EVM Rollup + DAL Nodes support (#579)

* introduce smart rollups statefulsets

* ensure it starts

* fix rpc endpoint

* add bootstrap param injection

* add an empty boot sector for now

* put bootstrap rollup params that work in values.yaml example

* fix example

* remove leftover signer code

* add rollup ingress

* set path type properly

* make rollup node listen on 0.0.0.0

* use debug container, pass boot sector of evm rollup

* use debug image in chain initiator to inject wasm

* make debug image work

* put hex of kernel in activation

* add debug statements

* fix typo

* fix enumerate

* revert config gen changes as the rollup is not in utils container

* add a function to replace file with its content in hex

* remove sleep

* add evm proxy

* add evm proxy script

* add "run" to evm-proxy cmd

* add evm proxy service

* add ingress for evm proxy

* add comment to chain-initiator

* add persistent data dir for rollup node

* support several evm rollups

* fix path type for nginx

* DAL initial

* add service ports

* new syntax for evm proxy

* fix ports, remove wrong DAL vars

* DAL permissions fix

* DAL: use unsafe SRS in config-init

* dal node new syntax

* add ability for the baker to pick a DAL node

* remove debug container workaround - evm rollup is now in main container

* new EVM rollup model: installer kernel + small files

* remove usafe srs param

* fix xxd command

* fix xxd in activation script as well

* set -e: fail activation when a command fails

* support for bootstrap profile in DAL

* fix newlines in dal script

* switch to --mode dev on evm proxy

* switch to universal smart rollup node (instead of proto-dependent)

* ensure you can add annotations to your evm proxy and evm node

* proper match for annotation

* add option to pass public IP to dal nodes

* add ability to pass attester profiles to DAL node

* dal: add ability to specify peer

* new evm proxy CLI

* actually mondaynet doesn't have evm rollup

* remove --mode dev for evm proxy

* put evm proxy in dev mode again

* replace `--version dev` with `--devmode`

* fix disappearing ingress issue

* DAL update to 50Gi

* DAL comments

* optional hardcoded identity for DAL nodes

* add ability to set storage size of dal nodes in values.yaml

* remove tmp changes

* fix tests

charts/tezos/scripts/baker.sh

@@ -42,6 +42,10 @@ if [ -f /etc/tezos/baker-config/${my_baker_account}_operations_pool ]; then
  extra_args="${extra_args} --operations-pool $(cat /etc/tezos/baker-config/${my_baker_account}_operations_pool)"
 fi
 
+if [ -f /etc/tezos/baker-config/${my_baker_account}_dal_node ]; then
+ extra_args="${extra_args} --dal-node $(cat /etc/tezos/baker-config/${my_baker_account}_dal_node)"
+fi
+
 CLIENT="$TEZ_BIN/octez-client -d $CLIENT_DIR"
 CMD="$TEZ_BIN/octez-baker-$proto_command -d $CLIENT_DIR"
 

charts/tezos/scripts/chain-initiator.sh

@@ -1,17 +1,93 @@
+set -e
 CLIENT="/usr/local/bin/octez-client --endpoint http://tezos-node-rpc:8732"
 
 OUTPUT=""
 until OUTPUT=$($CLIENT rpc get /chains/main/blocks/head/header) && echo "$OUTPUT" | grep '"level":'; do
  sleep 2
 done
 
-set -x
 set -o pipefail
 if ! echo "$OUTPUT" | grep '"level": 0,'; then
  echo "Chain already activated, considering activation successful and exiting"
  exit 0
 fi
 
+# Substitute #fromfile with the hex encoded files in question.
+# This is for bootstrapped smart rollups.
+
+# Note that this is low-level string substitution with `read`
+# Due to the size of the hex-encoded kernel, using `sed` was not possible.
+
+PARAMETERS_FILE='/etc/tezos/parameters.json'
+TMP_PARAMETERS_FILE='/etc/tezos/tmp_parameters.json'
+
+# Pattern to search for
+pattern='fromfile#'
+
+# Buffer for characters
+buffer=''
+
+# Whether 'fromfile#' was detected
+detected_fromfile=false
+
+# Process each character
+while IFS= read -r -n1 char
+do
+ # Add the character to the buffer
+ buffer=$(printf "%s%s" "$buffer" "$char")
+
+ # If the buffer ends with the pattern
+ if [ "${buffer%"$pattern"}" != "$buffer" ]
+ then
+ detected_fromfile=true
+
+ # Clear the buffer
+ buffer=''
+
+ # Read the filename
+ filename=''
+ while IFS= read -r -n1 char && [ "$char" != '"' ]
+ do
+ filename=$(printf "%s%s" "$filename" "$char")
+ done
+
+ echo "Found kernel file: $filename"
+
+ # Check if file exists
+ if [ ! -f "$filename" ]; then
+ echo "Kernel file $filename not found!"
+ exit 1
+ fi
+
+ # Convert the file content to hex and append to the temp file
+ xxd -p -c 0 "$filename" | tr -d '\n' >> $TMP_PARAMETERS_FILE
+
+ # Add a closing double quote
+ printf '"' >> $TMP_PARAMETERS_FILE
+ elif [ ${#buffer} -ge ${#pattern} ]
+ then
+ # Write the oldest character in the buffer to the temporary file
+ printf "%s" "${buffer%"${buffer#?}"}" >> $TMP_PARAMETERS_FILE
+
+ # Remove the oldest character from the buffer
+ buffer=${buffer#?}
+ fi
+done < "$PARAMETERS_FILE"
+
+# If there's anything left in the buffer, write it to the file
+if [ -n "$buffer" ]
+then
+ printf "%s" "$buffer" >> $TMP_PARAMETERS_FILE
+fi
+
+# Replace the original parameters.json file with the modified one only if 'fromfile#' was detected
+if $detected_fromfile; then
+ mv $TMP_PARAMETERS_FILE $PARAMETERS_FILE
+ echo "Updated JSON saved in '$PARAMETERS_FILE'"
+else
+ rm -f $TMP_PARAMETERS_FILE
+ echo "No 'fromfile#' detected in '$PARAMETERS_FILE', no changes made."
+fi
 echo Activating chain:
 $CLIENT -d /var/tezos/client --block \
  genesis activate protocol \

charts/tezos/scripts/dal-node.sh

@@ -0,0 +1,35 @@
+set -ex
+
+TEZ_VAR=/var/tezos
+TEZ_BIN=/usr/local/bin
+DAL_DATA_DIR="$TEZ_VAR/dal"
+
+mkdir -p ${DAL_DATA_DIR}
+
+extra_args=""
+if [ "${BOOTSTRAP_PROFILE}" == "true" ]; then
+ extra_args="--bootstrap-profile"
+fi
+if [ "${ATTESTER_PROFILES}" != "" ]; then
+ extra_args="${extra_args} --attester-profiles ${ATTESTER_PROFILES}"
+fi
+if [ "${PEER}" != "" ]; then
+ extra_args="${extra_args} --peer ${PEER}"
+fi
+if [ "${PUBLIC_ADDR}" != "" ]; then
+ extra_args="${extra_args} --public-addr ${PUBLIC_ADDR}"
+fi
+# populate identity, if provided
+if [ -n "$IDENTITY_JSON" ]; then
+ identity_path=/var/tezos/dal/identity.json
+ printf "Found persistent identity, writing to $identity_path"
+ echo "$IDENTITY_JSON" > $identity_path
+fi
+#
+
+CMD="$TEZ_BIN/octez-dal-node run ${extra_args} --data-dir ${DAL_DATA_DIR} \
+ --endpoint http://tezos-node-rpc:8732 \
+ --net-addr 0.0.0.0:11732 \
+ --rpc-addr 0.0.0.0:10732"
+
+exec $CMD

charts/tezos/scripts/evm-proxy.sh

@@ -0,0 +1,10 @@
+set -ex
+
+TEZ_BIN=/usr/local/bin
+
+CMD="$TEZ_BIN/octez-evm-node run proxy \
+ with endpoint http://rollup-${MY_POD_NAME}:8932 \
+ --devmode \
+ --rpc-addr 0.0.0.0"
+
+exec $CMD

charts/tezos/scripts/smart-rollup-node.sh

@@ -0,0 +1,20 @@
+set -ex
+
+TEZ_VAR=/var/tezos
+TEZ_BIN=/usr/local/bin
+CLIENT_DIR="$TEZ_VAR/client"
+ROLLUP_DATA_DIR="$TEZ_VAR/rollup"
+ROLLUP_DATA_DIR_PREIMAGES="$ROLLUP_DATA_DIR/wasm_2_0_0"
+
+xxd -p -c 0 /usr/local/share/tezos/evm_kernel/evm_installer.wasm | tr -d '\n' > /var/tezos/smart-rollup-boot-sector
+mkdir -p "$ROLLUP_DATA_DIR_PREIMAGES"
+cp /usr/local/share/tezos/evm_kernel/* "$ROLLUP_DATA_DIR_PREIMAGES"
+CMD="$TEZ_BIN/octez-smart-rollup-node \
+ --endpoint http://tezos-node-rpc:8732 \
+ -d $CLIENT_DIR \
+ run operator for ${ROLLUP_ADDRESS} with operators ${OPERATOR_ACCOUNT} \
+ --data-dir ${ROLLUP_DATA_DIR} \
+ --boot-sector-file /var/tezos/smart-rollup-boot-sector \
+ --rpc-addr 0.0.0.0"
+
+exec $CMD

charts/tezos/templates/configs.yaml

@@ -59,6 +59,8 @@ data:
  {{- $_ := set $tacoinfraSigners $signerName (pick $signerConfig "accounts") }}
 {{- end }}
 {{ $tacoinfraSigners | default dict | mustToPrettyJson | indent 4 }}
+ OCTEZ_ROLLUP_NODES: |
+{{ $.Values.smartRollupNodes | default dict | mustToPrettyJson | indent 4 }}
 
 ---
 
@@ -94,6 +96,9 @@ data:
  {{- if $account.operations_pool }}
  {{ $accountName }}_operations_pool: {{ $account.operations_pool | quote }}
  {{- end }}
+ {{- if $account.dal_node }}
+ {{ $accountName }}_dal_node: {{ $account.dal_node | quote }}
+ {{- end }}
 {{- end }}
 kind: ConfigMap
 metadata:

charts/tezos/templates/octez-dal-node.yaml

@@ -0,0 +1,135 @@
+{{- range $k, $v := .Values.dalNodes }}
+
+apiVersion: v1
+kind: Service
+metadata:
+ name: dal-{{ $k }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ type: NodePort
+ ports:
+ - port: 10732
+ name: rpc
+ - port: 11732
+ name: p2p
+ selector:
+ app: dal-{{ $k }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: dal-{{ $k }}
+ namespace: {{ $.Release.Namespace }}
+spec:
+ podManagementPolicy: Parallel
+ replicas: 1
+ serviceName: dal-{{ $k }}
+ selector:
+ matchLabels:
+ app: dal-{{ $k }}
+ template:
+ metadata:
+ labels:
+ app: dal-{{ $k }}
+ spec:
+ containers:
+ - name: octez-dal-node
+ image: "{{ $.Values.images.octez }}"
+ imagePullPolicy: IfNotPresent
+ ports:
+ - containerPort: 10732
+ name: rpc
+ - containerPort: 11732
+ name: p2p
+ command:
+ - /bin/sh
+ volumeMounts:
+ - mountPath: /var/tezos
+ name: var-volume
+ args:
+ - "-c"
+ - |
+{{ tpl ($.Files.Get "scripts/dal-node.sh") $ | indent 12 }}
+{{- if $v | default false }}
+ env:
+{{- if $v.bootstrapProfile | default false }}
+ - name: BOOTSTRAP_PROFILE
+ value: "true"
+{{- end }}
+{{- if $v.attesterProfiles | default false }}
+ - name: ATTESTER_PROFILES
+ value: "{{ $v.attesterProfiles }}"
+{{- end }}
+{{- if $v.peer | default false }}
+ - name: PEER
+ value: "{{ $v.peer }}"
+{{- end }}
+{{- if $v.publicAddr | default false }}
+ - name: PUBLIC_ADDR
+ value: "{{ $v.publicAddr }}"
+{{- end }}
+{{- if $v.identity | default false }}
+ - name: IDENTITY_JSON
+ value: {{ toJson $v.identity | quote }}
+{{- end }}
+{{- end }}
+ securityContext:
+ fsGroup: 1000
+ volumeClaimTemplates:
+ - metadata:
+ name: var-volume
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+{{- if $v.storageSize | default false }}
+ storage: "{{ $v.storageSize }}"
+{{- else }}
+ storage: "50Gi"
+{{- end }}
+---
+{{- if $v | default false }}
+{{- if $v.ingress | default false }}
+{{- if $v.ingress.enabled | default false }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: dal-{{ $k }}
+ namespace: {{ $.Release.Namespace }}
+{{- with $v.ingress.labels }}
+ labels:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+{{- with $v.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ ingressClassName: {{ $v.ingress.className }}
+ {{- if $v.ingress.tls }}
+ tls:
+ {{- range $v.ingress.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ - host: {{ $v.ingress.host }}
+ http:
+ paths:
+ - pathType: Prefix
+ path: /
+ backend:
+ service:
+ name: dal-{{ $k }}
+ port:
+ name: rpc
+---
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}