From 3a483792f74885b1824db04362b000f259a01458 Mon Sep 17 00:00:00 2001 From: shreerang Date: Thu, 12 Jun 2025 11:20:33 +0000 Subject: [PATCH] Add playbooks to run TMKMS service (#14) Part of https://www.notion.so/Create-stacks-for-mainnet-1f2a6b22d4728034be4be2c51decf94e Co-authored-by: Shreerang Kale Reviewed-on: https://git.vdb.to/cerc-io/laconicd-stack/pulls/14 Co-authored-by: shreerang Co-committed-by: shreerang --- docs/run-first-validator.md | 160 +++++++++------- docs/run-validator.md | 172 +++++++++++------- .../cosmos-multisig-vars.example.yml | 35 +++- .../first-validator-vars.example.yml | 27 ++- .../first-validator/setup-first-validator.yml | 1 + playbooks/tmkms/run-tmkms.yml | 53 ++++++ playbooks/tmkms/setup-tmkms.yml | 31 ++++ playbooks/tmkms/tmkms-vars.example.yml | 16 ++ playbooks/validator/setup-validator.yml | 1 + .../validator/validator-vars.example.yml | 25 +++ 10 files changed, 386 insertions(+), 135 deletions(-) create mode 100644 playbooks/tmkms/run-tmkms.yml create mode 100644 playbooks/tmkms/setup-tmkms.yml create mode 100644 playbooks/tmkms/tmkms-vars.example.yml diff --git a/docs/run-first-validator.md b/docs/run-first-validator.md index 72dc128..fe8e71f 100644 --- a/docs/run-first-validator.md +++ b/docs/run-first-validator.md @@ -14,6 +14,8 @@ - LPS distribution Google spreadsheet URL or CSV file path +- Machine 4: Where the TMKMS service is to be setup + - Following tools are required in all machines: - [ansible](playbooks/README.md#ansible-installation) @@ -53,6 +55,9 @@ # Set desired key name key_name: "laconic-validator" + + # Enable TMKMS + tmkms_enabled: true ``` - Export the data directory and mainnet deployment directory as environment variables: @@ -81,6 +86,25 @@ NOTE: This public key is required in [next step to generate the genesis file](#generate-mainnet-genesis-file) +- Copy over the `priv_validator_key.json` located at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` to the machine where the TMKMS service is to be setup (machine 4) + +## Setup TMKMS + +- For integrating TMKMS with laconicd, follow steps below in the machine where the TMKMS service is to be setup (machine 4) + +- Export the data directory and TMKMS deployment directory as environment variables: + + ```bash + # Parent directory where the deployment directory will live + export DATA_DIRECTORY= + ``` + +- Run ansible playbook to setup the TMKMS service: + + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/setup-tmkms.yml + ``` + ## Export testnet state - Run the following steps in machine where the testnet node is already running (machine 1) @@ -177,72 +201,41 @@ ## Run node -- Run the following steps in the machine where the mainnet node is setup (machine 2) +### Start TMKMS -### Setup TMKMS (Optional but Recommended) +- Run these steps in the machine where [the TMKMS service is setup (machine 4)](#setup-tmkms) - - -- For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup - -- Set `$TMKMS_HOME` to the directory path containing TMKMS config files +- Copy the example variables file: ```bash - # Contents of tmkms config directory - ls -l $TMKMS_HOME - drwxrwxr-x 2 ... schema - drwx------ 2 ... secrets - drwxrwxr-x 2 ... state - -rw-rw-r-- 1 ... tmkms.toml + cp ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.example.yml ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml ``` -- Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`: +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values: - ```toml - [[chain]] - id = "laconic-mainnet" - key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } - # Replace with absolute path to tmkms config directory - state_file = "/state/priv_validator_state.json" + NOTE: Use the `priv_validator_key.json` file copied from the node setup machine (Machine 2) in [previous step](#setup-node) - [[validator]] - chain_id = "laconic-mainnet" - # Replace with actual IP address of the laconicd node - addr = "tcp://:26659" - # Replace with absolute path to tmkms config directory - secret_key = "/secrets/kms-identity.key" - protocol_version = "v0.34" - reconnect = true + ```yaml + # Absolute path to the node's private validator key file + priv_validator_key_file_path: "" - [[providers.softsign]] - key_type = "consensus" - # Replace with absolute path to tmkms config directory - path = "/secrets/priv_validator_key" - chain_ids = ["laconic-mainnet"] + # Set the IP address of the machine where the laconicd node is setup + node_ip: "" + + # Set the port of the laconicd node + node_port: "26659" ``` -- Copy your validator key to TMKMS: - - - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` - - - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/` - - - Import the private validator key into tmkms: - - ```bash - tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key - ``` - - - Remove the JSON key file - - ```bash - rm $TMKMS_HOME/secrets/priv_validator_key.json - ``` - -- Start TMKMS: +- Run ansible playbook to run the TMKMS: ```bash - tmkms start --config $TMKMS_HOME/tmkms.toml + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/run-tmkms.yml + ``` + +- Check logs to ensure that TMKMS is running: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/tmkms-deployment logs tmkms -f ``` - Expected example output: @@ -251,29 +244,24 @@ INFO tmkms::commands::start: tmkms 0.14.0 starting up... INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="} INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c - ERROR tmkms::client: [laconic-mainnet@tcp://localhost:26659] I/O error: Connection refused (os error 111) + ERROR tmkms::client: [laconic-mainnet@tcp://:26659] I/O error: Connection refused (os error 111) ``` NOTE: The errors dissapear once the laconicd node starts - - Note the pubkey logged at start for comparing later with validator pubkey on chain +- Note the pubkey logged at start for comparing later with validator pubkey on chain -- Enable TMKMS in the laconicd node configuration: +### Start node - ```bash - # Set TMKMS_ENABLED to true in the node's config.env - echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env - ``` +- Run the following steps in the machine where [the mainnet node is setup (machine 2)](#setup-node) - Remove the validator key from node deployment as it is no longer required: - ```bash - rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json - ``` - NOTE: Store it safely offline in case of an emergency -### Start node + ```bash + rm -rf $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json + ``` - Copy the genesis file to the mainnet deployment tmp directory: @@ -293,7 +281,7 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f ``` -- If TMKMS has been configured verify that validator and TMKMS pubkeys match: +- Verify that validator and TMKMS pubkeys match: - Get validator pubkey on chain @@ -331,6 +319,46 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd query bank balances $EARLY_SUPPORTS_ACC_ADDR" ``` +## Update config + +- Run following steps to update the config for TMKMS and node + +### TMKMS + +- Run these steps in the machine where the TMKMS service is setup (machine 4) + +- Stop the TMKMS deployment: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$TMKMS_DEPLOYMENT_DIR stop + ``` + +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values + +- Run ansible playbook to run the TMKMS: + + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/run-tmkms.yml + ``` + +### Node + +- Run these steps in the machine where the mainnet node is setup (machine 2) + +- Stop the node deployment: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR stop + ``` + +- Update `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env` with required values + +- Start the node deployment: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start + ``` + ## Publish required artifacts - Run the following steps in machine where the genesis file and staking amount files are generated (machine 3) diff --git a/docs/run-validator.md b/docs/run-validator.md index 697e8e1..de428e5 100644 --- a/docs/run-validator.md +++ b/docs/run-validator.md @@ -16,6 +16,12 @@ - [ansible](playbooks/README.md#ansible-installation) +- Machine 4: Where the TMKMS service is to be setup + + - laconicd-stack + + - [ansible](playbooks/README.md#ansible-installation) + - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install) is required in all machines - To fetch laconicd-stack: @@ -71,6 +77,9 @@ # Set persistent peers (comma-separated list of node IDs and addresses) # You can find the list of available peers in https://git.vdb.to/cerc-io/laconicd-stack/src/branch/main/node-addresses.yml cerc_peers: "@:26656,@:26656" + + # Enable TMKMS + tmkms_enabled: true ``` - Export the data directory and mainnet deployment directory as environment variables: @@ -89,80 +98,80 @@ ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/setup-validator.yml ``` -### Setup TMKMS (Optional but Recommended) +- Copy over the `priv_validator_key.json` located at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` to the machine from where the TMKMS service is to be setup (machine 4) - +## Setup TMKMS -- For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup +- For integrating TMKMS with laconicd, follow steps below in the machine where the TMKMS service is to be setup (machine 4) -- Set `$TMKMS_HOME` to the directory path containing TMKMS config files +- Export the data directory as environment variable: ```bash - # Contents of tmkms config directory - ls -l $TMKMS_HOME - drwxrwxr-x 2 ... schema - drwx------ 2 ... secrets - drwxrwxr-x 2 ... state - -rw-rw-r-- 1 ... tmkms.toml + # Parent directory where the deployment directory will live + export DATA_DIRECTORY= ``` -- Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`: +- Run ansible playbook to setup the TMKMS service: - ```toml - [[chain]] - id = "laconic-mainnet" - key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } - # Replace with absolute path to tmkms config directory - state_file = "/state/priv_validator_state.json" - - [[validator]] - chain_id = "laconic-mainnet" - # Replace with actual IP address of the laconicd node - addr = "tcp://:26659" - # Replace with absolute path to tmkms config directory - secret_key = "/secrets/kms-identity.key" - protocol_version = "v0.34" - reconnect = true - - [[providers.softsign]] - key_type = "consensus" - # Replace with absolute path to tmkms config directory - path = "/secrets/priv_validator_key" - chain_ids = ["laconic-mainnet"] + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/setup-tmkms.yml ``` -- Copy your validator key to TMKMS: +## Run Node - - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` +### Start TMKMS - - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/` +- Run the following steps in the machine where [the TMKMS service is setup (Machine 4)](#setup-tmkms) - - Import the private validator key into tmkms: +- Copy the example variables file: + + ```bash + cp ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.example.yml ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml + ``` + +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values: + + NOTE: Use the `priv_validator_key.json` file copied from the node setup machine (Machine 2) in [previous step](#setup-node) + + ```yaml + # Absolute path to the node's private validator key file + priv_validator_key_file_path: "" + + # Set the IP address of the machine where the laconicd node is setup + node_ip: "" + + # Set the port of the laconicd node + node_port: "26659" + ``` + +- Run ansible playbook to run the TMKMS: + + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/run-tmkms.yml + ``` + +- Check logs to ensure that TMKMS is running: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/tmkms-deployment logs tmkms -f + ``` + + - Expected example output: ```bash - tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key + INFO tmkms::commands::start: tmkms 0.14.0 starting up... + INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="} + INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c + ERROR tmkms::client: [laconic-mainnet@:26659] I/O error: Connection refused (os error 111) ``` - - Remove the JSON key file + NOTE: The errors dissapear once the laconicd node starts - ```bash - rm $TMKMS_HOME/secrets/priv_validator_key.json - ``` +- Note the pubkey logged at start for comparing later with validator pubkey on chain -- Start TMKMS: +### Start Node - ```bash - tmkms start --config $TMKMS_HOME/tmkms.toml - ``` - -- Enable TMKMS in the laconicd node configuration: - - ```bash - # Set TMKMS_ENABLED to true in the node's config.env - echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env - ``` - -## Start Node +- Run the following steps in the machine where [the validator node is setup (machine 2)](#setup-node) - Start the laconicd node: @@ -188,8 +197,6 @@ - Run these steps in a machine from where [the create-validator transaction is to be signed (machine 3)](#build-laconicd-to-create-validator) - This command clones the entire repository into the `~/cerc` folder, which includes the genesis file published by the first validator. - - Copy the example variables file: ```bash @@ -215,7 +222,6 @@ ```bash export DATA_DIRECTORY= - export MAINNET_DEPLOYMENT_DIR=mainnet-validator-deployment ``` - Run ansible playbook to create validator on running chain: @@ -234,16 +240,58 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators' ``` - - If TMKMS has been configured, remove the validator key from node deployment as it is no longer required: - - ```bash - rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json - ``` + - Remove the validator key from node deployment as TMKMS is configured: NOTE: Store it safely offline in case of an emergency + ```bash + rm -rf $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json + ``` + +## Update config + +- Run following steps to update the config for TMKMS and node + +### TMKMS + +- Run these steps in the machine where the TMKMS service is setup (machine 4) + +- Stop the TMKMS deployment: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/tmkms-deployment stop + ``` + +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values + +- Run ansible playbook to run the TMKMS: + + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/run-tmkms.yml + ``` + +### Node + +- Run these steps in the machine where the mainnet node is setup (machine 2) + +- Stop the node deployment: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR stop + ``` + +- Update `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env` with required values + +- Start the node deployment: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start + ``` + ## Register Your Node +- Run the following steps in the machine where the mainnet node is setup (machine 2) + - Get your node's address: ```bash diff --git a/playbooks/cosmos-multisig-app/cosmos-multisig-vars.example.yml b/playbooks/cosmos-multisig-app/cosmos-multisig-vars.example.yml index 4467c24..0abc814 100644 --- a/playbooks/cosmos-multisig-app/cosmos-multisig-vars.example.yml +++ b/playbooks/cosmos-multisig-app/cosmos-multisig-vars.example.yml @@ -1,16 +1,47 @@ +# Set to true if the application supports multiple chains next_public_multichain: false -next_public_registry_name: "laconic" + +# The name of the blockchain registry +next_public_registry_name: "laconic-mainnet" + +# URL or path to the blockchain's logo next_public_logo: "" + +# The chain ID for the blockchain network next_public_chain_id: "laconic-mainnet" + +# Display name for the blockchain network next_public_chain_display_name: "Laconic Mainnet" + +# Comma-separated list of node addresses for the application to connect to next_public_node_addresses: '[]' + +# The REST endpoint for the node node_rest_endpoint: "" + +# The base denomination of the native token next_public_denom: "alnt" + +# The display denomination of the native token next_public_display_denom: "ALNT" -next_public_display_denom_exponent: 18 + +# The exponent for the display denomination +next_public_display_denom_exponent: 0 + +# JSON array of asset definitions, including denom units, base, name, display, and symbol next_public_assets: '[{"denom_units":[{"denom":"alnt","exponent":0}],"base":"alnt","name":"Laconic Token","display":"ALNT","symbol":"alnt"}]' + +# Default gas price for transactions next_public_gas_price: "0.001alnt" + +# The address prefix for the blockchain next_public_address_prefix: "laconic" + +# Set to true if HTTP is enabled for the application next_public_is_http_enabled: false + +# Set to true to use host network mode for the Docker container use_host_network: "" + +# Domain for Dgraph service dgraph_domain: "" diff --git a/playbooks/first-validator/first-validator-vars.example.yml b/playbooks/first-validator/first-validator-vars.example.yml index fd788c0..933aa8c 100644 --- a/playbooks/first-validator/first-validator-vars.example.yml +++ b/playbooks/first-validator/first-validator-vars.example.yml @@ -1,6 +1,23 @@ -cerc_moniker: "LaconicMainnetNode" -cerc_chain_id: "laconic-mainnet" -min_gas_price: 0.001 -cerc_loglevel: "info" -key_name: "laconic-validator" + +# The public key of the validator node. This is required for generating the genesis file +# It should be wrapped in single quotes validator_pub_key: '' + +# Custom moniker for the validator node +cerc_moniker: "LaconicMainnetNode" + +# The chain ID for the blockchain network +cerc_chain_id: "laconic-mainnet" + +# Set to true to enable TMKMS (Tendermint Key Management System) for this node +# If true, the node will use an external TMKMS for signing validator operations +tmkms_enabled: + +# Minimum gas price for transactions, in ALNT (e.g., 0.001alnt) +min_gas_price: 0.001 + +# Log level for the laconicd node (e.g., "info", "debug", "error") +cerc_loglevel: "info" + +# Desired key name for the validator account +key_name: "laconic-validator" diff --git a/playbooks/first-validator/setup-first-validator.yml b/playbooks/first-validator/setup-first-validator.yml index 830684d..b58e3a5 100644 --- a/playbooks/first-validator/setup-first-validator.yml +++ b/playbooks/first-validator/setup-first-validator.yml @@ -46,6 +46,7 @@ CERC_CHAIN_ID: "{{ cerc_chain_id }}" MIN_GAS_PRICE: "{{ min_gas_price }}" CERC_LOGLEVEL: "{{ cerc_loglevel }}" + TMKMS_ENABLED: "{{ tmkms_enabled }}" mode: '0777' - name: Initialize laconicd node diff --git a/playbooks/tmkms/run-tmkms.yml b/playbooks/tmkms/run-tmkms.yml new file mode 100644 index 0000000..fbd3052 --- /dev/null +++ b/playbooks/tmkms/run-tmkms.yml @@ -0,0 +1,53 @@ +--- +- name: Run TMKMS stack + hosts: localhost + vars_files: + - tmkms-vars.yml + vars: + data_directory: "{{ lookup('env', 'DATA_DIRECTORY') }}" + tmkms_deployment_dir: "{{ lookup('env', 'TMKMS_DEPLOYMENT_DIR') | default('tmkms-deployment', true) }}" + tasks: + - name: Fail if DATA_DIRECTORY env var is not set + fail: + msg: >- + Required environment variable DATA_DIRECTORY is not set. + Please export DATA_DIRECTORY before running the playbook. + when: lookup('env', 'DATA_DIRECTORY') == '' + + - name: Ensure tmp directory exists inside tmkms-data volume + file: + path: "{{data_directory}}/{{ tmkms_deployment_dir }}/data/tmkms-data/tmp" + state: directory + mode: '0755' + + - name: Check if priv_validator_key_file_path exists + stat: + path: "{{ priv_validator_key_file_path }}" + register: priv_key_file + + - name: Copy private validator key to tmkms deployment tmp directory + copy: + src: "{{ priv_validator_key_file_path }}" + dest: "{{data_directory}}/{{ tmkms_deployment_dir }}/data/tmkms-data/tmp/priv_validator_key.json" + mode: '0644' + when: priv_key_file.stat.exists + + - name: Create config.env for tmkms deployment + copy: + dest: "{{data_directory}}/{{ tmkms_deployment_dir }}/config.env" + content: | + CHAIN_ID: "{{ chain_id }}" + NODE_IP: "{{ node_ip }}" + NODE_PORT: "{{ node_port }}" + KEY_PREFIX: "{{ key_prefix }}" + mode: '0777' + + - name: Start tmkms deployment + shell: | + laconic-so deployment --dir {{data_directory}}/{{ tmkms_deployment_dir }} start + + - name: Remove input private validator key file + file: + path: "{{ priv_validator_key_file_path }}" + state: absent + when: priv_key_file.stat.exists diff --git a/playbooks/tmkms/setup-tmkms.yml b/playbooks/tmkms/setup-tmkms.yml new file mode 100644 index 0000000..643040f --- /dev/null +++ b/playbooks/tmkms/setup-tmkms.yml @@ -0,0 +1,31 @@ +--- +- name: Setup TMKMS stack + hosts: localhost + vars: + data_directory: "{{ lookup('env', 'DATA_DIRECTORY') }}" + tmkms_deployment_dir: "{{ lookup('env', 'TMKMS_DEPLOYMENT_DIR') | default('tmkms-deployment', true) }}" + tmkms_spec_file: "{{data_directory}}/tmkms-spec.yml" + build_args: "{{ '--force-rebuild' if (lookup('env', 'FORCE_REBUILD') | default(omit, true)) not in [ 'false', 'False', '0' ] else '' }}" + tasks: + - name: Fail if DATA_DIRECTORY env var is not set + fail: + msg: >- + Required environment variable DATA_DIRECTORY is not set. + Please export DATA_DIRECTORY before running the playbook. + when: lookup('env', 'DATA_DIRECTORY') == '' + + - name: Fetch tmkms stack + shell: | + laconic-so fetch-stack git.vdb.to/LaconicNetwork/tmkms-stack --git-ssh --pull + + - name: Build tmkms container images + shell: | + laconic-so --stack ~/cerc/tmkms-stack/stack-orchestrator/stacks/tmkms build-containers {{ build_args }} + + - name: Create tmkms deployment spec file + shell: | + laconic-so --stack ~/cerc/tmkms-stack/stack-orchestrator/stacks/tmkms deploy init --output {{ tmkms_spec_file }} + + - name: Create tmkms deployment from spec file + shell: | + laconic-so --stack ~/cerc/tmkms-stack/stack-orchestrator/stacks/tmkms deploy create --spec-file {{ tmkms_spec_file }} --deployment-dir {{data_directory}}/{{ tmkms_deployment_dir }} diff --git a/playbooks/tmkms/tmkms-vars.example.yml b/playbooks/tmkms/tmkms-vars.example.yml new file mode 100644 index 0000000..5518fef --- /dev/null +++ b/playbooks/tmkms/tmkms-vars.example.yml @@ -0,0 +1,16 @@ +# Absolute path to the node's private validator key file (e.g., /path/to/priv_validator_key.json). +# This file is copied into the TMKMS deployment +priv_validator_key_file_path: "" + +# The IP address of the machine where the laconicd node is set up +# TMKMS will connect to this IP address +node_ip: "" + +# The port of the laconicd node that TMKMS will connect to +node_port: "26659" + +# The key prefix used for account and consensus public keys in the blockchain +key_prefix: "laconic" + +# The chain ID for the blockchain network +chain_id: "laconic-mainnet" diff --git a/playbooks/validator/setup-validator.yml b/playbooks/validator/setup-validator.yml index 79ac21c..d0d102d 100644 --- a/playbooks/validator/setup-validator.yml +++ b/playbooks/validator/setup-validator.yml @@ -54,6 +54,7 @@ CERC_PEERS: "{{ cerc_peers }}" MIN_GAS_PRICE: "{{ min_gas_price }}" CERC_LOGLEVEL: "{{ cerc_loglevel }}" + TMKMS_ENABLED: "{{ tmkms_enabled }}" mode: '0777' - name: Ensure tmp directory exists inside laconicd-data diff --git a/playbooks/validator/validator-vars.example.yml b/playbooks/validator/validator-vars.example.yml index a9b99ae..a71f858 100644 --- a/playbooks/validator/validator-vars.example.yml +++ b/playbooks/validator/validator-vars.example.yml @@ -1,10 +1,35 @@ +# The URL of the laconicd node's RPC endpoint (e.g., "tcp://NODE_PUBLIC_IP_ADDRESS:26657") node_url: "" + +# The public key of the validator node. This is required for creating the validator on chain +# It should be wrapped in single quotes validator_pub_key: '' + +# Custom moniker for the validator node cerc_moniker: "" + +# Comma-separated list of persistent peers for the laconicd node +# You can find available peers in https://git.vdb.to/cerc-io/laconicd-stack/src/branch/main/node-addresses.yml cerc_peers: "" + +# Set to true to enable TMKMS (Tendermint Key Management System) for this node +# If true, the node will use an external TMKMS for signing validator operations +tmkms_enabled: + +# The chain ID for the blockchain network cerc_chain_id: "laconic-mainnet" + +# Minimum gas price for transactions, in ALNT (e.g., 0.001alnt) min_gas_price: 0.001 + +# Log level for the laconicd node (e.g., "info", "debug", "error") cerc_loglevel: "info" + +# Absolute path to the mainnet genesis.json file genesis_file: "~/cerc/laconicd-stack/config/mainnet-genesis.json" + +# Absolute path to the staking-amount.json file staking_amount_file: "~/cerc/laconicd-stack/config/staking-amount.json" + +# Desired key name for the validator account key_name: "laconic-validator"