From 40ac26bd789abbbaf7390c477c5a00f3ad4a381f Mon Sep 17 00:00:00 2001 From: Nabarun Date: Tue, 20 May 2025 13:55:15 +0000 Subject: [PATCH] Add steps to configure TMKMS in node deployments (#4) Part of https://www.notion.so/Create-stacks-for-mainnet-1f2a6b22d4728034be4be2c51decf94e - TMKMS config is for `softsign` backend provider Reviewed-on: https://git.vdb.to/cerc-io/laconicd-stack/pulls/4 Co-authored-by: Nabarun Co-committed-by: Nabarun --- docs/demo.md | 329 ++++++++++++++++-- docs/run-first-validator.md | 119 ++++++- docs/run-validator.md | 92 ++++- .../first-validator/generate-genesis.yml | 2 +- ...alidator.yml => setup-first-validator.yml} | 4 - .../templates/specs/spec-template.yml.j2 | 1 + ...{run-validator.yml => setup-validator.yml} | 13 +- .../templates/specs/spec-template.yml.j2 | 1 + .../docker-compose-mainnet-laconicd.yml | 3 + .../create-and-collect-gentx.sh | 4 +- .../config/mainnet-laconicd/run-laconicd.sh | 26 +- .../config/mainnet-laconicd/setup-laconicd.sh | 29 ++ 12 files changed, 570 insertions(+), 53 deletions(-) rename playbooks/first-validator/{run-first-validator.yml => setup-first-validator.yml} (96%) rename playbooks/validator/{run-validator.yml => setup-validator.yml} (85%) create mode 100755 stack-orchestrator/config/mainnet-laconicd/setup-laconicd.sh diff --git a/docs/demo.md b/docs/demo.md index 371ab0f..d38e1d3 100644 --- a/docs/demo.md +++ b/docs/demo.md @@ -4,12 +4,239 @@ - [ansible](playbooks/README.md#ansible-installation) - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install) +- [tmkms](https://github.com/iqlusioninc/tmkms?tab=readme-ov-file#installation) + - Install with `softsign` feature + ```bash + cargo install tmkms --features=softsign --version=0.14.0 + ``` +- testnet-state.json ([exported testnet state](./run-first-validator.md#export-testnet-state)) +- distribution.json (JSON containing the `lps_lockup` distribution) -## Run node +## Steps -- Follow these steps to run first validator node: [run-first-validator.md](./run-first-validator.md) +- In current working directory demo, keep exported `testnet-state.json` and `distribution.json` file from prerequisites -- Following steps can be used to run subsequent validator nodes +- Fetch stack: + + ```bash + laconic-so fetch-stack git.vdb.to/cerc-io/laconicd-stack --git-ssh --pull + ``` + +- Export current working directory + + ```bash + export CWD=$(pwd) + ``` + +- Set envs: + + ```bash + export EXPORTED_STATE_PATH=$CWD/testnet-state.json + export LPS_DISTRIBUTION_PATH=$CWD/distribution.json + + # Test address that does not exist on testnet chain + export EARLY_SUPPORTS_ACC_ADDR=laconic1gwytamfk3m5n0gsawh5vpwxkwd3vapmvzpp6nz + ``` + +- Copy the example variables file: + + ```bash + cp ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.example.yml ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml + ``` + +- Run playbook to use exported state for generating mainnet genesis: + + ```bash + ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/generate-genesis.yml -e "exported_state_path=$EXPORTED_STATE_PATH" -e "lps_distribution_path=$LPS_DISTRIBUTION_PATH" -e "early_supports_acc_address=$EARLY_SUPPORTS_ACC_ADDR" + ``` + +- Genesis file will be generated in output directory along with a file specifying the staking amount + + ```bash + # List files in output directory - genesis.json and staking-amount.json + ls -l output + ``` + +- Set env for key of account with balance in testnet: + + ```bash + export FIRST_ACCOUNT_KEY= + ``` + +- Create and populate first-validator-vars.yml: + + ```bash + cat > ~/cerc/laconicd-stack/playbooks/first-validator/first-validator-vars.yml << EOL + # Use a private key of an existing account with balance in testnet + pvt_key: $FIRST_ACCOUNT_KEY + + # Path to the generated mainnet genesis file + # Use the absolute path of generated output directory in the previous steps + genesis_file: "$CWD/output/genesis.json" + + # Path to staking-amount.json generated in previous steps + staking_amount_file: "$CWD/output/staking-amount.json" + + # Set custom moniker for the node + cerc_moniker: "LaconicMainnet" + # Set desired key name + key_name: "laconic-validator" + + cerc_chain_id: "laconic-mainnet" + min_gas_price: 0.001 + cerc_loglevel: "info" + key_name: "laconic-validator" + EOL + ``` + +- Export the data directory and mainnet deployment directory as environment variables: + + ```bash + # Parent directory where the deployment directory will live + export DATA_DIRECTORY=$CWD + + # Set mainnet deployment directory + export MAINNET_DEPLOYMENT_DIR=mainnet-laconicd-deployment + ``` + +- Run ansible playbook to submit gentx and setup the node: + + ```bash + ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/setup-first-validator.yml + ``` + +- Create tmks config directory for first validator node + + ```bash + tmkms init ./tmkms-first-node + ``` + +- Update the TMKMS configuration file `./tmkms-first-node/tmkms.toml`: + + ```bash + cat > ./tmkms-first-node/tmkms.toml << EOL + [[chain]] + id = "laconic-mainnet" + key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } + state_file = "$CWD/tmkms-first-node/state/priv_validator_state.json" + + [[validator]] + chain_id = "laconic-mainnet" + addr = "tcp://localhost:26659" + secret_key = "$CWD/tmkms-first-node/secrets/kms-identity.key" + protocol_version = "v0.34" + reconnect = true + + [[providers.softsign]] + key_type = "consensus" + path = "$CWD/tmkms-first-node/secrets/priv_validator_key" + chain_ids = ["laconic-mainnet"] + EOL + ``` + +- Import the private validator key into tmkms: + + ```bash + tmkms softsign import $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json $CWD/tmkms-first-node/secrets/priv_validator_key + ``` + +- Start TMKMS: + ```bash + tmkms start --config $CWD/tmkms-first-node/tmkms.toml + ``` + + - Expected example output: + ```bash + INFO tmkms::commands::start: tmkms 0.14.0 starting up... + INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="} + INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c + ERROR tmkms::client: [laconic-mainnet@tcp://localhost:26659] I/O error: Connection refused (os error 111) + ``` + NOTE: The errors dissapear once the laconicd node starts + + - Note the pubkey logged at start for comparing later with validator pubkey on chain + +- In a new terminal export envs + ```bash + export CWD=$(pwd) + export DATA_DIRECTORY=$CWD + export MAINNET_DEPLOYMENT_DIR=mainnet-laconicd-deployment + + # Test address that does not exist on testnet chain + export EARLY_SUPPORTS_ACC_ADDR=laconic1gwytamfk3m5n0gsawh5vpwxkwd3vapmvzpp6nz + ``` + +- Enable TMKMS in the laconicd node configuration: + ```bash + echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env + ``` + +- Remove the validator key from node deployment as it is no longer required + ```bash + rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json + ``` + +- Run the first validator node + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start + ``` + +- Check logs to ensure that node is running: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f + ``` + +- Verify that validator and TMKMS pubkeys match + + - Get validator pubkey on chain + ```bash + # Check consensus_pubkey in output + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators -o json | jq .validators' + ``` + + - Compare it with the pubkey noted from logs in TMKMS + +- Check bonds list to confirm that testnet state was transferred properly: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query bond list' + ``` + +- Check `alps` and `alnt` tokens total supply: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query bank total-supply' + ``` + +- Query the `lps_lockup` account and view distribution: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query auth module-account lps_lockup' + ``` + +- Query the `lps_lockup` and early supports accounts balances: + + ```bash + lockup_account_address=$(laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query auth module-account lps_lockup -o json | jq -r .account.value.base_account.address') + + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd query bank balances $lockup_account_address" + + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd query bank balances $EARLY_SUPPORTS_ACC_ADDR" + ``` + +- Copy the genesis file to [config](./config) folder: + + ```bash + cp $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/genesis.json ~/cerc/laconicd-stack/config/mainnet-genesis.json + ``` + +- Copy the staking amount file to [config](./config) folder: + + ```bash + cp $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/tmp/staking-amount.json ~/cerc/laconicd-stack/config/staking-amount.json + ``` - Copy the example variables file: @@ -23,8 +250,6 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'echo $(laconicd cometbft show-node-id)@host.docker.internal:26656' ``` - NOTE: Make sure that DATA_DIRECTORY and MAINNET_DEPLOYMENT_DIR values are that of first validator deployment - - Update `cerc_peers` in `~/cerc/laconicd-stack/playbooks/validator/validator-vars.yml`: ```bash @@ -37,11 +262,10 @@ ```bash # Parent directory where the deployment directory will live - export DATA_DIRECTORY= + export DATA_DIRECTORY=$CWD # Set mainnet deployment directory - # for eg: mainnet-validator-deployment - export MAINNET_DEPLOYMENT_DIR= + export MAINNET_DEPLOYMENT_DIR=mainnet-validator-deployment ``` - Update port mappings in `~/cerc/laconicd-stack/playbooks/validator/templates/specs/spec-template.yml.j2` to avoid port conflicts with first validator node: @@ -51,6 +275,7 @@ ports: laconicd: - '3060:6060' + - '36659:26659' - '36657:26657' - '36656:26656' - '3473:9473' @@ -58,10 +283,67 @@ - '3317:1317' ``` -- Run ansible playbook to set up and start your validator node: +- Run ansible playbook to set up your validator node deployment: ```bash - ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/run-validator.yml + ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/setup-validator.yml + ``` + +- Create tmks config directory for second validator node + + ```bash + tmkms init ./tmkms-second-node + ``` + +- Update the TMKMS configuration file `./tmkms-second-node/tmkms.toml`: + + ```bash + cat > ./tmkms-second-node/tmkms.toml << EOL + [[chain]] + id = "laconic-mainnet" + key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } + state_file = "$CWD/tmkms-second-node/state/priv_validator_state.json" + + [[validator]] + chain_id = "laconic-mainnet" + addr = "tcp://localhost:36659" + secret_key = "$CWD/tmkms-second-node/secrets/kms-identity.key" + protocol_version = "v0.34" + reconnect = true + + [[providers.softsign]] + key_type = "consensus" + path = "$CWD/tmkms-second-node/secrets/priv_validator_key" + chain_ids = ["laconic-mainnet"] + EOL + ``` + +- Import the private validator key into tmkms: + + ```bash + tmkms softsign import $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json $CWD/tmkms-second-node/secrets/priv_validator_key + ``` + +- Start TMKMS: + ```bash + tmkms start --config $CWD/tmkms-second-node/tmkms.toml + ``` + +- In a new terminal export envs + ```bash + export CWD=$(pwd) + export DATA_DIRECTORY=$CWD + export MAINNET_DEPLOYMENT_DIR=mainnet-validator-deployment + ``` + +- Enable TMKMS in the laconicd node configuration: + ```bash + echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env + ``` + +- Start the node: + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start ``` - Check logs to ensure that node is running: @@ -70,26 +352,20 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f ``` -## Create Validator - -- Export required env vars: +- Export required env vars for creating validator: ```bash - # private key of the existing account + # private key of another existing account with balance export PVT_KEY= # desired key name - export KEY_NAME= - - export DATA_DIRECTORY= - export MAINNET_DEPLOYMENT_DIR= + export KEY_NAME=validator-2 ``` - Run ansible playbook to create validator on running chain: - ```bash - ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/create-validator.yml + ansible-playbook -v -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/create-validator.yml ``` - Check the validator list: @@ -97,3 +373,16 @@ ```bash laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators' ``` + +- Remove the validator key from node deployment as it is no longer required + ```bash + rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json + ``` + +## Cleanup + +- Remove deployments and other config files + + ```bash + rm -rf *-spec.yml *-deployment tmkms-* output + ``` diff --git a/docs/run-first-validator.md b/docs/run-first-validator.md index 9ce040c..8e212f5 100644 --- a/docs/run-first-validator.md +++ b/docs/run-first-validator.md @@ -5,7 +5,7 @@ - [ansible](playbooks/README.md#ansible-installation) - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install) -## Generate mainnet genesis file +## Export testnet state - Get your private key from testnet deployment: @@ -35,6 +35,8 @@ - The file will be generated in `/export/testnet-state.json` +## Generate mainnet genesis file + - If mainnet node is to be setup in a new machine, fetch the stack again: ```bash @@ -72,7 +74,7 @@ ls -l output ``` -## Run node +## Setup node - Copy the example variables file if not already done: @@ -111,10 +113,107 @@ export MAINNET_DEPLOYMENT_DIR= ``` -- Run ansible playbook to submit the gentx and run the node: +- Run ansible playbook to submit gentx and setup the node: ```bash - ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/run-first-validator.yml + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/first-validator/setup-first-validator.yml + ``` + +### Setup TMKMS (Optional but Recommended) + + + +- For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup + +- Set `$TMKMS_HOME` to the directory path containing TMKMS config files + + ```bash + # Contents of tmkms config directory + ls -l $TMKMS_HOME + drwxrwxr-x 2 ... schema + drwx------ 2 ... secrets + drwxrwxr-x 2 ... state + -rw-rw-r-- 1 ... tmkms.toml + ``` + +- Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`: + ```toml + [[chain]] + id = "laconic-mainnet" + key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } + # Replace with absolute path to tmkms config directory + state_file = "/state/priv_validator_state.json" + + [[validator]] + chain_id = "laconic-mainnet" + # Replace with actual IP address of the laconicd node + addr = "tcp://:26659" + # Replace with absolute path to tmkms config directory + secret_key = "/secrets/kms-identity.key" + protocol_version = "v0.34" + reconnect = true + + [[providers.softsign]] + key_type = "consensus" + # Replace with absolute path to tmkms config directory + path = "/secrets/priv_validator_key" + chain_ids = ["laconic-mainnet"] + ``` + +- Copy your validator key to TMKMS: + + - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` + + - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/` + + - Import the private validator key into tmkms: + + ```bash + tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key + ``` + + - Remove the JSON key file + + ```bash + rm $TMKMS_HOME/secrets/priv_validator_key.json + ``` + +- Start TMKMS: + ```bash + tmkms start --config $TMKMS_HOME/tmkms.toml + ``` + + - Expected example output: + ```bash + INFO tmkms::commands::start: tmkms 0.14.0 starting up... + INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="} + INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c + ERROR tmkms::client: [laconic-mainnet@tcp://localhost:26659] I/O error: Connection refused (os error 111) + ``` + NOTE: The errors dissapear once the laconicd node starts + + - Note the pubkey logged at start for comparing later with validator pubkey on chain + +- Enable TMKMS in the laconicd node configuration: + ```bash + # Set TMKMS_ENABLED to true in the node's config.env + echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env + ``` + +- Remove the validator key from node deployment as it is no longer required + + ```bash + rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json + ``` + + NOTE: Store it safely offline in case of an emergency + +## Run node + +- Command to run node + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start ``` - Check logs to ensure that node is running: @@ -123,6 +222,16 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f ``` +- If TMKMS has been configured verify that validator and TMKMS pubkeys match + + - Get validator pubkey on chain + ```bash + # Check consensus_pubkey in output + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators -o json | jq .validators' + ``` + + - Compare it with the pubkey noted from logs in TMKMS + - Check bonds list to confirm that testnet state was transferred properly: ```bash @@ -161,7 +270,7 @@ - Copy the staking amount file to [config](./config) folder: ```bash - cp /staking-amount.json ~/cerc/laconicd-stack/config/staking-amount.json + cp $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/tmp/staking-amount.json ~/cerc/laconicd-stack/config/staking-amount.json ``` - Get your node's address: diff --git a/docs/run-validator.md b/docs/run-validator.md index 400a409..ef684c6 100644 --- a/docs/run-validator.md +++ b/docs/run-validator.md @@ -5,7 +5,7 @@ - [ansible](playbooks/README.md#ansible-installation) - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install) -## Run node +## Setup Node - Get your private key from testnet deployment: @@ -57,14 +57,90 @@ export MAINNET_DEPLOYMENT_DIR= ``` -- Run ansible playbook to set up and start your validator node: +- Run ansible playbook to set up your validator node deployment: ```bash - ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/run-validator.yml + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/setup-validator.yml + ``` + +### Setup TMKMS (Optional but Recommended) + + + +- For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup + +- Set `$TMKMS_HOME` to the directory path containing TMKMS config files + + ```bash + # Contents of tmkms config directory + ls -l $TMKMS_HOME + drwxrwxr-x 2 ... schema + drwx------ 2 ... secrets + drwxrwxr-x 2 ... state + -rw-rw-r-- 1 ... tmkms.toml + ``` + +- Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`: + ```toml + [[chain]] + id = "laconic-mainnet" + key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } + # Replace with absolute path to tmkms config directory + state_file = "/state/priv_validator_state.json" + + [[validator]] + chain_id = "laconic-mainnet" + # Replace with actual IP address of the laconicd node + addr = "tcp://:26659" + # Replace with absolute path to tmkms config directory + secret_key = "/secrets/kms-identity.key" + protocol_version = "v0.34" + reconnect = true + + [[providers.softsign]] + key_type = "consensus" + # Replace with absolute path to tmkms config directory + path = "/secrets/priv_validator_key" + chain_ids = ["laconic-mainnet"] + ``` + +- Copy your validator key to TMKMS: + + - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` + + - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/` + + - Import the private validator key into tmkms: + + ```bash + tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key + ``` + + - Remove the JSON key file + + ```bash + rm $TMKMS_HOME/secrets/priv_validator_key.json + ``` + +- Start TMKMS: + ```bash + tmkms start --config $TMKMS_HOME/tmkms.toml + ``` + +- Enable TMKMS in the laconicd node configuration: + ```bash + # Set TMKMS_ENABLED to true in the node's config.env + echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env + ``` + +## Start Node + +- Start the laconicd node: + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR start ``` - Check logs to ensure that node is running: - ```bash laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f ``` @@ -86,7 +162,6 @@ - Run ansible playbook to create validator on running chain: - ```bash ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/create-validator.yml ``` @@ -97,6 +172,13 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators' ``` +- If TMKMS has been configured, remove the validator key from node deployment as it is no longer required: + ```bash + rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json + ``` + + NOTE: Store it safely offline in case of an emergency + ## Register Your Node - Get your node's address: diff --git a/playbooks/first-validator/generate-genesis.yml b/playbooks/first-validator/generate-genesis.yml index d809b0e..4409bf3 100644 --- a/playbooks/first-validator/generate-genesis.yml +++ b/playbooks/first-validator/generate-genesis.yml @@ -9,7 +9,7 @@ ansible.builtin.shell: cmd: "laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd setup-repositories --git-ssh --pull" - # TODO: Add a flag to control force rebuild + # TODO: Add a playbook flag to control force rebuild - name: Build containers ansible.builtin.shell: cmd: "laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd build-containers --force-rebuild" diff --git a/playbooks/first-validator/run-first-validator.yml b/playbooks/first-validator/setup-first-validator.yml similarity index 96% rename from playbooks/first-validator/run-first-validator.yml rename to playbooks/first-validator/setup-first-validator.yml index df87d38..86ce682 100644 --- a/playbooks/first-validator/run-first-validator.yml +++ b/playbooks/first-validator/setup-first-validator.yml @@ -92,7 +92,3 @@ -e "CERC_MONIKER={{ cerc_moniker }}" \ -e "CERC_CHAIN_ID={{ cerc_chain_id }}" \ cerc/laconicd:local bash -c "/scripts/create-and-collect-gentx.sh" - - - name: Run validator node - shell: | - laconic-so deployment --dir {{data_directory}}/{{ mainnet_deployment_dir }} start diff --git a/playbooks/first-validator/templates/specs/spec-template.yml.j2 b/playbooks/first-validator/templates/specs/spec-template.yml.j2 index 9ae553e..a140929 100644 --- a/playbooks/first-validator/templates/specs/spec-template.yml.j2 +++ b/playbooks/first-validator/templates/specs/spec-template.yml.j2 @@ -2,6 +2,7 @@ network: ports: laconicd: - '6060:6060' + - '26659:26659' - '26657:26657' - '26656:26656' - '9473:9473' diff --git a/playbooks/validator/run-validator.yml b/playbooks/validator/setup-validator.yml similarity index 85% rename from playbooks/validator/run-validator.yml rename to playbooks/validator/setup-validator.yml index 8fcc0a9..703016c 100644 --- a/playbooks/validator/run-validator.yml +++ b/playbooks/validator/setup-validator.yml @@ -1,5 +1,5 @@ --- -- name: Run mainnet validator node +- name: Setup mainnet validator node hosts: localhost vars_files: - validator-vars.yml @@ -33,7 +33,7 @@ - name: Build container images shell: | - laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd build-containers + laconic-so --stack ~/cerc/laconicd-stack/stack-orchestrator/stacks/mainnet-laconicd build-containers --force-rebuild - name: Create deployment spec file shell: | @@ -76,6 +76,11 @@ dest: "{{data_directory}}/{{ mainnet_deployment_dir }}/data/laconicd-data/tmp/genesis.json" mode: '0644' - - name: Run validator node + - name: Initialize laconicd node shell: | - laconic-so deployment --dir {{data_directory}}/{{ mainnet_deployment_dir }} start + docker run -i \ + -v {{data_directory}}/{{ mainnet_deployment_dir }}/data/laconicd-data:/root/.laconicd \ + -v {{data_directory}}/{{ mainnet_deployment_dir }}/config/mainnet-laconicd:/scripts \ + -e "CERC_MONIKER={{ cerc_moniker }}" \ + -e "CERC_CHAIN_ID={{ cerc_chain_id }}" \ + cerc/laconicd:local bash -c "/scripts/setup-laconicd.sh" diff --git a/playbooks/validator/templates/specs/spec-template.yml.j2 b/playbooks/validator/templates/specs/spec-template.yml.j2 index 9ae553e..a140929 100644 --- a/playbooks/validator/templates/specs/spec-template.yml.j2 +++ b/playbooks/validator/templates/specs/spec-template.yml.j2 @@ -2,6 +2,7 @@ network: ports: laconicd: - '6060:6060' + - '26659:26659' - '26657:26657' - '26656:26656' - '9473:9473' diff --git a/stack-orchestrator/compose/docker-compose-mainnet-laconicd.yml b/stack-orchestrator/compose/docker-compose-mainnet-laconicd.yml index f0b18c0..b090de3 100644 --- a/stack-orchestrator/compose/docker-compose-mainnet-laconicd.yml +++ b/stack-orchestrator/compose/docker-compose-mainnet-laconicd.yml @@ -9,12 +9,15 @@ services: CERC_PEERS: ${CERC_PEERS} MIN_GAS_PRICE: ${MIN_GAS_PRICE:-0.001} CERC_LOGLEVEL: ${CERC_LOGLEVEL:-info} + TMKMS_ENABLED: ${TMKMS_ENABLED:-false} volumes: - laconicd-data:/root/.laconicd - ../config/mainnet-laconicd/run-laconicd.sh:/opt/run-laconicd.sh + - ../config/mainnet-laconicd/setup-laconicd.sh:/scripts/setup-laconicd.sh - ../config/mainnet-laconicd/create-validator.sh:/scripts/create-validator.sh ports: - "6060" + - "26659" - "26657" - "26656" - "9473" diff --git a/stack-orchestrator/config/mainnet-laconicd/create-and-collect-gentx.sh b/stack-orchestrator/config/mainnet-laconicd/create-and-collect-gentx.sh index d845554..d2fcd9c 100755 --- a/stack-orchestrator/config/mainnet-laconicd/create-and-collect-gentx.sh +++ b/stack-orchestrator/config/mainnet-laconicd/create-and-collect-gentx.sh @@ -4,7 +4,6 @@ set -e NODE_HOME=/root/.laconicd genesis_file_path=$NODE_HOME/config/genesis.json -# TODO: Set to OS keyring backend KEYRING="test" if [ -f "$genesis_file_path" ]; then @@ -45,6 +44,9 @@ laconicd config set client chain-id $CHAIN_ID --home $NODE_HOME laconicd config set client keyring-backend $KEYRING laconicd init $MONIKER --chain-id=$CHAIN_ID --home $NODE_HOME +# Make config directory accessible without root permissions in docker host +chmod -R 777 $NODE_HOME/config + # Copy over provided genesis config cp $input_genesis_file $genesis_file_path diff --git a/stack-orchestrator/config/mainnet-laconicd/run-laconicd.sh b/stack-orchestrator/config/mainnet-laconicd/run-laconicd.sh index 7051bea..5604afa 100755 --- a/stack-orchestrator/config/mainnet-laconicd/run-laconicd.sh +++ b/stack-orchestrator/config/mainnet-laconicd/run-laconicd.sh @@ -15,23 +15,12 @@ if [ ! -f ${input_genesis_file} ]; then fi echo "Env:" -echo "Moniker: $CERC_MONIKER" -echo "Chain Id: $CERC_CHAIN_ID" echo "Persistent peers: $CERC_PEERS" echo "Min gas price: $MIN_GAS_PRICE" echo "Log level: $CERC_LOGLEVEL" +echo "TMKMS enabled: $TMKMS_ENABLED" -# Set chain id in config -laconicd config set client chain-id $CERC_CHAIN_ID --home $NODE_HOME - -# Check if node data dir already exists -if [ -z "$(ls -A "$NODE_HOME/data")" ]; then - # Init node - echo "Initializing a new laconicd node with moniker $CERC_MONIKER and chain id $CERC_CHAIN_ID" - laconicd init $CERC_MONIKER --chain-id=$CERC_CHAIN_ID --home $NODE_HOME -else - echo "Node data dir $NODE_HOME/data already exists, skipping initialization..." -fi +/scripts/setup-laconicd.sh # Use provided config files cp $input_genesis_file $NODE_HOME/config/genesis.json @@ -39,6 +28,17 @@ cp $input_genesis_file $NODE_HOME/config/genesis.json # Enable cors sed -i 's/cors_allowed_origins.*$/cors_allowed_origins = ["*"]/' $NODE_HOME/config/config.toml +if [[ "${TMKMS_ENABLED,,}" == "true" ]]; then + # Configure private validator for external tmkms + sed -i "s/^priv_validator_laddr *=.*/priv_validator_laddr = \"tcp:\/\/0.0.0.0:26659\"/" $NODE_HOME/config/config.toml + + # Comment out validator key files when using external TMKMS + sed -i 's/^priv_validator_key_file =/# priv_validator_key_file =/' $NODE_HOME/config/config.toml + sed -i 's/^priv_validator_state_file =/# priv_validator_state_file =/' $NODE_HOME/config/config.toml +else + echo "Warning: TMKMS disabled, node will run with local validator keys" +fi + # Update config with persistent peers sed -i "s/^persistent_peers *=.*/persistent_peers = \"$CERC_PEERS\"/g" $NODE_HOME/config/config.toml diff --git a/stack-orchestrator/config/mainnet-laconicd/setup-laconicd.sh b/stack-orchestrator/config/mainnet-laconicd/setup-laconicd.sh new file mode 100755 index 0000000..041b914 --- /dev/null +++ b/stack-orchestrator/config/mainnet-laconicd/setup-laconicd.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +if [[ -n "$CERC_SCRIPT_DEBUG" ]]; then + set -x +fi + +set -e + +NODE_HOME=/root/.laconicd + +echo "Env:" +echo "Moniker: $CERC_MONIKER" +echo "Chain Id: $CERC_CHAIN_ID" + +# Set chain id in config +laconicd config set client chain-id $CERC_CHAIN_ID --home $NODE_HOME + +# Check if node data dir already exists +if [ -z "$(ls -A "$NODE_HOME/data")" ]; then + # Init node + echo "Initializing a new laconicd node with moniker $CERC_MONIKER and chain id $CERC_CHAIN_ID" + laconicd init $CERC_MONIKER --chain-id=$CERC_CHAIN_ID --home $NODE_HOME + + # Make config directory accessible without root permissions in docker host + chmod -R 777 $NODE_HOME/config +else + echo "Node data dir $NODE_HOME/data already exists, skipping initialization..." +fi +