Merge branch '12-keygen-service' into 'dev'

add keygen-service doc

Closes #12

See merge request ergo/rosen-bridge/operation!27

README.md

@@ -3,9 +3,10 @@
 ### Table of Contents
 
 - [Guard](./docs/guard/)
-  - [Keygen Operation using docker](./docs/guard/keygen-docker.md)
   - [Production Setup](./docs/guard/setup.md)
   - [Environment Variable References](./docs/guard/env-references.md)
+- [Keygen Service](./docs/keygen-service/)
+  - [Keygen Operation using docker](./docs/keygen-service/keygen-docker.md)
 - [Watcher](#)
   - [Deployment using docker](./docs/watcher/deploy-docker.md)
     - [Deployment using docker on Raspberry Pi](./docs/watcher/deploy-docker.md#note-for-raspberry-pi-arm-users)

docs/guard/setup.md

@@ -1,12 +1,81 @@
 ## Guard Operation: Setup
 
-The following document will help you through setup your guard for production on Docker after a successful `key generation ceremony`.
+The following document will help you through setup your guard for production on Docker.
 
 ## Environment Variable Configs
 You can configure some Environment Variables when deploying with docker, you can find all of them [here](./env-references.md).
 
 Note: Set your parameters in `.env` file (make sure not to use spaces after the '=' sign)
 
+# Docker Deployment
+
+Clone [Operation repository](https://github.com/rosen-bridge/operation.git) and go to `operation/guard` directory
+
+```shell
+git clone https://github.com/rosen-bridge/operation.git
+cd operation/guard/
+```
+
+Create your environment file `.env` based on `env.template` file in the `guard` directory
+
+```shell
+cp env.template .env
+```
+
+Set your parameters in `.env` file 
+>**Note:** do not use space after `=` sign
+
+```shell
+# Required Environments
+
+POSTGRES_PASSWORD= # a random alphanumeric password without special characters (like $%!-#)
+
+POSTGRES_USER= # a random name
+
+POSTGRES_DB= # a random name
+
+POSTGRES_PORT=5432 # 5432 is set as default, you can change it.
+
+
+# Optional Environments
+
+GUARD_PORT= # (default is 8081 if no value is set)
+
+GUARD_IMAGE_VERSION= # Don't change it!
+
+UI_IMAGE_VERSION= # Don't change it!
+```
+
+Set required permissions and create `thresholds.json` and `local.yaml` files in the `config` directory
+
+```shell
+touch config/thresholds.json
+touch config/local.yaml
+sudo chown -R 8080:8080 logs config
+```
+
+Only on `MacOS`: set `707` permission for the `logs` directory
+
+```shell
+# only on MacOS
+sudo chmod -R 707 logs
+```
+
+Pull the Docker image
+
+  ```shell
+  docker compose pull # use `docker-compose pull` for older versions of Docker
+  ```
+
+In order to instruct the service to create require docker volumes, in the `guard` directory
+
+```shell
+docker compose create # use `docker-compose create` for older versions of Docker
+```
+
+> **NOTE**: Before running your guard service, you must take part in the key generation ceremony. For detailed instructions, please refer to [this guide](../keygen-service/keygen-docker.md).
+
+
 # Edit Config File
 
 You need to specify some required configs in `local.yaml`.
@@ -352,3 +421,11 @@ coldStorage:
   ...
 discordWebHookUrl: 'YOUR_WEBHOOK_URL'
 ```
+
+# Run Guard Service
+
+In the `guard` directory, run the container
+
+```shell
+docker compose up # use `docker-compose up` for older versions of Docker
+```

docs/guard/keygen-docker.md → docs/keygen-service/keygen-docker.md

@@ -1,21 +1,28 @@
-## Guard Operation: Key Generation
+## Keygen Service
 
 Being a guard, you need a set of secret keys that will be used in multisig operations. One of these keys will be used by the `TSS library` for `EcDSA` and `EdDSA` multisig wallets. 
 
-The following document will help you through generating this key by activating the `keygen mode` in the guard application in a `key generation ceremony`.
-
-> **Note:** The guard application does not have a UI interface for key generation process.
+The following document will help you through generating these keys by connecting the `keygen service` to your `guard service` in a `key generation ceremony`.
 
 # Docker Deployment
 
-Clone [Operation repository](https://github.com/rosen-bridge/operation.git) and go to `operation/guard` directory
+If you are participating in a Rosen key generation ceremony for the first time, at the first you have to setup your `guard` directories and volumes according to this [article](../guard/setup.md#docker-deployment), after that go to the `operation/keygen-service` directory
+
+```shell
+cd operation/keygen-service/
+```
+
+>**Note:** If you have participated in the previous key generation ceremony, we would like to stress the importance of ensuring that you have backed up your important data before taking any further actions. If you do not have a backup, please refer to the information provided [here](#backup).
+
+If you have participated in the previous key generation ceremony, just pull the latest changes from operation repo
 
 ```shell
-git clone https://github.com/rosen-bridge/operation.git
-cd operation/guard/
+cd operation/
+git pull
+cd keygen-service/
 ```
 
-Create your environment file `.env` based on `env.template` file in the `guard` directory
+**Note:** if you need to set specific keygen service image version create environment file `.env` based on `env.template` file in the `keygen-service` directory (In general, there is no need to specify a particular version for the key generation service image.)
 
 ```shell
 cp env.template .env
@@ -25,30 +32,14 @@ Set your parameters in `.env` file
 >**Note:** do not use space after `=` sign
 
 ```shell
-# Required Environments
-
-POSTGRES_PASSWORD= # a random alphanumeric password without special characters (like $%!-#)
-
-POSTGRES_USER= # a random name
-
-POSTGRES_DB= # a random name
-
-POSTGRES_PORT=5432 # 5432 is set as default, you can change it.
-
-
 # Optional Environments
 
-GUARD_PORT= # (default is 8081 if no value is set)
-
-GUARD_IMAGE_VERSION= # Don't change it!
-
-UI_IMAGE_VERSION= # Don't change it!
+KEYGEN_IMAGE_VERSION=
 ```
 
-Set required permissions and create `thresholds.json` and `local.yaml` files in the `config` directory
+Set required permissions and create `local.yaml` file in the `config` directory
 
 ```shell
-touch config/thresholds.json
 touch config/local.yaml
 sudo chown -R 8080:8080 logs config
 ```
@@ -73,23 +64,23 @@ In order to instruct the service to generate a new key, copy and paste the follo
 # Paste these lines in local.yaml file, fill in the parameters.
 
 keygen: 
-  active: true # set true to start keygen process on startup
   guards: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # total number of guards
   threshold: FILL_ACCORDING_TO_YOUR_GUARD_SET(number) # signing threshold (at least threshold + 1 guards are required)
+  algorithm: FILL_ACCORDING_TO_YOUR_GUARD_SET(string) # ecdsa or eddsa
 p2p:
   addresses:
     - peerId: FILL_ACCORDING_TO_YOUR_GUARD_SET
       address: FILL_ACCORDING_TO_YOUR_GUARD_SET
 ```
 
-In the `guard` directory, run the containers
+In the `keygen-service` directory, run the container
 
 ```shell
 docker compose up # use `docker-compose up` for older versions of Docker
 ```
 
 > **Note:**
-> Each guard has a unique peerId that you should provide to the moderator of the keygen ceremony. Your peerId will be whitelisted in the network's relay. Upon starting your guard, you can find the value of this parameter in your guard's logs. For example, you should see a line like this in your log file located at `./logs/guard-logs/` or in your console:
+> Each guard has a unique peerId that you should provide to the moderator of the keygen ceremony. Your peerId will be whitelisted in relays. Upon starting your guard or keygen-service for the first time, you can find the value of this parameter in your guard's logs or keygen-service's logs. For example, you should see a line like this in your log file located at `./keygen-service/logs/keygen-logs/` or ./guard/logs/guard-logs/ or in your console:
 > ```
 > info: Dialer node started with peerId: 12D3KooWNGaHx3EAdNeKUFxAKrg3EyKFN8gHHw9H5ZiBmRVjxHpG.
 > ```
@@ -98,23 +89,29 @@ docker compose up # use `docker-compose up` for older versions of Docker
 
 ## Successful Keygen
 
-After discovering all peers, the colaborative key genaration process will be started. In case of a successful key genaration you can see the following message in the console as well as in the log file located at `./logs/guard-logs/`.
+After discovering all peers, the colaborative key genaration process will be started. In case of a successful key genaration, a message with the following structure could be seen in the console as well as in the log file located at `./keygen-service/logs/keygen-logs/`.
 
 ```
 info: [keygen] request start keygen with response {"shareID":"17919185987749025101810558434858548363703702891441976713238832618792983045264897561171919","pubKey":"9a685c62d667fd99c22dbd1d8e97b27a268003e146ac8af74b03c5a1f25f4f5f","status":"success"} called
 ```
 Please provide this data to the moderator of the keygen ceremony to acknowledge your successful operation.
 
+After a successful keygen ceremony, In the `keygen-service` directory, stop the container
+  
+```shell
+docker compose down # use `docker-compose down` for older versions of Docker
+```
 
 ### Backup
 
-After a successful keygen ceremony, back up the `keygen data` as well as the `p2p data` by executing the following commands in the guard directory:
+After a successful keygen ceremony, back up the `keygen data` as well as the `p2p data` by executing the following commands in the `guard` directory:
 
 ```shell
-mkdir guard_data_backup
+cd ./operation/guard
+mkdir -p guard_data_backup/tss
 docker compose cp service:/app/peer-dialer/peer-dialer.json ./guard_data_backup/
-docker compose cp service:/app/tss-api/home/eddsa/keygen_data.json ./guard_data_backup/
+docker compose cp service:/app/tss-api/home/ ./guard_data_backup/tss
 ```
 
 > **Note:**
-> Keep the directory `guard_data_backup` in a secure location. Your key share can be found in `keygen_data.json`. 
+> Keep the directory `guard_data_backup` in a secure location. Your key share can be found in `./guard_data_backup/tss/(ecdsa || eddsa)/keygen_data.json`.

keygen-service/.gitignore

@@ -0,0 +1,4 @@
+**/logs/*
+config/local*.yaml
+.env
+.DS_Store

keygen-service/docker-compose.yaml

@@ -0,0 +1,34 @@
+version: '3.8'
+
+services:
+  service:
+    image: ghcr.io/rosen-bridge/keygen-service:${KEYGEN_IMAGE_VERSION:-latest}
+    env_file:
+      - .env
+    volumes:
+      - type: bind
+        source: ./config/local.yaml
+        target: /app/config/local.yml
+      - ./logs/keygen-logs/:/app/logs/
+      - guard-data:/app/peer-dialer/
+      - ./logs/tss-api-logs/:/app/tss-api/logs/
+      - tss-api-data:/app/tss-api/home/
+    networks:
+      - rosen_network
+    restart: always
+    healthcheck:
+      test: ['CMD-SHELL', 'curl --fail http://$$HOSTNAME:8080/swagger || exit 1']
+      interval: 10s
+      timeout: 5s
+      retries: 3
+
+volumes:
+  guard-data:
+    external: true
+    name: guard_guard-data
+  tss-api-data:
+    external: true
+    name: guard_tss-api-data
+
+networks:
+  rosen_network:

keygen-service/env.template

@@ -0,0 +1,3 @@
+# Optional Environments
+
+KEYGEN_IMAGE_VERSION=