TSS Peer Public Key Monitor
A bash script utility to monitor and check if your node’s TSS peer public key appears in the orchestrator logs as a blamed node.
Features
- Fetches identity information from local node API
- Extracts TSS peer public key using
jq
- Searches orchestrator service logs for blamed node entries
- Includes error handling
Prerequisites
curl
(usually pre-installed on Linux)jq
for JSON parsing- Access to
journalctl
(requires root privileges for system services) - Running orchestrator service
- Node API running on
http://127.0.0.1:55000
Installation
1. Install jq
Debian/Ubuntu
sudo apt-get update
sudo apt-get install jq
2. Create the Script
Create a file named blamed_node.sh
with the following content:
#!/bin/bash
# Run curl command and store output
output=$(curl -s -X POST -d '{"method":"getIdentity", "params":[]}' -H "Content-Type: application/json" http://127.0.0.1:55000)
# Check if curl command was successful
if [ $? -ne 0 ]; then
echo "Error: Failed to execute curl command"
exit 1
fi
# Parse tssPeerPubKey using jq
tss_peer_pubkey=$(echo "$output" | jq -r '.result.tssPeerPubKey')
# Check if tssPeerPubKey was extracted
if [ -z "$tss_peer_pubkey" ]; then
echo "Error: Failed to parse tssPeerPubKey from output"
exit 1
fi
# Grep logs for the tssPeerPubKey
echo "Searching logs for tssPeerPubKey: $tss_peer_pubkey"
journalctl -u orchestrator | grep "Blamed node pubKey: $tss_peer_pubkey"
3. Make the Script Executable
chmod +x blamed_node.sh
Usage
Run the script:
./blamed_node.sh
If the orchestrator logs require root privileges:
sudo ./blamed_node.sh
Example Output
Successful output:
Searching logs for tssPeerPubKey: +A0hUku+26d4RmXzHtQ6sO9Y0pHoeEdPcAMZf5AXq8E=
May 21 21:36:54 deez-pillar orchestrator[573329]: 2025-05-21T21:36:54.795Z DEBUG node/node.go:427 Blamed node pubKey: +A0hUku+26d4RmXzHtQ6sO9Y0pHoeEdPcAMZf5AXq8E=
Error output:
Error: Failed to execute curl command
Configuration
- The script assumes the node API is running on
http://127.0.0.1:55000
. Modify the URL in the script if your setup uses a different address or port. - The script assumes the orchestrator service is managed by systemd. Adjust the
journalctl
command if your logs are stored elsewhere. - To limit log search to recent entries, add the
-n
flag tojournalctl
(e.g.,journalctl -u orchestrator -n 1000
).
Troubleshooting
Common Issues
- Curl Error
- Check if the API endpoint is accessible:
curl http://127.0.0.1:55000
- jq Error
- Verify jq installation:
jq --version
- No Logs Found
- Confirm orchestrator service name
- Ensure you have permission to access logs