Skip to content

Instantly share code, notes, and snippets.

@clemensgg

clemensgg/setup_horcrux.sh

Last active May 19, 2022 20:13
Show Gist options
  • Save clemensgg/7b84015c14613f62e158de8f6da186c8 to your computer and use it in GitHub Desktop.
Save clemensgg/7b84015c14613f62e158de8f6da186c8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
setup_horcrux.sh
CHAIN_ID="juno-1"
MODE="signer1"
NODE_HOME_DIR=$HOME/.juno
# horcrux version
VERSION="v2.0.0-rc3"
SIGNER_ONE="10.0.0.2"
SIGNER_TWO="10.0.0.3"
SIGNER_THREE="10.0.0.4"
SENTRY_ONE="10.0.1.2"
SENTRY_TWO="10.0.1.3"
SENTRY_THREE="10.0.1.4"
if [[ "$MODE" == *"sentry"* ]] ; then
echo "> configuring signer setup using mode: SENTRY..."
elif [[ "$MODE" == *"signer"* ]] ; then
echo "> configuring signer setup using mode: SIGNER..."
else
echo "error, incorrect mode: $MODE"
exit 1
fi
echo "> node: $MODE"
echo "> chain id: $CHAIN_ID"
echo "- config ------------------------------"
echo " |- signer 1: $SIGNER_ONE"
echo " |- signer 2: $SIGNER_TWO"
echo " |- signer 3: $SIGNER_THREE"
echo " |-----------------------------------"
echo " |- sentry 1: $SENTRY_ONE"
echo " |- sentry 2: $SENTRY_TWO"
echo " |- sentry 3: $SENTRY_THREE"
echo "---------------------------------------"
read -p "press enter to continue..."
echo "> configuring $MODE..."
if [[ "$MODE" == *"signer"* ]] ; then
echo "> installing horcrux..."
git clone https://github.com/strangelove-ventures/horcrux && cd horcrux
git checkout $VERSION && make install && cd
if [[ "$MODE" == "signer1" ]] ; then
SIGNER=1
horcrux config init $CHAIN_ID "tcp://$SENTRY_ONE:1234" -c -p "tcp://$SIGNER_TWO:2222|2,tcp://$SIGNER_THREE:2222|3" -l "tcp://$SIGNER_ONE:2222" -t 2 --timeout 1500ms
fi
if [[ "$MODE" == "signer2" ]] ; then
SIGNER=2
horcrux config init $CHAIN_ID "tcp://$SENTRY_ONE:1234" -c -p "tcp://$SIGNER_ONE:2222|1,tcp://$SIGNER_THREE:2222|3" -l "tcp://$SIGNER_TWO:2222" -t 2 --timeout 1500ms
fi
if [[ "$MODE" == "signer3" ]] ; then
SIGNER=3
horcrux config init $CHAIN_ID "tcp://$SENTRY_ONE:1234" -c -p "tcp://$SIGNER_ONE:2222|1,tcp://$SIGNER_TWO:2222|2" -l "tcp://$SIGNER_THREE:2222" -t 2 --timeout 1500ms
fi
echo "- priv-val-addr: tcp://$SENTRY_TWO:1234" >> $HOME/.horcrux/config.yaml
echo "- priv-val-addr: tcp://$SENTRY_THREE:1234" >> $HOME/.horcrux/config.yaml
echo "---------------------------------------"
cat $HOME/.horcrux/config.yaml
echo "---------------------------------------"
SHARE=private_share_$SIGNER.json
echo "> $SHARE needs to be in $HOME/"
read -p "press enter to continue..."
FILE_EXISTS=$(test -e $HOME/$SHARE && echo true || echo false)
if [[ "$FILE_EXISTS" == "true" ]] ; then
echo "> copying $HOME/$SHARE to $HOME/.horcrux/share.json..."
cp $HOME/$SHARE $HOME/.horcrux/share.json
else
echo "ERROR! key shard not found! $SHARE needs to be in $HOME/"
echo "finish setup manually or start over."
exit 1
fi
echo "> creating systemd file horcrux.service..."
echo "[Unit]" >> horcrux.service
echo "Description=MPC Signer node" >> horcrux.service
echo "After=network.target" >> horcrux.service
echo " " >> horcrux.service
echo "[Service]" >> horcrux.service
echo "Type=simple" >> horcrux.service
echo "User=$USER" >> horcrux.service
echo "WorkingDirectory=$HOME" >> horcrux.service
echo "ExecStart=/usr/bin/horcrux cosigner start" >> horcrux.service
echo "Restart=on-failure" >> horcrux.service
echo "RestartSec=3" >> horcrux.service
echo "LimitNOFILE=4096" >> horcrux.service
echo " " >> horcrux.service
echo "[Install]" >> horcrux.service
echo "WantedBy=multi-user.target" >> horcrux.service
sudo mv horcrux.service /etc/systemd/system/
sudo mv $HOME/go/bin/horcrux /usr/bin
sudo systemctl daemon-reload && sudo systemctl enable horcrux
echo "> adding firewall entries..."
if [[ "$MODE" == "signer1" ]] ; then
sudo ufw allow in from $SIGNER_TWO to any port 2222 proto tcp
sudo ufw allow in from $SIGNER_TWO to any port 2223 proto tcp
sudo ufw allow in from $SIGNER_THREE to any port 2222 proto tcp
sudo ufw allow in from $SIGNER_THREE to any port 2223 proto tcp
fi
if [[ "$MODE" == "signer2" ]] ; then
sudo ufw allow in from $SIGNER_ONE to any port 2222 proto tcp
sudo ufw allow in from $SIGNER_ONE to any port 2223 proto tcp
sudo ufw allow in from $SIGNER_THREE to any port 2222 proto tcp
sudo ufw allow in from $SIGNER_THREE to any port 2223 proto tcp
fi
if [[ "$MODE" == "signer3" ]] ; then
sudo ufw allow in from $SIGNER_TWO to any port 2222 proto tcp
sudo ufw allow in from $SIGNER_TWO to any port 2223 proto tcp
sudo ufw allow in from $SIGNER_ONE to any port 2222 proto tcp
sudo ufw allow in from $SIGNER_ONE to any port 2223 proto tcp
fi
echo "> horcrux configured & enabled"
echo "stop the validator (if started) replace the contents of the ~/.horcrux/state/"$CHAIN_ID"_priv_validator_state.json and ~/.horcrux/state/"$CHAIN_ID"_share_sign_state.json in this format:"
echo " "
echo "- E X A M P L E -"
echo "{"
echo ' "height": "361402",'
echo ' "round": "0",'
echo ' "step": 3'
echo "}"
echo " "
echo "use the values from priv_validator_state.json"
echo " "
echo "to start use:"
echo "sudo systemctl start horcrux && journalctl -u horcrux -f"
echo "--"
fi
if [[ "$MODE" == *"sentry"* ]] ; then
echo "> adding firewall entries..."
sudo ufw allow in from $SIGNER_ONE to any port 1234 proto tcp
sudo ufw allow in from $SIGNER_TWO to any port 1234 proto tcp
sudo ufw allow in from $SIGNER_THREE to any port 1234 proto tcp
echo "> editing $NODE_HOME_DIR/config/config.toml..."
sed -i 's#priv_validator_laddr = ""#priv_validator_laddr = "tcp://0.0.0.0:1234"#g' $NODE_HOME_DIR/config/config.toml
fi
echo "thank you for taking care of your keys."
echo "done"
exit
@clemensgg
Copy link
Author

clemensgg commented May 19, 2022
edited
Loading

quick bash script to setup horcrux with 3 sentries. needs:

  • private_share_1.json in $HOME of signer1
  • private_share_2.json in $HOME of signer2
  • private_share_3.json in $HOME of signer3

uses systemd

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment