web3signer support (eth-educators#1382)

default.env

@@ -25,6 +25,8 @@ RAPID_SYNC_URL=
 DOPPELGANGER=false
 # Auto-pruning Nethermind is usually safe. Set this to true to enable auto-pruning, and to anything else to disable it
 AUTOPRUNE_NM=true
+# Whether to use web3signer for validator keys. Setting this to "true" also requires web3signer.yml in COMPOSE_FILE
+WEB3SIGNER=false
 
 # Secure web proxy - advanced use, please see instructions
 DOMAIN=example.com

ethd

@@ -642,7 +642,7 @@ envmigrate() {
             CL_MAX_PEER_COUNT CL_MIN_PEER_COUNT EL_MAX_PEER_COUNT EL_MIN_PEER_COUNT DOMAIN ACME_EMAIL AUTOPRUNE_NM \
             CF_DNS_API_TOKEN CF_ZONE_API_TOKEN CF_ZONE_ID AWS_PROFILE AWS_HOSTED_ZONE_ID GRAFANA_HOST DISTRIBUTED BESU_HEAP TEKU_HEAP \
             PROM_HOST HOST_IP PRYSM_HOST EE_HOST EL_HOST EL_LB EL_WS_HOST EL_WS_LB CL_HOST CL_LB DDNS_SUBDOMAIN \
-            DDNS_PROXY RAPID_SYNC_URL CL_NODE BEACON_STATS_API BEACON_STATS_MACHINE EL_P2P_PORT CL_P2P_PORT \
+            DDNS_PROXY RAPID_SYNC_URL CL_NODE BEACON_STATS_API BEACON_STATS_MACHINE EL_P2P_PORT CL_P2P_PORT WEB3SIGNER \
             PRYSM_PORT DOPPELGANGER PRYSM_UDP_PORT GRAFANA_PORT KEY_API_PORT TRAEFIK_WEB_PORT TRAEFIK_WEB_HTTP_PORT \
             CL_REST_PORT EL_RPC_PORT EL_WS_PORT EE_PORT ERIGON_TORRENT_PORT LOG_LEVEL JWT_SECRET EL_EXTRAS CL_EXTRAS \
             VC_EXTRAS ARCHIVE_NODE SSV_P2P_PORT SSV_P2P_PORT_UDP ERIGON_P2P_PORT_2 ERIGON_P2P_PORT_3 COMPOSEV1_NAG )
@@ -1316,6 +1316,43 @@ __i_haz_ethdo() {
     fi
 }
 
+__i_haz_web3signer() {
+    if [ ! -f ".env" ]; then
+        echo "eth-docker has not been configured. Please run ./ethd config first."
+        exit 1
+    fi
+
+    var="WEB3SIGNER"
+    value=$(sed -n -e "s/^${var}=\(.*\)/\1/p" ".env" || true)
+    if [ ! "${value}" = "true" ]; then
+        return
+    fi
+
+    var="COMPOSE_FILE"
+    value=$(sed -n -e "s/^${var}=\(.*\)/\1/p" ".env" || true)
+# Literal match intended
+# shellcheck disable=SC2076
+    if [[ ! "${value}" =~ "web3signer.yml" ]]; then
+        echo "WEB3SIGNER=true in .env, but web3signer.yml is not in use"
+        echo "Please edit the .env file and make sure \":web3signer.yml\" is added to the \"COMPOSE_FILE\" line"
+        echo "For example, \"nano .env\" will open the nano text editor with the \".env\" file loaded."
+        echo "Without it, ./ethd keys cannot be run"
+        echo
+        read -rp "Do you want me to make this change for you? (n/y)" yn
+        case $yn in
+            [Yy] );;
+            * ) exit 1;;
+        esac
+        if [ -n "${value}" ]; then
+          COMPOSE_FILE="${value}:web3signer.yml"
+        else
+          echo "You do not have a validator client in eth-docker. web3signer cannot be used without one."
+          exit 1
+        fi
+        set_value_in_env
+        echo "Your COMPOSE_FILE now reads ${COMPOSE_FILE}"
+    fi
+}
 
 __keys_usage() {
     echo "Call keymanager with an ACTION, one of:"
@@ -1368,6 +1405,8 @@ keys() {
         return
     fi
 
+    __i_haz_web3signer
+
     __owner_uid=$(id -u "${OWNER}")
     if [ "${1:-}" = "import" ]; then
         shift

lighthouse-vc-only.yml

@@ -99,6 +99,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - validator
     entrypoint:

lighthouse.yml

@@ -176,6 +176,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - validator
     entrypoint:

lodestar-vc-only.yml

@@ -100,6 +100,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - validator
     entrypoint:

lodestar.yml

@@ -160,6 +160,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - validator
     entrypoint:

nimbus-vc-only.yml

@@ -65,6 +65,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - validator
     entrypoint:

nimbus.yml

@@ -123,6 +123,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - consensus
     entrypoint:

prysm-vc-only.yml

@@ -151,6 +151,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
       - PRYSM="true"
     depends_on:
       - validator

prysm.yml

@@ -218,6 +218,7 @@ services:
     environment:
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
       - PRYSM="true"
     depends_on:
       - validator

teku-vc-only.yml

@@ -84,6 +84,7 @@ services:
       - TLS="true"
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - validator
     entrypoint:

teku.yml

@@ -128,6 +128,7 @@ services:
       - TLS="true"
       - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-}
       - KEY_API_PORT=${KEY_API_PORT:-7500}
+      - WEB3SIGNER=${WEB3SIGNER:-false}
     depends_on:
       - consensus
     entrypoint: