when i use
it works though but gives me below error message
docker run pegasyseng/ethsigner:latest --chain-id=2018 --downstream-http-port=8590 azure-signer --client-id=xyz --client-secret-path=/home/mandy/client_secret --key-name=bob --key-version=blablabla --keyvault-name=SomeKeyVaultit works though but gives me below error message
Setting logging level to INFO
2019-12-03 12:57:35.870+00:00 | main | INFO | SignerSubCommand | Version = ethsigner/v0.3.1-dev-5ea7b61e/linux-x86_64/oracle_openjdk-java-11
Failed to construct a signer from supplied arguments.
Cause: Error when reading the secret from file
Hey @mandeep9888 the first problem appears to be that Ethsigner is not on your path - and thus zsh cannot execute it - is that possible? I'm wondering if the second problem is to do with how your client secret file is being mounted into the docker container - i.e. firstly, /home/mandy into your docker container as a volume (with an known path "inside" the container), then on the commandline, reference your client secret file in terms of the volume's path (i.e. the path inside the container) rather than the path in the host environment
@mandeep9888 otherwise you are correct, your client secret needs to be in the client-secret-file - but a word of warning, the file should contain NOTHING other than your secret - not even a CR or LF at the end of the line
@rain-on thanks i able to run both the images besu and ethsigner using docker but the problem i am facing is, I am not able access the port outside the container even though i am running by exposing ports i guess there is some problem buy running using docker run command. When i am exposing any port for ethesigner and besu i am able to see the port but is not mapped to any process.
do have some idea regarding this ?
do have some idea regarding this ?
@mandeep9888 ok great - so the issue with parsing the client-secret file is resolved? If so, that's great ((if not, then I EthSigner will exit immediately, and thus there will be no Ethsigner running in the docker container).
Now - its worth confirming that EthSigner is up and listening on your specified port, to do this I'd suggest sending a get request to the "upcheck" API (curl -X GET http://<ip>:<port>/upcheck) - unfortunately, this isn't documented (but will be resolved!). If that works, then I suspect the issue is with EthSigner attempting to reach the dockerised Besu ...
Now - its worth confirming that EthSigner is up and listening on your specified port, to do this I'd suggest sending a get request to the "upcheck" API (curl -X GET http://<ip>:<port>/upcheck) - unfortunately, this isn't documented (but will be resolved!). If that works, then I suspect the issue is with EthSigner attempting to reach the dockerised Besu ...
@mandeep9888 I suspect you have probably already found this but there is little bit of detail on using EthSigner with docker here https://docs.ethsigner.pegasys.tech/en/latest/HowTo/Get-Started/Use-Docker/. I suspect the issue is that EthSigner is listening on a local port in the container, try setting --http-listen-host=0.0.0.0 as part of the EthSigner options to have it listen on your host machines network.
@jframe thanks mate I am able to access now from host also, it was problem with --http-listen-host=0.0.0.0 it was working with besu image though You have to highlight that in documentation. and it will help if you could provide me some example of sen+Transaction using ethsigner.
i also have some doubts regarding how it signs actually because in docs we are not providing any key name while sending transaction to ethsigner
i also have some doubts regarding how it signs actually because in docs we are not providing any key name while sending transaction to ethsigner
How it works in case we have multiple keys in the azure vault how do we specify which key to be used for signing @jframe @rain-on
@faraggi this mandeep from consensys academy yesterday we had a talk over zoom.
@rain-on good to hear that, anyone please give me an example an example to how to send a transaction using ethsigner
i am sending this transaction to deploy a contract getting
i am providing the address in from whose private key is saved in azure vault and ethsigner run running using corrosponding key name
@jframe do have any idea about it.
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_sendTransaction","params":[{"from":"0x9811ebc35d7b06b3fa8dc5809a1f9c52751e1deb","data":"0x608060405234801561001057600080fd5b50610301806100206000396000f3fe60806040526004361061004b5763ffffffff7c010000000000000000000000000000000000000000000000000000000060003504166317d7de7c81146100505780632cefeb07146100da575b600080fd5b34801561005c57600080fd5b5061006561018f565b6040805160208082528351818301528351919283929083019185019080838360005b8381101561009f578181015183820152602001610087565b50505050905090810190601f1680156100cc5780820380516001836020036101000a031916815260200191505b509250505060405180910390f35b3480156100e657600080fd5b5061018d600480360360208110156100fd57600080fd5b81019060208101813564010000000081111561011857600080fd5b82018360208201111561012a57600080fd5b8035906020019184600183028401116401000000008311171561014c57600080fd5b91908080601f016020809104026020016040519081016040528093929190818152602001838380828437600092019190915250929550610226945050505050565b005b60008054604080516020601f600260001961010060018816150201909516949094049384018190048102820181019092528281526060939092909183018282801561021b5780601f106101f05761010080835404028352916020019161021b565b820191906000526020600020905b8154815290600101906020018083116101fe57829003601f168201915b505050505090505b90565b805161023990600090602084019061023d565b5050565b828054600181600116156101000203166002900490600052602060002090601f016020900481019282601f1061027e57805160ff19168380011785556102ab565b828001600101855582156102ab579182015b828111156102ab578251825591602001919060010190610290565b506102b79291506102bb565b5090565b61022391905b808211156102b757600081556001016102c156fea165627a7a7230582075302e487198c16028da43a3fb974a78fdc5eceeb39e325c773abcec5c50b0250029","gas":"0x7600","gasPrice": "0x9184e72a000"}],"id":1}' http://127.0.0.1:8545i am sending this transaction to deploy a contract getting
{"jsonrpc":"2.0","id":1,"error":{"code":-32000,"message":"No unlocked account matches the Sender"}}%i am providing the address in from whose private key is saved in azure vault and ethsigner run running using corrosponding key name
@jframe do have any idea about it.
my genesis file looks like that
{
"config": {
"chainId": 20,
"constantinoplefixblock": 0,
"ibft2": {
"blockperiodseconds": 5,
"epochlength": 30000,
"requesttimeoutseconds": 10
}
},
"nonce": "0x0",
"timestamp": "0x58ee40ba",
"extraData": "0xf83ea00000000000000000000000000000000000000000000000000000000000000000d5949811ebc35d7b06b3fa8dc5809a1f9c52751e1deb808400000000c0",
"gasLimit": "0x1fffffffffffff",
"difficulty": "0x1",
"mixHash": "0x63746963616c2062797a616e74696e65206661756c7420746f6c6572616e6365",
"coinbase": "0x0000000000000000000000000000000000000000",
"alloc": {
"9811ebc35d7b06b3fa8dc5809a1f9c52751e1deb": {
"balance": "0xad78ebc5ac6200000"
},
"d6e028e04be1422f73dcb8fca743cbad4bd30957": {
"balance": "0xad78ebc5ac6200000"
}
}
}
i have few question here:
- is this the default address already there in ethSigner ?
- this address doesn't corresponds to my private key which i pass while starting ethsigner. then where this address is coming from and where the address corresponds to the key ?
- For some reasons i am unable to access signer service outside my docker container. and ethsigner also not able to connect to besu which is running in another container (which i am able to access normally ) Is that a common issue ?
@rain-on @jframe
my docker-compose file looks like this
`networks:
version: "3"networks:the_hub:services:the_besu:image: hyperledger/besu:latestports:- "4000:8545"- "13001:30303"`networks:
- the_hub
volumes:
- /home/mandy/signer/mandy:/mandy
command: ["--rpc-http-enabled","--network-id=${NETWORK_ID}","--logging=${LOG_LEVEL}","--genesis-file=/mandy/genesis.json"]
the_signer:
image: pegasyseng/ethsigner:latest
ports:
- "8545:8545"
volumes:
- /home/mandy/signer/mandy:/mandy
command: ["--chain-id=${CHAIN_ID}","--downstream-http-port=${DOWNSTREAM_HTTP_PORT}","--http-listen-host=${HTTP_LISTEN_HOST}","azure-signer","--client-id=${CLIENT_ID}","--client-secret-path=${CLIENT_SECRET_PATH}","--key-name=${KEY_NAME}","--key-version=${KEY_VERSION}","--keyvault-name=${KEYVAULT_NAME}"]
networks:
- the_hub `
@mandeep9888 Ethsigner doesn't have any default keys - it can only access the one specified on the command line - so, for whatever reason, the address being reported is the one from the Azure key Ethsigner is accessing. Did you have Azure auto-create your private key, or did you upload a known key into Azure?
Unfortunately, I can't talk to the third point, but will see what I can find out.
@mandeep9888 So - Ethsigner determines the public key from Azure by concatenating the "x" and "y" fields of the "key" object (in AzureKeyVaultTransactionSignerFactory::createSigner) - then uses web3j to determine the address. Its possible we've made an error in the public-key calculation ... are you sure you've got your public key correct?
in the Ethsigner command what does HTTP_LISTEN_HOST evaluate to?
@joshuafernandes yeah I am able to access besu on localhost but not ethsigner
see the result below
result >>>
see the result below
curl -X POST --data '{"jsonrpc":"2.0","method":"net_enode","params":[],"id":1}' http://localhost:4000result >>>
{
"jsonrpc" : "2.0",
"id" : 1,
"result" : "enode://bff7d33ae11557e3adf6900faa80cb718f0e998ae688b4d0251898ac22639104a96cddf4fb84874c4f4976ccfbe2b82aa704471a52445f5659b575c48d7e977c@127.0.0.1:30303"
}
could you set that to 0.0.0.0 explictly and then start it up
i am already setting it up
native host = macos / linux host os
i'm going to try spinning up your file and see if i get anything different and i'll get back to you
signer ›› sudo netstat -tanp | grep 4000tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 24000/cupsd
tcp6 0 0 ::1:631 :::* LISTEN 24000/cupsd
tcp6 0 0 :::4000 :::* LISTEN 11374/docker-proxy
signer ›› sudo netstat -tanp | grep 8545tcp6 0 0 :::8545 :::* LISTEN 11386/docker-proxy
yeah its listening to docker proxy but unable to access.
can you please try and see if its works for your case or suggest me alternative.
@mandeep9888 It's probably worth creating a genesis file with funds allocated to the 0xf23eef92431847dadda9e483c61d3a4d8001915a account - you can then try and perform a value transfer from said account. If successful (i.e. account balance changes), that implies the Account recovery from the transaction's signature matches the account reported by Ethsigner (having said that, we need to get your Besu/Ethsigner communicating first)
This message was deleted
rpcnode: # We keep one node named rpcnode to have a specific node to connect the explorer
image: quickstart/besu:${BESU_VERSION}-ibft2
environment:
- BESU_PUBLIC_KEY_DIRECTORY=${BESU_PUBLIC_KEY_DIRECTORY}
command: *base_options
volumes:
- public-keys:${BESU_PUBLIC_KEY_DIRECTORY}
- ./config/besu/log-config.xml:/config/log-config.xml
- ./config/besu/ibft2Genesis.json:/config/genesis.json
- ./config/besu/networkFiles/rpcnode/keys:/opt/besu/keys
- ./logs/besu:/var/log/
depends_on:
- bootnode
ports:
- 8545:8545/tcp
ethsignerRpcNode:
image: pegasyseng/ethsigner:latest
command: [
"--chain-id=2018",
"--http-listen-host=0.0.0.0",
"--downstream-http-port=8545",
"--downstream-http-host=rpcnode",
"file-based-signer",
"-k",
"/opt/ethsigner/keyfile",
"-p",
"/opt/ethsigner/passwordfile"
]
volumes:
- ./config/ethsigner/password:/opt/ethsigner/passwordfile
- ./config/ethsigner/key:/opt/ethsigner/keyfile
depends_on:
- bootnode
- rpcnode
ports:
- 18545:8545/tcp
if you are using env vars i think you need to define them via the
environment key
# status check to ethsigner
curl -X GET http://127.0.0.1:18545/upcheck
I'm up!
# passthough to the besu node
curl -X POST --data '{"jsonrpc":"2.0","method":"eth_blockNumber","params":[],"id":51}' http://127.0.0.1:18545
{
"jsonrpc" : "2.0",
"id" : 51,
"result" : "0x611"
}
@rain-on @joshuafernandes