feat(erigon): add lz4 snapshot support (#489)

devin-ai-integration[bot] · ana@graphops.xyz · web-flow · commit c23da0a02f85 · 2025-03-01T11:31:34.000Z
---------

Co-authored-by: Devin AI &lt;158243242+devin-ai-integration[bot]@users.noreply.github.com&gt;
Co-authored-by: ana@graphops.xyz &lt;ana@graphops.xyz&gt;
diff --git a/.helmdocsignore b/.helmdocsignore
@@ -1,2 +1,2 @@
-charts/**/tests/**
-charts/**/_unittests/**
+charts/*/tests/*
+charts/*/_unittests/*
diff --git a/charts/erigon/README.md b/charts/erigon/README.md
@@ -147,7 +147,7 @@ We do not recommend that you upgrade the application by overriding `image.tag`.
  | rpcdaemon.extraLabels | Extra labels to attach to the Pod for matching against | object | `{}` |
  | rpcdaemon.nodeSelector |  | object | `{}` |
  | rpcdaemon.podAnnotations | Annotations for the `Pod` | object | `{}` |
- | rpcdaemon.podSecurityContext | Pod-wide security context | object | `{"fsGroup":101337,"runAsGroup":101337,"runAsNonRoot":true,"runAsUser":101337}` |
+ | rpcdaemon.podSecurityContext | Pod-wide security context | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` |
  | rpcdaemon.replicaCount | Number of replicas to run | int | `2` |
  | rpcdaemon.resources.limits |  | object | `{}` |
  | rpcdaemon.resources.requests | Requests must be specified if you are using autoscaling | object | `{"cpu":"500m","memory":"4Gi"}` |
@@ -160,6 +160,7 @@ We do not recommend that you upgrade the application by overriding `image.tag`.
  | serviceAccount.name | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | string | `""` |
  | statefulNode.affinity |  | object | `{}` |
  | statefulNode.affinityPresets.antiAffinityByHostname | Configure anti-affinity rules to prevent multiple Erigon instances on the same host | bool | `true` |
+ | statefulNode.datadir | The path to the Erigon data directory | string | `"/storage"` |
  | statefulNode.extraArgs | Additional CLI arguments to pass to `erigon` | list | `[]` |
  | statefulNode.extraContainers | Additional containers to inject to this graph node group - an array of Container objects | list | `[]` |
  | statefulNode.extraInitContainers | Additional init containers to inject to this graph node group - an array of Container objects | list | `[]` |
@@ -177,7 +178,7 @@ We do not recommend that you upgrade the application by overriding `image.tag`.
  | statefulNode.p2pNodePort.initContainer.image.tag | Container tag | string | `"v1.25.4"` |
  | statefulNode.p2pNodePort.port | NodePort to be used. Must be unique. | int | `31000` |
  | statefulNode.podAnnotations | Annotations for the `Pod` | object | `{}` |
- | statefulNode.podSecurityContext | Pod-wide security context | object | `{"fsGroup":101337,"runAsGroup":101337,"runAsNonRoot":true,"runAsUser":101337}` |
+ | statefulNode.podSecurityContext | Pod-wide security context | object | `{"fsGroup":1000,"runAsGroup":1000,"runAsNonRoot":true,"runAsUser":1000}` |
  | statefulNode.readinessProbe | Sets a readinessProbe configuration for the container | object | `{}` |
  | statefulNode.resources |  | object | `{}` |
  | statefulNode.restoreSnapshot.enabled | Enable initialising Erigon state from a remote snapshot | bool | `false` |
diff --git a/charts/erigon/templates/stateful-node/statefulset.yaml b/charts/erigon/templates/stateful-node/statefulset.yaml
@@ -73,46 +73,80 @@ spec:
           emptyDir: {}
       {{- end }}
       initContainers:
+        - name: set-permissions
+          image: docker.io/busybox:1.37.0
+          imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsNonRoot: false
+            runAsUser: 0
+          command:
+            - sh
+            - -ac
+            - |
+              set -ex;
+              if [ ! -f /storage/permissions_set ]; then
+                chown -R 1000:1000 /storage;
+                chmod -R 750 /storage;
+                touch /storage/permissions_set
+              else
+                echo "Permissions already set, skipping"
+              fi
+          volumeMounts:
+            - name: storage
+              mountPath: "/storage"
       {{- if $values.restoreSnapshot.enabled }}
         - name: init-snapshot
-          image: busybox:stable
+          image: ghcr.io/graphops/docker-builds/init-stream-download:main
           imagePullPolicy: IfNotPresent
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 1000
           command:
             - sh
             - -c
             - |
-              set -x
+              set -ex
               STORAGE_PATH="/storage"
-              if [ "${SNAPSHOT_RESTORE_PATH}" == "" ]; then
-                SNAPSHOT_RESTORE_PATH="$STORAGE_PATH/chaindata"
-              else
-                SNAPSHOT_RESTORE_PATH="${SNAPSHOT_RESTORE_PATH}"
-              fi
+              CHAINDATA_PATH="$STORAGE_PATH/chaindata"
               # If enabled and snapshot URL has been provided, restore snapshot
               if [ "${RESTORE_SNAPSHOT}" = "true" ] && [ "${SNAPSHOT_URL}" != "" ]; then
                 echo "Snapshot restoration enabled"
                 if [ ! -f "$STORAGE_PATH/from_snapshot" ] || [ "$(cat $STORAGE_PATH/from_snapshot)" != "${SNAPSHOT_URL}" ]; then
                   echo "Clearing existing chaindata..."
-                  rm -rf "$SNAPSHOT_RESTORE_PATH"
+                  # Only remove chaindata directory, preserving from_snapshot file
+                  rm -rf "$CHAINDATA_PATH"
                   echo "Downloading and extracting $SNAPSHOT_URL..."
-                  mkdir -p "$SNAPSHOT_RESTORE_PATH"
-                  wget -c "${SNAPSHOT_URL}" -O - | tar -xz -C "$SNAPSHOT_RESTORE_PATH"
-                  [ "$?" != "0" ] && echo "Streaming download failed" && exit 1
+                  mkdir -p "$CHAINDATA_PATH"
+                  
+                  # Check if the snapshot is lz4 compressed
+                  if [[ "${SNAPSHOT_URL}" == *.tar.lz4 ]]; then
+                    cd "$STORAGE_PATH"
+                    wget -c "${SNAPSHOT_URL}" -O snapshot.tar.lz4 || { echo "Download failed. Exiting."; exit 1; }
+                    lz4 -d snapshot.tar.lz4 snapshot.tar || { echo "Decompression failed. Exiting."; exit 1; }
+                    tar -xvf snapshot.tar -C "$CHAINDATA_PATH" || { echo "Extraction failed. Exiting."; exit 1; }
+                    rm snapshot.tar snapshot.tar.lz4
+                  else
+                    # Original tar extraction logic
+                    wget -c "${SNAPSHOT_URL}" -O - | tar -xz -C "$CHAINDATA_PATH"
+                    [ "$?" != "0" ] && echo "Streaming download failed" && exit 1
+                  fi
+                  
                   echo "${SNAPSHOT_URL}" > ${STORAGE_PATH}/from_snapshot
                 else
                   echo "Snapshot configuration already restored, continuing..."
                 fi
               else
                 echo "Snapshot restoration not enabled, skipping..."
               fi
+              # Ensure directories are writable
+              chmod -R 777 "$STORAGE_PATH" "$CHAINDATA_PATH"
           volumeMounts:
             - name: storage
-              mountPath: /storage
+              mountPath: {{ $values.datadir }}
           env:
             - name: RESTORE_SNAPSHOT
               value: "true"
-            - name: SNAPSHOT_RESTORE_PATH
-              value: {{ $values.restoreSnapshot.snapshotRestorePath | default ""  }}
+
             - name: SNAPSHOT_URL
               value: {{ $values.restoreSnapshot.snapshotUrl }}
           {{- with $values.env }}
@@ -192,7 +226,7 @@ spec:
             {{- end }}
               set -ex;
               exec erigon \
-                --datadir=/storage \
+                --datadir={{ $values.datadir }} \
               {{- if $values.p2pNodePort.enabled }}
                 --nat=extip:${EXTERNAL_IP} \
                 --port=${EXTERNAL_PORT} \
@@ -252,7 +286,7 @@ spec:
               mountPath: /jwt
             {{- end }}
             - name: storage
-              mountPath: /storage
+              mountPath: {{ $values.datadir }}
             - name: tmp
               mountPath: /tmp
           {{- if $values.readinessProbe }}
diff --git a/charts/erigon/values.yaml b/charts/erigon/values.yaml
@@ -85,6 +85,9 @@ statefulNode:
   # -- Extra labels to attach to the Pod for matching against
   extraLabels: {}
 
+  # -- The path to the Erigon data directory
+  datadir: /storage
+
   # -- [PersistentVolumeClaimSpec](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#persistentvolumeclaimspec-v1-core) for Erigon storage
   volumeClaimSpec:
     accessModes: ["ReadWriteOnce"]
@@ -132,9 +135,9 @@ statefulNode:
   # -- Pod-wide security context
   podSecurityContext:
     runAsNonRoot: true
-    runAsUser: 101337
-    runAsGroup: 101337
-    fsGroup: 101337
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
 
   service:
     topologyAwareRouting:
@@ -220,9 +223,9 @@ rpcdaemon:
   # -- Pod-wide security context
   podSecurityContext:
     runAsNonRoot: true
-    runAsUser: 101337
-    runAsGroup: 101337
-    fsGroup: 101337
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
 
   service:
     type: ClusterIP
