mitch/cardano-docker
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
d2cf69a319
cardano-docker/scripts/generate_operational_certificate

112 lines
4.0 KiB
Plaintext
Raw Normal View History

first commit
2021-02-13 15:19:38 +00:00
#!/bin/bash
# From Documentation
# https://github.com/input-output-hk/cardano-tutorials/blob/master/node-setup/060_node_keys.md
# https://github.com/input-output-hk/cardano-tutorials/blob/master/node-setup/080_register_stakepool.md
# Init vars
source /scripts/init_node_vars
source /scripts/functions/wait_for_sync
# Enter staking directory
mkdir -p ${NODE_PATH}/staking/pool-keys
mkdir -p ${NODE_PATH}/staking/cold-keys
cd ${NODE_PATH}/staking/
echo ""
echo "Generate operational certificates"
if [ -d "pool-keys/" ]; then
source pool-keys/KESPERIOD
BACKUPNAME=pool-keys.$(date +%s).tar.gz
echo "pool-keys already exist."
echo "Created at slot: ${KESSLOT}"
echo "Backing up to ${BACKUPNAME} before creating new KES keys."
mkdir -p ../backups/
tar -zcvf ../backups/${BACKUPNAME} pool-keys/ > /dev/null
fi
if [ -d "cold-keys/" ]; then
BACKUPNAME=cold-keys.$(date +%s).tar.gz
echo "Backing up to ${BACKUPNAME} before creating new KES keys."
mkdir -p ../backups/
tar -zcvf ../backups/${BACKUPNAME} cold-keys/ > /dev/null
fi
# Create cold key
if [ ! -f "cold-keys/cold.skey" ]; then
echo "Creating cold keys."
echo "Warning: The cold keys should NOT be kept on your server. You should backup your cold keys and delete them from the server."
echo "Alternatively you can generate the keys on a seperate offline node, and move all the neccessary certificates and keys to the active staking node."
cardano-cli node key-gen \
--cold-verification-key-file cold-keys/cold.vkey \
--cold-signing-key-file cold-keys/cold.skey \
--operational-certificate-issue-counter-file cold-keys/cold.counter
cardano-cli stake-pool id --verification-key-file cold-keys/cold.vkey > ${NODE_PATH}/staking/POOL_ID
else
echo "Cold keys already exists."
fi
# Create Verifiable Random Function key
if [ ! -f "pool-keys/vrf.vkey" ]; then
echo "Generating VRF key"
cardano-cli node key-gen-VRF \
--verification-key-file pool-keys/vrf.vkey \
--signing-key-file pool-keys/vrf.skey
fi
# Create Key Evolving Signature key
if [ ! -f "pool-keys/kes.vkey" ]; then
echo "Generating KES key"
cardano-cli node key-gen-KES \
--verification-key-file pool-keys/kes.vkey \
--signing-key-file pool-keys/kes.skey
fi
# Get tip
TIP=$1
if [ -z "$TIP" ]; then
echo "You need to find the current tip of the blockchain. To get the current tip you can run the command \`get_slot\` in the your relay container."
read -p "Enter the current tip slot: " TIP
elif [ "$TIP" == "LIVE" ]; then
echo "Getting slot from live socket"
if [[ "${WAIT_FOR_SYNC}" == "True" ]]; then
wait_for_sync 99.90
fi
TIP=$(get_slot)
fi
# Get KESPeriod
SLOTSPERKESPERIOD=$(jq -r '.slotsPerKESPeriod' ${NODE_PATH}/shelley-genesis.json)
MAXKESEVOLUTIONS=$(jq -r '.maxKESEvolutions' ${NODE_PATH}/shelley-genesis.json)
MAXKESSLOTS=$(expr ${SLOTSPERKESPERIOD} \* ${MAXKESEVOLUTIONS})
KESPERIOD=$(expr ${TIP} / ${SLOTSPERKESPERIOD})
#KESPERIOD=$(expr ${KESPERIOD} - 1) # Because of bug in 1.19.0
EXPIRESLOT=$(expr ${TIP} + ${MAXKESSLOTS})
echo "export SLOTSPERKESPERIOD=${SLOTSPERKESPERIOD}" > pool-keys/KESPERIOD
echo "export KESSLOT=${TIP}" >> pool-keys/KESPERIOD
echo "export MAXKESEVOLUTIONS=${MAXKESEVOLUTIONS}" >> pool-keys/KESPERIOD
echo "export MAXKESSLOTS=${MAXKESSLOTS}" >> pool-keys/KESPERIOD
echo "export KESPERIOD=${KESPERIOD}" >> pool-keys/KESPERIOD
echo "export EXPIRESLOT=${EXPIRESLOT}" >> pool-keys/KESPERIOD
echo "Current slot: ${TIP}"
echo "slotsPerKesPeriod: ${SLOTSPERKESPERIOD}"
echo "KESPeriod: ${KESPERIOD}"
echo "MaxKESSlots: ${MAXKESSLOTS}"
echo "KESExpireSlot: ${EXPIRESLOT}"
# Create an operational node certificate
cardano-cli node issue-op-cert \
--kes-verification-key-file pool-keys/kes.vkey \
--cold-signing-key-file cold-keys/cold.skey \
--operational-certificate-issue-counter cold-keys/cold.counter \
--kes-period ${KESPERIOD} \
--out-file pool-keys/node.cert
echo "Successfully created node operational keys."
Reference in New Issue Copy Permalink