From c0f7fb08c0d94e4e77446eee10d29417a4c87b0a Mon Sep 17 00:00:00 2001 From: Callum Waters Date: Wed, 16 Jun 2021 17:13:14 +0200 Subject: [PATCH] config: add root dir to priv validator (#6585) --- cmd/tendermint/commands/init.go | 4 +- .../commands/reset_priv_validator.go | 6 +- cmd/tendermint/commands/show_validator.go | 11 ++- config/config.go | 79 ++++++++++--------- internal/consensus/common_test.go | 4 +- internal/consensus/replay_test.go | 6 +- internal/consensus/wal_generator.go | 4 +- node/node.go | 9 ++- node/public.go | 2 +- privval/grpc/util.go | 13 +-- rpc/client/evidence_test.go | 2 +- 11 files changed, 77 insertions(+), 63 deletions(-) diff --git a/cmd/tendermint/commands/init.go b/cmd/tendermint/commands/init.go index 75e6a020e..5dd9b7105 100644 --- a/cmd/tendermint/commands/init.go +++ b/cmd/tendermint/commands/init.go @@ -51,8 +51,8 @@ func initFilesWithConfig(config *cfg.Config) error { if config.Mode == cfg.ModeValidator { // private validator - privValKeyFile := config.PrivValidatorKeyFile() - privValStateFile := config.PrivValidatorStateFile() + privValKeyFile := config.PrivValidator.KeyFile() + privValStateFile := config.PrivValidator.StateFile() if tmos.FileExists(privValKeyFile) { pv, err = privval.LoadFilePV(privValKeyFile, privValStateFile) if err != nil { diff --git a/cmd/tendermint/commands/reset_priv_validator.go b/cmd/tendermint/commands/reset_priv_validator.go index 77a7884b0..046780ef1 100644 --- a/cmd/tendermint/commands/reset_priv_validator.go +++ b/cmd/tendermint/commands/reset_priv_validator.go @@ -41,14 +41,14 @@ var ResetPrivValidatorCmd = &cobra.Command{ // XXX: this is totally unsafe. // it's only suitable for testnets. func resetAll(cmd *cobra.Command, args []string) error { - return ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidatorKeyFile(), - config.PrivValidatorStateFile(), logger) + return ResetAll(config.DBDir(), config.P2P.AddrBookFile(), config.PrivValidator.KeyFile(), + config.PrivValidator.StateFile(), logger) } // XXX: this is totally unsafe. // it's only suitable for testnets. func resetPrivValidator(cmd *cobra.Command, args []string) error { - return resetFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile(), logger) + return resetFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile(), logger) } // ResetAll removes address book files plus all data, and resets the privValdiator data. diff --git a/cmd/tendermint/commands/show_validator.go b/cmd/tendermint/commands/show_validator.go index 2bdca9b8e..240ed943f 100644 --- a/cmd/tendermint/commands/show_validator.go +++ b/cmd/tendermint/commands/show_validator.go @@ -33,7 +33,12 @@ func showValidator(cmd *cobra.Command, args []string) error { protocol, _ := tmnet.ProtocolAndAddress(config.PrivValidator.ListenAddr) switch protocol { case "grpc": - pvsc, err := tmgrpc.DialRemoteSigner(config, config.ChainID(), logger) + pvsc, err := tmgrpc.DialRemoteSigner( + config.PrivValidator, + config.ChainID(), + logger, + config.Instrumentation.Prometheus, + ) if err != nil { return fmt.Errorf("can't connect to remote validator %w", err) } @@ -47,12 +52,12 @@ func showValidator(cmd *cobra.Command, args []string) error { } default: - keyFilePath := config.PrivValidatorKeyFile() + keyFilePath := config.PrivValidator.KeyFile() if !tmos.FileExists(keyFilePath) { return fmt.Errorf("private validator file %s does not exist", keyFilePath) } - pv, err := privval.LoadFilePV(keyFilePath, config.PrivValidatorStateFile()) + pv, err := privval.LoadFilePV(keyFilePath, config.PrivValidator.StateFile()) if err != nil { return err } diff --git a/config/config.go b/config/config.go index 8d2072b7b..73f6b4f66 100644 --- a/config/config.go +++ b/config/config.go @@ -125,34 +125,10 @@ func (cfg *Config) SetRoot(root string) *Config { cfg.P2P.RootDir = root cfg.Mempool.RootDir = root cfg.Consensus.RootDir = root + cfg.PrivValidator.RootDir = root return cfg } -// PrivValidatorClientKeyFile returns the full path to the priv_validator_key.json file -func (cfg Config) PrivValidatorClientKeyFile() string { - return rootify(cfg.PrivValidator.ClientKey, cfg.RootDir) -} - -// PrivValidatorClientCertificateFile returns the full path to the priv_validator_key.json file -func (cfg Config) PrivValidatorClientCertificateFile() string { - return rootify(cfg.PrivValidator.ClientCertificate, cfg.RootDir) -} - -// PrivValidatorCertificateAuthorityFile returns the full path to the priv_validator_key.json file -func (cfg Config) PrivValidatorRootCAFile() string { - return rootify(cfg.PrivValidator.RootCA, cfg.RootDir) -} - -// PrivValidatorKeyFile returns the full path to the priv_validator_key.json file -func (cfg Config) PrivValidatorKeyFile() string { - return rootify(cfg.PrivValidator.Key, cfg.RootDir) -} - -// PrivValidatorFile returns the full path to the priv_validator_state.json file -func (cfg Config) PrivValidatorStateFile() string { - return rootify(cfg.PrivValidator.State, cfg.RootDir) -} - // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg *Config) ValidateBasic() error { @@ -311,19 +287,6 @@ func (cfg BaseConfig) DBDir() string { return rootify(cfg.DBPath, cfg.RootDir) } -func (cfg Config) ArePrivValidatorClientSecurityOptionsPresent() bool { - switch { - case cfg.PrivValidator.RootCA == "": - return false - case cfg.PrivValidator.ClientKey == "": - return false - case cfg.PrivValidator.ClientCertificate == "": - return false - default: - return true - } -} - // ValidateBasic performs basic validation (checking param bounds, etc.) and // returns an error if any check fails. func (cfg BaseConfig) ValidateBasic() error { @@ -350,6 +313,8 @@ func (cfg BaseConfig) ValidateBasic() error { // PrivValidatorConfig defines the configuration parameters for running a validator type PrivValidatorConfig struct { + RootDir string `mapstructure:"home"` + // Path to the JSON file containing the private key to use as a validator in the consensus protocol Key string `mapstructure:"key-file"` @@ -380,6 +345,44 @@ func DefaultPrivValidatorConfig() *PrivValidatorConfig { } } +// ClientKeyFile returns the full path to the priv_validator_key.json file +func (cfg *PrivValidatorConfig) ClientKeyFile() string { + return rootify(cfg.ClientKey, cfg.RootDir) +} + +// ClientCertificateFile returns the full path to the priv_validator_key.json file +func (cfg *PrivValidatorConfig) ClientCertificateFile() string { + return rootify(cfg.ClientCertificate, cfg.RootDir) +} + +// CertificateAuthorityFile returns the full path to the priv_validator_key.json file +func (cfg *PrivValidatorConfig) RootCAFile() string { + return rootify(cfg.RootCA, cfg.RootDir) +} + +// KeyFile returns the full path to the priv_validator_key.json file +func (cfg *PrivValidatorConfig) KeyFile() string { + return rootify(cfg.Key, cfg.RootDir) +} + +// StateFile returns the full path to the priv_validator_state.json file +func (cfg *PrivValidatorConfig) StateFile() string { + return rootify(cfg.State, cfg.RootDir) +} + +func (cfg *PrivValidatorConfig) AreSecurityOptionsPresent() bool { + switch { + case cfg.RootCA == "": + return false + case cfg.ClientKey == "": + return false + case cfg.ClientCertificate == "": + return false + default: + return true + } +} + //----------------------------------------------------------------------------- // RPCConfig diff --git a/internal/consensus/common_test.go b/internal/consensus/common_test.go index af8c3ca27..682a83137 100644 --- a/internal/consensus/common_test.go +++ b/internal/consensus/common_test.go @@ -432,9 +432,9 @@ func newStateWithConfigAndBlockStore( } func loadPrivValidator(config *cfg.Config) *privval.FilePV { - privValidatorKeyFile := config.PrivValidatorKeyFile() + privValidatorKeyFile := config.PrivValidator.KeyFile() ensureDir(filepath.Dir(privValidatorKeyFile), 0700) - privValidatorStateFile := config.PrivValidatorStateFile() + privValidatorStateFile := config.PrivValidator.StateFile() privValidator, err := privval.LoadOrGenFilePV(privValidatorKeyFile, privValidatorStateFile) if err != nil { panic(err) diff --git a/internal/consensus/replay_test.go b/internal/consensus/replay_test.go index d7d3e8a47..e7c480cea 100644 --- a/internal/consensus/replay_test.go +++ b/internal/consensus/replay_test.go @@ -706,7 +706,7 @@ func testHandshakeReplay(t *testing.T, sim *simulatorTestSuite, nBlocks int, mod walFile := tempWALWithData(walBody) config.Consensus.SetWalFile(walFile) - privVal, err := privval.LoadFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + privVal, err := privval.LoadFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile()) require.NoError(t, err) wal, err := NewWAL(walFile) @@ -939,7 +939,7 @@ func TestHandshakePanicsIfAppReturnsWrongAppHash(t *testing.T) { // - 0x03 config := ResetConfig("handshake_test_") t.Cleanup(func() { os.RemoveAll(config.RootDir) }) - privVal, err := privval.LoadFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + privVal, err := privval.LoadFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile()) require.NoError(t, err) const appVersion = 0x0 pubKey, err := privVal.GetPubKey(context.Background()) @@ -1230,7 +1230,7 @@ func TestHandshakeUpdatesValidators(t *testing.T) { config := ResetConfig("handshake_test_") t.Cleanup(func() { _ = os.RemoveAll(config.RootDir) }) - privVal, err := privval.LoadFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + privVal, err := privval.LoadFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile()) require.NoError(t, err) pubKey, err := privVal.GetPubKey(context.Background()) require.NoError(t, err) diff --git a/internal/consensus/wal_generator.go b/internal/consensus/wal_generator.go index b7ee90d4d..81c2125ca 100644 --- a/internal/consensus/wal_generator.go +++ b/internal/consensus/wal_generator.go @@ -40,8 +40,8 @@ func WALGenerateNBlocks(t *testing.T, wr io.Writer, numBlocks int) (err error) { // COPY PASTE FROM node.go WITH A FEW MODIFICATIONS // NOTE: we can't import node package because of circular dependency. // NOTE: we don't do handshake so need to set state.Version.Consensus.App directly. - privValidatorKeyFile := config.PrivValidatorKeyFile() - privValidatorStateFile := config.PrivValidatorStateFile() + privValidatorKeyFile := config.PrivValidator.KeyFile() + privValidatorStateFile := config.PrivValidator.StateFile() privValidator, err := privval.LoadOrGenFilePV(privValidatorKeyFile, privValidatorStateFile) if err != nil { return err diff --git a/node/node.go b/node/node.go index 5c3cb0118..418e7c59f 100644 --- a/node/node.go +++ b/node/node.go @@ -104,7 +104,7 @@ func newDefaultNode(config *cfg.Config, logger log.Logger) (service.Service, err var pval *privval.FilePV if config.Mode == cfg.ModeValidator { - pval, err = privval.LoadOrGenFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + pval, err = privval.LoadOrGenFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile()) if err != nil { return nil, err } @@ -1176,7 +1176,12 @@ func createAndStartPrivValidatorGRPCClient( chainID string, logger log.Logger, ) (types.PrivValidator, error) { - pvsc, err := tmgrpc.DialRemoteSigner(config, chainID, logger) + pvsc, err := tmgrpc.DialRemoteSigner( + config.PrivValidator, + chainID, + logger, + config.Instrumentation.Prometheus, + ) if err != nil { return nil, fmt.Errorf("failed to start private validator: %w", err) } diff --git a/node/public.go b/node/public.go index fd5792880..e64306044 100644 --- a/node/public.go +++ b/node/public.go @@ -47,7 +47,7 @@ func New(conf *config.Config, switch conf.Mode { case config.ModeFull, config.ModeValidator: - pval, err := privval.LoadOrGenFilePV(conf.PrivValidatorKeyFile(), conf.PrivValidatorStateFile()) + pval, err := privval.LoadOrGenFilePV(conf.PrivValidator.KeyFile(), conf.PrivValidator.StateFile()) if err != nil { return nil, err } diff --git a/privval/grpc/util.go b/privval/grpc/util.go index 916d7b689..62647542c 100644 --- a/privval/grpc/util.go +++ b/privval/grpc/util.go @@ -88,21 +88,22 @@ func GenerateTLS(certPath, keyPath, ca string, log log.Logger) grpc.DialOption { // DialRemoteSigner is a generalized function to dial the gRPC server. func DialRemoteSigner( - config *cfg.Config, + config *cfg.PrivValidatorConfig, chainID string, logger log.Logger, + usePrometheus bool, ) (*SignerClient, error) { var transportSecurity grpc.DialOption - if config.ArePrivValidatorClientSecurityOptionsPresent() { - transportSecurity = GenerateTLS(config.PrivValidatorClientCertificateFile(), - config.PrivValidatorClientKeyFile(), config.PrivValidatorRootCAFile(), logger) + if config.AreSecurityOptionsPresent() { + transportSecurity = GenerateTLS(config.ClientCertificateFile(), + config.ClientKeyFile(), config.RootCAFile(), logger) } else { transportSecurity = grpc.WithInsecure() logger.Info("Using an insecure gRPC connection!") } dialOptions := DefaultDialOptions() - if config.Instrumentation.Prometheus { + if usePrometheus { grpcMetrics := grpc_prometheus.DefaultClientMetrics dialOptions = append(dialOptions, grpc.WithUnaryInterceptor(grpcMetrics.UnaryClientInterceptor())) } @@ -110,7 +111,7 @@ func DialRemoteSigner( dialOptions = append(dialOptions, transportSecurity) ctx := context.Background() - _, address := tmnet.ProtocolAndAddress(config.PrivValidator.ListenAddr) + _, address := tmnet.ProtocolAndAddress(config.ListenAddr) conn, err := grpc.DialContext(ctx, address, dialOptions...) if err != nil { logger.Error("unable to connect to server", "target", address, "err", err) diff --git a/rpc/client/evidence_test.go b/rpc/client/evidence_test.go index 3aab3d385..fde9a4c77 100644 --- a/rpc/client/evidence_test.go +++ b/rpc/client/evidence_test.go @@ -124,7 +124,7 @@ func TestBroadcastEvidence_DuplicateVoteEvidence(t *testing.T) { chainID := config.ChainID() - pv, err := privval.LoadOrGenFilePV(config.PrivValidatorKeyFile(), config.PrivValidatorStateFile()) + pv, err := privval.LoadOrGenFilePV(config.PrivValidator.KeyFile(), config.PrivValidator.StateFile()) require.NoError(t, err) for i, c := range GetClients(t, n, config) {