LaconicNetwork/tmkms-stack
7
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

Update script to check for existing priv validator key

Browse Source
This commit is contained in:
Shreerang Kale 2025-06-11 19:07:47 +05:30
parent 11f7fbb6e3
commit 4e083cec49
6 changed files with 70 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -1,3 +1,5 @@
# tmkms-stack # tmkms-stack
- Reference: <https://github.com/iqlusioninc/tmkms>
- [Run TMKMS service](stacks/tmkms/README.md) - [Run TMKMS service](stacks/tmkms/README.md)

4
stack-orchestrator/compose/docker-compose-tmkms.yml
View File

@ -4,10 +4,10 @@ services:
image: cerc/tmkms:local image: cerc/tmkms:local
command: ["bash", "-c", "/opt/run.sh"] command: ["bash", "-c", "/opt/run.sh"]
environment: environment:
CERC_CHAIN_ID: ${CERC_CHAIN_ID} CHAIN_ID: ${CHAIN_ID}
NODE_IP: ${NODE_IP} NODE_IP: ${NODE_IP}
NODE_PORT: ${NODE_PORT:-26659} NODE_PORT: ${NODE_PORT:-26659}
CERC_KEY_PREFIX: ${CERC_KEY_PREFIX} KEY_PREFIX: ${KEY_PREFIX}
volumes: volumes:
- tmkms-data:/home/tmkmsuser/tmkms - tmkms-data:/home/tmkmsuser/tmkms
- ../config/tmkms/run.sh:/opt/run.sh - ../config/tmkms/run.sh:/opt/run.sh

70
stack-orchestrator/config/tmkms/run.sh
View File

@ -11,48 +11,56 @@ INPUT_PRIV_KEY_FILE=$TMKMS_HOME/tmp/priv_validator_key.json
TMKMS_SECRETS_DIR=$TMKMS_HOME/secrets TMKMS_SECRETS_DIR=$TMKMS_HOME/secrets
TMKMS_STATE_DIR=$TMKMS_HOME/state TMKMS_STATE_DIR=$TMKMS_HOME/state
echo "Initializing tmkms configuration..." # Check if priv_validator_key in SECRETS_DIR exists
if [[ ! -f "$TMKMS_SECRETS_DIR/priv_validator_key" ]]; then
# Initialize tmkms config # Initialize tmkms config
tmkms init $TMKMS_HOME echo "Initializing tmkms configuration..."
tmkms init $TMKMS_HOME
# Generate a new softsign key # Generate a new softsign key
echo "Generating new softsign key..." echo "Generating new softsign key..."
tmkms softsign keygen $TMKMS_SECRETS_DIR/kms-identity.key tmkms softsign keygen $TMKMS_SECRETS_DIR/kms-identity.key
# Update tmkms.toml # Update tmkms.toml
echo "Updating tmkms.toml with chain_id, node IP, and key prefixes..." echo "Updating tmkms.toml with chain_id, node IP, and key prefixes..."
# Add chain configuration # Add chain configuration
cat <<EOF > $TMKMS_HOME/tmkms.toml cat <<EOF > $TMKMS_HOME/tmkms.toml
[[chain]] [[chain]]
id = "$CERC_CHAIN_ID" id = "$CHAIN_ID"
key_format = { type = "cosmos-json", account_key_prefix = "${CERC_KEY_PREFIX}pub", consensus_key_prefix = "${CERC_KEY_PREFIX}valconspub" } key_format = { type = "cosmos-json", account_key_prefix = "${KEY_PREFIX}pub", consensus_key_prefix = "${KEY_PREFIX}valconspub" }
state_file = "$TMKMS_STATE_DIR/priv_validator_state.json" state_file = "$TMKMS_STATE_DIR/priv_validator_state.json"
[[validator]] [[validator]]
chain_id = "$CERC_CHAIN_ID" chain_id = "$CHAIN_ID"
addr = "tcp://$NODE_IP:$NODE_PORT" addr = "tcp://$NODE_IP:$NODE_PORT"
secret_key = "$TMKMS_SECRETS_DIR/kms-identity.key" secret_key = "$TMKMS_SECRETS_DIR/kms-identity.key"
protocol_version = "v0.34" protocol_version = "v0.34"
reconnect = true reconnect = true
[[providers.softsign]] [[providers.softsign]]
key_type = "consensus" key_type = "consensus"
path = "$TMKMS_SECRETS_DIR/priv_validator_key" path = "$TMKMS_SECRETS_DIR/priv_validator_key"
chain_ids = ["$CERC_CHAIN_ID"] chain_ids = ["$CHAIN_ID"]
EOF EOF
# Place validator key in secrets directory # Import the private validator key into tmkms
cp $INPUT_PRIV_KEY_FILE $TMKMS_SECRETS_DIR/priv_validator_key.json echo "Importing private validator key into tmkms..."
tmkms softsign import $INPUT_PRIV_KEY_FILE $TMKMS_SECRETS_DIR/priv_validator_key
# Import the private validator key into tmkms # Remove the original private validator key
echo "Importing private validator key into tmkms..." rm -rf $INPUT_PRIV_KEY_FILE
tmkms softsign import $TMKMS_SECRETS_DIR/priv_validator_key.json $TMKMS_SECRETS_DIR/priv_validator_key
# Remove the JSON key file else
rm $TMKMS_SECRETS_DIR/priv_validator_key.json echo "tmkms configuration already exists. Skipping initialization..."
# Throw error if tmp/priv_validator_key.json exists
if [[ -f "$INPUT_PRIV_KEY_FILE" ]]; then
echo "ERROR: $INPUT_PRIV_KEY_FILE already exists. Please remove it and try again."
exit 1
fi
fi
echo "Starting tmkms..." echo "Starting tmkms..."
tmkms start --config $TMKMS_HOME/tmkms.toml tmkms start --config $TMKMS_HOME/tmkms.toml

2
stack-orchestrator/container-build/cerc-tmkms/build.sh
View File

@ -7,4 +7,4 @@ source ${CERC_CONTAINER_BASE_DIR}/build-base.sh
SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
# TODO: Use BACKEND=yubihsm build command arg # TODO: Use BACKEND=yubihsm build command arg
docker build -t cerc/tmkms:local ${build_command_args} -f ${SCRIPT_DIR}/Dockerfile ${CERC_REPO_BASE_DIR}/tmkms docker build -t cerc/tmkms:local ${build_command_args} -f ${SCRIPT_DIR}/Dockerfile ${SCRIPT_DIR}

36
stack-orchestrator/stacks/tmkms/README.md
View File

@ -16,14 +16,6 @@ Instructions for running TMKMS service
laconic-so fetch-stack git.vdb.to/LaconicNetwork/tmkms-stack --git-ssh --pull laconic-so fetch-stack git.vdb.to/LaconicNetwork/tmkms-stack --git-ssh --pull
``` ```
- Clone required repositories:
```bash
laconic-so --stack ~/cerc/tmkms-stack/stack-orchestrator/stacks/tmkms setup-repositories --git-ssh --pull
# If this throws an error as a result of being already checked out to a branch/tag in a repo, remove the repository and re-run the command
```
- Build the container images: - Build the container images:
```bash ```bash
@ -58,7 +50,7 @@ Instructions for running TMKMS service
```bash ```bash
# Chain ID # Chain ID
CERC_CHAIN_ID= CHAIN_ID=
# Public IP address of the node # Public IP address of the node
NODE_IP= NODE_IP=
@ -66,8 +58,8 @@ Instructions for running TMKMS service
# Port on which the node is listening for consensus messages (default: 26659) # Port on which the node is listening for consensus messages (default: 26659)
NODE_PORT= NODE_PORT=
# Key prefix (for ex. laconic) # Key prefix
CERC_KEY_PREFIX= KEY_PREFIX=
``` ```
## Run ## Run
@ -83,3 +75,25 @@ Instructions for running TMKMS service
```bash ```bash
laconic-so --dir tmkms-deployment logs -f laconic-so --dir tmkms-deployment logs -f
``` ```
## Clean up
- Stop the deployment:
```bash
laconic-so --dir tmkms-deployment stop
```
- To stop the deployment and also delete data:
```bash
laconic-so --dir tmkms-deployment stop --delete-volumes
sudo rm -rf tmkms-deployment
```
- Remove `cerc/tmkms` docker image:
```bash
docker rmi cerc/tmkms:local
```

3
stack-orchestrator/stacks/tmkms/stack.yml
View File

@ -1,8 +1,7 @@
version: "1.0" version: "1.0"
name: tmkms name: tmkms
description: "TMKMS for signing consensus messages" description: "Key Management System for Tendermint applications"
repos: repos:
- github.com/iqlusioninc/tmkms@v0.14.0
containers: containers:
- cerc/tmkms - cerc/tmkms
pods: pods: