So, I’m trying to modify my pool pledge with cntools, I started it up on my BP, went to pool > modify and selected hybrid, but I get told no valid pools are available as these files are missing -
Am I doing something wrong? These files shouldn’t be on the live node right? I thought I constructed the modifications in hybrid mode, took them to my offline machine, signed everything and then moved the signed file back to submit.
I tried doing it on my offline machine in case I misunderstood, but was told I couldn’t modify a pool in offline mode.
then use offline mode (cntools) on ur offline machine, build the transaction, then sign it and submit from online node
Yeah I tried that, but then when I go to pool > modify, it says you can’t do that in offline mode.
then in hybrid mode but if ur online machine is also a local server u can do:
- keep the node running and disconnect the server from internet (unplugg the cable)
- copy the cold files to ur online server and build the certificate on hybrid mode
- then go to offline machine and sign the transaction
- submit the new certificate from online server (before delete the cold files and connect back to internet
Unfortunately my online machine is remote.
Humm, I’ll figure it out somehow and report back.
Yeah, because hybrid combines both offline and online method… but if u have a good setup u shouldn’t be any risk to copy the files on online machine)
I remember running into similar issues last time I was updating my pledge as well. I ended up doing the hybrid workflow. I copied the keys that cntools was asking for on the online node (it didn’t require any signing keys), and used my signing keys on my airgapped machine to sign the transaction. After submitting the transaction, I made an offline backup of my priv/pool folder and then removed the keys back down to the bare minimum on the online node.
There may be a better way of using the hybrid workflow, but I couldn’t come up with a better solution at the time. I felt fairly secure in doing this as I have put a good amount into node security, and I limited my exposure.
If anyone has a better way of navigating this, or criticism…please feel free to share!
I’ve just done exactly the same as you, BlocksWell