Add remote signer support to controller templates #34
Conversation
Add conditional logic to set REMOTE_SIGNER_ENABLED and PRIV_VALIDATOR_LADDR when ValidatorKey is not supplied, for both CCV and non-CCV templates. Also expose port 26658 for the privval server when using remote signer.
emanuelconunaemme
left a comment
emanuelconunaemme
left a comment
There was a problem hiding this comment.
The part to test it with the current controller should be changed. We might also require a version check, but we can skip it if we are able to upgrade all the chains to v0.15 which we should.
| value: "%%% stake_owner_address %%%" | ||
| - name: KEYPASSWD | ||
| value: "%%% keychain_password %%%" | ||
| {{- if .ValidatorKey }} |
There was a problem hiding this comment.
The correct version would be:
{% if remote_signer_enabled %}
- name: REMOTE_SIGNER_ENABLED
value: "true"
- name: PRIV_VALIDATOR_LADDR
value: "tcp://0.0.0.0:26658"
{% endif %}
No key is passed.
There was a problem hiding this comment.
You mean controller_remote_signer_enabled ?
There was a problem hiding this comment.
Just to expand - ValidatorKey is only provided by the new controller (controller-ccv role). In the old version (controller role) there is no such variable and deployment will fail.
There was a problem hiding this comment.
Thanks @rkollar ! I was actually relaying on the lack of ValidatorKey. I just added value: "{{ .ValidatorKey }}" for completeness.
BTW, how can the old controller role work without supplying VALIDATOR_KEY. Does it also rely on an old version of SagaOS which doesn't require it?
There was a problem hiding this comment.
Old version of controller only runs pre-CCV SagaOS (so the one currently in mainnet), which uses the mnemonic instead.
There was a problem hiding this comment.
Thanks for the clarification!
There was a problem hiding this comment.
This should be addressed
| {{- if not .ValidatorKey }} | ||
| - containerPort: 26658 | ||
| name: privval | ||
| {{- end }} |
There was a problem hiding this comment.
{% if remote_signer_enabled %}
- containerPort: 26658
name: privval
{% endif %}
There was a problem hiding this comment.
Thanks. Again, you mean controller_remote_signer_enabled ?
There was a problem hiding this comment.
@emanuelconunaemme confirmed offline that he actually meant controller_remote_signer_enabled
There was a problem hiding this comment.
This should be addressed
2opremio
force-pushed
the
add-remote-signer-support
branch
from
7fed988 to
ddcf952
Compare
2opremio
force-pushed
the
add-remote-signer-support
branch
from
ddcf952 to
244d3b8
Compare
Controller counterpart to https://github.com/sagaxyz/SagaOS/pull/227
Add conditional logic to set REMOTE_SIGNER_ENABLED and PRIV_VALIDATOR_LADDR when ValidatorKey is not supplied, for both CCV and non-CCV templates. Also expose port 26658 for the privval server when using remote signer.