Docker antithesis - split into node and driver containers

Author: saratomaz

.github/regression.sh

@@ -75,7 +75,8 @@ elif is_truthy "${CI_BYRON_CLUSTER:-}"; then
   export TESTNET_VARIANT="${CLUSTER_ERA:-conway}_slow"
 fi
 
-export CARDANO_NODE_SOCKET_PATH_CI="$WORKDIR/state-cluster0/bft1.socket"
+CARDANO_NODE_SOCKET_PATH_CI="${CARDANO_NODE_SOCKET_PATH_CI:-$WORKDIR/state-cluster0/bft1.socket}"
+export CARDANO_NODE_SOCKET_PATH_CI
 
 # assume we run tests on testnet when `BOOTSTRAP_DIR` is set
 if [ -n "${BOOTSTRAP_DIR:-}" ]; then

docker/Dockerfile

@@ -67,9 +67,10 @@ RUN nix develop --accept-flake-config .#testenv --command \
 # paths are cached and the regression.sh shebang resolves offline.
 RUN nix develop --accept-flake-config .#base --command true
 
-# Create the Antithesis test driver directory and install the entry-point.
+# Create the Antithesis test driver directory and install the entry-points.
 # singleton_driver_* files are run once per test run by Antithesis.
 RUN mkdir -p /opt/antithesis/test/v1/quickstart && \
     cp /work/docker/antithesis_run.sh \
        /opt/antithesis/test/v1/quickstart/singleton_driver_regression.sh && \
-    chmod +x /opt/antithesis/test/v1/quickstart/singleton_driver_regression.sh
+    chmod +x /opt/antithesis/test/v1/quickstart/singleton_driver_regression.sh && \
+    chmod +x /work/docker/node_run.sh

docker/README.md

@@ -28,7 +28,11 @@ dependencies are baked into the image at build time:
 - `Dockerfile.config` — builds the Antithesis config image (`FROM scratch`)
   containing only `docker-compose.yaml`.
 
-- `docker-compose.yaml` — single `driver` service.
+- `docker-compose.yaml` — two services: `node` (cardano-node cluster) and
+  `driver` (pytest).  Both share a `cluster-state` Docker volume so the
+  driver accesses the node sockets without going over the network.  An HTTP
+  health check on port 8090 provides cross-container traffic that satisfies
+  the Antithesis "Containers joined the Antithesis network" property.
 
 ## Workflow
 

docker/antithesis_run.sh

@@ -1,17 +1,27 @@
 #!/usr/bin/env bash
-# Antithesis entrypoint for cardano-node-tests.
+# Antithesis driver container entrypoint.
 #
 # Runs the full test suite without any network access by:
 #   1. Forcing nix into offline mode (all store paths were pre-built into
 #      the image by docker/Dockerfile).
 #   2. Pointing regression.sh at the pre-built cardano binaries and Python
 #      venv so it skips all download / build steps.
-#   3. Emitting the Antithesis `setup_complete` lifecycle signal before
-#      starting pytest.
+#   3. When NODE_HOST is set (multi-container mode): waiting for the node
+#      container's health check on port 8090 before running tests, and
+#      setting DEV_CLUSTER_RUNNING=1 so pytest uses the pre-running cluster
+#      instead of starting its own.
+#   4. Emitting the Antithesis setup_complete lifecycle signal.
+#   5. Handing off to regression.sh.
+#
+# Multi-container environment variables (set in docker-compose):
+#   NODE_HOST          Hostname of the node container (default: unset).
+#   NODE_PORT          Health check port on the node container (default: 8090).
+#   CLUSTER_STATE_DIR  Mount point of the shared cluster-state volume
+#                      (default: /cluster-state).
 #
 # This file is installed at:
 #   /opt/antithesis/test/v1/quickstart/singleton_driver_regression.sh
-# and is also usable directly as the docker-compose `command`.
+# and is also usable directly as the docker-compose command.
 
 set -Eeuo pipefail
 
@@ -29,20 +39,66 @@ echo "offline = true" >> /etc/nix/nix.conf
 export CARDANO_PREBUILT_DIR=/opt/cardano
 export _VENV_DIR=/opt/tests-venv
 
-# ---------------------------------------------------------------------------
-# 3. Emit the Antithesis setup_complete signal.
-#    Written as JSONL to $ANTITHESIS_OUTPUT_DIR/sdk.jsonl.
-#    Antithesis begins fault injection / test orchestration after receiving
-#    this message.
-# ---------------------------------------------------------------------------
 _output_dir="${ANTITHESIS_OUTPUT_DIR:-/tmp/antithesis}"
 mkdir -p "$_output_dir"
+
+# ---------------------------------------------------------------------------
+# 3. Multi-container mode: wait for the node container and configure the
+#    driver to use the pre-running cluster.
+#
+#    When NODE_HOST is set the driver polls the node's HTTP health endpoint
+#    (port 8090) until it responds "ready".  This HTTP traffic is what makes
+#    both containers visible on the Antithesis network bridge.
+#
+#    DEV_CLUSTER_RUNNING=1 tells pytest to skip cluster startup/shutdown and
+#    use the cluster already started by the node container.
+#    CARDANO_NODE_SOCKET_PATH_CI is pre-set to the shared volume socket path
+#    so regression.sh does not override it with its default workdir path.
+# ---------------------------------------------------------------------------
+if [ -n "${NODE_HOST:-}" ]; then
+    _node_port="${NODE_PORT:-8090}"
+    echo "Waiting for ${NODE_HOST}:${_node_port} to report ready..."
+
+    _ready=0
+    for _i in $(seq 1 120); do
+        _resp="$(python3 -c "
+import urllib.request, sys
+try:
+    r = urllib.request.urlopen('http://${NODE_HOST}:${_node_port}/', timeout=5)
+    sys.stdout.write(r.read().decode())
+except Exception:
+    pass
+" 2>/dev/null || true)"
+        if [ "$_resp" = "ready" ]; then
+            _ready=1
+            break
+        fi
+        echo "  attempt ${_i}/120: node reports '${_resp:-no response}', retrying in 5s..."
+        sleep 5
+    done
+
+    if [ "$_ready" -ne 1 ]; then
+        echo "ERROR: node container did not become ready within 10 minutes" >&2
+        exit 1
+    fi
+    echo "Node is ready."
+
+    CLUSTER_STATE_DIR="${CLUSTER_STATE_DIR:-/cluster-state}"
+    export DEV_CLUSTER_RUNNING=1
+    export CLUSTERS_COUNT="${CLUSTERS_COUNT:-1}"
+    # Pre-set so regression.sh does not overwrite with its default workdir path.
+    export CARDANO_NODE_SOCKET_PATH_CI="${CLUSTER_STATE_DIR}/state-cluster0/bft1.socket"
+fi
+
+# ---------------------------------------------------------------------------
+# 4. Emit the Antithesis setup_complete signal.
+# ---------------------------------------------------------------------------
 printf '{"antithesis_setup": {"status": "complete", "details": {"info": ["cardano-node-tests driver ready, node_rev=%s"]}}}\n' \
     "${BAKED_NODE_REV:-unknown}" >> "$_output_dir/sdk.jsonl"
 unset _output_dir
 
 # ---------------------------------------------------------------------------
-# 4. Hand off to regression.sh.  The shebang in that script will invoke
+# 5. Hand off to regression.sh.  The shebang in that script will invoke
 #    `nix develop .#base` which now resolves entirely from the local nix
 #    store (offline = true).
 #

docker/docker-compose.yaml

@@ -1,7 +1,18 @@
 # Docker Compose for Antithesis test submission.
 #
-# The driver image must be pre-built with all cardano binaries and the Python
-# venv baked in (see docker/Dockerfile).  No internet access is available at
+# Two services share a cluster-state volume:
+#
+#   node   — starts the cardano-node cluster (system under test).
+#            Serves a health check on port 8090 so the driver can detect
+#            when the cluster is ready.  The traffic between driver and node
+#            over the antithesis-net bridge satisfies the Antithesis
+#            "Containers joined the Antithesis network" property.
+#
+#   driver — waits for the node health check, then runs the pytest test
+#            suite against the pre-running cluster via DEV_CLUSTER_RUNNING=1.
+#
+# Both images must be pre-built with all cardano binaries and the Python venv
+# baked in (see docker/Dockerfile).  No internet access is available at
 # runtime inside the Antithesis environment.
 #
 # Push images to the Antithesis registry before submitting:
@@ -17,24 +28,59 @@ networks:
   antithesis-net:
     driver: bridge
 
+volumes:
+  cluster-state:
+
 services:
+  node:
+    image: ghcr.io/saratomaz/cardano-node-tests-antithesis:latest
+    build:
+      context: ..
+      dockerfile: docker/Dockerfile
+    command: ["/work/docker/node_run.sh"]
+    networks:
+      - antithesis-net
+    volumes:
+      - cluster-state:/cluster-state
+    environment:
+      - CLUSTER_STATE_DIR=/cluster-state
+      - TESTNET_VARIANT=${TESTNET_VARIANT:-conway_fast}
+    healthcheck:
+      test:
+        - "CMD"
+        - "python3"
+        - "-c"
+        - "import urllib.request; exit(0 if urllib.request.urlopen('http://localhost:8090/', timeout=5).read() == b'ready' else 1)"
+      interval: 15s
+      timeout: 6s
+      retries: 60
+      start_period: 60s
+
   driver:
     image: ghcr.io/saratomaz/cardano-node-tests-antithesis:latest
     build:
       context: ..
       dockerfile: docker/Dockerfile
-    # antithesis_run.sh sets nix offline, exports pre-built paths, emits
-    # setup_complete, then hands off to regression.sh.
+    # antithesis_run.sh sets nix offline, waits for the node health check,
+    # exports DEV_CLUSTER_RUNNING=1, emits setup_complete, then hands off
+    # to regression.sh.
     command: ["/work/docker/antithesis_run.sh"]
     networks:
       - antithesis-net
+    depends_on:
+      - node
+    volumes:
+      - cluster-state:/cluster-state
     environment:
+      - CLUSTER_STATE_DIR=/cluster-state
+      - NODE_HOST=node
+      - NODE_PORT=8090
       # NODE_REV is baked into the image at build time; do not override here.
       - CARDANO_CLI_REV=${CARDANO_CLI_REV:-}
       - DBSYNC_REV=${DBSYNC_REV:-}
       - RUN_TARGET=${RUN_TARGET:-tests}
       - MARKEXPR=${MARKEXPR:-}
-      - CLUSTERS_COUNT=${CLUSTERS_COUNT:-}
+      - CLUSTERS_COUNT=${CLUSTERS_COUNT:-1}
       - CLUSTER_ERA=${CLUSTER_ERA:-}
       - PROTOCOL_VERSION=${PROTOCOL_VERSION:-}
       - UTXO_BACKEND=${UTXO_BACKEND:-}

docker/node_run.sh

@@ -0,0 +1,106 @@
+#!/usr/bin/env bash
+# Antithesis node container entrypoint.
+#
+# 1. Starts the cardano-node cluster on the shared 'cluster-state' volume so
+#    the driver container can reach the node sockets without going over the
+#    network (Unix socket on a shared Docker volume).
+# 2. Serves a lightweight HTTP health check on port 8090 over the Antithesis
+#    network bridge.  Returns "ready" once the cluster socket exists.
+#    This cross-container HTTP traffic satisfies the Antithesis
+#    "Containers joined the Antithesis network" property.
+#
+# Environment variables:
+#   CLUSTER_STATE_DIR  Mount point of the shared cluster-state volume
+#                      (default: /cluster-state).
+#   TESTNET_VARIANT    Cluster variant passed to prepare_cluster_scripts
+#                      (default: conway_fast).
+
+set -Eeuo pipefail
+
+# ---------------------------------------------------------------------------
+# 1. Force nix offline — all store paths are pre-built into the image.
+# ---------------------------------------------------------------------------
+echo "offline = true" >> /etc/nix/nix.conf
+
+# ---------------------------------------------------------------------------
+# 2. Point at pre-built binaries and Python venv.
+# ---------------------------------------------------------------------------
+export CARDANO_PREBUILT_DIR=/opt/cardano
+export _VENV_DIR=/opt/tests-venv
+_PATH_PREPEND="/opt/cardano/cardano-node/bin:/opt/cardano/cardano-submit-api/bin:/opt/cardano/cardano-cli/bin:/opt/cardano/bech32/bin"
+
+# ---------------------------------------------------------------------------
+# 3. Cluster state lives on the shared volume so the driver can read sockets.
+# ---------------------------------------------------------------------------
+CLUSTER_STATE_DIR="${CLUSTER_STATE_DIR:-/cluster-state}"
+_INSTANCE_NUM=0
+_STATE_CLUSTER="${CLUSTER_STATE_DIR}/state-cluster${_INSTANCE_NUM}"
+_SCRIPTS_DEST="${CLUSTER_STATE_DIR}/startup_scripts"
+
+# Local clusters (conway_fast, etc.) use bft1.socket.
+export CARDANO_NODE_SOCKET_PATH="${_STATE_CLUSTER}/bft1.socket"
+
+_output_dir="${ANTITHESIS_OUTPUT_DIR:-/tmp/antithesis}"
+mkdir -p "$_output_dir" "${CLUSTER_STATE_DIR}"
+
+# ---------------------------------------------------------------------------
+# 4. Health check server on port 8090 (Antithesis network bridge traffic).
+#    Returns HTTP 200 "ready" once the cluster socket file exists,
+#    503 "starting" while the cluster is still coming up.
+# ---------------------------------------------------------------------------
+python3 -c "
+import os, socket as _s
+_sock_path = os.environ.get('CARDANO_NODE_SOCKET_PATH', '')
+server = _s.socket(_s.AF_INET, _s.SOCK_STREAM)
+server.setsockopt(_s.SOL_SOCKET, _s.SO_REUSEADDR, 1)
+server.bind(('0.0.0.0', 8090))
+server.listen(64)
+while True:
+    conn, _ = server.accept()
+    ready = os.path.exists(_sock_path)
+    body = b'ready' if ready else b'starting'
+    status = b'200 OK' if ready else b'503 Service Unavailable'
+    conn.sendall(b'HTTP/1.1 ' + status + b'\r\nContent-Length: ' + str(len(body)).encode() + b'\r\n\r\n' + body)
+    conn.close()
+" &
+_health_pid=$!
+trap 'kill "$_health_pid" 2>/dev/null || true' EXIT
+
+# ---------------------------------------------------------------------------
+# 5. Prepare cluster startup scripts and run the cluster.
+#    We enter the nix testenv shell to ensure jq, postgres, and other cluster
+#    tools are available.  The inner script uses the pre-built venv so no
+#    network access is needed.
+# ---------------------------------------------------------------------------
+_testnet_variant="${TESTNET_VARIANT:-conway_fast}"
+
+set +e
+nix develop --accept-flake-config .#testenv --command bash -c "
+    set -euo pipefail
+    . '${_VENV_DIR}/bin/activate'
+    export PATH='${_PATH_PREPEND}:\${PATH}'
+    export CARDANO_NODE_SOCKET_PATH='${CARDANO_NODE_SOCKET_PATH}'
+
+    # Instantiate cluster scripts for instance ${_INSTANCE_NUM} into the
+    # shared volume.  --clean removes any previous attempt.
+    python -m cardano_node_tests.prepare_cluster_scripts \
+        --dest-dir '${_SCRIPTS_DEST}' \
+        --testnet-variant '${_testnet_variant}' \
+        --instance-num ${_INSTANCE_NUM} \
+        --clean
+
+    # start-cluster must run from the parent of the state-cluster directory.
+    cd '${CLUSTER_STATE_DIR}'
+    '${_SCRIPTS_DEST}/start-cluster'
+
+    printf '{\"antithesis_setup\": {\"status\": \"complete\", \"details\": {\"info\": [\"cardano-node cluster ready, socket=%s\"]}}}\n' \
+        '${CARDANO_NODE_SOCKET_PATH}' >> '${_output_dir}/sdk.jsonl'
+
+    # Keep the cluster alive until the container is stopped.
+    tail -f /dev/null
+"
+_rc=$?
+set -e
+
+echo "node_run.sh exiting with code ${_rc}"
+exit 0