I successfully upgraded my two relays. The BP refuses to start.
Below is the output of sudo systemctl status cnode
cnode.service - Cardano Node
Loaded: loaded (/etc/systemd/system/cnode.service; enabled; vendor preset: enabled)
Active: activating (auto-restart) (Result: exit-code) since Sat 2022-03-26 09:02:25 EDT; 4s ago
Process: 62076 ExecStart=/bin/bash -l -c exec /opt/cardano/cnode/scripts/cnode.sh (code=exited, status=1/FAILURE)
Main PID: 62076 (code=exited, status=1/FAILURE)
I see the following in the output of journalctl -u cnode -f -o cat:
The KES key provided at:
"/opt/cardano/cnode/priv/pool/ADALF1/hot.skey" does not match the KES key specified in the operational certificate at:
did u uploaded some files to the node?
No, i didn’t upload anything. Rotated keys on January 7 and the node worked fine before the update.
go to ADALF1 folder and type ls -l and check the dates and the files
Here is the content of /opt/cardano/cnode/priv/pool/ADALF1
Jan 7 14:18 cold.counter
Jan 11 18:58 cold.skey.gpg
Jan 7 14:18 cold.vkey
Oct 19 18:37 hot.skey
Oct 19 18:37 hot.vkey
Jan 7 14:18 kes.skey
Oct 19 18:37 kes.start
Jan 7 14:18 kes.vkey
Jan 7 14:18 op.cert
Nov 16 11:02 pool.cert
Nov 16 11:02 pool.config
Oct 19 18:37 pool.id
Oct 19 18:37 pool.id-bech32
Nov 16 11:02 poolmeta.json
Jan 7 14:18 vrf.skey
Jan 7 14:18 vrf.vkey
It tries to use a pretty old
hot.skey instead of the new
kes.skey. @Alexd1985, where in the configuration files is that set?
go to cntools - pool - rotate and restart the node
before type cat cold.counter and check the counter…
"description": "Next certificate issue number: 1",
./cntools.sh -o gives me this:
** WARNING **
Pool ADALF1 in need of KES key rotation
Keys expired! : 69d 00:00:00 ago
press any key to proceed ..
I will rotate the keys again but can you explain the root cause of this issue? Did i do something wrong the last time i rotated the keys? Is it a cnode defect?
U are receiving that warning because the node didn’t started as a Producer (KES expired)… I don’t know… perhaps they upgraded the scripts/cntools and from now on it will not let u start the node if u are using wrong files… which is awesome
I believe you are using an old file… try to rotate the KES then check inside the ADALF1 folder (ls -l) if the date changed/renewed also for hot.skey
Before this modify to 2 and save the file (Next certificate issue number: 2)
I would guess that before the upgrade you had changed the default location for your keys from
kes.* in the
And after the upgrade it is using the standard location again.
(Which also means that you wouldn’t need to rotate again if you just uncomment and change these two lines in
kes.skey. Just needs to be remembered that there is something non-default.)
these lines should not be uncommented if u are using the default configuration, only the
Yes, but the question was:
Having fiddled with the
env file in the past is a strong candidate for this root cause.
Those two lines are commented and i will leave them commented. I only changed the POOL_NAME.
I can feel the happy end - the node started and is synchronizing now.
Not all keys are updated, though. Is it an issue?
Mar 26 11:26 cold.counter*
Mar 26 11:23 cold.skey*
Jan 7 14:18 cold.vkey*
Mar 26 11:26 hot.skey*
Mar 26 11:26 hot.vkey*
Jan 7 14:18 kes.skey*
Mar 26 11:26 kes.start*
Jan 7 14:18 kes.vkey*
Mar 26 11:26 op.cert*
Nov 16 11:02 pool.cert*
Nov 16 11:02 pool.config*
Oct 19 18:37 pool.id*
Oct 19 18:37 pool.id-bech32*
Nov 16 11:02 poolmeta.json*
Jan 7 14:18 vrf.skey*
Jan 7 14:18 vrf.vkey*
Forgot to ask. Is the Rotate option a new one?
Back in January I used some elaborate multistep instruction to rotate keys using cardano-cli. That may have caused the hot.* vs kes.* confusion.
If you used something else than cntools, that is very, very likely. Mixing methods will always give confusion. The filenames are not prescribed/standardised by
cardano-node itself, but each helper project and guide decides on their own way of organising things.
So, not having the keys that cntools doesn’t know or care about updated in this round is also not an issue.
As u can see also the hot.skey was renewed… so I believe u used a wrong file… this must be… now the scripts are checking the hot.skey before to start the node
Took over an hour to sync but it’s running fine. Thank you both!