deploy_tee: fix the genesis-ceremony path + label disk-provisioning progress#47
Merged
Conversation
summit's RPC is jsonrpsee (JSON-RPC 2.0, POST-only, camelCase methods; see summit/rpc/src/api.rs), but summit_client did GET /<path> and text/plain POSTs with snake_case paths. So getPublicKeys / sendGenesis never actually worked against a real node — the genesis ceremony had never run e2e. Rewrite it as a JSON-RPC client: one `_rpc(method, params)` that POSTs the envelope to the `/summit` base (nginx strips the prefix) and returns `result`, using the real method names (getPublicKeys, sendGenesis, health). Drop the dead REST helpers and `send_share` (no such endpoint, no caller). Add mocked tests for the envelope + error path.
…template genesis.py assumed a dev checkout: it shelled out to ~/summit/target/debug/genesis and ~/summit/example_genesis.toml. Take the `genesis` binary from PATH instead (the pattern summit uses for `reth`), with a clear error if it's missing, and require the template via --summit-template. Drop --code-path, whose only purpose was locating ~/summit. Also log the built genesis's path and each node it's sent to before delivery (paths only, not the contents), mirroring how `configure` logs the config it POSTs. README prereqs + example updated.
The progress bar showed bytes / % / eta but never said what it was doing. Prefix the bar with "encrypting disk", and print a one-time line when provisioning starts explaining it's the first-boot full-disk LUKS + dm-integrity wipe (one-time, can take 1h+) so a long phase doesn't read as a hang.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Fixes the operator-side
seismic-tee-bootstrap genesisceremony — which hadnever actually run end-to-end against a real node — and labels the first-boot
disk-provisioning progress bar. Surfaced while bringing up the first
single-node TEE network to a live chain; with these changes (plus a companion
summitfix, see below) a node reaches a live chain (reth producing, summitfinalizing).
Changes
1.
summit_clientspeaks JSON-RPC, not REST (fix)summit's RPC is jsonrpsee (JSON-RPC 2.0, POST-only, camelCase methods — see
summit/rpc/src/api.rs), butsummit_clientdidGET /<path>andtext/plainPOSTs with snake_case paths. SogetPublicKeys/sendGenesisnever worked against a real node.
Rewrote it as a JSON-RPC client: one
_rpc(method, params)that POSTs theenvelope to the
/summitbase (nginx strips the prefix) and returnsresult,using the real method names. Dropped the dead REST helpers and
send_share(no such endpoint, no caller). Added mocked tests for the envelope + error path.
2. Run the
genesisbinary from PATH with an explicit template (feat!)genesis.pyassumed a dev checkout — it shelled out to~/summit/target/debug/genesisand~/summit/example_genesis.toml.Now it takes the
genesisbinary from PATH (the pattern summit uses forreth), with a clear error if it's missing, and the template via--summit-template. Dropped--code-path(its only job was locating~/summit). Also logs the built genesis's path and each node it's sent tobefore delivery (paths only, not contents), mirroring how
configurelogsthe config it POSTs.
Breaking:
--summit-templateis now required;--code-pathis removed.3. Label first-boot disk-provisioning progress (
feat)The progress bar showed bytes / % / eta but never said what it was doing.
Added an
encrypting disklabel and a one-time line when provisioning starts,explaining it's the first-boot full-disk LUKS + dm-integrity wipe (one-time,
can take 1h+) so the long phase doesn't read as a hang.
Prereqs
seismic-tee-bootstrap genesisneeds thegenesisbinary on PATH — builtfrom summit, e.g.
cargo install --path node --bin genesis --locked(the--lockedmatters; summit pins commonware via its lockfile).Testing
summit_clientrequest envelope + RPC-errorpath; existing manifest/configure/status suites still pass.
ruffclean.(
cast block-numberadvancing) using these changes.Follow-ups (not in this PR)
eth_genesis_hashstill needs a manual-g. summit's genesis templatecarries an
eth_genesis_hashthat must equal reth's actual genesis hash;today the operator passes it via
-g. Proposed: have the ceremonyauto-derive it from the node's own reth (
eth_getBlockByNumber 0) andcross-check the cohort, removing the manual step.
summitfix (separate PR): thegenesisbinary defined itsown genesis struct that had drifted from
summit_types::Genesisand silentlydropped required fields (
validator_minimum_stake); fixed to use thecanonical type. That PR also proposes moving genesis assembly into the node
(
sendGenesistaking template + validators) to retire the operator-sidebinary and the version-skew question entirely.
genesisreads each node's summit pubkey once (no retry). A node thatisn't ready yet fails the ceremony; retry-until-ready is a separate change.