Orchestrator are you to "Blame"

TSS Peer Public Key Monitor

A bash script utility to monitor and check if your node’s TSS peer public key appears in the orchestrator logs as a blamed node.

Features

  • Fetches identity information from local node API
  • Extracts TSS peer public key using jq
  • Searches orchestrator service logs for blamed node entries
  • Includes error handling

Prerequisites

  • curl (usually pre-installed on Linux)
  • jq for JSON parsing
  • Access to journalctl (requires root privileges for system services)
  • Running orchestrator service
  • Node API running on http://127.0.0.1:55000

Installation

1. Install jq

Debian/Ubuntu


sudo apt-get update

sudo apt-get install jq

2. Create the Script

Create a file named blamed_node.sh with the following content:


#!/bin/bash

# Run curl command and store output

output=$(curl -s -X POST -d '{"method":"getIdentity", "params":[]}' -H "Content-Type: application/json" http://127.0.0.1:55000)

# Check if curl command was successful

if [ $? -ne 0 ]; then

echo "Error: Failed to execute curl command"

exit 1

fi

# Parse tssPeerPubKey using jq

tss_peer_pubkey=$(echo "$output" | jq -r '.result.tssPeerPubKey')

# Check if tssPeerPubKey was extracted

if [ -z "$tss_peer_pubkey" ]; then

echo "Error: Failed to parse tssPeerPubKey from output"

exit 1

fi

# Grep logs for the tssPeerPubKey

echo "Searching logs for tssPeerPubKey: $tss_peer_pubkey"

journalctl -u orchestrator | grep "Blamed node pubKey: $tss_peer_pubkey"

3. Make the Script Executable


chmod +x blamed_node.sh

Usage

Run the script:


./blamed_node.sh

If the orchestrator logs require root privileges:


sudo ./blamed_node.sh

Example Output

Successful output:

Searching logs for tssPeerPubKey: +A0hUku+26d4RmXzHtQ6sO9Y0pHoeEdPcAMZf5AXq8E=
May 21 21:36:54 deez-pillar orchestrator[573329]: 2025-05-21T21:36:54.795Z        DEBUG        node/node.go:427        Blamed node pubKey: +A0hUku+26d4RmXzHtQ6sO9Y0pHoeEdPcAMZf5AXq8E=

Error output:

Error: Failed to execute curl command

Configuration

  • The script assumes the node API is running on http://127.0.0.1:55000. Modify the URL in the script if your setup uses a different address or port.
  • The script assumes the orchestrator service is managed by systemd. Adjust the journalctl command if your logs are stored elsewhere.
  • To limit log search to recent entries, add the -n flag to journalctl (e.g., journalctl -u orchestrator -n 1000).

Troubleshooting

Common Issues

  1. Curl Error
  • Check if the API endpoint is accessible: curl http://127.0.0.1:55000
  1. jq Error
  • Verify jq installation: jq --version
  1. No Logs Found
  • Confirm orchestrator service name
  • Ensure you have permission to access logs
1 Like