From ea6684093499d7a71b546175c0b759c07ffaf3a7 Mon Sep 17 00:00:00 2001 From: Collin Brittain Date: Tue, 28 May 2024 08:32:30 -0500 Subject: [PATCH] Replace steward registry info with pubsub info --- docs/04-GeneratingCertificates.md | 96 +++---------------------------- 1 file changed, 8 insertions(+), 88 deletions(-) diff --git a/docs/04-GeneratingCertificates.md b/docs/04-GeneratingCertificates.md index 7d3fe92a..2cd6a6b6 100644 --- a/docs/04-GeneratingCertificates.md +++ b/docs/04-GeneratingCertificates.md @@ -42,100 +42,20 @@ openssl x509 -text -in /server.crt Valid TLS certificates will have "Version 3" near the top of the certificate plaintext. You should also see your domain name as a Subject Alternative Name. -6. Test Steward with your certificate +6. Provide your CA on-chain by creating or updating your Subscriber -A temporary test client CA can be used to verify your steward process is connectable from the network. The test client CA MUST BE REMOVED prior to running in production. +The x/pusbub module on the Sommelier chain acts as a Steward registry, referring to each registration as a Subscriber. -The test client CA is included in this repo at: -``` -integration_tests/tls/client/test_client_ca.crt -``` - -Create a TOML config file with the `[server]` section containing the paths to your generated artifacts. See the configuration reference for more info. Your file will need to look something like this: - -```toml -[server] -client_ca_cert_path = "integration_tests/tls/client/test_client_ca.crt" # this path is relative to the steward repository root -server_cert_path = "/server.crt" -server_key_path = "/server_key_pkcs8.pem" -``` - -You'll then need to start Steward and then send a gRPC request to it. - -To start steward run - -```bash -steward -c start -``` - -If you see something like the following log messages, so far so good: - -```bash -INFO steward::commands::cosmos_mode: Starting application -INFO steward::commands::cosmos_mode: listening on 0.0.0.0:5734 -``` +Subscribers can be created or updated with the `AddSubscriber` message. You can either use the `sommelier` CLI or the `steward` CLI. -Then you'll need to send a gRPC request to the endpoint (in the case above, 0.0.0.0:5734). +A. To add a subscriber with the `sommelier` CLI, follow the steps outlined [in this doc](./05-PubsubForValidators.md) -You can use your client of preference. Here is an example using `grpcurl` with the test client certs from this repo: +B. To use the `steward` CLI, you can run the following command: ```bash -# execute with the steward repo root as your current working directory for the -# test cert relative paths to work -grpcurl -cert integration_tests/tls/client/test_client.crt \ - -key integration_tests/tls/client/test_client_key_pkcs8.pem \ - -cacert /server_ca.crt \ - -d '' \ - :5734 \ - steward.v2.ContractCall/Submit +# use the same config.toml file you use in production +steward --config pubsub add-subscriber --ca-path --push-url ``` -If you see a response like the following, then your process is accepting connections properly. -``` -Resolved method descriptor: -// Handles simple contract call submission -rpc Submit ( .steward.v2.SubmitRequest ) returns ( .steward.v2.SubmitResponse ); - -Request metadata to send: -(empty) - -Response headers received: -(empty) - -Response trailers received: -content-type: application/grpc -date: Mon, 03 Oct 2022 19:00:02 GMT -Sent 0 requests and received 0 responses -ERROR: - Code: PermissionDenied - Message: cellar ID not approved by governance -``` - -When you send this request, if you get an error establishing a connection, there is probably something wrong with your configuration or your certificates. - -A correct configuration/certificate will result in errors like these, indicating the connection between the client and steward instance was established successfully: - -```bash -# steward log -ERROR steward::cork: cork query client connection failed: transport error: error trying to connect: tcp connect error: Connection refused (os error 61) -# this is steward failing to connect to the Sommelier chain, which it would not be attempting -# if your client connection wasn't working. - -# client log -ERROR: - Code: Internal - Message: failed to query chain to validate cellar id -``` - -7. Remove testing configuration - -In Production, steward must run without the client_ca_cert_path set. If you edited your production TOML file for testing, remove the client_ca_cert_path value from the [server] section. - -```toml -client_ca_cert_path = "..." # remove this temporary line -``` - -8. Provide your CA to the Strategy Provider - -Add your information to the [Steward Registry](https://github.com/peggyjv/steward-registry) by following the steps outlined in the README there. +As a reminder, your "push URL" is the combination of the fully qualified domain name of your production Steward instance and the port configured for your Steward server. For example `steward.example.com:5734`.