Open Ivansete-status opened 1 month ago
Jakub suggested a simpler approach rather than using an external script, and then running the wakunode2
node.
The idea would be to only have one single script, which will perform the RLN registration if the keystore.json
file doesn't exist, and after that, the normal wakunode2
will start.
The following can help to get inspiration on how to run the node from a script: https://github.com/waku-org/nwaku-compose/blob/a737ff9a75de8a4441b3fa07c5f065c368931d9b/docker-compose.yml#L57 https://github.com/waku-org/nwaku-compose/blob/a737ff9a75de8a4441b3fa07c5f065c368931d9b/docker-compose.yml#L61-L63 https://github.com/waku-org/nwaku-compose/blob/master/run_node.sh
With that, the run_node.sh
script, should have something like:
if test -f ./data/keystore/keystore.json; then
echo "keystore/keystore.json already exists. Skipping the RLN registration."
else
## Performs the RLN registration if the keystore.json credentials file does not exist
exec /usr/bin/wakunode generateRlnKeystore \
--rln-relay-eth-client-address=${RLN_RELAY_ETH_CLIENT_ADDRESS} \
--rln-relay-eth-private-key=${ETH_TESTNET_KEY} \
--rln-relay-eth-contract-address=0xCB33Aa5B38d79E3D9Fa8B10afF38AA201399a7e3 \
--rln-relay-cred-path=/data/keystore/keystore.json \
--rln-relay-cred-password="${RLN_RELAY_CRED_PASSWORD}" \
--rln-relay-user-message-limit=100 \
--execute
fi
## Start the node, as usual
exec /usr/bin/wakunode --config-file=/conf/config.toml
--nodekey=...
--store-message-db-url='......'
--rln-relay-cred-password = 'random_password'
Notice that the env vars might not be needed in this case and then just leave the values written there directly from bitwarden.
Modification prepared, before applying:
rln-relay-cred-password
have some caractere specification ? (min number of char, spcial caratere needed ?) I can't find any info on that in https://docs.waku.org/guides/nwaku/config-options/#relay-config.$ETH_TESTNET_KEY
? .waku.test
at first ? @apentori, @Ivansete-status, we could probably have generateRlnKeystore
run in ansible, if it only needs to run once and not to complicate with run script. What do you think?
@apentori, @Ivansete-status, we could probably have
generateRlnKeystore
run in ansible, if it only needs to run once and not to complicate with run script. What do you think?
That sounds very sensible indeed. I'm not familiar with Ansible but feel free to pick up the simpler option for you
Modification prepared, before applying:
- does
rln-relay-cred-password
have some caractere specification ? (min number of char, spcial caratere needed ?) I can't find any info on that in https://docs.waku.org/guides/nwaku/config-options/#relay-config.
I think the only constraint is that it should be longer than 8 chars, e.g., MySuperKeyStorePassword1234!
- Can you add / send me, the private key of the sepolia account to be used as :
$ETH_TESTNET_KEY
?
I will send you my ETH_TESTNET_KEY
- Can you confirm the fleet to apply the changes is
.waku.test
at first ?
Yes, first of all let's make sure it is correctly deployed in waku.test
.
@apentori, @Ivansete-status, we could probably have
generateRlnKeystore
run in ansible, if it only needs to run once and not to complicate with run script. What do you think?
if we set it up with Ansible, the container won't be abble to properly start if some dev remove the keystore. Not sure if it will happen or not.
@Ivansete-status shouldn't the script be included directly in the docker container ?
@Ivansete-status shouldn't the script be included directly in the docker container ?
Yes, let's do that as it will give more flexibility if in the future we need to recreate the keystore file
For some reason the Keystore generation fail if the rln-relay-eth-client-address
is our Sepolia host:
ERR 2024-08-23 13:57:18.567+00:00 Unrecoverable error occurred topics="rln_keystore_generator" tid=1 file=rln_keystore_generator.nim:54 error="Failed to register the member: {\"code\":-32000,\"message\":\"only replay-protected (EIP-155) transactions allowed over RPC\"}"
It works by changing the rln-relay-eth-client-address
to infura.
@Ivansete-status Do you have news about the RPC call issue ?
@Ivansete-status Do you have news about the RPC call issue ?
Sorry for the delay @apentori. Is our eth client configured to support EIP-155?
We can try to add the following setting in Eth client's geth.yml
file: --rpc.allow-unprotected-txs
Background
Light clients cannot generate RLN proofs by themselves. Therefore, this task is delegated to full
nwaku
nodes. This issue is aimed at allowing light clients to also publish messages in The Waku Network, aka, TWN.Description
Based on what we do in TWN, each node should run the
register_rln.sh
script ( see https://github.com/waku-org/nwaku-compose/blob/master/register_rln.sh .) at first.Each node needs:
register_rln.sh
scriptnwaku-compose
repo, but using the imageharbor.status.im/wakuorg/nwaku:deploy-waku-test
.keystore.json
file that should be accessible by thenwaku
node.keystore.json
exists, it does nothing, and thenwaku
start should carry on.register_rln.sh
script:RLN_RELAY_ETH_CLIENT_ADDRESS
: Sepolia Eth client RPC URLETH_TESTNET_KEY
: Sepolia private key account. This should be kept in bitwarden.RLN_RELAY_CRED_PASSWORD
: Password to protect thekeystore.json
created by theregister_rln.sh
script. Also kept in bitwarden.nwaku
node can load thekeystore.json
rln-relay-cred-path = '/data/keystore/keystore.json'
docker-compose.yml
rln-relay-cred-password = 'random_password'
<-- Notice that this password should be the same that is stored in bitwarden and is used by theregister_rln.sh
script.More context
https://discord.com/channels/1110799176264056863/1232247050414985296