move certs from cln nodes to simln

Author: macgyver13

resources/charts/bitcoincore/charts/cln/templates/configmap.yaml

@@ -11,35 +11,13 @@ data:
     {{- .Values.config | nindent 4 }}
     network={{ .Values.global.chain }}
     bind-addr=0.0.0.0:{{ .Values.P2PPort }}
-    clnrest-port={{ .Values.RestPort }}
     bitcoin-rpcconnect={{ include "bitcoincore.fullname" . }}
     bitcoin-rpcport={{ index .Values.global .Values.global.chain "RPCPort" }}
     bitcoin-rpcpassword={{ .Values.global.rpcpassword }}
     alias={{ include "cln.fullname" . }}
-    announce-addr=dns:{{ include "cln.fullname" . }}:9735
+    announce-addr=dns:{{ include "cln.fullname" . }}:{{ .Values.P2PPort }}
     database-upgrade=true
     bitcoin-retry-timeout=600
-    clnrest-certs=/root/.lightning
-  tls.cert: |
-    -----BEGIN CERTIFICATE-----
-    MIIB8TCCAZagAwIBAgIUJDsR6mmY+TaO9pCfjtotlbOkzJMwCgYIKoZIzj0EAwIw
-    MjEfMB0GA1UECgwWbG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEPMA0GA1UEAwwGd2Fy
-    bmV0MB4XDTI0MTExMTE2NTM1MFoXDTM0MTEwOTE2NTM1MFowMjEfMB0GA1UECgwW
-    bG5kIGF1dG9nZW5lcmF0ZWQgY2VydDEPMA0GA1UEAwwGd2FybmV0MFkwEwYHKoZI
-    zj0CAQYIKoZIzj0DAQcDQgAEBVltIvaTlAQI/3FFatTqVflZuZdRJ0SmRMSJrFLP
-    tp0fxE7hmteSt6gjQriy90fP8j9OJXBNAjt915kLY4zVvqOBiTCBhjAOBgNVHQ8B
-    Af8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAd
-    BgNVHQ4EFgQU5d8QMrwhLgTkDjWA+eXZGz+dybUwLwYDVR0RBCgwJoIJbG9jYWxo
-    b3N0ggEqhwR/AAABhxAAAAAAAAAAAAAAAAAAAAABMAoGCCqGSM49BAMCA0kAMEYC
-    IQDPofN0fEl5gTwCYhk3nZbjMqJhZ8BsSJ6K8XRhxr7zbwIhAPsgQCFOqUWg632O
-    NEO53OQ6CIqnpxSskjsFNH4ZBQOE
-    -----END CERTIFICATE-----
-  tls.key: |
-    -----BEGIN EC PRIVATE KEY-----
-    MHcCAQEEIIcFtWTLQv5JaRRxdkPKkO98OrvgeztbZ7h8Ev/4UbE4oAoGCCqGSM49
-    AwEHoUQDQgAEBVltIvaTlAQI/3FFatTqVflZuZdRJ0SmRMSJrFLPtp0fxE7hmteS
-    t6gjQriy90fP8j9OJXBNAjt915kLY4zVvg==
-    -----END EC PRIVATE KEY-----
 ---
 apiVersion: v1
 kind: ConfigMap

resources/charts/bitcoincore/charts/cln/templates/pod.yaml

@@ -31,18 +31,10 @@ spec:
         - name: p2p
           containerPort: {{ .Values.P2PPort }}
           protocol: TCP
-        - name: rest
-          containerPort: {{ .Values.RestPort }}
-          protocol: TCP
       command:
         - /bin/sh
         - -c
-        - | 
-          lightningd --conf=/root/.lightning/config --recover=35b8182d6db5cec40d9bead20607b7c9b91ed89997a290bc0e0f07e5922e4714 &
-          pid=$!;
-          sleep 10;
-          kill $pid;
-          sleep 1;
+        - |
           lightningd --conf=/root/.lightning/config
       livenessProbe:
         {{- toYaml .Values.livenessProbe | nindent 8 }}
@@ -59,12 +51,6 @@ spec:
         - mountPath: /root/.lightning/config
           name: config
           subPath: config
-        - mountPath: /root/.lightning/cert
-          name: config
-          subPath: tls.cert
-        - mountPath: /root/.lightning/key
-          name: config
-          subPath: tls.key
     {{- with .Values.extraContainers }}
     {{- toYaml . | nindent 4 }}
     {{- end }}

resources/charts/bitcoincore/charts/cln/templates/service.yaml

@@ -12,9 +12,5 @@ spec:
       targetPort: p2p
       protocol: TCP
       name: p2p
-    - port: {{ .Values.RestPort }}
-      targetPort: rest
-      protocol: TCP
-      name: rest
   selector:
     {{- include "cln.selectorLabels" . | nindent 4 }}

resources/charts/bitcoincore/charts/cln/values.yaml

@@ -102,10 +102,9 @@ affinity: {}
 
 baseConfig: |
   log-level=debug
-  developer
-  dev-fast-gossip
+  # developer
+  # dev-fast-gossip
   bitcoin-rpcuser=user
-  clnrest-host=0.0.0.0
   # bitcoind.rpcpass are set in configmap.yaml
 
 config: ""

resources/charts/commander/templates/rbac.yaml

@@ -15,8 +15,8 @@ metadata:
     app.kubernetes.io/name: {{ .Chart.Name }}
 rules:
   - apiGroups: [""]
-    resources: ["pods", "configmaps"]
-    verbs: ["get", "list", "watch"]
+    resources: ["pods", "configmaps", "pods/exec"]
+    verbs: ["get", "list", "watch", "exec"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

resources/plugins/simln/plugin.py

@@ -17,6 +17,7 @@
     get_static_client,
     wait_for_init,
     write_file_to_container,
+    read_file_from_container,
 )
 from warnet.process import run_command
 
@@ -145,6 +146,8 @@ def _launch_activity(activity: Optional[list[dict]], plugin_dir: str) -> str:
     activity_json = _generate_activity_json(activity)
     wait_for_init(name, namespace=get_default_namespace(), quiet=True)
 
+    #write cert files to container
+    transfer_cln_certs(name)
     if write_file_to_container(
         name,
         "init",
@@ -162,13 +165,18 @@ def _generate_activity_json(activity: Optional[list[dict]]) -> str:
     nodes = []
 
     for i in get_mission(LIGHTNING_MISSION):
-        name = i.metadata.name
-        node = {
-            "id": name,
-            "address": f"https://{name}:10009",
-            "macaroon": "/working/admin.macaroon",
-            "cert": "/working/tls.cert",
-        }
+        ln_name = i.metadata.name
+        port = 10009
+        node = {"id": ln_name}
+        if "cln" in ln_name:
+            port = 9735
+            node["ca_cert"] = f"/working/{ln_name}-ca.pem"
+            node["client_cert"] = f"/working/{ln_name}-client.pem"
+            node["client_key"] = f"/working/{ln_name}-client-key.pem"
+        else:
+            node["macaroon"] = "/working/admin.macaroon"
+            node["cert"] = "/working/tls.cert"
+        node["address"] = f"{ln_name}:{port}"
         nodes.append(node)
 
     if activity:
@@ -178,6 +186,30 @@ def _generate_activity_json(activity: Optional[list[dict]]) -> str:
 
     return json.dumps(data, indent=2)
 
+def transfer_cln_certs(name):
+    dst_container = "init"
+    cln_root = "/root/.lightning/regtest"
+    for i in get_mission(LIGHTNING_MISSION):
+        ln_name = i.metadata.name
+        if "cln" in ln_name:
+            copyfile(ln_name, "cln", f"{cln_root}/ca.pem", name, dst_container, f"/working/{ln_name}-ca.pem")
+            copyfile(ln_name, "cln", f"{cln_root}/client.pem", name, dst_container, f"/working/{ln_name}-client.pem")
+            copyfile(ln_name, "cln", f"{cln_root}/client-key.pem", name, dst_container, f"/working/{ln_name}-client-key.pem")
+
+
+def copyfile(pod_name, src_container, source_path, dst_name, dst_container, dst_path):
+    namespace=get_default_namespace()
+    file_data = read_file_from_container(pod_name, source_path, src_container, namespace)
+    if not write_file_to_container(
+        dst_name, 
+        dst_container, 
+        dst_path, 
+        file_data,
+        namespace=namespace,
+        quiet=True,
+    ):
+        print(f"Failed to copy {source_path} from {pod_name} to {dst_name}:{dst_path}")
+
 
 def _sh(pod, method: str, params: tuple[str, ...]) -> str:
     namespace = get_default_namespace()