You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/website/root/manual/getting-started/run-signer-node.md
+38-8Lines changed: 38 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -234,7 +234,7 @@ Replace this value with the correct user. We assume that the user used to run th
234
234
*`STORE_RETENTION_LIMIT`: if set, this will limit the number of records in some internal stores (5 is a good fit).
235
235
*`ERA_READER_ADAPTER_TYPE=cardano-chain`: replace `cardano-chain` with the era reader adapter type used in your Mithril network
236
236
*`ERA_READER_ADAPTER_PARAMS={"address": "...", "verification_key": "..."}`: replace `{"address": "...", "verification_key": "..."}` with the era reader parameters that you need to compute by running the command `jq -nc --arg address $(wget -q -O - **YOUR_ERA_READER_ADDRESS**) --arg verification_key $(wget -q -O - **YOUR_ERA_READER_VERIFICATION_KEY**) '{"address": $address, "verification_key": $verification_key}'`
237
-
*`RELAY_ENDPOINT=http://192.168.1.50:3128`**(optional)**: this is the endpoint of the **Mithril relay**, which is required for **production** deployment only. For **naive** deployment, do not set this variable in your environment file.
237
+
*`RELAY_ENDPOINT=http://192.168.1.50:3132`**(optional)**: this is the endpoint of the **Mithril relay**, which is required for **production** deployment only. For **naive** deployment, do not set this variable in your environment file.
238
238
:::
239
239
240
240
:::tip
@@ -248,7 +248,7 @@ Here is an **example** set of values for **release-preprod** that will be used i
@@ -392,6 +392,23 @@ Finally, monitor the logs of the service:
392
392
tail /var/log/syslog
393
393
```
394
394
395
+
### Rotating the KES keys
396
+
397
+
:::danger
398
+
399
+
When the KES keys expire, the Mithril signer is unable to register with the Mithril protocol.
400
+
401
+
:::
402
+
403
+
After rotating the KES keys on your Cardano block producer, we recommend following this upgrade procedure for your Mithril signer node:
404
+
1. Update the `KES_SECRET_KEY_PATH` entry of your environment file to reflect the location of the **new KES secret key file**.
405
+
2. Update the `OPERATIONAL_CERTIFICATE_PATH` entry of your environment file to reflect the location of the **new operational certificate file**.
406
+
3. Restart your Mithril signer service with the following command:
407
+
```bash
408
+
sudo systemctl restart mithril-signer
409
+
```
410
+
4. Check the logs of your signer node and make sure that it has successfully registered after restarting (the following log should be displayed: `STATE MACHINE: new cycle: Registered`).
411
+
395
412
## Set up the Mithril relay node
396
413
397
414
:::caution
@@ -426,7 +443,7 @@ Prepare the forward proxy configuration file:
426
443
427
444
```bash
428
445
sudo bash -c 'cat > /etc/squid/squid.conf << EOF
429
-
# Listening port (port 3128 is recommended)
446
+
# Listening port (port 3132 is recommended)
430
447
http_port **YOUR_RELAY_LISTENING_PORT**
431
448
432
449
# ACL for internal IP of your block producer node
@@ -481,8 +498,8 @@ Here is an example of the aforementioned command created with the example set fo
481
498
482
499
```bash
483
500
sudo bash -c 'cat > /etc/squid/squid.conf << EOF
484
-
# Listening port (port 3128 is recommended)
485
-
http_port 3128
501
+
# Listening port (port 3132 is recommended)
502
+
http_port 3132
486
503
487
504
# ACL for internal IP of your block producer node
488
505
acl block_producer_internal_ip src 192.168.1.75
@@ -532,6 +549,19 @@ EOF'
532
549
533
550
:::
534
551
552
+
:::tip
553
+
554
+
In case you are using the same Cardano relay for multiple Cardano block producers, you will need to add a new line per block producer for authorizing its internal IP:
0 commit comments