[helm/docker] update validator/fullnode config (aptos-labs#944)

caotre · May 12, 2022 · 4753489 · 4753489
1 parent ebe1f24
commit 4753489
Show file tree

Hide file tree

Showing 11 changed files with 64 additions and 26 deletions.
diff --git a/docker/compose/aptos-node/README.md b/docker/compose/aptos-node/README.md
@@ -19,20 +19,32 @@
     $ aptos genesis generate-keys --output-dir ~/$WORKSPACE
     ```
 
-    This will create a `private-keys.yaml` file for you, Backup your key files somewhere safe, this is important for you to establish ownership of your node, and it will be used to claim your rewards later if eligible. Very important!!
+    This will create three files: `private-keys.yaml`, `validator-identity.yaml`, `validator-full-node-identity.yaml` for you. Backup your key files somewhere safe, this is important for you to establish ownership of your node, and it will be used to claim your rewards later if eligible. Very important!!
 
 5. Configure validator information, you need to setup a static IP / DNS address which can be used by the node, and make sure the network / firewalls are properly configured to accept external connections.
 
     ```
-    $ aptos genesis set-validator-configuration --keys-dir ~/$WORKSPACE --local-repository-dir ~/$WORKSPACE --username <pick a username for your node> --validator-host <Validator Node IP / DNS address>:<Port> --full-node-host <Full Node IP / DNS address>:<Port>
+    $ aptos genesis set-validator-configuration \
+        --keys-dir ~/$WORKSPACE --local-repository-dir ~/$WORKSPACE \
+        --username <pick a username for your node> \
+        --validator-host <Validator Node IP / DNS address>:<Port> \
+        --full-node-host <Full Node IP / DNS address>:<Port>
 
     # for example, with IP:
 
-    $ aptos genesis set-validator-configuration --keys-dir ~/$WORKSPACE --local-repository-dir ~/$WORKSPACE --username aptosbot --validator-host 35.232.235.205:6180 --full-node-host 34.135.169.144:6182
+    $ aptos genesis set-validator-configuration \
+        --keys-dir ~/$WORKSPACE --local-repository-dir ~/$WORKSPACE \
+        --username aptosbot \
+        --validator-host 35.232.235.205:6180 \
+        --full-node-host 34.135.169.144:6182
 
     # for example, with DNS:
 
-    $ aptos genesis set-validator-configuration --keys-dir ~/$WORKSPACE --local-repository-dir ~/$WORKSPACE --username aptosbot --validator-host bot.aptosdev.com:6180 --full-node-host fn.bot.aptosdev.com:6182
+    $ aptos genesis set-validator-configuration \
+        --keys-dir ~/$WORKSPACE --local-repository-dir ~/$WORKSPACE \
+        --username aptosbot \
+        --validator-host bot.aptosdev.com:6180 \
+        --full-node-host fn.bot.aptosdev.com:6182
     ```
 
     This will create a YAML file in your working directory with your username, e.g. `aptosbot.yml`, it should looks like:
@@ -55,10 +67,10 @@
 6. Create layout YAML file, which defines the node in the validatorSet, for test mode, we can create a genesis blob containing only one node.
 
     ```
-    $ vi layout.yml
+    $ vi layout.yaml
     ```
 
-    Add root key, node username, and chain_id in the `layout.yml` file, for example:
+    Add root key, node username, and chain_id in the `layout.yaml` file, for example:
 
     ```
     ---
@@ -90,6 +102,8 @@
     - `fullnode.yaml` fullnode config file
     - `docker-compose.yaml` docker compose file to run validator and fullnode
     - `private-keys.yaml` Private keys for owner account, consensus, networking
+    - `validator-identity.yaml` Private keys for setting validator identity
+    - `validator-full-node-identity.yaml` Private keys for setting validator full node identity
     - `<username>.yaml` Node info for both validator / fullnode
     - `layout.yaml` layout file to define root key, validator user, and chain ID
     - `framework` folder which contains all the move bytecode for AptosFramework.

diff --git a/docker/compose/aptos-node/docker-compose.yaml b/docker/compose/aptos-node/docker-compose.yaml
@@ -23,8 +23,8 @@ services:
         source: ./waypoint.txt
         target: /opt/aptos/genesis/waypoint.txt
       - type: bind
-        source: ./private-keys.yml
-        target: /opt/aptos/genesis/private-keys.yml
+        source: ./validator-identity.yaml
+        target: /opt/aptos/genesis/validator-identity.yaml
     command: ["/opt/aptos/bin/aptos-node", "-f", "/opt/aptos/etc/validator.yaml"]
     ports:
       - "6180:6180"
@@ -53,6 +53,9 @@ services:
       - type: bind
         source: ./waypoint.txt
         target: /opt/aptos/genesis/waypoint.txt
+      - type: bind
+        source: ./validator-full-node-identity.yaml
+        target: /opt/aptos/genesis/validator-full-node-identity.yaml
     command: ["/opt/aptos/bin/aptos-node", "-f", "/opt/aptos/etc/fullnode.yaml"]
     ports:
       - "6182:6182"

diff --git a/docker/compose/aptos-node/fullnode.yaml b/docker/compose/aptos-node/fullnode.yaml
@@ -21,6 +21,9 @@ full_node_networks:
   discovery_method: "onchain"
   listen_address: "/ip4/0.0.0.0/tcp/6182"
   max_inbound_connections: 100
+  identity:
+    type: "from_file"
+    path: "/opt/aptos/genesis/validator-full-node-identity.yaml"
 
 api:
   enabled: true

diff --git a/docker/compose/aptos-node/validator.yaml b/docker/compose/aptos-node/validator.yaml
@@ -16,7 +16,7 @@ consensus:
       from_file:
         waypoint:
           from_file: /opt/aptos/genesis/waypoint.txt
-        identity_blob_path: /opt/aptos/genesis/private-keys.yml
+        identity_blob_path: /opt/aptos/genesis/validator-identity.yaml
 
 execution:
   genesis_file_location: "/opt/aptos/genesis/genesis.blob"
@@ -27,7 +27,7 @@ validator_network:
   mutual_authentication: true
   identity:
     type: "from_file"
-    path: /opt/aptos/genesis/private-keys.yml
+    path: /opt/aptos/genesis/validator-identity.yaml
 
 full_node_networks:
 - network_id:

diff --git a/terraform/aptos-node/aws/README.md b/terraform/aptos-node/aws/README.md
@@ -105,7 +105,7 @@ This will download all the terraform dependencies for you, in the `.terraform` f
     $ aptos genesis generate-keys --output-dir ~/$WORKSPACE
     ```
 
-    This will create a `private-keys.yaml` file for you. Backup your key files somewhere safe, this is important for you to establish ownership of your node, and it will be used to claim your rewards later if eligible. Very important!!
+    This will create three files: `private-keys.yaml`, `validator-identity.yaml`, `validator-full-node-identity.yaml` for you. Backup your key files somewhere safe, this is important for you to establish ownership of your node, and it will be used to claim your rewards later if eligible. Very important!!
 
 11. Configure validator information.
 
@@ -164,16 +164,22 @@ This will download all the terraform dependencies for you, in the `.terraform` f
 
 15. To re-cap, in your working directory, you should have a list of files:
     - `private-keys.yaml` Private keys for owner account, consensus, networking
+    - `validator-identity.yaml` Private keys for setting validator identity
+    - `validator-full-node-identity.yaml` Private keys for setting validator full node identity
     - `<username>.yaml` Node info for both validator / fullnode
     - `layout.yaml` layout file to define root key, validator user, and chain ID
     - `framework` folder which contains all the move bytecode for AptosFramework.
     - `waypoint.txt` waypoint for genesis transaction
     - `genesis.blob` genesis binary contains all the info about framework, validatorSet and more.
 
-16. Insert `genesis.blob`, `waypoint.txt` and `private-keys.yaml` as secret into k8s cluster.
+16. Insert `genesis.blob`, `waypoint.txt` and the identity files as secret into k8s cluster.
 
     ```
-    $ kubectl create secret generic ${WORKSPACE}-aptos-node-genesis-e1 --from-file=genesis.blob=genesis.blob --from-file=waypoint.txt=waypoint.txt --from-file=private-keys.yaml=private-keys.yaml
+    $ kubectl create secret generic ${WORKSPACE}-aptos-node-genesis-e1 \
+        --from-file=genesis.blob=genesis.blob \
+        --from-file=waypoint.txt=waypoint.txt \
+        --from-file=validator-identity.yaml=validator-identity.yaml \
+        --from-file=validator-full-node-identity.yaml=validator-full-node-identity.yaml
     ```
 
     If you changed the era number, make sure it matches when creating the secret.

diff --git a/terraform/aptos-node/gcp/README.md b/terraform/aptos-node/gcp/README.md
@@ -102,7 +102,7 @@ This will download all the Terraform dependencies for you, in the `.terraform` f
     $ aptos genesis generate-keys --output-dir ~/$WORKSPACE
     ```
 
-    This will create a `private-keys.yaml` file for you. **IMPORTANT**: Backup your key files somewhere safe. These key files are important for you to establish ownership of your node, and you will use this information to claim your rewards later if eligible.
+    This will create three files: `private-keys.yaml`, `validator-identity.yaml`, `validator-full-node-identity.yaml` for you. **IMPORTANT**: Backup your key files somewhere safe. These key files are important for you to establish ownership of your node, and you will use this information to claim your rewards later if eligible.
 
 11. Configure validator information.
 
@@ -131,7 +131,7 @@ This will download all the Terraform dependencies for you, in the `.terraform` f
 12. Create layout YAML file, which defines the node in the validatorSet. For test mode, we can create a genesis blob containing only one node. **Note: this step is only needed for starting the node in test mode, for production, it will be generated by Aptos Labs**
 
     ```
-    $ vi layout.yml
+    $ vi layout.yaml
     ```
 
     Add root key, node username, and chain_id in the `layout.yaml` file, for example:
@@ -163,16 +163,22 @@ This will download all the Terraform dependencies for you, in the `.terraform` f
 
 15. To recap, in your working directory, you should have a list of files:
     - `private-keys.yaml` Private keys for owner account, consensus, networking
+    - `validator-identity.yaml` Private keys for setting validator identity
+    - `validator-full-node-identity.yaml` Private keys for setting validator full node identity
     - `<username>.yaml` Node info for both validator / fullnode
     - `layout.yaml` layout file to define root key, validator user, and chain ID
     - `framework` folder which contains all the move bytecode for AptosFramework.
     - `waypoint.txt` waypoint for genesis transaction
     - `genesis.blob` genesis binary contains all the info about framework, validatorSet and more.
 
-16. Insert `genesis.blob`, `waypoint.txt` and `private-keys.yaml` as secret into k8s cluster.
+16. Insert `genesis.blob`, `waypoint.txt` and identity files as secret into k8s cluster.
 
     ```
-    $ kubectl create secret generic ${WORKSPACE}-aptos-node-genesis-e1 --from-file=genesis.blob=genesis.blob --from-file=waypoint.txt=waypoint.txt --from-file=private-keys.yml=private-keys.yml
+    $ kubectl create secret generic ${WORKSPACE}-aptos-node-genesis-e1 \
+        --from-file=genesis.blob=genesis.blob \
+        --from-file=waypoint.txt=waypoint.txt \
+        --from-file=validator-identity.yaml=validator-identity.yaml \
+        --from-file=validator-full-node-identity.yaml=validator-full-node-identity.yaml
     ```
 
     If you changed the era number, make sure it matches when creating the secret.

diff --git a/terraform/helm/aptos-node/files/configs/fullnode.yaml b/terraform/helm/aptos-node/files/configs/fullnode.yaml
@@ -26,13 +26,14 @@ full_node_networks:
 - network_id: "public"
   discovery_method: "onchain"
   listen_address: "/ip4/0.0.0.0/tcp/6182"
+  identity:
+    type: "from_file"
+    path: "/opt/aptos/genesis/validator-full-node-identity.yaml"
   {{- if .Values.haproxy.config.send_proxy_protocol }}
   enable_proxy_protocol: true
   {{- end }}
   max_inbound_connections: 100
   {{- if .Values.fullnode.identity }}
-  identity:
-    {{- .Values.fullnode.identity | toYaml | nindent 6 }}
   {{- end }}
   seeds:
     {{- .Values.fullnode.config.seeds | default dict | toYaml | nindent 6 }}

diff --git a/terraform/helm/aptos-node/files/test-data/private-keys.yml b/terraform/helm/aptos-node/files/test-data/private-keys.yml
diff --git a/terraform/helm/aptos-node/files/test-data/validator-full-node-identity.yaml b/terraform/helm/aptos-node/files/test-data/validator-full-node-identity.yaml
@@ -0,0 +1,3 @@
+---
+account_address: 79ef25da72da0a9cc6fd2bb2d8f9621bb70028172b17dacc03a05e2b2f789e4a
+network_key: "0x8098b26d7166b73fa79d5f2c0358a460eb537370a2e9be8af11ba54d1c06e34e"
diff --git a/terraform/helm/aptos-node/files/test-data/validator-identity.yaml b/terraform/helm/aptos-node/files/test-data/validator-identity.yaml
@@ -0,0 +1,5 @@
+---
+account_address: 79ef25da72da0a9cc6fd2bb2d8f9621bb70028172b17dacc03a05e2b2f789e4a
+account_key: "0xadc77158c83de10b1a57dc2f0f905d8c43de140ce7fb9ca1d07035b69b3143a3"
+consensus_key: "0xb0bafb27c8b81e7464f62a72372db122527fdc7ed0c5baa92cbcb31f49e67ce1"
+network_key: "0xa089baa63daf9cee3a619067548a41e3ace03934ffbc092885e061f65d035768"
diff --git a/terraform/helm/aptos-node/templates/configmap.yaml b/terraform/helm/aptos-node/templates/configmap.yaml
@@ -19,8 +19,10 @@ metadata:
 data:
   waypoint.txt: |-
 {{ .Files.Get "files/test-data/waypoint.txt" | indent 4 }}
-  private-keys.yml: |-
-{{ .Files.Get "files/test-data/private-keys.yml" | indent 4 }}
+  validator-identity.yaml: |-
+{{ .Files.Get "files/test-data/validator-identity.yaml" | indent 4 }}
+  validator-full-node-identity.yaml: |-
+{{ .Files.Get "files/test-data/validator-full-node-identity.yaml" | indent 4 }}
 binaryData:
   genesis.blob: {{ .Files.Get "files/test-data/genesis.blob" | b64enc }}