From e55e9e9bbb4f145cac717f1042b8a43781cc46f0 Mon Sep 17 00:00:00 2001 From: yorickdowne <71337066+yorickdowne@users.noreply.github.com> Date: Mon, 18 Sep 2023 13:11:57 -0400 Subject: [PATCH] Don't use keymanager to register w3s keys with Teku (#1530) --- ethd | 19 +++++++++++++++++-- teku.yml | 1 + vc-utils/keymanager.sh | 20 +++++++++++++++----- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/ethd b/ethd index 20135064..7cfa6aae 100755 --- a/ethd +++ b/ethd @@ -1466,8 +1466,8 @@ __i_haz_web3signer() { fi var="WEB3SIGNER" - value=$(sed -n -e "s/^${var}=\(.*\)/\1/p" ".env" || true) - if [ ! "${value}" = "true" ]; then + __w3s=$(sed -n -e "s/^${var}=\(.*\)/\1/p" ".env" || true) + if [ ! "${__w3s}" = "true" ]; then return fi @@ -1571,6 +1571,7 @@ keys() { fi __i_haz_web3signer + __command="${1:-}" __owner_uid=$(id -u "${OWNER}") if [ "${1:-}" = "import" ]; then @@ -1770,6 +1771,20 @@ keys() { #__i_haz_keys_service docompose run --rm -e OWNER_UID="${__owner_uid}" validator-keys "$@" fi + var="COMPOSE_FILE" + value=$(sed -n -e "s/^${var}=\(.*\)/\1/p" ".env" || true) + + if [ "${__command}" = "import" ] || [ "${__command}" = "register" ] || [ "${__command}" = "delete" ]; then + # I do mean to match literally + # shellcheck disable=SC2076 + if [[ "${__w3s}" = "true" ]] && [[ "${value}" =~ "teku.yml" ]]; then + echo "Sending SIGHUP to Teku to load web3signer keys" + docompose exec consensus kill -SIGHUP 1 + elif [[ "${__w3s}" = "true" ]] && [[ "${value}" =~ "teku-vc-only.yml" ]]; then + echo "Sending SIGHUP to Teku to load web3signer keys" + docompose exec validator kill -SIGHUP 1 + fi + fi } keyimport() { diff --git a/teku.yml b/teku.yml index 63a9484f..8d6b33fe 100644 --- a/teku.yml +++ b/teku.yml @@ -134,6 +134,7 @@ services: - KEYSTORE_PASSWORD=${KEYSTORE_PASSWORD:-} - KEY_API_PORT=${KEY_API_PORT:-7500} - WEB3SIGNER=${WEB3SIGNER:-false} + - W3S_NOREG=true - CL_NODE=${CL_NODE} depends_on: - consensus diff --git a/vc-utils/keymanager.sh b/vc-utils/keymanager.sh index 39e13d1a..c677d2ef 100755 --- a/vc-utils/keymanager.sh +++ b/vc-utils/keymanager.sh @@ -444,8 +444,8 @@ validator-delete() { exit 1 ;; esac - # Remove remote registration - if [ "${WEB3SIGNER}" = "true" ]; then + # Remove remote registration, but not for Teku + if [ -z "${W3S_NOREG+x}" ] && [ "${WEB3SIGNER}" = "true" ]; then __api_container=${__vc_api_container} __api_port=${__vc_api_port} __api_tls=${__vc_api_tls} @@ -483,6 +483,8 @@ validator-delete() { exit 1 ;; esac + else + echo "This client loads web3signer keys at startup, no registration to remove." fi done } @@ -494,7 +496,8 @@ validator-import() { __num_dirs=$(find /validator_keys -maxdepth 1 -type d -name '0x*' | wc -l) if [ "$__pass" -eq 1 ] && [ "$__num_dirs" -gt 0 ]; then - echo "Found $__num_dirs directories starting with 0x. If these are from eth2-val-tools, please copy the keys and secrets directories into .eth/validator_keys instead." + echo "Found $__num_dirs directories starting with 0x. If these are from eth2-val-tools, please copy the keys \ +and secrets directories into .eth/validator_keys instead." echo fi @@ -705,8 +708,8 @@ validator-import() { exit 1 ;; esac - # Add remote registration - if [ "${WEB3SIGNER}" = "true" ]; then + # Add remote registration, but not for Teku + if [ -z "${W3S_NOREG+x}" ] && [ "${WEB3SIGNER}" = "true" ]; then __api_container=${__vc_api_container} __api_port=${__vc_api_port} __api_tls=${__vc_api_tls} @@ -754,6 +757,8 @@ validator-import() { exit 1 ;; esac + else + echo "This client loads web3signer keys at startup, skipping registration via keymanager." fi echo done < <(find "$__key_root_dir" -maxdepth "$__depth" -name '*keystore*.json') @@ -784,6 +789,11 @@ validator-register() { exit 1 fi + if [ "${W3S_NOREG:-false}" = "true" ]; then + echo "This client loads web3signer keys at startup, skipping registration via keymanager." + exit 0 + fi + __api_path=eth/v1/keystores __token=NIL __vc_api_container=${__api_container}