Merge pull request #827 from skalenetwork/beta

2.6.0
skalenetwork · Feb 3, 2025 · b041242 · b041242
2 parents 9e0c550 + 09b31c9
commit b041242
Show file tree

Hide file tree

Showing 32 changed files with 1,294 additions and 495 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -1,4 +1,3 @@
-tests
 helper-scripts
 dist
 build

diff --git a/.flake8 b/.flake8
@@ -1,3 +1,3 @@
 [flake8]
 max-line-length = 100
-exclude = .git,__pycache__,docs/source/conf.py,old,build,dist,venv,helper-scripts
+exclude = .git,__pycache__,docs/source/conf.py,old,build,dist,venv,helper-scripts,.venv
diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -13,7 +13,7 @@ jobs:
   create_release:
     if: github.event.pull_request.merged
     name: Create release
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     outputs:
       upload_url: ${{ steps.create_release.outputs.upload_url }}
       version: ${{ steps.export_outputs.outputs.version }}
@@ -26,6 +26,7 @@ jobs:
 
       - name: Checkout submodules
         run: git submodule update --init
+
       - name: Install ubuntu dependencies
         run: |
           sudo apt-get update
@@ -68,7 +69,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: ubuntu-20.04
+          - os: ubuntu-22.04
             asset_name: skale-${{ needs.create_release.outputs.version }}-Linux-x86_64
     steps:
     - uses: actions/checkout@v2
@@ -78,7 +79,7 @@ jobs:
         python-version: 3.11
 
     - name: Install ubuntu dependencies
-      if: matrix.os == 'ubuntu-20.04'
+      if: matrix.os == 'ubuntu-22.04'
       run: |
         sudo apt-get update
 
@@ -127,7 +128,7 @@ jobs:
     strategy:
       matrix:
         include:
-          - os: ubuntu-20.04
+          - os: ubuntu-22.04
             asset_name: skale-${{ needs.create_release.outputs.version }}-Linux-x86_64-sync
     steps:
     - uses: actions/checkout@v2
@@ -137,7 +138,7 @@ jobs:
         python-version: 3.11
 
     - name: Install ubuntu dependencies
-      if: matrix.os == 'ubuntu-20.04'
+      if: matrix.os == 'ubuntu-22.04'
       run: |
         sudo apt-get update
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -3,7 +3,7 @@ on: [push, pull_request]
 
 jobs:
   test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     strategy:
       matrix:
         python-version: [3.11]
@@ -23,20 +23,18 @@ jobs:
     - name: Install ubuntu dependencies
       run: |
         sudo apt-get update
-        sudo apt-get install python-setuptools iptables
+        sudo apt-get install iptables nftables python3-nftables
 
     - name: Install python dependencies
       run: |
         python -m pip install --upgrade pip
-        pip install -e .
         pip install -e .[dev]
-        pip install --upgrade 'setuptools<45.0.0'
 
     - name: Lint with flake8
       run: |
         flake8 .
 
-    - name: Build binary in Ubuntu 18.04 environment - normal
+    - name: Build binary - normal
       run: |
         mkdir -p ./dist
         docker build . -t node-cli-builder
@@ -46,13 +44,7 @@ jobs:
     - name: Check build - normal
       run: sudo /home/ubuntu/dist/skale-test-Linux-x86_64
 
-    - name: Build binary in Ubuntu 20.04 environment - normal
-      run: |
-        scripts/build.sh test test normal
-
-    - name: Check build - sync
-      run: sudo /home/ubuntu/dist/skale-test-Linux-x86_64
-    - name: Build sync binary in Ubuntu 18.04 environment
+    - name: Build binary - sync
       run: |
         mkdir -p ./dist
         docker build . -t node-cli-builder
@@ -62,12 +54,15 @@ jobs:
     - name: Check build - sync
       run: sudo /home/ubuntu/dist/skale-test-Linux-x86_64-sync
 
-    - name: Build sync binary in Ubuntu 20.04 environment
+    - name: Run prepare test build
       run: |
-        scripts/build.sh test test sync
-
-    - name: Check build - sync
-      run: sudo /home/ubuntu/dist/skale-test-Linux-x86_64-sync
+        scripts/build.sh test test normal
 
     - name: Run tests
-      run: bash ./scripts/run_tests.sh
+      run: |
+        export PYTHONPATH=${PYTHONPATH}:/usr/lib/python3/dist-packages/
+        bash ./scripts/run_tests.sh
+
+    - name: Run nftables tests
+      run: |
+        scripts/run_nftables_test.sh
diff --git a/Dockerfile b/Dockerfile
@@ -1,22 +1,29 @@
-FROM python:3.11-buster
+FROM python:3.11-bookworm
 
 ENV DEBIAN_FRONTEND=noninteractive
-RUN apt-get update && apt-get install -y software-properties-common
-RUN apt-get install -y  \
+RUN apt-get update && apt install -y \
                        git \
                        build-essential \
+                       software-properties-common \
                        zlib1g-dev \
                        libssl-dev \
                        libffi-dev \
                        swig \
-                       iptables
+                       iptables \
+                       nftables \ 
+                       python3-nftables \ 
+                       libxslt-dev \
+                       kmod
+
 
 RUN mkdir /app
 WORKDIR /app
 
 COPY . .
 
 ENV PATH=/app/buildvenv/bin:$PATH
+ENV PYTHONPATH="{PYTHONPATH}:/usr/lib/python3/dist-packages"
+
 RUN python3.11 -m venv /app/buildvenv && \
     pip install --upgrade pip && \
     pip install wheel setuptools==63.2.0 && \

diff --git a/lvmpy b/lvmpy
diff --git a/main.spec b/main.spec
@@ -2,15 +2,12 @@
 
 import importlib.util
 
-libxtwrapper_path = importlib.util.find_spec('libxtwrapper').origin
-
 
 block_cipher = None
 
 a = Analysis(
     ['node_cli/main.py'],
     pathex=['.'],
-    binaries=[(libxtwrapper_path, '.')],
     datas=[
        ("./text.yml", "data"),
        ("./datafiles/skaled-ssl-test", "data/datafiles")

diff --git a/node_cli/cli/__init__.py b/node_cli/cli/__init__.py
@@ -1,4 +1,4 @@
-__version__ = '2.5.0'
+__version__ = '2.6.0'
 
 if __name__ == "__main__":
     print(__version__)
diff --git a/node_cli/cli/node.py b/node_cli/cli/node.py
@@ -19,8 +19,8 @@
 
 import click
 
+from node_cli.core.node import configure_firewall_rules
 from node_cli.core.node import (
-    configure_firewall_rules,
     get_node_signature,
     init,
     restore,
@@ -239,12 +239,13 @@ def check(network):
     run_checks(network)
 
 
-@node.command(help='Reconfigure iptables rules')
+@node.command(help='Reconfigure nftables rules')
+@click.option('--monitoring', is_flag=True)
 @click.option('--yes', is_flag=True, callback=abort_if_false,
               expose_value=False,
               prompt='Are you sure you want to reconfigure firewall rules?')
-def configure_firewall():
-    configure_firewall_rules()
+def configure_firewall(monitoring):
+    configure_firewall_rules(enable_monitoring=monitoring)
 
 
 @node.command(help='Show node version information')

diff --git a/node_cli/configs/__init__.py b/node_cli/configs/__init__.py
@@ -163,3 +163,11 @@ def _get_env():
 TELEGRAF_TEMPLATE_PATH = os.path.join(CONTAINER_CONFIG_PATH, 'telegraf.conf.j2')
 TELEGRAF_CONFIG_PATH = os.path.join(CONTAINER_CONFIG_PATH, 'telegraf.conf')
 NODE_DOCKER_CONFIG_PATH = os.path.join(NODE_DATA_PATH, 'docker.json')
+
+NFTABLES_CHAIN_FOLDER_PATH = '/etc/nft.conf.d/skale/chains'
+NFTABLES_CHAIN_CONFIG_WILDCARD = os.path.join(NFTABLES_CHAIN_FOLDER_PATH, '*')
+NFTABLES_SKALE_BASE_CONFIG_PATH = '/etc/nft.conf.d/skale/base.conf'
+NFTABLES_MAIN_CONFIG_PATH = '/etc/nftables.conf'
+
+UFW_CONFIG_PATH = '/etc/default/ufw'
+UFW_IPV6_BEFORE_INPUT_CHAIN = 'ufw6-before-input'
diff --git a/node_cli/core/checks.py b/node_cli/core/checks.py
@@ -49,6 +49,7 @@
     REPORTS_PATH,
     STATIC_PARAMS_FILEPATH
 )
+from node_cli.core.host import is_ufw_ipv6_chain_exists, is_ufw_ipv6_option_enabled
 from node_cli.core.resources import get_disk_size
 from node_cli.utils.helper import run_cmd, safe_mkdir
 
@@ -321,10 +322,6 @@ def _check_apt_package(self, package_name: str,
         else:
             return self._ok(name=package_name, info=info)
 
-    @preinstall
-    def iptables_persistent(self) -> CheckResult:
-        return self._check_apt_package('iptables-persistent')
-
     @preinstall
     def lvm2(self) -> CheckResult:
         return self._check_apt_package('lvm2')
@@ -341,6 +338,22 @@ def lsof(self) -> CheckResult:
     def psmisc(self) -> CheckResult:
         return self._check_apt_package('psmisc')
 
+    @preinstall
+    def ufw_ipv6_disabled(self) -> CheckResult:
+        name = 'ufw-ipv6'
+        if is_ufw_ipv6_option_enabled():
+            return self._failed(
+                name=name,
+                info='ufw ipv6 configuration should be disabled'
+            )
+        elif is_ufw_ipv6_chain_exists():
+            return self._failed(
+                name=name,
+                info='ufw should be reloaded to switch off ipv6'
+            )
+        else:
+            return self._ok(name=name)
+
     def _version_from_dpkg_output(self, output: str) -> str:
         info_lines = map(lambda s: s.strip(), output.split('\n'))
         v_line = next(filter(
@@ -415,26 +428,26 @@ def docker_api(self) -> CheckResult:
 
     @preinstall
     def docker_compose(self) -> CheckResult:
-        name = 'docker-compose'
-        cmd = shutil.which('docker-compose')
+        name = 'docker'
+        cmd = shutil.which('docker')
         if cmd is None:
-            info = 'No such command: "docker-compose"'
+            info = 'No such command: "docker"'
             return self._failed(name=name, info=info)
 
         v_cmd_result = run_cmd(
-            ['docker-compose', '-v'],
+            ['docker', 'compose', 'version'],
             check_code=False,
             separate_stderr=True
         )
         output = v_cmd_result.stdout.decode('utf-8').rstrip()
         if v_cmd_result.returncode != 0:
-            info = f'Checking docker-compose version failed with: {output}'
+            info = f'Checking docker compose version failed with: {output}'
             return self._failed(name=name, info=output)
 
         actual_version = output.split(',')[0].split()[-1].strip()
         expected_version = self.requirements['docker-compose']
 
-        info = f'Expected docker-compose version {expected_version}, actual {actual_version}'  # noqa
+        info = f'Expected docker compose version {expected_version}, actual {actual_version}'  # noqa
         if version_parse(actual_version) < version_parse(expected_version):
             return self._failed(name=name, info=info)
         else:

diff --git a/node_cli/core/host.py b/node_cli/core/host.py
@@ -34,13 +34,15 @@
     SCHAINS_DATA_PATH, LOG_PATH,
     REMOVED_CONTAINERS_FOLDER_PATH,
     IMA_CONTRACTS_FILEPATH, MANAGER_CONTRACTS_FILEPATH,
-    SKALE_RUN_DIR, SKALE_STATE_DIR, SKALE_TMP_DIR
+    SKALE_RUN_DIR, SKALE_STATE_DIR, SKALE_TMP_DIR,
+    UFW_CONFIG_PATH, UFW_IPV6_BEFORE_INPUT_CHAIN
 )
 from node_cli.configs.resource_allocation import (
     RESOURCE_ALLOCATION_FILEPATH
 )
 from node_cli.configs.cli_logger import LOG_DATA_PATH
 from node_cli.configs.env import SKALE_DIR_ENV_FILEPATH, CONFIGS_ENV_FILEPATH
+from node_cli.core.nftables import NFTablesManager
 from node_cli.utils.helper import safe_mkdir
 from node_cli.utils.print_formatters import print_abi_validation_errors
 
@@ -169,3 +171,18 @@ def validate_abi_files(json_result=False):
             print(json.dumps({'result': 'ok'}))
         else:
             print('All abi files are correct json files!')
+
+
+def is_ufw_ipv6_option_enabled() -> bool:
+    """Check if UFW is enabled and IPv6 is configured."""
+    if os.path.isfile(UFW_CONFIG_PATH):
+        with open(UFW_CONFIG_PATH, 'r') as file:
+            for line in file:
+                if line.startswith('IPV6='):
+                    return line.strip().split('=')[1].strip() == 'yes'
+    return False
+
+
+def is_ufw_ipv6_chain_exists() -> bool:
+    nft_manager = NFTablesManager(family='ip6', table='filter')
+    return nft_manager.chain_exists(chain=UFW_IPV6_BEFORE_INPUT_CHAIN)
-Original file line number
+Diff line change
@@ -1,4 +1,3 @@
-    tests
     helper-scripts
     dist
     build
@@ Expand Down @@
+2 −2		.github/workflows/test.yml
+2 −1		setup.py
+1 −1		src/core.py
+1 −1		tests/cleanup_test.py