From d1f64401e10e6542c0266088a22fa7aaefdd4d33 Mon Sep 17 00:00:00 2001 From: Shreerang Kale Date: Wed, 11 Jun 2025 11:49:10 +0530 Subject: [PATCH] Update tmkms instructions to use playbooks --- docs/run-first-validator.md | 128 +++++++++++++++++------------------ docs/run-validator.md | 131 +++++++++++++++++++++--------------- 2 files changed, 135 insertions(+), 124 deletions(-) diff --git a/docs/run-first-validator.md b/docs/run-first-validator.md index 72dc128..cb17428 100644 --- a/docs/run-first-validator.md +++ b/docs/run-first-validator.md @@ -14,6 +14,8 @@ - LPS distribution Google spreadsheet URL or CSV file path +- Machine 4: Where the TMKMS service is to be setup + - Following tools are required in all machines: - [ansible](playbooks/README.md#ansible-installation) @@ -81,6 +83,46 @@ NOTE: This public key is required in [next step to generate the genesis file](#generate-mainnet-genesis-file) +- Copy over the `priv_validator_key.json` located at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` to the machine where the TMKMS service is to be setup (machine 4) + +## Setup TMKMS + +- For integrating TMKMS with laconicd, follow steps below in the machine where the TMKMS service is to be setup (machine 4) + +- Copy the example variables file: + + ```bash + cp ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.example.yml ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml + ``` + +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values: + + NOTE: Use the `priv_validator_key.json` file copied from the node setup machine (Machine 2) in [previous step](#setup-node) + + ```yaml + # Absolute path to the node's private validator key file + priv_validator_key_file_path: "" + + # Set the IP address of the machine where the laconicd node is setup + node_ip: "" + + # Set the port of the laconicd node + node_port: "26659" + ``` + +- Export the data directory and TMKMS deployment directory as environment variables: + + ```bash + # Parent directory where the deployment directory will live + export DATA_DIRECTORY= + ``` + +- Run ansible playbook to setup the TMKMS service: + + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/setup-tmkms.yml + ``` + ## Export testnet state - Run the following steps in machine where the testnet node is already running (machine 1) @@ -177,72 +219,20 @@ ## Run node -- Run the following steps in the machine where the mainnet node is setup (machine 2) +### Start TMKMS -### Setup TMKMS (Optional but Recommended) +- Run these steps in the machine where the TMKMS service is setup (machine 4) - - -- For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup - -- Set `$TMKMS_HOME` to the directory path containing TMKMS config files +- Run ansible playbook to run the TMKMS: ```bash - # Contents of tmkms config directory - ls -l $TMKMS_HOME - drwxrwxr-x 2 ... schema - drwx------ 2 ... secrets - drwxrwxr-x 2 ... state - -rw-rw-r-- 1 ... tmkms.toml + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/run-tmkms.yml ``` -- Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`: - - ```toml - [[chain]] - id = "laconic-mainnet" - key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } - # Replace with absolute path to tmkms config directory - state_file = "/state/priv_validator_state.json" - - [[validator]] - chain_id = "laconic-mainnet" - # Replace with actual IP address of the laconicd node - addr = "tcp://:26659" - # Replace with absolute path to tmkms config directory - secret_key = "/secrets/kms-identity.key" - protocol_version = "v0.34" - reconnect = true - - [[providers.softsign]] - key_type = "consensus" - # Replace with absolute path to tmkms config directory - path = "/secrets/priv_validator_key" - chain_ids = ["laconic-mainnet"] - ``` - -- Copy your validator key to TMKMS: - - - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` - - - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/` - - - Import the private validator key into tmkms: - - ```bash - tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key - ``` - - - Remove the JSON key file - - ```bash - rm $TMKMS_HOME/secrets/priv_validator_key.json - ``` - -- Start TMKMS: +- Check logs to ensure that TMKMS is running: ```bash - tmkms start --config $TMKMS_HOME/tmkms.toml + laconic-so deployment --dir $DATA_DIRECTORY/$TMKMS_DEPLOYMENT_DIR logs tmkms -f ``` - Expected example output: @@ -251,19 +241,12 @@ INFO tmkms::commands::start: tmkms 0.14.0 starting up... INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="} INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c - ERROR tmkms::client: [laconic-mainnet@tcp://localhost:26659] I/O error: Connection refused (os error 111) + ERROR tmkms::client: [laconic-mainnet@tcp://:26659] I/O error: Connection refused (os error 111) ``` NOTE: The errors dissapear once the laconicd node starts - - Note the pubkey logged at start for comparing later with validator pubkey on chain - -- Enable TMKMS in the laconicd node configuration: - - ```bash - # Set TMKMS_ENABLED to true in the node's config.env - echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env - ``` +- Note the pubkey logged at start for comparing later with validator pubkey on chain - Remove the validator key from node deployment as it is no longer required: @@ -275,6 +258,15 @@ ### Start node +- Run the following steps in the machine where the mainnet node is setup (machine 2) + +- Enable TMKMS in the laconicd node configuration: + + ```bash + # Set TMKMS_ENABLED to true in the node's config.env + echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env + ``` + - Copy the genesis file to the mainnet deployment tmp directory: ```bash @@ -293,7 +285,7 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR logs laconicd -f ``` -- If TMKMS has been configured verify that validator and TMKMS pubkeys match: +- Verify that validator and TMKMS pubkeys match: - Get validator pubkey on chain diff --git a/docs/run-validator.md b/docs/run-validator.md index 697e8e1..cb95731 100644 --- a/docs/run-validator.md +++ b/docs/run-validator.md @@ -16,6 +16,12 @@ - [ansible](playbooks/README.md#ansible-installation) +- Machine 4: Where the TMKMS service is to be setup + + - laconicd-stack + + - [ansible](playbooks/README.md#ansible-installation) + - [laconic-so](https://github.com/cerc-io/stack-orchestrator/?tab=readme-ov-file#install) is required in all machines - To fetch laconicd-stack: @@ -89,72 +95,85 @@ ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/validator/setup-validator.yml ``` -### Setup TMKMS (Optional but Recommended) - - - -- For integrating existing TMKMS with laconicd, follow steps below in the machine where TMKMS is setup - -- Set `$TMKMS_HOME` to the directory path containing TMKMS config files +- Get the public key of your node: ```bash - # Contents of tmkms config directory - ls -l $TMKMS_HOME - drwxrwxr-x 2 ... schema - drwx------ 2 ... secrets - drwxrwxr-x 2 ... state - -rw-rw-r-- 1 ... tmkms.toml + laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd "laconicd tendermint show-validator" ``` -- Update the TMKMS configuration file `$TMKMS_HOME/tmkms.toml`: + NOTE: This public key is required in next step to create validator - ```toml - [[chain]] - id = "laconic-mainnet" - key_format = { type = "cosmos-json", account_key_prefix = "laconicpub", consensus_key_prefix = "laconicvalconspub" } - # Replace with absolute path to tmkms config directory - state_file = "/state/priv_validator_state.json" +- Copy over the `priv_validator_key.json` located at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` to the machine from where the TMKMS service is to be setup (machine 4) - [[validator]] - chain_id = "laconic-mainnet" - # Replace with actual IP address of the laconicd node - addr = "tcp://:26659" - # Replace with absolute path to tmkms config directory - secret_key = "/secrets/kms-identity.key" - protocol_version = "v0.34" - reconnect = true +## Setup TMKMS - [[providers.softsign]] - key_type = "consensus" - # Replace with absolute path to tmkms config directory - path = "/secrets/priv_validator_key" - chain_ids = ["laconic-mainnet"] - ``` +- For integrating TMKMS with laconicd, follow steps below in the machine where the TMKMS service is to be setup (machine 4) -- Copy your validator key to TMKMS: - - - The validator key in laconicd node deployment is present at `$DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json` - - - Place the validator key file in TMKMS config directory at `$TMKMS_HOME/secrets/` - - - Import the private validator key into tmkms: - - ```bash - tmkms softsign import $TMKMS_HOME/secrets/priv_validator_key.json $TMKMS_HOME/secrets/priv_validator_key - ``` - - - Remove the JSON key file - - ```bash - rm $TMKMS_HOME/secrets/priv_validator_key.json - ``` - -- Start TMKMS: +- Copy the example variables file: ```bash - tmkms start --config $TMKMS_HOME/tmkms.toml + cp ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.example.yml ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml ``` +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values: + + NOTE: Use the `priv_validator_key.json` file copied from the node setup machine (Machine 2) in [previous step](#setup-node) + + ```yaml + # Absolute path to the node's private validator key file + priv_validator_key_file_path: "" + + # Set the IP address of the machine where the laconicd node is setup + node_ip: "" + + # Set the port of the laconicd node + node_port: "26659" + ``` + +- Export the data directory as environment variable: + + ```bash + # Parent directory where the deployment directory will live + export DATA_DIRECTORY= + ``` + +- Run ansible playbook to setup the TMKMS service: + + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/setup-tmkms.yml + ``` + +## Run Node + +### Start TMKMS + +- Run the following steps in the machine where the TMKMS service is setup (Machine 4) + +- Run ansible playbook to run the TMKMS: + + ```bash + ansible-playbook -i localhost, -c local ~/cerc/laconicd-stack/playbooks/tmkms/run-tmkms.yml + ``` + +- Check logs to ensure that TMKMS is running: + + ```bash + laconic-so deployment --dir $DATA_DIRECTORY/$TMKMS_DEPLOYMENT_DIR logs tmkms -f + ``` + + - Expected example output: + + ```bash + INFO tmkms::commands::start: tmkms 0.14.0 starting up... + INFO tmkms::keyring: [keyring:softsign] added consensus Ed25519 key: {"@type":"/cosmos.crypto.ed25519.PubKey","key":"T24No1A1FmetNRVCOSg2G2XAKWh97oBXuELdAD6DFgw="} + INFO tmkms::connection::tcp: KMS node ID: 7f5fd8dae8953e964e7e56edd4700f597ea0d45c + ERROR tmkms::client: [laconic-mainnet@:26659] I/O error: Connection refused (os error 111) + ``` + + NOTE: The errors dissapear once the laconicd node starts + +- Note the pubkey logged at start for comparing later with validator pubkey on chain + - Enable TMKMS in the laconicd node configuration: ```bash @@ -162,7 +181,7 @@ echo "TMKMS_ENABLED=true" >> $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/config.env ``` -## Start Node +### Start Node - Start the laconicd node: @@ -234,7 +253,7 @@ laconic-so deployment --dir $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR exec laconicd 'laconicd query staking validators' ``` - - If TMKMS has been configured, remove the validator key from node deployment as it is no longer required: + - Remove the validator key from node deployment as TMKMS is configured: ```bash rm $DATA_DIRECTORY/$MAINNET_DEPLOYMENT_DIR/data/laconicd-data/config/priv_validator_key.json