diff --git a/cmd/tendermint/commands/run_node.go b/cmd/tendermint/commands/run_node.go index 2a406028..0e18be03 100644 --- a/cmd/tendermint/commands/run_node.go +++ b/cmd/tendermint/commands/run_node.go @@ -15,7 +15,7 @@ func AddNodeFlags(cmd *cobra.Command) { cmd.Flags().String("moniker", config.Moniker, "Node Name") // priv val flags - cmd.Flags().String("priv_validator_addr", config.PrivValidatorAddr, "Socket address for private validator") + cmd.Flags().String("priv_validator_laddr", config.PrivValidatorListenAddr, "Socket address to listen on for connections from external priv_validator process") // node flags cmd.Flags().Bool("fast_sync", config.FastSync, "Fast blockchain syncing") diff --git a/config/config.go b/config/config.go index 901d6a2a..a433047f 100644 --- a/config/config.go +++ b/config/config.go @@ -104,8 +104,9 @@ type BaseConfig struct { // A custom human readable name for this node Moniker string `mapstructure:"moniker"` - // TCP or UNIX socket address of the PrivValidator server - PrivValidatorAddr string `mapstructure:"priv_validator_addr"` + // TCP or UNIX socket address for Tendermint to listen on for + // connections from an external PrivValidator process + PrivValidatorListenAddr string `mapstructure:"priv_validator_laddr"` // TCP or UNIX socket address of the ABCI application, // or the name of an ABCI application compiled in with the Tendermint binary diff --git a/docs/architecture/adr-008-priv-validator.md b/docs/architecture/adr-008-priv-validator.md index 94d16478..af8c6768 100644 --- a/docs/architecture/adr-008-priv-validator.md +++ b/docs/architecture/adr-008-priv-validator.md @@ -29,8 +29,12 @@ Tendermint node's should support only two in-process PrivValidator implementatio - PrivValidatorSocket uses a socket to send signing requests to another process - user is responsible for starting that process themselves. The PrivValidatorSocket address can be provided via flags at the command line - -doing so will cause Tendermint to ignore any "priv_validator.json" file and to attempt -to connect over the socket. +doing so will cause Tendermint to ignore any "priv_validator.json" file and to listen +on the given address for incoming connections from an external priv_validator process. + +The external priv_validator process will dial the address to connect to Tendermint, +and then Tendermint will send requests on the ensuing connection to sign votes and proposals. +Thus the external process initiates the connection, but the Tendermint process makes all requests. In addition, Tendermint will provide implementations that can be run in that external process. These include: @@ -103,7 +107,7 @@ It wraps the PrivValidatorUnencrypted and persists it to disk after every signat ## Status -Proposed. +Accepted. ## Consequences diff --git a/node/node.go b/node/node.go index 9c78360a..2d48fe01 100644 --- a/node/node.go +++ b/node/node.go @@ -173,13 +173,16 @@ func NewNode(config *cfg.Config, // reload the state (it may have been updated by the handshake) state = sm.LoadState(stateDB) - // Connect to external signing process, if an address is provided. - if config.PrivValidatorAddr != "" { + // If an address is provided, listen on the socket for a + // connection from an external signing process. + if config.PrivValidatorListenAddr != "" { var ( + // TODO: persist this key so external signer + // can actually authenticate us privKey = crypto.GenPrivKeyEd25519() pvsc = priv_val.NewSocketClient( logger.With("module", "priv_val"), - config.PrivValidatorAddr, + config.PrivValidatorListenAddr, &privKey, ) ) @@ -395,7 +398,7 @@ func (n *Node) OnStart() error { n.sw.AddListener(l) // Generate node PrivKey - // TODO: pass in like priv_val + // TODO: pass in like privValidator nodeKey, err := p2p.LoadOrGenNodeKey(n.config.NodeKeyFile()) if err != nil { return err diff --git a/types/priv_validator.go b/types/priv_validator.go index fe1a5d1c..b1ab4710 100644 --- a/types/priv_validator.go +++ b/types/priv_validator.go @@ -34,7 +34,7 @@ func voteToStep(vote *Vote) int8 { } //-------------------------------------------------------------- -// PrivValidator is being upgraded! See types/priv_validator +// PrivValidator is being upgraded! See types/priv_validator/ // ValidatorID contains the identity of the validator. type ValidatorID struct { @@ -82,6 +82,7 @@ func (ds *DefaultTestSigner) Sign(msg []byte) (crypto.Signature, error) { } //-------------------------------------------------------------- +// TODO: Deprecate! // PrivValidator defines the functionality of a local Tendermint validator // that signs votes, proposals, and heartbeats, and never double signs.