Support for Mithril Signer deployment.

scripts/cnode-helper-scripts/deploy-as-systemd.sh

@@ -37,6 +37,15 @@ if [[ ${yn} = [Yy]* ]]; then
   ./submitapi.sh -d
 fi
 
+if command -v mithril-signer >/dev/null 2>&1 ; then
+  echo -e "\e[32m~~ Mithril Signer ~~\e[0m"
+  echo "Deploy Mithril Signer as a systemd service? [y|n]"
+  read -rsn1 yn
+  if [[ ${yn} = [Yy]* ]]; then
+    ./mithril-signer.sh -d
+  fi
+fi
+
 if command -v ogmios >/dev/null 2>&1 ; then
   echo -e "\e32m~~ Cardano Ogmios Server ~~\e[0m"
   echo "launches the ogmios.sh script to deploy ogmios"
@@ -413,6 +422,7 @@ sudo systemctl daemon-reload
 [[ -f /etc/systemd/system/${vname}-cncli-validate.service ]] && sudo systemctl enable ${vname}-cncli-validate.service
 [[ -f /etc/systemd/system/${vname}-cncli-ptsendtip.service ]] && sudo systemctl enable ${vname}-cncli-ptsendtip.service
 [[ -f /etc/systemd/system/${vname}-cncli-ptsendslots.service ]] && sudo systemctl enable ${vname}-cncli-ptsendslots.service
+[[ -f /etc/systemd/system/${vanem}-mithril-signer.service ]] && sudo systemctl enable ${vname}-mithril-signer.service
 
 
 echo

scripts/cnode-helper-scripts/guild-deploy.sh

@@ -3,6 +3,7 @@
 # shellcheck source=/dev/null
 
 unset CNODE_HOME
+unset MITHRIL_HOME
 
 ##########################################
 # User Variables - Change as desired     #
@@ -61,7 +62,7 @@ versionCheck() { printf '%s\n%s' "${1//v/}" "${2//v/}" | sort -C -V; } #$1=avail
 usage() {
   cat <<-EOF >&2
 
-		Usage: $(basename "$0") [-n <mainnet|preprod|guild|preview>] [-p path] [-t <name>] [-b <branch>] [-u] [-s [p][b][l][f][d][c][o][w][x]]
+		Usage: $(basename "$0") [-n <mainnet|preprod|guild|preview>] [-p path] [-t <name>] [-b <branch>] [-u] [-s [p][b][l][m][f][d][c][o][w][x]]
 		Set up dependencies for building/using common tools across cardano ecosystem.
 		The script will always update dynamic content from existing scripts retaining existing user variables
 
@@ -74,6 +75,7 @@ usage() {
 		  p   Install common pre-requisite OS-level Dependencies for most tools on this repo (Default: skip)
 		  b   Install OS level dependencies for tools required while building cardano-node/cardano-db-sync components (Default: skip)
 		  l   Build and Install libsodium fork from IO repositories (Default: skip)
+		  m   Build and install mithril from IO repositories (Default: skip)
 		  f   Force overwrite entire content of scripts and config files (backups of existing ones will be created) (Default: skip)
 		  d   Download latest (released) binaries for bech32, cardano-address, cardano-node, cardano-cli, cardano-db-sync and cardano-submit-api (Default: skip)
 		  c   Install/Upgrade CNCLI binary (Default: skip)
@@ -92,11 +94,13 @@ set_defaults() {
   [[ -z ${WANT_BUILD_DEPS} ]] && WANT_BUILD_DEPS='N'
   [[ -z ${FORCE_OVERWRITE} ]] && FORCE_OVERWRITE='N'
   [[ -z ${LIBSODIUM_FORK} ]] && LIBSODIUM_FORK='N'
+  [[ -z ${INSTALL_MITHRIL} ]] && INSTALL_MITHRIL='N'
   [[ -z ${INSTALL_CNCLI} ]] && INSTALL_CNCLI='N'
   [[ -z ${INSTALL_CWHCLI} ]] && INSTALL_CWHCLI='N'
   [[ -z ${INSTALL_OGMIOS} ]] && INSTALL_OGMIOS='N'
   [[ -z ${INSTALL_CSIGNER} ]] && INSTALL_CSIGNER='N'
   [[ -z ${CNODE_PATH} ]] && CNODE_PATH="/opt/cardano"
+  [[ -z ${MITHRIL_PATH} ]] && MITHRIL_PATH="/opt/mithril"
   [[ -z ${CNODE_NAME} ]] && CNODE_NAME='cnode'
   [[ -z ${CURL_TIMEOUT} ]] && CURL_TIMEOUT=60
   [[ -z ${UPDATE_CHECK} ]] && UPDATE_CHECK='Y'
@@ -107,6 +111,7 @@ set_defaults() {
   [[ "${SUDO}" = 'Y' && $(id -u) -eq 0 ]] && err_exit "Please run as non-root user."
   CNODE_HOME="${CNODE_PATH}/${CNODE_NAME}"
   CNODE_VNAME=$(echo "$CNODE_NAME" | awk '{print toupper($0)}')
+  MITHRIL_HOME="${MITHRIL_PATH}/mithril-signer"
   REPO="https://github.com/${G_ACCOUNT}/guild-operators"
   REPO_RAW="https://raw.githubusercontent.com/${G_ACCOUNT}/guild-operators"
   URL_RAW="${REPO_RAW}/${BRANCH}"
@@ -489,6 +494,25 @@ download_cardanosigner() {
   fi
 }
 
+# Download pre-built mithril-signer binary
+download_mithril() {
+    echo -e "\nDownloading Mithril..."
+    pushd "${HOME}"/tmp >/dev/null || err_exit
+    # dynamic latest release updated automatically, uncomment and comment out the hardcoded release below if needed
+    # mithril_release="$(curl -s https://api.github.com/repos/input-output-hk/mithril/releases/latest | jq -r '.tag_name')"
+    # hardcoded latest release requiring a bump
+    mithril_release="2337.0"
+    echo -e "\n  Downloading Mithril Signer/Client ${mithril_release}..."
+    rm -f mithril-signer mithril-client
+    curl -m 200 -sfL https://github.com/input-output-hk/mithril/releases/download/${mithril_release}/mithril-${mithril_release}-linux-x64.tar.gz -o mithril.tar.gz || err_exit " Could not download mithril's latest release archive from IO github!"
+    tar zxf mithril.tar.gz mithril-signer mithril-client &>/dev/null
+    rm -f mithril.tar.gz
+    [[ -f mithril-signer ]] || err_exit " mithril archive downloaded but binary (mithril-signer) not found after extracting package!"
+    [[ -f mithril-client ]] || err_exit " mithril archive downloaded but binary (mithril-client) not found after extracting package!"
+    mv -t "${HOME}"/.local/bin mithril-signer mithril-client
+    chmod +x "${HOME}"/.local/bin/*
+}
+
 # Create folder structure and set up permissions/ownerships
 setup_folder() {
   echo -e "\nCreating Folder Structure .."
@@ -502,6 +526,19 @@ setup_folder() {
 
   $sudo mkdir -p "${CNODE_HOME}"/files "${CNODE_HOME}"/db "${CNODE_HOME}"/guild-db "${CNODE_HOME}"/logs "${CNODE_HOME}"/scripts "${CNODE_HOME}"/scripts/archive "${CNODE_HOME}"/sockets "${CNODE_HOME}"/priv
   $sudo chown -R "$U_ID":"$G_ID" "${CNODE_HOME}" 2>/dev/null
+
+  if [[ ${INSTALL_MITHRIL} == 'Y' ]]; then
+
+    if grep -q "export MITHRIL_HOME=" "${HOME}"/.bashrc; then
+      echo -e "\nEnvironment Variable MITHRIL_HOME already set up!"
+    else
+      echo -e "\nSetting up MITHRIL_HOME Environment Variable"
+      echo -e "\nexport MITHRIL_HOME=${MITHRIL_HOME}" >> "${HOME}"/.bashrc
+    fi
+
+    $sudo mkdir -p "${MITHRIL_HOME}"/data-stores
+    $sudo chown -R "$U_ID":"$G_ID" "${MITHRIL_HOME}" 2>/dev/null
+  fi
 }
 
 # Download and update scripts for cnode
@@ -591,6 +628,7 @@ parse_args() {
     [[ "${S_ARGS}" =~ "p" ]] && INSTALL_OS_DEPS="Y"
     [[ "${S_ARGS}" =~ "b" ]] && INSTALL_OS_DEPS="Y" && WANT_BUILD_DEPS="Y"
     [[ "${S_ARGS}" =~ "l" ]] && INSTALL_OS_DEPS="Y" && WANT_BUILD_DEPS="Y" && INSTALL_LIBSODIUM_FORK="Y"
+    [[ "${S_ARGS}" =~ "m" ]] && INSTALL_MITHRIL="Y" && WANT_BUILD_DEPS="Y"
     [[ "${S_ARGS}" =~ "f" ]] && FORCE_OVERWRITE="Y" && POPULATE_CNODE="F"
     [[ "${S_ARGS}" =~ "d" ]] && INSTALL_CNODEBINS="Y"
     [[ "${S_ARGS}" =~ "c" ]] && INSTALL_CNCLI="Y"
@@ -613,6 +651,7 @@ main_flow() {
   [[ "${INSTALL_OS_DEPS}" == "Y" ]] && os_dependencies
   [[ "${WANT_BUILD_DEPS}" == "Y" ]] && build_dependencies
   [[ "${INSTALL_LIBSODIUM_FORK}" == "Y" ]] && build_libsodium
+  [[ "${INSTALL_MITHRIL}" == "Y" ]] && download_mithril
   [[ "${FORCE_OVERWRITE}" == "Y" ]] && POPULATE_CNODE="F" && populate_cnode
   [[ "${POPULATE_CNODE}" == "Y" ]] && populate_cnode
   [[ "${INSTALL_CNODEBINS}" == "Y" ]] && download_cnodebins

scripts/cnode-helper-scripts/mithril-signer.sh

@@ -0,0 +1,160 @@
+#!/usr/bin/env bash
+# shellcheck disable=SC2086
+#shellcheck source=/dev/null
+
+. "$(dirname $0)"/env offline
+
+######################################
+# User Variables - Change as desired #
+# Common variables set in env file   #
+######################################
+
+#MITHRILBIN="${HOME}"/.local/bin/mithril-signer # Path for mithril-signer binary, if not in $PATH
+#HOSTADDR=127.0.0.1                             # Default Listen IP/Hostname for Mithril Signer Server
+MITHRIL_HOME="/opt/mithril/mithril-signer"
+
+######################################
+# Do NOT modify code below           #
+######################################
+
+#####################
+# Functions         #
+#####################
+
+usage() {
+  cat <<-EOF
+
+		Usage: $(basename "$0") [-d] [-u]
+
+		Cardano Mithril signer wrapper script !!
+		-d    Deploy mithril-signer as a systemd service
+		-u    Update mithril-signer environment file
+
+		EOF
+  exit 1
+}
+
+set_defaults() {
+  [[ -z "${MITHRILBIN}" ]] && MITHRILBIN="${HOME}"/.local/bin/mithril-signer
+  [[ -z "${MITHRIL_HOME}" ]] && MITHRIL_HOME=/opt/mithril/mithril-signer
+  if [[ -z "${NETWORK}" ]] || [[ -z "${POOL_NAME}" ]] || [[ "${POOL_NAME}" == "CHANGE_ME" ]]; then
+    echo "ERROR: The NETWORK and POOL_NAME must be set before deploying mithril-signer as a systemd service!!"
+    exit 1
+  else
+    case "${NETWORK}" in
+      mainnet|preprod)
+      RELEASE="release"
+      ;;
+      *)
+      RELEASE="pre-release"
+      ;;
+    esac
+  fi
+  [[ -z ${RELEASE} ]] && echo "ERROR: Failed to set RELEASE variable, please check NETWORK variable in env file!!" && exit 1
+}
+
+pre_startup_sanity() {
+  [[ ! -f "${MITHRILBIN}" ]] && MITHRILBIN="$(command -v mithril-signer)"
+  if [[ ! -S "${CARDANO_NODE_SOCKET_PATH}" ]]; then
+    echo "ERROR: Could not locate socket file at ${CARDANO_NODE_SOCKET_PATH}, the node may not have completed startup !!"
+    exit 1
+  fi
+  # Move logs to archive
+  [[ -f "${LOG_DIR}"/mithril-signer.log ]] && mv "${LOG_DIR}"/mithril-signer.log "${LOG_DIR}"/archive/
+}
+
+generate_environment_file() {
+  ERA_READER_ADDRESS=https://raw.githubusercontent.com/input-output-hk/mithril/main/mithril-infra/configuration/${RELEASE}-${NETWORK}/era.addr
+  ERA_READER_VKEY=https://raw.githubusercontent.com/input-output-hk/mithril/main/mithril-infra/configuration/${RELEASE}-${NETWORK}/era.vkey
+  sudo bash -c "cat <<-'EOF' > ${MITHRIL_HOME}/service.env
+  AGGREGATOR_ENDPOINT=https://aggregator.${RELEASE}-${NETWORK}.api.mithril.network/aggregator
+  KES_SECRET_KEY_PATH=${POOL_DIR}/${POOL_HOTKEY_SK_FILENAME}
+  OPERATIONAL_CERTIFICATE_PATH=${POOL_DIR}/${POOL_OPCERT_FILENAME}
+  PARTY_ID=$(cat ${POOL_DIR}/${POOL_ID_FILENAME})
+  DB_DIRECTORY=${CNODE_HOME}/db
+  CARDANO_CLI_PATH=${HOME}/.local/bin/cardano-cli
+  DATA_STORES_DIRECTORY=${MITHRIL_HOME}/data-stores
+  ERA_READER_ADAPTER_TYPE=cardano-chain
+  ERA_READER_ADDRESS=https://raw.githubusercontent.com/input-output-hk/mithril/main/mithril-infra/configuration/${RELEASE}-${NETWORK}/era.addr
+  ERA_READER_VKEY=https://raw.githubusercontent.com/input-output-hk/mithril/main/mithril-infra/configuration/${RELEASE}-${NETWORK}/era.vkey
+  ERA_READER_ADAPTER_PARAMS=$(jq -nc --arg address $(wget -q -O - "${ERA_READER_ADDRESS}") --arg verification_key $(wget -q -O - "${ERA_READER_VKEY}") '{"address": $address, "verification_key": $verification_key}')
+  GENESIS_VERIFICATION_KEY=$(curl -s https://raw.githubusercontent.com/input-output-hk/mithril/main/mithril-infra/configuration/${RELEASE}-${NETWORK}/genesis.vkey)
+EOF"
+}
+
+deploy_systemd() {
+  echo "Creating ${CNODE_VNAME}-mithril-signer systemd service environment file.."
+  if [[ ! -f "${MITHRIL_HOME}"/service.env ]]; then
+    generate_environment_file && echo "Environment file created successfully!!"
+  fi
+
+  echo "Deploying ${CNODE_VNAME}-mithril-signer as systemd service.."
+  sudo bash -c "cat <<-'EOF' > /etc/systemd/system/${CNODE_VNAME}-mithril-signer.service
+    [Unit]
+    Description=Cardano Mithril signer service
+    StartLimitIntervalSec=0
+	Wants=network-online.target
+	After=network-online.target
+
+    [Service]
+    Type=simple
+    Restart=always
+    RestartSec=5
+    User=${USER}
+    EnvironmentFile=${MITHRIL_HOME}/service.env
+    ExecStart=/bin/bash -l -c \"exec ${HOME}/.local/bin/mithril-signer -vv\"
+	KillSignal=SIGINT
+	SuccessExitStatus=143
+	StandardOutput=syslog
+	StandardError=syslog
+	SyslogIdentifier=${CNODE_VNAME}-mithril-signer
+	TimeoutStopSec=5
+	KillMode=mixed
+
+    [Install]
+    WantedBy=multi-user.target
+EOF" && echo "${CNODE_VNAME}-mithril-signer.service deployed successfully!!" && sudo systemctl daemon-reload && sudo systemctl enable ${CNODE_VNAME}-mithril-signer.service
+}
+
+###################
+# Execution       #
+###################
+
+# Parse command line options
+while getopts :du opt; do
+  case ${opt} in
+    d ) DEPLOY_SYSTEMD="Y" ;;
+    u ) UPDATE_ENVIRONMENT="Y" ;;
+    \? ) usage ;;
+  esac
+done
+
+# Check if env file is missing in current folder (no update checks as will mostly run as daemon), source env if present
+[[ ! -f "$(dirname $0)"/env ]] && echo -e "\nCommon env file missing, please ensure latest guild-deploy.sh was run and this script is being run from ${CNODE_HOME}/scripts folder! \n" && exit 1
+. "$(dirname $0)"/env
+case $? in
+  1) echo -e "ERROR: Failed to load common env file\nPlease verify set values in 'User Variables' section in env file or log an issue on GitHub" && exit 1;;
+  2) clear ;;
+esac
+
+# Set defaults and do basic sanity checks
+set_defaults
+#Deploy systemd if -d argument was specified
+if [[ "${DEPLOY_SYSTEMD}" == "Y" ]]; then
+  deploy_systemd && exit 0
+  exit 2
+elif [[ "${UPDATE_ENVIRONMENT}" == "Y" ]]; then
+  generate_environment_file && echo "Environment file updated successfully!!" && exit 0
+  exit 2
+elif [[ "${UPDATE_ENVIRONMENT}" == "Y" ]] && [[ "${DEPLOY_SYSTEMD}" == "Y" ]]; then
+  generate_environment_file && deploy_systemd && exit 0
+  exit 2
+fi
+
+pre_startup_sanity
+
+# Run Mithril Signer Server
+echo "Sourcing the Mithril Signer environment file.."
+. "${MITHRIL_HOME}"/service.env
+echo "Starting Mithril Signer Server.."
+"${MITHRILBIN}" -vvv >> "${LOG_DIR}"/mithril-signer.log 2>&1