TMKMS Setup
This guide assume you have already installed TMKMS and are adding a new chain.
mkdir ~/kms
cd ~/kms
# make chain directory
mkdir namada
cd namada
tmkms init .
#copy/paste your priv_validator_key.json from your validator in this file
nano ~/kms/namada/secrets/priv_validator_key.json
#Softsign key
tmkms softsign import secrets/priv_validator_key.json secrets/validator_key.key
#remove validator key after signing
rm ~/kms/namada/secrets/priv_validator_key.json
Modify tmkms.toml:
nano tmkms.toml
# Tendermint KMS configuration file
## Chain Configuration
[[chain]]
id = "public-testnet-15.0dacadb8d663"
key_format = { type = "bech32", account_key_prefix = "tnam", consensus_key_prefix = "cosmosvalconspub" }
state_file = "/home/<user>/kms/namada/state/testnet-15-consensus.json"
## Signing Provider Configuration
### Software-based Signer Configuration
[[providers.softsign]]
chain_ids = ["public-testnet-15.0dacadb8d663"]
key_type = "consensus"
path = "/home/<user>/kms/namada/secrets/validator_key.key"
## Validator Configuration
[[validator]]
chain_id = "public-testnet-15.0dacadb8d663"
addr = "tcp://<ValidatorIP>:26659"
secret_key = "/home/user/kms/namada/secrets/kms-identity.key"
# this may need to be updated via {daemon} tendermint version
protocol_version = "v0.34"
reconnect = true
Create a service file:
sudo nano /etc/systemd/system/tmkms-namada.service
# unit file
[Unit]
Description=Namada TMKMS
After=network.target
[Service]
Type=simple
User=<user>
WorkingDirectory=/home/<user>/
ExecStart=/home/<user>/.cargo/bin/tmkms start -c /home/<user>/kms/namada/tmkms.toml
Restart=always
RestartSec=3
LimitNOFILE=65535
[Install]
WantedBy=multi-user.target
Then, we'll enable the service file and start it:
sudo systemctl daemon-reload
sudo systemctl enable tmkms-namada
sudo systemctl restart tmkms-namada
journalctl -u tmkms-namada -f
Update Target Validator Node:
nano ~/.local/share/namada/public-testnet-15.0dacadb8d663/config.toml
# modify validator config.toml
-> priv_validator_laddr = "tcp://0.0.0.0:26659"
-> # priv_validator_key_file = "config/priv_validator_key.json"
-> # priv_validator_state_file = "data/priv_validator_state.json"
# remove validator key from node
rm ~/.local/share/namada/config/public-testnet-15.0dacadb8d663/cometbft/config/priv_validator_key.json
# open ports
sudo ufw allow from <IP ADDRESS OF SIGNER> to any port 26659
# restart daemon
sudo systemctl restart namadad
journalctl -u namadad -f
Note: you may need to restart tmkms-namada
on the TMKMS server after opening ports:
sudo systemctl restart tmkms-namada
journalctl -u tmkms-namada -f
Last updated