github.com/onflow/flow-go@v0.33.17/cmd/bootstrap/README.md (about) 1 # Bootstrapping 2 3 This package contains script for generating the bootstrap files needed to initialize the Flow network. 4 The high-level bootstrapping process is described in [Notion](https://www.notion.so/dapperlabs/Flow-Bootstrapping-ce9d227f18a8410dbce74ed7d4ddee27). 5 6 WARNING: These scripts use Go's crypto/rand package to generate seeds for private keys. Make sure you are running the bootstrap scripts on a machine that does provide proper a low-level implementation. See https://golang.org/pkg/crypto/rand/ for details. 7 8 NOTE: Public and private keys are encoded in JSON files as base64 strings, not as hex, contrary to what might be expected. 9 10 Code structure: 11 * `cmd/bootstrap/cmd` contains CLI logic that can exit the program and read/write files. It also uses structures and data types that are purely relevant for CLI purposes, such as encoding, decoding, etc. 12 * `cmd/bootstrap/run` contains reusable logic that does not know about the CLI. Instead of exiting the program, functions here will return errors. 13 14 15 16 # Overview 17 18 The bootstrapping will generate the following information: 19 20 #### Per node 21 * Staking key (BLS key with curve BLS12-381) 22 * Networking key (ECDSA key) 23 * Random beacon key; _only_ for consensus nodes (BLS based on Joint-Feldman DKG for threshold signatures) 24 25 #### Node Identities 26 * List of all authorized Flow nodes 27 - node network address 28 - node ID 29 - node role 30 - public staking key 31 - public networking key 32 - weight 33 34 #### Root Block for main consensus 35 * Root Block 36 * Root QC: votes from consensus nodes for the root block (required to start consensus) 37 * Root Execution Result: execution result for the initial execution state 38 * Root Block Seal: block seal for the initial execution result 39 40 41 #### Root Blocks for Collector clusters 42 _Each cluster_ of collector nodes needs to have its own root Block and root QC 43 * Root `ClusterBlockProposal` 44 * Root QC from cluster for their respective `ClusterBlockProposal` 45 46 47 # Usage 48 49 `go run ./cmd/bootstrap` prints usage information 50 51 ## Phase 1: Generate networking and staking keys for partner nodes: 52 53 This step will generate the staking and networking keys for a _single partner node_. 54 55 #### Required Inputs 56 Values directly specified as command line parameters: 57 - node network address 58 - node role 59 60 #### Optional Inputs 61 Values can be specified as command line parameters: 62 - seed for generating staking key (min 48 bytes in hex encoding) 63 - seed for generating networking key (min 48 bytes in hex encoding) 64 If seeds are not provided, the CLI will try to use the system's pseudo-random number generator (PRNG), e. g. `dev/urandom`. Make sure you are running the CLI on a hardware that has a cryptographically secure PRNG, or provide seeds generated on such a system. 65 66 #### Example 67 ```bash 68 go run ./cmd/bootstrap key --address "example.com:1234" --role "consensus" -o ./bootstrap/partner-node-infos 69 ``` 70 71 #### Generated output files 72 * file `<NodeID>.node-info.priv.json` 73 - strictly CONFIDENTIAL (only for respective partner node with ID <NodeID>) 74 - contains node's private staking and networking keys (plus some other auxiliary information) 75 - REQUIRED at NODE START; 76 file needs to be available to respective partner node at boot up (or recovery after crash) 77 * file `<NodeID>.node-info.pub.json` 78 - public information 79 - file needs to be delivered to Dapper Labs for Phase 2 of generating root information, 80 but is not required at node start 81 82 83 ## Phase 2: Generating final root information 84 85 This step will generate the entire root information for all nodes (incl. keys for all Dapper-controlled nodes). 86 87 #### Required Inputs 88 Each input is a config file specified as a command line parameter: 89 * parameter with the ID for the chain for the root block (`root-chain`) 90 * parameter with the ID of the parent block for the root block (`root-parent`) 91 * parameter with height of the root block to bootstrap from (`root-height`) 92 * parameter with state commitment for the initial execution state (`root-commit`) 93 * `json` containing configuration for all Dapper-Controlled nodes (see `./example_files/node-config.json`) 94 * folder containing the `<NodeID>.node-info.pub.json` files for _all_ partner nodes (see `.example_files/partner-node-infos`) 95 * `json` containing the weight value for all partner nodes (see `./example_files/partner-weights.json`). 96 Format: ```<NodeID>: <weight value>``` 97 98 #### Example 99 ```bash 100 go run ./cmd/bootstrap finalize \ 101 --root-chain main \ 102 --root-height 0 \ 103 --root-parent 0000000000000000000000000000000000000000000000000000000000000000 \ 104 --root-commit 4b8d01975cf0cd23e046b1fae36518e542f92a6e35bedd627c43da30f4ae761a \ 105 --config ./cmd/bootstrap/example_files/node-config.json \ 106 --partner-dir ./cmd/bootstrap/example_files/partner-node-infos \ 107 --partner-weights ./cmd/bootstrap/example_files/partner-weights.json \ 108 --epoch-counter 1 \ 109 -o ./bootstrap/root-infos 110 ``` 111 112 #### Generated output files 113 * files `<NodeID>.node-info.priv.json` 114 - strictly CONFIDENTIAL (only for respective Dapper node with ID <NodeID>) 115 - contains node's private staking and networking keys (plus some other auxiliary information) 116 - REQUIRED at NODE START: 117 file needs to be available to respective Dapper node at boot up (or recovery after crash) 118 * files `<NodeID>.random-beacon.priv.json` 119 - strictly CONFIDENTIAL (only for consensus node with ID <NodeID>) 120 - CAUTION: we generate the random beacon private keys for _all_ consensus nodes, i.e. Dapper and Partner nodes alike! 121 The private random beacon keys must be delivered to the Partner Node operator securely. 122 - contains node's _private_ random beacon key 123 - REQUIRED at NODE START: 124 file needs to be available to respective consensus node at boot up (or recovery after crash) 125 * file `node-infos.pub.json` 126 - contains public Node Identities for all authorized Flow nodes (Dapper and Partner nodes) 127 - REQUIRED at NODE START for all nodes; 128 file needs to be available to all nodes at boot up (or recovery after crash) 129 130 * file `root-block.json` 131 - REQUIRED at NODE START by all nodes 132 * file `root-qc.json` 133 - REQUIRED at NODE START by all nodes 134 * file `root-result.json` 135 - REQUIRED at NODE START by all nodes 136 * file `root-seal.json` 137 - REQUIRED at NODE START by all nodes 138 * file `dkg-data.pub.json` 139 - REQUIRED at NODE START by all nodes 140 141 * file `<ClusterID>.root-cluster-block.json` 142 - root `ClusterBlockProposal` for collector cluster with ID `<ClusterID>` 143 - REQUIRED at NODE START by all collectors of the respective cluster 144 - file can be made accessible to all nodes at boot up (or recovery after crash) 145 * file `<ClusterID>.root-cluster-qc.json` 146 - root Quorum Certificate for `ClusterBlockProposal` for collector cluster with ID `<ClusterID>` 147 - REQUIRED at NODE START by all collectors of the respective cluster 148 - file can be made accessible to all nodes at boot up (or recovery after crash) 149 150 ## Generating networking key for Observer 151 152 This generates the networking key used by observers to connect to the public libp2p network. It is a different key format than staked nodes and should only be used for Observers. 153 154 ```bash 155 go run ./cmd/bootstrap observer-network-key -f ./path/network-key 156 ``` 157 158 This key must be kept secret as it's used to encrypt and sign network requests sent by the observers.