From d42f7e4a1c638ae9e22c2c276815c483e525b89a Mon Sep 17 00:00:00 2001
From: Cory Schwartz <cory@protocol.ai>
Date: Fri, 17 Dec 2021 17:06:32 -0800
Subject: [PATCH] packer snap

---
 .circleci/config.yml             | 22 +++++++++
 .gitignore                       |  1 +
 scripts/snap-lotus-entrypoint.sh | 10 ++++
 snap/snapcraft.yaml              | 40 +++++++++++----
 tools/packer/lotus-snap.pkr.hcl  | 84 ++++++++++++++++++++++++++++++++
 tools/packer/lotus.pkr.hcl       | 10 ----
 tools/packer/setup-snap.sh       | 34 +++++++++++++
 7 files changed, 181 insertions(+), 20 deletions(-)
 create mode 100755 scripts/snap-lotus-entrypoint.sh
 create mode 100644 tools/packer/lotus-snap.pkr.hcl
 create mode 100644 tools/packer/setup-snap.sh

diff --git a/.circleci/config.yml b/.circleci/config.yml
index a4a88a090..92ce5bc6b 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -705,6 +705,17 @@ jobs:
       - packer/build:
           template: tools/packer/lotus.pkr.hcl
           args: "-var ci_workspace_bins=./linux-butterflynet -var lotus_network=butterflynet -var git_tag=$CIRCLE_TAG"
+  publish-packer-snap:
+    description: build packer image with snap. mainnet only.
+    executor:
+      name: packer/default
+      packer-version: 1.6.6
+    steps:
+      - checkout
+      - attach_workspace:
+          at: "."
+      - packer/build:
+          template: tools/packer/lotus-snap.pkr.hcl
   publish-dockerhub:
     description: publish to dockerhub
     machine:
@@ -1042,6 +1053,7 @@ workflows:
             tags:
               only:
                 - /^v\d+\.\d+\.\d+(-rc\d+)?$/
+      - publish-packer-snap
 
   nightly:
     triggers:
@@ -1058,3 +1070,13 @@ workflows:
       - publish-dockerhub:
           name: publish-dockerhub-nightly
           tag: nightly
+  monthly:
+    triggers:
+      - schedule:
+          cron: "0 0 1 * *"
+          filters:
+            branches:
+              only:
+                - master
+    jobs:
+      - publish-packer-snap
diff --git a/.gitignore b/.gitignore
index 467f315b8..33fbffa3c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -40,6 +40,7 @@ build/paramfetch.sh
 /bundle
 /darwin
 /linux
+*.snap
 
 *-fuzz.zip
 /chain/types/work_msg/
diff --git a/scripts/snap-lotus-entrypoint.sh b/scripts/snap-lotus-entrypoint.sh
new file mode 100755
index 000000000..a3ab04c5b
--- /dev/null
+++ b/scripts/snap-lotus-entrypoint.sh
@@ -0,0 +1,10 @@
+LOTUS_IMPORT_SNAPSHOT="https://fil-chain-snapshots-fallback.s3.amazonaws.com/mainnet/minimal_finality_stateroots_latest.car"
+LOTUS_BINARY=$(dirname "$0")/lotus
+GATE="$LOTUS_PATH"/date_initialized
+if [ ! -f "$GATE" ]; then
+	echo importing minimal snapshot
+	$LOTUS_BINARY daemon --import-snapshot "$LOTUS_IMPORT_SNAPSHOT" --halt-after-import
+	# Block future inits
+	date > "$GATE"
+fi
+$LOTUS_BINARY daemon $ARGS
diff --git a/snap/snapcraft.yaml b/snap/snapcraft.yaml
index 472621c2a..08854555f 100644
--- a/snap/snapcraft.yaml
+++ b/snap/snapcraft.yaml
@@ -17,7 +17,6 @@ description: |
 
   https://github.com/filecoin-project/lotus
 
-grade: devel
 confinement: strict
 
 parts:
@@ -39,6 +38,15 @@ parts:
     override-build: |
       LDFLAGS="" make lotus lotus-miner lotus-worker
       cp lotus lotus-miner lotus-worker $SNAPCRAFT_PART_INSTALL
+      cp scripts/snap-lotus-entrypoint.sh $SNAPCRAFT_PART_INSTALL
+
+layout:
+  /var/lib/lotus:
+    symlink: $SNAP_COMMON/lotus
+  /var/lib/lotus-miner:
+    symlink: $SNAP_COMMON/lotus-miner
+  /var/lib/lotus-worker:
+    symlink: $SNAP_COMMON/lotus-worker
 
 apps:
   lotus:
@@ -49,9 +57,9 @@ apps:
       - home
     environment:
       FIL_PROOFS_PARAMETER_CACHE: $SNAP_USER_COMMON/filecoin-proof-parameters
-      LOTUS_PATH: $SNAP_USER_COMMON/lotus
-      LOTUS_MINER_PATH: $SNAP_USER_COMMON/lotus-miner
-      LOTUS_WORKER_PATH: $SNAP_USER_COMMON/lotus-worker
+      LOTUS_PATH: $SNAP_COMMON/lotus
+      LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
+      LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
   lotus-miner:
     command: lotus-miner
     plugs:
@@ -60,9 +68,9 @@ apps:
       - opengl
     environment:
       FIL_PROOFS_PARAMETER_CACHE: $SNAP_USER_COMMON/filecoin-proof-parameters
-      LOTUS_PATH: $SNAP_USER_COMMON/lotus
-      LOTUS_MINER_PATH: $SNAP_USER_COMMON/lotus-miner
-      LOTUS_WORKER_PATH: $SNAP_USER_COMMON/lotus-worker
+      LOTUS_PATH: $SNAP_COMMON/lotus
+      LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
+      LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
   lotus-worker:
     command: lotus-worker
     plugs:
@@ -71,6 +79,18 @@ apps:
       - opengl
     environment:
       FIL_PROOFS_PARAMETER_CACHE: $SNAP_USER_COMMON/filecoin-proof-parameters
-      LOTUS_PATH: $SNAP_USER_COMMON/lotus
-      LOTUS_MINER_PATH: $SNAP_USER_COMMON/lotus-miner
-      LOTUS_WORKER_PATH: $SNAP_USER_COMMON/lotus-worker
+      LOTUS_PATH: $SNAP_COMMON/lotus
+      LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
+      LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
+  lotus-daemon:
+    command: snap-lotus-entrypoint.sh
+    daemon: simple
+    install-mode: enable
+    plugs:
+      - network
+      - network-bind
+    environment:
+      FIL_PROOFS_PARAMETER_CACHE: $SNAP_COMMON/filecoin-proof-parameters
+      LOTUS_PATH: $SNAP_COMMON/lotus
+      LOTUS_MINER_PATH: $SNAP_COMMON/lotus-miner
+      LOTUS_WORKER_PATH: $SNAP_COMMON/lotus-worker
diff --git a/tools/packer/lotus-snap.pkr.hcl b/tools/packer/lotus-snap.pkr.hcl
new file mode 100644
index 000000000..ef0f52f8c
--- /dev/null
+++ b/tools/packer/lotus-snap.pkr.hcl
@@ -0,0 +1,84 @@
+variable "ci_workspace_bins" {
+  type = string
+  default = "./linux"
+}
+
+variable "lotus_network" {
+  type = string
+  default = "mainnet"
+}
+
+locals {
+  timestamp = regex_replace(timestamp(), "[- TZ:]", "")
+} 
+
+source "amazon-ebs" "lotus" {
+  ami_name      = "lotus-${var.lotus_network}-snap-${local.timestamp}"
+  ami_regions = [
+    "ap-east-1",
+    "ap-northeast-1",
+    "ap-northeast-2",
+    "ap-northeast-3",
+    "ap-south-1",
+    "ap-southeast-1",
+    "ap-southeast-2",
+    "ca-central-1",
+    "eu-central-1",
+    "eu-north-1",
+    "eu-west-1",
+    "eu-west-2",
+    "eu-west-3",
+    "sa-east-1",
+    "us-east-1",
+    "us-east-2",
+    "us-west-1",
+    "us-west-2",
+  ]
+  ami_groups = [
+    # This causes the ami to be publicly-accessable.
+    "all",
+  ]
+  ami_description = "Lotus Filecoin AMI"
+  launch_block_device_mappings {
+    device_name = "/dev/sda1"
+    volume_size = 100
+    delete_on_termination = true
+  }
+
+  instance_type = "t2.micro"
+  source_ami_filter {
+    filters = {
+      name = "ubuntu/images/*ubuntu-focal-20.04-amd64-server-*"
+      root-device-type = "ebs"
+      virtualization-type = "hvm"
+    }
+    most_recent = true
+    owners = ["099720109477"]
+  }
+  ssh_username = "ubuntu"
+}
+
+source "digitalocean" "lotus" {
+  droplet_name = "lotus-snap"
+  size = "s-1vcpu-1gb"
+  region = "nyc3"
+  image = "ubuntu-20-04-x64"
+  snapshot_name = "lotus-${var.lotus_network}-snap-${local.timestamp}"
+  ssh_username = "root"
+}
+
+build {
+  sources = [
+    "source.amazon-ebs.lotus",
+    "source.digitalocean.lotus",
+  ]
+
+  provisioner "file" {
+    source = "./tools/packer/etc/motd"
+    destination = "motd"
+  }
+  # build it.
+  provisioner "shell" {
+    script = "./tools/packer/setup-snap.sh"
+  }
+}
diff --git a/tools/packer/lotus.pkr.hcl b/tools/packer/lotus.pkr.hcl
index 8ef41613b..cfaca8398 100644
--- a/tools/packer/lotus.pkr.hcl
+++ b/tools/packer/lotus.pkr.hcl
@@ -63,19 +63,9 @@ source "amazon-ebs" "lotus" {
   ssh_username = "ubuntu"
 }
 
-source "digitalocean" "lotus" {
-  droplet_name = "lotus-${var.lotus_network}"
-  size = "s-1vcpu-1gb"
-  region = "nyc3"
-  image = "ubuntu-20-04-x64"
-  snapshot_name = "lotus-${var.lotus_network}-${var.git_tag}-${local.timestamp}"
-  ssh_username = "root"
-}
-
 build {
   sources = [
     "source.amazon-ebs.lotus",
-    "source.digitalocean.lotus",
   ]
 
   # Lotus software (from CI workspace)
diff --git a/tools/packer/setup-snap.sh b/tools/packer/setup-snap.sh
new file mode 100644
index 000000000..7b543bc36
--- /dev/null
+++ b/tools/packer/setup-snap.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+# This script is executed by packer to setup the image.
+# When this script is run, packer will have already copied binaries into the home directory of
+# whichever user it has access too. This script is executed from within the home directory of that
+# user. Bear in mind that different cloud providers, and different images on the same cloud
+# provider will have a different initial user account.
+
+set -x
+
+# Become root, if we aren't already.
+# Docker images will already be root. AMIs will have an SSH user account.
+UID=$(id -u)
+if [ x$UID != x0 ]
+then
+	printf -v cmd_str '%q ' "$0" "$@"
+	exec sudo su -c "$cmd_str"
+fi
+
+MANAGED_FILES=(
+	/etc/motd
+)
+
+snap install filecoin-lotus
+
+snap alias lotus-filecoin.lotus lotus
+snap alias lotus-filecoin.lotus-miner lotus-miner
+snap alias lotus-filecoin.lotus-miner lotus-worker
+
+# Setup firewall
+yes | ufw enable
+ufw default deny incoming
+ufw default allow outgoing
+ufw allow ssh