diff --git a/charts/tezos/templates/_containers.tpl b/charts/tezos/templates/_containers.tpl index 79e6f5c92..20d45d357 100644 --- a/charts/tezos/templates/_containers.tpl +++ b/charts/tezos/templates/_containers.tpl @@ -279,11 +279,7 @@ {{/* calculate the max number of bakers accross instances */}} {{- $max_baker_num := 0 }} {{- range $i := $.node_vals.instances }} - {{- if hasKey $i "bake_using_account" }} - {{- $max_baker_num = max 1 $max_baker_num }} - {{- else }} - {{- $max_baker_num = max (len (get $i "bake_using_accounts")) $max_baker_num }} - {{- end }} + {{- $max_baker_num = max (len (get $i "bake_using_accounts")) $max_baker_num }} {{- end }} {{- range $n := until (int $max_baker_num) }} {{- range $.Values.protocols }} diff --git a/charts/tezos/templates/_helpers.tpl b/charts/tezos/templates/_helpers.tpl index 6af9148da..1b772e2dc 100644 --- a/charts/tezos/templates/_helpers.tpl +++ b/charts/tezos/templates/_helpers.tpl @@ -114,8 +114,6 @@ metadata: {{- range $instance := $node.instances }} {{- if and .bake_using_accounts (kindIs "slice" .bake_using_accounts) }} {{- $allAccounts = concat $allAccounts .bake_using_accounts }} - {{- else if and .bake_using_account (kindIs "string" .bake_using_account) }} - {{- $allAccounts = append $allAccounts .bake_using_account }} {{- end }} {{- end }} {{- end }} diff --git a/charts/tezos/templates/configs.yaml b/charts/tezos/templates/configs.yaml index 7bb4b02ba..fcfc1ae67 100644 --- a/charts/tezos/templates/configs.yaml +++ b/charts/tezos/templates/configs.yaml @@ -10,8 +10,6 @@ data: "bootstrap_peers": {{ toJson .Values.bootstrap_peers }}, "default_bootstrap_mutez": "{{ .Values.bootstrap_mutez }}", "expected-proof-of-work": {{ toJson .Values.expected_proof_of_work }}, - - "should_generate_unsafe_deterministic_data": {{ toJson .Values.should_generate_unsafe_deterministic_data }}, "network": {{ mustToPrettyJson .Values.node_config_network | indent 8 | trim }}, "protocol_activation": {{ .Values.activation | mustToPrettyJson | indent 8 | trim }} } diff --git a/charts/tezos/values.yaml b/charts/tezos/values.yaml index 7376512c6..b0d11c1f5 100644 --- a/charts/tezos/values.yaml +++ b/charts/tezos/values.yaml @@ -104,12 +104,6 @@ accounts: {} # bootstrap_balance: "4000000000000" # ``` # -# When running bakers for a public net, you must provide your own secret keys. -# For non public networks you can change the -# `should_generate_unsafe_deterministic_data` setting to true, and deterministic -# keys will be generated for your nodes automatically. This is helpful to spin up -# local testnets. -should_generate_unsafe_deterministic_data: false # # End Accounts # # Nodes @@ -167,10 +161,7 @@ should_generate_unsafe_deterministic_data: false # Otherwise, the chain may become unreachable externally # while waiting for other nodes to come online. # - `instances`: A list of nodes to fire up, each is a dictionary defining: -# - `bake_using_account`: Account name that should be used for baking. -# Don't also set `bake_using_accounts`. # - `bake_using_accounts`: List of account names that should be used for baking. -# Don't also set `bake_using_account`. # - `authorized_keys`: List of account names that should be used as keys to # authenticate a baker to a signer. # When a baker uses a remote signer that requires @@ -229,7 +220,7 @@ should_generate_unsafe_deterministic_data: false # limits: # memory: 16192Mi # instances: -# - bake_using_account: baker0 +# - bake_using_accounts: [baker0] # is_bootstrap_node: true # # Note the following config section overrides the above one even # # if we make them the same in this example. diff --git a/docs/Private-Chain.md b/docs/Private-Chain.md index 68b8a1b23..1ef03164f 100644 --- a/docs/Private-Chain.md +++ b/docs/Private-Chain.md @@ -89,8 +89,8 @@ At the statefulset level, the following parameters are allowed: - runs: a list of containers to run, e.g. "baker", "accuser" - instances: a list of nodes to fire up, each is a dictionary defining: - - `bake_using_account`: The name of the account that should be used - for baking. + - `bake_using_accounts`: The name of the accounts that should be used + for baking. - `is_bootstrap_node`: Is this node a bootstrap peer. - config: The `config` property should mimic the structure of a node's config.json. @@ -108,7 +108,7 @@ nodes: - baker - logger instances: - - bake_using_account: baker0 + - bake_using_accounts: [baker0] is_bootstrap_node: true config: shell: diff --git a/mkchain/tqchain/mkchain.py b/mkchain/tqchain/mkchain.py index 98f78d914..ed43b4c34 100644 --- a/mkchain/tqchain/mkchain.py +++ b/mkchain/tqchain/mkchain.py @@ -37,15 +37,6 @@ def quoted_scalar(dumper, data): # a representer to force quotations on scalars cli_args = { - "should_generate_unsafe_deterministic_data": { - "help": ( - "Should tezos-k8s generate deterministic account keys and genesis" - " block hash instead of mkchain using octez-client to generate" - " random ones. This option is helpful for testing purposes." - ), - "action": "store_true", - "default": False, - }, "number_of_nodes": { "help": "number of peers in the cluster", "default": 0, diff --git a/test/charts/mainnet.expect.yaml b/test/charts/mainnet.expect.yaml index 0d94865b1..a3c19de17 100644 --- a/test/charts/mainnet.expect.yaml +++ b/test/charts/mainnet.expect.yaml @@ -22,8 +22,6 @@ data: "bootstrap_peers": [], "default_bootstrap_mutez": "4000000000000", "expected-proof-of-work": 26, - - "should_generate_unsafe_deterministic_data": false, "network": { "chain_name": "mainnet" }, diff --git a/test/charts/mainnet2.expect.yaml b/test/charts/mainnet2.expect.yaml index 1efec4ed2..5ed5eb627 100644 --- a/test/charts/mainnet2.expect.yaml +++ b/test/charts/mainnet2.expect.yaml @@ -22,8 +22,6 @@ data: "bootstrap_peers": [], "default_bootstrap_mutez": "4000000000000", "expected-proof-of-work": 26, - - "should_generate_unsafe_deterministic_data": false, "network": { "chain_name": "mainnet" }, diff --git a/test/charts/private-chain.expect.yaml b/test/charts/private-chain.expect.yaml index 703a2fd89..747a7c651 100644 --- a/test/charts/private-chain.expect.yaml +++ b/test/charts/private-chain.expect.yaml @@ -43,8 +43,6 @@ data: "bootstrap_peers": [], "default_bootstrap_mutez": "4000000000000", "expected-proof-of-work": 0, - - "should_generate_unsafe_deterministic_data": true, "network": { "activation_account_name": "tezos-baking-node-0", "chain_name": "elric", @@ -225,7 +223,6 @@ data: b-013-PtJakart-per-block-votes.json: "{\"liquidity_baking_toggle_vote\":\"pass\"}" c-013-PtJakart-per-block-votes.json: "{\"liquidity_baking_toggle_vote\":\"pass\"}" d-013-PtJakart-per-block-votes.json: "{\"liquidity_baking_toggle_vote\":\"pass\"}" - tacoinfraSigner-013-PtJakart-per-block-votes.json: "{\"liquidity_baking_toggle_vote\":\"pass\"}" kind: ConfigMap metadata: name: baker-config diff --git a/utils/config-generator.py b/utils/config-generator.py index 9b3a74ec7..ddce67b6f 100755 --- a/utils/config-generator.py +++ b/utils/config-generator.py @@ -62,10 +62,6 @@ NETWORK_CONFIG = CHAIN_PARAMS["network"] -SHOULD_GENERATE_UNSAFE_DETERMINISTIC_DATA = CHAIN_PARAMS.get( - "should_generate_unsafe_deterministic_data" -) - # If there are no genesis params, we are dealing with a public network. THIS_IS_A_PUBLIC_NET = True if not NETWORK_CONFIG.get("genesis") else False # Even if we are dealing with a public network, we may not want to join it in a @@ -80,14 +76,6 @@ def main(): all_accounts = ACCOUNTS - if not THIS_IS_A_PUBLIC_NET: - fill_in_missing_genesis_block() - - if SHOULD_GENERATE_UNSAFE_DETERMINISTIC_DATA: - all_accounts = fill_in_missing_accounts() - fill_in_missing_keys(all_accounts) - - fill_in_activation_account(all_accounts) import_keys(all_accounts) if MY_POD_NAME in BAKING_NODES: @@ -168,92 +156,12 @@ def main(): print(node_snapshot_config_json, file=json_file) -# If NETWORK_CONFIG["genesis"]["block"] hasn't been specified, we generate a -# deterministic one. -def fill_in_missing_genesis_block(): - genesis_config = NETWORK_CONFIG["genesis"] - if not genesis_config.get("block"): - print("Deterministically generating missing genesis_block") - if not NETWORK_CONFIG.get("chain_name"): - raise Exception("Genesis config is missing 'chain_name'.") - seed = NETWORK_CONFIG["chain_name"] - gbk = blake2b(seed.encode(), digest_size=32).digest() - gbk_b58 = b58encode_check(b"\x01\x34" + gbk).decode("utf-8") - genesis_config["block"] = gbk_b58 - - -def fill_in_activation_account(accts): - if "activation_account_name" not in NETWORK_CONFIG: - print("Activation account missing:") - for name, val in accts.items(): - if val.get("is_bootstrap_baker_account", False): - print(f" Setting activation account to {name}") - NETWORK_CONFIG["activation_account_name"] = name - return - print(" failed to find one") - - -def get_baking_accounts(baker_values): - acct = baker_values.get("bake_using_account") - accts = baker_values.get("bake_using_accounts") - - if acct and accts: - raise ValueError( - 'Mustn\'t specify both "bake_using_account" and "bake_using_accounts"' - ) - - if acct: - accts = [acct] - - return accts - - -# Secret and public keys are matches and need be processed together. Neither key -# must be specified, as later code will fill in the details if they are not. -# -# We create any missing accounts that are referred to by a node at -# BAKING_NODES to ensure that all named accounts exist. -def fill_in_missing_accounts(): - print("\nFilling in any missing accounts...") - new_accounts = {} - init_balance = CHAIN_PARAMS["default_bootstrap_mutez"] - for baker_name, baker_values in BAKING_NODES.items(): - accts = get_baking_accounts(baker_values) - - if not accts: - print(f"Defaulting to baking with account: {baker_name}") - accts = [baker_name] - - baker_values["bake_using_account"] = None - baker_values["bake_using_accounts"] = accts - - for acct in accts: - if acct not in ACCOUNTS: - print(f"Creating account: {acct}") - new_accounts[acct] = { - "bootstrap_balance": init_balance, - "is_bootstrap_baker_account": True, - } - - try: - acct = NETWORK_CONFIG["activation_account_name"] - if acct not in ACCOUNTS and acct not in new_accounts: - print(f"Creating activation account: {acct}") - new_accounts[acct] = { - "bootstrap_balance": CHAIN_PARAMS["default_bootstrap_mutez"], - } - except: - pass - - return {**new_accounts, **ACCOUNTS} - - def verify_this_bakers_account(accounts): """ Verify the current baker pod has an account with a secret key, unless the account is signed for via an external remote signer (e.g. Tacoinfra). """ - accts = get_baking_accounts(MY_POD_CONFIG) + accts = MY_POD_CONFIG.get("bake_using_accounts") if not accts or len(accts) < 1: raise Exception("ERROR: No baker accounts specified") @@ -279,47 +187,13 @@ def verify_this_bakers_account(accounts): # the keys for each of the accounts: secret_keys, public_keys, and # public_key_hashs. # -# We iterate over fill_in_missing_baker_accounts() which ensures that we -# have a full set of accounts for which to write keys. -# # If the account has a private key specified, we parse it and use it to # derive the public key and its hash. If a public key is also specified, -# we check to ensure that it matches the secret key. If neither a secret -# nor a public key are specified, then we derive one from a hash of -# the account name and the gensis_block (which may be generated above.) -# -# Both specified and generated keys are stable for the same _values.yaml -# files. The specified keys for obvious reasons. The generated keys -# are stable because we take care not to use any information that is not -# specified in the _values.yaml file in the seed used to generate them. +# we check to ensure that it matches the secret key. # # import_keys() also fills in "pk" and "pkh" as the public key and # public key hash as a side-effect. These are used later. -edsk = b"\x0d\x0f\x3a\x07" - - -def fill_in_missing_keys(all_accounts): - print("\nFill in missing keys") - - for account_name, account_values in all_accounts.items(): - if "type" in account_values: - raise Exception( - "Deprecated field 'type' passed by helm, but helm should have pruned it." - ) - account_key = account_values.get("key") - - if account_key == None: - print( - f" Deriving secret key for account " - + f"{account_name} from genesis_block" - ) - seed = account_name + ":" + NETWORK_CONFIG["genesis"]["block"] - sk = blake2b(seed.encode(), digest_size=32).digest() - sk_b58 = b58encode_check(edsk + sk).decode("utf-8") - account_values["key"] = sk_b58 - account_values["type"] = "secret" - def expose_secret_key(account_name): """ @@ -347,8 +221,6 @@ def expose_secret_key(account_name): return account_name == MY_POD_CONFIG.get("operator_account") if MY_POD_TYPE == "node": - if MY_POD_CONFIG.get("bake_using_account", "") == account_name: - return True if account_name in MY_POD_CONFIG.get("authorized_keys", {}): return True return account_name in MY_POD_CONFIG.get("bake_using_accounts", {}) @@ -568,7 +440,10 @@ def create_protocol_parameters_json(accounts): # Append any additional bootstrap params such as smart rollups, if any if protocol_activation.get("bootstrap_parameters"): - protocol_params = { **protocol_params, **protocol_activation.get("bootstrap_parameters") } + protocol_params = { + **protocol_params, + **protocol_activation.get("bootstrap_parameters"), + } return protocol_params @@ -723,7 +598,10 @@ def create_node_snapshot_config_json(history_mode): response = requests.get(snapshot_source) response.raise_for_status() # Raises an HTTPError if the HTTP request returned an unsuccessful status code all_snapshots = response.json() - except (requests.exceptions.RequestException, requests.exceptions.JSONDecodeError): # Catches exceptions related to requests and invalid JSON + except ( + requests.exceptions.RequestException, + requests.exceptions.JSONDecodeError, + ): # Catches exceptions related to requests and invalid JSON print(f"Error: unable to retrieve snapshot metadata from {snapshot_source}") return else: diff --git a/utils/config-generator.sh b/utils/config-generator.sh index 5ca085e11..78a96e708 100755 --- a/utils/config-generator.sh +++ b/utils/config-generator.sh @@ -34,11 +34,7 @@ fi if [ "$AM_I_BAKER" -eq 1 ]; then my_baker_account=$(echo $MY_CLASS | \ - jq -r ".instances[${MY_POD_NAME#$MY_NODE_CLASS-}] - |if .bake_using_accounts - then .bake_using_accounts[] - else .bake_using_account - end") + jq -r ".instances[${MY_POD_NAME#$MY_NODE_CLASS-}].bake_using_accounts[]") # If no account to bake for was specified in the node's settings, # config-generator defaults the account name to the pod's name.