New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

admin.macaroon missing #890

Closed
Stadicus opened this Issue Mar 19, 2018 · 19 comments

Comments

Projects
None yet
7 participants
@Stadicus

Stadicus commented Mar 19, 2018

I am opening this issue on behalf of several users that followed my RaspiBolt guide and had the issue that the admin.macaroon was not created.

Would you mind glancing over the installation part in my guide to check if I missed something? Personally, I never had this issue and everything went as expected...

Thanks!

@Roasbeef

This comment has been minimized.

Member

Roasbeef commented Mar 19, 2018

If they had a partial installation, then their data directory might have been messed up from a prior installation. If they delete the macaroons, then they'll be regenerated.

@GeorgeSpark-Stahl

This comment has been minimized.

GeorgeSpark-Stahl commented Mar 20, 2018

I'm also seeing this issue, although I didn't follow that guide to get setup. I had an existing lnd installation which I deleted when I upgraded. But now only macaroons.db is getting recreated. I've searched around to see if the files were created elsewhere, but I haven't been able to find them. This is on macOS High Sierra.

@Roasbeef

This comment has been minimized.

Member

Roasbeef commented Mar 20, 2018

Are you starting lnd with --no-macaroons? In that case macaroons won't be generated at all if you do it upon initial set up.

@GeorgeSpark-Stahl

This comment has been minimized.

GeorgeSpark-Stahl commented Mar 20, 2018

I was not originally running with --no-macaroons, although I had added it as a workaround. I went to go recreate the issue by removing --no-macaroons and it recreated the correct macaroons, so everything is great now. 🤷‍♂️

@aakselrod

This comment has been minimized.

Collaborator

aakselrod commented Mar 20, 2018

@Stadicus, do people notice the macaroon issue after switching from testnet to mainnet, or is it present when they first start in testnet mode? The macaroon DB is encrypted with the same password as the wallet, so if you're moving to a new wallet, you need to delete the macaroon DB and any macaroons generated from that DB, which is missing from the instructions for moving to mainnet.

ETA: If the user happens to use the same password for the mainnet wallet that they had for the testnet wallet, this bypasses that problem.

@Stadicus

This comment has been minimized.

Stadicus commented Mar 20, 2018

I guess that could be the issue. I'll adjust the guide asap to clean up before the switch. Best to delete everything, or only specific files?

@aakselrod

This comment has been minimized.

Collaborator

aakselrod commented Mar 20, 2018

Delete the admin.macaroon, readonly.macaroon, and macaroons.db files. Do this any time you switch your wallet to a new one.

@cootpursuits

This comment has been minimized.

cootpursuits commented Mar 20, 2018

I had this issue when I first started in testnet mode. macaroons.db was generated, but admin.macaroon and readonly.macaroon were not.

@aakselrod

This comment has been minimized.

Collaborator

aakselrod commented Mar 20, 2018

@cootpursuits Are you running both lnd and lncli as the bitcoin user? Under what directory is the macaroons.db being generated?

@aakselrod

This comment has been minimized.

Collaborator

aakselrod commented Mar 20, 2018

@Stadicus It's created right after the wallet password is input:

https://github.com/lightningnetwork/lnd/blob/master/lnd.go#L222

Based on that, there's another interesting possible way to make it fail:

  • Start lnd, create wallet with password with lncli create
  • Stop lnd, delete macaroons.db and *.macaroon
  • Start lnd, enter the wrong password using lncli unlock

This will create a new macaroons.db, which will be encrypted with the wrong password. After that, the wallet decryption will fail. If you start lnd again, it will only be able to open one of macaroons.db or wallet.db.

@Stadicus

This comment has been minimized.

Stadicus commented Mar 20, 2018

Thanks a lot for the clarification. I removed my question as not to bother you with trivial stuff and tested myself (as described in Stadicus/guides#8 (comment)).

@aakselrod

This comment has been minimized.

Collaborator

aakselrod commented Mar 20, 2018

Happy to help, just can't seem to reproduce it myself without a mismatched wallet/macaroon DB password.

@Stadicus

This comment has been minimized.

Stadicus commented Mar 20, 2018

I just thought that I was able to recreate the issue, but it was my own error. For testing purposes, I quickly entered the password "12345" and got the following response:

bitcoin@RaspiBolt:/mnt/hdd $ lncli create
Input wallet password:
Confirm wallet password:

Do you have an existing cipher seed mnemonic you want to use? (Enter y/n): n

Your cipher seed can optionally be encrypted.
Input your passphrase you wish to encrypt it (or press enter to proceed without a cipher seed passphrase):

Generating fresh cipher seed...

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

---------------BEGIN LND CIPHER SEED---------------
...
...
...
---------------END LND CIPHER SEED-----------------

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!
[lncli] rpc error: code = Unknown desc = password must have at least 8 characters
bitcoin@RaspiBolt:/mnt/hdd $

No *.macaroon files and no macaroons db is created.

IMHO it's very easy to miss the error output on the last line. I think it would be a good idea to cancel the create command right after the password entry, and not ask for for additional information and even generate a mnemonicon.

Just my 5 satoshis. :-)

@Stadicus

This comment has been minimized.

Stadicus commented Mar 20, 2018

Another question (I am in the process of retracing all steps, but it takes time until the blockchain is synced again). When I set up my initial configuration, I created the wallet for testnet. AFAIK I could switch very easily to mainnet, without deleting any macaroons or wallet.

I am not sure now, but I don't think I had to create a new seed for mainnet. At least I did not note anything about creating in my guide, which I tested step by step.

Is this possible? Then it shouldn't be necessary to delete anything or create a new wallet, right?

@Roasbeef

This comment has been minimized.

Member

Roasbeef commented Mar 21, 2018

For testing purposes, I quickly entered the password "12345" and got the following response:

The error in the command shows that the password was invalid.

@Stadicus

This comment has been minimized.

Stadicus commented Mar 21, 2018

IMHO it's very easy to miss the error output on the last line.

Yes, I got that later on. It just not what one expects to get the error three steps after entering the password. But certainly not a high priority issue, more something in regards to UX.

@Stadicus

This comment has been minimized.

Stadicus commented Mar 25, 2018

Issue seems RAM related as stated by @aakselrod in this issue. Creating an additional swap file seems to solve it. Closing this issue for now.

@Stadicus Stadicus closed this Mar 25, 2018

@marshabl

This comment has been minimized.

marshabl commented Jun 18, 2018

FWIW, I commented out the CONF_SWAPSIZE=1000 @Stadicus 's guide, then deleted everything in the downloads folder and restarted bitcoind and lnd. This worked for me, so hopefully it works for others. I am no expert here, but do we need to have CONF_SWAPSIZE=1000?? Perhaps delete from guide?

This guide: https://brettmorrison.com/running-a-bitcoin-lightning-full-node-on-raspberry-pi
has some helpful pointers, particularly in the comments section.

@rek79

This comment has been minimized.

rek79 commented Sep 24, 2018

Resolved the issue (I think). Please reference my post here:
Stadicus/guides#8 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment