blockworks-foundation
/
solana
mirror of https://github.com/blockworks-foundation/solana.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add docs on vote account key rotation

This commit is contained in:
Michael Vines 2020-10-12 13:19:54 -07:00 committed by mergify[bot]
parent 649fe6d3b6
commit 253114ca20
1 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
docs/src/running-validator/vote-accounts.md
View File

@ -144,3 +144,46 @@ Commission can also be changed later with the
When setting the commission, only integer values in the set [0-100] are accepted.
The integer represents the number of percentage points for the commission, so
creating an account with `--commission 10` will set a 10% commission.
## Key Rotation
Rotating the vote account authority keys require special handling when dealing
with a live validator.
### Vote Account Validator Identity
You will need access to the _withdraw authority_ keypair for the vote account to
change the validator identity. The follow steps assume that
`~/withdraw-authority.json` is that keypair.
1. Create the new validator identity keypair, `solana-keygen new -o ~/new-validator-keypair.json`.
2. Ensure that the new identity account has been funded, `solana transfer ~/new-validator-keypair.json 500`.
3. Run `solana vote-update-validator ~/vote-account-keypair.json ~/new-validator-keypair.json ~/withdraw-authority.json`
to modify the validator identity in your vote account
4. Restart your validator with the new identity keypair for the `--identity` argument
### Vote Account Authorized Voter
The _vote authority_ keypair may only be changed at epoch boundaries and
requires some additional arguments to `solana-validator` for a seamless
migration.
1. Run `solana epoch-info`. If there is not much time remaining time in the
current epoch, consider waiting for the next epoch to allow your validator
plenty of time to restart and catch up.
2. Create the new vote authority keypair, `solana-keygen new -o ~/new-vote-authority.json`.
3. Determine the current _vote authority_ keypair by running `solana
vote-account ~/vote-account-keypair.json`. It may be validator's
identity account (the default) or some other keypair. The following steps
assume that ` ~/validator-keypair.json` is that keypair.
4. Run `solana vote-authorize-voter ~/vote-account-keypair.json ~/validator-keypair.json ~/new-vote-authority.json`.
The new vote authority is scheduled to become active starting at the next epoch.
5. `solana-validator` now needs to be restarted with the old and new vote
authority keypairs, so that it can smoothly transition at the next epoch. Add
the two arguments on restart: `--authorized-voter ~/validator-keypair.json
--authorized-voter ~/new-vote-authority.json`
6. After the cluster reaches the next epoch, restart `solana-validator` again
after remove the `--authorized-voter ~/validator-keypair.json` argument, as
the old vote authority keypair is no longer required.
### Vote Account Authorized Withdrawer
No special handling is required. Use the `solana vote-authorize-withdrawer` command as needed.