Provide a local development ("local devnet") configuration as a start.

This (finally?) provides a "local devnet" configuration intended to
replace the need for developers who are working with multiple components
of an Entropy network (in development/testing mode) to handle those
components independently. I.e., instead of invoking the `entropy` and
`server` binaries individually, the entire build and start up routine is
now encapsulated inside a `docker compose build && docker compose up`
invocation. If this works well, this will also become the basis on which
tests in CI can spin up an Entropy network to test against, as well.

There are a number of things to note about this change, most of which
are thoroughly commented inline, but some that deserve special call out:

1. Static comilation with GNU libc is not actually fully static. :(
    We still need to include the `libnss_files` and `libnss_dns` shared
    objects from the container image's `build` stage in order for the
    `entropy` binary to successfully make DNS queries. This wasn't
    necessary before, because those code paths were never called by an
    Entropy network only using IP addresses (or `127.0.0.1`, locally).
    However, the `local-devnet` chain introduced here cannot know IP
    addresses ahead of time, so we need name resolution and thus hit
    this very, very annoying bug.
1. The new `--chain local-devnet` option introduced here is specifically
    for use in combination with the Docker Compose `docker-compose.yaml`
    configuration provided here, as well. It'll fail with another setup.

As an aside, this is my first Rust contribution. Be gentle. <3

Dockerfile

@@ -83,13 +83,33 @@ RUN addgroup --system entropy \
         entropy \
     && chown -R entropy:entropy /srv/entropy
 
+# Despite statically linking our binaries, we will still need these
+# libraries to process the /etc/nsswitch.conf file and perform DNS
+# lookups, as we've built with glibc, but Alpine provides musl libc.
+# This is a notorious issue in GNU glibc, currently without a fix:
+#     https://sourceware.org/bugzilla/show_bug.cgi?id=27959
+COPY --from=build \
+    /lib/x86_64-linux-gnu/libnss_* \
+    /lib/x86_64-linux-gnu/libc.so.6 \
+    /lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 \
+    /lib/x86_64-linux-gnu/libresolv.so.2 \
+    /lib/x86_64-linux-gnu/
+
+# Lastly, we copy our own files into the final container image stage.
 COPY --from=build --chown=entropy:entropy --chmod=554 /usr/local/bin/${PACKAGE} /usr/local/bin/${PACKAGE}
 COPY --chown=entropy:entropy --chmod=554 bin/entrypoint.sh /usr/local/bin/entrypoint.sh
+
+# Don't run as the `root` user within the container.
 USER entropy
 
 ###
-# Describe the available ports to expose.
-##
+# Describe the available ports to expose for `server`.
+###
+# TSS server's REST-style HTTP API port.
+EXPOSE 3001
+###
+# Describe the available ports to expose for `entropy`.
+###
 # Substrate's default Prometheus endpoint.
 EXPOSE 9615
 # Substrate's default RPC port.

docker-compose.yaml

@@ -16,8 +16,8 @@ secrets:
 
 services:
   # Threshold Signature Scheme server
-  # In a local devnet setup, for now, this is "Alice's server."
-  tss-server:
+  # In a local devnet setup, for now, this is "Alice's TSS server."
+  alice-tss-server:
     build:
       args:
         PACKAGE: server
@@ -34,11 +34,11 @@ services:
       - "--threshold-url"
       - "0.0.0.0:3001"
       - "--chain-endpoint"
-      - "ws://chain-node:9944"
+      - "ws://alice-chain-node:9944"
 
   # Sometimes also called simply a "chain," or a "validator."
   # In a local devnet setup, for now, this is "Alice's chain."
-  chain-node:
+  alice-chain-node:
     build:
       ssh:
         - default
@@ -47,32 +47,35 @@ services:
       tags:
         - entropy:chain-node
     depends_on:
-      - tss-server
+      - alice-tss-server
     ports:
-      # Enables other chain nodes speak to the validator.
-      # We comment this out because we're working only within
-      # the Docker network layer, not the host's network stack.
+      # Enables other chain nodes speak to the validator. We comment
+      # this out because we're working only within the Docker network
+      # layer, not the host's network stack. I.e., the port is open
+      # locally, but we do not publish it to the Docker host itself.
       #- "127.0.0.1:30333:30333/tcp" # P2P Port.
-      # Enables network clients to speak to the node's API.
-      - "127.0.0.1:9944:9944/tcp"   # RPC Port.
+      # Enables network clients to speak to the chain node's REST API.
+      - "127.0.0.1:9944:9944/tcp"   # "RPC Port."
     command:
-      - "--alice"
+      - "--chain"
+      - "local-devnet"
+      - "--alice"               # Shortcut for `--name Alice --validator`
       - "--base-path"
       - ".entropy/alice"
       - "--rpc-port"
       - "9944"
       - "--unsafe-rpc-external" # Intentional, for TSS's access.
       - "--rpc-cors"
       - "all"
-      - "--validator" # This is what makes the node a validator.
       - "--node-key=0000000000000000000000000000000000000000000000000000000000000001"
       - "--tss-server-endpoint"
-      - "http://tss-server:3001"
+      - "http://alice-tss-server:3001"
 
-  bob-tss:
+  # "Bob's TSS server."
+  bob-tss-server:
     image: entropy:tss-server
     depends_on:
-      - tss-server
+      - alice-tss-server
     ports:
       - "127.0.0.1:3002:3001/tcp"
     command:
@@ -82,28 +85,25 @@ services:
       - "--chain-endpoint"
       - "ws://bob-chain-node:9944"
 
+  # "Bob's chain node."
   bob-chain-node:
     image: entropy:chain-node
     depends_on:
-      - bob-tss
+      - bob-tss-server
     ports:
-      # Enables other chain nodes speak to the validator.
-      # We comment this out because we're working only within
-      # the Docker network layer, not the host's network stack.
-      #- "127.0.0.1:30333:30333/tcp" # P2P Port.
-      # Enables network clients to speak to the node's API.
-      - "127.0.0.1:9945:9944/tcp"   # RPC Port.
+      - "127.0.0.1:9945:9944/tcp"
     command:
-      - "--bob"
+      - "--chain"
+      - "local-devnet"
+      - "--bob"                 # Shortcut for `--name Bob --validator`
       - "--base-path"
       - ".entropy/bob"
       - "--rpc-port"
       - "9944"
       - "--unsafe-rpc-external" # Intentional, for TSS's access.
       - "--rpc-cors"
       - "all"
-      - "--validator" # This is what makes the node a validator.
       - "--bootnodes"
-      - "/dns4/chain-node/tcp/30333/p2p/12D3KooWEyoppNCUx8Yx66oV9fJnriXwCcXwDDUA2kj6vnc6iDEp"
+      - "/dns4/alice-chain-node/tcp/30333/p2p/12D3KooWEyoppNCUx8Yx66oV9fJnriXwCcXwDDUA2kj6vnc6iDEp"
       - "--tss-server-endpoint"
-      - "http://bob-tss:3001"
+      - "http://bob-tss-server:3001"

node/cli/src/admin.rs

@@ -8,7 +8,8 @@ use sp_consensus_babe::AuthorityId as BabeId;
 use sp_core::{crypto::UncheckedInto, sr25519};
 
 use crate::chain_spec::{
-    authority_keys_from_seed, devnet_genesis, get_account_id_from_seed, testing, testnet_genesis,
+    authority_keys_from_seed, devnet_genesis, get_account_id_from_seed, local_devnet_genesis,
+    testing, testnet_genesis,
 };
 
 pub fn devnet_config_genesis() -> RuntimeGenesisConfig {
@@ -225,7 +226,15 @@ pub fn development_config_genesis() -> RuntimeGenesisConfig {
     )
 }
 
-pub fn testing_config_genesis() -> RuntimeGenesisConfig {
+pub fn local_devnet_config_genesis() -> GenesisConfig {
+    local_devnet_genesis(
+        vec![authority_keys_from_seed("Alice"), authority_keys_from_seed("Bob")],
+        vec![],
+        get_account_id_from_seed::<sr25519::Public>("Alice"),
+    )
+}
+
+pub fn testing_config_genesis() -> GenesisConfig {
     testing(
         vec![authority_keys_from_seed("Alice"), authority_keys_from_seed("Bob")],
         vec![],