[akash-provider] do not issue TX when not needed

[arno01]

Changes:

• bump akash-provider chart to 0.153.0
• install bc
• check Akash RPC node is not 30 seconds behind/ahead before continuing
• do not append provider.yaml but rather create it from scratch
• figure the provider address in case the user passes --from=<key_name> instead of --from=<akash1...> address
• check provider existence on the blockchain before attempting to create
  a new one (akash tx provider create provider.yaml ...)
• check whether provider settings (host uri, attributes, ...) have changed
  before broadcasting the new ones on the blockchain (akash tx provider update provider.yaml ...)
• before generating and broadcasting the new provider certificate
  • check the last provider certificate found on the blockchain is valid
  • check whether the last provider certificate serial number found on the blockchain
    matches the local one

Issues addressed:

• fixes [akash-provider] update provider txs are expensive and may drain the account #35
• fixes do not create a new cert each time akash-provider gets restarted #9

[arno01]

Test run result

Ran helm upgrade from the local branch:

root@node1:~/helm-charts# helm upgrade akash-provider ./charts/akash-provider -n akash-services   --set keyringbackend="test"   --set from="$KEY_NAME"   --set key="$(cat ./key.pem | base64)"   --set keysecret="$(echo $KEY_PASSWORD | base64)"   --set domain="$DOMAIN"   --set chainid="akashnet-2"   --set image.tag="$AKASH_VERSION"   --set gas=auto   --set gasadjustment=1.25   --set gasprices=0.025uakt   --set withdrawalperiod=24h0m0s   --set bidpricestoragescale="0.00016,beta3=0.00016"   --set node="http://akash-node-1:26657"   --set attributes[0].key="region"   --set attributes[0].value="europe"   --set attributes[1].key="host"   --set attributes[1].value="akash"   --set attributes[2].key="tier"   --set attributes[2].value="community"   --set attributes[3].key="capabilities/storage/1/class"   --set attributes[3].value="default"   --set attributes[4].key="capabilities/storage/1/persistent"   --set attributes[4].value="true"   --set attributes[5].key="capabilities/storage/2/class"   --set attributes[5].value="beta3"   --set attributes[6].key="capabilities/storage/2/persistent"   --set attributes[6].value="true"

Bounce the akash-provider since it isn't happening automatically when the template changes but no the values passed via --set flag:

root@node1:~# kubectl -n akash-services delete pods -l app=akash-provider

Wait... and then check the logs:

root@node1:~# kubectl -n akash-services logs $(kubectl -n akash-services get pods -l app=akash-provider --output jsonpath='{.items[0].metadata.name}') --tail=1000 -f
...
...
Running hooks in /etc/ca-certificates/update.d...
done.
++ echo http://akash-node-1:26657
++ cut -d: -f2
++ cut -d / -f3
+ solo_ip=akash-node-1
++ echo http://akash-node-1:26657
++ cut -d: -f3-
+ port=26657
+ [[ http://akash-node-1:26657 != \h\t\t\p\:\/\/\a\k\a\s\h\-\n\o\d\e\-\1\:\2\6\6\5\7 ]]
++ curl -s http://akash-node-1:26657/status
++ jq -r .result.sync_info.catching_up
+ [[ false == \f\a\l\s\e ]]
++ akash status
++ jq -r .SyncInfo.latest_block_time
+ DATE_AKASH=2022-05-08T11:41:38.717038712Z
++ date +%s --date 2022-05-08T11:41:38.717038712Z
+ TS_AKASH=1652010098
++ date +%s
+ TS=1652010107
++ echo '1652010107 - 1652010098'
++ bc
+ DIFF=9
+ [[ 9 -gt 30 ]]
+ [[ 9 -lt -30 ]]
+ echo 'Last block Akash RPC http://akash-node-1:26657 seen was 9 seconds ago => OK'
Last block Akash RPC http://akash-node-1:26657 seen was 9 seconds ago => OK
+ cat
++ /bin/akash keys show default -a
+ PROVIDER_ADDRESS=akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0
+ [[ -z akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0 ]]
+ /bin/akash query provider get akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0 -o json
{"owner":"akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0","host_uri":"https://provider.akash.pro:8443","attributes":[{"key":"region","value":"europe"},{"key":"host","value":"akash"},{"key":"tier","value":"community"},{"key":"capabilities/storage/1/class","value":"default"},{"key":"capabilities/storage/1/persistent","value":"true"},{"key":"capabilities/storage/2/class","value":"beta3"},{"key":"capabilities/storage/2/persistent","value":"true"}],"info":{"email":"","website":""}}
+ [[ 0 -ne 0 ]]
+ [[ '' == *\i\n\c\o\r\r\e\c\t\ \a\c\c\o\u\n\t\ \s\e\q\u\e\n\c\e* ]]
+ [[ '' == *\a\l\r\e\a\d\y\ \e\x\i\s\t\s* ]]
+ [[ '' == *\E\r\r\o\r* ]]
++ akash query provider get akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0 -o json
++ jq
++ sha1sum
++ awk '{print $1}'
+ PROVIDER_IN_CHAIN=0156ec23c047e14bdd731426f66896f2338edbf4
++ /bin/akash tx provider update provider.yaml --offline --generate-only --from akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0
++ jq -r '.body.messages[]'
++ jq -r 'del(."@type")'
++ sha1sum
++ awk '{print $1}'
+ PROVIDER_LOCAL_FILE=0156ec23c047e14bdd731426f66896f2338edbf4
+ [[ 0156ec23c047e14bdd731426f66896f2338edbf4 != \0\1\5\6\e\c\2\3\c\0\4\7\e\1\4\b\d\d\7\3\1\4\2\6\f\6\6\8\9\6\f\2\3\3\8\e\d\b\f\4 ]]
+ GEN_NEW_CERT=1
++ akash query cert list --owner akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0 --state valid -o json
++ jq -r '.certificates[-1].certificate.state'
+ LAST_CERT_STATUS=valid
+ [[ valid != \v\a\l\i\d ]]
++ cat /root/.akash/akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0.pem
++ openssl x509 -serial -noout
cat: /root/.akash/akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0.pem: No such file or directory
unable to load certificate
140478983763264:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
+ LOCAL_CERT_SN=
++ akash query cert list --owner akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0 --state valid
++ jq -r '.certificates[-1].certificate.cert'
++ openssl base64 -A -d
++ openssl x509 -serial -noout
parse error: Invalid numeric literal at line 1, column 13
unable to load certificate
140330473841984:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE
+ REMOTE_CERT_SN=
+ [[ -z '' ]]
LOCAL_CERT_SN variable is empty. Most likely /root/.akash/akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0.pem is missing
+ echo 'LOCAL_CERT_SN variable is empty. Most likely /root/.akash/akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0.pem is missing'
+ GEN_NEW_CERT=0
+ [[ -z '' ]]
REMOTE_CERT_SN variable is empty. Most likely the cert hasn't been broadcasted to the blockchain yet.
+ echo 'REMOTE_CERT_SN variable is empty. Most likely the cert hasn'\''t been broadcasted to the blockchain yet.'
+ GEN_NEW_CERT=0
+ [[ -n 0 ]]
Generating new provider certificate
+ echo 'Generating new provider certificate'
+ /bin/akash tx cert generate server provider.akash.pro
+ echo 'Publishing new provider certificate'
+ /bin/akash tx cert publish server
Publishing new provider certificate
{"height":"5790044","txhash":"5E8F6606CAF8F332550808039A379E83F307BF8EC1E0E60BA0561F586A9BDC83","codespace":"","code":0,"data":"0A2A0A282F616B6173682E636572742E763162657461322E4D73674372656174654365727469666963617465","raw_log":"[{\"events\":[{\"type\":\"message\",\"attributes\":[{\"key\":\"action\",\"value\":\"/akash.cert.v1beta2.MsgCreateCertificate\"}]}]}]","logs":[{"msg_index":0,"log":"","events":[{"type":"message","attributes":[{"key":"action","value":"/akash.cert.v1beta2.MsgCreateCertificate"}]}]}],"info":"","gas_wanted":"106307","gas_used":"95635","tx":null,"timestamp":"","events":[{"type":"coin_spent","attributes":[{"key":"c3BlbmRlcg==","value":"YWthc2gxbnhxOGdtc3cydmx6M202OHF2eXZjZjNraDZxMjY5YWp2cXc2eTA=","index":true},{"key":"YW1vdW50","value":"MjY1OHVha3Q=","index":true}]},{"type":"coin_received","attributes":[{"key":"cmVjZWl2ZXI=","value":"YWthc2gxN3hwZnZha20yYW1nOTYyeWxzNmY4NHoza2VsbDhjNWxhenc4ajg=","index":true},{"key":"YW1vdW50","value":"MjY1OHVha3Q=","index":true}]},{"type":"transfer","attributes":[{"key":"cmVjaXBpZW50","value":"YWthc2gxN3hwZnZha20yYW1nOTYyeWxzNmY4NHoza2VsbDhjNWxhenc4ajg=","index":true},{"key":"c2VuZGVy","value":"YWthc2gxbnhxOGdtc3cydmx6M202OHF2eXZjZjNraDZxMjY5YWp2cXc2eTA=","index":true},{"key":"YW1vdW50","value":"MjY1OHVha3Q=","index":true}]},{"type":"message","attributes":[{"key":"c2VuZGVy","value":"YWthc2gxbnhxOGdtc3cydmx6M202OHF2eXZjZjNraDZxMjY5YWp2cXc2eTA=","index":true}]},{"type":"tx","attributes":[{"key":"ZmVl","value":"MjY1OHVha3Q=","index":true}]},{"type":"tx","attributes":[{"key":"YWNjX3NlcQ==","value":"YWthc2gxbnhxOGdtc3cydmx6M202OHF2eXZjZjNraDZxMjY5YWp2cXc2eTAvMTU5MTg=","index":true}]},{"type":"tx","attributes":[{"key":"c2lnbmF0dXJl","value":"clNRMEk3VEU1dm5oejYxQVNVRks5a055am5IUmJFSE56MytzZkkwb0RtaFl3WXBlbmZLbjU1b1ExZDg0aTRxTTg3K1Q5YXNMaC9rQUdmYjFFUytjb2c9PQ==","index":true}]},{"type":"message","attributes":[{"key":"YWN0aW9u","value":"L2FrYXNoLmNlcnQudjFiZXRhMi5Nc2dDcmVhdGVDZXJ0aWZpY2F0ZQ==","index":true}]}]}
+ /bin/akash provider run --cluster-k8s
I[2022-05-08|11:41:51.430] using in cluster kube config                 
D[2022-05-08|11:41:51.443] found existing hostname                      module=provider-cluster cmp=service hostname=053s21ah7df9d16k1acggvjmuc.ingress.akash.pro id=akash1d3wzys4n4uc7yqt84p4r6t08hafjnsfsaat965/5775476/1/1/akash1nxq8gmsw2vlz3m68qvyvcf3kh6q269ajvqw6y0