Add docs on vote account key rotation
This commit is contained in:
parent
649fe6d3b6
commit
253114ca20
|
@ -144,3 +144,46 @@ Commission can also be changed later with the
|
||||||
When setting the commission, only integer values in the set [0-100] are accepted.
|
When setting the commission, only integer values in the set [0-100] are accepted.
|
||||||
The integer represents the number of percentage points for the commission, so
|
The integer represents the number of percentage points for the commission, so
|
||||||
creating an account with `--commission 10` will set a 10% commission.
|
creating an account with `--commission 10` will set a 10% commission.
|
||||||
|
|
||||||
|
## Key Rotation
|
||||||
|
Rotating the vote account authority keys require special handling when dealing
|
||||||
|
with a live validator.
|
||||||
|
|
||||||
|
### Vote Account Validator Identity
|
||||||
|
|
||||||
|
You will need access to the _withdraw authority_ keypair for the vote account to
|
||||||
|
change the validator identity. The follow steps assume that
|
||||||
|
`~/withdraw-authority.json` is that keypair.
|
||||||
|
|
||||||
|
1. Create the new validator identity keypair, `solana-keygen new -o ~/new-validator-keypair.json`.
|
||||||
|
2. Ensure that the new identity account has been funded, `solana transfer ~/new-validator-keypair.json 500`.
|
||||||
|
3. Run `solana vote-update-validator ~/vote-account-keypair.json ~/new-validator-keypair.json ~/withdraw-authority.json`
|
||||||
|
to modify the validator identity in your vote account
|
||||||
|
4. Restart your validator with the new identity keypair for the `--identity` argument
|
||||||
|
|
||||||
|
### Vote Account Authorized Voter
|
||||||
|
The _vote authority_ keypair may only be changed at epoch boundaries and
|
||||||
|
requires some additional arguments to `solana-validator` for a seamless
|
||||||
|
migration.
|
||||||
|
|
||||||
|
1. Run `solana epoch-info`. If there is not much time remaining time in the
|
||||||
|
current epoch, consider waiting for the next epoch to allow your validator
|
||||||
|
plenty of time to restart and catch up.
|
||||||
|
2. Create the new vote authority keypair, `solana-keygen new -o ~/new-vote-authority.json`.
|
||||||
|
3. Determine the current _vote authority_ keypair by running `solana
|
||||||
|
vote-account ~/vote-account-keypair.json`. It may be validator's
|
||||||
|
identity account (the default) or some other keypair. The following steps
|
||||||
|
assume that ` ~/validator-keypair.json` is that keypair.
|
||||||
|
4. Run `solana vote-authorize-voter ~/vote-account-keypair.json ~/validator-keypair.json ~/new-vote-authority.json`.
|
||||||
|
The new vote authority is scheduled to become active starting at the next epoch.
|
||||||
|
5. `solana-validator` now needs to be restarted with the old and new vote
|
||||||
|
authority keypairs, so that it can smoothly transition at the next epoch. Add
|
||||||
|
the two arguments on restart: `--authorized-voter ~/validator-keypair.json
|
||||||
|
--authorized-voter ~/new-vote-authority.json`
|
||||||
|
6. After the cluster reaches the next epoch, restart `solana-validator` again
|
||||||
|
after remove the `--authorized-voter ~/validator-keypair.json` argument, as
|
||||||
|
the old vote authority keypair is no longer required.
|
||||||
|
|
||||||
|
|
||||||
|
### Vote Account Authorized Withdrawer
|
||||||
|
No special handling is required. Use the `solana vote-authorize-withdrawer` command as needed.
|
||||||
|
|
Loading…
Reference in New Issue