BP node doesn't start after upgrade to 1.34.1

I successfully upgraded my two relays. The BP refuses to start.
Below is the output of sudo systemctl status cnode

cnode.service - Cardano Node
     Loaded: loaded (/etc/systemd/system/cnode.service; enabled; vendor preset: enabled)
     Active: activating (auto-restart) (Result: exit-code) since Sat 2022-03-26 09:02:25 EDT; 4s ago
    Process: 62076 ExecStart=/bin/bash -l -c exec /opt/cardano/cnode/scripts/cnode.sh (code=exited, status=1/FAILURE)
   Main PID: 62076 (code=exited, status=1/FAILURE)

I see the following in the output of journalctl -u cnode -f -o cat:

The KES key provided at: "/opt/cardano/cnode/priv/pool/ADALF1/hot.skey" does not match the KES key specified in the operational certificate at: "/opt/cardano/cnode/priv/pool/ADALF1/op.cert"

did u uploaded some files to the node?

No, i didn’t upload anything. Rotated keys on January 7 and the node worked fine before the update.

go to ADALF1 folder and type ls -l and check the dates and the files

Here is the content of /opt/cardano/cnode/priv/pool/ADALF1

Jan 7 14:18 cold.counter
Jan 11 18:58 cold.skey.gpg
Jan 7 14:18 cold.vkey
Oct 19 18:37 hot.skey
Oct 19 18:37 hot.vkey
Jan 7 14:18 kes.skey
Oct 19 18:37 kes.start
Jan 7 14:18 kes.vkey
Jan 7 14:18 op.cert
Nov 16 11:02 pool.cert
Nov 16 11:02 pool.config
Oct 19 18:37 pool.id
Oct 19 18:37 pool.id-bech32
Nov 16 11:02 poolmeta.json
Jan 7 14:18 vrf.skey
Jan 7 14:18 vrf.vkey

It tries to use a pretty old hot.skey instead of the new kes.skey. @Alexd1985, where in the configuration files is that set?

go to cntools - pool - rotate and restart the node
before type cat cold.counter and check the counter…

cat /opt/cardano/cnode/priv/pool/ADALF1/cold.counter 
    "type": "NodeOperationalCertificateIssueCounter",
    "description": "Next certificate issue number: 1",
    "cborHex": "8201582034c9f8d4ce24675f87b0e8646e17c5a70cc4e1b9467b77526ea38bc459f67778"
./cntools.sh -o gives me this:
Pool ADALF1 in need of KES key rotation
Keys expired! : 69d 00:00:00 ago
press any key to proceed ..

I will rotate the keys again but can you explain the root cause of this issue? Did i do something wrong the last time i rotated the keys? Is it a cnode defect?

U are receiving that warning because the node didn’t started as a Producer (KES expired)… I don’t know… perhaps they upgraded the scripts/cntools and from now on it will not let u start the node if u are using wrong files… which is awesome

I believe you are using an old file… try to rotate the KES then check inside the ADALF1 folder (ls -l) if the date changed/renewed also for hot.skey

Before this modify to 2 and save the file (Next certificate issue number: 2)

1 Like

I would guess that before the upgrade you had changed the default location for your keys from hot.* to kes.* in the env file:

And after the upgrade it is using the standard location again.

(Which also means that you wouldn’t need to rotate again if you just uncomment and change these two lines in env to kes.vkey/kes.skey. Just needs to be remembered that there is something non-default.)

these lines should not be uncommented if u are using the default configuration, only the POOL_NAME=""

Yes, but the question was:

Having fiddled with the env file in the past is a strong candidate for this root cause.

Those two lines are commented and i will leave them commented. I only changed the POOL_NAME.

Just to make sure.

  1. Manually change the description in cold.counter to “Next certificate issue number: 2”
  2. Use cntools/pool/rotate to rotate KES
  3. restart the node


1 Like

Yes, that is correct

1 Like

I can feel the happy end - the node started and is synchronizing now.

Not all keys are updated, though. Is it an issue?

Mar 26 11:26 cold.counter*
Mar 26 11:23 cold.skey*
Jan 7 14:18 cold.vkey*
Mar 26 11:26 hot.skey*
Mar 26 11:26 hot.vkey*
Jan 7 14:18 kes.skey*
Mar 26 11:26 kes.start*
Jan 7 14:18 kes.vkey*
Mar 26 11:26 op.cert*
Nov 16 11:02 pool.cert*
Nov 16 11:02 pool.config*
Oct 19 18:37 pool.id*
Oct 19 18:37 pool.id-bech32*
Nov 16 11:02 poolmeta.json*
Jan 7 14:18 vrf.skey*
Jan 7 14:18 vrf.vkey*

Forgot to ask. Is the Rotate option a new one?

Back in January I used some elaborate multistep instruction to rotate keys using cardano-cli. That may have caused the hot.* vs kes.* confusion.

1 Like

If you used something else than cntools, that is very, very likely. Mixing methods will always give confusion. The filenames are not prescribed/standardised by cardano-node itself, but each helper project and guide decides on their own way of organising things.

So, not having the keys that cntools doesn’t know or care about updated in this round is also not an issue.

As u can see also the hot.skey was renewed… so I believe u used a wrong file… this must be… now the scripts are checking the hot.skey before to start the node

Took over an hour to sync but it’s running fine. Thank you both!

1 Like