diff --git a/config/snippet-config/splice-snippet-list-remote.json b/config/snippet-config/splice-snippet-list-remote.json index 8a5e9932d..43471e2c2 100644 --- a/config/snippet-config/splice-snippet-list-remote.json +++ b/config/snippet-config/splice-snippet-list-remote.json @@ -8,6 +8,10 @@ "traffic parameters": "/global-synchronizer/deployment/synchronizer-traffic#traffic-parameters", "traffic_accounting": "/global-synchronizer/deployment/synchronizer-traffic#traffic-accounting-what-counts-as-traffic" }, + "urlSubstitutions": { + "https://docs.daml.com/canton/usermanual/kms/kms_aws_setup.html": "[Canton KMS operations](/global-synchronizer/production-operations/kms-operations#configure-a-amazon-web-services-aws-kms)", + "https://docs.daml.com/canton/usermanual/kms/kms_gcp_setup.html": "[Canton KMS operations](/global-synchronizer/production-operations/kms-operations#configure-a-google-cloud-provider-gcp-kms)" + }, "snippets": [ { "snippetName": "splice-literal-full-apps-app-src-pack-examples-recovery-manual-identities-dump", @@ -21,6 +25,30 @@ "language": "scala" } }, + { + "snippetName": "splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-aws-values", + "sourceRepo": "splice", + "sourceFilepath": "apps/app/src/pack/examples/sv-helm/kms-participant-aws-values.yaml", + "location": { + "type": "fullFile" + }, + "description": "", + "options": { + "language": "yaml" + } + }, + { + "snippetName": "splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-gcp-values", + "sourceRepo": "splice", + "sourceFilepath": "apps/app/src/pack/examples/sv-helm/kms-participant-gcp-values.yaml", + "location": { + "type": "fullFile" + }, + "description": "", + "options": { + "language": "yaml" + } + }, { "snippetName": "splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-configuring-topup-start", "sourceRepo": "splice", @@ -1871,6 +1899,21 @@ "normalizeIndent": false } }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-140", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_disaster_recovery.rst", + "location": { + "type": "lines", + "start": 140, + "end": 142 + }, + "description": "", + "options": { + "language": "bash", + "normalizeIndent": false + } + }, { "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-240", "sourceRepo": "splice", @@ -1916,6 +1959,21 @@ "normalizeIndent": "baseline" } }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-274", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_disaster_recovery.rst", + "location": { + "type": "lines", + "start": 274, + "end": 274 + }, + "description": "", + "options": { + "language": "", + "normalizeIndent": "baseline" + } + }, { "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-299", "sourceRepo": "splice", @@ -1946,6 +2004,66 @@ "normalizeIndent": "baseline" } }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-355", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_disaster_recovery.rst", + "location": { + "type": "lines", + "start": 355, + "end": 384 + }, + "description": "", + "options": { + "language": "", + "normalizeIndent": "baseline" + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-397", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_disaster_recovery.rst", + "location": { + "type": "lines", + "start": 397, + "end": 413 + }, + "description": "", + "options": { + "language": "", + "normalizeIndent": "baseline" + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-419", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_disaster_recovery.rst", + "location": { + "type": "lines", + "start": 419, + "end": 435 + }, + "description": "", + "options": { + "language": "", + "normalizeIndent": "baseline" + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-451", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_disaster_recovery.rst", + "location": { + "type": "lines", + "start": 451, + "end": 453 + }, + "description": "", + "options": { + "language": "", + "normalizeIndent": "baseline" + } + }, { "snippetName": "splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-485", "sourceRepo": "splice", @@ -2006,6 +2124,66 @@ "normalizeIndent": "baseline" } }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-bash-545", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_helm.rst", + "location": { + "type": "lines", + "start": 545, + "end": 548 + }, + "description": "", + "options": { + "language": "bash", + "normalizeIndent": false + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-bash-557", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_helm.rst", + "location": { + "type": "lines", + "start": 557, + "end": 557 + }, + "description": "", + "options": { + "language": "bash", + "normalizeIndent": false + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-bash-598", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_helm.rst", + "location": { + "type": "lines", + "start": 598, + "end": 598 + }, + "description": "", + "options": { + "language": "bash", + "normalizeIndent": false + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-bash-642", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_helm.rst", + "location": { + "type": "lines", + "start": 642, + "end": 642 + }, + "description": "", + "options": { + "language": "bash", + "normalizeIndent": false + } + }, { "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-bash-65", "sourceRepo": "splice", @@ -2066,6 +2244,51 @@ "normalizeIndent": "baseline" } }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-yaml-566", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_helm.rst", + "location": { + "type": "lines", + "start": 566, + "end": 576 + }, + "description": "", + "options": { + "language": "yaml", + "normalizeIndent": "baseline" + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-yaml-584", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_helm.rst", + "location": { + "type": "lines", + "start": 584, + "end": 590 + }, + "description": "", + "options": { + "language": "yaml", + "normalizeIndent": "baseline" + } + }, + { + "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-yaml-607", + "sourceRepo": "splice", + "sourceFilepath": "docs/src/validator_operator/validator_helm.rst", + "location": { + "type": "lines", + "start": 607, + "end": 635 + }, + "description": "", + "options": { + "language": "yaml", + "normalizeIndent": "baseline" + } + }, { "snippetName": "splice-rst-code-docs-src-validator-operator-validator-helm-yaml-82", "sourceRepo": "splice", @@ -2199,19 +2422,6 @@ "normalizeIndent": false } }, - { - "snippetName": "splice-rst-full-docs-src-common-reloader-recommendation", - "sourceRepo": "splice", - "sourceFilepath": "docs/src/common/reloader_recommendation.rst", - "location": { - "type": "fullFile" - }, - "description": "", - "options": { - "transform": "rstinclude", - "normalizeIndent": false - } - }, { "snippetName": "splice-rst-full-docs-src-common-sv-extra-dars-notice", "sourceRepo": "splice", diff --git a/docs-main/appdev/modules/m4-json-api-tutorial.mdx b/docs-main/appdev/modules/m4-json-api-tutorial.mdx index ab4a0ef17..5f925c193 100644 --- a/docs-main/appdev/modules/m4-json-api-tutorial.mdx +++ b/docs-main/appdev/modules/m4-json-api-tutorial.mdx @@ -240,7 +240,7 @@ Look for the `createdEvent` section, which contains contract details like: ``` ### Troubleshooting -If you encounter issues while calling the using curl - you should enable `-v` (verbose) mode to see the request and response details. For instance: .. code-block: +If you encounter issues while calling the using curl - you should enable `-v` (verbose) mode to see the request and response details. For instance: ```bash curl -v -d '{"partyIdHint":"Alice", "identityProviderId": ""}' -H "Content-Type: application/json" -X POST localhost:7575/v2/parties @@ -249,9 +249,11 @@ Http response different than 200 (e.g., 400, 404, etc.) indicates an error. The If it does not help, read logs available in the canton sandbox terminal or in the file `\/logs/canton.log`. -If nothing is returned when you query `localhost:7575/v2/state/active-contracts` ensure that the offset provided is correct and corresponds to the `completionOffset` from the `localhost:7575/v2/commands/submit-and-wait` command. You can also check current offset by running: .. code-block: +If nothing is returned when you query `localhost:7575/v2/state/active-contracts` ensure that the offset provided is correct and corresponds to the `completionOffset` from the `localhost:7575/v2/commands/submit-and-wait` command. You can also check current offset by running: - curl localhost:7575/v2/state/ledger-end +```bash +curl localhost:7575/v2/state/ledger-end +``` ### Next steps #### Canton examples diff --git a/docs-main/global-synchronizer/deployment/kubernetes-deployment.mdx b/docs-main/global-synchronizer/deployment/kubernetes-deployment.mdx index ce56fcfc1..bff850dc7 100644 --- a/docs-main/global-synchronizer/deployment/kubernetes-deployment.mdx +++ b/docs-main/global-synchronizer/deployment/kubernetes-deployment.mdx @@ -3,7 +3,6 @@ title: "Super Validator Helm Deployment" description: "Deploying a Super Validator node on Kubernetes using Helm charts" --- -import ExternalSpliceMainSpliceRstFullDocsSrcCommonReloaderRecommendation from '/snippets/external/splice/main/splice-rst-full-docs-src-common-reloader-recommendation.mdx'; import ExternalSpliceMainSpliceRstCodeDocsSrcSvOperatorSvHelmBash1033 from "/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-1033.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcSvOperatorSvHelmParsedLiteral468 from "/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-parsed-literal-468.mdx"; @@ -58,8 +57,8 @@ tar xzvf 0.6.4_splice-node.tar.gz 5) Please inquire the migration id and serial id of the global synchronizer on your target network. The migration ID is frozen at the value after the last major upgrade and is only used for `migration.id` in the helm chart values. The serial ID is 0 for the initial synchronizer deployment and is incremented by 1 for each logical synchronizer upgrade. The serial ID is used for helm release names, DNS entries, database names, and deployment naming. ```bash - export MIGRATION_ID=0 - export SERIAL_ID=0 +export MIGRATION_ID=0 +export SERIAL_ID=0 ``` @@ -103,8 +102,8 @@ tar xzvf 0.6.3_splice-node.tar.gz 5) Please inquire the migration id and serial id of the global synchronizer on your target network. The migration ID is frozen at the value after the last major upgrade and is only used for `migration.id` in the helm chart values. The serial ID is 0 for the initial synchronizer deployment and is incremented by 1 for each logical synchronizer upgrade. The serial ID is used for helm release names, DNS entries, database names, and deployment naming. ```bash - export MIGRATION_ID=0 - export SERIAL_ID=0 +export MIGRATION_ID=0 +export SERIAL_ID=0 ``` @@ -148,8 +147,8 @@ tar xzvf 0.6.2_splice-node.tar.gz 5) Please inquire the migration id and serial id of the global synchronizer on your target network. The migration ID is frozen at the value after the last major upgrade and is only used for `migration.id` in the helm chart values. The serial ID is 0 for the initial synchronizer deployment and is incremented by 1 for each logical synchronizer upgrade. The serial ID is used for helm release names, DNS entries, database names, and deployment naming. ```bash - export MIGRATION_ID=0 - export SERIAL_ID=0 +export MIGRATION_ID=0 +export SERIAL_ID=0 ``` @@ -561,7 +560,17 @@ Note that the default Helm values files used below assume that the Postgres inst ## Installing the Software - + + +We recommend installing [Stakater Reloader](https://github.com/stakater/Reloader), which automatically performs rolling restarts of pods when their referenced Secrets or ConfigMaps change. + +Splice Helm charts include the `reloader.stakater.com/auto: "true"` annotation by default. + +If you do not use Reloader, the annotation is harmless and will be ignored. + +To remove it, set `enableReloader: false` in your Helm values file. + + ### Configuring the Helm Charts @@ -629,9 +638,9 @@ Additionally, please modify the file `splice-node/examples/sv-helm/sv-validator- The private and public key for your SV are defined in a K8s secret. If you haven't done so yet, please first follow the instructions in the Generating an SV Identity section to obtain and register a name and keypair for your SV. Replace `YOUR_PUBLIC_KEY` and `YOUR_PRIVATE_KEY` with the `public-key` and `private-key` values obtained as part of generating your SV identity. ```bash - kubectl create secret --namespace sv generic splice-app-sv-key \ - --from-literal=public=YOUR_PUBLIC_KEY \ - --from-literal=private=YOUR_PRIVATE_KEY +kubectl create secret --namespace sv generic splice-app-sv-key \ + --from-literal=public=YOUR_PUBLIC_KEY \ + --from-literal=private=YOUR_PRIVATE_KEY ``` For configuring your sv app, please modify the file `splice-node/examples/sv-helm/sv-values.yaml` as follows: @@ -649,15 +658,10 @@ For configuring your sv app, please modify the file `splice-node/examples/sv-hel - Optionally, uncomment the line for `initialAmuletPrice` and set it to your desired amulet price. This will create an amulet price vote from your SV with the configured price when onboarded. If not set, no vote will be cast. This can always be done later manually from the SV app UI. ```yaml - # Replace MIGRATION_ID with the migration ID of the global synchronizer. - migration: - id: "MIGRATION_ID" - # Uncomment these when redeploying as part of a migration, - # i.e., MIGRATION_ID was incremented and a migration dump was exported to the attached pvc. - # migrating: true - # This declares that your sequencer with that migration id is still up. You should remove it - # once you take down the sequencer for the prior migration id - # legacyId: "MIGRATION_ID_BEFORE_INCREMENTED" +# Replace MIGRATION_ID with the migration ID of the global synchronizer. +migration: + # This should stay constant after the introduction of logical synchronizer upgrades. + id: "MIGRATION_ID" ``` Please modify the file `splice-node/examples/sv-helm/info-values.yaml` as follows: @@ -742,9 +746,9 @@ Additionally, please modify the file `splice-node/examples/sv-helm/sv-validator- The private and public key for your SV are defined in a K8s secret. If you haven't done so yet, please first follow the instructions in the Generating an SV Identity section to obtain and register a name and keypair for your SV. Replace `YOUR_PUBLIC_KEY` and `YOUR_PRIVATE_KEY` with the `public-key` and `private-key` values obtained as part of generating your SV identity. ```bash - kubectl create secret --namespace sv generic splice-app-sv-key \ - --from-literal=public=YOUR_PUBLIC_KEY \ - --from-literal=private=YOUR_PRIVATE_KEY +kubectl create secret --namespace sv generic splice-app-sv-key \ + --from-literal=public=YOUR_PUBLIC_KEY \ + --from-literal=private=YOUR_PRIVATE_KEY ``` For configuring your sv app, please modify the file `splice-node/examples/sv-helm/sv-values.yaml` as follows: @@ -762,15 +766,10 @@ For configuring your sv app, please modify the file `splice-node/examples/sv-hel - Optionally, uncomment the line for `initialAmuletPrice` and set it to your desired amulet price. This will create an amulet price vote from your SV with the configured price when onboarded. If not set, no vote will be cast. This can always be done later manually from the SV app UI. ```yaml - # Replace MIGRATION_ID with the migration ID of the global synchronizer. - migration: - id: "MIGRATION_ID" - # Uncomment these when redeploying as part of a migration, - # i.e., MIGRATION_ID was incremented and a migration dump was exported to the attached pvc. - # migrating: true - # This declares that your sequencer with that migration id is still up. You should remove it - # once you take down the sequencer for the prior migration id - # legacyId: "MIGRATION_ID_BEFORE_INCREMENTED" +# Replace MIGRATION_ID with the migration ID of the global synchronizer. +migration: + # This should stay constant after the introduction of logical synchronizer upgrades. + id: "MIGRATION_ID" ``` Please modify the file `splice-node/examples/sv-helm/info-values.yaml` as follows: @@ -855,9 +854,9 @@ Additionally, please modify the file `splice-node/examples/sv-helm/sv-validator- The private and public key for your SV are defined in a K8s secret. If you haven't done so yet, please first follow the instructions in the Generating an SV Identity section to obtain and register a name and keypair for your SV. Replace `YOUR_PUBLIC_KEY` and `YOUR_PRIVATE_KEY` with the `public-key` and `private-key` values obtained as part of generating your SV identity. ```bash - kubectl create secret --namespace sv generic splice-app-sv-key \ - --from-literal=public=YOUR_PUBLIC_KEY \ - --from-literal=private=YOUR_PRIVATE_KEY +kubectl create secret --namespace sv generic splice-app-sv-key \ + --from-literal=public=YOUR_PUBLIC_KEY \ + --from-literal=private=YOUR_PRIVATE_KEY ``` For configuring your sv app, please modify the file `splice-node/examples/sv-helm/sv-values.yaml` as follows: @@ -875,15 +874,10 @@ For configuring your sv app, please modify the file `splice-node/examples/sv-hel - Optionally, uncomment the line for `initialAmuletPrice` and set it to your desired amulet price. This will create an amulet price vote from your SV with the configured price when onboarded. If not set, no vote will be cast. This can always be done later manually from the SV app UI. ```yaml - # Replace MIGRATION_ID with the migration ID of the global synchronizer. - migration: - id: "MIGRATION_ID" - # Uncomment these when redeploying as part of a migration, - # i.e., MIGRATION_ID was incremented and a migration dump was exported to the attached pvc. - # migrating: true - # This declares that your sequencer with that migration id is still up. You should remove it - # once you take down the sequencer for the prior migration id - # legacyId: "MIGRATION_ID_BEFORE_INCREMENTED" +# Replace MIGRATION_ID with the migration ID of the global synchronizer. +migration: + # This should stay constant after the introduction of logical synchronizer upgrades. + id: "MIGRATION_ID" ``` Please modify the file `splice-node/examples/sv-helm/info-values.yaml` as follows: @@ -947,24 +941,24 @@ helm install info oci://ghcr.io/digital-asset/decentralized-canton-sync/helm/spl Once everything is running, you should be able to inspect the state of the cluster and observe pods running in the new namespace. A typical query might look as follows: ```bash - $ kubectl get pods -n sv - NAME READY STATUS RESTARTS AGE - apps-pg-0 2/2 Running 0 14m - ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m - global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m - global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m - global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m - info-9fb7bc859-27226 2/2 Running 0 10m - mediator-pg-0 2/2 Running 0 14m - participant-0-57579c64ff-wmzk5 2/2 Running 0 14m - participant-pg-0 2/2 Running 0 14m - scan-app-b8456cc64-stjm2 2/2 Running 0 10m - scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m - sequencer-pg-0 2/2 Running 0 14m - sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m - sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m - validator-app-667445fdfc-rcztx 2/2 Running 0 10m - wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m +$ kubectl get pods -n sv +NAME READY STATUS RESTARTS AGE +apps-pg-0 2/2 Running 0 14m +ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m +global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m +global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m +global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m +info-9fb7bc859-27226 2/2 Running 0 10m +mediator-pg-0 2/2 Running 0 14m +participant-0-57579c64ff-wmzk5 2/2 Running 0 14m +participant-pg-0 2/2 Running 0 14m +scan-app-b8456cc64-stjm2 2/2 Running 0 10m +scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m +sequencer-pg-0 2/2 Running 0 14m +sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m +sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m +validator-app-667445fdfc-rcztx 2/2 Running 0 10m +wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m ``` Note also that `Pod` restarts may happen during bringup, particularly if all helm charts are deployed at the same time. The `splice-sv-node` cannot start until `participant` is running and `participant` cannot start until `postgres` is running. @@ -1002,24 +996,24 @@ helm install info oci://ghcr.io/digital-asset/decentralized-canton-sync/helm/spl Once everything is running, you should be able to inspect the state of the cluster and observe pods running in the new namespace. A typical query might look as follows: ```bash - $ kubectl get pods -n sv - NAME READY STATUS RESTARTS AGE - apps-pg-0 2/2 Running 0 14m - ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m - global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m - global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m - global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m - info-9fb7bc859-27226 2/2 Running 0 10m - mediator-pg-0 2/2 Running 0 14m - participant-0-57579c64ff-wmzk5 2/2 Running 0 14m - participant-pg-0 2/2 Running 0 14m - scan-app-b8456cc64-stjm2 2/2 Running 0 10m - scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m - sequencer-pg-0 2/2 Running 0 14m - sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m - sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m - validator-app-667445fdfc-rcztx 2/2 Running 0 10m - wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m +$ kubectl get pods -n sv +NAME READY STATUS RESTARTS AGE +apps-pg-0 2/2 Running 0 14m +ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m +global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m +global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m +global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m +info-9fb7bc859-27226 2/2 Running 0 10m +mediator-pg-0 2/2 Running 0 14m +participant-0-57579c64ff-wmzk5 2/2 Running 0 14m +participant-pg-0 2/2 Running 0 14m +scan-app-b8456cc64-stjm2 2/2 Running 0 10m +scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m +sequencer-pg-0 2/2 Running 0 14m +sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m +sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m +validator-app-667445fdfc-rcztx 2/2 Running 0 10m +wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m ``` Note also that `Pod` restarts may happen during bringup, particularly if all helm charts are deployed at the same time. The `splice-sv-node` cannot start until `participant` is running and `participant` cannot start until `postgres` is running. @@ -1057,24 +1051,24 @@ helm install info oci://ghcr.io/digital-asset/decentralized-canton-sync/helm/spl Once everything is running, you should be able to inspect the state of the cluster and observe pods running in the new namespace. A typical query might look as follows: ```bash - $ kubectl get pods -n sv - NAME READY STATUS RESTARTS AGE - apps-pg-0 2/2 Running 0 14m - ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m - global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m - global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m - global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m - info-9fb7bc859-27226 2/2 Running 0 10m - mediator-pg-0 2/2 Running 0 14m - participant-0-57579c64ff-wmzk5 2/2 Running 0 14m - participant-pg-0 2/2 Running 0 14m - scan-app-b8456cc64-stjm2 2/2 Running 0 10m - scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m - sequencer-pg-0 2/2 Running 0 14m - sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m - sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m - validator-app-667445fdfc-rcztx 2/2 Running 0 10m - wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m +$ kubectl get pods -n sv +NAME READY STATUS RESTARTS AGE +apps-pg-0 2/2 Running 0 14m +ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m +global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m +global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m +global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m +info-9fb7bc859-27226 2/2 Running 0 10m +mediator-pg-0 2/2 Running 0 14m +participant-0-57579c64ff-wmzk5 2/2 Running 0 14m +participant-pg-0 2/2 Running 0 14m +scan-app-b8456cc64-stjm2 2/2 Running 0 10m +scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m +sequencer-pg-0 2/2 Running 0 14m +sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m +sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m +validator-app-667445fdfc-rcztx 2/2 Running 0 10m +wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m ``` Note also that `Pod` restarts may happen during bringup, particularly if all helm charts are deployed at the same time. The `splice-sv-node` cannot start until `participant` is running and `participant` cannot start until `postgres` is running. @@ -1164,7 +1158,7 @@ In order to install the reference charts, the following must be satisfied in you Create a `cluster-ingress` namespace: ```bash - kubectl create ns cluster-ingress +kubectl create ns cluster-ingress ``` Ensure that there is a cert-manager certificate available in a secret named `cn-net-tls`. An example of a suitable certificate definition: @@ -1195,7 +1189,7 @@ service: And install it to your cluster: ```bash - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml ``` Create Istio Gateway resources in the `cluster-ingress` namespace. Save the following to a file named `gateways.yaml`, with the following modifications: @@ -1266,7 +1260,7 @@ spec: And apply them to your cluster: ```bash - kubectl apply -f gateways.yaml -n cluster-ingress +kubectl apply -f gateways.yaml -n cluster-ingress ``` The http gateway terminates tls using the secret that you configured above, and exposes raw http traffic in its outbound port 443. Istio VirtualServices can now be created to route traffic from there to the required pods within the cluster. A reference Helm chart is provided for that, which can be installed after @@ -1286,7 +1280,7 @@ helm install cluster-ingress-sv oci://ghcr.io/digital-asset/decentralized-canton Create a `cluster-ingress` namespace: ```bash - kubectl create ns cluster-ingress +kubectl create ns cluster-ingress ``` Ensure that there is a cert-manager certificate available in a secret named `cn-net-tls`. An example of a suitable certificate definition: @@ -1317,7 +1311,7 @@ service: And install it to your cluster: ```bash - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml ``` Create Istio Gateway resources in the `cluster-ingress` namespace. Save the following to a file named `gateways.yaml`, with the following modifications: @@ -1388,7 +1382,7 @@ spec: And apply them to your cluster: ```bash - kubectl apply -f gateways.yaml -n cluster-ingress +kubectl apply -f gateways.yaml -n cluster-ingress ``` The http gateway terminates tls using the secret that you configured above, and exposes raw http traffic in its outbound port 443. Istio VirtualServices can now be created to route traffic from there to the required pods within the cluster. A reference Helm chart is provided for that, which can be installed after @@ -1408,7 +1402,7 @@ helm install cluster-ingress-sv oci://ghcr.io/digital-asset/decentralized-canton Create a `cluster-ingress` namespace: ```bash - kubectl create ns cluster-ingress +kubectl create ns cluster-ingress ``` Ensure that there is a cert-manager certificate available in a secret named `cn-net-tls`. An example of a suitable certificate definition: @@ -1439,7 +1433,7 @@ service: And install it to your cluster: ```bash - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml ``` Create Istio Gateway resources in the `cluster-ingress` namespace. Save the following to a file named `gateways.yaml`, with the following modifications: @@ -1510,7 +1504,7 @@ spec: And apply them to your cluster: ```bash - kubectl apply -f gateways.yaml -n cluster-ingress +kubectl apply -f gateways.yaml -n cluster-ingress ``` The http gateway terminates tls using the secret that you configured above, and exposes raw http traffic in its outbound port 443. Istio VirtualServices can now be created to route traffic from there to the required pods within the cluster. A reference Helm chart is provided for that, which can be installed after diff --git a/docs-main/global-synchronizer/deployment/onboarding-process.mdx b/docs-main/global-synchronizer/deployment/onboarding-process.mdx index 0385f7406..0e1482f9b 100644 --- a/docs-main/global-synchronizer/deployment/onboarding-process.mdx +++ b/docs-main/global-synchronizer/deployment/onboarding-process.mdx @@ -60,16 +60,16 @@ done) You should see output in the form shown below, where each line indicates one SV and the version it is on. If you see timeouts that SV has not yet added you to their allowlist, if you do not get any errors, then all SVs have added you. Note that the URLs and versions will vary over time so don't try to compare exactly. ```bash - https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 - https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 - https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 - https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 - https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 +https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 +https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 +https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 ``` Apart from connectivity to Scan, your validator must also be able to connect to the sequencer endpoints of the SVs. If you are encountering issues related to connecting to the synchronizer, you can use the following snippet to confirm that you are able to reach those endpoints (i.e., that SVs have whitelisted your IP for those endpoints as well). Note that the following snippet requires installing [jq](https://jqlang.org/) and [grpcurl](https://github.com/fullstorydev/grpcurl). @@ -83,36 +83,36 @@ done) Sequencers that are functional and have whitelisted your IP correctly will return `"status": "SERVING"` in the `grpcurl` output. ```bash - sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.tradeweb.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.sync.global: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-2.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.c7.digital: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } +sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.tradeweb.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.sync.global: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-2.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.c7.digital: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} ``` The default configuration for both of these requires access to at least 2/3 of the SVs for each of scans and sequencers. You may, at your option and own risk, configure connection to a single trusted scan and sequencer as described under validator helm chart configuration, at the cost of losing BFT integrity guarantees. @@ -142,16 +142,16 @@ done) You should see output in the form shown below, where each line indicates one SV and the version it is on. If you see timeouts that SV has not yet added you to their allowlist, if you do not get any errors, then all SVs have added you. Note that the URLs and versions will vary over time so don't try to compare exactly. ```bash - https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 - https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 - https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 - https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 - https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 +https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 +https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 +https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 ``` Apart from connectivity to Scan, your validator must also be able to connect to the sequencer endpoints of the SVs. If you are encountering issues related to connecting to the synchronizer, you can use the following snippet to confirm that you are able to reach those endpoints (i.e., that SVs have whitelisted your IP for those endpoints as well). Note that the following snippet requires installing [jq](https://jqlang.org/) and [grpcurl](https://github.com/fullstorydev/grpcurl). @@ -165,36 +165,36 @@ done) Sequencers that are functional and have whitelisted your IP correctly will return `"status": "SERVING"` in the `grpcurl` output. ```bash - sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.tradeweb.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.sync.global: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-2.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.c7.digital: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } +sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.tradeweb.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.sync.global: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-2.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.c7.digital: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} ``` The default configuration for both of these requires access to at least 2/3 of the SVs for each of scans and sequencers. You may, at your option and own risk, configure connection to a single trusted scan and sequencer as described under validator helm chart configuration, at the cost of losing BFT integrity guarantees. @@ -224,16 +224,16 @@ done) You should see output in the form shown below, where each line indicates one SV and the version it is on. If you see timeouts that SV has not yet added you to their allowlist, if you do not get any errors, then all SVs have added you. Note that the URLs and versions will vary over time so don't try to compare exactly. ```bash - https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 - https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 - https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 - https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 - https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 +https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 +https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 +https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 ``` Apart from connectivity to Scan, your validator must also be able to connect to the sequencer endpoints of the SVs. If you are encountering issues related to connecting to the synchronizer, you can use the following snippet to confirm that you are able to reach those endpoints (i.e., that SVs have whitelisted your IP for those endpoints as well). Note that the following snippet requires installing [jq](https://jqlang.org/) and [grpcurl](https://github.com/fullstorydev/grpcurl). @@ -247,36 +247,36 @@ done) Sequencers that are functional and have whitelisted your IP correctly will return `"status": "SERVING"` in the `grpcurl` output. ```bash - sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.tradeweb.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.sync.global: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-2.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.c7.digital: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } +sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.tradeweb.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.sync.global: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-2.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.c7.digital: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} ``` The default configuration for both of these requires access to at least 2/3 of the SVs for each of scans and sequencers. You may, at your option and own risk, configure connection to a single trusted scan and sequencer as described under validator helm chart configuration, at the cost of losing BFT integrity guarantees. diff --git a/docs-main/global-synchronizer/deployment/sv-network-resets.mdx b/docs-main/global-synchronizer/deployment/sv-network-resets.mdx index ce41c2e91..f63a69083 100644 --- a/docs-main/global-synchronizer/deployment/sv-network-resets.mdx +++ b/docs-main/global-synchronizer/deployment/sv-network-resets.mdx @@ -60,24 +60,21 @@ To complete the reset, go through the following steps: 1. Confirm that the reset did not change the dso rules by repeating step 1.a and comparing the result: ```bash - curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json - + curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json ``` The reset should preserve SV reward weights, i.e., the following diff should be empty: ```bash - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json - diff -C2 weights_backup.json weights_current.json - + jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json + jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json + diff -C2 weights_backup.json weights_current.json ``` The reset should also preserve the amulet rules modulo cryptographic keys, i.e., the following diff should only show changes to the dso and synchronizer namespaces: ```bash - jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json - jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json - diff amulet_backup.json amulet_current.json - + jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json + jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json + diff amulet_backup.json amulet_current.json ``` 2. Check your desired coin price in the SV UI, and verify that it matches the value from before the reset (see step 1.b.) @@ -143,24 +140,21 @@ To complete the reset, go through the following steps: 1. Confirm that the reset did not change the dso rules by repeating step 1.a and comparing the result: ```bash - curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json - + curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json ``` The reset should preserve SV reward weights, i.e., the following diff should be empty: ```bash - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json - diff -C2 weights_backup.json weights_current.json - + jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json + jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json + diff -C2 weights_backup.json weights_current.json ``` The reset should also preserve the amulet rules modulo cryptographic keys, i.e., the following diff should only show changes to the dso and synchronizer namespaces: ```bash - jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json - jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json - diff amulet_backup.json amulet_current.json - + jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json + jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json + diff amulet_backup.json amulet_current.json ``` 2. Check your desired coin price in the SV UI, and verify that it matches the value from before the reset (see step 1.b.) @@ -226,24 +220,21 @@ To complete the reset, go through the following steps: 1. Confirm that the reset did not change the dso rules by repeating step 1.a and comparing the result: ```bash - curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json - + curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json ``` The reset should preserve SV reward weights, i.e., the following diff should be empty: ```bash - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json - diff -C2 weights_backup.json weights_current.json - + jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json + jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json + diff -C2 weights_backup.json weights_current.json ``` The reset should also preserve the amulet rules modulo cryptographic keys, i.e., the following diff should only show changes to the dso and synchronizer namespaces: ```bash - jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json - jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json - diff amulet_backup.json amulet_current.json - + jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json + jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json + diff amulet_backup.json amulet_current.json ``` 2. Check your desired coin price in the SV UI, and verify that it matches the value from before the reset (see step 1.b.) diff --git a/docs-main/global-synchronizer/deployment/validator-docker-compose.mdx b/docs-main/global-synchronizer/deployment/validator-docker-compose.mdx index 4f631c240..7233eeacd 100644 --- a/docs-main/global-synchronizer/deployment/validator-docker-compose.mdx +++ b/docs-main/global-synchronizer/deployment/validator-docker-compose.mdx @@ -46,16 +46,15 @@ This deployment is useful for: To validate that the dependencies are set up correctly, run the following commands. All commands should succeed and print out the version. Note that the exact versions you see may be different from the example here. As long as you have docker-compose 2.26.0 or newer you should be fine. ```bash - > docker compose version - Docker Compose version 2.32.1 - > curl --version - curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 - Release-Date: 2024-11-06 - Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp - Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd - > jq --version - jq-1.7.1 - +> docker compose version +Docker Compose version 2.32.1 +> curl --version +curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 +Release-Date: 2024-11-06 +Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp +Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd +> jq --version +jq-1.7.1 ``` 2) Your machine should either be connected to a VPN that is whitelisted on the network (contact your sponsor SV to obtain access), or have a static egress IP address. In the latter case, please provide that IP address to your sponsor SV to add it to the firewall rules. 3) Please download the release artifacts containing the docker-compose files, from here: Download Bundle (DevNet 0.6.4), and extract the bundle: @@ -136,16 +135,15 @@ Additional parameters describing your own setup as opposed to the connection to To validate that the dependencies are set up correctly, run the following commands. All commands should succeed and print out the version. Note that the exact versions you see may be different from the example here. As long as you have docker-compose 2.26.0 or newer you should be fine. ```bash - > docker compose version - Docker Compose version 2.32.1 - > curl --version - curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 - Release-Date: 2024-11-06 - Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp - Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd - > jq --version - jq-1.7.1 - +> docker compose version +Docker Compose version 2.32.1 +> curl --version +curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 +Release-Date: 2024-11-06 +Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp +Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd +> jq --version +jq-1.7.1 ``` 2) Your machine should either be connected to a VPN that is whitelisted on the network (contact your sponsor SV to obtain access), or have a static egress IP address. In the latter case, please provide that IP address to your sponsor SV to add it to the firewall rules. 3) Please download the release artifacts containing the docker-compose files, from here: Download Bundle (TestNet 0.6.3), and extract the bundle: @@ -205,16 +203,15 @@ Additional parameters describing your own setup as opposed to the connection to To validate that the dependencies are set up correctly, run the following commands. All commands should succeed and print out the version. Note that the exact versions you see may be different from the example here. As long as you have docker-compose 2.26.0 or newer you should be fine. ```bash - > docker compose version - Docker Compose version 2.32.1 - > curl --version - curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 - Release-Date: 2024-11-06 - Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp - Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd - > jq --version - jq-1.7.1 - +> docker compose version +Docker Compose version 2.32.1 +> curl --version +curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 +Release-Date: 2024-11-06 +Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp +Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd +> jq --version +jq-1.7.1 ``` 2) Your machine should either be connected to a VPN that is whitelisted on the network (contact your sponsor SV to obtain access), or have a static egress IP address. In the latter case, please provide that IP address to your sponsor SV to add it to the firewall rules. 3) Please download the release artifacts containing the docker-compose files, from here: Download Bundle (MainNet 0.6.2), and extract the bundle: @@ -307,15 +304,13 @@ Example that proxies external traffic from the `validator` service but bypasses 1) Change to the `docker-compose` directory inside the extracted bundle: ```bash - cd splice-node/docker-compose/validator - +cd splice-node/docker-compose/validator ``` 2) Export the current version to an environment variable: export IMAGE_TAG=0.6.4 3) Run the following command to start the validator node, and wait for it to become ready (could take a few minutes): > ```bash -> ./start.sh -s "" -o "" -p "" -m "" -w -> +> ./start.sh -s "" -o "" -p "" -m "" -w > ``` > > Where: @@ -332,15 +327,13 @@ Note that the validator may be stopped with the command `./stop.sh` and restarte 1) Change to the `docker-compose` directory inside the extracted bundle: ```bash - cd splice-node/docker-compose/validator - +cd splice-node/docker-compose/validator ``` 2) Export the current version to an environment variable: export IMAGE_TAG=0.6.3 3) Run the following command to start the validator node, and wait for it to become ready (could take a few minutes): > ```bash -> ./start.sh -s "" -o "" -p "" -m "" -w -> +> ./start.sh -s "" -o "" -p "" -m "" -w > ``` > > Where: @@ -357,15 +350,13 @@ Note that the validator may be stopped with the command `./stop.sh` and restarte 1) Change to the `docker-compose` directory inside the extracted bundle: ```bash - cd splice-node/docker-compose/validator - +cd splice-node/docker-compose/validator ``` 2) Export the current version to an environment variable: export IMAGE_TAG=0.6.2 3) Run the following command to start the validator node, and wait for it to become ready (could take a few minutes): > ```bash -> ./start.sh -s "" -o "" -p "" -m "" -w -> +> ./start.sh -s "" -o "" -p "" -m "" -w > ``` > > Where: diff --git a/docs-main/global-synchronizer/deployment/validator-kubernetes.mdx b/docs-main/global-synchronizer/deployment/validator-kubernetes.mdx index 48e66564a..ef5a76fc9 100644 --- a/docs-main/global-synchronizer/deployment/validator-kubernetes.mdx +++ b/docs-main/global-synchronizer/deployment/validator-kubernetes.mdx @@ -5,17 +5,15 @@ description: "Deploy a Canton Network validator on Kubernetes using Helm charts" import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash65 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-65.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml82 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-82.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash103 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-103.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash116 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-116.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash310 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-310.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash322 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-322.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash145 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-145.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash158 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-158.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash352 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-352.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash364 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-364.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash545 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-545.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash514 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-514.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml787 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-787.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml815 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-815.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml771 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-771.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml797 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-797.mdx"; - -import ExternalSpliceMainSpliceRstFullDocsSrcCommonReloaderRecommendation from '/snippets/external/splice/main/splice-rst-full-docs-src-common-reloader-recommendation.mdx'; import ExternalSpliceMainSpliceRstFullDocsSrcCommonTrafficTopups from '/snippets/external/splice/main/splice-rst-full-docs-src-common-traffic-topups.mdx'; import ExternalSpliceMainSpliceRstFullDocsSrcCommonWalletSweeps from '/snippets/external/splice/main/splice-rst-full-docs-src-common-wallet-sweeps.mdx'; import ExternalSpliceMainSpliceRstLiteralMarkerAppsAppSrcPackExamplesSvHelmStandaloneValidatorValuesConfiguringTopupStart from '/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-configuring-topup-start.mdx'; @@ -278,13 +276,13 @@ call out the option of using a managed postgres instance - + ## Preparing for Validator Onboarding Ensure that your validator onboarding secret `ONBOARDING_SECRET` is set in the namespace you created earlier. - + ## Configuring Authentication @@ -406,11 +404,11 @@ We are now going to configure your Validator node software based on the OIDC pro The validator app backend requires the following secret (omit the scope if it is not needed in your setup) - + To setup the wallet and CNS UI, create the following two secrets. - + ### Running without Authentication @@ -424,7 +422,17 @@ When running without authentication, the username of the validator administrator ## Installing the Software - + + +We recommend installing [Stakater Reloader](https://github.com/stakater/Reloader), which automatically performs rolling restarts of pods when their referenced Secrets or ConfigMaps change. + +Splice Helm charts include the `reloader.stakater.com/auto: "true"` annotation by default. + +If you do not use Reloader, the annotation is harmless and will be ignored. + +To remove it, set `enableReloader: false` in your Helm values file. + + ### Configuring the Helm Charts @@ -456,39 +464,39 @@ Additionally, please modify the file `splice-node/examples/sv-helm/standalone-pa You need to configure how your validator connects to the network's **scan** services by defining a `scanClient` block in your `standalone-validator-values.yaml`. ```yaml - scanClient: - scanType: "bft" - seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. - - # scanClient denotes how the validator makes connections to scan service and supports three modes of operation. - - # Mode 1: bft (Byzantine Fault Tolerance) - # Connects to all available scans in the network. It validates responses by ensuring - # at least f+1 matching responses are received. - - # scanClient: - # scanType: "bft" - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. - - # Mode 2: bft-custom - # A specialized version of bft where you specify a subset of trusted SVs. - # The validator connects only to the scans of the SVs listed in 'svNames'. - # Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. - - # scanClient: - # scanType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) - # threshold: # optional integer indicating the number of matching responses required for validation - - # Mode 3: trust-single - # Connects to a single trusted scan address. - # This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. - # Hence, usually you want to default to not enabling this - - # scanClient: - # scanType: "trust-single" - # scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url +scanClient: + scanType: "bft" + seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. + +# scanClient denotes how the validator makes connections to scan service and supports three modes of operation. + +# Mode 1: bft (Byzantine Fault Tolerance) +# Connects to all available scans in the network. It validates responses by ensuring +# at least f+1 matching responses are received. + +# scanClient: +# scanType: "bft" +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. + +# Mode 2: bft-custom +# A specialized version of bft where you specify a subset of trusted SVs. +# The validator connects only to the scans of the SVs listed in 'svNames'. +# Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. + +# scanClient: +# scanType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) +# threshold: # optional integer indicating the number of matching responses required for validation + +# Mode 3: trust-single +# Connects to a single trusted scan address. +# This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. +# Hence, usually you want to default to not enabling this + +# scanClient: +# scanType: "trust-single" +# scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url ``` For your selected `scanClient` type, replace `TRUSTED_SCAN_URL` with a URL of a Scan you host or trust that is reachable by your Validator. For example, the GSF scan URL, https://scan.sv-1.dev.global.canton.network.sync.global. For `bft-custom` and `bft` modes of `scanClient`, you can specify more than one scan seed URL by separating them with commas. @@ -501,35 +509,35 @@ For your selected `scanClient` type, replace `TRUSTED_SCAN_URL` with a URL of a You need to configure how your validator's participant connects to **sequencers** by defining a `synchronizer` config in your `standalone-validator-values.yaml`. ```yaml - synchronizer: - connectionType: "bft" +synchronizer: + connectionType: "bft" - # synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. - # synchronizer configuration has three modes of operation. +# synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. +# synchronizer configuration has three modes of operation. - # Mode 1: bft (Byzantine Fault Tolerance) - # Uses all available synchronizer connections provided by the scan service. - # Responses are validated against the network's f+1 fault tolerance logic. +# Mode 1: bft (Byzantine Fault Tolerance) +# Uses all available synchronizer connections provided by the scan service. +# Responses are validated against the network's f+1 fault tolerance logic. - # synchronizer: - # connectionType: "bft" +# synchronizer: +# connectionType: "bft" - # Mode 2: bft-custom - # Connects only to sequencers operated by the specific SVs listed in 'svNames'. - # optional param 'threshold' defines the minimum number of matching responses required for validation. +# Mode 2: bft-custom +# Connects only to sequencers operated by the specific SVs listed in 'svNames'. +# optional param 'threshold' defines the minimum number of matching responses required for validation. - # synchronizer: - # connectionType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) - # threshold: # optional integer indicating the number of matching responses required for validation +# synchronizer: +# connectionType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) +# threshold: # optional integer indicating the number of matching responses required for validation - # Mode 3: trust-Single - # Connects to a single specified sequencer URL. - # trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. +# Mode 3: trust-Single +# Connects to a single specified sequencer URL. +# trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. - #synchronizer: - # connectionType: "trust-single" - # url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url +#synchronizer: +# connectionType: "trust-single" +# url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url ``` Additionally, please modify the file `splice-node/examples/sv-helm/standalone-validator-values.yaml` as follows: @@ -567,39 +575,39 @@ Additionally, please modify the file `splice-node/examples/sv-helm/standalone-pa You need to configure how your validator connects to the network's **scan** services by defining a `scanClient` block in your `standalone-validator-values.yaml`. ```yaml - scanClient: - scanType: "bft" - seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. - - # scanClient denotes how the validator makes connections to scan service and supports three modes of operation. - - # Mode 1: bft (Byzantine Fault Tolerance) - # Connects to all available scans in the network. It validates responses by ensuring - # at least f+1 matching responses are received. - - # scanClient: - # scanType: "bft" - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. - - # Mode 2: bft-custom - # A specialized version of bft where you specify a subset of trusted SVs. - # The validator connects only to the scans of the SVs listed in 'svNames'. - # Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. - - # scanClient: - # scanType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) - # threshold: # optional integer indicating the number of matching responses required for validation - - # Mode 3: trust-single - # Connects to a single trusted scan address. - # This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. - # Hence, usually you want to default to not enabling this - - # scanClient: - # scanType: "trust-single" - # scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url +scanClient: + scanType: "bft" + seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. + +# scanClient denotes how the validator makes connections to scan service and supports three modes of operation. + +# Mode 1: bft (Byzantine Fault Tolerance) +# Connects to all available scans in the network. It validates responses by ensuring +# at least f+1 matching responses are received. + +# scanClient: +# scanType: "bft" +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. + +# Mode 2: bft-custom +# A specialized version of bft where you specify a subset of trusted SVs. +# The validator connects only to the scans of the SVs listed in 'svNames'. +# Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. + +# scanClient: +# scanType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) +# threshold: # optional integer indicating the number of matching responses required for validation + +# Mode 3: trust-single +# Connects to a single trusted scan address. +# This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. +# Hence, usually you want to default to not enabling this + +# scanClient: +# scanType: "trust-single" +# scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url ``` For your selected `scanClient` type, replace `TRUSTED_SCAN_URL` with a URL of a Scan you host or trust that is reachable by your Validator. For example, the GSF scan URL, https://scan.sv-1.test.global.canton.network.sync.global. For `bft-custom` and `bft` modes of `scanClient`, you can specify more than one scan seed URL by separating them with commas. @@ -612,35 +620,35 @@ For your selected `scanClient` type, replace `TRUSTED_SCAN_URL` with a URL of a You need to configure how your validator's participant connects to **sequencers** by defining a `synchronizer` config in your `standalone-validator-values.yaml`. ```yaml - synchronizer: - connectionType: "bft" +synchronizer: + connectionType: "bft" - # synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. - # synchronizer configuration has three modes of operation. +# synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. +# synchronizer configuration has three modes of operation. - # Mode 1: bft (Byzantine Fault Tolerance) - # Uses all available synchronizer connections provided by the scan service. - # Responses are validated against the network's f+1 fault tolerance logic. +# Mode 1: bft (Byzantine Fault Tolerance) +# Uses all available synchronizer connections provided by the scan service. +# Responses are validated against the network's f+1 fault tolerance logic. - # synchronizer: - # connectionType: "bft" +# synchronizer: +# connectionType: "bft" - # Mode 2: bft-custom - # Connects only to sequencers operated by the specific SVs listed in 'svNames'. - # optional param 'threshold' defines the minimum number of matching responses required for validation. +# Mode 2: bft-custom +# Connects only to sequencers operated by the specific SVs listed in 'svNames'. +# optional param 'threshold' defines the minimum number of matching responses required for validation. - # synchronizer: - # connectionType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) - # threshold: # optional integer indicating the number of matching responses required for validation +# synchronizer: +# connectionType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) +# threshold: # optional integer indicating the number of matching responses required for validation - # Mode 3: trust-Single - # Connects to a single specified sequencer URL. - # trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. +# Mode 3: trust-Single +# Connects to a single specified sequencer URL. +# trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. - #synchronizer: - # connectionType: "trust-single" - # url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url +#synchronizer: +# connectionType: "trust-single" +# url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url ``` Additionally, please modify the file `splice-node/examples/sv-helm/standalone-validator-values.yaml` as follows: @@ -678,39 +686,39 @@ Additionally, please modify the file `splice-node/examples/sv-helm/standalone-pa You need to configure how your validator connects to the network's **scan** services by defining a `scanClient` block in your `standalone-validator-values.yaml`. ```yaml - scanClient: - scanType: "bft" - seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. - - # scanClient denotes how the validator makes connections to scan service and supports three modes of operation. - - # Mode 1: bft (Byzantine Fault Tolerance) - # Connects to all available scans in the network. It validates responses by ensuring - # at least f+1 matching responses are received. - - # scanClient: - # scanType: "bft" - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. - - # Mode 2: bft-custom - # A specialized version of bft where you specify a subset of trusted SVs. - # The validator connects only to the scans of the SVs listed in 'svNames'. - # Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. - - # scanClient: - # scanType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) - # threshold: # optional integer indicating the number of matching responses required for validation - - # Mode 3: trust-single - # Connects to a single trusted scan address. - # This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. - # Hence, usually you want to default to not enabling this - - # scanClient: - # scanType: "trust-single" - # scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url +scanClient: + scanType: "bft" + seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. + +# scanClient denotes how the validator makes connections to scan service and supports three modes of operation. + +# Mode 1: bft (Byzantine Fault Tolerance) +# Connects to all available scans in the network. It validates responses by ensuring +# at least f+1 matching responses are received. + +# scanClient: +# scanType: "bft" +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. + +# Mode 2: bft-custom +# A specialized version of bft where you specify a subset of trusted SVs. +# The validator connects only to the scans of the SVs listed in 'svNames'. +# Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. + +# scanClient: +# scanType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) +# threshold: # optional integer indicating the number of matching responses required for validation + +# Mode 3: trust-single +# Connects to a single trusted scan address. +# This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. +# Hence, usually you want to default to not enabling this + +# scanClient: +# scanType: "trust-single" +# scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url ``` For your selected `scanClient` type, replace `TRUSTED_SCAN_URL` with a URL of a Scan you host or trust that is reachable by your Validator. For example, the GSF scan URL, https://scan.sv-1.global.canton.network.sync.global. For `bft-custom` and `bft` modes of `scanClient`, you can specify more than one scan seed URL by separating them with commas. @@ -723,35 +731,35 @@ For your selected `scanClient` type, replace `TRUSTED_SCAN_URL` with a URL of a You need to configure how your validator's participant connects to **sequencers** by defining a `synchronizer` config in your `standalone-validator-values.yaml`. ```yaml - synchronizer: - connectionType: "bft" +synchronizer: + connectionType: "bft" - # synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. - # synchronizer configuration has three modes of operation. +# synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. +# synchronizer configuration has three modes of operation. - # Mode 1: bft (Byzantine Fault Tolerance) - # Uses all available synchronizer connections provided by the scan service. - # Responses are validated against the network's f+1 fault tolerance logic. +# Mode 1: bft (Byzantine Fault Tolerance) +# Uses all available synchronizer connections provided by the scan service. +# Responses are validated against the network's f+1 fault tolerance logic. - # synchronizer: - # connectionType: "bft" +# synchronizer: +# connectionType: "bft" - # Mode 2: bft-custom - # Connects only to sequencers operated by the specific SVs listed in 'svNames'. - # optional param 'threshold' defines the minimum number of matching responses required for validation. +# Mode 2: bft-custom +# Connects only to sequencers operated by the specific SVs listed in 'svNames'. +# optional param 'threshold' defines the minimum number of matching responses required for validation. - # synchronizer: - # connectionType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) - # threshold: # optional integer indicating the number of matching responses required for validation +# synchronizer: +# connectionType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) +# threshold: # optional integer indicating the number of matching responses required for validation - # Mode 3: trust-Single - # Connects to a single specified sequencer URL. - # trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. +# Mode 3: trust-Single +# Connects to a single specified sequencer URL. +# trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. - #synchronizer: - # connectionType: "trust-single" - # url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url +#synchronizer: +# connectionType: "trust-single" +# url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url ``` Additionally, please modify the file `splice-node/examples/sv-helm/standalone-validator-values.yaml` as follows: @@ -784,15 +792,13 @@ helm install validator oci://ghcr.io/digital-asset/decentralized-canton-sync/hel Once this is running, you should be able to inspect the state of the cluster and observe pods running in the new namespace. A typical query might look as follows: ```bash -- Replace ``YOUR_VALIDATOR_PARTY_HINT`` with the desired name for your - validator operator party. It must be of the format - ``--``. -- Replace ``YOUR_VALIDATOR_NODE_NAME`` with the name you want your validator node to be represented as on the network. Usually you can use the same value as for your ``validatorPartyHint``. - -Finally, please download the UI config values file from -https://github.com/global-synchronizer-foundation/configs/blob/main/configs/ui-config-values.yaml -and add the values from it to your ``standalone-validator-values.yaml``. - +$ kubectl get pods -n validator +NAMESPACE NAME READY STATUS RESTARTS AGE +validator ans-web-ui-5bf489db78-bdn2j 1/1 Running 0 24m +validator participant-8988dfb54-m9655 1/1 Running 0 26m +validator postgres-0 1/1 Running 0 37m +validator validator-app-f8c74d5dd-zf9j4 1/1 Running 0 24m +validator wallet-web-ui-69d85cdb99-fnj7q 1/1 Running 0 24m ``` Note also that `Pod` restarts may happen during bringup, particularly if all helm charts are deployed at the same time. For example, the `participant` cannot start until `postgres` is running. @@ -810,15 +816,13 @@ helm install validator oci://ghcr.io/digital-asset/decentralized-canton-sync/hel Once this is running, you should be able to inspect the state of the cluster and observe pods running in the new namespace. A typical query might look as follows: ```bash -- Replace ``YOUR_VALIDATOR_PARTY_HINT`` with the desired name for your - validator operator party. It must be of the format - ``--``. -- Replace ``YOUR_VALIDATOR_NODE_NAME`` with the name you want your validator node to be represented as on the network. Usually you can use the same value as for your ``validatorPartyHint``. - -Finally, please download the UI config values file from -https://github.com/global-synchronizer-foundation/configs/blob/main/configs/ui-config-values.yaml -and add the values from it to your ``standalone-validator-values.yaml``. - +$ kubectl get pods -n validator +NAMESPACE NAME READY STATUS RESTARTS AGE +validator ans-web-ui-5bf489db78-bdn2j 1/1 Running 0 24m +validator participant-8988dfb54-m9655 1/1 Running 0 26m +validator postgres-0 1/1 Running 0 37m +validator validator-app-f8c74d5dd-zf9j4 1/1 Running 0 24m +validator wallet-web-ui-69d85cdb99-fnj7q 1/1 Running 0 24m ``` Note also that `Pod` restarts may happen during bringup, particularly if all helm charts are deployed at the same time. For example, the `participant` cannot start until `postgres` is running. @@ -836,15 +840,13 @@ helm install validator oci://ghcr.io/digital-asset/decentralized-canton-sync/hel Once this is running, you should be able to inspect the state of the cluster and observe pods running in the new namespace. A typical query might look as follows: ```bash -- Replace ``YOUR_VALIDATOR_PARTY_HINT`` with the desired name for your - validator operator party. It must be of the format - ``--``. -- Replace ``YOUR_VALIDATOR_NODE_NAME`` with the name you want your validator node to be represented as on the network. Usually you can use the same value as for your ``validatorPartyHint``. - -Finally, please download the UI config values file from -https://github.com/global-synchronizer-foundation/configs/blob/main/configs/ui-config-values.yaml -and add the values from it to your ``standalone-validator-values.yaml``. - +$ kubectl get pods -n validator +NAMESPACE NAME READY STATUS RESTARTS AGE +validator ans-web-ui-5bf489db78-bdn2j 1/1 Running 0 24m +validator participant-8988dfb54-m9655 1/1 Running 0 26m +validator postgres-0 1/1 Running 0 37m +validator validator-app-f8c74d5dd-zf9j4 1/1 Running 0 24m +validator wallet-web-ui-69d85cdb99-fnj7q 1/1 Running 0 24m ``` Note also that `Pod` restarts may happen during bringup, particularly if all helm charts are deployed at the same time. For example, the `participant` cannot start until `postgres` is running. @@ -886,7 +888,7 @@ In order to install the reference charts, the following must be satisfied in you **Example of Istio installation:** - + ### Installation Instructions @@ -898,84 +900,76 @@ In order to install the reference charts, the following must be satisfied in you Create a `cluster-ingress` namespace: ```bash -Internet ingress configuration is often specific to the network configuration and scenario of the -cluster being configured. To illustrate the basic requirements of a Validator node ingress, we have -provided a Helm chart that configures ingress according to the routes above using Istio, as detailed in the sections below. +kubectl create ns cluster-ingress ``` Ensure that there is a cert-manager certificate available in a secret named `cn-net-tls`. An example of a suitable certificate definition: ```yaml - -* *cert-manager* must be available in the cluster (See `cert-manager documentation `_) -* *istio* should be installed in the cluster (See `istio documentation `_) - -*Note that their deployments are often platform-dependent and good documentations on how to set them up can be found online.* - -**Example of Istio installation:** - -.. code-block:: bash - - helm repo add istio https://istio-release.storage.googleapis.com/charts - helm repo update - helm install istio-base istio/base -n istio-system --set defaults.global.istioNamespace=cluster-ingress --wait +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: cn-certificate + namespace: cluster-ingress +spec: + dnsNames: + - '*.validator.YOUR_HOSTNAME' + issuerRef: + name: letsencrypt-production + secretName: cn-net-tls ``` Create a file named `istio-gateway-values.yaml` with the following content (Tip: on GCP you can get the cluster IP from `gcloud compute addresses list`): ```yaml -Create a `cluster-ingress` namespace: - -.. code-block:: bash - - kubectl create ns cluster-ingress - -Ensure that there is a cert-manager certificate available in a secret -named ``cn-net-tls``. An example of a suitable certificate -definition: +service: + loadBalancerIP: "YOUR_CLUSTER_IP" + loadBalancerSourceRanges: + - "35.194.81.56/32" + - "35.198.147.95/32" + - "35.189.40.124/32" + - "34.132.91.75/32" ``` And install it to your cluster: ```bash - kind: Certificate - metadata: - name: cn-certificate +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml ``` Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, and replace `YOUR_HOSTNAME` with the actual hostname you want to use for your validator node (and has a DNS record pointing to the cluster IP you configured above): ```yaml - secretName: cn-net-tls - -Create a file named ``istio-gateway-values.yaml`` with the following content -(Tip: on GCP you can get the cluster IP from ``gcloud compute addresses list``): - -.. code-block:: yaml - - service: - loadBalancerIP: "YOUR_CLUSTER_IP" - loadBalancerSourceRanges: - - "35.194.81.56/32" - - "35.198.147.95/32" - - "35.189.40.124/32" - - "34.132.91.75/32" - -And install it to your cluster: - -.. code-block:: bash - - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml - -Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, -and replace ``YOUR_HOSTNAME`` with the actual hostname you want to use for your validator node -(and has a DNS record pointing to the cluster IP you configured above): - -.. code-block:: yaml - +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: cn-http-gateway + namespace: cluster-ingress +spec: + selector: + app: istio-ingress + istio: ingress + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: cn-net-tls # name of the secret created above + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" + - port: + number: 80 + name: http + protocol: HTTP + tls: + httpsRedirect: true + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" ``` And apply it to your cluster: ```bash - namespace: cluster-ingress - spec: - selector: +kubectl apply -f gateway.yaml -n cluster-ingress ``` This gateway terminates tls using the secret that you configured above, and exposes raw http traffic in its outbound port 443. Istio VirtualServices can now be created to route traffic from there to the required pods within the cluster. A reference Helm chart is provided for that, which can be installed after @@ -995,84 +989,76 @@ helm install cluster-ingress-validator oci://ghcr.io/digital-asset/decentralized Create a `cluster-ingress` namespace: ```bash -Internet ingress configuration is often specific to the network configuration and scenario of the -cluster being configured. To illustrate the basic requirements of a Validator node ingress, we have -provided a Helm chart that configures ingress according to the routes above using Istio, as detailed in the sections below. +kubectl create ns cluster-ingress ``` Ensure that there is a cert-manager certificate available in a secret named `cn-net-tls`. An example of a suitable certificate definition: ```yaml - -* *cert-manager* must be available in the cluster (See `cert-manager documentation `_) -* *istio* should be installed in the cluster (See `istio documentation `_) - -*Note that their deployments are often platform-dependent and good documentations on how to set them up can be found online.* - -**Example of Istio installation:** - -.. code-block:: bash - - helm repo add istio https://istio-release.storage.googleapis.com/charts - helm repo update - helm install istio-base istio/base -n istio-system --set defaults.global.istioNamespace=cluster-ingress --wait +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: cn-certificate + namespace: cluster-ingress +spec: + dnsNames: + - '*.validator.YOUR_HOSTNAME' + issuerRef: + name: letsencrypt-production + secretName: cn-net-tls ``` Create a file named `istio-gateway-values.yaml` with the following content (Tip: on GCP you can get the cluster IP from `gcloud compute addresses list`): ```yaml -Create a `cluster-ingress` namespace: - -.. code-block:: bash - - kubectl create ns cluster-ingress - -Ensure that there is a cert-manager certificate available in a secret -named ``cn-net-tls``. An example of a suitable certificate -definition: +service: + loadBalancerIP: "YOUR_CLUSTER_IP" + loadBalancerSourceRanges: + - "35.194.81.56/32" + - "35.198.147.95/32" + - "35.189.40.124/32" + - "34.132.91.75/32" ``` And install it to your cluster: ```bash - kind: Certificate - metadata: - name: cn-certificate +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml ``` Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, and replace `YOUR_HOSTNAME` with the actual hostname you want to use for your validator node (and has a DNS record pointing to the cluster IP you configured above): ```yaml - secretName: cn-net-tls - -Create a file named ``istio-gateway-values.yaml`` with the following content -(Tip: on GCP you can get the cluster IP from ``gcloud compute addresses list``): - -.. code-block:: yaml - - service: - loadBalancerIP: "YOUR_CLUSTER_IP" - loadBalancerSourceRanges: - - "35.194.81.56/32" - - "35.198.147.95/32" - - "35.189.40.124/32" - - "34.132.91.75/32" - -And install it to your cluster: - -.. code-block:: bash - - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml - -Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, -and replace ``YOUR_HOSTNAME`` with the actual hostname you want to use for your validator node -(and has a DNS record pointing to the cluster IP you configured above): - -.. code-block:: yaml - +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: cn-http-gateway + namespace: cluster-ingress +spec: + selector: + app: istio-ingress + istio: ingress + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: cn-net-tls # name of the secret created above + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" + - port: + number: 80 + name: http + protocol: HTTP + tls: + httpsRedirect: true + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" ``` And apply it to your cluster: ```bash - namespace: cluster-ingress - spec: - selector: +kubectl apply -f gateway.yaml -n cluster-ingress ``` This gateway terminates tls using the secret that you configured above, and exposes raw http traffic in its outbound port 443. Istio VirtualServices can now be created to route traffic from there to the required pods within the cluster. A reference Helm chart is provided for that, which can be installed after @@ -1092,84 +1078,76 @@ helm install cluster-ingress-validator oci://ghcr.io/digital-asset/decentralized Create a `cluster-ingress` namespace: ```bash -Internet ingress configuration is often specific to the network configuration and scenario of the -cluster being configured. To illustrate the basic requirements of a Validator node ingress, we have -provided a Helm chart that configures ingress according to the routes above using Istio, as detailed in the sections below. +kubectl create ns cluster-ingress ``` Ensure that there is a cert-manager certificate available in a secret named `cn-net-tls`. An example of a suitable certificate definition: ```yaml - -* *cert-manager* must be available in the cluster (See `cert-manager documentation `_) -* *istio* should be installed in the cluster (See `istio documentation `_) - -*Note that their deployments are often platform-dependent and good documentations on how to set them up can be found online.* - -**Example of Istio installation:** - -.. code-block:: bash - - helm repo add istio https://istio-release.storage.googleapis.com/charts - helm repo update - helm install istio-base istio/base -n istio-system --set defaults.global.istioNamespace=cluster-ingress --wait +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: cn-certificate + namespace: cluster-ingress +spec: + dnsNames: + - '*.validator.YOUR_HOSTNAME' + issuerRef: + name: letsencrypt-production + secretName: cn-net-tls ``` Create a file named `istio-gateway-values.yaml` with the following content (Tip: on GCP you can get the cluster IP from `gcloud compute addresses list`): ```yaml -Create a `cluster-ingress` namespace: - -.. code-block:: bash - - kubectl create ns cluster-ingress - -Ensure that there is a cert-manager certificate available in a secret -named ``cn-net-tls``. An example of a suitable certificate -definition: +service: + loadBalancerIP: "YOUR_CLUSTER_IP" + loadBalancerSourceRanges: + - "35.194.81.56/32" + - "35.198.147.95/32" + - "35.189.40.124/32" + - "34.132.91.75/32" ``` And install it to your cluster: ```bash - kind: Certificate - metadata: - name: cn-certificate +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml ``` Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, and replace `YOUR_HOSTNAME` with the actual hostname you want to use for your validator node (and has a DNS record pointing to the cluster IP you configured above): ```yaml - secretName: cn-net-tls - -Create a file named ``istio-gateway-values.yaml`` with the following content -(Tip: on GCP you can get the cluster IP from ``gcloud compute addresses list``): - -.. code-block:: yaml - - service: - loadBalancerIP: "YOUR_CLUSTER_IP" - loadBalancerSourceRanges: - - "35.194.81.56/32" - - "35.198.147.95/32" - - "35.189.40.124/32" - - "34.132.91.75/32" - -And install it to your cluster: - -.. code-block:: bash - - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml - -Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, -and replace ``YOUR_HOSTNAME`` with the actual hostname you want to use for your validator node -(and has a DNS record pointing to the cluster IP you configured above): - -.. code-block:: yaml - +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: cn-http-gateway + namespace: cluster-ingress +spec: + selector: + app: istio-ingress + istio: ingress + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: cn-net-tls # name of the secret created above + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" + - port: + number: 80 + name: http + protocol: HTTP + tls: + httpsRedirect: true + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" ``` And apply it to your cluster: ```bash - namespace: cluster-ingress - spec: - selector: +kubectl apply -f gateway.yaml -n cluster-ingress ``` This gateway terminates tls using the secret that you configured above, and exposes raw http traffic in its outbound port 443. Istio VirtualServices can now be created to route traffic from there to the required pods within the cluster. A reference Helm chart is provided for that, which can be installed after @@ -1264,7 +1242,7 @@ Refer to the [pruning guide](/global-synchronizer/production-operations/pruning) If you need to configure init containers on the participant or validator deployments, you can use the following helm values for `splice-participant` or `splice-validator`: - + ## Working around volume ownership issues @@ -1272,7 +1250,7 @@ The containers in the `splice-validator` chart run as non-root users (specifical For example, for the `/domain-upgrade-dump` volume (required for synchronizer upgrades), you can add the following to your `validator-values.yaml` file: - + A similar workaround will be required for mounting a usable `/participant-bootstrapping-dump` (required when recovering from identities backup). diff --git a/docs-main/global-synchronizer/production-operations/sv-security.mdx b/docs-main/global-synchronizer/production-operations/sv-security.mdx index b44dece32..1b788335c 100644 --- a/docs-main/global-synchronizer/production-operations/sv-security.mdx +++ b/docs-main/global-synchronizer/production-operations/sv-security.mdx @@ -5,8 +5,6 @@ description: "Security hardening, KMS configuration, and extra DAR notice for Su --- import SvExtraDarsNotice from "/snippets/external/splice/main/common/sv-extra-dars-notice.mdx"; -import KmsParticipantsContext from "/snippets/external/splice/main/common/kms-participants-context.mdx"; -import KmsMigrationContext from "/snippets/external/splice/main/common/kms-migration-context.mdx"; import KmsConfigGeneral from "/snippets/external/splice/main/common/kms-config-general.mdx"; import KmsConfigGcp from "/snippets/external/splice/main/common/kms-config-gcp.mdx"; import KmsConfigAws from "/snippets/external/splice/main/common/kms-config-aws.mdx"; @@ -30,7 +28,7 @@ Official support for the KMS-based operation of sequencers and mediators that ar ### Migrating an existing SV to use an external KMS for participant keys - +It is not supported to migrate an existing participant from "non-KMS-based" to "KMS-based" operation, or to migrate from one KMS provider to another. The main reason for this is that a participant's root namespace key cannot be rotated, and importing it from a potentially unsafe location into a KMS would diminish the security gain of using the KMS. Moreover, some KMS providers do not support importing existing keys at all and can only be used for managing keys generated by the KMS itself. One approach for switching to use KMS for SV participant keys while minimizing the risk of losing rewards is to: diff --git a/docs-main/global-synchronizer/production-operations/validator-disaster-recovery.mdx b/docs-main/global-synchronizer/production-operations/validator-disaster-recovery.mdx index 68f93e91e..d0ac04112 100644 --- a/docs-main/global-synchronizer/production-operations/validator-disaster-recovery.mdx +++ b/docs-main/global-synchronizer/production-operations/validator-disaster-recovery.mdx @@ -3,7 +3,7 @@ title: "Validator Disaster Recovery" description: "Disaster recovery and restore procedures for validator nodes" --- -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryBash137 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-137.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryBash140 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-140.mdx"; import ExternalSpliceMainSpliceRstLiteralMarkerAppsAppSrcPackExamplesSvHelmStandaloneValidatorValuesParticipantBootstrapMigrateToNewParticipantStart from "/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-participant-bootstrap-migrate-to-new-participant-start.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryYaml185 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-yaml-185.mdx"; import ExternalSpliceMainSpliceRstLiteralFullAppsAppSrcPackExamplesRecoveryManualIdentitiesDump from "/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-recovery-manual-identities-dump.mdx"; @@ -21,6 +21,8 @@ There are three ways to recover from disasters: 2. If a full backup is unavailable but an identities backup has been created, the balance of the validator can be recovered on a new validator. 3. If the global synchronizer breaks, the super validators will initiate a roll-forward Logical Synchronizer Upgrade to roll forward to a new physical synchronizer. Validators will need to initiate the procedure on their node based on the information communicated by the SVs. +> A recovery of assets is **only** possible if at least **one** of the following holds: +> > - A recent database backup is available, or: > - An up-to-date identities backup is available, or: > - The validator participant was using an external KMS to manage its keys and the KMS still retains those keys. (Note that recovering the validator from only KMS keys @@ -79,7 +81,7 @@ To re-onboard a validator in a Kubernetes deployment and recover the balances of - Create a Kubernetes secret with the content of the identities backup file. Assuming you set the environment variable `PARTICIPANT_BOOTSTRAP_DUMP_FILE` to a backup file path, you can create the secret with the following command: - + - Uncomment the following lines in the `standalone-validator-values.yaml` file. This will specify a new participant ID for the validator. Replace `put-some-new-string-never-used-before` with a string that was never used before. Make sure to also adjust `nodeIdentifier` to match the same value. @@ -90,10 +92,10 @@ To re-onboard a validator in a Kubernetes deployment and recover the balances of To re-onboard a validator in a Docker-compose deployment and recover the balances of all users it hosts, type: ```bash -./start.sh -s "<SPONSOR_SV_URL>" -o "" -p <party_hint> -m "<MIGRATION_ID>" -i "<node_identities_dump_file>" -P "<new_participant_id>" -w +./start.sh -s "" -o "" -p -m "" -i "" -P "" -w ``` -where `<node_identities_dump_file>` is the path to the file containing the node identities backup, and `<new_participant_id>` is a new identifier to be used for the new participant. It must be one never used before. Note that in subsequent restarts of the validator, you should keep providing `-P` with the same `<new_participant_id>`. +where `` is the path to the file containing the node identities backup, and `` is a new identifier to be used for the new participant. It must be one never used before. Note that in subsequent restarts of the validator, you should keep providing `-P` with the same ``. ### Obtaining an Identities Backup from a Participant Database Backup @@ -170,8 +172,7 @@ If you still observe issues, in particular you observe `ACS_COMMITMENT_MISMATCH` From the Canton console: ``` - Run from a regular shell (same working directory like the one you started your Canton console from): - + participant.repair.import_acs("acs_snapshot") ``` 5. From the Canton console, run `participant.synchronizers.reconnect_all()`. @@ -218,8 +219,7 @@ If you still observe issues, in particular you observe `ACS_COMMITMENT_MISMATCH` From the Canton console: ``` - Run from a regular shell (same working directory like the one you started your Canton console from): - + participant.repair.import_acs("acs_snapshot") ``` 5. From the Canton console, run `participant.synchronizers.reconnect_all()`. @@ -266,8 +266,7 @@ If you still observe issues, in particular you observe `ACS_COMMITMENT_MISMATCH` From the Canton console: ``` - Run from a regular shell (same working directory like the one you started your Canton console from): - + participant.repair.import_acs("acs_snapshot") ``` 5. From the Canton console, run `participant.synchronizers.reconnect_all()`. @@ -318,37 +317,36 @@ We now need to sign and submit the topology transaction to host the external par To do so, first generate the topology transaction. Note that the instructions here assume that the party is only hosted on a single participant node. If you want to host it on multiple nodes, you will need to adjust this. ``` - those from the rejected ``OwnerToKeyMapping`` in your participant logs, and replace the - old participant ID with your actual old participant ID: - - .. code:: - - val keys = Seq("", "").map(prefix => - participant.keys.public.list().filter(_.publicKey.id.toProtoPrimitive.startsWith(prefix)).head.publicKey) - - val oldParticipantId = ParticipantId.fromProtoPrimitive("", "participant").toOption.get - val otk = OwnerToKeyMapping(member = oldParticipantId, keys = NonEmpty.from(keys).get) - participant.topology.owner_to_key_mappings.propose(otk, force = ForceFlag.AlienMember) - -3. Start the validator app using your original identities dump configuration. - -.. _validator_recover_external_party: - -Recover the Coin balance of an external party -+++++++++++++++++++++++++++++++++++++++++++++ - -For a party relying on external signing, a similar procedure can be -used to recover its coin balance in case the validator originally -hosting it becomes unusable for whatever reason. - -.. warning:: The target validator that you use to host the party after - recovery **must** be a **completely new validator**. An existing validator - may brick completely due to some limitations around party - migrations and there is no way to recover from that at - this point. Recovering a validator from an identities backup does not classify - as a completely new validator here. You must setup it with a completely new identity - and a completely clean database. - This limitation is expected to be lifted in +// replace YOUR_PARTY_ID by the ID of your external party +val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") +val participantId = participant.id +val synchronizerId = participant.synchronizers.id_of("global") + +// generate topology transaction +val partyToParticipant = PartyToParticipant.tryCreate( + partyId = partyId, + threshold = PositiveInt.one, + participants = Seq( + HostingParticipant( + participantId, + ParticipantPermission.Confirmation, + ) + ), + ) + +import com.digitalasset.canton.admin.api.client.commands.TopologyAdminCommands.Write.GenerateTransactions +val topologyTransaction = participant.topology.transactions.generate( + Seq( + GenerateTransactions.Proposal( + partyToParticipant, + TopologyStoreId.Synchronizer(synchronizerId), + ) + ) +).head + +// Print out the hash that needs to be signed. Note that you need to sign +// the actual bytes the hex string represents not the hex string +topologyTransaction.hash.hash.toHexString ``` We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. @@ -357,46 +355,44 @@ The topology transaction hash needs to be signed externally following the [docum After you signed it externally, you need to construct the signed topology transaction, sign it additionally through the participant and then submit it through the synchronizer. ``` -it on multiple nodes, you will need to adjust this. - -.. code:: - - // replace YOUR_PARTY_ID by the ID of your external party - val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") - val participantId = participant.id - val synchronizerId = participant.synchronizers.id_of("global") - - // generate topology transaction - val partyToParticipant = PartyToParticipant.tryCreate( - partyId = partyId, - threshold = PositiveInt.one, - participants = Seq( - HostingParticipant( - participantId, - ParticipantPermission.Confirmation, - ) +// Replace HASH_SIGNATURE_HEXSTRING with the signed topology transaction hash +val signature = Signature.fromExternalSigning(SignatureFormat.Raw, HexString.parseToByteString("HASH_SIGNATURE_HEXSTRING").get, partyId.namespace.fingerprint, SigningAlgorithmSpec.Ed25519) +val topologyTxSignedByParty = SignedTopologyTransaction.create( + topologyTransaction, + NonEmpty(Set, SingleTransactionSignature(topologyTransaction.hash, signature): TopologyTransactionSignature), + isProposal = false, + ProtocolVersion.v34, +) +val topologyTxSignedByBoth = participant.topology.transactions.sign( + topologyTxSignedByParty, + TopologyStoreId.Synchronizer(synchronizerId), + signedBy = Seq(participantId.namespace.fingerprint) +) +participant.topology.transactions.load( + topologyTxSignedByBoth, + TopologyStoreId.Synchronizer(synchronizerId), +) ``` We can now check that the topology transaction got correctly applied and get the `validFrom` time: ``` - val topologyTransaction = participant.topology.transactions.generate( - Seq( - GenerateTransactions.Proposal( - partyToParticipant, - TopologyStoreId.Synchronizer(synchronizerId), - ) - ) - ).head - - // Print out the hash that needs to be signed. Note that you need to sign - // the actual bytes the hex string represents not the hex string - topologyTransaction.hash.hash.toHexString - -We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. - -The topology transaction hash needs to be signed externally following the -`documentation for external signing `_. - +// The detailed output will slightly vary. Make sure that you see the new participant ID though. +participant.topology.party_to_participant_mappings.list(synchronizerId, filterParty = partyId.filterString) + res36: Seq[topology.ListPartyToParticipantResult] = Vector( + ListPartyToParticipantResult( + context = BaseResult( + storeId = Synchronizer(id = global-domain::122025296c61...), + validFrom = 2025-05-14T10:19:33.534074Z, + validUntil = None, + sequenced = 2025-05-14T10:19:33.534074Z, + operation = Replace, + transactionHash = , + serial = PositiveNumeric(value = 1), + signedBy = Vector(1220b529c1d9...) + ), + item = PartyToParticipant(YOUR_PARTY_ID, PositiveNumeric(1), Vector(HostingParticipant(YOUR_PARTICIPANT_ID..., Submission))) + ) + ) ``` In this example, the validFrom time is `2025-05-14T10:19:33.534074Z`. @@ -409,10 +405,9 @@ curl -sSL --fail-with-body 'https://scan.sv-1.dev.global.canton.network.sync.glo Lastly, we can import the ACS: ``` - val topologyTxSignedByBoth = participant.topology.transactions.sign( - topologyTxSignedByParty, - TopologyStoreId.Synchronizer(synchronizerId), - signedBy = Seq(participantId.namespace.fingerprint) +participant.synchronizers.disconnect_all() +participant.repair.import_acs("acs_snapshot") +participant.synchronizers.reconnect_all() ``` The party is now hosted on the node and can participat in transactions. The last step is to setup the necessary contracts to allow the validator automation to renew transfer preapprovals and complete transfer commands. To do so, go through the same flow used for initial onboarding of the party, i.e., `/v0/admin/external-party/setup-proposal`, `/v0/admin/external-party/setup-proposal/prepare-accept` and `/v0/admin/external-party/setup-proposal/submit-accept`. For details refer to the docs for the validator external signing API. @@ -435,37 +430,36 @@ We now need to sign and submit the topology transaction to host the external par To do so, first generate the topology transaction. Note that the instructions here assume that the party is only hosted on a single participant node. If you want to host it on multiple nodes, you will need to adjust this. ``` - those from the rejected ``OwnerToKeyMapping`` in your participant logs, and replace the - old participant ID with your actual old participant ID: - - .. code:: - - val keys = Seq("", "").map(prefix => - participant.keys.public.list().filter(_.publicKey.id.toProtoPrimitive.startsWith(prefix)).head.publicKey) - - val oldParticipantId = ParticipantId.fromProtoPrimitive("", "participant").toOption.get - val otk = OwnerToKeyMapping(member = oldParticipantId, keys = NonEmpty.from(keys).get) - participant.topology.owner_to_key_mappings.propose(otk, force = ForceFlag.AlienMember) - -3. Start the validator app using your original identities dump configuration. - -.. _validator_recover_external_party: - -Recover the Coin balance of an external party -+++++++++++++++++++++++++++++++++++++++++++++ - -For a party relying on external signing, a similar procedure can be -used to recover its coin balance in case the validator originally -hosting it becomes unusable for whatever reason. - -.. warning:: The target validator that you use to host the party after - recovery **must** be a **completely new validator**. An existing validator - may brick completely due to some limitations around party - migrations and there is no way to recover from that at - this point. Recovering a validator from an identities backup does not classify - as a completely new validator here. You must setup it with a completely new identity - and a completely clean database. - This limitation is expected to be lifted in +// replace YOUR_PARTY_ID by the ID of your external party +val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") +val participantId = participant.id +val synchronizerId = participant.synchronizers.id_of("global") + +// generate topology transaction +val partyToParticipant = PartyToParticipant.tryCreate( + partyId = partyId, + threshold = PositiveInt.one, + participants = Seq( + HostingParticipant( + participantId, + ParticipantPermission.Confirmation, + ) + ), + ) + +import com.digitalasset.canton.admin.api.client.commands.TopologyAdminCommands.Write.GenerateTransactions +val topologyTransaction = participant.topology.transactions.generate( + Seq( + GenerateTransactions.Proposal( + partyToParticipant, + TopologyStoreId.Synchronizer(synchronizerId), + ) + ) +).head + +// Print out the hash that needs to be signed. Note that you need to sign +// the actual bytes the hex string represents not the hex string +topologyTransaction.hash.hash.toHexString ``` We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. @@ -474,46 +468,44 @@ The topology transaction hash needs to be signed externally following the [docum After you signed it externally, you need to construct the signed topology transaction, sign it additionally through the participant and then submit it through the synchronizer. ``` -it on multiple nodes, you will need to adjust this. - -.. code:: - - // replace YOUR_PARTY_ID by the ID of your external party - val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") - val participantId = participant.id - val synchronizerId = participant.synchronizers.id_of("global") - - // generate topology transaction - val partyToParticipant = PartyToParticipant.tryCreate( - partyId = partyId, - threshold = PositiveInt.one, - participants = Seq( - HostingParticipant( - participantId, - ParticipantPermission.Confirmation, - ) +// Replace HASH_SIGNATURE_HEXSTRING with the signed topology transaction hash +val signature = Signature.fromExternalSigning(SignatureFormat.Raw, HexString.parseToByteString("HASH_SIGNATURE_HEXSTRING").get, partyId.namespace.fingerprint, SigningAlgorithmSpec.Ed25519) +val topologyTxSignedByParty = SignedTopologyTransaction.create( + topologyTransaction, + NonEmpty(Set, SingleTransactionSignature(topologyTransaction.hash, signature): TopologyTransactionSignature), + isProposal = false, + ProtocolVersion.v34, +) +val topologyTxSignedByBoth = participant.topology.transactions.sign( + topologyTxSignedByParty, + TopologyStoreId.Synchronizer(synchronizerId), + signedBy = Seq(participantId.namespace.fingerprint) +) +participant.topology.transactions.load( + topologyTxSignedByBoth, + TopologyStoreId.Synchronizer(synchronizerId), +) ``` We can now check that the topology transaction got correctly applied and get the `validFrom` time: ``` - val topologyTransaction = participant.topology.transactions.generate( - Seq( - GenerateTransactions.Proposal( - partyToParticipant, - TopologyStoreId.Synchronizer(synchronizerId), - ) - ) - ).head - - // Print out the hash that needs to be signed. Note that you need to sign - // the actual bytes the hex string represents not the hex string - topologyTransaction.hash.hash.toHexString - -We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. - -The topology transaction hash needs to be signed externally following the -`documentation for external signing `_. - +// The detailed output will slightly vary. Make sure that you see the new participant ID though. +participant.topology.party_to_participant_mappings.list(synchronizerId, filterParty = partyId.filterString) + res36: Seq[topology.ListPartyToParticipantResult] = Vector( + ListPartyToParticipantResult( + context = BaseResult( + storeId = Synchronizer(id = global-domain::122025296c61...), + validFrom = 2025-05-14T10:19:33.534074Z, + validUntil = None, + sequenced = 2025-05-14T10:19:33.534074Z, + operation = Replace, + transactionHash = , + serial = PositiveNumeric(value = 1), + signedBy = Vector(1220b529c1d9...) + ), + item = PartyToParticipant(YOUR_PARTY_ID, PositiveNumeric(1), Vector(HostingParticipant(YOUR_PARTICIPANT_ID..., Submission))) + ) + ) ``` In this example, the validFrom time is `2025-05-14T10:19:33.534074Z`. @@ -526,10 +518,9 @@ curl -sSL --fail-with-body 'https://scan.sv-1.test.global.canton.network.sync.gl Lastly, we can import the ACS: ``` - val topologyTxSignedByBoth = participant.topology.transactions.sign( - topologyTxSignedByParty, - TopologyStoreId.Synchronizer(synchronizerId), - signedBy = Seq(participantId.namespace.fingerprint) +participant.synchronizers.disconnect_all() +participant.repair.import_acs("acs_snapshot") +participant.synchronizers.reconnect_all() ``` The party is now hosted on the node and can participat in transactions. The last step is to setup the necessary contracts to allow the validator automation to renew transfer preapprovals and complete transfer commands. To do so, go through the same flow used for initial onboarding of the party, i.e., `/v0/admin/external-party/setup-proposal`, `/v0/admin/external-party/setup-proposal/prepare-accept` and `/v0/admin/external-party/setup-proposal/submit-accept`. For details refer to the docs for the validator external signing API. @@ -552,37 +543,36 @@ We now need to sign and submit the topology transaction to host the external par To do so, first generate the topology transaction. Note that the instructions here assume that the party is only hosted on a single participant node. If you want to host it on multiple nodes, you will need to adjust this. ``` - those from the rejected ``OwnerToKeyMapping`` in your participant logs, and replace the - old participant ID with your actual old participant ID: - - .. code:: - - val keys = Seq("", "").map(prefix => - participant.keys.public.list().filter(_.publicKey.id.toProtoPrimitive.startsWith(prefix)).head.publicKey) - - val oldParticipantId = ParticipantId.fromProtoPrimitive("", "participant").toOption.get - val otk = OwnerToKeyMapping(member = oldParticipantId, keys = NonEmpty.from(keys).get) - participant.topology.owner_to_key_mappings.propose(otk, force = ForceFlag.AlienMember) - -3. Start the validator app using your original identities dump configuration. - -.. _validator_recover_external_party: - -Recover the Coin balance of an external party -+++++++++++++++++++++++++++++++++++++++++++++ - -For a party relying on external signing, a similar procedure can be -used to recover its coin balance in case the validator originally -hosting it becomes unusable for whatever reason. - -.. warning:: The target validator that you use to host the party after - recovery **must** be a **completely new validator**. An existing validator - may brick completely due to some limitations around party - migrations and there is no way to recover from that at - this point. Recovering a validator from an identities backup does not classify - as a completely new validator here. You must setup it with a completely new identity - and a completely clean database. - This limitation is expected to be lifted in +// replace YOUR_PARTY_ID by the ID of your external party +val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") +val participantId = participant.id +val synchronizerId = participant.synchronizers.id_of("global") + +// generate topology transaction +val partyToParticipant = PartyToParticipant.tryCreate( + partyId = partyId, + threshold = PositiveInt.one, + participants = Seq( + HostingParticipant( + participantId, + ParticipantPermission.Confirmation, + ) + ), + ) + +import com.digitalasset.canton.admin.api.client.commands.TopologyAdminCommands.Write.GenerateTransactions +val topologyTransaction = participant.topology.transactions.generate( + Seq( + GenerateTransactions.Proposal( + partyToParticipant, + TopologyStoreId.Synchronizer(synchronizerId), + ) + ) +).head + +// Print out the hash that needs to be signed. Note that you need to sign +// the actual bytes the hex string represents not the hex string +topologyTransaction.hash.hash.toHexString ``` We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. @@ -591,46 +581,44 @@ The topology transaction hash needs to be signed externally following the [docum After you signed it externally, you need to construct the signed topology transaction, sign it additionally through the participant and then submit it through the synchronizer. ``` -it on multiple nodes, you will need to adjust this. - -.. code:: - - // replace YOUR_PARTY_ID by the ID of your external party - val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") - val participantId = participant.id - val synchronizerId = participant.synchronizers.id_of("global") - - // generate topology transaction - val partyToParticipant = PartyToParticipant.tryCreate( - partyId = partyId, - threshold = PositiveInt.one, - participants = Seq( - HostingParticipant( - participantId, - ParticipantPermission.Confirmation, - ) +// Replace HASH_SIGNATURE_HEXSTRING with the signed topology transaction hash +val signature = Signature.fromExternalSigning(SignatureFormat.Raw, HexString.parseToByteString("HASH_SIGNATURE_HEXSTRING").get, partyId.namespace.fingerprint, SigningAlgorithmSpec.Ed25519) +val topologyTxSignedByParty = SignedTopologyTransaction.create( + topologyTransaction, + NonEmpty(Set, SingleTransactionSignature(topologyTransaction.hash, signature): TopologyTransactionSignature), + isProposal = false, + ProtocolVersion.v34, +) +val topologyTxSignedByBoth = participant.topology.transactions.sign( + topologyTxSignedByParty, + TopologyStoreId.Synchronizer(synchronizerId), + signedBy = Seq(participantId.namespace.fingerprint) +) +participant.topology.transactions.load( + topologyTxSignedByBoth, + TopologyStoreId.Synchronizer(synchronizerId), +) ``` We can now check that the topology transaction got correctly applied and get the `validFrom` time: ``` - val topologyTransaction = participant.topology.transactions.generate( - Seq( - GenerateTransactions.Proposal( - partyToParticipant, - TopologyStoreId.Synchronizer(synchronizerId), - ) - ) - ).head - - // Print out the hash that needs to be signed. Note that you need to sign - // the actual bytes the hex string represents not the hex string - topologyTransaction.hash.hash.toHexString - -We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. - -The topology transaction hash needs to be signed externally following the -`documentation for external signing `_. - +// The detailed output will slightly vary. Make sure that you see the new participant ID though. +participant.topology.party_to_participant_mappings.list(synchronizerId, filterParty = partyId.filterString) + res36: Seq[topology.ListPartyToParticipantResult] = Vector( + ListPartyToParticipantResult( + context = BaseResult( + storeId = Synchronizer(id = global-domain::122025296c61...), + validFrom = 2025-05-14T10:19:33.534074Z, + validUntil = None, + sequenced = 2025-05-14T10:19:33.534074Z, + operation = Replace, + transactionHash = , + serial = PositiveNumeric(value = 1), + signedBy = Vector(1220b529c1d9...) + ), + item = PartyToParticipant(YOUR_PARTY_ID, PositiveNumeric(1), Vector(HostingParticipant(YOUR_PARTICIPANT_ID..., Submission))) + ) + ) ``` In this example, the validFrom time is `2025-05-14T10:19:33.534074Z`. @@ -643,10 +631,9 @@ curl -sSL --fail-with-body 'https://scan.sv-1.global.canton.network.sync.global/ Lastly, we can import the ACS: ``` - val topologyTxSignedByBoth = participant.topology.transactions.sign( - topologyTxSignedByParty, - TopologyStoreId.Synchronizer(synchronizerId), - signedBy = Seq(participantId.namespace.fingerprint) +participant.synchronizers.disconnect_all() +participant.repair.import_acs("acs_snapshot") +participant.synchronizers.reconnect_all() ``` The party is now hosted on the node and can participat in transactions. The last step is to setup the necessary contracts to allow the validator automation to renew transfer preapprovals and complete transfer commands. To do so, go through the same flow used for initial onboarding of the party, i.e., `/v0/admin/external-party/setup-proposal`, `/v0/admin/external-party/setup-proposal/prepare-accept` and `/v0/admin/external-party/setup-proposal/submit-accept`. For details refer to the docs for the validator external signing API. @@ -670,4 +657,4 @@ Validators then need to: Note that depending on how exactly the old synchronizer failed, validators may desynchronize if some validators have observed a transaction before the failure while others have not. In that case, the participant will produce ACS mismatches that should be resolved using the [standard ACS mismatch resolution process](/global-synchronizer/troubleshooting-guide/transaction-failures#troubleshoot-acs-commitments) after migrating to the new physical synchronizer. -{/* COPIED_END */} \ No newline at end of file +{/* COPIED_END */} diff --git a/docs-main/global-synchronizer/production-operations/validator-security.mdx b/docs-main/global-synchronizer/production-operations/validator-security.mdx index f676d56a7..2c656fddd 100644 --- a/docs-main/global-synchronizer/production-operations/validator-security.mdx +++ b/docs-main/global-synchronizer/production-operations/validator-security.mdx @@ -3,8 +3,6 @@ title: "Validator Security" description: "Security hardening and KMS configuration for validator nodes" --- -import KmsParticipantsContext from "/snippets/external/splice/main/common/kms-participants-context.mdx"; -import KmsMigrationContext from "/snippets/external/splice/main/common/kms-migration-context.mdx"; import KmsConfigGeneral from "/snippets/external/splice/main/common/kms-config-general.mdx"; import KmsConfigGcp from "/snippets/external/splice/main/common/kms-config-gcp.mdx"; import KmsConfigAws from "/snippets/external/splice/main/common/kms-config-aws.mdx"; @@ -13,13 +11,13 @@ import KmsConfigAws from "/snippets/external/splice/main/common/kms-config-aws.m ## Using an external KMS for managing participant keys - +By default, Canton participants use cryptographic [keys](/appdev/modules/m7-security) that are generated by the participant itself and stored in the regular database used by the participant. To improve key security, participants can be configured to use an external Key Management System (KMS) to generate and store keys. Please consult the official [Canton documentation on KMS support](/global-synchronizer/production-operations/kms-operations) for additional details and a list of supported KMS providers. Participants deployed as part of a Splice deployment support the [External Key Storage](/global-synchronizer/production-operations/key-management) mode of KMS usage. In the following, we describe how to configure a validator so that its participant keys are managed by an external KMS. This guide assumes that you are using the Helm-based deployment of the validator. KMS usage is not currently supported for Docker Compose-based deployments. ### Migrating an existing validator to use an external KMS - +It is not supported to migrate an existing participant from "non-KMS-based" to "KMS-based" operation, or to migrate from one KMS provider to another. The main reason for this is that a participant's root namespace key cannot be rotated, and importing it from a potentially unsafe location into a KMS would diminish the security gain of using the KMS. Moreover, some KMS providers do not support importing existing keys at all and can only be used for managing keys generated by the KMS itself. Our recommended approach for switching to use KMS is to: diff --git a/docs-main/snippets/external/splice/main/common/kms-migration-context.mdx b/docs-main/snippets/external/splice/main/common/kms-migration-context.mdx deleted file mode 100644 index 62e3482e3..000000000 --- a/docs-main/snippets/external/splice/main/common/kms-migration-context.mdx +++ /dev/null @@ -1 +0,0 @@ -It is not supported to migrate an existing participant from "non-KMS-based" to "KMS-based" operation, or to migrate from one KMS provider to another. The main reason for this is that a participant's root namespace key cannot be rotated, and importing it from a potentially unsafe location into a KMS would diminish the security gain of using the KMS. Moreover, some KMS providers do not support importing existing keys at all and can only be used for managing keys generated by the KMS itself. diff --git a/docs-main/snippets/external/splice/main/common/kms-participants-context.mdx b/docs-main/snippets/external/splice/main/common/kms-participants-context.mdx deleted file mode 100644 index 139e62009..000000000 --- a/docs-main/snippets/external/splice/main/common/kms-participants-context.mdx +++ /dev/null @@ -1 +0,0 @@ -By default, Canton participants use cryptographic [keys](/appdev/modules/m7-security) that are generated by the participant itself and stored in the regular database used by the participant. To improve key security, participants can be configured to use an external Key Management System (KMS) to generate and store keys. Please consult the official [Canton documentation on KMS support](/global-synchronizer/production-operations/kms-operations) for additional details and a list of supported KMS providers. Participants deployed as part of a Splice deployment support the [External Key Storage](/global-synchronizer/production-operations/key-management) mode of KMS usage. diff --git a/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-recovery-manual-identities-dump.mdx b/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-recovery-manual-identities-dump.mdx index 2c370d186..004f0394f 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-recovery-manual-identities-dump.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-recovery-manual-identities-dump.mdx @@ -1,20 +1,19 @@ ```scala - import com.digitalasset.canton.topology.transaction.TopologyMapping - import com.digitalasset.canton.topology.store.TimeQuery - import java.util.Base64 +import com.digitalasset.canton.topology.transaction.TopologyMapping +import com.digitalasset.canton.topology.store.TimeQuery +import java.util.Base64 - val id = participant.id.toProtoPrimitive +val id = participant.id.toProtoPrimitive - // This line needs to be adapted if your participant stores keys in an external KMS - val keys = "[" + participant.keys.secret.list().filter(k => k.name.get.unwrap != "cometbft-governance-keys").map(key => s"{\"keyPair\": \"${Base64.getEncoder.encodeToString(participant.keys.secret.download(key.publicKey.fingerprint).toByteArray)}\", \"name\": \"${key.name.get.unwrap}\"}") .mkString(",") + "]" +// This line needs to be adapted if your participant stores keys in an external KMS +val keys = "[" + participant.keys.secret.list().filter(k => k.name.get.unwrap != "cometbft-governance-keys").map(key => s"{\"keyPair\": \"${Base64.getEncoder.encodeToString(participant.keys.secret.download(key.publicKey.fingerprint).toByteArray)}\", \"name\": \"${key.name.get.unwrap}\"}") .mkString(",") + "]" - val authorizedStoreSnapshot = Base64.getEncoder.encodeToString(participant.topology.transactions.export_topology_snapshot(timeQuery = TimeQuery.Range(from = None, until = None), filterMappings = Seq(TopologyMapping.Code.NamespaceDelegation, TopologyMapping.Code.OwnerToKeyMapping, TopologyMapping.Code.VettedPackages), filterNamespace = participant.id.namespace.toProtoPrimitive).toByteArray) +val authorizedStoreSnapshot = Base64.getEncoder.encodeToString(participant.topology.transactions.export_topology_snapshot(timeQuery = TimeQuery.Range(from = None, until = None), filterMappings = Seq(TopologyMapping.Code.NamespaceDelegation, TopologyMapping.Code.OwnerToKeyMapping, TopologyMapping.Code.VettedPackages), filterNamespace = participant.id.namespace.toProtoPrimitive).toByteArray) - val combinedJson = s"""{ "id" : "$id", "keys" : $keys, "authorizedStoreSnapshot" : "$authorizedStoreSnapshot" }""" - - // Write to file - import java.nio.file.{Files, Paths} - val dumpPath = Paths.get("identities-dump.json") - Files.writeString(dumpPath, combinedJson) +val combinedJson = s"""{ "id" : "$id", "keys" : $keys, "authorizedStoreSnapshot" : "$authorizedStoreSnapshot" }""" +// Write to file +import java.nio.file.{Files, Paths} +val dumpPath = Paths.get("identities-dump.json") +Files.writeString(dumpPath, combinedJson) ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-aws-values.mdx b/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-aws-values.mdx index 61294beb3..d34405a72 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-aws-values.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-aws-values.mdx @@ -24,4 +24,4 @@ additionalEnvVars: secretKeyRef: name: aws-credentials key: secretAccessKey -``` +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-gcp-values.mdx b/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-gcp-values.mdx index 70c262162..519907cb6 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-gcp-values.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-full-apps-app-src-pack-examples-sv-helm-kms-participant-gcp-values.mdx @@ -28,4 +28,4 @@ extraVolumes: - name: gcp-credentials secret: secretName: gke-credentials -``` +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-configuring-topup-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-configuring-topup-start.mdx index 440d1f804..6e14b3f66 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-configuring-topup-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-configuring-topup-start.mdx @@ -1,11 +1,11 @@ ```yaml - # Configuring a validator's traffic top-up loop; - # see documentation for more detailed information. - topup: - # set to false in order to disable automatic traffic top-ups - enabled: true - # target throughput in bytes / second of sequenced traffic; targetThroughput=0 <=> enabled=false - targetThroughput: 20000 - # minTopupInterval - minimum time interval that must elapse before the next top-up - minTopupInterval: "1m" +# Configuring a validator's traffic top-up loop; +# see documentation for more detailed information. +topup: + # set to false in order to disable automatic traffic top-ups + enabled: true + # target throughput in bytes / second of sequenced traffic; targetThroughput=0 <=> enabled=false + targetThroughput: 20000 + # minTopupInterval - minimum time interval that must elapse before the next top-up + minTopupInterval: "1m" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-participant-bootstrap-migrate-to-new-participant-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-participant-bootstrap-migrate-to-new-participant-start.mdx index 5614b2a8b..e41603ae3 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-participant-bootstrap-migrate-to-new-participant-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-participant-bootstrap-migrate-to-new-participant-start.mdx @@ -1,7 +1,7 @@ ```yaml - # participantIdentitiesDumpImport: - # secretName: participant-bootstrap-dump - # # Make sure to also adjust nodeIdentifier to the same value - # newParticipantIdentifier: put-some-new-string-never-used-before - # migrateValidatorParty: true +# participantIdentitiesDumpImport: +# secretName: participant-bootstrap-dump +# # Make sure to also adjust nodeIdentifier to the same value +# newParticipantIdentifier: put-some-new-string-never-used-before +# migrateValidatorParty: true ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-scan-client-configuration-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-scan-client-configuration-start.mdx index d7e68043c..6d2596126 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-scan-client-configuration-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-scan-client-configuration-start.mdx @@ -1,35 +1,35 @@ ```yaml - scanClient: - scanType: "bft" - seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. +scanClient: + scanType: "bft" + seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url. Supports multiple urls, separated by comma. - # scanClient denotes how the validator makes connections to scan service and supports three modes of operation. +# scanClient denotes how the validator makes connections to scan service and supports three modes of operation. - # Mode 1: bft (Byzantine Fault Tolerance) - # Connects to all available scans in the network. It validates responses by ensuring - # at least f+1 matching responses are received. +# Mode 1: bft (Byzantine Fault Tolerance) +# Connects to all available scans in the network. It validates responses by ensuring +# at least f+1 matching responses are received. - # scanClient: - # scanType: "bft" - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. +# scanClient: +# scanType: "bft" +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with scan seed url(s). Supports multiple urls, separated by comma. - # Mode 2: bft-custom - # A specialized version of bft where you specify a subset of trusted SVs. - # The validator connects only to the scans of the SVs listed in 'svNames'. - # Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. +# Mode 2: bft-custom +# A specialized version of bft where you specify a subset of trusted SVs. +# The validator connects only to the scans of the SVs listed in 'svNames'. +# Optional param 'threshold' defines how many identical responses are required to consider the scan responses valid. - # scanClient: - # scanType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) - # seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) - # threshold: # optional integer indicating the number of matching responses required for validation +# scanClient: +# scanType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV names(s) +# seedUrls: ["TRUSTED_SCAN_URL"] # replace with actual scan seed urls(s) +# threshold: # optional integer indicating the number of matching responses required for validation - # Mode 3: trust-single - # Connects to a single trusted scan address. - # This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. - # Hence, usually you want to default to not enabling this +# Mode 3: trust-single +# Connects to a single trusted scan address. +# This means that you depend on that single SV and if it is broken or malicious you will be unable to use the network. +# Hence, usually you want to default to not enabling this - # scanClient: - # scanType: "trust-single" - # scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url +# scanClient: +# scanType: "trust-single" +# scanAddress: "TRUSTED_SCAN_URL" # replace with the trusted scan url ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-synchronizer-configuration-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-synchronizer-configuration-start.mdx index cd94b530d..6f3d28251 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-synchronizer-configuration-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-standalone-validator-values-synchronizer-configuration-start.mdx @@ -1,31 +1,31 @@ ```yaml - synchronizer: - connectionType: "bft" +synchronizer: + connectionType: "bft" - # synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. - # synchronizer configuration has three modes of operation. +# synchronizer configuration enables to configure how the validator's participant connects to the synchronizer. +# synchronizer configuration has three modes of operation. - # Mode 1: bft (Byzantine Fault Tolerance) - # Uses all available synchronizer connections provided by the scan service. - # Responses are validated against the network's f+1 fault tolerance logic. +# Mode 1: bft (Byzantine Fault Tolerance) +# Uses all available synchronizer connections provided by the scan service. +# Responses are validated against the network's f+1 fault tolerance logic. - # synchronizer: - # connectionType: "bft" +# synchronizer: +# connectionType: "bft" - # Mode 2: bft-custom - # Connects only to sequencers operated by the specific SVs listed in 'svNames'. - # optional param 'threshold' defines the minimum number of matching responses required for validation. +# Mode 2: bft-custom +# Connects only to sequencers operated by the specific SVs listed in 'svNames'. +# optional param 'threshold' defines the minimum number of matching responses required for validation. - # synchronizer: - # connectionType: "bft-custom" - # svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) - # threshold: # optional integer indicating the number of matching responses required for validation +# synchronizer: +# connectionType: "bft-custom" +# svNames: ["TRUSTED_SV"] # replace with trusted SV name(s) +# threshold: # optional integer indicating the number of matching responses required for validation - # Mode 3: trust-Single - # Connects to a single specified sequencer URL. - # trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. +# Mode 3: trust-Single +# Connects to a single specified sequencer URL. +# trust-single makes you dependent on a single SV; if it is malicious or down, you will be unable to use the network. - #synchronizer: - # connectionType: "trust-single" - # url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url +#synchronizer: +# connectionType: "trust-single" +# url: "TRUSTED_SYNCHRONIZER_SEQUENCER_URL" # replace with the trusted synchronizer sequencer url ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-validator-values-sv-participant-pruning-schedule-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-validator-values-sv-participant-pruning-schedule-start.mdx index c65c297dd..c4fc11527 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-validator-values-sv-participant-pruning-schedule-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-validator-values-sv-participant-pruning-schedule-start.mdx @@ -1,6 +1,6 @@ ```yaml - participantPruningSchedule: - cron: 0 /10 * * * ? # Run every 10min - maxDuration: 5m # Run for a max of 5min per iteration - retention: 30d # Retain history that is newer than 30d. +participantPruningSchedule: + cron: 0 /10 * * * ? # Run every 10min + maxDuration: 5m # Run for a max of 5min per iteration + retention: 30d # Retain history that is newer than 30d. ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-docs-pruning-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-docs-pruning-start.mdx index 6db77b5b3..7cb881dad 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-docs-pruning-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-docs-pruning-start.mdx @@ -1,11 +1,11 @@ ```yaml - synchronizers: - current: - sequencerPruningConfig: - # Enable or disable sequencer pruning - enabled: true - # The pruning interval is the time between two consecutive prunings. - pruningInterval: "1 hour" - # The retention period is the time for which the sequencer will retain the data. - retentionPeriod: "30 days" +synchronizers: + current: + sequencerPruningConfig: + # Enable or disable sequencer pruning + enabled: true + # The pruning interval is the time between two consecutive prunings. + pruningInterval: "1 hour" + # The retention period is the time for which the sequencer will retain the data. + retentionPeriod: "30 days" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-migration-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-migration-start.mdx index f3613b8c6..ec99292c6 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-migration-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-sv-values-migration-start.mdx @@ -1,11 +1,6 @@ ```yaml - # Replace MIGRATION_ID with the migration ID of the global synchronizer. - migration: - id: "MIGRATION_ID" - # Uncomment these when redeploying as part of a migration, - # i.e., MIGRATION_ID was incremented and a migration dump was exported to the attached pvc. - # migrating: true - # This declares that your sequencer with that migration id is still up. You should remove it - # once you take down the sequencer for the prior migration id - # legacyId: "MIGRATION_ID_BEFORE_INCREMENTED" +# Replace MIGRATION_ID with the migration ID of the global synchronizer. +migration: + # This should stay constant after the introduction of logical synchronizer upgrades. + id: "MIGRATION_ID" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-auto-accept-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-auto-accept-start.mdx index a87505bf4..fcf464ccd 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-auto-accept-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-auto-accept-start.mdx @@ -1,7 +1,7 @@ ```yaml - # To configure the validator to auto-accept transfer offers from specific parties, uncomment and fill in the following: - #autoAcceptTransfers: - # "": - # fromParties: - # - "" +# To configure the validator to auto-accept transfer offers from specific parties, uncomment and fill in the following: +#autoAcceptTransfers: +# "": +# fromParties: +# - "" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-enablewallet-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-enablewallet-start.mdx index c5fd6a97e..315b1de29 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-enablewallet-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-enablewallet-start.mdx @@ -1,4 +1,4 @@ ```yaml - # This will disable the wallet HTTP server and wallet automations when set to false - enableWallet: true +# This will disable the wallet HTTP server and wallet automations when set to false +enableWallet: true ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-participant-pruning-schedule-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-participant-pruning-schedule-start.mdx index f32a5b982..bd038af2b 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-participant-pruning-schedule-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-apps-app-src-pack-examples-sv-helm-validator-values-participant-pruning-schedule-start.mdx @@ -1,8 +1,8 @@ ```yaml - # To configure participant pruning uncomment the following section. - # Refer to the documentation for more details. - # participantPruningSchedule: - # cron: 0 /10 * * * ? # Run every 10min - # maxDuration: 5m # Run for a max of 5min per iteration - # retention: 48h # Retain history that is newer than 48h. +# To configure participant pruning uncomment the following section. +# Refer to the documentation for more details. +# participantPruningSchedule: +# cron: 0 /10 * * * ? # Run every 10min +# maxDuration: 5m # Run for a max of 5min per iteration +# retention: 48h # Retain history that is newer than 48h. ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-literal-marker-cluster-helm-splice-cometbft-values-template-docs-cometbft-pruning-start.mdx b/docs-main/snippets/external/splice/main/splice-literal-marker-cluster-helm-splice-cometbft-values-template-docs-cometbft-pruning-start.mdx index 5ed5f6aa6..1606705fe 100644 --- a/docs-main/snippets/external/splice/main/splice-literal-marker-cluster-helm-splice-cometbft-values-template-docs-cometbft-pruning-start.mdx +++ b/docs-main/snippets/external/splice/main/splice-literal-marker-cluster-helm-splice-cometbft-values-template-docs-cometbft-pruning-start.mdx @@ -1,5 +1,5 @@ ```yaml - # Number of blocks to keep, used for pruning. 0 -> keep all blocks. - # Number of blocks to keep for 30 days with an upper bound of 7k blocks/h. - retainBlocks: 5040000 +# Number of blocks to keep, used for pruning. 0 -> keep all blocks. + # Number of blocks to keep for 30 days with an upper bound of 7k blocks/h. + retainBlocks: 5040000 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-overview-version-information-bash-42.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-overview-version-information-bash-42.mdx index ed2fe7d15..ecd933901 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-overview-version-information-bash-42.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-overview-version-information-bash-42.mdx @@ -1,3 +1,3 @@ ```bash - curl -sSL https://get.digitalasset.com/ | sh +curl -sSL https://get.digitalasset.com/ | sh ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-162.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-162.mdx index a81ccfae6..9a3dc3c08 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-162.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-162.mdx @@ -1,10 +1,9 @@ ```bash - docker compose --env-file $LOCALNET_DIR/compose.env \ - --env-file $LOCALNET_DIR/env/common.env \ - -f $LOCALNET_DIR/compose.yaml \ - -f $LOCALNET_DIR/resource-constraints.yaml \ - --profile sv \ - --profile app-provider \ - --profile app-user up -d - +docker compose --env-file $LOCALNET_DIR/compose.env \ + --env-file $LOCALNET_DIR/env/common.env \ + -f $LOCALNET_DIR/compose.yaml \ + -f $LOCALNET_DIR/resource-constraints.yaml \ + --profile sv \ + --profile app-provider \ + --profile app-user up -d ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-175.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-175.mdx index 1c3234bde..f089372e0 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-175.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-175.mdx @@ -1,10 +1,9 @@ ```bash - docker compose --env-file $LOCALNET_DIR/compose.env \ - --env-file $LOCALNET_DIR/env/common.env \ - -f $LOCALNET_DIR/compose.yaml \ - -f $LOCALNET_DIR/resource-constraints.yaml \ - --profile sv \ - --profile app-provider \ - --profile app-user down -v - +docker compose --env-file $LOCALNET_DIR/compose.env \ + --env-file $LOCALNET_DIR/env/common.env \ + -f $LOCALNET_DIR/compose.yaml \ + -f $LOCALNET_DIR/resource-constraints.yaml \ + --profile sv \ + --profile app-provider \ + --profile app-user down -v ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-190.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-190.mdx index 64d7d9129..914793547 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-190.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-190.mdx @@ -1,11 +1,10 @@ ```bash - docker compose --env-file $LOCALNET_DIR/compose.env \ - --env-file $LOCALNET_DIR/env/common.env \ - -f $LOCALNET_DIR/compose.yaml \ - -f $LOCALNET_DIR/resource-constraints.yaml \ - --profile sv \ - --profile app-provider \ - --profile app-user \ - --profile swagger-ui up -d - +docker compose --env-file $LOCALNET_DIR/compose.env \ + --env-file $LOCALNET_DIR/env/common.env \ + -f $LOCALNET_DIR/compose.yaml \ + -f $LOCALNET_DIR/resource-constraints.yaml \ + --profile sv \ + --profile app-provider \ + --profile app-user \ + --profile swagger-ui up -d ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-206.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-206.mdx index e20e51ffe..0530739bb 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-206.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-206.mdx @@ -1,11 +1,10 @@ ```bash - docker compose --env-file $LOCALNET_DIR/compose.env \ - --env-file $LOCALNET_DIR/env/common.env \ - -f $LOCALNET_DIR/compose.yaml \ - -f $LOCALNET_DIR/resource-constraints.yaml \ - --profile sv \ - --profile app-provider \ - --profile app-user \ - --profile swagger-ui down -v - +docker compose --env-file $LOCALNET_DIR/compose.env \ + --env-file $LOCALNET_DIR/env/common.env \ + -f $LOCALNET_DIR/compose.yaml \ + -f $LOCALNET_DIR/resource-constraints.yaml \ + --profile sv \ + --profile app-provider \ + --profile app-user \ + --profile swagger-ui down -v ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-228.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-228.mdx index d6a7d7ef7..05f57c402 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-228.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-bash-228.mdx @@ -1,9 +1,7 @@ ```bash - docker compose --env-file $LOCALNET_DIR/compose.env \ - --env-file $LOCALNET_DIR/env/common.env \ - -f $LOCALNET_DIR/compose.yaml \ - -f $LOCALNET_DIR/resource-constraints.yaml \ - run --rm console - - +docker compose --env-file $LOCALNET_DIR/compose.env \ + --env-file $LOCALNET_DIR/env/common.env \ + -f $LOCALNET_DIR/compose.yaml \ + -f $LOCALNET_DIR/resource-constraints.yaml \ + run --rm console ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-126.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-126.mdx index de65d8ce0..f38a51270 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-126.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-126.mdx @@ -1,6 +1,4 @@ ``` - 127.0.0.1 scan.localhost - 127.0.0.1 wallet.localhost - - +127.0.0.1 scan.localhost +127.0.0.1 wallet.localhost ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-147.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-147.mdx index 842c7b003..060ccab15 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-147.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-app-dev-testing-localnet-none-147.mdx @@ -1,4 +1,3 @@ ``` - `app-provider`.adminToken - +`app-provider`.adminToken ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-166.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-166.mdx index 6b499dd36..ef4864211 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-166.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-166.mdx @@ -1,3 +1,3 @@ ```bash - kubectl debug "${POD_NAME}" --image "$(kubectl get pod "${POD_NAME}" -o json | jq -re '.spec.containers[0].image')" -i -t -- bash +kubectl debug "${POD_NAME}" --image "$(kubectl get pod "${POD_NAME}" -o json | jq -re '.spec.containers[0].image')" -i -t -- bash ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-174.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-174.mdx index 05d3306e8..f583763ae 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-174.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-console-access-bash-174.mdx @@ -1,6 +1,6 @@ ```bash - $ apt-get update - $ apt-get install -y vim - $ vim console.conf # paste in the config from above - $ /app/bin/canton -v -c console.conf +$ apt-get update +$ apt-get install -y vim +$ vim console.conf # paste in the config from above +$ /app/bin/canton -v -c console.conf ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-109.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-109.mdx index 2f794c26e..33a149ff2 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-109.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-109.mdx @@ -1,4 +1,3 @@ ```text Insufficient funds to buy configured traffic amount. Please ensure that the validator’s wallet has enough amulets to purchase 1.9998 MB of traffic to continue healthy operation. - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-123.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-123.mdx index 8979ce1f1..3e431bd93 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-123.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-123.mdx @@ -1,4 +1,3 @@ ```text 2025-02-11T10:16:13.098Z [⋮] ERROR - o.l.s.v.ValidatorSvConnection:validator=validator_backend (7427be2620676fce8a464eee769eb1d8-app_version-2d71c55f5ecd731b-793d382fa2d6ce14) - Gave up getting 'app version of https://scan.sv-2.dev.global.canton.network.digitalasset.com/api/sv' org.apache.pekko.http.scaladsl.unmarshalling.Unmarshaller$UnsupportedContentTypeException: Unsupported Content-Type [Some(text/html)], supported: application/json - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-135.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-135.mdx index 0a1a0adc8..de4a3fb07 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-135.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-135.mdx @@ -1,4 +1,3 @@ ```text 2025-02-14T11:32:00.304Z [⋮] INFO - o.l.s.v.ValidatorApp:validator=validator_backend (50836441bf579035d64a56f776566cbf) - The operation 'Get user 7D95xiEUxju4IUXFQgyUrwHMMuZO0g2F@clients' failed with a retryable error (full stack trace omitted): UNAUTHENTICATED: An error occurred. Please contact the operator and inquire about the request efd009557dec03da74dd29b723949cd6 with tid efd009557dec03da74dd29b723949cd6 - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-161.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-161.mdx index 26e9bb749..d03c1db6d 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-161.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-161.mdx @@ -1,4 +1,3 @@ ```text │Caused by: io.grpc.StatusRuntimeException: INTERNAL: Node has identity a-b-c-1::122098ffcd99..., but identifier a-b-1 was expected. │ - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-174.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-174.mdx index 84b5a1014..ed4e346bc 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-174.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-174.mdx @@ -2,5 +2,4 @@ 2025-04-16T08:18:06.451Z [⋮] DEBUG - c.d.c.s.c.t.GrpcSequencerSubscription:participant=participant/domainId=global-domain::12206d339948/sequencerAlias=Some-Alias (---) - Completed subscription with Success(GrpcSubscriptionError(Request failed for sequencer. GrpcRequestRefusedByServer: FAILED_PRECONDITION/MemberDisabled(PAR::validator1::12203d9ed85f...) Request: subscription - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-89.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-89.mdx index dcd811729..9d3603ad6 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-89.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-deployment-troubleshooting-text-89.mdx @@ -1,4 +1,3 @@ ```text ABORTED: Traffic balance below reserved traffic amount (0 < 200000) - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-scalability-scalability-none-117.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-scalability-scalability-none-117.mdx index 7c7d687f3..9b54858ee 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-scalability-scalability-none-117.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-scalability-scalability-none-117.mdx @@ -1,6 +1,5 @@ ``` - - name: ADDITIONAL_CONFIG_TOPOLOGY_BATCH_SIZE - value: | - canton.participants.participant.topology.broadcast-batch-size = 20 - +- name: ADDITIONAL_CONFIG_TOPOLOGY_BATCH_SIZE + value: | + canton.participants.participant.topology.broadcast-batch-size = 20 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-backup-bash-23.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-backup-bash-23.mdx index aa110260e..8b2adfb17 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-backup-bash-23.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-backup-bash-23.mdx @@ -1,4 +1,3 @@ ```bash - curl "https://sv.sv.YOUR_HOSTNAME/api/sv/v0/admin/domain/identities-dump" -H "authorization: Bearer " - +curl "https://sv.sv.YOUR_HOSTNAME/api/sv/v0/admin/domain/identities-dump" -H "authorization: Bearer " ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-1033.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-1033.mdx index f395f45b4..428d1d2e6 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-1033.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-1033.mdx @@ -1,3 +1,3 @@ ```bash - curl https://scan.sv-1./api/scan/v0/scans | jq -r '.scans.[].scans.[].publicUrl' +curl https://scan.sv-1./api/scan/v0/scans | jq -r '.scans.[].scans.[].publicUrl' ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-302.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-302.mdx index ae84484c4..bc8196ae6 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-302.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-302.mdx @@ -1,9 +1,9 @@ ```bash - kubectl create --namespace sv secret generic splice-app-sv-ledger-api-auth \ - "--from-literal=ledger-api-user=${SV_CLIENT_ID}@clients" \ - "--from-literal=url=${OIDC_AUTHORITY_URL}/.well-known/openid-configuration" \ - "--from-literal=client-id=${SV_CLIENT_ID}" \ - "--from-literal=client-secret=${SV_CLIENT_SECRET}" \ - "--from-literal=audience=${OIDC_AUTHORITY_LEDGER_API_AUDIENCE}" - "--from-literal=scope=${OIDC_AUTHORITY_LEDGER_API_SCOPE}" +kubectl create --namespace sv secret generic splice-app-sv-ledger-api-auth \ + "--from-literal=ledger-api-user=${SV_CLIENT_ID}@clients" \ + "--from-literal=url=${OIDC_AUTHORITY_URL}/.well-known/openid-configuration" \ + "--from-literal=client-id=${SV_CLIENT_ID}" \ + "--from-literal=client-secret=${SV_CLIENT_SECRET}" \ + "--from-literal=audience=${OIDC_AUTHORITY_LEDGER_API_AUDIENCE}" + "--from-literal=scope=${OIDC_AUTHORITY_LEDGER_API_SCOPE}" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-314.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-314.mdx index 3b98758af..291ab6024 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-314.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-314.mdx @@ -1,9 +1,9 @@ ```bash - kubectl create --namespace sv secret generic splice-app-validator-ledger-api-auth \ - "--from-literal=ledger-api-user=${VALIDATOR_CLIENT_ID}@clients" \ - "--from-literal=url=${OIDC_AUTHORITY_URL}/.well-known/openid-configuration" \ - "--from-literal=client-id=${VALIDATOR_CLIENT_ID}" \ - "--from-literal=client-secret=${VALIDATOR_CLIENT_SECRET}" \ - "--from-literal=audience=${OIDC_AUTHORITY_LEDGER_API_AUDIENCE}" \ - "--from-literal=scope=${OIDC_AUTHORITY_LEDGER_API_SCOPE}" +kubectl create --namespace sv secret generic splice-app-validator-ledger-api-auth \ + "--from-literal=ledger-api-user=${VALIDATOR_CLIENT_ID}@clients" \ + "--from-literal=url=${OIDC_AUTHORITY_URL}/.well-known/openid-configuration" \ + "--from-literal=client-id=${VALIDATOR_CLIENT_ID}" \ + "--from-literal=client-secret=${VALIDATOR_CLIENT_SECRET}" \ + "--from-literal=audience=${OIDC_AUTHORITY_LEDGER_API_AUDIENCE}" \ + "--from-literal=scope=${OIDC_AUTHORITY_LEDGER_API_SCOPE}" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-326.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-326.mdx index acd9d1948..1bb34827f 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-326.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-326.mdx @@ -1,13 +1,13 @@ ```bash - kubectl create --namespace sv secret generic splice-app-wallet-ui-auth \ - "--from-literal=url=${OIDC_AUTHORITY_URL}" \ - "--from-literal=client-id=${WALLET_UI_CLIENT_ID}" +kubectl create --namespace sv secret generic splice-app-wallet-ui-auth \ + "--from-literal=url=${OIDC_AUTHORITY_URL}" \ + "--from-literal=client-id=${WALLET_UI_CLIENT_ID}" - kubectl create --namespace sv secret generic splice-app-sv-ui-auth \ - "--from-literal=url=${OIDC_AUTHORITY_URL}" \ - "--from-literal=client-id=${SV_UI_CLIENT_ID}" +kubectl create --namespace sv secret generic splice-app-sv-ui-auth \ + "--from-literal=url=${OIDC_AUTHORITY_URL}" \ + "--from-literal=client-id=${SV_UI_CLIENT_ID}" - kubectl create --namespace sv secret generic splice-app-cns-ui-auth \ - "--from-literal=url=${OIDC_AUTHORITY_URL}" \ - "--from-literal=client-id=${CNS_UI_CLIENT_ID}" +kubectl create --namespace sv secret generic splice-app-cns-ui-auth \ + "--from-literal=url=${OIDC_AUTHORITY_URL}" \ + "--from-literal=client-id=${CNS_UI_CLIENT_ID}" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-381.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-381.mdx index bb53d6ee2..f77710a09 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-381.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-381.mdx @@ -1,5 +1,5 @@ ```bash - kubectl create --namespace sv secret generic cometbft-keys \ - "--from-file=node_key.json=node_key.json" \ - "--from-file=priv_validator_key.json=priv_validator_key.json" +kubectl create --namespace sv secret generic cometbft-keys \ + "--from-file=node_key.json=node_key.json" \ + "--from-file=priv_validator_key.json=priv_validator_key.json" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-39.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-39.mdx index fa32187f8..5ffa269de 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-39.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-39.mdx @@ -1,4 +1,4 @@ ```bash - export MIGRATION_ID=0 - export SERIAL_ID=0 +export MIGRATION_ID=0 +export SERIAL_ID=0 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-507.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-507.mdx index ba2f19a1f..93e1a6a7b 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-507.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-507.mdx @@ -1,14 +1,14 @@ ```bash - kubectl create secret generic sequencer-pg-secret \ - --from-literal=postgresPassword=${POSTGRES_PASSWORD_SEQUENCER} \ - -n sv - kubectl create secret generic mediator-pg-secret \ - --from-literal=postgresPassword=${POSTGRES_PASSWORD_MEDIATOR} \ - -n sv - kubectl create secret generic participant-pg-secret \ - --from-literal=postgresPassword=${POSTGRES_PASSWORD_PARTICIPANT} \ - -n sv - kubectl create secret generic apps-pg-secret \ - --from-literal=postgresPassword=${POSTGRES_PASSWORD_APPS} \ - -n sv +kubectl create secret generic sequencer-pg-secret \ + --from-literal=postgresPassword=${POSTGRES_PASSWORD_SEQUENCER} \ + -n sv +kubectl create secret generic mediator-pg-secret \ + --from-literal=postgresPassword=${POSTGRES_PASSWORD_MEDIATOR} \ + -n sv +kubectl create secret generic participant-pg-secret \ + --from-literal=postgresPassword=${POSTGRES_PASSWORD_PARTICIPANT} \ + -n sv +kubectl create secret generic apps-pg-secret \ + --from-literal=postgresPassword=${POSTGRES_PASSWORD_APPS} \ + -n sv ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-627.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-627.mdx index 75541c543..a32c980a8 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-627.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-627.mdx @@ -1,5 +1,5 @@ ```bash - kubectl create secret --namespace sv generic splice-app-sv-key \ - --from-literal=public=YOUR_PUBLIC_KEY \ - --from-literal=private=YOUR_PRIVATE_KEY +kubectl create secret --namespace sv generic splice-app-sv-key \ + --from-literal=public=YOUR_PUBLIC_KEY \ + --from-literal=private=YOUR_PRIVATE_KEY ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-725.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-725.mdx index 0cd0fd9ef..315b77935 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-725.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-725.mdx @@ -1,20 +1,20 @@ ```bash - $ kubectl get pods -n sv - NAME READY STATUS RESTARTS AGE - apps-pg-0 2/2 Running 0 14m - ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m - global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m - global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m - global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m - info-9fb7bc859-27226 2/2 Running 0 10m - mediator-pg-0 2/2 Running 0 14m - participant-0-57579c64ff-wmzk5 2/2 Running 0 14m - participant-pg-0 2/2 Running 0 14m - scan-app-b8456cc64-stjm2 2/2 Running 0 10m - scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m - sequencer-pg-0 2/2 Running 0 14m - sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m - sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m - validator-app-667445fdfc-rcztx 2/2 Running 0 10m - wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m +$ kubectl get pods -n sv +NAME READY STATUS RESTARTS AGE +apps-pg-0 2/2 Running 0 14m +ans-web-ui-5cf76bfc98-bh6tw 2/2 Running 0 10m +global-domain-0-cometbft-c584c9468-9r2v5 2/2 Running 2 (14m ago) 14m +global-domain-0-mediator-7bfb5f6b6d-ts5zp 2/2 Running 0 13m +global-domain-0-sequencer-6c85d98bb6-887c7 2/2 Running 0 13m +info-9fb7bc859-27226 2/2 Running 0 10m +mediator-pg-0 2/2 Running 0 14m +participant-0-57579c64ff-wmzk5 2/2 Running 0 14m +participant-pg-0 2/2 Running 0 14m +scan-app-b8456cc64-stjm2 2/2 Running 0 10m +scan-web-ui-7c6b5b59dc-fjxjg 2/2 Running 0 10m +sequencer-pg-0 2/2 Running 0 14m +sv-app-7f4b6f468c-sj7ch 2/2 Running 0 13m +sv-web-ui-67bfbdfc77-wwvp9 2/2 Running 0 13m +validator-app-667445fdfc-rcztx 2/2 Running 0 10m +wallet-web-ui-648f86f9f9-lffz5 2/2 Running 0 10m ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-835.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-835.mdx index 22ca7394e..2a4374c49 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-835.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-835.mdx @@ -1,3 +1,3 @@ ```bash - grpcurl : grpc.health.v1.Health/Check +grpcurl : grpc.health.v1.Health/Check ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-844.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-844.mdx index f54f66414..de3975140 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-844.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-844.mdx @@ -1,5 +1,5 @@ ```bash - { - "status": "SERVING" - } +{ + "status": "SERVING" +} ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-861.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-861.mdx index edf844d21..f3106d035 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-861.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-861.mdx @@ -1,6 +1,6 @@ ```bash - helm repo add istio https://istio-release.storage.googleapis.com/charts - helm repo update - helm install istio-base istio/base -n istio-system --set defaults.global.istioNamespace=cluster-ingress --wait - helm install istiod istio/istiod -n cluster-ingress --set global.istioNamespace="cluster-ingress" --set meshConfig.accessLogFile="/dev/stdout" --wait +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +helm install istio-base istio/base -n istio-system --set defaults.global.istioNamespace=cluster-ingress --wait +helm install istiod istio/istiod -n cluster-ingress --set global.istioNamespace="cluster-ingress" --set meshConfig.accessLogFile="/dev/stdout" --wait ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-873.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-873.mdx index cdb8c4d36..9d14f2d94 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-873.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-873.mdx @@ -1,3 +1,3 @@ ```bash - kubectl create ns cluster-ingress +kubectl create ns cluster-ingress ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-914.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-914.mdx index b72c53147..c2dc21209 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-914.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-914.mdx @@ -1,3 +1,3 @@ ```bash - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-93.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-93.mdx index 1f2c9ccce..2e71fc57c 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-93.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-93.mdx @@ -1,3 +1,3 @@ ```bash - kubectl create ns sv +kubectl create ns sv ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-990.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-990.mdx index 763142d5e..74066b993 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-990.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-helm-bash-990.mdx @@ -1,3 +1,3 @@ ```bash - kubectl apply -f gateways.yaml -n cluster-ingress +kubectl apply -f gateways.yaml -n cluster-ingress ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-75.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-75.mdx index acdc30b55..28405a1a4 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-75.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-75.mdx @@ -1,4 +1,3 @@ ```bash - curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json - +curl -sSL --fail-with-body https://YOUR_SCAN_URL/api/scan/v0/dso > current_state.json ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-81.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-81.mdx index 8f1c7f1a3..36accd1a3 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-81.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-81.mdx @@ -1,6 +1,5 @@ ```bash - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json - jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json - diff -C2 weights_backup.json weights_current.json - +jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' backup.json > weights_backup.json +jq '.dso_rules.contract.payload.svs.[] | [.[1].name, .[1].svRewardWeight]' current_state.json > weights_current.json +diff -C2 weights_backup.json weights_current.json ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-90.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-90.mdx index 531ff1af1..836221835 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-90.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-network-resets-bash-90.mdx @@ -1,6 +1,5 @@ ```bash - jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json - jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json - diff amulet_backup.json amulet_current.json - +jq '.amulet_rules.contract.payload' backup.json > amulet_backup.json +jq '.amulet_rules.contract.payload' current_state.json > amulet_current.json +diff amulet_backup.json amulet_current.json ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-482.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-482.mdx index aea9dcbd1..accf4f0fd 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-482.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-482.mdx @@ -1,22 +1,22 @@ ```bash - python3 unclaimed_sv_rewards.py \ - https://scan.sv-1.global.canton.network.c7.digital \ - https://scan.sv-1.global.canton.network.cumberland.io \ - https://scan.sv-2.global.canton.network.cumberland.io \ - https://scan.sv-1.global.canton.network.digitalasset.com \ - https://scan.sv-2.global.canton.network.digitalasset.com \ - https://scan.sv-1.global.canton.network.fivenorth.io \ - https://scan.sv-1.global.canton.network.sync.global \ - https://scan.sv-1.global.canton.network.lcv.mpch.io \ - https://scan.sv-1.global.canton.network.mpch.io \ - https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ - https://scan.sv-1.global.canton.network.proofgroup.xyz \ - https://scan.sv.global.canton.network.sv-nodeops.com \ - https://scan.sv-1.global.canton.network.tradeweb.com \ - --beneficiary 'party::1234abcd' \ - --begin-record-time '2025-07-20T10:30:00Z' \ - --end-record-time '2025-07-20T11:30:00Z' \ - --begin-migration-id 3 \ - --weight 5000 \ - --already-minted-weight 0 +python3 unclaimed_sv_rewards.py \ + https://scan.sv-1.global.canton.network.c7.digital \ + https://scan.sv-1.global.canton.network.cumberland.io \ + https://scan.sv-2.global.canton.network.cumberland.io \ + https://scan.sv-1.global.canton.network.digitalasset.com \ + https://scan.sv-2.global.canton.network.digitalasset.com \ + https://scan.sv-1.global.canton.network.fivenorth.io \ + https://scan.sv-1.global.canton.network.sync.global \ + https://scan.sv-1.global.canton.network.lcv.mpch.io \ + https://scan.sv-1.global.canton.network.mpch.io \ + https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ + https://scan.sv-1.global.canton.network.proofgroup.xyz \ + https://scan.sv.global.canton.network.sv-nodeops.com \ + https://scan.sv-1.global.canton.network.tradeweb.com \ + --beneficiary 'party::1234abcd' \ + --begin-record-time '2025-07-20T10:30:00Z' \ + --end-record-time '2025-07-20T11:30:00Z' \ + --begin-migration-id 3 \ + --weight 5000 \ + --already-minted-weight 0 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-507.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-507.mdx index f6db517c1..1e39c9194 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-507.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-507.mdx @@ -1,28 +1,28 @@ ```bash - python3 unclaimed_sv_rewards.py \ - https://scan.sv-1.global.canton.network.c7.digital \ - https://scan.sv-1.global.canton.network.cumberland.io \ - https://scan.sv-2.global.canton.network.cumberland.io \ - https://scan.sv-1.global.canton.network.digitalasset.com \ - https://scan.sv-2.global.canton.network.digitalasset.com \ - https://scan.sv-1.global.canton.network.fivenorth.io \ - https://scan.sv-1.global.canton.network.sync.global \ - https://scan.sv-1.global.canton.network.lcv.mpch.io \ - https://scan.sv-1.global.canton.network.mpch.io \ - https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ - https://scan.sv-1.global.canton.network.proofgroup.xyz \ - https://scan.sv.global.canton.network.sv-nodeops.com \ - https://scan.sv-1.global.canton.network.tradeweb.com \ - --loglevel DEBUG \ - --log-file-path 'log/unclaimed_sv_rewards_2.log' \ - --page-size 200 \ - --grace-period-for-mining-rounds-in-minutes 70 \ - --concurrency 117 \ - --chunk-size-in-hours 0.2 \ - --beneficiary 'party::1234abcd' \ - --begin-record-time '2025-07-20T10:30:00Z' \ - --end-record-time '2025-07-20T11:30:00Z' \ - --begin-migration-id 3 \ - --weight 5000 \ - --already-minted-weight 0 +python3 unclaimed_sv_rewards.py \ + https://scan.sv-1.global.canton.network.c7.digital \ + https://scan.sv-1.global.canton.network.cumberland.io \ + https://scan.sv-2.global.canton.network.cumberland.io \ + https://scan.sv-1.global.canton.network.digitalasset.com \ + https://scan.sv-2.global.canton.network.digitalasset.com \ + https://scan.sv-1.global.canton.network.fivenorth.io \ + https://scan.sv-1.global.canton.network.sync.global \ + https://scan.sv-1.global.canton.network.lcv.mpch.io \ + https://scan.sv-1.global.canton.network.mpch.io \ + https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ + https://scan.sv-1.global.canton.network.proofgroup.xyz \ + https://scan.sv.global.canton.network.sv-nodeops.com \ + https://scan.sv-1.global.canton.network.tradeweb.com \ + --loglevel DEBUG \ + --log-file-path 'log/unclaimed_sv_rewards_2.log' \ + --page-size 200 \ + --grace-period-for-mining-rounds-in-minutes 70 \ + --concurrency 117 \ + --chunk-size-in-hours 0.2 \ + --beneficiary 'party::1234abcd' \ + --begin-record-time '2025-07-20T10:30:00Z' \ + --end-record-time '2025-07-20T11:30:00Z' \ + --begin-migration-id 3 \ + --weight 5000 \ + --already-minted-weight 0 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-538.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-538.mdx index d8698ba54..4c3333548 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-538.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-538.mdx @@ -1,23 +1,23 @@ ```bash - python3 unclaimed_sv_rewards.py \ - https://scan.sv-1.global.canton.network.c7.digital \ - https://scan.sv-1.global.canton.network.cumberland.io \ - https://scan.sv-2.global.canton.network.cumberland.io \ - https://scan.sv-1.global.canton.network.digitalasset.com \ - https://scan.sv-2.global.canton.network.digitalasset.com \ - https://scan.sv-1.global.canton.network.fivenorth.io \ - https://scan.sv-1.global.canton.network.sync.global \ - https://scan.sv-1.global.canton.network.lcv.mpch.io \ - https://scan.sv-1.global.canton.network.mpch.io \ - https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ - https://scan.sv-1.global.canton.network.proofgroup.xyz \ - https://scan.sv.global.canton.network.sv-nodeops.com \ - https://scan.sv-1.global.canton.network.tradeweb.com \ - --cache-file-path 'cache.json' \ - --beneficiary 'party::1234abcd' \ - --begin-record-time '2025-07-20T10:30:00Z' \ - --end-record-time '2025-07-20T11:30:00Z' \ - --begin-migration-id 3 \ - --weight 5000 \ - --already-minted-weight 0 +python3 unclaimed_sv_rewards.py \ + https://scan.sv-1.global.canton.network.c7.digital \ + https://scan.sv-1.global.canton.network.cumberland.io \ + https://scan.sv-2.global.canton.network.cumberland.io \ + https://scan.sv-1.global.canton.network.digitalasset.com \ + https://scan.sv-2.global.canton.network.digitalasset.com \ + https://scan.sv-1.global.canton.network.fivenorth.io \ + https://scan.sv-1.global.canton.network.sync.global \ + https://scan.sv-1.global.canton.network.lcv.mpch.io \ + https://scan.sv-1.global.canton.network.mpch.io \ + https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ + https://scan.sv-1.global.canton.network.proofgroup.xyz \ + https://scan.sv.global.canton.network.sv-nodeops.com \ + https://scan.sv-1.global.canton.network.tradeweb.com \ + --cache-file-path 'cache.json' \ + --beneficiary 'party::1234abcd' \ + --begin-record-time '2025-07-20T10:30:00Z' \ + --end-record-time '2025-07-20T11:30:00Z' \ + --begin-migration-id 3 \ + --weight 5000 \ + --already-minted-weight 0 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-564.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-564.mdx index 58cf3b4b1..e644577c1 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-564.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-564.mdx @@ -1,24 +1,24 @@ ```bash - python3 unclaimed_sv_rewards.py \ - https://scan.sv-1.global.canton.network.c7.digital \ - https://scan.sv-1.global.canton.network.cumberland.io \ - https://scan.sv-2.global.canton.network.cumberland.io \ - https://scan.sv-1.global.canton.network.digitalasset.com \ - https://scan.sv-2.global.canton.network.digitalasset.com \ - https://scan.sv-1.global.canton.network.fivenorth.io \ - https://scan.sv-1.global.canton.network.sync.global \ - https://scan.sv-1.global.canton.network.lcv.mpch.io \ - https://scan.sv-1.global.canton.network.mpch.io \ - https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ - https://scan.sv-1.global.canton.network.proofgroup.xyz \ - https://scan.sv.global.canton.network.sv-nodeops.com \ - https://scan.sv-1.global.canton.network.tradeweb.com \ - --cache-file-path 'cache.json' \ - --beneficiary 'party::1234abcd' \ - --begin-record-time '2025-07-20T10:30:00Z' \ - --end-record-time '2025-07-20T11:30:00Z' \ - --begin-migration-id 3 \ - --weight 5000 \ - --already-minted-weight 0 \ - --rebuild-cache +python3 unclaimed_sv_rewards.py \ + https://scan.sv-1.global.canton.network.c7.digital \ + https://scan.sv-1.global.canton.network.cumberland.io \ + https://scan.sv-2.global.canton.network.cumberland.io \ + https://scan.sv-1.global.canton.network.digitalasset.com \ + https://scan.sv-2.global.canton.network.digitalasset.com \ + https://scan.sv-1.global.canton.network.fivenorth.io \ + https://scan.sv-1.global.canton.network.sync.global \ + https://scan.sv-1.global.canton.network.lcv.mpch.io \ + https://scan.sv-1.global.canton.network.mpch.io \ + https://scan.sv-1.global.canton.network.orb1lp.mpch.io \ + https://scan.sv-1.global.canton.network.proofgroup.xyz \ + https://scan.sv.global.canton.network.sv-nodeops.com \ + https://scan.sv-1.global.canton.network.tradeweb.com \ + --cache-file-path 'cache.json' \ + --beneficiary 'party::1234abcd' \ + --begin-record-time '2025-07-20T10:30:00Z' \ + --end-record-time '2025-07-20T11:30:00Z' \ + --begin-migration-id 3 \ + --weight 5000 \ + --already-minted-weight 0 \ + --rebuild-cache ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-683.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-683.mdx index abd42b190..4a603a5cc 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-683.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-operations-bash-683.mdx @@ -1,4 +1,4 @@ ```bash - --begin-record-time=t0 --end-record-time=t1 \ - --weight=10000 --already-minted-weight=0 +--begin-record-time=t0 --end-record-time=t1 \ +--weight=10000 --already-minted-weight=0 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-102.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-102.mdx index 30ff10207..cc5e7abad 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-102.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-102.mdx @@ -1,3 +1,3 @@ ```bash - jq '.identities.participant' backup.json > dump.json +jq '.identities.participant' backup.json > dump.json ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-57.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-57.mdx index 786cc86d9..7e54d96a0 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-57.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-57.mdx @@ -1,10 +1,10 @@ ```bash - kubectl scale deployment --replicas=0 -n sv \ - global-domain-0-cometbft \ - global-domain-0-mediator \ - global-domain-0-sequencer \ - participant \ - scan-app \ - sv-app \ - validator-app +kubectl scale deployment --replicas=0 -n sv \ + global-domain-0-cometbft \ + global-domain-0-mediator \ + global-domain-0-sequencer \ + participant \ + scan-app \ + sv-app \ + validator-app ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-74.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-74.mdx index 22291ab08..36a71bc7c 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-74.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-sv-operator-sv-restore-bash-74.mdx @@ -1,10 +1,10 @@ ```bash - kubectl scale deployment --replicas=1 -n sv \ - global-domain-0-cometbft \ - global-domain-0-mediator \ - global-domain-0-sequencer \ - participant \ - scan-app \ - sv-app \ - validator-app +kubectl scale deployment --replicas=1 -n sv \ + global-domain-0-cometbft \ + global-domain-0-mediator \ + global-domain-0-sequencer \ + participant \ + scan-app \ + sv-app \ + validator-app ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-36.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-36.mdx index 0386dc99c..cd1eb5d6b 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-36.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-36.mdx @@ -1,4 +1,3 @@ ```bash - curl "https://wallet.validator.YOUR_HOSTNAME/api/validator/v0/admin/participant/identities" -H "authorization: Bearer " - +curl "https://wallet.validator.YOUR_HOSTNAME/api/validator/v0/admin/participant/identities" -H "authorization: Bearer " ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-67.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-67.mdx index 4ba2b65b3..e492ba0d8 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-67.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-backups-bash-67.mdx @@ -1,6 +1,5 @@ ```bash - docker exec -i splice-validator-postgres-splice-1 pg_dump -U cnadmin validator > "${backup_dir}"/validator-"$(date -u +"%Y-%m-%dT%H:%M:%S%:z")".dump - active_participant_db=$(docker exec splice-validator-participant-1 bash -c 'echo $CANTON_PARTICIPANT_POSTGRES_DB') - docker exec splice-validator-postgres-splice-1 pg_dump -U cnadmin "${active_participant_db}" > "${backup_dir}"/"${active_participant_db}"-"$(date -u +"%Y-%m-%dT%H:%M:%S%:z")".dump - +docker exec -i splice-validator-postgres-splice-1 pg_dump -U cnadmin validator > "${backup_dir}"/validator-"$(date -u +"%Y-%m-%dT%H:%M:%S%:z")".dump +active_participant_db=$(docker exec splice-validator-participant-1 bash -c 'echo $CANTON_PARTICIPANT_POSTGRES_DB') +docker exec splice-validator-postgres-splice-1 pg_dump -U cnadmin "${active_participant_db}" > "${backup_dir}"/"${active_participant_db}"-"$(date -u +"%Y-%m-%dT%H:%M:%S%:z")".dump ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-167.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-167.mdx index b84a32242..f8d91469d 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-167.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-167.mdx @@ -1,4 +1,3 @@ ```bash - cd splice-node/docker-compose/validator - +cd splice-node/docker-compose/validator ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-175.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-175.mdx index 53506dbdd..827beb7bc 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-175.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-175.mdx @@ -1,4 +1,3 @@ ```bash - ./start.sh -s "" -o "" -p "" -m "" -w - +./start.sh -s "" -o "" -p "" -m "" -w ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-281.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-281.mdx index d30d386fd..507dafe52 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-281.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-281.mdx @@ -1,4 +1,3 @@ ```bash - ./start.sh -s "" -o "" -p "" -m "" -w -a - +./start.sh -s "" -o "" -p "" -m "" -w -a ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-306.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-306.mdx index 5a15fa970..8fdaeb910 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-306.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-306.mdx @@ -1,5 +1,4 @@ ```bash - export TARGET_TRAFFIC_THROUGHPUT=20000 # target throughput in bytes/second - export MIN_TRAFFIC_TOPUP_INTERVAL="1m" # minimum interval between top-ups - +export TARGET_TRAFFIC_THROUGHPUT=20000 # target throughput in bytes/second +export MIN_TRAFFIC_TOPUP_INTERVAL="1m" # minimum interval between top-ups ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-58.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-58.mdx index 44263f6ed..413c1004c 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-58.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-bash-58.mdx @@ -1,12 +1,11 @@ ```bash - > docker compose version - Docker Compose version 2.32.1 - > curl --version - curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 - Release-Date: 2024-11-06 - Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp - Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd - > jq --version - jq-1.7.1 - +> docker compose version +Docker Compose version 2.32.1 +> curl --version +curl 8.11.0 (x86_64-pc-linux-gnu) libcurl/8.11.0 OpenSSL/3.3.2 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.64.0 +Release-Date: 2024-11-06 +Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp +Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL threadsafe TLS-SRP UnixSockets zstd +> jq --version +jq-1.7.1 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-105.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-105.mdx index 10e1daa94..dbce50d89 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-105.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-105.mdx @@ -5,5 +5,4 @@ JAVA_TOOL_OPTIONS: >- -Dhttps.proxyHost=your.proxy.host -Dhttps.proxyPort=your_proxy_port - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-152.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-152.mdx index 205393577..3ba3b4146 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-152.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-152.mdx @@ -6,5 +6,4 @@ -Dhttps.proxyHost=your.proxy.host -Dhttps.proxyPort=your_proxy_port -Dhttp.nonProxyHosts=localhost|127.0.0.1|*.internal|10.* - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-347.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-347.mdx index 68e9379fc..772ad55ed 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-347.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-347.mdx @@ -9,5 +9,4 @@ from-parties = ["", ""] } } - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-96.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-96.mdx index 81578624d..8002cdd1b 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-96.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-compose-yaml-96.mdx @@ -5,5 +5,4 @@ JAVA_TOOL_OPTIONS: >- -Dhttps.proxyHost=your.proxy.host -Dhttps.proxyPort=your_proxy_port - ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-201.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-201.mdx index 9ce39f43a..7f47f406f 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-201.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-201.mdx @@ -1,11 +1,11 @@ ```bash - export LEDGER_API_URL="https://validator.example.com:5003" - export TOKEN="your-auth-token" - export BENEFICIARY_PARTY="beneficiary::1220abcd..." - export DELEGATE_PARTY="validator_operator::1220efgh..." - export DSO_PARTY="DSO::1220ijkl..." - export EXPIRES_AT="2025-12-31T23:59:59Z" - # This could be created by - # export EXPIRES_AT="$(date -u -d '+1 year' '+%Y-%m-%dT%H:%M:%SZ')" - export AMULET_MERGE_LIMIT=10 +export LEDGER_API_URL="https://validator.example.com:5003" +export TOKEN="your-auth-token" +export BENEFICIARY_PARTY="beneficiary::1220abcd..." +export DELEGATE_PARTY="validator_operator::1220efgh..." +export DSO_PARTY="DSO::1220ijkl..." +export EXPIRES_AT="2025-12-31T23:59:59Z" +# This could be created by +# export EXPIRES_AT="$(date -u -d '+1 year' '+%Y-%m-%dT%H:%M:%SZ')" +export AMULET_MERGE_LIMIT=10 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-215.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-215.mdx index d35814336..2b007f532 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-215.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-215.mdx @@ -1,22 +1,22 @@ ```bash - curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ - --data-raw '{ - "commands": [ - { - "CreateCommand": { - "templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegationProposal", - "createArguments": { - "delegation": { - "beneficiary": "'"$BENEFICIARY_PARTY"'", - "delegate": "'"$DELEGATE_PARTY"'", - "dso": "'"$DSO_PARTY"'", - "expiresAt": "'"$EXPIRES_AT"'", - "amuletMergeLimit": '"$AMULET_MERGE_LIMIT"' - } - } - } - } - ] - }' \ - "$LEDGER_API_URL/v2/commands" +curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ +--data-raw '{ + "commands": [ + { + "CreateCommand": { + "templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegationProposal", + "createArguments": { + "delegation": { + "beneficiary": "'"$BENEFICIARY_PARTY"'", + "delegate": "'"$DELEGATE_PARTY"'", + "dso": "'"$DSO_PARTY"'", + "expiresAt": "'"$EXPIRES_AT"'", + "amuletMergeLimit": '"$AMULET_MERGE_LIMIT"' + } + } + } + } + ] +}' \ +"$LEDGER_API_URL/v2/commands" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-251.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-251.mdx index 153d237fd..c25f84a22 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-251.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-251.mdx @@ -1,21 +1,21 @@ ```bash - curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ - --data-raw '{ - "filter": { - "filtersByParty": { - "'"$BENEFICIARY_PARTY"'": { - "filters": [ - { - "inclusive": { - "templateFilters": [ - {"templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegationProposal"} - ] - } - } - ] - } - } - } - }' \ - "$LEDGER_API_URL/v2/state/active-contracts" +curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ +--data-raw '{ + "filter": { + "filtersByParty": { + "'"$BENEFICIARY_PARTY"'": { + "filters": [ + { + "inclusive": { + "templateFilters": [ + {"templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegationProposal"} + ] + } + } + ] + } + } + } +}' \ +"$LEDGER_API_URL/v2/state/active-contracts" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-276.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-276.mdx index 75cc4a68d..744979f35 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-276.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-276.mdx @@ -1,21 +1,21 @@ ```bash - curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ - --data-raw '{ - "filter": { - "filtersByParty": { - "'"$BENEFICIARY_PARTY"'": { - "filters": [ - { - "inclusive": { - "templateFilters": [ - {"templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegation"} - ] - } - } - ] - } - } - } - }' \ - "$LEDGER_API_URL/v2/state/active-contracts" +curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ +--data-raw '{ + "filter": { + "filtersByParty": { + "'"$BENEFICIARY_PARTY"'": { + "filters": [ + { + "inclusive": { + "templateFilters": [ + {"templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegation"} + ] + } + } + ] + } + } + } +}' \ +"$LEDGER_API_URL/v2/state/active-contracts" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-309.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-309.mdx index 9715a808b..de6d252c5 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-309.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-delegations-bash-309.mdx @@ -1,18 +1,18 @@ ```bash - export PROPOSAL_CONTRACT_ID="00abcd1234..." +export PROPOSAL_CONTRACT_ID="00abcd1234..." - curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ - --data-raw '{ - "commands": [ - { - "ExerciseCommand": { - "templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegationProposal", - "contractId": "'"$PROPOSAL_CONTRACT_ID"'", - "choice": "MintingDelegationProposal_Withdraw", - "choiceArgument": {} - } - } - ] - }' \ - "$LEDGER_API_URL/v2/commands" +curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ +--data-raw '{ + "commands": [ + { + "ExerciseCommand": { + "templateId": "#splice-wallet:Splice.Wallet.MintingDelegation:MintingDelegationProposal", + "contractId": "'"$PROPOSAL_CONTRACT_ID"'", + "choice": "MintingDelegationProposal_Withdraw", + "choiceArgument": {} + } + } + ] +}' \ +"$LEDGER_API_URL/v2/commands" ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-137.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-137.mdx deleted file mode 100644 index 6a669bc1a..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-137.mdx +++ /dev/null @@ -1,6 +0,0 @@ -```bash - -.. code-block:: bash - - kubectl create secret generic participant-bootstrap-dump \ -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-140.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-140.mdx new file mode 100644 index 000000000..2cc52514b --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-bash-140.mdx @@ -0,0 +1,5 @@ +```bash +kubectl create secret generic participant-bootstrap-dump \ + --from-file=content=${PARTICIPANT_BOOTSTRAP_DUMP_FILE} \ + -n validator +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-264.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-264.mdx deleted file mode 100644 index e690948ed..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-264.mdx +++ /dev/null @@ -1,4 +0,0 @@ -``` - Run from a regular shell (same working directory like the one you started your Canton console from): - -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-274.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-274.mdx new file mode 100644 index 000000000..1301451f1 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-274.mdx @@ -0,0 +1,3 @@ +``` +participant.repair.import_acs("acs_snapshot") +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-309.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-309.mdx deleted file mode 100644 index d84372230..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-309.mdx +++ /dev/null @@ -1,33 +0,0 @@ -``` - those from the rejected ``OwnerToKeyMapping`` in your participant logs, and replace the - old participant ID with your actual old participant ID: - - .. code:: - - val keys = Seq("", "").map(prefix => - participant.keys.public.list().filter(_.publicKey.id.toProtoPrimitive.startsWith(prefix)).head.publicKey) - - val oldParticipantId = ParticipantId.fromProtoPrimitive("", "participant").toOption.get - val otk = OwnerToKeyMapping(member = oldParticipantId, keys = NonEmpty.from(keys).get) - participant.topology.owner_to_key_mappings.propose(otk, force = ForceFlag.AlienMember) - -3. Start the validator app using your original identities dump configuration. - -.. _validator_recover_external_party: - -Recover the Coin balance of an external party -+++++++++++++++++++++++++++++++++++++++++++++ - -For a party relying on external signing, a similar procedure can be -used to recover its coin balance in case the validator originally -hosting it becomes unusable for whatever reason. - -.. warning:: The target validator that you use to host the party after - recovery **must** be a **completely new validator**. An existing validator - may brick completely due to some limitations around party - migrations and there is no way to recover from that at - this point. Recovering a validator from an identities backup does not classify - as a completely new validator here. You must setup it with a completely new identity - and a completely clean database. - This limitation is expected to be lifted in -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-351.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-351.mdx deleted file mode 100644 index 4afc08701..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-351.mdx +++ /dev/null @@ -1,20 +0,0 @@ -``` -it on multiple nodes, you will need to adjust this. - -.. code:: - - // replace YOUR_PARTY_ID by the ID of your external party - val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") - val participantId = participant.id - val synchronizerId = participant.synchronizers.id_of("global") - - // generate topology transaction - val partyToParticipant = PartyToParticipant.tryCreate( - partyId = partyId, - threshold = PositiveInt.one, - participants = Seq( - HostingParticipant( - participantId, - ParticipantPermission.Confirmation, - ) -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-355.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-355.mdx new file mode 100644 index 000000000..13f3cb5c9 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-355.mdx @@ -0,0 +1,32 @@ +``` +// replace YOUR_PARTY_ID by the ID of your external party +val partyId = PartyId.tryFromProtoPrimitive("YOUR_PARTY_ID") +val participantId = participant.id +val synchronizerId = participant.synchronizers.id_of("global") + +// generate topology transaction +val partyToParticipant = PartyToParticipant.tryCreate( + partyId = partyId, + threshold = PositiveInt.one, + participants = Seq( + HostingParticipant( + participantId, + ParticipantPermission.Confirmation, + ) + ), + ) + +import com.digitalasset.canton.admin.api.client.commands.TopologyAdminCommands.Write.GenerateTransactions +val topologyTransaction = participant.topology.transactions.generate( + Seq( + GenerateTransactions.Proposal( + partyToParticipant, + TopologyStoreId.Synchronizer(synchronizerId), + ) + ) +).head + +// Print out the hash that needs to be signed. Note that you need to sign +// the actual bytes the hex string represents not the hex string +topologyTransaction.hash.hash.toHexString +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-373.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-373.mdx deleted file mode 100644 index 9d549ca0d..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-373.mdx +++ /dev/null @@ -1,20 +0,0 @@ -``` - val topologyTransaction = participant.topology.transactions.generate( - Seq( - GenerateTransactions.Proposal( - partyToParticipant, - TopologyStoreId.Synchronizer(synchronizerId), - ) - ) - ).head - - // Print out the hash that needs to be signed. Note that you need to sign - // the actual bytes the hex string represents not the hex string - topologyTransaction.hash.hash.toHexString - -We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. - -The topology transaction hash needs to be signed externally following the -`documentation for external signing `_. - -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-397.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-397.mdx new file mode 100644 index 000000000..aa50a77ce --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-397.mdx @@ -0,0 +1,19 @@ +``` +// Replace HASH_SIGNATURE_HEXSTRING with the signed topology transaction hash +val signature = Signature.fromExternalSigning(SignatureFormat.Raw, HexString.parseToByteString("HASH_SIGNATURE_HEXSTRING").get, partyId.namespace.fingerprint, SigningAlgorithmSpec.Ed25519) +val topologyTxSignedByParty = SignedTopologyTransaction.create( + topologyTransaction, + NonEmpty(Set, SingleTransactionSignature(topologyTransaction.hash, signature): TopologyTransactionSignature), + isProposal = false, + ProtocolVersion.v34, +) +val topologyTxSignedByBoth = participant.topology.transactions.sign( + topologyTxSignedByParty, + TopologyStoreId.Synchronizer(synchronizerId), + signedBy = Seq(participantId.namespace.fingerprint) +) +participant.topology.transactions.load( + topologyTxSignedByBoth, + TopologyStoreId.Synchronizer(synchronizerId), +) +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-405.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-405.mdx deleted file mode 100644 index 0ab01ad71..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-405.mdx +++ /dev/null @@ -1,6 +0,0 @@ -``` - val topologyTxSignedByBoth = participant.topology.transactions.sign( - topologyTxSignedByParty, - TopologyStoreId.Synchronizer(synchronizerId), - signedBy = Seq(participantId.namespace.fingerprint) -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-419.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-419.mdx new file mode 100644 index 000000000..7e09775a7 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-419.mdx @@ -0,0 +1,19 @@ +``` +// The detailed output will slightly vary. Make sure that you see the new participant ID though. +participant.topology.party_to_participant_mappings.list(synchronizerId, filterParty = partyId.filterString) + res36: Seq[topology.ListPartyToParticipantResult] = Vector( + ListPartyToParticipantResult( + context = BaseResult( + storeId = Synchronizer(id = global-domain::122025296c61...), + validFrom = 2025-05-14T10:19:33.534074Z, + validUntil = None, + sequenced = 2025-05-14T10:19:33.534074Z, + operation = Replace, + transactionHash = , + serial = PositiveNumeric(value = 1), + signedBy = Vector(1220b529c1d9...) + ), + item = PartyToParticipant(YOUR_PARTY_ID, PositiveNumeric(1), Vector(HostingParticipant(YOUR_PARTICIPANT_ID..., Submission))) + ) + ) +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-451.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-451.mdx new file mode 100644 index 000000000..c511f7366 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-451.mdx @@ -0,0 +1,5 @@ +``` +participant.synchronizers.disconnect_all() +participant.repair.import_acs("acs_snapshot") +participant.synchronizers.reconnect_all() +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-103.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-103.mdx deleted file mode 100644 index 60300992e..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-103.mdx +++ /dev/null @@ -1,6 +0,0 @@ -```bash - -You can set ``http.nonProxyHosts`` to bypass the proxy for specific target -hosts. Matching hosts will be contacted directly rather than through the -configured proxy. This is useful for services that are reachable on the local -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-116.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-116.mdx deleted file mode 100644 index 5d38bec4d..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-116.mdx +++ /dev/null @@ -1,6 +0,0 @@ -```bash - resolution is performed, so ``localhost`` and ``127.0.0.1`` are treated as - different names unless you list both. -- An empty value (e.g. ``-Dhttp.nonProxyHosts=``) means "no bypass patterns". - -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-145.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-145.mdx new file mode 100644 index 000000000..6eb7dcf1e --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-145.mdx @@ -0,0 +1,5 @@ +```bash +kubectl create secret generic postgres-secrets \ + --from-literal=postgresPassword=${POSTGRES_PASSWORD} \ + -n validator +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-158.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-158.mdx new file mode 100644 index 000000000..e95d9c6f2 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-158.mdx @@ -0,0 +1,5 @@ +```bash +kubectl create secret generic splice-app-validator-onboarding-validator \ + "--from-literal=secret=${ONBOARDING_SECRET}" \ + -n validator +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-310.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-310.mdx deleted file mode 100644 index c2c2ed83f..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-310.mdx +++ /dev/null @@ -1,10 +0,0 @@ -```bash - e. Save your application settings. - -6. Create an Auth0 Application for the CNS web UI. - Repeat all steps described in step 5, with following modifications: - - - In step b, use ``CNS web UI`` as the name of your application. - - In steps c and d, use the URL for your validator's *CNS* UI. - If you're using the ingress configuration of this runbook, that would be ``https://cns.validator.YOUR_HOSTNAME``. -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-322.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-322.mdx deleted file mode 100644 index f03956704..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-322.mdx +++ /dev/null @@ -1,10 +0,0 @@ -```bash -It can be found in the Auth0 interface under User Management -> Users -> your user's name -> user_id (a field right under the user's name at the top). - -We will use the environment variables listed in the table below to refer to aspects of your Auth0 configuration: - -================================== =========================================================================== -Name Value ----------------------------------- --------------------------------------------------------------------------- -OIDC_AUTHORITY_URL ``https://AUTH0_TENANT_NAME.us.auth0.com`` -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-352.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-352.mdx new file mode 100644 index 000000000..efde7734c --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-352.mdx @@ -0,0 +1,9 @@ +```bash +kubectl create --namespace validator secret generic splice-app-validator-ledger-api-auth \ + "--from-literal=ledger-api-user=${VALIDATOR_CLIENT_ID}@clients" \ + "--from-literal=url=${OIDC_AUTHORITY_URL}/.well-known/openid-configuration" \ + "--from-literal=client-id=${VALIDATOR_CLIENT_ID}" \ + "--from-literal=client-secret=${VALIDATOR_CLIENT_SECRET}" \ + "--from-literal=audience=${OIDC_AUTHORITY_LEDGER_API_AUDIENCE}" \ + "--from-literal=scope=${OIDC_AUTHORITY_LEDGER_API_SCOPE}" +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-364.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-364.mdx new file mode 100644 index 000000000..b4ddd7eb9 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-364.mdx @@ -0,0 +1,9 @@ +```bash +kubectl create --namespace validator secret generic splice-app-wallet-ui-auth \ + "--from-literal=url=${OIDC_AUTHORITY_URL}" \ + "--from-literal=client-id=${WALLET_UI_CLIENT_ID}" + +kubectl create --namespace validator secret generic splice-app-cns-ui-auth \ + "--from-literal=url=${OIDC_AUTHORITY_URL}" \ + "--from-literal=client-id=${CNS_UI_CLIENT_ID}" +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-451.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-451.mdx deleted file mode 100644 index b17ca7185..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-451.mdx +++ /dev/null @@ -1,11 +0,0 @@ -```bash -- Replace ``YOUR_VALIDATOR_PARTY_HINT`` with the desired name for your - validator operator party. It must be of the format - ``--``. -- Replace ``YOUR_VALIDATOR_NODE_NAME`` with the name you want your validator node to be represented as on the network. Usually you can use the same value as for your ``validatorPartyHint``. - -Finally, please download the UI config values file from -https://github.com/global-synchronizer-foundation/configs/blob/main/configs/ui-config-values.yaml -and add the values from it to your ``standalone-validator-values.yaml``. - -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-482.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-482.mdx new file mode 100644 index 000000000..c93413d26 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-482.mdx @@ -0,0 +1,9 @@ +```bash +$ kubectl get pods -n validator +NAMESPACE NAME READY STATUS RESTARTS AGE +validator ans-web-ui-5bf489db78-bdn2j 1/1 Running 0 24m +validator participant-8988dfb54-m9655 1/1 Running 0 26m +validator postgres-0 1/1 Running 0 37m +validator validator-app-f8c74d5dd-zf9j4 1/1 Running 0 24m +validator wallet-web-ui-69d85cdb99-fnj7q 1/1 Running 0 24m +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-514.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-514.mdx deleted file mode 100644 index 3eb15fc8d..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-514.mdx +++ /dev/null @@ -1,7 +0,0 @@ -```bash -* ``https://wallet.validator.`` should be routed to service ``wallet-web-ui`` in the ``validator`` namespace -* ``https://wallet.validator./api/validator`` should be routed to ``/api/validator`` at port 5003 of service ``validator-app`` in the ``validator`` namespace -* ``https://cns.validator.`` should be routed to service ``ans-web-ui`` in the ``validator`` namespace -* ``https://cns.validator./api/validator`` should be routed to ``/api/validator`` at port 5003 of service ``validator-app`` in the ``validator`` namespace - -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-526.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-526.mdx deleted file mode 100644 index 3d3cde3c5..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-526.mdx +++ /dev/null @@ -1,5 +0,0 @@ -```bash -Internet ingress configuration is often specific to the network configuration and scenario of the -cluster being configured. To illustrate the basic requirements of a Validator node ingress, we have -provided a Helm chart that configures ingress according to the routes above using Istio, as detailed in the sections below. -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-545.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-545.mdx new file mode 100644 index 000000000..f3106d035 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-545.mdx @@ -0,0 +1,6 @@ +```bash +helm repo add istio https://istio-release.storage.googleapis.com/charts +helm repo update +helm install istio-base istio/base -n istio-system --set defaults.global.istioNamespace=cluster-ingress --wait +helm install istiod istio/istiod -n cluster-ingress --set global.istioNamespace="cluster-ingress" --set meshConfig.accessLogFile="/dev/stdout" --wait +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-557.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-557.mdx new file mode 100644 index 000000000..9d14f2d94 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-557.mdx @@ -0,0 +1,3 @@ +```bash +kubectl create ns cluster-ingress +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-567.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-567.mdx deleted file mode 100644 index 54b21a3d7..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-567.mdx +++ /dev/null @@ -1,5 +0,0 @@ -```bash - kind: Certificate - metadata: - name: cn-certificate -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-598.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-598.mdx new file mode 100644 index 000000000..c2dc21209 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-598.mdx @@ -0,0 +1,3 @@ +```bash +helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-611.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-611.mdx deleted file mode 100644 index 9cd7e629c..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-611.mdx +++ /dev/null @@ -1,5 +0,0 @@ -```bash - namespace: cluster-ingress - spec: - selector: -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-642.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-642.mdx new file mode 100644 index 000000000..78072e1e4 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-642.mdx @@ -0,0 +1,3 @@ +```bash +kubectl apply -f gateway.yaml -n cluster-ingress +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-65.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-65.mdx index 6abfcd761..0bf82b53a 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-65.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-65.mdx @@ -1,3 +1,3 @@ ```bash - kubectl create ns validator +kubectl create ns validator ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-535.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-535.mdx deleted file mode 100644 index dd8681e38..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-535.mdx +++ /dev/null @@ -1,15 +0,0 @@ -```yaml - -* *cert-manager* must be available in the cluster (See `cert-manager documentation `_) -* *istio* should be installed in the cluster (See `istio documentation `_) - -*Note that their deployments are often platform-dependent and good documentations on how to set them up can be found online.* - -**Example of Istio installation:** - -.. code-block:: bash - - helm repo add istio https://istio-release.storage.googleapis.com/charts - helm repo update - helm install istio-base istio/base -n istio-system --set defaults.global.istioNamespace=cluster-ingress --wait -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-553.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-553.mdx deleted file mode 100644 index 4bba621fd..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-553.mdx +++ /dev/null @@ -1,12 +0,0 @@ -```yaml -Create a `cluster-ingress` namespace: - -.. code-block:: bash - - kubectl create ns cluster-ingress - - -Ensure that there is a cert-manager certificate available in a secret -named ``cn-net-tls``. An example of a suitable certificate -definition: -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-566.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-566.mdx new file mode 100644 index 000000000..15bfa6ff1 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-566.mdx @@ -0,0 +1,13 @@ +```yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: cn-certificate + namespace: cluster-ingress +spec: + dnsNames: + - '*.validator.YOUR_HOSTNAME' + issuerRef: + name: letsencrypt-production + secretName: cn-net-tls +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-576.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-576.mdx deleted file mode 100644 index 72bcdba7b..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-576.mdx +++ /dev/null @@ -1,33 +0,0 @@ -```yaml - secretName: cn-net-tls - - -Create a file named ``istio-gateway-values.yaml`` with the following content -(Tip: on GCP you can get the cluster IP from ``gcloud compute addresses list``): - -.. code-block:: yaml - - service: - loadBalancerIP: "YOUR_CLUSTER_IP" - loadBalancerSourceRanges: - - "35.194.81.56/32" - - "35.198.147.95/32" - - "35.189.40.124/32" - - "34.132.91.75/32" - - - -And install it to your cluster: - -.. code-block:: bash - - helm install istio-ingress istio/gateway -n cluster-ingress -f istio-gateway-values.yaml - - -Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, -and replace ``YOUR_HOSTNAME`` with the actual hostname you want to use for your validator node -(and has a DNS record pointing to the cluster IP you configured above): - -.. code-block:: yaml - -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-584.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-584.mdx new file mode 100644 index 000000000..170696e86 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-584.mdx @@ -0,0 +1,9 @@ +```yaml +service: + loadBalancerIP: "YOUR_CLUSTER_IP" + loadBalancerSourceRanges: + - "35.194.81.56/32" + - "35.198.147.95/32" + - "35.189.40.124/32" + - "34.132.91.75/32" +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-607.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-607.mdx new file mode 100644 index 000000000..b38311ef7 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-607.mdx @@ -0,0 +1,31 @@ +```yaml +apiVersion: networking.istio.io/v1alpha3 +kind: Gateway +metadata: + name: cn-http-gateway + namespace: cluster-ingress +spec: + selector: + app: istio-ingress + istio: ingress + servers: + - port: + number: 443 + name: https + protocol: HTTPS + tls: + mode: SIMPLE + credentialName: cn-net-tls # name of the secret created above + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" + - port: + number: 80 + name: http + protocol: HTTP + tls: + httpsRedirect: true + hosts: + - "*.YOUR_HOSTNAME" + - "YOUR_HOSTNAME" +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-771.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-771.mdx deleted file mode 100644 index 3c5123779..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-771.mdx +++ /dev/null @@ -1,12 +0,0 @@ -```yaml -Refer to the Canton documentation for more details on participant pruning: - -* https://docs.daml.com/ops/pruning.html -* https://docs.daml.com/canton/usermanual/pruning.html - -.. literalinclude:: ../../../apps/app/src/pack/examples/sv-helm/validator-values.yaml - :language: yaml - :start-after: PARTICIPANT_PRUNING_SCHEDULE_START - :end-before: PARTICIPANT_PRUNING_SCHEDULE_END - -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-787.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-787.mdx new file mode 100644 index 000000000..50cf5ee80 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-787.mdx @@ -0,0 +1,11 @@ +```yaml +# if you want to disable the default postgres init container: +persistence: + enablePgInitContainer: false + +# if you want additional init containers: +extraInitContainers: + - name: my-extra-container + image: busybox + command: [ "sh", "-c", "echo 'example extra container'" ] +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-797.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-797.mdx deleted file mode 100644 index 0daad6996..000000000 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-797.mdx +++ /dev/null @@ -1,11 +0,0 @@ -```yaml - command: [ "sh", "-c", "echo 'example extra container'" ] - -.. _helm-validator-volume-ownership: - -Working around volume ownership issues --------------------------------------- - -The containers in the ``splice-validator`` chart run as non-root users (specifically, user:group 1001:1001) for security reasons. -The pod mounts volumes for use by the containers, and these volumes need to be owned by the user that the containers run as. -``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-815.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-815.mdx new file mode 100644 index 000000000..6ffb6fe44 --- /dev/null +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-815.mdx @@ -0,0 +1,9 @@ +```yaml +extraInitContainers: + - name: chown-domain-upgrade-dump + image: busybox:1.37.0 + command: ["sh", "-c", "chown -R 1001:1001 /domain-upgrade-dump"] + volumeMounts: + - name: domain-upgrade-dump-volume + mountPath: /domain-upgrade-dump +``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-107.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-107.mdx index 3bd45c2c8..b8f65ef24 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-107.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-107.mdx @@ -1,12 +1,12 @@ ```bash - https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 - https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 - https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 - https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 - https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 - https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 - https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv-2.test.global.canton.network.digitalasset.com: 0.3.6 +https://scan.sv.test.global.canton.network.tradeweb.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.orb1lp.mpch.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.sync.global: 0.3.6 +https://scan.sv.test.global.canton.network.sv-nodeops.com: 0.3.6 +https://scan.sv-1.test.global.canton.network.mpch.io: 0.3.6 +https://scan.sv-2.test.global.canton.network.cumberland.io: 0.3.6 +https://scan.sv-1.test.global.canton.network.c7.digital: 0.3.6 +https://scan.sv-1.test.global.canton.network.digitalasset.com: 0.3.6 ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-136.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-136.mdx index 6e6db2a66..e44a39ce4 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-136.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-onboarding-bash-136.mdx @@ -1,32 +1,32 @@ ```bash - sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.tradeweb.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.sync.global: { - "status": "SERVING" - } - sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.mpch.io: { - "status": "SERVING" - } - sequencer-1.sv-2.test.global.canton.network.cumberland.io: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.c7.digital: { - "status": "SERVING" - } - sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { - "status": "SERVING" - } +sequencer-1.sv-2.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.tradeweb.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.orb1lp.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.sync.global: { + "status": "SERVING" +} +sequencer-1.sv.test.global.canton.network.sv-nodeops.com: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.mpch.io: { + "status": "SERVING" +} +sequencer-1.sv-2.test.global.canton.network.cumberland.io: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.c7.digital: { + "status": "SERVING" +} +sequencer-1.sv-1.test.global.canton.network.digitalasset.com: { + "status": "SERVING" +} ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-48.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-48.mdx index b8afc523c..494283608 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-48.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-48.mdx @@ -1,6 +1,5 @@ ```bash - curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ - --data-raw "{\"party_id\":\"$PARTY_ID\",\"name\":\"$USER\"}" \ - https:///api/validator/v0/admin/users - +curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ +--data-raw "{\"party_id\":\"$PARTY_ID\",\"name\":\"$USER\"}" \ +https:///api/validator/v0/admin/users ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-66.mdx b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-66.mdx index abc0126f2..3b6b2102b 100644 --- a/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-66.mdx +++ b/docs-main/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-users-bash-66.mdx @@ -1,6 +1,5 @@ ```bash - curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ - --data-raw "{\"party_id\":\"$PARTY_ID\",\"name\":\"$USER\",\"createPartyIfMissing\":true}" \ - https:///api/validator/v0/admin/users - +curl -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" \ +--data-raw "{\"party_id\":\"$PARTY_ID\",\"name\":\"$USER\",\"createPartyIfMissing\":true}" \ +https:///api/validator/v0/admin/users ``` \ No newline at end of file diff --git a/docs-main/snippets/external/splice/main/splice-rst-full-docs-src-common-reloader-recommendation.mdx b/docs-main/snippets/external/splice/main/splice-rst-full-docs-src-common-reloader-recommendation.mdx deleted file mode 100644 index e69de29bb..000000000 diff --git a/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-3.mdx b/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-3.mdx index a54416322..f78c9e60a 100644 --- a/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-3.mdx +++ b/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-3.mdx @@ -1,4 +1,4 @@ -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash451 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-451.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash482 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-482.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmParsedLiteral472 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-parsed-literal-472.mdx"; With these files in place, you can execute the following helm commands in sequence. It's generally a good idea to wait until each deployment reaches a stable state prior to moving on to the next step. @@ -7,6 +7,6 @@ With these files in place, you can execute the following helm commands in sequen Once this is running, you should be able to inspect the state of the cluster and observe pods running in the new namespace. A typical query might look as follows: - + Note also that `Pod` restarts may happen during bringup, particularly if all helm charts are deployed at the same time. For example, the `participant` cannot start until `postgres` is running. diff --git a/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-4.mdx b/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-4.mdx index 73f7fdf2e..64e80c73a 100644 --- a/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-4.mdx +++ b/docs-main/snippets/networkvars/global-synchronizer/deployment/validator-kubernetes-4.mdx @@ -1,34 +1,34 @@ -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash526 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-526.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml535 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-535.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml553 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-553.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash567 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-567.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml576 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-576.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash611 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-611.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash557 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-557.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml566 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-566.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml584 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-584.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash598 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-598.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmYaml607 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-yaml-607.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmBash642 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-bash-642.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorHelmParsedLiteral657 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-helm-parsed-literal-657.mdx"; Create a `cluster-ingress` namespace: - + Ensure that there is a cert-manager certificate available in a secret named `cn-net-tls`. An example of a suitable certificate definition: - + Create a file named `istio-gateway-values.yaml` with the following content (Tip: on GCP you can get the cluster IP from `gcloud compute addresses list`): - + And install it to your cluster: - + Create an Istio Gateway resource in the `cluster-ingress` namespace. Save the following to a file named `gateway.yaml`, and replace `YOUR_HOSTNAME` with the actual hostname you want to use for your validator node (and has a DNS record pointing to the cluster IP you configured above): - + And apply it to your cluster: - + This gateway terminates tls using the secret that you configured above, and exposes raw http traffic in its outbound port 443. Istio VirtualServices can now be created to route traffic from there to the required pods within the cluster. A reference Helm chart is provided for that, which can be installed after diff --git a/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-1.mdx b/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-1.mdx index e8b3eead3..55f2ba03a 100644 --- a/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-1.mdx +++ b/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-1.mdx @@ -1,10 +1,9 @@ import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone240 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-240.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone248 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-248.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone260 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-260.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone264 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-264.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone274 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-274.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryParsedLiteral268 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-parsed-literal-268.mdx"; - If you still observe issues, in particular you observe `ACS_COMMITMENT_MISMATCH` warnings in your participant logs, something has likely gone wrong while importing the active contracts of at least one of the parties hosted on your node. Another common symptom (in case the validator party is affected) is that your your validator initialization fails with a `Unknown secret` error and your validator logs contain a `ValidatorLicense not found` message. To address a failed `ACS` import, you can usually: 1. First make sure all parties are hosted on the same node. The most common case is that either the parties are still on the old node with the old participant ID or they have been migrated to the new node. You can check by opening a Canton console to any participant on the network (i.e., you can also ask another validator or SV operator for this information) and running the following query where \ is the part after the `::` in, for example, your validator party ID. @@ -33,7 +32,7 @@ If you still observe issues, in particular you observe `ACS_COMMITMENT_MISMATCH` From the Canton console: - + 5. From the Canton console, run `participant.synchronizers.reconnect_all()`. diff --git a/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-2.mdx b/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-2.mdx index 29bb01347..89676f6d9 100644 --- a/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-2.mdx +++ b/docs-main/snippets/networkvars/global-synchronizer/production-operations/validator-disaster-recovery-2.mdx @@ -1,8 +1,7 @@ -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone309 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-309.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone351 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-351.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone373 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-373.mdx"; -import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone405 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-405.mdx"; - +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone355 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-355.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone397 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-397.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone419 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-419.mdx"; +import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryNone451 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-none-451.mdx"; import ExternalSpliceMainSpliceRstCodeDocsSrcValidatorOperatorValidatorDisasterRecoveryParsedLiteral443 from "/snippets/external/splice/main/splice-rst-code-docs-src-validator-operator-validator-disaster-recovery-parsed-literal-443.mdx"; For a party relying on external signing, a similar procedure can be used to recover its coin balance in case the validator originally hosting it becomes unusable for whatever reason. @@ -19,7 +18,7 @@ We now need to sign and submit the topology transaction to host the external par To do so, first generate the topology transaction. Note that the instructions here assume that the party is only hosted on a single participant node. If you want to host it on multiple nodes, you will need to adjust this. - + We'll need the topology transaction and the definitions defined here later again. Either keep your Canton console open or save them. @@ -27,11 +26,11 @@ The topology transaction hash needs to be signed externally following the [docum After you signed it externally, you need to construct the signed topology transaction, sign it additionally through the participant and then submit it through the synchronizer. - + We can now check that the topology transaction got correctly applied and get the `validFrom` time: - + In this example, the validFrom time is `2025-05-14T10:19:33.534074Z`. @@ -41,6 +40,6 @@ We can now query CC Scan to get the active contract set (ACS) for a party and wr Lastly, we can import the ACS: - + The party is now hosted on the node and can participat in transactions. The last step is to setup the necessary contracts to allow the validator automation to renew transfer preapprovals and complete transfer commands. To do so, go through the same flow used for initial onboarding of the party, i.e., `/v0/admin/external-party/setup-proposal`, `/v0/admin/external-party/setup-proposal/prepare-accept` and `/v0/admin/external-party/setup-proposal/submit-accept`. For details refer to the docs for the validator external signing API. diff --git a/scripts/generateOutputDocs.js b/scripts/generateOutputDocs.js deleted file mode 100644 index 4cbb0df9d..000000000 --- a/scripts/generateOutputDocs.js +++ /dev/null @@ -1,385 +0,0 @@ -#!/usr/bin/env node - -// generateOutputDocs.js -// -// - Reads a single export config: docs/config/exportConfig.json -// - Writes extracted snippets into: docs-output/.mdx -// - Resolves source files relative to the repo root - -const fs = require('fs') -const path = require('path') - -const REPO_ROOT = path.join(__dirname, '..', '..') -const EXPORT_CONFIG_PATH = path.join(REPO_ROOT, 'scripts/docs/exportConfig.json') -const OUTPUT_FOLDER_PATH = path.join(REPO_ROOT, 'docs-output') - -function readFileContent(filePath) { - try { - return fs.readFileSync(filePath, 'utf8') - } catch (error) { - throw new Error(`Failed to read file ${filePath}: ${error.message}`) - } -} - -function extractByLines(fileContent, start, end) { - const lines = fileContent.split(/\r?\n/) - const startLine = Number(start) - const endLine = Number(end) - - if ( - startLine < 1 || - endLine < 1 || - startLine > lines.length || - endLine > lines.length - ) { - throw new Error( - `Line numbers out of range: start=${startLine}, end=${endLine}, file has ${lines.length} lines` - ) - } - - if (startLine > endLine) { - throw new Error( - `Invalid line range: start (${startLine}) must be <= end (${endLine})` - ) - } - - return lines.slice(startLine - 1, endLine).join('\n') -} - -function extractByStringMarker(fileContent, startMarker, endMarker) { - const startIndex = fileContent.indexOf(startMarker) - if (startIndex === -1) { - throw new Error(`Start marker not found: "${startMarker}"`) - } - - const contentStart = startIndex + startMarker.length - const endIndex = fileContent.indexOf(endMarker, contentStart) - if (endIndex === -1) { - throw new Error(`End marker not found: "${endMarker}"`) - } - - return fileContent.substring(contentStart, endIndex).trim() -} - -function extractByRegexWrap(fileContent, startRegex, endRegex) { - const startPattern = new RegExp(startRegex) - const endPattern = new RegExp(endRegex) - - const startMatch = fileContent.match(startPattern) - if (!startMatch) { - throw new Error(`Start regex pattern not found: "${startRegex}"`) - } - - const contentStart = startMatch.index + startMatch[0].length - const remainingContent = fileContent.substring(contentStart) - const endMatch = remainingContent.match(endPattern) - - if (!endMatch) { - throw new Error(`End regex pattern not found: "${endRegex}"`) - } - - return remainingContent.substring(0, endMatch.index).trim() -} - -function extractByJsonIndex(fileContent, start, end) { - let arr - try { - arr = JSON.parse(fileContent) - } catch (e) { - throw new Error(`File is not valid JSON: ${e.message}`) - } - if (!Array.isArray(arr)) { - throw new Error( - 'JSON root must be an array for location type jsonIndex' - ) - } - const startIdx = Number(start) - const endIdx = Number(end) - if ( - startIdx < 0 || - endIdx < 0 || - startIdx >= arr.length || - endIdx >= arr.length - ) { - throw new Error( - `Array index out of range: start=${startIdx}, end=${endIdx}, array length=${arr.length}` - ) - } - if (startIdx > endIdx) { - throw new Error( - `Invalid index range: start (${startIdx}) must be <= end (${endIdx})` - ) - } - if (startIdx === endIdx) { - const item = arr[startIdx] - return typeof item === 'string' ? item : String(item) - } - return arr - .slice(startIdx, endIdx + 1) - .map((item) => (typeof item === 'string' ? item : String(item))) - .join('\n') -} - -function extractSnippetContent(fileContent, location) { - switch (location.type) { - case 'fullFile': - return fileContent - - case 'lines': - return extractByLines(fileContent, location.start, location.end) - - case 'jsonIndex': - return extractByJsonIndex(fileContent, location.start, location.end) - - case 'stringMarker': - return extractByStringMarker( - fileContent, - location.start, - location.end - ) - - case 'regexWrap': - return extractByRegexWrap(fileContent, location.start, location.end) - - default: - throw new Error(`Unknown location type: ${location.type}`) - } -} - -function normalizeIndent(content) { - const lines = content.split('\n') - - let minIndent = null - for (const line of lines) { - if (line.trim() === '') continue - const match = line.match(/^(\s*)/) - const indent = match ? match[1].length : 0 - if (minIndent === null || indent < minIndent) { - minIndent = indent - } - } - - // Strip the common leading whitespace from every non-blank line and then - // re-indent the whole block by two spaces. Using `line.slice(strip)` - // (instead of stripping ALL leading whitespace) preserves the relative - // indentation between lines — including the case where minIndent is 0, - // which would otherwise flatten any source that contains a top-level - // line at column 0 (e.g. HOCON config files where a `}` closes at the - // start of the line). - const strip = minIndent ?? 0 - return lines - .map((line) => { - if (line.trim() === '') return '' - return ` ${line.slice(strip)}` - }) - .join('\n') -} - -function trimBlankEdges(content) { - return content.replace(/^\s*\n+/, '').replace(/\n+\s*$/, '') -} - -function convertRstBlocksToMarkdown(content, fallbackLanguage = '') { - const input = trimBlankEdges(content) - const lines = input.split('\n') - const out = [] - let i = 0 - - while (i < lines.length) { - const m = lines[i].match(/^\s*\.\.\s+code-block::\s*(\S*)\s*$/) - if (!m) { - i++ - continue - } - - let language = (m[1] || '').trim() - if (!language || language.toLowerCase() === 'none') { - language = fallbackLanguage || '' - } - - i++ - while (i < lines.length && lines[i].trim() === '') i++ - - const block = [] - while (i < lines.length) { - const line = lines[i] - if (line.trim() === '') { - block.push('') - i++ - continue - } - - if (/^( {4}|\t)/.test(line)) { - block.push(line.replace(/^( {4}|\t)/, '')) - i++ - continue - } - break - } - - while (block.length > 0 && block[block.length - 1] === '') { - block.pop() - } - - if (language) { - out.push(`\`\`\`${language}`) - } else { - out.push('```') - } - out.push(block.join('\n')) - out.push('```') - out.push('') - } - - if (out.length === 0) { - // Safety fallback: strip any leftover RST directives and keep only content. - const cleaned = input - .split('\n') - .filter((line) => !/^\s*\.\.\s+code-block::/.test(line)) - .join('\n') - const trimmed = trimBlankEdges(cleaned) - const language = fallbackLanguage || '' - if (language) { - return `\`\`\`${language}\n${trimmed}\n\`\`\`` - } - return `\`\`\`\n${trimmed}\n\`\`\`` - } - - while (out.length > 0 && out[out.length - 1] === '') out.pop() - return out.join('\n') -} - -function formatSnippetContent(content, options) { - if (options && options.transform === 'rstjson') { - const language = options && options.language ? options.language : '' - return convertRstBlocksToMarkdown(content, language) - } - const displayStyle = (options && options.displayStyle) || 'wrapCode' - const rawLanguage = options && options.language ? options.language : '' - const language = - rawLanguage && rawLanguage.toLowerCase() === 'none' ? '' : rawLanguage - - switch (displayStyle) { - case 'wrapCode': - if (language) { - return `\`\`\`${language}\n${content}\n\`\`\`` - } else { - return `\`\`\`\n${content}\n\`\`\`` - } - - default: - return content - } -} - -function getSourceFilePath(snippet) { - if (snippet.sourceFilepath) { - return path.join(REPO_ROOT, snippet.sourceFilepath) - } else { - throw new Error( - `Snippet "${snippet.snippetName}" has no source file path specified` - ) - } -} - -function processSnippet(snippet, verbose) { - try { - if (verbose) { - console.log(`Processing snippet: ${snippet.snippetName}`) - } - - if (!snippet.snippetName) { - throw new Error('Snippet missing required field: snippetName') - } - - if (!snippet.location) { - throw new Error( - `Snippet "${snippet.snippetName}" missing required field: location` - ) - } - - const sourceFilePath = getSourceFilePath(snippet) - - const fileContent = readFileContent(sourceFilePath) - - const extractedContent = extractSnippetContent( - fileContent, - snippet.location - ) - const skipNormalizeIndent = - snippet.options && - snippet.options.transform !== 'rstjson' && - snippet.options.normalizeIndent === false - const normalizedContent = - snippet.options && snippet.options.transform === 'rstjson' - ? extractedContent - : skipNormalizeIndent - ? extractedContent - : normalizeIndent(extractedContent) - - const formattedContent = formatSnippetContent( - normalizedContent, - snippet.options || {} - ) - - const outputFileName = `${snippet.snippetName}.mdx` - const outputPath = path.join(OUTPUT_FOLDER_PATH, outputFileName) - const outputPathDir = path.dirname(outputPath) - - fs.mkdirSync(outputPathDir, { recursive: true }) - - fs.writeFileSync(outputPath, formattedContent, 'utf8') - - if (verbose) { - console.log(`✓ Successfully extracted snippet to: ${outputPath}`) - } - } catch (error) { - console.error( - `✗ Error processing snippet "${snippet.snippetName}": ${error.message}` - ) - throw error - } -} - -/** - * Main function - * Reads docs/config/exportConfig.json and processes each snippet. - */ -function main() { - try { - const verbose = process.argv.includes('--verbose') - const configContent = readFileContent(EXPORT_CONFIG_PATH) - const config = JSON.parse(configContent) - - if (!config.snippets || !Array.isArray(config.snippets)) { - throw new Error( - 'exportConfig.json must have a top-level "snippets" array' - ) - } - - let successCount = 0 - let errorCount = 0 - - for (const snippet of config.snippets) { - try { - processSnippet(snippet, verbose) - successCount++ - } catch (error) { - errorCount++ - } - } - - console.log( - `\nProcessing complete: ${successCount} succeeded, ${errorCount} failed` - ) - - if (errorCount > 0) { - process.exit(1) - } - } catch (error) { - console.error(`Fatal error: ${error.message}`) - process.exit(1) - } -} - -main() diff --git a/scripts/helpers/generateOutputDocs.js b/scripts/helpers/generateOutputDocs.js index 8690e5ee2..830d7a85b 100644 --- a/scripts/helpers/generateOutputDocs.js +++ b/scripts/helpers/generateOutputDocs.js @@ -11,7 +11,7 @@ const path = require('path') const { convertRstIncludeToMdx } = require('./rstIncludeToMdx') const REPO_ROOT = path.join(__dirname, '..', '..') -const EXPORT_CONFIG_PATH = path.join(__dirname, 'exportConfig.json') +const EXPORT_CONFIG_PATH = path.join(REPO_ROOT, 'scripts/docs/exportConfig.json') const OUTPUT_FOLDER_PATH = path.join(REPO_ROOT, 'docs-output') function readFileContent(filePath) { @@ -209,10 +209,50 @@ function applyIndentOption(content, normalizeIndentOption) { return normalizeIndent(content) } +/** + * Resolve indent mode for a snippet. Crawl configs historically set bash to false + * (preserve RST indent); we want column-0 commands via baseline instead. + */ +function resolveNormalizeIndent(snippet) { + const opt = snippet.options?.normalizeIndent + const lang = (snippet.options?.language || '').toLowerCase() + if (opt === false && (lang === 'bash' || lang === 'parsed-literal')) { + return 'baseline' + } + if (opt !== undefined) return opt + return defaultNormalizeIndent(snippet.location) +} + +/** Default indent mode when options.normalizeIndent is omitted. */ +function defaultNormalizeIndent(location) { + switch (location && location.type) { + case 'fullFile': + case 'stringMarker': + return 'baseline' + default: + return true + } +} + function trimBlankEdges(content) { return content.replace(/^\s*\n+/, '').replace(/\n+\s*$/, '') } +/** Replace literal substrings (e.g. legacy docs.daml.com URLs in YAML comments). */ +function applyUrlSubstitutions(content, globalSubstitutions, snippetSubstitutions) { + const merged = { + ...(globalSubstitutions || {}), + ...(snippetSubstitutions || {}), + } + const keys = Object.keys(merged) + if (keys.length === 0) return content + let result = content + for (const from of keys) { + result = result.split(from).join(merged[from]) + } + return result +} + function convertRstBlocksToMarkdown(content, fallbackLanguage = '') { const input = trimBlankEdges(content) const lines = input.split('\n') @@ -307,6 +347,7 @@ function formatSnippetContent(content, options, globalOptions = {}) { switch (displayStyle) { case 'wrapCode': + body = trimBlankEdges(body) if (language) { return `\`\`\`${language}\n${body}\n\`\`\`` } else { @@ -356,16 +397,18 @@ function processSnippet(snippet, verbose, globalOptions = {}) { snippet.options && (snippet.options.transform === 'rstjson' || snippet.options.transform === 'rstinclude') - const indentOpt = snippet.options?.normalizeIndent const normalizedContent = skipTransform ? extractedContent - : applyIndentOption( - extractedContent, - indentOpt === undefined ? true : indentOpt - ) + : applyIndentOption(extractedContent, resolveNormalizeIndent(snippet)) - const formattedContent = formatSnippetContent( + const substitutedContent = applyUrlSubstitutions( normalizedContent, + globalOptions.urlSubstitutions, + snippet.options && snippet.options.urlSubstitutions + ) + + const formattedContent = formatSnippetContent( + substitutedContent, snippet.options || {}, globalOptions ) @@ -410,6 +453,7 @@ function main() { const globalOptions = { rstIncludeRefTargets: config.rstIncludeRefTargets || {}, + urlSubstitutions: config.urlSubstitutions || {}, } for (const snippet of config.snippets) { diff --git a/scripts/helpers/rstIncludeToMdx.js b/scripts/helpers/rstIncludeToMdx.js index 8a8f7a14c..507d412b5 100644 --- a/scripts/helpers/rstIncludeToMdx.js +++ b/scripts/helpers/rstIncludeToMdx.js @@ -169,6 +169,19 @@ function convertRstIncludeToMdx(content, options = {}) { continue } + const tip = trimmed.match(/^\.\.\s+tip::\s*$/) + if (tip) { + const block = readDirectiveBlock(lines, i + 1) + const inner = block.body + .filter((l) => l.trim() !== '') + .map((l) => inlineRstMarkup(l.trim(), refTargets)) + .join('\n\n') + // Mintlify doesn't have a Tip component; render as Note. + out.push(`\n\n${inner}\n\n`) + i = block.next + continue + } + const admonition = trimmed.match(/^\.\.\s+admonition::\s*(.+)\s*$/) if (admonition) { const title = admonition[1].trim()