETTOKEN
+AWS_PROFILE=myprofile
+AWS_HOSTED_ZONE_ID=myzoneid
+L2GETH_HOST=optimism
+L2GETH_LB=optimism-lb
+L2GETH_WS_HOST=optimismws
+L2GETH_WS_LB=optimismws-lb
+L2GETH_HEALTH_HOST=optimismhealth
+DDNS_SUBDOMAIN=
+DDNS_PROXY=false
+
+TRAEFIK_WEB_PORT=443
+TRAEFIK_WEB_HTTP_PORT=80

infra/op-replica/docker-compose/contrib/traefik-haproxy/ext-network.yml

@@ -0,0 +1,36 @@
+version: "3.4"
+
+networks:
+  default:
+    external:
+      name: traefik_default
+services:
+  l2geth-replica:
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.l2geth.service=l2geth
+      - traefik.http.routers.l2geth.entrypoints=websecure
+      - traefik.http.routers.l2geth.rule=Host(`${L2GETH_HOST}.${DOMAIN}`)
+      - traefik.http.routers.l2geth.tls.certresolver=letsencrypt
+      - traefik.http.routers.l2gethlb.service=l2geth
+      - traefik.http.routers.l2gethlb.entrypoints=websecure
+      - traefik.http.routers.l2gethlb.rule=Host(`${L2GETH_LB}.${DOMAIN}`)
+      - traefik.http.routers.l2gethlb.tls.certresolver=letsencrypt
+      - traefik.http.services.l2geth.loadbalancer.server.port=8545
+      - traefik.http.routers.l2gethws.service=l2gethws
+      - traefik.http.routers.l2gethws.entrypoints=websecure
+      - traefik.http.routers.l2gethws.rule=Host(`${L2GETH_WS_HOST}.${DOMAIN}`)
+      - traefik.http.routers.l2gethws.tls.certresolver=letsencrypt
+      - traefik.http.routers.l2gethwslb.service=l2gethws
+      - traefik.http.routers.l2gethwslb.entrypoints=websecure
+      - traefik.http.routers.l2gethwslb.rule=Host(`${L2GETH_WS_LB}.${DOMAIN}`)
+      - traefik.http.routers.l2gethwslb.tls.certresolver=letsencrypt
+      - traefik.http.services.l2gethws.loadbalancer.server.port=8546
+  replica-healthcheck:
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.l2gethhealth.service=l2gethhealth
+      - traefik.http.routers.l2gethhealth.entrypoints=websecure
+      - traefik.http.routers.l2gethhealth.rule=Host(`${L2GETH_HEALTH_HOST}.${DOMAIN}`)
+      - traefik.http.routers.l2gethhealth.tls.certresolver=letsencrypt
+      - traefik.http.services.l2gethhealth.loadbalancer.server.port=3000

infra/op-replica/docker-compose/contrib/traefik-haproxy/haproxy-docker-sample.yml

@@ -0,0 +1,41 @@
+version: "3.4"
+x-logging: &logging
+  logging:
+    driver: json-file
+    options:
+      max-size: 20m
+      max-file: "3"
+
+services:
+  optimism-haproxy:
+    image: haproxy:latest
+    user: root
+    entrypoint: ["/bin/sh", "-c"]
+    command:
+      - |
+        apt-get update
+        apt-get install --no-install-recommends -y curl jq bc ca-certificates
+        exec haproxy -f /usr/local/etc/haproxy/haproxy.cfg
+    networks:
+      default:
+        aliases:
+          - optimismws-lb.example.com
+          - optimism-lb.example.com
+    configs:
+      - source: optimism-haproxy.cfg
+        target: /usr/local/etc/haproxy/haproxy.cfg
+      - source: check-ecsync-optimism.sh
+        target: /var/lib/haproxy/check-ecsync.sh
+        mode: 0555
+    deploy:
+      mode: replicated
+      replicas: 2
+      placement:
+        constraints: ["node.role == worker"]
+    <<: *logging
+
+configs:
+  optimism-haproxy.cfg:
+    external: true
+  check-ecsync-optimism.sh:
+    external: true