diff --git a/keys/genCA.sh b/keys/genCA.sh deleted file mode 100755 index 14a0f4c..0000000 --- a/keys/genCA.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh -set -ex - -openssl genrsa -out `dirname "$0"`/rootCA.key 4096 -openssl req -x509 -new -nodes -key `dirname "$0"`/rootCA.key -sha256 -days 365250 -out `dirname "$0"`/rootCA.crt diff --git a/keys/genStaker.sh b/keys/genStaker.sh deleted file mode 100755 index 34f6889..0000000 --- a/keys/genStaker.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/sh -set -ex - -keypath=$GOPATH/src/github.com/ava-labs/gecko/keys - -if test -f "$keypath/staker.key" || test -f "$keypath/staker.crt"; then - echo "staker.key or staker.crt already exists. Not generating new key/certificiate." - exit 1 -fi - -openssl genrsa -out `dirname "$0"`/staker.key 4096 -openssl req -new -sha256 -key `dirname "$0"`/staker.key -subj "/C=US/ST=NY/O=Avalabs/CN=ava" -out `dirname "$0"`/staker.csr -openssl x509 -req -in `dirname "$0"`/staker.csr -CA `dirname "$0"`/rootCA.crt -CAkey `dirname "$0"`/rootCA.key -CAcreateserial -out `dirname "$0"`/staker.crt -days 365250 -sha256 diff --git a/keys/rootCA.crt b/keys/rootCA.crt deleted file mode 100644 index da6320a..0000000 --- a/keys/rootCA.crt +++ /dev/null @@ -1,34 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF1jCCA76gAwIBAgIJALI1DF9cpwfEMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV -BAYTAlVTMQswCQYDVQQIDAJOWTEPMA0GA1UEBwwGSXRoYWNhMRAwDgYDVQQKDAdB -dmFsYWJzMQ4wDAYDVQQLDAVHZWNrbzEMMAoGA1UEAwwDYXZhMSIwIAYJKoZIhvcN -AQkBFhNzdGVwaGVuQGF2YWxhYnMub3JnMCAXDTE5MDIyODIwNTkyNFoYDzMwMTkw -MzA4MjA1OTI0WjB/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxDzANBgNVBAcM -Bkl0aGFjYTEQMA4GA1UECgwHQXZhbGFiczEOMAwGA1UECwwFR2Vja28xDDAKBgNV -BAMMA2F2YTEiMCAGCSqGSIb3DQEJARYTc3RlcGhlbkBhdmFsYWJzLm9yZzCCAiIw -DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ45ScWV8tsCNO+NTIBuUYsPkhcg -jrp0HEyCHY3XEkxsLuDqtesNyv39YA0xQ3M3FP1e29tjFeHWJzyzV8O1H+6yco93 -QAtzh9xELYD301Yq+x55yZrSjZxNIC5Tmz1ewTfD315lNR04M6JmqjrStIuLsWFU -m6P4OgXs4daqnyq9au4PYSrejcbexW59rKxLryK6Acv+E9Ax04oS33g9KqPmlRx0 -lfu3x4nkIKIl+VaK1wC5CwJDYZ91KpEbC8Z2YvTeVDH+/hz/MvKl1CEaqK/4G5FB -KGEyd/bGRxMVQF41G7liJLaXzPLyZnKO2n21ZuJhkA9MZelt1U0LuQU505qU7IzW -cmKFEIb1MOrclaF19Is7HQlJWKyDo2/hfjSCZO8zH7eR9EGzKyQwZhwkYCycJD44 -RKEHq6s/Z2dHUlpLIgRJ7k171TNkL9+xLntu8v1lzTkhemSNeO9asqJ7VcvpnMHH -bQXpDxJpi8jTnV8In8EolSqaKeN6/nzwbbSJ7gHehgpDhC1DlXPRzTt/ktQKlNGW -T5bdNdvYFyYTd9fu78aJZSbJo8jS2fykWuBgOgnlV8VmwpDa7iHM3EECByhf5GKB -J1jBlXO1ZyfJ7sNTbuVM7Uc2JkB4ASKdm3GZ3sFv95HjSTJAUORjE4pQ1es4kfDU -KqzDHH+bEHaGIGJTAgMBAAGjUzBRMB0GA1UdDgQWBBQr2T0duSMkvGXe3bSdWcei -73QtwzAfBgNVHSMEGDAWgBQr2T0duSMkvGXe3bSdWcei73QtwzAPBgNVHRMBAf8E -BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBpP18zCdzvnSdPigg9wx+a8Znr4aJj -FxZYwBY6/BmKb56ke9g+zKKCw2dYYkRYDcTOEfuBgBvNeCSJv4R5rmkukkL8RCIG -XV/WfSn2d3Mnz5KTgGQS6Q9s5qx+8ydkiGZthi+8a8ltXczyYrvWgd47U0NWTcOY -omjgF6XF+hVLWLgiwmA468pd7wyCsuJJkyxxeyDPXQ422I1AJW/7c5JQQa+lDNsv -Vna6420mZ/DiQd3stFkdjhRjmBZvGQ09g6l3zo6TgI1TWr5TMYPrempBVCWPNilC -XaMysU77+tPutI+7kMBuGvLuZtPrH/2uTYdXWPodyORm5i2ABF6In3VISPD9YNc0 -gWx3PYGi2BfdnZepCojsffUMlhT3SsiAKMYv5FhW8LQBNMRR4721U1Vf5f8fzNQn -3E55TthV5HXZQ6HcLhkmOvH8CMqtWGETTbBtYSA2AVMjoqs7QDGkfsCH9UuwGd1N -W12JOf53XyOQT2XwWerSQC2kv7elsTh6Bk7PhvrCi0OwCVSGny5IQY/aXM1n6Z6s -scJlZmq6P3AJZ3tRtBt9yDK7iIW7mzNLTb/kAjsNQh06oETJIJ0CIgL0Bn6CANYU -kNqB4oTxmAhdOPKNgqaIwdZAL1VDIVaQEcvGeZRduo7yZvA/MhuQD8IIKSeOBFaD -DB8IRfWqBx2nWw== ------END CERTIFICATE----- diff --git a/keys/rootCA.key b/keys/rootCA.key deleted file mode 100644 index fe23a96..0000000 --- a/keys/rootCA.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJJwIBAAKCAgEAnjlJxZXy2wI0741MgG5Riw+SFyCOunQcTIIdjdcSTGwu4Oq1 -6w3K/f1gDTFDczcU/V7b22MV4dYnPLNXw7Uf7rJyj3dAC3OH3EQtgPfTVir7HnnJ -mtKNnE0gLlObPV7BN8PfXmU1HTgzomaqOtK0i4uxYVSbo/g6Bezh1qqfKr1q7g9h -Kt6Nxt7Fbn2srEuvIroBy/4T0DHTihLfeD0qo+aVHHSV+7fHieQgoiX5VorXALkL -AkNhn3UqkRsLxnZi9N5UMf7+HP8y8qXUIRqor/gbkUEoYTJ39sZHExVAXjUbuWIk -tpfM8vJmco7afbVm4mGQD0xl6W3VTQu5BTnTmpTsjNZyYoUQhvUw6tyVoXX0izsd -CUlYrIOjb+F+NIJk7zMft5H0QbMrJDBmHCRgLJwkPjhEoQerqz9nZ0dSWksiBEnu -TXvVM2Qv37Eue27y/WXNOSF6ZI1471qyontVy+mcwcdtBekPEmmLyNOdXwifwSiV -Kpop43r+fPBttInuAd6GCkOELUOVc9HNO3+S1AqU0ZZPlt0129gXJhN31+7vxoll -JsmjyNLZ/KRa4GA6CeVXxWbCkNruIczcQQIHKF/kYoEnWMGVc7VnJ8nuw1Nu5Uzt -RzYmQHgBIp2bcZnewW/3keNJMkBQ5GMTilDV6ziR8NQqrMMcf5sQdoYgYlMCAwEA -AQKCAgAhNota05AoEv2Dr5h4eS/azgjvm+D6GLd8A/AqPxRTQH5SrlJDpiCPUmmg -O1AaVlyslwX1toX4YxjXcBojNdkfJQxRO0oRXU4Oma0nnl4Zf2o5Sn1cZ4hcYAA6 -WUiECGjsyMwRp5MPsCV+mKhxMpu9kzRH5xfIwqmDZuc9RZGlyh8xG79c3VzLeyXc -fLsLa9O2qW8JICuOj3cFS9LnDYfu4c85Kuv06+4R7vY+s1P0q65YM3+xGO3cKB8o -WJIPNfityCHKYOl8ssFCGDdAP7VbQuyegBv20z5FafevdM2POPy53HUycwkNkn6Y -243Xx4VyTeKMo4/dATY+NxC+nRXiz4jLna5a7IIIzjAHl2kF6iJVasd3+X/xWHsM -Lx9iDRjERf+J+y58GaDxetXL1C0xm7Rv28yMYVPAzpucvS4i72Xj7X8JkO3az3Qv -/wqBnxj8ouh+5jvT0nqCJsFZwK0F7Dr3na2lSf34XBCTnd9//FfSIY7mDIddxuVF -2rKKOl2KkvbDUuSKVZwdJeAp1CccN6SfLnxKy+436Z5hYzBIeGyejpCMWivDJ2I3 -wjs4w4IPobT5dqaSdPYFTKJnoDv62vYbIN3o8pQ3QUXwmRPyKoPuxe7OZZyec43R -WUtajiW6AXjxUoEtPPPHAT/3pGKG2a0VGtDfjLjpp5OtQmteiQKCAQEAz62n9Lh1 -POdC4088GEqrGPhq5MUz2j2pOCjEZ7utmD+Lo8x95McCU+jf4UJ+rbaf96dvjPRC -T0Sc6X6IvvQycJubzQe6XX6eyZsr67qpuY2MGze+NvmO4LcCOfNHerRyLK2DoGLW -jQVxJNsBIFo0T7iSuUICbfxKdKxfH+27rPANEvpqS5BJalAfeGPEL0GgUTKQmswc -23Pnu5mkb7TWLKNVq7o/5PxvXyKmJQaFHCV98pqQr/HhXd79dMD12TPZRvsNgPGK -XOsmPtC5RHhbs/Wmdk3X3ihoVezou2VPeWCIrCANCuU0zZBK1igVC3FGeUK8u1Dl -jrTkRsNTLbBiPwKCAQEAwwngBBjbdRCVvUVWIBQBOk/t/6WyeAVH4O/fq32KklW+ -/SN5yeZhXjwMrFhSOqFUDipg/C4Imf5S3V+MlXO4lQsZzZa0d0euBIBt0SEcGE8P -rAkGcvwPfISBfYCnPem1ax01ixNJBxWDrgkfHZchywNPFgopiqpYR7X5ttACctCl -KLaDOXn667QmG1icsVgZV3L8gBxEdyjhmUGWFH/auS28oxqhUgiXrUQXbJKCesGD -E39r/SyOAGP5ZtTkWmNDp2+va8lSJwL1Ix+6qvexi/hIIGoFlSh5w+BwnBlxBL4C -cUanaXRtIqQ9rcO/xhZ7izmQzruNARLDPGIJ59MS7QKCAQBGR3wJAssZ2yD1j4DE -r7AK+TYjSODtP+SeDp24hPiQByEYQ0FvRDFzd+Ebd8cqvhyQUGcdiiNOc+et1JYu -GLFhDifBUJYuwYS2sP5B/Z8mHdKF+20xaW6CeSwVtFBCJAJnQCjFA+2bN3Y8hKhy -7FO7jriIXOA5nCEOLq7aPTc/pNSn0XpbK+7MPWUI9qoTW+AG2le5Ks2xLh4DjFDr -RIUeAgAh5xtsQEjoJu+WpAgzqDRg/xFrmS0s+SNIeWw5HqSuspK1SggKvcDpjPTF -SP2vfrfgXSNqGL6GJW/0yqoEZziZFxeS0lH2JphMtK+6eZDhxEXeFdg5XNnLYJor -Yf89AoIBAHbRLESys/c0HFTKybYPGdRhXzcvxXKynOBeoZ9Cgsm1LP3fv9EM5WJY -KMxRnf6Ty7Y5gQ4AKUNPGUI9dFKTxe4ebiC938EOzOd3Ke+OQSRZ/c0rTl98SR7t -Rkmjt77TAq93gufv3rxPEgJTEj6flHmt0V8236nXLqK5LKB/Rg6WJxePYJACTKeM -/u4H5KVxazbIGSUek2MYZ59KwlhIr4HCaDng/kgQbf6jDbYZ5x1LiEO3i50XqIZ6 -YTSRG3ApKsz1ECQU6FRVy+sS6FBBR0ti/OWqUS5WEyAOOewO37go3SoPBewLfnTt -I5oZN1pA1hCyCBK5VSRDPucpPqmY/90CggEAbFRUDyEkq9p7/Va/PYJLMe+1zGoy -+jCC1nm5LioxrUdpE+CV1t1cVutnlI3sRD+79oX/zwlwQ+pCx1XOMCmGs4uZUx5f -UtpGnsPamlyQKyQfPam3N4+4gaY9LLPiYCrI/XQh+vZQNlQTStuKLtb0R8+4wEER -KDTtC2cNN5fSnexEifpvq5yK3x6bH66pPyuRE27vVQ7diPar9A+VwkLs+zGbfnWW -MP/zYUbuiatC/LozcYLs/01m3Nu6oYi0OP/nFofepXNpQoZO8jKpnGRVVJ0EfgSe -f3qb9nkygj+gqGWT+PY6H39xKFz0h7dmmcP3Z7CrYXFEFfTCsUgbOKulAA== ------END RSA PRIVATE KEY----- diff --git a/keys/rootCA.srl b/keys/rootCA.srl deleted file mode 100644 index 617b916..0000000 --- a/keys/rootCA.srl +++ /dev/null @@ -1 +0,0 @@ -BAF3B5C5C6D0D166 diff --git a/main/params.go b/main/params.go index a216720..c18a937 100644 --- a/main/params.go +++ b/main/params.go @@ -10,6 +10,7 @@ import ( "net" "os" "path" + "path/filepath" "strings" "github.com/ava-labs/gecko/database/leveldb" @@ -19,23 +20,29 @@ import ( "github.com/ava-labs/gecko/nat" "github.com/ava-labs/gecko/node" "github.com/ava-labs/gecko/snow/networking/router" + "github.com/ava-labs/gecko/staking" "github.com/ava-labs/gecko/utils" "github.com/ava-labs/gecko/utils/formatting" "github.com/ava-labs/gecko/utils/hashing" "github.com/ava-labs/gecko/utils/logging" "github.com/ava-labs/gecko/utils/wrappers" - "github.com/mitchellh/go-homedir" ) const ( - dbVersion = "v0.2.0" - defaultDbDir = "~/.gecko/db" + dbVersion = "v0.2.0" ) // Results of parsing the CLI var ( - Config = node.Config{} - Err error + Config = node.Config{} + Err error + defaultDbDir = os.ExpandEnv(filepath.Join("$HOME", ".gecko", "db")) + defaultStakingKeyPath = os.ExpandEnv(filepath.Join("$HOME", ".gecko", "staking", "staker.key")) + defaultStakingCertPath = os.ExpandEnv(filepath.Join("$HOME", ".gecko", "staking", "staker.crt")) +) + +var ( + errBootstrapMismatch = errors.New("more bootstrap IDs provided than bootstrap IPs") ) // GetIPs returns the default IPs for each network @@ -54,17 +61,15 @@ func GetIPs(networkID uint32) []string { } } -var ( - errBootstrapMismatch = errors.New("more bootstrap IDs provided than bootstrap IPs") -) - // Parse the CLI arguments func init() { errs := &wrappers.Errs{} defer func() { Err = errs.Err }() loggingConfig, err := logging.DefaultConfig() - errs.Add(err) + if errs.Add(err); errs.Errored() { + return + } fs := flag.NewFlagSet("gecko", flag.ContinueOnError) @@ -100,8 +105,8 @@ func init() { // Staking: consensusPort := fs.Uint("staking-port", 9651, "Port of the consensus server") fs.BoolVar(&Config.EnableStaking, "staking-tls-enabled", true, "Require TLS to authenticate staking connections") - fs.StringVar(&Config.StakingKeyFile, "staking-tls-key-file", "keys/staker.key", "TLS private key file for staking connections") - fs.StringVar(&Config.StakingCertFile, "staking-tls-cert-file", "keys/staker.crt", "TLS certificate file for staking connections") + fs.StringVar(&Config.StakingKeyFile, "staking-tls-key-file", defaultStakingKeyPath, "TLS private key for staking") + fs.StringVar(&Config.StakingCertFile, "staking-tls-cert-file", defaultStakingCertPath, "TLS certificate for staking") // Plugins: fs.StringVar(&Config.PluginDir, "plugin-dir", "./build/plugins", "Plugin directory for Ava VMs") @@ -142,22 +147,22 @@ func init() { } networkID, err := genesis.NetworkID(*networkName) - errs.Add(err) + if errs.Add(err); err != nil { + return + } Config.NetworkID = networkID // DB: - if *db && err == nil { - // TODO: Add better params here - if *dbDir == defaultDbDir { - if *dbDir, err = homedir.Expand(defaultDbDir); err != nil { - errs.Add(fmt.Errorf("couldn't resolve default db path: %v", err)) - } - } + if *db { + *dbDir = os.ExpandEnv(*dbDir) // parse any env variables dbPath := path.Join(*dbDir, genesis.NetworkName(Config.NetworkID), dbVersion) db, err := leveldb.New(dbPath, 0, 0, 0) + if err != nil { + errs.Add(fmt.Errorf("couldn't create db at %s: %w", dbPath, err)) + return + } Config.DB = db - errs.Add(err) } else { Config.DB = memdb.New() } @@ -169,7 +174,7 @@ func init() { if *consensusIP == "" { ip, err = Config.Nat.IP() if err != nil { - ip = net.IPv4zero + ip = net.IPv4zero // Couldn't get my IP...set to 0.0.0.0 } } else { ip = net.ParseIP(*consensusIP) @@ -177,7 +182,9 @@ func init() { if ip == nil { errs.Add(fmt.Errorf("Invalid IP Address %s", *consensusIP)) + return } + Config.StakingIP = utils.IPDesc{ IP: ip, Port: uint16(*consensusPort), @@ -190,7 +197,10 @@ func init() { for _, ip := range strings.Split(*bootstrapIPs, ",") { if ip != "" { addr, err := utils.ToIPDesc(ip) - errs.Add(err) + if err != nil { + errs.Add(fmt.Errorf("couldn't parse ip: %w", err)) + return + } Config.BootstrapPeers = append(Config.BootstrapPeers, &node.Peer{ IP: addr, }) @@ -209,20 +219,27 @@ func init() { cb58 := formatting.CB58{} for _, id := range strings.Split(*bootstrapIDs, ",") { if id != "" { - errs.Add(cb58.FromString(id)) - cert, err := ids.ToShortID(cb58.Bytes) - errs.Add(err) - + err = cb58.FromString(id) + if err != nil { + errs.Add(fmt.Errorf("couldn't parse bootstrap peer id to bytes: %w", err)) + return + } + peerID, err := ids.ToShortID(cb58.Bytes) + if err != nil { + errs.Add(fmt.Errorf("couldn't parse bootstrap peer id: %w", err)) + return + } if len(Config.BootstrapPeers) <= i { errs.Add(errBootstrapMismatch) - continue + return } - Config.BootstrapPeers[i].ID = cert + Config.BootstrapPeers[i].ID = peerID i++ } } if len(Config.BootstrapPeers) != i { errs.Add(fmt.Errorf("More bootstrap IPs, %d, provided than bootstrap IDs, %d", len(Config.BootstrapPeers), i)) + return } } else { for _, peer := range Config.BootstrapPeers { @@ -230,6 +247,27 @@ func init() { } } + // Staking + Config.StakingCertFile = os.ExpandEnv(Config.StakingCertFile) // parse any env variable + Config.StakingKeyFile = os.ExpandEnv(Config.StakingKeyFile) + switch { + // If staking key/cert locations are specified but not found, error + case Config.StakingKeyFile != defaultStakingKeyPath || Config.StakingCertFile != defaultStakingCertPath: + if _, err := os.Stat(Config.StakingKeyFile); os.IsNotExist(err) { + errs.Add(fmt.Errorf("couldn't find staking key at %s", Config.StakingKeyFile)) + return + } else if _, err := os.Stat(Config.StakingCertFile); os.IsNotExist(err) { + errs.Add(fmt.Errorf("couldn't find staking certificate at %s", Config.StakingCertFile)) + return + } + default: + // Only creates staking key/cert if [stakingKeyPath] doesn't exist + if err := staking.GenerateStakingKeyCert(Config.StakingKeyFile, Config.StakingCertFile); err != nil { + errs.Add(fmt.Errorf("couldn't generate staking key/cert: %w", err)) + return + } + } + // HTTP: Config.HTTPPort = uint16(*httpPort) @@ -238,14 +276,18 @@ func init() { loggingConfig.Directory = *logsDir } logFileLevel, err := logging.ToLevel(*logLevel) - errs.Add(err) + if errs.Add(err); err != nil { + return + } loggingConfig.LogLevel = logFileLevel if *logDisplayLevel == "" { *logDisplayLevel = *logLevel } displayLevel, err := logging.ToLevel(*logDisplayLevel) - errs.Add(err) + if errs.Add(err); err != nil { + return + } loggingConfig.DisplayLevel = displayLevel Config.LoggingConfig = loggingConfig diff --git a/scripts/ansible/restart_playbook.yml b/scripts/ansible/restart_playbook.yml index ee43d0e..e3c011f 100755 --- a/scripts/ansible/restart_playbook.yml +++ b/scripts/ansible/restart_playbook.yml @@ -7,8 +7,8 @@ vars: ava_binary: ~/go/src/github.com/ava-labs/gecko/build/ava repo_folder: ~/go/src/github.com/ava-labs/gecko - repo_name: ava-labs/gecko-internal - repo_branch: platformvm-proposal-accept + repo_name: ava-labs/gecko + repo_branch: master roles: - name: ava-stop - name: ava-build diff --git a/scripts/ansible/test-inventory.yml b/scripts/ansible/test-inventory.yml index 220a8f4..dccde9e 100755 --- a/scripts/ansible/test-inventory.yml +++ b/scripts/ansible/test-inventory.yml @@ -2,8 +2,8 @@ borealis_bootstrap: hosts: bootstrap1: ansible_host: 3.84.129.247 - staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker1.key" - staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker1.crt" + staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker1.key" + staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker1.crt" vars: ansible_connection: ssh ansible_user: ubuntu @@ -44,20 +44,20 @@ borealis_node: hosts: node1: ansible_host: 35.153.99.244 - staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker2.key" - staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker2.crt" + staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker2.key" + staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker2.crt" node2: ansible_host: 34.201.137.119 - staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker3.key" - staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker3.crt" + staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker3.key" + staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker3.crt" node3: ansible_host: 54.146.1.110 - staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker4.key" - staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker4.crt" + staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker4.key" + staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker4.crt" node4: ansible_host: 54.91.255.231 - staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker5.key" - staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker5.crt" + staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker5.key" + staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker5.crt" vars: ansible_connection: ssh ansible_user: ubuntu diff --git a/scripts/ansible/update_playbook.yml b/scripts/ansible/update_playbook.yml index b704eee..7386eaa 100755 --- a/scripts/ansible/update_playbook.yml +++ b/scripts/ansible/update_playbook.yml @@ -7,8 +7,8 @@ vars: ava_binary: ~/go/src/github.com/ava-labs/gecko/build/ava repo_folder: ~/go/src/github.com/ava-labs/gecko - repo_name: ava-labs/gecko-internal - repo_branch: platformvm-proposal-accept + repo_name: ava-labs/gecko + repo_branch: master roles: - name: ava-stop - name: ava-build diff --git a/staking/gen_staker_key.go b/staking/gen_staker_key.go new file mode 100644 index 0000000..8969ea3 --- /dev/null +++ b/staking/gen_staker_key.go @@ -0,0 +1,74 @@ +package staking + +import ( + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "fmt" + "math/big" + "os" + "path/filepath" + "time" +) + +// GenerateStakingKeyCert generates a self-signed TLS key/cert pair to use in staking +// The key and files will be placed at [keyPath] and [certPath], respectively +// If there is already a file at [keyPath], returns nil +func GenerateStakingKeyCert(keyPath, certPath string) error { + // If there is already a file at [keyPath], do nothing + if _, err := os.Stat(keyPath); !os.IsNotExist(err) { + return nil + } + + // Create key to sign cert with + key, err := rsa.GenerateKey(rand.Reader, 4096) + if err != nil { + return fmt.Errorf("couldn't generate rsa key: %w", err) + } + + // Create self-signed staking cert + certTemplate := &x509.Certificate{ + SerialNumber: big.NewInt(0), + NotBefore: time.Date(2000, time.January, 0, 0, 0, 0, 0, time.UTC), + NotAfter: time.Now().AddDate(100, 0, 0), + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageDataEncipherment, + BasicConstraintsValid: true, + } + certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, &key.PublicKey, key) + if err != nil { + return fmt.Errorf("couldn't create certificate: %w", err) + } + + // Write cert to disk + if err := os.MkdirAll(filepath.Dir(certPath), 0755); err != nil { + return fmt.Errorf("couldn't create path for key/cert: %w", err) + } + certOut, err := os.Create(certPath) + if err != nil { + return fmt.Errorf("couldn't create cert file: %w", err) + } + if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil { + return fmt.Errorf("couldn't write cert file: %w", err) + } + if err := certOut.Close(); err != nil { + return fmt.Errorf("couldn't close cert file: %w", err) + } + + // Write key to disk + keyOut, err := os.Create(keyPath) + if err != nil { + return fmt.Errorf("couldn't create key file: %w", err) + } + privBytes, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + return fmt.Errorf("couldn't marshal private key: %w", err) + } + if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil { + return fmt.Errorf("couldn't write private key: %w", err) + } + if err := keyOut.Close(); err != nil { + return fmt.Errorf("couldn't close key file: %w", err) + } + return nil +} diff --git a/keys/local/staker1.crt b/staking/local/staker1.crt similarity index 100% rename from keys/local/staker1.crt rename to staking/local/staker1.crt diff --git a/keys/local/staker1.key b/staking/local/staker1.key similarity index 100% rename from keys/local/staker1.key rename to staking/local/staker1.key diff --git a/keys/local/staker2.crt b/staking/local/staker2.crt similarity index 100% rename from keys/local/staker2.crt rename to staking/local/staker2.crt diff --git a/keys/local/staker2.key b/staking/local/staker2.key similarity index 100% rename from keys/local/staker2.key rename to staking/local/staker2.key diff --git a/keys/local/staker3.crt b/staking/local/staker3.crt similarity index 100% rename from keys/local/staker3.crt rename to staking/local/staker3.crt diff --git a/keys/local/staker3.key b/staking/local/staker3.key similarity index 100% rename from keys/local/staker3.key rename to staking/local/staker3.key diff --git a/keys/local/staker4.crt b/staking/local/staker4.crt similarity index 100% rename from keys/local/staker4.crt rename to staking/local/staker4.crt diff --git a/keys/local/staker4.key b/staking/local/staker4.key similarity index 100% rename from keys/local/staker4.key rename to staking/local/staker4.key diff --git a/keys/local/staker5.crt b/staking/local/staker5.crt similarity index 100% rename from keys/local/staker5.crt rename to staking/local/staker5.crt diff --git a/keys/local/staker5.key b/staking/local/staker5.key similarity index 100% rename from keys/local/staker5.key rename to staking/local/staker5.key