From 2b732bc11aaa1ace7f9b61727ddcaa0ea11e0c5c Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 9 Apr 2018 15:41:26 +0200 Subject: [PATCH 1/4] generate node_key when running tendermint init --- cmd/tendermint/commands/init.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cmd/tendermint/commands/init.go b/cmd/tendermint/commands/init.go index 224452646..2faff20fe 100644 --- a/cmd/tendermint/commands/init.go +++ b/cmd/tendermint/commands/init.go @@ -3,6 +3,7 @@ package commands import ( "github.com/spf13/cobra" + "github.com/tendermint/tendermint/p2p" "github.com/tendermint/tendermint/types" pvm "github.com/tendermint/tendermint/types/priv_validator" cmn "github.com/tendermint/tmlibs/common" @@ -28,6 +29,16 @@ func initFiles(cmd *cobra.Command, args []string) { logger.Info("Generated private validator", "path", privValFile) } + nodeKeyFile := config.NodeKeyFile() + if cmn.FileExists(nodeKeyFile) { + logger.Info("Found node key", "path", nodeKeyFile) + } else { + if _, err := p2p.LoadOrGenNodeKey(nodeKeyFile); err != nil { + panic(err) + } + logger.Info("Generated node key", "path", nodeKeyFile) + } + // genesis file genFile := config.GenesisFile() if cmn.FileExists(genFile) { From 9be16d56ba4081213435d918b2ec7a709095e16e Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 9 Apr 2018 15:42:19 +0200 Subject: [PATCH 2/4] [docs] prefix IPs with node IDs Refs #1429 --- docs/deploy-testnets.rst | 16 ++++++++-------- docs/examples/getting-started.md | 25 ++++++++++++++++--------- docs/examples/install_tendermint.sh | 2 +- docs/examples/node1/node_key.json | 6 ++++++ docs/examples/node2/node_key.json | 6 ++++++ docs/examples/node3/node_key.json | 6 ++++++ docs/examples/node4/node_key.json | 6 ++++++ docs/using-tendermint.rst | 14 +++++++------- 8 files changed, 56 insertions(+), 25 deletions(-) create mode 100644 docs/examples/node1/node_key.json create mode 100644 docs/examples/node2/node_key.json create mode 100644 docs/examples/node3/node_key.json create mode 100644 docs/examples/node4/node_key.json diff --git a/docs/deploy-testnets.rst b/docs/deploy-testnets.rst index 5740ca56f..32355e4ae 100644 --- a/docs/deploy-testnets.rst +++ b/docs/deploy-testnets.rst @@ -11,26 +11,26 @@ Manual Deployments It's relatively easy to setup a Tendermint cluster manually. The only requirements for a particular Tendermint node are a private key for the -validator, stored as ``priv_validator.json``, and a list of the public -keys of all validators, stored as ``genesis.json``. These files should -be stored in ``~/.tendermint/config``, or wherever the ``$TMHOME`` variable -might be set to. +validator, stored as ``priv_validator.json``, a node key, stored as +``node_key.json`` and a list of the public keys of all validators, stored as +``genesis.json``. These files should be stored in ``~/.tendermint/config``, or +wherever the ``$TMHOME`` variable might be set to. Here are the steps to setting up a testnet manually: 1) Provision nodes on your cloud provider of choice 2) Install Tendermint and the application of interest on all nodes -3) Generate a private key for each validator using - ``tendermint gen_validator`` +3) Generate a private key and a node key for each validator using + ``tendermint init`` 4) Compile a list of public keys for each validator into a - ``genesis.json`` file. + ``genesis.json`` file and replace the existing file with it. 5) Run ``tendermint node --p2p.persistent_peers=< peer addresses >`` on each node, where ``< peer addresses >`` is a comma separated list of the IP:PORT combination for each node. The default port for Tendermint is ``46656``. Thus, if the IP addresses of your nodes were ``192.168.0.1, 192.168.0.2, 192.168.0.3, 192.168.0.4``, the command would look like: - ``tendermint node --p2p.persistent_peers=192.168.0.1:46656,192.168.0.2:46656,192.168.0.3:46656,192.168.0.4:46656``. + ``tendermint node --p2p.persistent_peers=96663a3dd0d7b9d17d4c8211b191af259621c693@192.168.0.1:46656, 429fcf25974313b95673f58d77eacdd434402665@192.168.0.2:46656, 0491d373a8e0fcf1023aaf18c51d6a1d0d4f31bd@192.168.0.3:46656, f9baeaa15fedf5e1ef7448dd60f46c01f1a9e9c4@192.168.0.4:46656``. After a few seconds, all the nodes should connect to each other and start making blocks! For more information, see the Tendermint Networks section diff --git a/docs/examples/getting-started.md b/docs/examples/getting-started.md index 1675b55b2..59015b79f 100644 --- a/docs/examples/getting-started.md +++ b/docs/examples/getting-started.md @@ -2,8 +2,9 @@ ## Overview -This is a quick start guide. If you have a vague idea about how Tendermint works -and want to get started right away, continue. Otherwise, [review the documentation](http://tendermint.readthedocs.io/en/master/) +This is a quick start guide. If you have a vague idea about how Tendermint +works and want to get started right away, continue. Otherwise, [review the +documentation](http://tendermint.readthedocs.io/en/master/). ## Install @@ -42,7 +43,7 @@ Confirm installation: ``` $ tendermint version -0.15.0-381fe19 +0.18.0-XXXXXXX ``` ## Initialization @@ -117,7 +118,9 @@ where the value is returned in hex. ## Cluster of Nodes -First create four Ubuntu cloud machines. The following was tested on Digital Ocean Ubuntu 16.04 x64 (3GB/1CPU, 20GB SSD). We'll refer to their respective IP addresses below as IP1, IP2, IP3, IP4. +First create four Ubuntu cloud machines. The following was tested on Digital +Ocean Ubuntu 16.04 x64 (3GB/1CPU, 20GB SSD). We'll refer to their respective IP +addresses below as IP1, IP2, IP3, IP4. Then, `ssh` into each machine, and execute [this script](https://git.io/vNLfY): @@ -131,12 +134,16 @@ This will install `go` and other dependencies, get the Tendermint source code, t Next, `cd` into `docs/examples`. Each command below should be run from each node, in sequence: ``` -tendermint node --home ./node1 --proxy_app=kvstore --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 -tendermint node --home ./node2 --proxy_app=kvstore --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 -tendermint node --home ./node3 --proxy_app=kvstore --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 -tendermint node --home ./node4 --proxy_app=kvstore --p2p.seeds IP1:46656,IP2:46656,IP3:46656,IP4:46656 +tendermint node --home ./node1 --proxy_app=kvstore --p2p.persistent_peers="3a558bd6f8c97453aa6c2372bb800e8b6ed8e6db@IP1:46656,ccf30d873fddda10a495f42687c8f33472a6569f@IP2:46656,9a4c3de5d6788a76c6ee3cd9ff41e3b45b4cfd14@IP3:46656,58e6f2ab297b3ceae107ba4c8c2898da5c009ff4@IP4:46656" +tendermint node --home ./node2 --proxy_app=kvstore --p2p.persistent_peers="3a558bd6f8c97453aa6c2372bb800e8b6ed8e6db@IP1:46656,ccf30d873fddda10a495f42687c8f33472a6569f@IP2:46656,9a4c3de5d6788a76c6ee3cd9ff41e3b45b4cfd14@IP3:46656,58e6f2ab297b3ceae107ba4c8c2898da5c009ff4@IP4:46656" +tendermint node --home ./node3 --proxy_app=kvstore --p2p.persistent_peers="3a558bd6f8c97453aa6c2372bb800e8b6ed8e6db@IP1:46656,ccf30d873fddda10a495f42687c8f33472a6569f@IP2:46656,9a4c3de5d6788a76c6ee3cd9ff41e3b45b4cfd14@IP3:46656,58e6f2ab297b3ceae107ba4c8c2898da5c009ff4@IP4:46656" +tendermint node --home ./node4 --proxy_app=kvstore --p2p.persistent_peers="3a558bd6f8c97453aa6c2372bb800e8b6ed8e6db@IP1:46656,ccf30d873fddda10a495f42687c8f33472a6569f@IP2:46656,9a4c3de5d6788a76c6ee3cd9ff41e3b45b4cfd14@IP3:46656,58e6f2ab297b3ceae107ba4c8c2898da5c009ff4@IP4:46656" ``` -Note that after the third node is started, blocks will start to stream in because >2/3 of validators (defined in the `genesis.json`) have come online. Seeds can also be specified in the `config.toml`. See [this PR](https://github.com/tendermint/tendermint/pull/792) for more information about configuration options. +Note that after the third node is started, blocks will start to stream in +because >2/3 of validators (defined in the `genesis.json`) have come online. +Seeds can also be specified in the `config.toml`. See [this +PR](https://github.com/tendermint/tendermint/pull/792) for more information +about configuration options. Transactions can then be sent as covered in the single, local node example above. diff --git a/docs/examples/install_tendermint.sh b/docs/examples/install_tendermint.sh index d58b84d04..aeb87db5f 100644 --- a/docs/examples/install_tendermint.sh +++ b/docs/examples/install_tendermint.sh @@ -26,7 +26,7 @@ go get $REPO cd $GOPATH/src/$REPO ## build -git checkout v0.17.0 +git checkout v0.18.0 make get_tools make get_vendor_deps make install diff --git a/docs/examples/node1/node_key.json b/docs/examples/node1/node_key.json new file mode 100644 index 000000000..de1c41718 --- /dev/null +++ b/docs/examples/node1/node_key.json @@ -0,0 +1,6 @@ +{ + "priv_key" : { + "data" : "DA9BAABEA7211A6D93D9A1986B4279EAB3021FAA1653D459D53E6AB4D1CFB4C69BF7D52E48CF00AC5779AA0A6D3C368955D5636A677F72370B8ED19989714CFC", + "type" : "ed25519" + } +} diff --git a/docs/examples/node2/node_key.json b/docs/examples/node2/node_key.json new file mode 100644 index 000000000..4e8b0b100 --- /dev/null +++ b/docs/examples/node2/node_key.json @@ -0,0 +1,6 @@ +{ + "priv_key" : { + "data" : "F7BCABA165DFC0DDD50AE563EFB285BAA236EA805D35612504238A36EFA105958756442B1D9F942D7ABD259F2D59671657B6378E9C7194342A7AAA47A66D1E95", + "type" : "ed25519" + } +} diff --git a/docs/examples/node3/node_key.json b/docs/examples/node3/node_key.json new file mode 100644 index 000000000..32fdeee9d --- /dev/null +++ b/docs/examples/node3/node_key.json @@ -0,0 +1,6 @@ +{ + "priv_key" : { + "data" : "95136FCC97E4446B3141EDF9841078107ECE755E99925D79CCBF91085492680B3CA1034D9917DF1DED4E4AB2D9BC225919F6CB2176F210D2368697CC339DF4E7", + "type" : "ed25519" + } +} diff --git a/docs/examples/node4/node_key.json b/docs/examples/node4/node_key.json new file mode 100644 index 000000000..955fc989a --- /dev/null +++ b/docs/examples/node4/node_key.json @@ -0,0 +1,6 @@ +{ + "priv_key" : { + "data" : "8895D6C9A1B46AB83A8E2BAE2121B8C3E245B9E9126EBD797FEAC5058285F2F64FDE2E8182C88AD5185A49D837C581465D57BD478C41865A66D7D9742D8AEF57", + "type" : "ed25519" + } +} diff --git a/docs/using-tendermint.rst b/docs/using-tendermint.rst index e07534c96..13c2d882f 100644 --- a/docs/using-tendermint.rst +++ b/docs/using-tendermint.rst @@ -81,13 +81,13 @@ We can see the chain's status at the ``/status`` end-point: :: - curl http://localhost:46657/status | jsonpp + curl http://localhost:46657/status | jsonpp and the ``latest_app_hash`` in particular: :: - curl http://localhost:46657/status | jsonpp | grep app_hash + curl http://localhost:46657/status | jsonpp | grep app_hash Visit http://localhost:46657 in your browser to see the list of other endpoints. Some take no arguments (like ``/status``), while others @@ -185,7 +185,7 @@ once per second, it is possible to disable empty blocks or set a block creation interval. In the former case, blocks will be created when there are new transactions or when the AppHash changes. -To configure Tendermint to not produce empty blocks unless there are +To configure Tendermint to not produce empty blocks unless there are transactions or the app hash changes, run Tendermint with this additional flag: :: @@ -334,14 +334,14 @@ For instance, :: - tendermint node --p2p.seeds "1.2.3.4:46656,5.6.7.8:46656" + tendermint node --p2p.seeds "f9baeaa15fedf5e1ef7448dd60f46c01f1a9e9c4@1.2.3.4:46656,0491d373a8e0fcf1023aaf18c51d6a1d0d4f31bd@5.6.7.8:46656" Alternatively, you can use the ``/dial_seeds`` endpoint of the RPC to specify seeds for a running node to connect to: :: - curl 'localhost:46657/dial_seeds?seeds=\["1.2.3.4:46656","5.6.7.8:46656"\]' + curl 'localhost:46657/dial_seeds?seeds=\["f9baeaa15fedf5e1ef7448dd60f46c01f1a9e9c4@1.2.3.4:46656","0491d373a8e0fcf1023aaf18c51d6a1d0d4f31bd@5.6.7.8:46656"\]' Note, if the peer-exchange protocol (PEX) is enabled (default), you should not normally need seeds after the first start. Peers will be gossipping about known @@ -355,8 +355,8 @@ core instance. :: - tendermint node --p2p.persistent_peers "10.11.12.13:46656,10.11.12.14:46656" - curl 'localhost:46657/dial_peers?persistent=true&peers=\["1.2.3.4:46656","5.6.7.8:46656"\]' + tendermint node --p2p.persistent_peers "429fcf25974313b95673f58d77eacdd434402665@10.11.12.13:46656,96663a3dd0d7b9d17d4c8211b191af259621c693@10.11.12.14:46656" + curl 'localhost:46657/dial_peers?persistent=true&peers=\["429fcf25974313b95673f58d77eacdd434402665@10.11.12.13:46656","96663a3dd0d7b9d17d4c8211b191af259621c693@10.11.12.14:46656"\]' Adding a Non-Validator ~~~~~~~~~~~~~~~~~~~~~~ From c954fca376420c867864f1cb0b68b561409eb22b Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 9 Apr 2018 15:55:56 +0200 Subject: [PATCH 3/4] gen_node_key cmd --- cmd/tendermint/commands/gen_node_key.go | 32 +++++++++++++++++++++++++ cmd/tendermint/main.go | 1 + 2 files changed, 33 insertions(+) create mode 100644 cmd/tendermint/commands/gen_node_key.go diff --git a/cmd/tendermint/commands/gen_node_key.go b/cmd/tendermint/commands/gen_node_key.go new file mode 100644 index 000000000..4990be477 --- /dev/null +++ b/cmd/tendermint/commands/gen_node_key.go @@ -0,0 +1,32 @@ +package commands + +import ( + "fmt" + + "github.com/spf13/cobra" + + "github.com/tendermint/tendermint/p2p" + cmn "github.com/tendermint/tmlibs/common" +) + +// GenNodeKeyCmd allows the generation of a node key. It prints node's ID to +// the standard output. +var GenNodeKeyCmd = &cobra.Command{ + Use: "gen_node_key", + Short: "Generate a node key for this node and print its ID", + RunE: genNodeKey, +} + +func genNodeKey(cmd *cobra.Command, args []string) error { + nodeKeyFile := config.NodeKeyFile() + if cmn.FileExists(nodeKeyFile) { + return fmt.Errorf("node key at %s already exists", nodeKeyFile) + } + + nodeKey, err := p2p.LoadOrGenNodeKey(nodeKeyFile) + if err != nil { + return err + } + fmt.Println(nodeKey.ID()) + return nil +} diff --git a/cmd/tendermint/main.go b/cmd/tendermint/main.go index fd6287115..8c7f0cd17 100644 --- a/cmd/tendermint/main.go +++ b/cmd/tendermint/main.go @@ -25,6 +25,7 @@ func main() { cmd.ShowValidatorCmd, cmd.TestnetFilesCmd, cmd.ShowNodeIDCmd, + cmd.GenNodeKeyCmd, cmd.VersionCmd) // NOTE: From 609452958c7b1a5add06f021de427f515e3d610c Mon Sep 17 00:00:00 2001 From: Anton Kaliaev Date: Mon, 9 Apr 2018 16:12:35 +0200 Subject: [PATCH 4/4] [docs/specification/secure-p2p] add a note about config --- docs/specification/secure-p2p.rst | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/specification/secure-p2p.rst b/docs/specification/secure-p2p.rst index c48ddb590..2110c835b 100644 --- a/docs/specification/secure-p2p.rst +++ b/docs/specification/secure-p2p.rst @@ -62,6 +62,13 @@ such as the Web-of-Trust or Certificate Authorities. In our case, we can use the blockchain itself as a certificate authority to ensure that we are connected to at least one validator. +Config +------ + +Authenticated encryption is enabled by default. If you wish to use another +authentication scheme or your peers are connected via VPN, you can turn it off +by setting ``auth_enc`` to ``false`` in the config file. + Additional Reading ------------------