From 764831dcbfe2f8d811b8dcc67363394960359427 Mon Sep 17 00:00:00 2001
From: Jamil Shamy <4977827+jamlo@users.noreply.github.com>
Date: Tue, 8 Oct 2024 10:51:16 -0400
Subject: [PATCH 1/2] Improve API error handling (#4607)

This PR tries to fix the "FromHttpResponse" function. Returning 2 errors
from a function can be confusing and uncommon in Golang, especially if
the function only returns these 2 errors.

The new code will return one error, which is always an APIError, and it
also improves the error messaging wording, adding more details in the
output.

Several more tweaks can be done to the current error message handling if
needed.

Note: this is identical to [PR
4565](https://github.com/bacalhau-project/bacalhau/pull/4565), though
created from a branch, and not a fork.
---
 pkg/publicapi/apimodels/error.go  | 19 ++++++++++++-------
 pkg/publicapi/client/v2/client.go | 27 ++++++++-------------------
 2 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/pkg/publicapi/apimodels/error.go b/pkg/publicapi/apimodels/error.go
index 6d2bc98bfd..842fe5734e 100644
--- a/pkg/publicapi/apimodels/error.go
+++ b/pkg/publicapi/apimodels/error.go
@@ -2,7 +2,6 @@ package apimodels
 
 import (
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io"
 	"net/http"
@@ -67,23 +66,29 @@ func (e *APIError) Error() string {
 }
 
 // Parse HTTP Resposne to APIError
-func FromHttpResponse(resp *http.Response) (*APIError, error) {
-
+func GenerateAPIErrorFromHTTPResponse(resp *http.Response) *APIError {
 	if resp == nil {
-		return nil, errors.New("response is nil, cannot be unmarsheld to APIError")
+		return NewAPIError(0, "API call error, invalid response")
 	}
 
 	defer resp.Body.Close()
 
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return nil, fmt.Errorf("error reading response body: %w", err)
+		return NewAPIError(
+			resp.StatusCode,
+			fmt.Sprintf("Unable to read API call response body. Error: %q", err.Error()))
 	}
 
 	var apiErr APIError
 	err = json.Unmarshal(body, &apiErr)
 	if err != nil {
-		return nil, fmt.Errorf("error parsing response body: %w", err)
+		return NewAPIError(
+			resp.StatusCode,
+			fmt.Sprintf("Unable to parse API call response body. Error: %q. Body received: %q",
+				err.Error(),
+				string(body),
+			))
 	}
 
 	// If the JSON didn't include a status code, use the HTTP Status
@@ -91,7 +96,7 @@ func FromHttpResponse(resp *http.Response) (*APIError, error) {
 		apiErr.HTTPStatusCode = resp.StatusCode
 	}
 
-	return &apiErr, nil
+	return &apiErr
 }
 
 // FromBacError converts a bacerror.Error to an APIError
diff --git a/pkg/publicapi/client/v2/client.go b/pkg/publicapi/client/v2/client.go
index 18f687ed34..95979028be 100644
--- a/pkg/publicapi/client/v2/client.go
+++ b/pkg/publicapi/client/v2/client.go
@@ -74,18 +74,12 @@ func (c *httpClient) Get(ctx context.Context, endpoint string, in apimodels.GetR
 		return apimodels.NewUnauthorizedError("invalid token")
 	}
 
-	var apiError *apimodels.APIError
 	if resp.StatusCode != http.StatusOK {
-		apiError, err = apimodels.FromHttpResponse(resp)
-		if err != nil {
-			return err
+		if apiError := apimodels.GenerateAPIErrorFromHTTPResponse(resp); apiError != nil {
+			return apiError
 		}
 	}
 
-	if apiError != nil {
-		return apiError
-	}
-
 	defer resp.Body.Close()
 
 	if out != nil {
@@ -116,18 +110,12 @@ func (c *httpClient) write(ctx context.Context, verb, endpoint string, in apimod
 		return apimodels.ErrInvalidToken
 	}
 
-	var apiError *apimodels.APIError
 	if resp.StatusCode != http.StatusOK {
-		apiError, err = apimodels.FromHttpResponse(resp)
-		if err != nil {
-			return err
+		if apiError := apimodels.GenerateAPIErrorFromHTTPResponse(resp); apiError != nil {
+			return apiError
 		}
 	}
 
-	if apiError != nil {
-		return apiError
-	}
-
 	if out != nil {
 		if err := decodeBody(resp, &out); err != nil {
 			return err
@@ -362,12 +350,13 @@ func (c *httpClient) interceptError(ctx context.Context, err error, resp *http.R
 				WithCode(bacerrors.UnauthorizedError)
 		}
 
-		apiError, apiErr := apimodels.FromHttpResponse(resp)
-		if apiErr == nil {
+		apiError := apimodels.GenerateAPIErrorFromHTTPResponse(resp)
+		if apiError != nil {
 			return apiError.ToBacError()
 		}
 
-		return bacerrors.Wrap(apiErr, "server error").
+		return bacerrors.New("server error").
+			WithHTTPStatusCode(http.StatusInternalServerError).
 			WithCode(bacerrors.InternalError)
 	}
 

From 54e8e0771fc668865e748916d70d054ebc0cd158 Mon Sep 17 00:00:00 2001
From: Jamil Shamy <4977827+jamlo@users.noreply.github.com>
Date: Wed, 9 Oct 2024 07:42:50 -0400
Subject: [PATCH 2/2] Support running Bacalhau in Docker compose (#4596)

This pull requests addresses issue #4595
---
 .pre-commit-config.yaml                       |   2 +-
 test-integration/Dockerfile-ClientNode        |  27 +++
 test-integration/Dockerfile-ComputeNode       |  24 +++
 .../Dockerfile-DockerImageRegistryNode        |  24 +++
 test-integration/Dockerfile-RequesterNode     |  22 ++
 test-integration/README.md                    | 198 ++++++++++++++++++
 test-integration/certificates/README.md       |   9 +
 .../certificates/generate_leaf_certs.sh       |  71 +++++++
 .../certificates/generate_root_ca.sh          |  29 +++
 .../bacalhau-container-img-registry-node.crt  |  33 +++
 .../bacalhau-container-img-registry-node.key  |  52 +++++
 .../bacalhau_test_root_ca.crt                 |  31 +++
 .../bacalhau_test_root_ca.key                 |  52 +++++
 test-integration/compute_node_image_setup.sh  |  38 ++++
 test-integration/docker-compose.yml           | 117 +++++++++++
 15 files changed, 728 insertions(+), 1 deletion(-)
 create mode 100644 test-integration/Dockerfile-ClientNode
 create mode 100644 test-integration/Dockerfile-ComputeNode
 create mode 100644 test-integration/Dockerfile-DockerImageRegistryNode
 create mode 100644 test-integration/Dockerfile-RequesterNode
 create mode 100644 test-integration/README.md
 create mode 100644 test-integration/certificates/README.md
 create mode 100755 test-integration/certificates/generate_leaf_certs.sh
 create mode 100755 test-integration/certificates/generate_root_ca.sh
 create mode 100644 test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.crt
 create mode 100644 test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.key
 create mode 100644 test-integration/certificates/generated_assets/bacalhau_test_root_ca.crt
 create mode 100644 test-integration/certificates/generated_assets/bacalhau_test_root_ca.key
 create mode 100755 test-integration/compute_node_image_setup.sh
 create mode 100644 test-integration/docker-compose.yml

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ee7d6b8d4a..ee46828daa 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -8,7 +8,7 @@ repos:
   - id: detect-aws-credentials
     args: [--allow-missing-credentials]
   - id: detect-private-key
-    exclude: testdata/.*
+    exclude: 'testdata/.*|test-integration/certificates/.*'
   - id: check-yaml
   - id: check-json
 - repo: https://github.com/astral-sh/ruff-pre-commit
diff --git a/test-integration/Dockerfile-ClientNode b/test-integration/Dockerfile-ClientNode
new file mode 100644
index 0000000000..da31f340f7
--- /dev/null
+++ b/test-integration/Dockerfile-ClientNode
@@ -0,0 +1,27 @@
+# Use the docker:dind image as the base image
+FROM docker:dind
+
+# Set the working directory
+WORKDIR /app
+
+# Install curl and bash
+RUN apk update && apk add --no-cache curl bash
+
+# Install the ca-certificates package
+RUN apk add --no-cache ca-certificates
+
+# Copy a root ca into the image
+COPY certificates/generated_assets/bacalhau_test_root_ca.crt /usr/local/share/ca-certificates/bacalhau_test_root_ca.crt
+
+# Update CA certificates
+RUN update-ca-certificates
+
+# Download and execute the Bash script from the given URL
+RUN curl -sSL https://get.bacalhau.org/install.sh | bash
+
+# Download the binary, make it executable, and move it to /usr/local/bin
+RUN curl -o /tmp/mc https://dl.min.io/client/mc/release/linux-amd64/mc \
+    && chmod +x /tmp/mc \
+    && mv /tmp/mc /usr/local/bin/
+
+ENTRYPOINT ["dockerd-entrypoint.sh"]
diff --git a/test-integration/Dockerfile-ComputeNode b/test-integration/Dockerfile-ComputeNode
new file mode 100644
index 0000000000..7a6cc4ebaa
--- /dev/null
+++ b/test-integration/Dockerfile-ComputeNode
@@ -0,0 +1,24 @@
+# Use the docker:dind image as the base image
+FROM docker:dind
+
+# Set the working directory
+WORKDIR /app
+
+# Install curl and bash
+RUN apk update && apk add --no-cache curl bash
+
+# Install the ca-certificates package
+RUN apk add --no-cache ca-certificates
+
+# Copy a root ca into the image
+COPY certificates/generated_assets/bacalhau_test_root_ca.crt /usr/local/share/ca-certificates/bacalhau_test_root_ca.crt
+
+# Update CA certificates
+RUN update-ca-certificates
+
+# Download and execute the Bash script from the given URL
+RUN curl -sSL https://get.bacalhau.org/install.sh | bash
+
+COPY compute_node_image_setup.sh compute_node_image_setup.sh
+ENTRYPOINT ["/usr/bin/env"]
+CMD ./compute_node_image_setup.sh
diff --git a/test-integration/Dockerfile-DockerImageRegistryNode b/test-integration/Dockerfile-DockerImageRegistryNode
new file mode 100644
index 0000000000..9c38ba886e
--- /dev/null
+++ b/test-integration/Dockerfile-DockerImageRegistryNode
@@ -0,0 +1,24 @@
+FROM registry:2
+
+# Install curl and bash
+RUN apk update && apk add --no-cache curl bash
+
+# Install the ca-certificates package
+RUN apk add --no-cache ca-certificates
+
+# Copy a root ca into the image
+COPY certificates/generated_assets/bacalhau_test_root_ca.crt /usr/local/share/ca-certificates/bacalhau_test_root_ca.crt
+
+# Create a directory to store certificates to be used by the registry
+RUN mkdir /certs
+
+# Copy the certificate and key from the local directory to /certs
+COPY certificates/generated_assets/bacalhau-container-img-registry-node.crt /certs/
+COPY certificates/generated_assets/bacalhau-container-img-registry-node.key /certs/
+
+# Ensure proper permissions for certs
+RUN chmod 600 /certs/bacalhau-container-img-registry-node.key
+RUN chmod 644 /certs/bacalhau-container-img-registry-node.crt
+
+# Expose the registry's default port
+EXPOSE 5000 443
diff --git a/test-integration/Dockerfile-RequesterNode b/test-integration/Dockerfile-RequesterNode
new file mode 100644
index 0000000000..cbbd207c32
--- /dev/null
+++ b/test-integration/Dockerfile-RequesterNode
@@ -0,0 +1,22 @@
+# Use the docker:dind image as the base image
+FROM docker:dind
+
+# Set the working directory
+WORKDIR /app
+
+# Install curl and bash
+RUN apk update && apk add --no-cache curl bash
+
+# Install the ca-certificates package
+RUN apk add --no-cache ca-certificates
+
+# Copy a root ca into the image
+COPY certificates/generated_assets/bacalhau_test_root_ca.crt /usr/local/share/ca-certificates/bacalhau_test_root_ca.crt
+
+# Update CA certificates
+RUN update-ca-certificates
+
+# Download and execute the Bash script from the given URL
+RUN curl -sSL https://get.bacalhau.org/install.sh | bash
+
+ENTRYPOINT ["dockerd-entrypoint.sh"]
diff --git a/test-integration/README.md b/test-integration/README.md
new file mode 100644
index 0000000000..bada3d6e3c
--- /dev/null
+++ b/test-integration/README.md
@@ -0,0 +1,198 @@
+# Running Bacalhau on Docker
+
+## Overview
+
+Since Bacalhau is a distributed system with multiple components, it is critical to have a reliable method for end-to-end testing. Additionally, it's important that these tests closely resemble a real production environment without relying on mocks.
+
+This setup addresses those needs by running Bacalhau inside containers while also supporting Docker workloads within these containers (using Docker-in-Docker, or DinD).
+
+## Architecture
+
+- A Requester Docker container, running Bacalhau as a requester node.
+- A Compute Docker container, running Bacalhau as a compute node and is configured to run Docker containers inside it.
+- A Bacalhau Client Docker container to act as a jumpbox to interact with this Bacalhau deployment.
+- A [Registry](https://github.com/distribution/distribution/) Docker container to act as the local container image registry.
+- A Minio Docker container to support running S3 compatible input/output jobs.
+- Docker Compose is used to create 5 services: the Requester Node, the Compute Node, the Client CLI Node, the registry node, and the Minio node.
+- All the services are connected on the same Docker network, allowing them to communicate over the bridged network.
+- All the containers have an injected custom Certificate Authority, which is used for a portion of the internal TLS communication.
+  - TODO: Expand the TLS setup to more components. Now it is used for the registry communication only.
+
+## Setup
+
+---
+### Build the Docker Images
+
+Build the Requester Node image:
+```shell
+docker build -f Dockerfile-RequesterNode -t bacalhau-requester-node-image .
+```
+
+Build the Compute Node image:
+```shell
+docker build -f Dockerfile-ComputeNode -t bacalhau-compute-node-image .
+```
+
+Build the Client Node image:
+```shell
+docker build -f Dockerfile-ClientNode -t bacalhau-client-node-image .
+```
+
+Build the Registry Node image:
+```shell
+docker build -f Dockerfile-DockerImageRegistryNode -t bacalhau-container-img-registry-node-image .
+```
+
+After running these commands, you should see the above images created:
+```shell
+docker image ls
+```
+---
+### Running the setup
+
+Run Docker Compose:
+```shell
+docker-compose up
+```
+
+Access the utility client container to use the Bacalhau CLI:
+```shell
+docker exec -it bacalhau-client-node-container /bin/bash
+```
+
+Once inside the container, you can run the following commands to verify the setup:
+```shell
+# You should see two nodes: a Requestor and a Compute Node
+bacalhau node list
+```
+
+Run a test workload
+```shell
+bacalhau docker run hello-world
+
+# Describe the job; it should have completed successfully.
+bacalhau job describe ........
+```
+
+In another terminal window, you can follow the logs of the Requester node, and compute node
+```shell
+docker logs bacalhau-requester-node-container -f
+docker logs bacalhau-compute-node-container -f
+```
+
+---
+### Setting Up Minio
+
+Access the utility client container to use the Bacalhau CLI:
+```shell
+docker exec -it bacalhau-client-node-container /bin/bash
+```
+
+Setup an alias for the Minio CLI
+```shell
+# The environment variables are already injected in
+# the container, no need to replce them yourself.
+mc alias set bacalhau-minio "http://${BACALHAU_MINIO_NODE_HOST}:9000" "${MINIO_ROOT_USER}" "${MINIO_ROOT_PASSWORD}"
+mc admin info bacalhau-minio
+```
+
+Create a bucket and add some files
+```shell
+mc mb bacalhau-minio/my-data-bucket
+mc ls bacalhau-minio/my-data-bucket/section1/
+echo "This is a sample text hello hello." > example.txt
+mc cp example.txt bacalhau-minio/my-data-bucket/section1/
+```
+
+RUn a job with data input from the minion bucket
+
+```shell
+# Content of aws-test-job.yaml below
+bacalhau job run aws-test-job.yaml
+```
+
+```yaml
+Name: S3 Job Data Access Test
+Type: batch
+Count: 1
+Tasks:
+  - Name: main
+    Engine:
+      Type: docker
+      Params:
+        Image: ubuntu:latest
+        Entrypoint:
+          - /bin/bash
+        Parameters:
+          - "-c"
+          - "cat /put-my-s3-data-here/example.txt"
+    InputSources:
+      - Target: "/put-my-s3-data-here"
+        Source:
+          Type: s3
+          Params:
+            Bucket: "my-data-bucket"
+            Key: "section1/"
+            Endpoint: "http://bacalhau-minio-node:9000"
+            Region: "us-east-1" # If no region added, it fails, even for minio
+```
+
+---
+### Setting Up private registry
+
+This docker compose deployment has a private registry deployed on its own node. It allows us to
+create tests and experiment with docker images jobs without the need to use DockerHub in anyway.
+
+From inside the client container, let's pull an image from DockerHub, push it to our own private registry,
+then run a docker job running the image in out private registry.
+
+```shell
+# pull from docker hub
+docker pull ubuntu
+
+# tag the image to prepare it to be push to our private registry
+docker image tag ubuntu bacalhau-container-img-registry-node:5000/firstbacalhauimage
+
+# push the image to our private registry
+docker push bacalhau-container-img-registry-node:5000/firstbacalhauimage
+```
+
+Now, let's create a job that references that image in private registry:
+
+```shell
+# Content of private-registry-test-job.yaml below
+bacalhau job run private-registry-test-job.yaml
+```
+
+```yaml
+Name: Job to test using local registry images
+Type: batch
+Count: 1
+Tasks:
+  - Name: main
+    Engine:
+      Type: docker
+      Params:
+        Image: bacalhau-container-img-registry-node:5000/firstbacalhauimage
+        Entrypoint:
+          - /bin/bash
+        Parameters:
+          - "-c"
+          - "echo test-local-registry"
+```
+
+---
+### Notes:
+
+If for some reason after running `docker-compose up`, you faced issues with the Image registry node starting, try to remove the image registry docker volume by running:
+
+```shell
+# Destroy the deployment
+docker-compose down
+
+# Remove registry volume
+docker volume rm test-integration_registry-volume
+
+# Create deployment again
+docker-compose up
+```
diff --git a/test-integration/certificates/README.md b/test-integration/certificates/README.md
new file mode 100644
index 0000000000..f993908841
--- /dev/null
+++ b/test-integration/certificates/README.md
@@ -0,0 +1,9 @@
+# Certificate Generation
+
+The script in the folder allows you to generate certificates that are signed by a root CA, and provide the
+CN and SAN for these leaf certs. The generated certs will be added to the `generated_assets` directory.
+
+Usage: `./generate_leaf_certs.sh <CN_and_SAN>`
+```shell
+./generate_leaf_certs.sh my-bacalhau-requester-node
+```
diff --git a/test-integration/certificates/generate_leaf_certs.sh b/test-integration/certificates/generate_leaf_certs.sh
new file mode 100755
index 0000000000..0411adc9d3
--- /dev/null
+++ b/test-integration/certificates/generate_leaf_certs.sh
@@ -0,0 +1,71 @@
+#!/bin/bash
+
+# Set variables
+ROOT_CA_CERT="generated_assets/bacalhau_test_root_ca.crt"
+ROOT_CA_KEY="generated_assets/bacalhau_test_root_ca.key"
+DAYS_VALID=1825  # 5 years
+
+# Organization name and country (same as before)
+ORG_NAME="Bacalhau"
+COUNTRY="US"
+
+# Check if the input argument is provided
+if [[ -z "$1" ]]; then
+    echo "Error: Please provide a string for the Common Name and Subject Alternative Names."
+    exit 1
+fi
+
+COMMON_NAME="$1"
+OUTPUT_CERT="generated_assets/${COMMON_NAME}.crt"
+OUTPUT_KEY="generated_assets/${COMMON_NAME}.key"
+CSR_PATH="generated_assets/${COMMON_NAME}.csr"
+CNF_PATH="generated_assets/${COMMON_NAME}.cnf"
+
+# Check if the files already exist
+if [[ -f "${OUTPUT_CERT}" ]] || [[ -f "${OUTPUT_KEY}" ]]; then
+    echo "Error: One or both of the following files already exist:"
+    [[ -f "${OUTPUT_CERT}" ]] && echo " - ${OUTPUT_CERT}"
+    [[ -f "${OUTPUT_KEY}" ]] && echo " - ${OUTPUT_KEY}"
+    echo "Please remove or rename the existing files before running this script."
+    exit 1
+fi
+
+# Generate a private key for the new certificate
+echo "Generating certificate signed by the root CA..."
+openssl genpkey -algorithm RSA -out "${OUTPUT_KEY}" -pkeyopt rsa_keygen_bits:4096
+
+# Create an OpenSSL configuration file for the SAN
+cat > "${CNF_PATH}" <<EOF
+[ req ]
+default_bits       = 4096
+distinguished_name = req_distinguished_name
+req_extensions     = v3_req
+prompt             = no
+
+[ req_distinguished_name ]
+CN = ${COMMON_NAME}
+O = ${ORG_NAME}
+C = ${COUNTRY}
+
+[ v3_req ]
+keyUsage = critical, digitalSignature, cRLSign, keyEncipherment
+extendedKeyUsage = serverAuth, clientAuth
+subjectAltName = @alt_names
+
+[ alt_names ]
+DNS.1 = ${COMMON_NAME}
+EOF
+
+# Generate a certificate signing request (CSR) using the config file
+openssl req -new -key "${OUTPUT_KEY}" -out "${CSR_PATH}" -config "${CNF_PATH}"
+
+# Sign the certificate with the root CA
+openssl x509 -req -in "${CSR_PATH}" -CA "${ROOT_CA_CERT}" -CAkey "${ROOT_CA_KEY}" \
+    -out "${OUTPUT_CERT}" -days "${DAYS_VALID}" -sha256 -extensions v3_req -extfile "${CNF_PATH}"
+
+# Clean up the CSR and config file
+rm "${CSR_PATH}" "${CNF_PATH}"
+
+echo "Certificate generated and saved to ${OUTPUT_CERT} and ${OUTPUT_KEY}"
+
+echo "Done!"
diff --git a/test-integration/certificates/generate_root_ca.sh b/test-integration/certificates/generate_root_ca.sh
new file mode 100755
index 0000000000..85d18ce312
--- /dev/null
+++ b/test-integration/certificates/generate_root_ca.sh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Set variables
+ROOT_CA_CERT="generated_assets/bacalhau_test_root_ca.crt"
+ROOT_CA_KEY="generated_assets/bacalhau_test_root_ca.key"
+DAYS_VALID=3650  # 10 years
+
+# Organization name and country
+ORG_NAME="Bacalhau"
+COUNTRY="US"
+
+# Check if the files already exist
+if [[ -f "${ROOT_CA_CERT}" ]] || [[ -f "${ROOT_CA_KEY}" ]]; then
+    echo "Error: One or both of the following files already exist:"
+    [[ -f "${ROOT_CA_CERT}" ]] && echo " - ${ROOT_CA_CERT}"
+    [[ -f "${ROOT_CA_KEY}" ]] && echo " - ${ROOT_CA_KEY}"
+    echo "Please remove or rename the existing files before running this script."
+    exit 1
+fi
+
+# Generate a Root CA
+echo "Generating Root CA..."
+openssl genpkey -algorithm RSA -out "${ROOT_CA_KEY}" -pkeyopt rsa_keygen_bits:4096
+openssl req -x509 -new -nodes -key "${ROOT_CA_KEY}" -sha256 -days "${DAYS_VALID}" \
+    -out "${ROOT_CA_CERT}" -subj "/CN=BacalhauTestRootCA/O=${ORG_NAME}/C=${COUNTRY}"
+
+echo "Root CA generated and saved to ${ROOT_CA_CERT} and ${ROOT_CA_KEY}"
+
+echo "Done!"
diff --git a/test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.crt b/test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.crt
new file mode 100644
index 0000000000..975b9e49a8
--- /dev/null
+++ b/test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.crt
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFvjCCA6agAwIBAgIUYifgdP0lbUCNSHVlpbDOv3te6/IwDQYJKoZIhvcNAQEL
+BQAwPTEbMBkGA1UEAwwSQmFjYWxoYXVUZXN0Um9vdENBMREwDwYDVQQKDAhCYWNh
+bGhhdTELMAkGA1UEBhMCVVMwHhcNMjQxMDA0MTY0MjU0WhcNMjkxMDAzMTY0MjU0
+WjBPMS0wKwYDVQQDDCRiYWNhbGhhdS1jb250YWluZXItaW1nLXJlZ2lzdHJ5LW5v
+ZGUxETAPBgNVBAoMCEJhY2FsaGF1MQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcN
+AQEBBQADggIPADCCAgoCggIBALTFGCjPrXoIIClILuq/eW6MUCHNtpaiQPjyUosz
+JI4/hHWBJ4J4yv9wg9w7LJLk5Pvt/8gRdyauIUgUe20/uaU9dGV2iV1r/bTe2oU3
+PDbq9phQerKOS14bGmFRTkVZLLe7vyKe5GHoCfPAQlAVsv97KYTtxxgmhljlsM3y
+GOFbZtv9WR18LEjzyiLONSopQ9bv96R4YEMKf3NA2qEisZsiY8v9Kg1Gd+rMCx73
+UIbg1y4ykBan2N5nO8FJbqg6VJPSajIIOKWHZxjhwG7BfOnk3TWCF5obb5Zy1nPG
+SOTZod3jV3p8XdDDHohgIvvUC9bO+Wc+JRKSSdDtn6BO3bzjgkAFLbaCmi0fd3HR
+fwhtRT4ZI3t2RNUhNZvx6UN0Lcl5KBvivd3T/e1jCvQR2ivEm2lphjjNWSSz5043
+c1yjEcMPsY6rFSIbnxiM2F32hIGFejXJqA4MaHHpk9stF14MSPSxCYRffdsjf9tQ
+BAg9bRN98uSbxlayKPK7k0vaB3ol/GpCpTIHLrTt/XwfFC23r/g7NS6lXX8X0Ldc
+UfZm8eJB9qYVuQgzZISH60q4rvOCvn15CuE8HkPUoLTYNIJqhVU5kTo0pEs9AIuF
+fKtXYTdK/YgYZ2uOiLyU3uelwcB7hWldHyTFFqbrxOsm+ZrlPD4AW8i87IpGPMGQ
+nf1dAgMBAAGjgaMwgaAwDgYDVR0PAQH/BAQDAgGiMB0GA1UdJQQWMBQGCCsGAQUF
+BwMBBggrBgEFBQcDAjAvBgNVHREEKDAmgiRiYWNhbGhhdS1jb250YWluZXItaW1n
+LXJlZ2lzdHJ5LW5vZGUwHQYDVR0OBBYEFFY0/QjT73AvlWyhJ45O+/pxUFxuMB8G
+A1UdIwQYMBaAFEv+OZzYAJx/WZch9ckcScnAtXOYMA0GCSqGSIb3DQEBCwUAA4IC
+AQCPigiWa45CWt2D/tq2tAC0UpXUSJKVfkFcGE3rO6OANWsbuFDNpMvc5IR2/YoB
+hqYQqEP8kszaBOLEh8s5c0WPUo7ayarr+D0vvFPiMZ7OY2WFs3r2rg9mqK92UDEL
+PtpRKhfBXmWNyfaEfxIi+VfwbHk6QzwtbOTGydMiv/mUHFsXMqRFSLg+g2o5/7Xj
+RhV8n7x21c02wNWnEHVl1sss6VyW+MvaepHtzAeTNhEHpw4lhCqgn2Imh3J+5lCv
+xYMVQYCXCSSO+y62hCRs0DN5Nad5LvfTACAhKvtt9HShrOTdZLFz/KgWrbKTzfjr
+vKpzB6ck98la39xqInHahfjRAQ4mIdkELh6iXN1SAxKDw2vFqRI4PsQznntEs1xM
+42RvZ3IeEazH+M7/h4fZZVr8c5+pwyHe79iDM6mNKzCLcxTqB46Fuj/Q/kQ+eHiJ
+wf3+RJarc3vHEYXg0+ggqX6ZgBz43nqVL4G8o86ijA1ipVOaygL+9mSwMrmWhT12
+IBwjOnEhSxBOp6UwXTSAVpuZH+zhT89ws9kGGU2wSUQdA3FSM0JUmEA5mMYIU17F
+zhzG+04M7sGFrNsnR97/BaTfx88fXgsXUMjtEDNvg6iKxEt3r8iBCL9cOkq6nmbi
+peZAYCMmyU7QGl0Y/7fztb2p5ZUEwuus3GnMo/KBX3RefQ==
+-----END CERTIFICATE-----
diff --git a/test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.key b/test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.key
new file mode 100644
index 0000000000..ab085ff4d8
--- /dev/null
+++ b/test-integration/certificates/generated_assets/bacalhau-container-img-registry-node.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC0xRgoz616CCAp
+SC7qv3lujFAhzbaWokD48lKLMySOP4R1gSeCeMr/cIPcOyyS5OT77f/IEXcmriFI
+FHttP7mlPXRldolda/203tqFNzw26vaYUHqyjkteGxphUU5FWSy3u78inuRh6Anz
+wEJQFbL/eymE7ccYJoZY5bDN8hjhW2bb/VkdfCxI88oizjUqKUPW7/ekeGBDCn9z
+QNqhIrGbImPL/SoNRnfqzAse91CG4NcuMpAWp9jeZzvBSW6oOlST0moyCDilh2cY
+4cBuwXzp5N01gheaG2+WctZzxkjk2aHd41d6fF3Qwx6IYCL71AvWzvlnPiUSkknQ
+7Z+gTt2844JABS22gpotH3dx0X8IbUU+GSN7dkTVITWb8elDdC3JeSgb4r3d0/3t
+Ywr0EdorxJtpaYY4zVkks+dON3NcoxHDD7GOqxUiG58YjNhd9oSBhXo1yagODGhx
+6ZPbLRdeDEj0sQmEX33bI3/bUAQIPW0TffLkm8ZWsijyu5NL2gd6JfxqQqUyBy60
+7f18HxQtt6/4OzUupV1/F9C3XFH2ZvHiQfamFbkIM2SEh+tKuK7zgr59eQrhPB5D
+1KC02DSCaoVVOZE6NKRLPQCLhXyrV2E3Sv2IGGdrjoi8lN7npcHAe4VpXR8kxRam
+68TrJvma5Tw+AFvIvOyKRjzBkJ39XQIDAQABAoICAAuexdb4bqbdty+K1SqVmg6P
+VNFaIhwccapvF/ucaIOqX+9BGP3r749XDMA59OYRHQp4JKKYQ31di9nQfen/wtp1
+O7JlWcmDGSEo2DQ1tkMI0fGS7tLj5G1itvc9h5db9vdtSV6bhy58q4hwj0gK9Qwz
+lG+Cl3NH0AgOj9HVTQsjhIECEASeCFISNdK3SGHy8B+fd7RUtp9ooS5n+LCLWeO7
+5LK8De7M3QWKDfGfepzeVDFt4lGf2DLdFlFuUSoy7F/qPUBabfBvZqMJ/q7qn4cr
+hUVyHOafpTSEd6D5RJNNeCMa1kiTOQv5QaZeQ7Fw0pKsOwpgy3eeUWzC8als7cJM
+SZ5fX7bWc9y7UBj/FqdKVON4aK4BZREvohTEpWW5+B7dlFOoSitc8E0x0DJXrHbe
+ti82oWf2t277qm9rhyWHW4pb6FGeuglqr2Y7rlUfy6cxsfTFlarM4FKY5kT25ncR
+7GSeRq37dj0mtfYOPjCZ7K0dtOlup2Ao86n72sB1vVKwvBYWBycpV36g6Ibjptzm
+Mp/cedY68ykABzA7rLAuQoDjqMM6MkQYlBGW3GCmLiDktRGZFMk1lvVpTeXe5KW9
+WY8Zw1EIX/L1a5LjWSzB1R45kN04PNLjwgXnxvmaRiaCpwbxXVJLtG18ryB9MR8j
+KDyrueV+/nggKXSbisLhAoIBAQD0EQDvcdpCSCoCVwjVhbBkGQjm7gVqbDlr9Zll
+Yjzm/JMgRQZgOl9BPy9d0svPHyXrB2YO0adzbUhx2jICtBS+cA6jL96u1BzwUMlI
+X9WJ/jJgDdeCxj6eYDRyOA9kKr0A/9luacYH0wJV9BOz8mNfRbnCy8X0TweMBXBD
+1DM9EvMHkFU/2mww2MBC2z9w51Xvu+an4WChyxvRBYNx61UI5BzifwQdVWldUhvp
+6YMrWJxiasxm3qQRiuzCE91QGxTP16LNMu7Tky7urdKOXhuOHbG9FjV+uTB3Oc2W
+DBmz5trwnoCVjqVHtmpRH/2Ecv68c3ioUg0Xpii7fcB2QgixAoIBAQC9m83D/Lng
+prrhxJU7O7AwYGiGopKsSTwCL0jsWLLfrqUSf1TKkCeuLm755zJI8MSygxLpZgf9
+pKj5mh01/72g2jHMgdZyqyvArn+IFw4Aafjlpk+zVYb2fyG7pfCPBJfdbeDAe++t
+Ka4tmel8HGjAn95hu6AIWZhvGY7VKTTCPRZnOWIWJun7zygfn8sYttniS1ioBDp0
+eQ+uNQ16mE5IP2NYqY83UtdZPKlmF+2o0TyNAq5l9PbOV3wfyeRGY6BYNkNVFFf6
+BIq/S+2lB6VtxuVU61YOzkcMCAJH3Ld8h5F2rK3KsrhdpGKTlAjjvfVmBkRhAdR3
+H+2+OIBHF2ptAoIBAQDRb53r2zk904spAuKzx8r7unfnIq1HC6OivthpJYm5dVgT
+QugbvztqU/wjePYnwETbkDfF06br6AVYnbJ4m2uJl8MXycY/JAnJNqnjD0nA5n73
+6ijbMZ8ebNPUh8K9Y+dYajR9CQtEP5Arjg0yR3d6k+y5+f7ejMqfHzOdIQTvDcm6
+3eIprxdUO0uQk2+3ROx7kjR2L3KqpA40qZSINzd7L7SRsAkp2tdVm1YUvasvkRRx
+Z9ALHlaQLzTHviAV04dia1pq16AVsqF9c2/Rd3QR2e1hoyM4oVWzmciPT8bml92c
+yYbxz7yI80H8Z4U3GS77K+OIHRDbEFy3t0tmr3ehAoIBAAEo/+RQGo8OVhxliIg5
+QEW7gUg5nG4jcJOO2IJhtI570hS/5LPsl+GP9SvgR0V8+6cf+DCnaCscI9CLKdyX
+uQBP9XgL31UKSRU/vBYIFhTYkSZOkzREtLOzaXBtfoBRheBb+MEUwQ2tMJyk0XHp
+9pYfJEwyyrLiYXVkkaQqQWFi4E03Y6tBB7N7vAIdhy+ahtDEp0E37WejCf6F4pQ6
+dFgq0x/Kwc6T2i94mIzAXrrmtNkkCA8lpZDzphXHtXbcyzFe+6B8pGEqP/MVstmM
+p215hxOy8O7cQkEHl4P7DMBdT/2K5vFTkJ86D0RZ5ogGNIcwSKDTUwp7jofYbqiA
+sy0CggEAQGVQibpqusZXJrSf619vedOGX+HbrYQR9sdF2uSyHvgGRcHAKTbk646/
+yXQcqBTBnf+p7cBaOF6icTpF9WfJZlK+sMJPJBWQpTaqCImb0EzQn/irYw1B2LqM
+od7w9YUFE2/hGH38XGqDtpNV0PBpc320BDLfAcpzVLlNMQDgMfFVNSM+IHB2clcO
+ad0eAxaqRhu7gSEnaxIfNtTOuMp5gvOI5qg0+WZZv4yFoYk3Ge8kKZTDIsFsHB8X
+nnwpq0xLqt6L9m5Ifqv+n0OYpB3MxFv9UXLAXrDJ4OvIKQfRbKI1q42AjwFRkb7U
+b/zrt9Y++SxL+wcMtRb9JAlHmmh0DA==
+-----END PRIVATE KEY-----
diff --git a/test-integration/certificates/generated_assets/bacalhau_test_root_ca.crt b/test-integration/certificates/generated_assets/bacalhau_test_root_ca.crt
new file mode 100644
index 0000000000..b7ba413f98
--- /dev/null
+++ b/test-integration/certificates/generated_assets/bacalhau_test_root_ca.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFWzCCA0OgAwIBAgIUBLGr9ixtYXxd37LeDg2/Ml81KxUwDQYJKoZIhvcNAQEL
+BQAwPTEbMBkGA1UEAwwSQmFjYWxoYXVUZXN0Um9vdENBMREwDwYDVQQKDAhCYWNh
+bGhhdTELMAkGA1UEBhMCVVMwHhcNMjQxMDA0MTU1MTIyWhcNMzQxMDAyMTU1MTIy
+WjA9MRswGQYDVQQDDBJCYWNhbGhhdVRlc3RSb290Q0ExETAPBgNVBAoMCEJhY2Fs
+aGF1MQswCQYDVQQGEwJVUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AMuUD1dPMYoOmsevycxyd2n3QIIZZ6rDWElV6nIJ5vuvdCjVuwtRavhN5HcnP7tu
+CMCibb6Y8LTGVXzkXmFfu9B8zFd7n3aSc2LNDUJNqBUxAyNvseT95Pev77HciWFy
+D/udB0Yq4wE7SJemYqJPJ5+3AKyGT1pgQbwd3lTXsUdpyNF2hbhtq/x648OjTGPh
+lCxxsaEW0npVdqMLBhArzHnbv1iXDuKCDZXEBqkN+CR0hhApzbqLWXYj0LFEw8TY
+ieWSJJzuO9W2Q0SagxIJD+exK+XQMF6A1+fBbxGXAgm/SMYl9zjHQgQJgy50etRk
+yeX9hhjyngZFVGPkdtKDG8A4mXJcVHFF5X/+I4Ky+Kpg5hi37qIgrZrXYgCkRiHJ
+jQLocVYQxv2SqwOgJjOaUqH6zYQF74fLqIq7Tay/RChIXJEOkuNk5nGd3C8GVXQr
+xzeG7ayaqjT0uIiMhbnHmfXTDC6ueX+/cDygUrJwMaTPVQeJnlonppjh+N6PkMP6
+zMbM03eXh/7BHfFI/DqUH1VyPXat7ahbOspHP9b5b7ZcDs9CKc23fmH2pDW++xZb
+Gq3XYje3Bb92tlb9gkPBLPbAV1Jeh/vw6GUCy7vcMLTvPMRPI5Tj881rH0qIvbbg
+odwJni7sC29Wh4V1zE0HNUBBunBb0o8+oilD88sMikBpAgMBAAGjUzBRMB0GA1Ud
+DgQWBBRL/jmc2ACcf1mXIfXJHEnJwLVzmDAfBgNVHSMEGDAWgBRL/jmc2ACcf1mX
+IfXJHEnJwLVzmDAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAx
+S6raHCA1hWf9/yJ4UdTnWhfv3ZEx5GgwWJzqu567iO5NBV7kzhFRhyMD8R2dczgT
+Y5kkHM+lzfeanSw9GEHG9XM91x0dNIhrncFGzckK8QfXCZoq6PfvLf67v6xXTwTD
+pfPxjCjw6dV3jeGpY7JMghDJkgVllDAKLo+qCysCGn+PQTelEpVdkXwYwm+vDtiQ
+6fYgobYLjIkE9P5iCO9dAGi+lX+s6cO6YmvcfNx6hbpEP6cpmShNpJH1GcQy2tlP
+4VVjzjEP1GVHed5S7HryXgRpbG+9QvwVva0KJasZe+2N8sCCab63CUdP93BJrAUG
+QxYzxZHSK5kFYz8EuflDnS/bBVo15ucDp9121G88x1oMxT3/69QzuQFBBWSQRD7Q
+EBdT+n83pBWKy1S9y5UxkZJeWI81nbTELHDc9gzuWzyGxOHj+GNN6oeF/RlEdfSG
+YiPa6gyrKxI8tBkKzeZILVxmLq9XMVyIfy6W+BXfS+SYOZg97fjXdlEkNkXfIml4
+Z4Pefu1JAP+VDJd0F8oWG5j0OayF/N77KjtGft92i30Q50jmSMF4xfTwOUeY7TVL
+whWZjA0BFgeVURcYPByRR3DNfCo00Xga8cXGk4wC9qBSugJNgJMY4svs61xNN5Vx
+yelv/Ra0DOWWDe1q8aWhWTJk1AoNqCbXt7mI/DBYCg==
+-----END CERTIFICATE-----
diff --git a/test-integration/certificates/generated_assets/bacalhau_test_root_ca.key b/test-integration/certificates/generated_assets/bacalhau_test_root_ca.key
new file mode 100644
index 0000000000..d0045bb558
--- /dev/null
+++ b/test-integration/certificates/generated_assets/bacalhau_test_root_ca.key
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDLlA9XTzGKDprH
+r8nMcndp90CCGWeqw1hJVepyCeb7r3Qo1bsLUWr4TeR3Jz+7bgjAom2+mPC0xlV8
+5F5hX7vQfMxXe592knNizQ1CTagVMQMjb7Hk/eT3r++x3Ilhcg/7nQdGKuMBO0iX
+pmKiTyeftwCshk9aYEG8Hd5U17FHacjRdoW4bav8euPDo0xj4ZQscbGhFtJ6VXaj
+CwYQK8x5279Ylw7igg2VxAapDfgkdIYQKc26i1l2I9CxRMPE2InlkiSc7jvVtkNE
+moMSCQ/nsSvl0DBegNfnwW8RlwIJv0jGJfc4x0IECYMudHrUZMnl/YYY8p4GRVRj
+5HbSgxvAOJlyXFRxReV//iOCsviqYOYYt+6iIK2a12IApEYhyY0C6HFWEMb9kqsD
+oCYzmlKh+s2EBe+Hy6iKu02sv0QoSFyRDpLjZOZxndwvBlV0K8c3hu2smqo09LiI
+jIW5x5n10wwurnl/v3A8oFKycDGkz1UHiZ5aJ6aY4fjej5DD+szGzNN3l4f+wR3x
+SPw6lB9Vcj12re2oWzrKRz/W+W+2XA7PQinNt35h9qQ1vvsWWxqt12I3twW/drZW
+/YJDwSz2wFdSXof78OhlAsu73DC07zzETyOU4/PNax9KiL224KHcCZ4u7AtvVoeF
+dcxNBzVAQbpwW9KPPqIpQ/PLDIpAaQIDAQABAoICAARn0waYUYBAqAoHVlp6RwJ5
++ojzLacfRScbOl/hvisK55TX4qvbAf3400Xqp+5CR6ZB2QpKAUBKKUJaiNQOG6CE
+3SjTaHXdaktPGHUZOdb9qGwWHLya680UHyvU4xRPCg8sfuVmDWNV71y7pggsXYqb
+UPtMV+7yHVM0c+Nak1C7WAN325ut1N1YHFUafo9PE30IWtdSWDv1dUccIzlhppnC
+UJbUhFSi+MX1A1p1FJ/Q9aPDAGfG2habD0ovji5zJatJ9XmYOD2ahxOGEJTKgMt+
+QFyKd2QrZzSKScpZ9++h04D9runsPQfN3AnTWaAW0Nwx2oP8gahwXl4WwmhiLk0q
+V1R7LPTPiY+IxijxwFKV80OFyGJtZCRHkPEQLSnxZc0iVf9F7XgBk7FvKld3G2JL
+Y0r8l4p7btp0St6adyIHZQiN0+j6gP/AvNlBkn/XcQk5OR+HHjAENKVpg/M1nUVO
+FToh68MLZPwvE0M+/lbUe2plX4nfD5gX4iDwNF4yCGcRzZg0LtBXoM26j44MQvmP
+xg5KqVzIr6c4iKDBKJqGRZh87h+g3MGVzbQfNyfvJ31CzWM/bsgZF+U5H673r73n
+Y8ws/f8mBXwLzbyLWLb9QRK392+v9BJlJ1AhHTwTPJLVZpcmNu/UJ1dQMbGIZ+te
+/vmKu1MtSPNdJOKCIf/HAoIBAQD5/u4JYEL5s3jWmvx8bLkDZjR+9jbZwii+zBFB
+9ukWDtRb5gGsVxStOxPubleYhLkBLyh1uXGNE/0insQQsXNtwCXmq08lxANYoVFz
+47fTFwK/3Y1Uhk7suAgM6fXGhm03BNuK3M0baX8BON2Su0dCv2RA7OtfY/L6J53N
+eZylj/0dcGDCbvD4Z0z6MG7ayKM6TiFNz6YT2XyGEdsRkUxD6UdDjsR2UILVPNJR
+J3quXDz1d5Vk365NgmDzCilHP2fYEr15Gdcf0uXorzoXaVlvCMrdaSywcNWpUVpr
+KX+BjhVNXMNoSJ7Q85aK9cx794LN7L85IO5dzPwN/+g1zM9jAoIBAQDQd7zdAs3V
+QSffVxU/UlTtekMbYWQECQsHupr4GTrKpujWWs+Fh1KUtCbBgEVmV2gIw9j12uTW
+tY/9XMk/lw6HWFb0v0fCVXiPMAci5RIrPa1yyY5j12AlzYXn51e/M2Kqd6LIZmTt
+d+bWl/dhfBH6Ar91gQJ1XClOktXmj6g+HYv0armUGdB1P2PKKVHMKIyq8yI9t2/3
+5+O38yB2L7TXMPWJrPbPvtrScA2Wve8FA9EIkIYtfiWSXB4MgYQcaUstiBqCqghL
+RwT2IJ8W828ak88a3HohK2ml3K3z9plZz8C5J0fyqPb6cbQzSpJV5xVKboacgoii
+/enLCY/WvRjDAoIBAQD4LxPVjxEun/Po6bibNbx/GWooWPqfOFgHAsRnPl6sHVDJ
+YxBqLZFDYREqdbTUn36jJFQAe3e1XRDC2+c9w00audVmqM9MaMoBpTUd3gZSs9dw
+7twt+6BC9XhYibQLwMyQAGyL8SRWgGcrqW6fCvl11FgM9Ke+7ZT8r3PD12WiH85i
++Xu1yznDAZq0Dn0fCmyxp3r8qpbvwcwTtYpMaHjUOrUa5pM3+jnIxDbvhkgO7Vc/
+Qda4bC+4lyT0YzQTnWjUY9ZicTrWRyMj20HKmDXHO21aXd2V1I7pJvCiznHdBlcz
+lFISJ3YzboAXuGmm8FOVZ+F3L7A0wxnANDwtnQSNAoIBAHSdlqv3ppcV9K0ONNeQ
+Qev6idGmQGG1gVMYgxooWugESJmogRAMLBj9UfTKwYfHe23zyMl3Yq3tMRglMHr/
+EGSL+VC+M/E1CNTopAVUKT7BKObec2XMlH9xIeghVMejgh0kAY6jIPBqM1p19i+1
+TQUTRnD/8xUdsgm/QCLS1+Wvd5wJm7iKXD9Kb5MmXBid0lrK2au2ks8WDB/ZxJ34
+f+wk+iXC+OortJMllaRuqWefw+5LkpOeTnw6RaDvTqzqBeD5kwLnBO6/Urowc25O
+TSeL6b33+eXWOCpNcY3Ys942xnOM0sWe2VIuCwTqQUQGmbVicLDaoH61FXS765fP
+fisCggEAQmxfrDvGpX48vDAgCwRhj/a76elRheXtFdwouMEa9YMXR0Y00Q/NTqzG
+2d9QaSJ3PHiXq2PUJq8aicik10Tzf7xdI9k8yPmehkvWfHyFDwiiTehdNRdWsUub
+NflZ75vBK781xG6/us2FYu6imW4nSj866BOzYhlZ7pJb61o0jJRjlTn1nulJBViR
+nJOAgi9Nw55G2NJUAhOMHqdszGHKgf7NnwU5cSyyKdVlziNR9eFQNy2uLCnwY+09
+346zH7Vahc+UdxuBIbZXCvv1uCml3k240CF9gxwi9CpoAtirvX4vyCqD/XfJVkq+
+kD+4DHssfsjShHyCWks5PAwHfErfrA==
+-----END PRIVATE KEY-----
diff --git a/test-integration/compute_node_image_setup.sh b/test-integration/compute_node_image_setup.sh
new file mode 100755
index 0000000000..a537e55550
--- /dev/null
+++ b/test-integration/compute_node_image_setup.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+
+# Total wait time in seconds
+TOTAL_WAIT_TIME_FOR_DOCKERD=30
+# Time interval between retries in seconds
+RETRY_INTERVAL=3
+# Calculating the maximum number of attempts
+MAX_ATTEMPTS=$((TOTAL_WAIT_TIME_FOR_DOCKERD / RETRY_INTERVAL))
+attempt=1
+
+# Start the first docker daemon
+dockerd-entrypoint.sh &
+
+while [[ ${attempt} -le ${MAX_ATTEMPTS} ]]; do
+    echo "Checking if dockerd is available (attempt ${attempt} of ${MAX_ATTEMPTS})..."
+
+    # Try to communicate with Docker daemon
+    if docker info >/dev/null 2>&1; then
+        echo "dockerd is available! Now Starting Bacalhau as a compute node"
+        bacalhau config set compute.auth.token="${NETWORK_AUTH_TOKEN}"
+        bacalhau serve --compute -c compute.orchestrators="nats://${REQUESTER_NODE_LINK}:4222"
+        # Wait for any process to exit
+        wait -n
+
+        # Exit with status of process that exited first
+        exit $?
+    fi
+
+    # Wait before retrying
+    echo "dockerd is not available yet. Retrying in ${RETRY_INTERVAL} seconds..."
+    sleep "${RETRY_INTERVAL}"
+
+    # Increment attempt counter
+    attempt=$((attempt + 1))
+done
+
+echo "dockerd did not become available within ${TOTAL_WAIT_TIME_FOR_DOCKERD} seconds."
+exit 1
diff --git a/test-integration/docker-compose.yml b/test-integration/docker-compose.yml
new file mode 100644
index 0000000000..2340fba1a6
--- /dev/null
+++ b/test-integration/docker-compose.yml
@@ -0,0 +1,117 @@
+x-common-env-variables: &common-env-variables
+  NETWORK_AUTH_TOKEN: "i_am_very_secret_token"
+  BACALHAU_API_PORT: "1234"
+  MINIO_ROOT_USER: "minioadmin"
+  MINIO_ROOT_PASSWORD: "minioadminpass"
+  AWS_ACCESS_KEY_ID: "minioadmin"
+  AWS_SECRET_ACCESS_KEY: "minioadminpass"
+
+networks:
+  bacalhau-network:
+    driver: bridge
+
+volumes:
+  minio-volume:
+    driver: local
+  registry-volume:
+    driver: local
+
+services:
+  bacalhau-minio-node:
+    image: quay.io/minio/minio
+    container_name: bacalhau-minio-node-container
+    command: server /data --console-address ":9001"
+    volumes:
+      - minio-volume:/data
+    restart: always
+    networks:
+      - bacalhau-network
+    environment: *common-env-variables
+    healthcheck:
+      test: [ "CMD", "curl", "-f", "http://localhost:9000/minio/health/live" ]
+      interval: 1s
+      timeout: 5s
+      retries: 30
+      start_period: 2s
+
+  bacalhau-container-img-registry-node:
+    image: bacalhau-container-img-registry-node-image
+    container_name: bacalhau-container-img-registry-container
+    volumes:
+      - registry-volume:/var/lib/registry
+    restart: always
+    networks:
+      - bacalhau-network
+    environment:
+      REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /var/lib/registry
+      REGISTRY_HTTP_ADDR: "0.0.0.0:5000"
+      REGISTRY_HTTP_TLS_CERTIFICATE: "/certs/bacalhau-container-img-registry-node.crt"
+      REGISTRY_HTTP_TLS_KEY: "/certs/bacalhau-container-img-registry-node.key"
+    healthcheck:
+      test: [ "CMD-SHELL", "nc -zv localhost 5000" ]
+      interval: 1s
+      timeout: 5s
+      retries: 30
+      start_period: 2s
+
+  bacalhau-requester-node:
+    image: bacalhau-requester-node-image
+    container_name: bacalhau-requester-node-container
+    networks:
+      - bacalhau-network
+    environment: *common-env-variables
+    depends_on:
+      bacalhau-minio-node:
+        condition: service_healthy
+    privileged: true
+    command:
+      - /bin/bash
+      - -c
+      - |
+        bacalhau config set "orchestrator.auth.token" "$${NETWORK_AUTH_TOKEN}" && bacalhau serve --orchestrator -c api.port=$${BACALHAU_API_PORT}
+    healthcheck:
+      test: [ "CMD-SHELL", "nc -zv localhost 1234" ]
+      interval: 1s
+      timeout: 5s
+      retries: 30
+      start_period: 2s
+
+  bacalhau-compute-node:
+    image: bacalhau-compute-node-image
+    container_name: bacalhau-compute-node-container
+    privileged: true
+    networks:
+      - bacalhau-network
+    depends_on:
+      bacalhau-requester-node:
+        condition: service_healthy
+      bacalhau-container-img-registry-node:
+        condition: service_healthy
+    environment:
+      <<: *common-env-variables
+      REQUESTER_NODE_LINK: 'bacalhau-requester-node'
+    healthcheck:
+      test: [ "CMD-SHELL", "nc -zv localhost 1234" ]
+      interval: 1s
+      timeout: 5s
+      retries: 30
+      start_period: 2s
+
+  bacalhau-client-node:
+    image: bacalhau-client-node-image
+    container_name: bacalhau-client-node-container
+    privileged: true
+    networks:
+      - bacalhau-network
+    depends_on:
+      bacalhau-requester-node:
+        condition: service_healthy
+      bacalhau-compute-node:
+        condition: service_healthy
+      bacalhau-container-img-registry-node:
+        condition: service_healthy
+    environment:
+      <<: *common-env-variables
+      BACALHAU_API_HOST: 'bacalhau-requester-node'
+      BACALHAU_COMPUTE_NODE_HOST: 'bacalhau-compute-node'
+      BACALHAU_MINIO_NODE_HOST: 'bacalhau-minio-node'