mirror of https://github.com/poanetwork/gecko.git
Merge pull request #145 from ava-labs/move-keys-dir
add staking key/cert generation
This commit is contained in:
commit
a77e20a9d8
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
openssl genrsa -out `dirname "$0"`/rootCA.key 4096
|
|
||||||
openssl req -x509 -new -nodes -key `dirname "$0"`/rootCA.key -sha256 -days 365250 -out `dirname "$0"`/rootCA.crt
|
|
|
@ -1,13 +0,0 @@
|
||||||
#!/bin/sh
|
|
||||||
set -ex
|
|
||||||
|
|
||||||
keypath=$GOPATH/src/github.com/ava-labs/gecko/keys
|
|
||||||
|
|
||||||
if test -f "$keypath/staker.key" || test -f "$keypath/staker.crt"; then
|
|
||||||
echo "staker.key or staker.crt already exists. Not generating new key/certificiate."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
openssl genrsa -out `dirname "$0"`/staker.key 4096
|
|
||||||
openssl req -new -sha256 -key `dirname "$0"`/staker.key -subj "/C=US/ST=NY/O=Avalabs/CN=ava" -out `dirname "$0"`/staker.csr
|
|
||||||
openssl x509 -req -in `dirname "$0"`/staker.csr -CA `dirname "$0"`/rootCA.crt -CAkey `dirname "$0"`/rootCA.key -CAcreateserial -out `dirname "$0"`/staker.crt -days 365250 -sha256
|
|
|
@ -1,34 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIF1jCCA76gAwIBAgIJALI1DF9cpwfEMA0GCSqGSIb3DQEBCwUAMH8xCzAJBgNV
|
|
||||||
BAYTAlVTMQswCQYDVQQIDAJOWTEPMA0GA1UEBwwGSXRoYWNhMRAwDgYDVQQKDAdB
|
|
||||||
dmFsYWJzMQ4wDAYDVQQLDAVHZWNrbzEMMAoGA1UEAwwDYXZhMSIwIAYJKoZIhvcN
|
|
||||||
AQkBFhNzdGVwaGVuQGF2YWxhYnMub3JnMCAXDTE5MDIyODIwNTkyNFoYDzMwMTkw
|
|
||||||
MzA4MjA1OTI0WjB/MQswCQYDVQQGEwJVUzELMAkGA1UECAwCTlkxDzANBgNVBAcM
|
|
||||||
Bkl0aGFjYTEQMA4GA1UECgwHQXZhbGFiczEOMAwGA1UECwwFR2Vja28xDDAKBgNV
|
|
||||||
BAMMA2F2YTEiMCAGCSqGSIb3DQEJARYTc3RlcGhlbkBhdmFsYWJzLm9yZzCCAiIw
|
|
||||||
DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJ45ScWV8tsCNO+NTIBuUYsPkhcg
|
|
||||||
jrp0HEyCHY3XEkxsLuDqtesNyv39YA0xQ3M3FP1e29tjFeHWJzyzV8O1H+6yco93
|
|
||||||
QAtzh9xELYD301Yq+x55yZrSjZxNIC5Tmz1ewTfD315lNR04M6JmqjrStIuLsWFU
|
|
||||||
m6P4OgXs4daqnyq9au4PYSrejcbexW59rKxLryK6Acv+E9Ax04oS33g9KqPmlRx0
|
|
||||||
lfu3x4nkIKIl+VaK1wC5CwJDYZ91KpEbC8Z2YvTeVDH+/hz/MvKl1CEaqK/4G5FB
|
|
||||||
KGEyd/bGRxMVQF41G7liJLaXzPLyZnKO2n21ZuJhkA9MZelt1U0LuQU505qU7IzW
|
|
||||||
cmKFEIb1MOrclaF19Is7HQlJWKyDo2/hfjSCZO8zH7eR9EGzKyQwZhwkYCycJD44
|
|
||||||
RKEHq6s/Z2dHUlpLIgRJ7k171TNkL9+xLntu8v1lzTkhemSNeO9asqJ7VcvpnMHH
|
|
||||||
bQXpDxJpi8jTnV8In8EolSqaKeN6/nzwbbSJ7gHehgpDhC1DlXPRzTt/ktQKlNGW
|
|
||||||
T5bdNdvYFyYTd9fu78aJZSbJo8jS2fykWuBgOgnlV8VmwpDa7iHM3EECByhf5GKB
|
|
||||||
J1jBlXO1ZyfJ7sNTbuVM7Uc2JkB4ASKdm3GZ3sFv95HjSTJAUORjE4pQ1es4kfDU
|
|
||||||
KqzDHH+bEHaGIGJTAgMBAAGjUzBRMB0GA1UdDgQWBBQr2T0duSMkvGXe3bSdWcei
|
|
||||||
73QtwzAfBgNVHSMEGDAWgBQr2T0duSMkvGXe3bSdWcei73QtwzAPBgNVHRMBAf8E
|
|
||||||
BTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBpP18zCdzvnSdPigg9wx+a8Znr4aJj
|
|
||||||
FxZYwBY6/BmKb56ke9g+zKKCw2dYYkRYDcTOEfuBgBvNeCSJv4R5rmkukkL8RCIG
|
|
||||||
XV/WfSn2d3Mnz5KTgGQS6Q9s5qx+8ydkiGZthi+8a8ltXczyYrvWgd47U0NWTcOY
|
|
||||||
omjgF6XF+hVLWLgiwmA468pd7wyCsuJJkyxxeyDPXQ422I1AJW/7c5JQQa+lDNsv
|
|
||||||
Vna6420mZ/DiQd3stFkdjhRjmBZvGQ09g6l3zo6TgI1TWr5TMYPrempBVCWPNilC
|
|
||||||
XaMysU77+tPutI+7kMBuGvLuZtPrH/2uTYdXWPodyORm5i2ABF6In3VISPD9YNc0
|
|
||||||
gWx3PYGi2BfdnZepCojsffUMlhT3SsiAKMYv5FhW8LQBNMRR4721U1Vf5f8fzNQn
|
|
||||||
3E55TthV5HXZQ6HcLhkmOvH8CMqtWGETTbBtYSA2AVMjoqs7QDGkfsCH9UuwGd1N
|
|
||||||
W12JOf53XyOQT2XwWerSQC2kv7elsTh6Bk7PhvrCi0OwCVSGny5IQY/aXM1n6Z6s
|
|
||||||
scJlZmq6P3AJZ3tRtBt9yDK7iIW7mzNLTb/kAjsNQh06oETJIJ0CIgL0Bn6CANYU
|
|
||||||
kNqB4oTxmAhdOPKNgqaIwdZAL1VDIVaQEcvGeZRduo7yZvA/MhuQD8IIKSeOBFaD
|
|
||||||
DB8IRfWqBx2nWw==
|
|
||||||
-----END CERTIFICATE-----
|
|
|
@ -1,51 +0,0 @@
|
||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIJJwIBAAKCAgEAnjlJxZXy2wI0741MgG5Riw+SFyCOunQcTIIdjdcSTGwu4Oq1
|
|
||||||
6w3K/f1gDTFDczcU/V7b22MV4dYnPLNXw7Uf7rJyj3dAC3OH3EQtgPfTVir7HnnJ
|
|
||||||
mtKNnE0gLlObPV7BN8PfXmU1HTgzomaqOtK0i4uxYVSbo/g6Bezh1qqfKr1q7g9h
|
|
||||||
Kt6Nxt7Fbn2srEuvIroBy/4T0DHTihLfeD0qo+aVHHSV+7fHieQgoiX5VorXALkL
|
|
||||||
AkNhn3UqkRsLxnZi9N5UMf7+HP8y8qXUIRqor/gbkUEoYTJ39sZHExVAXjUbuWIk
|
|
||||||
tpfM8vJmco7afbVm4mGQD0xl6W3VTQu5BTnTmpTsjNZyYoUQhvUw6tyVoXX0izsd
|
|
||||||
CUlYrIOjb+F+NIJk7zMft5H0QbMrJDBmHCRgLJwkPjhEoQerqz9nZ0dSWksiBEnu
|
|
||||||
TXvVM2Qv37Eue27y/WXNOSF6ZI1471qyontVy+mcwcdtBekPEmmLyNOdXwifwSiV
|
|
||||||
Kpop43r+fPBttInuAd6GCkOELUOVc9HNO3+S1AqU0ZZPlt0129gXJhN31+7vxoll
|
|
||||||
JsmjyNLZ/KRa4GA6CeVXxWbCkNruIczcQQIHKF/kYoEnWMGVc7VnJ8nuw1Nu5Uzt
|
|
||||||
RzYmQHgBIp2bcZnewW/3keNJMkBQ5GMTilDV6ziR8NQqrMMcf5sQdoYgYlMCAwEA
|
|
||||||
AQKCAgAhNota05AoEv2Dr5h4eS/azgjvm+D6GLd8A/AqPxRTQH5SrlJDpiCPUmmg
|
|
||||||
O1AaVlyslwX1toX4YxjXcBojNdkfJQxRO0oRXU4Oma0nnl4Zf2o5Sn1cZ4hcYAA6
|
|
||||||
WUiECGjsyMwRp5MPsCV+mKhxMpu9kzRH5xfIwqmDZuc9RZGlyh8xG79c3VzLeyXc
|
|
||||||
fLsLa9O2qW8JICuOj3cFS9LnDYfu4c85Kuv06+4R7vY+s1P0q65YM3+xGO3cKB8o
|
|
||||||
WJIPNfityCHKYOl8ssFCGDdAP7VbQuyegBv20z5FafevdM2POPy53HUycwkNkn6Y
|
|
||||||
243Xx4VyTeKMo4/dATY+NxC+nRXiz4jLna5a7IIIzjAHl2kF6iJVasd3+X/xWHsM
|
|
||||||
Lx9iDRjERf+J+y58GaDxetXL1C0xm7Rv28yMYVPAzpucvS4i72Xj7X8JkO3az3Qv
|
|
||||||
/wqBnxj8ouh+5jvT0nqCJsFZwK0F7Dr3na2lSf34XBCTnd9//FfSIY7mDIddxuVF
|
|
||||||
2rKKOl2KkvbDUuSKVZwdJeAp1CccN6SfLnxKy+436Z5hYzBIeGyejpCMWivDJ2I3
|
|
||||||
wjs4w4IPobT5dqaSdPYFTKJnoDv62vYbIN3o8pQ3QUXwmRPyKoPuxe7OZZyec43R
|
|
||||||
WUtajiW6AXjxUoEtPPPHAT/3pGKG2a0VGtDfjLjpp5OtQmteiQKCAQEAz62n9Lh1
|
|
||||||
POdC4088GEqrGPhq5MUz2j2pOCjEZ7utmD+Lo8x95McCU+jf4UJ+rbaf96dvjPRC
|
|
||||||
T0Sc6X6IvvQycJubzQe6XX6eyZsr67qpuY2MGze+NvmO4LcCOfNHerRyLK2DoGLW
|
|
||||||
jQVxJNsBIFo0T7iSuUICbfxKdKxfH+27rPANEvpqS5BJalAfeGPEL0GgUTKQmswc
|
|
||||||
23Pnu5mkb7TWLKNVq7o/5PxvXyKmJQaFHCV98pqQr/HhXd79dMD12TPZRvsNgPGK
|
|
||||||
XOsmPtC5RHhbs/Wmdk3X3ihoVezou2VPeWCIrCANCuU0zZBK1igVC3FGeUK8u1Dl
|
|
||||||
jrTkRsNTLbBiPwKCAQEAwwngBBjbdRCVvUVWIBQBOk/t/6WyeAVH4O/fq32KklW+
|
|
||||||
/SN5yeZhXjwMrFhSOqFUDipg/C4Imf5S3V+MlXO4lQsZzZa0d0euBIBt0SEcGE8P
|
|
||||||
rAkGcvwPfISBfYCnPem1ax01ixNJBxWDrgkfHZchywNPFgopiqpYR7X5ttACctCl
|
|
||||||
KLaDOXn667QmG1icsVgZV3L8gBxEdyjhmUGWFH/auS28oxqhUgiXrUQXbJKCesGD
|
|
||||||
E39r/SyOAGP5ZtTkWmNDp2+va8lSJwL1Ix+6qvexi/hIIGoFlSh5w+BwnBlxBL4C
|
|
||||||
cUanaXRtIqQ9rcO/xhZ7izmQzruNARLDPGIJ59MS7QKCAQBGR3wJAssZ2yD1j4DE
|
|
||||||
r7AK+TYjSODtP+SeDp24hPiQByEYQ0FvRDFzd+Ebd8cqvhyQUGcdiiNOc+et1JYu
|
|
||||||
GLFhDifBUJYuwYS2sP5B/Z8mHdKF+20xaW6CeSwVtFBCJAJnQCjFA+2bN3Y8hKhy
|
|
||||||
7FO7jriIXOA5nCEOLq7aPTc/pNSn0XpbK+7MPWUI9qoTW+AG2le5Ks2xLh4DjFDr
|
|
||||||
RIUeAgAh5xtsQEjoJu+WpAgzqDRg/xFrmS0s+SNIeWw5HqSuspK1SggKvcDpjPTF
|
|
||||||
SP2vfrfgXSNqGL6GJW/0yqoEZziZFxeS0lH2JphMtK+6eZDhxEXeFdg5XNnLYJor
|
|
||||||
Yf89AoIBAHbRLESys/c0HFTKybYPGdRhXzcvxXKynOBeoZ9Cgsm1LP3fv9EM5WJY
|
|
||||||
KMxRnf6Ty7Y5gQ4AKUNPGUI9dFKTxe4ebiC938EOzOd3Ke+OQSRZ/c0rTl98SR7t
|
|
||||||
Rkmjt77TAq93gufv3rxPEgJTEj6flHmt0V8236nXLqK5LKB/Rg6WJxePYJACTKeM
|
|
||||||
/u4H5KVxazbIGSUek2MYZ59KwlhIr4HCaDng/kgQbf6jDbYZ5x1LiEO3i50XqIZ6
|
|
||||||
YTSRG3ApKsz1ECQU6FRVy+sS6FBBR0ti/OWqUS5WEyAOOewO37go3SoPBewLfnTt
|
|
||||||
I5oZN1pA1hCyCBK5VSRDPucpPqmY/90CggEAbFRUDyEkq9p7/Va/PYJLMe+1zGoy
|
|
||||||
+jCC1nm5LioxrUdpE+CV1t1cVutnlI3sRD+79oX/zwlwQ+pCx1XOMCmGs4uZUx5f
|
|
||||||
UtpGnsPamlyQKyQfPam3N4+4gaY9LLPiYCrI/XQh+vZQNlQTStuKLtb0R8+4wEER
|
|
||||||
KDTtC2cNN5fSnexEifpvq5yK3x6bH66pPyuRE27vVQ7diPar9A+VwkLs+zGbfnWW
|
|
||||||
MP/zYUbuiatC/LozcYLs/01m3Nu6oYi0OP/nFofepXNpQoZO8jKpnGRVVJ0EfgSe
|
|
||||||
f3qb9nkygj+gqGWT+PY6H39xKFz0h7dmmcP3Z7CrYXFEFfTCsUgbOKulAA==
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
|
@ -1 +0,0 @@
|
||||||
BAF3B5C5C6D0D166
|
|
104
main/params.go
104
main/params.go
|
@ -10,6 +10,7 @@ import (
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
"path"
|
"path"
|
||||||
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
"github.com/ava-labs/gecko/database/leveldb"
|
"github.com/ava-labs/gecko/database/leveldb"
|
||||||
|
@ -19,23 +20,29 @@ import (
|
||||||
"github.com/ava-labs/gecko/nat"
|
"github.com/ava-labs/gecko/nat"
|
||||||
"github.com/ava-labs/gecko/node"
|
"github.com/ava-labs/gecko/node"
|
||||||
"github.com/ava-labs/gecko/snow/networking/router"
|
"github.com/ava-labs/gecko/snow/networking/router"
|
||||||
|
"github.com/ava-labs/gecko/staking"
|
||||||
"github.com/ava-labs/gecko/utils"
|
"github.com/ava-labs/gecko/utils"
|
||||||
"github.com/ava-labs/gecko/utils/formatting"
|
"github.com/ava-labs/gecko/utils/formatting"
|
||||||
"github.com/ava-labs/gecko/utils/hashing"
|
"github.com/ava-labs/gecko/utils/hashing"
|
||||||
"github.com/ava-labs/gecko/utils/logging"
|
"github.com/ava-labs/gecko/utils/logging"
|
||||||
"github.com/ava-labs/gecko/utils/wrappers"
|
"github.com/ava-labs/gecko/utils/wrappers"
|
||||||
"github.com/mitchellh/go-homedir"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
dbVersion = "v0.2.0"
|
dbVersion = "v0.2.0"
|
||||||
defaultDbDir = "~/.gecko/db"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// Results of parsing the CLI
|
// Results of parsing the CLI
|
||||||
var (
|
var (
|
||||||
Config = node.Config{}
|
Config = node.Config{}
|
||||||
Err error
|
Err error
|
||||||
|
defaultDbDir = os.ExpandEnv(filepath.Join("$HOME", ".gecko", "db"))
|
||||||
|
defaultStakingKeyPath = os.ExpandEnv(filepath.Join("$HOME", ".gecko", "staking", "staker.key"))
|
||||||
|
defaultStakingCertPath = os.ExpandEnv(filepath.Join("$HOME", ".gecko", "staking", "staker.crt"))
|
||||||
|
)
|
||||||
|
|
||||||
|
var (
|
||||||
|
errBootstrapMismatch = errors.New("more bootstrap IDs provided than bootstrap IPs")
|
||||||
)
|
)
|
||||||
|
|
||||||
// GetIPs returns the default IPs for each network
|
// GetIPs returns the default IPs for each network
|
||||||
|
@ -54,17 +61,15 @@ func GetIPs(networkID uint32) []string {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
|
||||||
errBootstrapMismatch = errors.New("more bootstrap IDs provided than bootstrap IPs")
|
|
||||||
)
|
|
||||||
|
|
||||||
// Parse the CLI arguments
|
// Parse the CLI arguments
|
||||||
func init() {
|
func init() {
|
||||||
errs := &wrappers.Errs{}
|
errs := &wrappers.Errs{}
|
||||||
defer func() { Err = errs.Err }()
|
defer func() { Err = errs.Err }()
|
||||||
|
|
||||||
loggingConfig, err := logging.DefaultConfig()
|
loggingConfig, err := logging.DefaultConfig()
|
||||||
errs.Add(err)
|
if errs.Add(err); errs.Errored() {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
fs := flag.NewFlagSet("gecko", flag.ContinueOnError)
|
fs := flag.NewFlagSet("gecko", flag.ContinueOnError)
|
||||||
|
|
||||||
|
@ -100,8 +105,8 @@ func init() {
|
||||||
// Staking:
|
// Staking:
|
||||||
consensusPort := fs.Uint("staking-port", 9651, "Port of the consensus server")
|
consensusPort := fs.Uint("staking-port", 9651, "Port of the consensus server")
|
||||||
fs.BoolVar(&Config.EnableStaking, "staking-tls-enabled", true, "Require TLS to authenticate staking connections")
|
fs.BoolVar(&Config.EnableStaking, "staking-tls-enabled", true, "Require TLS to authenticate staking connections")
|
||||||
fs.StringVar(&Config.StakingKeyFile, "staking-tls-key-file", "keys/staker.key", "TLS private key file for staking connections")
|
fs.StringVar(&Config.StakingKeyFile, "staking-tls-key-file", defaultStakingKeyPath, "TLS private key for staking")
|
||||||
fs.StringVar(&Config.StakingCertFile, "staking-tls-cert-file", "keys/staker.crt", "TLS certificate file for staking connections")
|
fs.StringVar(&Config.StakingCertFile, "staking-tls-cert-file", defaultStakingCertPath, "TLS certificate for staking")
|
||||||
|
|
||||||
// Plugins:
|
// Plugins:
|
||||||
fs.StringVar(&Config.PluginDir, "plugin-dir", "./build/plugins", "Plugin directory for Ava VMs")
|
fs.StringVar(&Config.PluginDir, "plugin-dir", "./build/plugins", "Plugin directory for Ava VMs")
|
||||||
|
@ -142,22 +147,22 @@ func init() {
|
||||||
}
|
}
|
||||||
|
|
||||||
networkID, err := genesis.NetworkID(*networkName)
|
networkID, err := genesis.NetworkID(*networkName)
|
||||||
errs.Add(err)
|
if errs.Add(err); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
Config.NetworkID = networkID
|
Config.NetworkID = networkID
|
||||||
|
|
||||||
// DB:
|
// DB:
|
||||||
if *db && err == nil {
|
if *db {
|
||||||
// TODO: Add better params here
|
*dbDir = os.ExpandEnv(*dbDir) // parse any env variables
|
||||||
if *dbDir == defaultDbDir {
|
|
||||||
if *dbDir, err = homedir.Expand(defaultDbDir); err != nil {
|
|
||||||
errs.Add(fmt.Errorf("couldn't resolve default db path: %v", err))
|
|
||||||
}
|
|
||||||
}
|
|
||||||
dbPath := path.Join(*dbDir, genesis.NetworkName(Config.NetworkID), dbVersion)
|
dbPath := path.Join(*dbDir, genesis.NetworkName(Config.NetworkID), dbVersion)
|
||||||
db, err := leveldb.New(dbPath, 0, 0, 0)
|
db, err := leveldb.New(dbPath, 0, 0, 0)
|
||||||
|
if err != nil {
|
||||||
|
errs.Add(fmt.Errorf("couldn't create db at %s: %w", dbPath, err))
|
||||||
|
return
|
||||||
|
}
|
||||||
Config.DB = db
|
Config.DB = db
|
||||||
errs.Add(err)
|
|
||||||
} else {
|
} else {
|
||||||
Config.DB = memdb.New()
|
Config.DB = memdb.New()
|
||||||
}
|
}
|
||||||
|
@ -169,7 +174,7 @@ func init() {
|
||||||
if *consensusIP == "" {
|
if *consensusIP == "" {
|
||||||
ip, err = Config.Nat.IP()
|
ip, err = Config.Nat.IP()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
ip = net.IPv4zero
|
ip = net.IPv4zero // Couldn't get my IP...set to 0.0.0.0
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ip = net.ParseIP(*consensusIP)
|
ip = net.ParseIP(*consensusIP)
|
||||||
|
@ -177,7 +182,9 @@ func init() {
|
||||||
|
|
||||||
if ip == nil {
|
if ip == nil {
|
||||||
errs.Add(fmt.Errorf("Invalid IP Address %s", *consensusIP))
|
errs.Add(fmt.Errorf("Invalid IP Address %s", *consensusIP))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
Config.StakingIP = utils.IPDesc{
|
Config.StakingIP = utils.IPDesc{
|
||||||
IP: ip,
|
IP: ip,
|
||||||
Port: uint16(*consensusPort),
|
Port: uint16(*consensusPort),
|
||||||
|
@ -190,7 +197,10 @@ func init() {
|
||||||
for _, ip := range strings.Split(*bootstrapIPs, ",") {
|
for _, ip := range strings.Split(*bootstrapIPs, ",") {
|
||||||
if ip != "" {
|
if ip != "" {
|
||||||
addr, err := utils.ToIPDesc(ip)
|
addr, err := utils.ToIPDesc(ip)
|
||||||
errs.Add(err)
|
if err != nil {
|
||||||
|
errs.Add(fmt.Errorf("couldn't parse ip: %w", err))
|
||||||
|
return
|
||||||
|
}
|
||||||
Config.BootstrapPeers = append(Config.BootstrapPeers, &node.Peer{
|
Config.BootstrapPeers = append(Config.BootstrapPeers, &node.Peer{
|
||||||
IP: addr,
|
IP: addr,
|
||||||
})
|
})
|
||||||
|
@ -209,20 +219,27 @@ func init() {
|
||||||
cb58 := formatting.CB58{}
|
cb58 := formatting.CB58{}
|
||||||
for _, id := range strings.Split(*bootstrapIDs, ",") {
|
for _, id := range strings.Split(*bootstrapIDs, ",") {
|
||||||
if id != "" {
|
if id != "" {
|
||||||
errs.Add(cb58.FromString(id))
|
err = cb58.FromString(id)
|
||||||
cert, err := ids.ToShortID(cb58.Bytes)
|
if err != nil {
|
||||||
errs.Add(err)
|
errs.Add(fmt.Errorf("couldn't parse bootstrap peer id to bytes: %w", err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
peerID, err := ids.ToShortID(cb58.Bytes)
|
||||||
|
if err != nil {
|
||||||
|
errs.Add(fmt.Errorf("couldn't parse bootstrap peer id: %w", err))
|
||||||
|
return
|
||||||
|
}
|
||||||
if len(Config.BootstrapPeers) <= i {
|
if len(Config.BootstrapPeers) <= i {
|
||||||
errs.Add(errBootstrapMismatch)
|
errs.Add(errBootstrapMismatch)
|
||||||
continue
|
return
|
||||||
}
|
}
|
||||||
Config.BootstrapPeers[i].ID = cert
|
Config.BootstrapPeers[i].ID = peerID
|
||||||
i++
|
i++
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(Config.BootstrapPeers) != i {
|
if len(Config.BootstrapPeers) != i {
|
||||||
errs.Add(fmt.Errorf("More bootstrap IPs, %d, provided than bootstrap IDs, %d", len(Config.BootstrapPeers), i))
|
errs.Add(fmt.Errorf("More bootstrap IPs, %d, provided than bootstrap IDs, %d", len(Config.BootstrapPeers), i))
|
||||||
|
return
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
for _, peer := range Config.BootstrapPeers {
|
for _, peer := range Config.BootstrapPeers {
|
||||||
|
@ -230,6 +247,27 @@ func init() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Staking
|
||||||
|
Config.StakingCertFile = os.ExpandEnv(Config.StakingCertFile) // parse any env variable
|
||||||
|
Config.StakingKeyFile = os.ExpandEnv(Config.StakingKeyFile)
|
||||||
|
switch {
|
||||||
|
// If staking key/cert locations are specified but not found, error
|
||||||
|
case Config.StakingKeyFile != defaultStakingKeyPath || Config.StakingCertFile != defaultStakingCertPath:
|
||||||
|
if _, err := os.Stat(Config.StakingKeyFile); os.IsNotExist(err) {
|
||||||
|
errs.Add(fmt.Errorf("couldn't find staking key at %s", Config.StakingKeyFile))
|
||||||
|
return
|
||||||
|
} else if _, err := os.Stat(Config.StakingCertFile); os.IsNotExist(err) {
|
||||||
|
errs.Add(fmt.Errorf("couldn't find staking certificate at %s", Config.StakingCertFile))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
default:
|
||||||
|
// Only creates staking key/cert if [stakingKeyPath] doesn't exist
|
||||||
|
if err := staking.GenerateStakingKeyCert(Config.StakingKeyFile, Config.StakingCertFile); err != nil {
|
||||||
|
errs.Add(fmt.Errorf("couldn't generate staking key/cert: %w", err))
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// HTTP:
|
// HTTP:
|
||||||
Config.HTTPPort = uint16(*httpPort)
|
Config.HTTPPort = uint16(*httpPort)
|
||||||
|
|
||||||
|
@ -238,14 +276,18 @@ func init() {
|
||||||
loggingConfig.Directory = *logsDir
|
loggingConfig.Directory = *logsDir
|
||||||
}
|
}
|
||||||
logFileLevel, err := logging.ToLevel(*logLevel)
|
logFileLevel, err := logging.ToLevel(*logLevel)
|
||||||
errs.Add(err)
|
if errs.Add(err); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
loggingConfig.LogLevel = logFileLevel
|
loggingConfig.LogLevel = logFileLevel
|
||||||
|
|
||||||
if *logDisplayLevel == "" {
|
if *logDisplayLevel == "" {
|
||||||
*logDisplayLevel = *logLevel
|
*logDisplayLevel = *logLevel
|
||||||
}
|
}
|
||||||
displayLevel, err := logging.ToLevel(*logDisplayLevel)
|
displayLevel, err := logging.ToLevel(*logDisplayLevel)
|
||||||
errs.Add(err)
|
if errs.Add(err); err != nil {
|
||||||
|
return
|
||||||
|
}
|
||||||
loggingConfig.DisplayLevel = displayLevel
|
loggingConfig.DisplayLevel = displayLevel
|
||||||
|
|
||||||
Config.LoggingConfig = loggingConfig
|
Config.LoggingConfig = loggingConfig
|
||||||
|
|
|
@ -7,8 +7,8 @@
|
||||||
vars:
|
vars:
|
||||||
ava_binary: ~/go/src/github.com/ava-labs/gecko/build/ava
|
ava_binary: ~/go/src/github.com/ava-labs/gecko/build/ava
|
||||||
repo_folder: ~/go/src/github.com/ava-labs/gecko
|
repo_folder: ~/go/src/github.com/ava-labs/gecko
|
||||||
repo_name: ava-labs/gecko-internal
|
repo_name: ava-labs/gecko
|
||||||
repo_branch: platformvm-proposal-accept
|
repo_branch: master
|
||||||
roles:
|
roles:
|
||||||
- name: ava-stop
|
- name: ava-stop
|
||||||
- name: ava-build
|
- name: ava-build
|
||||||
|
|
|
@ -2,8 +2,8 @@ borealis_bootstrap:
|
||||||
hosts:
|
hosts:
|
||||||
bootstrap1:
|
bootstrap1:
|
||||||
ansible_host: 3.84.129.247
|
ansible_host: 3.84.129.247
|
||||||
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker1.key"
|
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker1.key"
|
||||||
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker1.crt"
|
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker1.crt"
|
||||||
vars:
|
vars:
|
||||||
ansible_connection: ssh
|
ansible_connection: ssh
|
||||||
ansible_user: ubuntu
|
ansible_user: ubuntu
|
||||||
|
@ -44,20 +44,20 @@ borealis_node:
|
||||||
hosts:
|
hosts:
|
||||||
node1:
|
node1:
|
||||||
ansible_host: 35.153.99.244
|
ansible_host: 35.153.99.244
|
||||||
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker2.key"
|
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker2.key"
|
||||||
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker2.crt"
|
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker2.crt"
|
||||||
node2:
|
node2:
|
||||||
ansible_host: 34.201.137.119
|
ansible_host: 34.201.137.119
|
||||||
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker3.key"
|
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker3.key"
|
||||||
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker3.crt"
|
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker3.crt"
|
||||||
node3:
|
node3:
|
||||||
ansible_host: 54.146.1.110
|
ansible_host: 54.146.1.110
|
||||||
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker4.key"
|
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker4.key"
|
||||||
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker4.crt"
|
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker4.crt"
|
||||||
node4:
|
node4:
|
||||||
ansible_host: 54.91.255.231
|
ansible_host: 54.91.255.231
|
||||||
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker5.key"
|
staking_tls_key_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker5.key"
|
||||||
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/keys/local/staker5.crt"
|
staking_tls_cert_file: "/home/ubuntu/go/src/github.com/ava-labs/gecko/staking/local/staker5.crt"
|
||||||
vars:
|
vars:
|
||||||
ansible_connection: ssh
|
ansible_connection: ssh
|
||||||
ansible_user: ubuntu
|
ansible_user: ubuntu
|
||||||
|
|
|
@ -7,8 +7,8 @@
|
||||||
vars:
|
vars:
|
||||||
ava_binary: ~/go/src/github.com/ava-labs/gecko/build/ava
|
ava_binary: ~/go/src/github.com/ava-labs/gecko/build/ava
|
||||||
repo_folder: ~/go/src/github.com/ava-labs/gecko
|
repo_folder: ~/go/src/github.com/ava-labs/gecko
|
||||||
repo_name: ava-labs/gecko-internal
|
repo_name: ava-labs/gecko
|
||||||
repo_branch: platformvm-proposal-accept
|
repo_branch: master
|
||||||
roles:
|
roles:
|
||||||
- name: ava-stop
|
- name: ava-stop
|
||||||
- name: ava-build
|
- name: ava-build
|
||||||
|
|
|
@ -0,0 +1,74 @@
|
||||||
|
package staking
|
||||||
|
|
||||||
|
import (
|
||||||
|
"crypto/rand"
|
||||||
|
"crypto/rsa"
|
||||||
|
"crypto/x509"
|
||||||
|
"encoding/pem"
|
||||||
|
"fmt"
|
||||||
|
"math/big"
|
||||||
|
"os"
|
||||||
|
"path/filepath"
|
||||||
|
"time"
|
||||||
|
)
|
||||||
|
|
||||||
|
// GenerateStakingKeyCert generates a self-signed TLS key/cert pair to use in staking
|
||||||
|
// The key and files will be placed at [keyPath] and [certPath], respectively
|
||||||
|
// If there is already a file at [keyPath], returns nil
|
||||||
|
func GenerateStakingKeyCert(keyPath, certPath string) error {
|
||||||
|
// If there is already a file at [keyPath], do nothing
|
||||||
|
if _, err := os.Stat(keyPath); !os.IsNotExist(err) {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create key to sign cert with
|
||||||
|
key, err := rsa.GenerateKey(rand.Reader, 4096)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("couldn't generate rsa key: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Create self-signed staking cert
|
||||||
|
certTemplate := &x509.Certificate{
|
||||||
|
SerialNumber: big.NewInt(0),
|
||||||
|
NotBefore: time.Date(2000, time.January, 0, 0, 0, 0, 0, time.UTC),
|
||||||
|
NotAfter: time.Now().AddDate(100, 0, 0),
|
||||||
|
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageDataEncipherment,
|
||||||
|
BasicConstraintsValid: true,
|
||||||
|
}
|
||||||
|
certBytes, err := x509.CreateCertificate(rand.Reader, certTemplate, certTemplate, &key.PublicKey, key)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("couldn't create certificate: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write cert to disk
|
||||||
|
if err := os.MkdirAll(filepath.Dir(certPath), 0755); err != nil {
|
||||||
|
return fmt.Errorf("couldn't create path for key/cert: %w", err)
|
||||||
|
}
|
||||||
|
certOut, err := os.Create(certPath)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("couldn't create cert file: %w", err)
|
||||||
|
}
|
||||||
|
if err := pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: certBytes}); err != nil {
|
||||||
|
return fmt.Errorf("couldn't write cert file: %w", err)
|
||||||
|
}
|
||||||
|
if err := certOut.Close(); err != nil {
|
||||||
|
return fmt.Errorf("couldn't close cert file: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Write key to disk
|
||||||
|
keyOut, err := os.Create(keyPath)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("couldn't create key file: %w", err)
|
||||||
|
}
|
||||||
|
privBytes, err := x509.MarshalPKCS8PrivateKey(key)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("couldn't marshal private key: %w", err)
|
||||||
|
}
|
||||||
|
if err := pem.Encode(keyOut, &pem.Block{Type: "PRIVATE KEY", Bytes: privBytes}); err != nil {
|
||||||
|
return fmt.Errorf("couldn't write private key: %w", err)
|
||||||
|
}
|
||||||
|
if err := keyOut.Close(); err != nil {
|
||||||
|
return fmt.Errorf("couldn't close key file: %w", err)
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
Loading…
Reference in New Issue