Skip to main content

Azure update for API Co-Signers (March 2023)

  • Updated

Important

  • This update only affects the DCsv3 and DCdsv3 series instances. To verify the machine type for your Azure-hosted API Co-Signer, navigate to your Azure Portal Virtual Machines, visit the Overview page of your machine, and look for the Size field.
  • If a request to sign a new transaction is made during the post-maintenance reboot, the transaction will enter the Pending signature status until the API Co-Signer comes back online and processes it.

Overview

Microsoft Azure is patching instance types that support the Fireblocks API Co-Signer software. To avoid unplanned service interruption, all current Fireblocks customers must reboot their machines between February 22nd, 2023 14:00 UTC and March 15th, 2023 12:00 UTC.

Warning

Failure to complete this maintenance before March 16th will result in a sudden reboot triggered by Microsoft Azure between March 16th, 2023 12:00 UTC and March 29th, 2023 12:00 UTC. The machine will be unavailable to sign transactions until the update is complete.

Updating an existing API Co-Signer on Azure

First, update your API Co-Signer software version to version 1.1.6, 1.1.5, or 1.1.4 if it has not already been updated. Refer to the SGX API Co-Signer Script Version History article for more information.

Note that updating to the above versions cannot be done in-place and must be completed using either the "New server" method or the "Re-imaging the Fireblocks software" method. Refer to the Updating the API Co-Signer article for more information.

Next, schedule a maintenance window for your API Co-Signer. During that maintenance window:

  1. Reboot your API Co-Signer.
  2. Wait until the machine is fully up and running.
  3. Confirm that the Microsoft update is complete.
  4. Initiate a test transaction and sign it with the API Co-Signer to verify that it operates as expected.
  5. Complete these steps for all additional API Co-Signer machines.

Note

If you have more than one API Co-Signer, we recommend performing the maintenance on one machine at a time.

Checking the instance's health post-reboot

To verify that the instance is healthy after the maintenance reboot:

  1. Run the following command to output a list of all running containers. 
    # docker ps -a
  2. Confirm the cosigner-init docker container is not running.
  3. Confirm the cosigner docker container is not restarting.
  4. Initiate a test transaction through the API and confirm that the API Co-Signer signs it as expected.

Installing a new API Co-Signer

Follow the instructions in the Configuring an Azure Confidential Compute VM Server for the API Co-Signer article to install a new API Co-Signer machine on Azure. All new instances already include the latest Microsoft updates and are not affected by this issue.

Was this article helpful?
0 out of 0 found this helpful

Related Articles