Skip to content

Commit

Permalink
Support partial set of keys in Cardano protocol mode.
Browse files Browse the repository at this point in the history
  • Loading branch information
@jbgi
jbgi committed Jul 10, 2020
1 parent 551b12f commit 6960090
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 60 deletions.
2 changes: 1 addition & 1 deletion clusters/cardano.nix
View file
Expand Up @@ -166,7 +166,7 @@ let
deployment.ec2.region = def.region;
imports = [
medium
cardano-ops.roles.core
(cardano-ops.roles.core nodeId)
];
services.cardano-node = {
inherit (def) producers;
Expand Down
121 changes: 62 additions & 59 deletions roles/core.nix
View file
@@ -1,8 +1,7 @@

pkgs: {config, name, ...}:
pkgs: nodeId: {config, name, ...}:
with pkgs;
let
nodeId = config.node.nodeId;

signingKey = ../keys/delegate-keys + ".${leftPad nodeId 3}.key";
delegationCertificate = ../keys/delegation-cert + ".${leftPad nodeId 3}.json";
Expand All @@ -12,74 +11,78 @@ let
operationalCertificate = ../keys/node-keys/node + "${toString nodeId}.opcert";

keysConfig = rec {
RealPBFT = [{
_file = ./core.nix;
services.cardano-node = {
signingKey = "/var/lib/keys/cardano-node-signing";
delegationCertificate = "/var/lib/keys/cardano-node-delegation-cert";
RealPBFT = {
_file = ./core.nix;
services.cardano-node = {
signingKey = "/var/lib/keys/cardano-node-signing";
delegationCertificate = "/var/lib/keys/cardano-node-delegation-cert";
};
systemd.services."cardano-node" = {
after = [ "cardano-node-signing-key.service" "cardano-node-delegation-cert-key.service" ];
wants = [ "cardano-node-signing-key.service" "cardano-node-delegation-cert-key.service" ];
};
deployment.keys = {
"cardano-node-signing" = builtins.trace ("${name}: using " + (toString signingKey)) {
keyFile = signingKey;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
systemd.services."cardano-node" = {
after = [ "cardano-node-signing-key.service" "cardano-node-delegation-cert-key.service" ];
wants = [ "cardano-node-signing-key.service" "cardano-node-delegation-cert-key.service" ];
};
deployment.keys = {
"cardano-node-signing" = builtins.trace ("${name}: using " + (toString signingKey)) {
keyFile = signingKey;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
"cardano-node-delegation-cert" = builtins.trace ("${name}: using " + (toString delegationCertificate)) {
keyFile = delegationCertificate;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
};
}];
TPraos = [{
_file = ./core.nix;
services.cardano-node = {
kesKey = "/var/lib/keys/cardano-node-kes-signing";
vrfKey = "/var/lib/keys/cardano-node-vrf-signing";
operationalCertificate = "/var/lib/keys/cardano-node-operational-cert";
"cardano-node-delegation-cert" = builtins.trace ("${name}: using " + (toString delegationCertificate)) {
keyFile = delegationCertificate;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
};
};
TPraos = {
_file = ./core.nix;
services.cardano-node = {
kesKey = "/var/lib/keys/cardano-node-kes-signing";
vrfKey = "/var/lib/keys/cardano-node-vrf-signing";
operationalCertificate = "/var/lib/keys/cardano-node-operational-cert";
};

systemd.services."cardano-node" = {
after = [ "cardano-node-vrf-signing-key.service" "cardano-node-kes-signing-key.service" "cardano-node-operational-cert-key.service" ];
wants = [ "cardano-node-vrf-signing-key.service" "cardano-node-kes-signing-key.service" "cardano-node-operational-cert-key.service" ];
partOf = [ "cardano-node-vrf-signing-key.service" "cardano-node-kes-signing-key.service" "cardano-node-operational-cert-key.service" ];
};
systemd.services."cardano-node" = {
after = [ "cardano-node-vrf-signing-key.service" "cardano-node-kes-signing-key.service" "cardano-node-operational-cert-key.service" ];
wants = [ "cardano-node-vrf-signing-key.service" "cardano-node-kes-signing-key.service" "cardano-node-operational-cert-key.service" ];
partOf = [ "cardano-node-vrf-signing-key.service" "cardano-node-kes-signing-key.service" "cardano-node-operational-cert-key.service" ];
};

deployment.keys = {
"cardano-node-vrf-signing" = builtins.trace ("${name}: using " + (toString vrfKey)) {
keyFile = vrfKey;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
"cardano-node-kes-signing" = builtins.trace ("${name}: using " + (toString kesKey)) {
keyFile = kesKey;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
"cardano-node-operational-cert" = builtins.trace ("${name}: using " + (toString operationalCertificate)) {
keyFile = operationalCertificate;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
deployment.keys = {
"cardano-node-vrf-signing" = builtins.trace ("${name}: using " + (toString vrfKey)) {
keyFile = vrfKey;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
"cardano-node-kes-signing" = builtins.trace ("${name}: using " + (toString kesKey)) {
keyFile = kesKey;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
"cardano-node-operational-cert" = builtins.trace ("${name}: using " + (toString operationalCertificate)) {
keyFile = operationalCertificate;
user = "cardano-node";
group = "cardano-node";
destDir = "/var/lib/keys";
};
}];
Cardano = RealPBFT ++ TPraos;
};
};
Cardano =
if !(builtins.pathExists signingKey) then TPraos
else if !(builtins.pathExists vrfKey) then RealPBFT
else lib.recursiveUpdate TPraos RealPBFT;
};

in {

imports = [
cardano-ops.modules.base-service
] ++ keysConfig.${globals.environmentConfig.nodeConfig.Protocol};
keysConfig.${globals.environmentConfig.nodeConfig.Protocol}
];

users.users.cardano-node.extraGroups = [ "keys" ];

Expand Down

0 comments on commit 6960090

Please sign in to comment.