Rotating Signers Intro

Rotating Block Signers Service

The rotate signers service is an inclusion and optimization service for environments running IBFT consensus. Kaleido caps the active signers limit at 16 to ensure the stability and performance of the algorithm, and as such this service allows for environments with more than 16 signing nodes to achieve equitable participation in the voting and block signing processes. For environments with 16 or fewer signing nodes, the active signer count can be lowered to optimize the algorithm’s threads while still maintaining maximum byzantine fault tolerance.

Provisioning the Service

You can elect for one of two approaches to provision the Rotate Signers Service: Kaleido Console UI or Admin API. For users unfamiliar with the Kaleido REST API, the console interface is the recommended happy path. Both approaches will ultimately result in a new instance of the Rotate Signers Service instance running within the specified environment.

Via the console

  • Navigate to an existing environment and click the + ADD dropdown in the top portion right of the screen and click Add Services.
  • Select the Rotate Signers Service and click ADD.
  • Optionally supply an arbitrary name for the service and click ADD. click DONE to finish the deployment.
  • The newly created App to App Service instance will appear at the bottom of your environment panel under SERVICES.
  • The service is ready for use when a green dot appears next to it.

Via the API

NOTE: The following deployment approach assumes a strong understanding of the Kaleido APIs. Please refer to the Kaleido Resource Model for object relationships, the API 101 topic for sample CRUD operations and api.kaleido.io for detailed descriptions of the various endpoints and routes.

The Rotate Signers service is provisioned against the /services API endpoint and exist as a “utility” type service. In other words, the resource is shared amongst the environment. In a decentralized consortium, the service can only be deployed and operated by member organizations with the “manage environments” permission.

To programmatically create the Rotate Signers service, specify the consortia and environment IDs in the path and POST to the /services endpoint with a name, the service type and membership ID in the body of the call. The forthcoming sample commands assume that the following environment variables have been set as follows:

export APIURL="https://console.kaleido.io/api/v1"
export APIKEY="YOUR_API_KEY"
export HDR_AUTH="Authorization: Bearer $APIKEY"
export HDR_CT="Content-Type: application/json"

If you are targeting an environment outside of the US or on Azure, make sure to modify your URL accordingly. The ap qualifier resolves to Sydney, while ko resolves to Seoul. The us1 qualifier designates an environment configured with Azure US West as the home region:

export APIURL="https://console-eu.kaleido.io/api/v1"
export APIURL="https://console-ap.kaleido.io/api/v1"
export APIURL="https://console-ko.kaleido.io/api/v1"
export APIURL="https://console-us1.kaleido.io/api/v1"

Use the POST method to provision the service and optionally format the output using jq:

# replace the membership_id placeholder with one of your membership IDs
curl -X POST -H "$HDR_AUTH" -H "$HDR_CT" "$APIURL/consortia/{consortia_id}/environments/{environment_id}/services" -d '{"name":"exampleRotateSignersInstance", "service":"rotatesigners", "membership_id":"{membership_id}"}' | jq

This will return you a JSON payload containing the service ID. Keep the service ID handy, you will need it to configure and activate the service.

Next, you can call a GET on the /services endpoint and specify the service id in the route. For example:

curl -X GET -H "$HDR_AUTH" -H "$HDR_CT" "$APIURL/consortia/{consortia_id}/environments{environment_id}/services/{service_id}" | jq

This call returns a JSON payload containing additional details for the Rotate Signers service instance.

Configuring, Activating and Operating the Service