Add walletrpcert option to specify different RPC cert for connecting to dcrwallet

[dezryth]

Currently dcrctl supports specifying separate servers for dcrd and dcrwallet via the rpcserver and walletrpcserver options.

In a setup where dcrwallet and dcrd are running on separate servers, one is limited to one or the other's commands dependent on whether dcrctl is run with the rpccert flag pointing at the certificate for dcrd or dcrwallet.

If there were a walletrpccert option, a user could specify the two different certificates in the config and dcrctl could determine which cert needs to be used based on whether the command is a --wallet command, and if the walletrpccert config value is set or not (as most installs work out of the box with dcr install setting up everything on one server).

Opening discussion on this to determine if this seems like a reasonably good idea or is not worth it.
(Perhaps there is a way to generate the cert so both dcrd and dcrwallet are accessible with the same rpc cert despite being on separate servers such that this is unnecessary.)

[davecgh]

I don't really see a need for this to be honest. It's trivial to create aliases:

alias dcrctld='dcrctl --rpccert=/path/to/dcrd.cert --rpcserver=ip:port_of_dcrd'
alias dcrctlw='dcrctl --wallet --rpccert=/path/to/dcrwallet.cert  --rpcserver=ip:port_of_dcrwallet'

Then, just add them to your shell's startup script (e.g. ~/.profile for bash) and then you can simply do:

$ dcrctld getinfo
$ dcrctlw getinfo

[dezryth]

That's a great point and exactly what I ended up doing. Fair enough! This can be closed as not needed. Thanks for the input.

[dezryth]

What is the reasoning behind having the separate option for walletrpcserver?

[davecgh]

The main motivation was so that default installs (which are local) will just work from the same tool without any additional configuration.

Once you start getting into remote setups with different ports, the need to create new certificates that include the external IP addresses, and so on, it is assumed you'll be familiar enough with the facilities of the operating system and general system administration tasks to configure things as desired.

[davecgh]

I'm leaving this open to give others an opportunity to comment as well. I'm not fundamentally opposed to such an option being added if people think its useful, I just don't think it's necessary for the aforementioned reasons.

[xaur]

I miss this fix too, and also for the user+password pair:

• rpcserver and walletrpcserver allow two different endpoints for dcrd and dcrwallet
• rpcuser and rpcpass is only one pair of credentials
• rpccert is only one cert

Allowing two endpoints suggests I can run dcrd and dcrwallet in parallel while using the same dcrctl to interact with them. At the same time it only has params for one user+pass pair, and one param for RPC server cert.

In practice it means I cannot have one dcrctl.conf to fully configure dcrctl's communication with both daemons. I workaround it by using two config files and specify them with dcrctl -C depending on whether I talk to dcrd or dcrwallet.

The alias approach works, but it is also a workaround. In both cases I end up with more CLI switches vs putting everything in a single conf file.

Having more stuff in conf files over wrapper scripts is better IMO (easier to copy and compare). Also, removing these inconsistencies makes configs easier to reason about. Learn the principle once and apply it for all Decred apps vs having to figure out why things are different here and there.

With that in mind, I vote to add walletuser, walletpass, and walletrpccert :)