From 1eaa2370704c7703abac64db02b87e71134b870b Mon Sep 17 00:00:00 2001 From: Shreerang Kale Date: Thu, 12 Jun 2025 18:34:04 +0530 Subject: [PATCH 1/2] Add instructions to setup yubihsm --- docs/run-first-validator.md | 29 ++++++++++++++++++++++++++ docs/run-validator.md | 29 ++++++++++++++++++++++++++ playbooks/tmkms/run-tmkms.yml | 1 + playbooks/tmkms/setup-tmkms.yml | 4 +++- playbooks/tmkms/tmkms-vars.example.yml | 3 +++ 5 files changed, 65 insertions(+), 1 deletion(-) diff --git a/docs/run-first-validator.md b/docs/run-first-validator.md index fe8e71f..7740d8c 100644 --- a/docs/run-first-validator.md +++ b/docs/run-first-validator.md @@ -92,6 +92,19 @@ - For integrating TMKMS with laconicd, follow steps below in the machine where the TMKMS service is to be setup (machine 4) +- Copy the example variables file: + + ```bash + cp ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.example.yml ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml + ``` + +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values: + + ```yaml + # Set the mode of operation for TMKMS (e.g., "softsign", "yubihsm") + tmkms_mode: + ``` + - Export the data directory and TMKMS deployment directory as environment variables: ```bash @@ -226,6 +239,22 @@ node_port: "26659" ``` +- If using `yubihsm` mode, run following command to setup the yubihsm: + + **WARNING: THIS PROCESS PERFORMS A FACTORY RESET OF THE YUBIHSM, DELETING ALL EXISTING KEYS AND REPLACING THEM WITH NEW ONES. MAKE SURE YOU HAVE MADE BACKUPS OF IMPORTANT KEYS BEFORE PROCEEDING!!!** + + ```bash + # Use a strong password for YubiHSM + docker run -it --rm \ + -v $DATA_DIRECTORY/tmkms-deployment/data/tmkms-data:/home/tmkmsuser/tmkms \ + -v ~/cerc/tmkms-stack/stack-orchestrator/config/tmkms/setup-yubihsm.sh:/scripts/setup-yubihsm.sh \ + -e "PASSWORD=" \ + -e "CHAIN_ID=laconic-mainnet" \ + -e "NODE_IP=" \ + -e "NODE_PORT=26659" \ + cerc/tmkms:local bash -c "/scripts/setup-yubihsm.sh" + ``` + - Run ansible playbook to run the TMKMS: ```bash diff --git a/docs/run-validator.md b/docs/run-validator.md index de428e5..cbd9866 100644 --- a/docs/run-validator.md +++ b/docs/run-validator.md @@ -104,6 +104,19 @@ - For integrating TMKMS with laconicd, follow steps below in the machine where the TMKMS service is to be setup (machine 4) +- Copy the example variables file: + + ```bash + cp ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.example.yml ~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml + ``` + +- Update `~/cerc/laconicd-stack/playbooks/tmkms/tmkms-vars.yml` with required values: + + ```yaml + # Set the mode of operation for TMKMS (e.g., "softsign", "yubihsm") + tmkms_mode: + ``` + - Export the data directory as environment variable: ```bash @@ -144,6 +157,22 @@ node_port: "26659" ``` +- If using `yubihsm` mode, run following command to setup the yubihsm: + + **WARNING: THIS PROCESS PERFORMS A FACTORY RESET OF THE YUBIHSM, DELETING ALL EXISTING KEYS AND REPLACING THEM WITH NEW ONES. MAKE SURE YOU HAVE MADE BACKUPS OF IMPORTANT KEYS BEFORE PROCEEDING!!!** + + ```bash + # Use a strong password for YubiHSM + docker run -it --rm \ + -v $DATA_DIRECTORY/tmkms-deployment/data/tmkms-data:/home/tmkmsuser/tmkms \ + -v ~/cerc/tmkms-stack/stack-orchestrator/config/tmkms/setup-yubihsm.sh:/scripts/setup-yubihsm.sh \ + -e "PASSWORD=" \ + -e "CHAIN_ID=laconic-mainnet" \ + -e "NODE_IP=" \ + -e "NODE_PORT=26659" \ + cerc/tmkms:local bash -c "/scripts/setup-yubihsm.sh" + ``` + - Run ansible playbook to run the TMKMS: ```bash diff --git a/playbooks/tmkms/run-tmkms.yml b/playbooks/tmkms/run-tmkms.yml index fbd3052..dd44f8c 100644 --- a/playbooks/tmkms/run-tmkms.yml +++ b/playbooks/tmkms/run-tmkms.yml @@ -40,6 +40,7 @@ NODE_IP: "{{ node_ip }}" NODE_PORT: "{{ node_port }}" KEY_PREFIX: "{{ key_prefix }}" + TMKMS_MODE: "{{ tmkms_mode }}" mode: '0777' - name: Start tmkms deployment diff --git a/playbooks/tmkms/setup-tmkms.yml b/playbooks/tmkms/setup-tmkms.yml index 643040f..608a449 100644 --- a/playbooks/tmkms/setup-tmkms.yml +++ b/playbooks/tmkms/setup-tmkms.yml @@ -1,6 +1,8 @@ --- - name: Setup TMKMS stack hosts: localhost + vars_files: + - tmkms-vars.yml vars: data_directory: "{{ lookup('env', 'DATA_DIRECTORY') }}" tmkms_deployment_dir: "{{ lookup('env', 'TMKMS_DEPLOYMENT_DIR') | default('tmkms-deployment', true) }}" @@ -20,7 +22,7 @@ - name: Build tmkms container images shell: | - laconic-so --stack ~/cerc/tmkms-stack/stack-orchestrator/stacks/tmkms build-containers {{ build_args }} + laconic-so --stack ~/cerc/tmkms-stack/stack-orchestrator/stacks/tmkms build-containers {{ build_args }} --extra-build-args "--build-arg BACKEND={{ tmkms_mode }}" - name: Create tmkms deployment spec file shell: | diff --git a/playbooks/tmkms/tmkms-vars.example.yml b/playbooks/tmkms/tmkms-vars.example.yml index 5518fef..b08b16a 100644 --- a/playbooks/tmkms/tmkms-vars.example.yml +++ b/playbooks/tmkms/tmkms-vars.example.yml @@ -14,3 +14,6 @@ key_prefix: "laconic" # The chain ID for the blockchain network chain_id: "laconic-mainnet" + +# The mode of operation for TMKMS (e.g., "softsign", "yubihsm") +tmkms_mode: "softsign" -- 2.45.2 From 0ba5d4cab37b3b57ea5a072aacd8ace1201e14d7 Mon Sep 17 00:00:00 2001 From: Shreerang Kale Date: Thu, 12 Jun 2025 18:40:57 +0530 Subject: [PATCH 2/2] Checkout to relevant branch while setting up tmkms stack --- playbooks/tmkms/setup-tmkms.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/playbooks/tmkms/setup-tmkms.yml b/playbooks/tmkms/setup-tmkms.yml index 608a449..5ad93d9 100644 --- a/playbooks/tmkms/setup-tmkms.yml +++ b/playbooks/tmkms/setup-tmkms.yml @@ -18,7 +18,7 @@ - name: Fetch tmkms stack shell: | - laconic-so fetch-stack git.vdb.to/LaconicNetwork/tmkms-stack --git-ssh --pull + laconic-so fetch-stack git.vdb.to/LaconicNetwork/tmkms-stack@sk-yubihsm --git-ssh --pull - name: Build tmkms container images shell: | -- 2.45.2