Skip to content

fix(seid): decouple seid --home from the container HOME env#449

Merged
bdchatham merged 1 commit into
mainfrom
fix/seid-home-decouple-from-datadir
Jul 2, 2026
Merged

fix(seid): decouple seid --home from the container HOME env#449
bdchatham merged 1 commit into
mainfrom
fix/seid-home-decouple-from-datadir

Conversation

@bdchatham

Copy link
Copy Markdown
Collaborator

Problem

seid containers set HOME=/.sei (the data dir). Cosmos-SDK computes DefaultNodeHome = filepath.Join(os.UserHomeDir(), ".sei") = $HOME/.sei, so HOME=/.sei makes any bare seid (e.g. a human kubectl exec running seid keys list) resolve its home to /.sei/.sei. Result: a nested /.sei/.sei/config, .bash_history written onto the data PVC, and bare keyring commands looking in the wrong place. (Reported by Masih.)

The controller's own start/init already pass --home, but they took the value from $HOME — so we can't just move HOME without repointing them.

Fix (atomic)

Every seid invocation now passes an explicit --home /.sei, independent of $HOME:

  • sidecarWaitCommand (the live seid start), the base buildNodeMainContainer args, and the seid-init script — including the genesis.json skip-guard and the tmp mkdir.
  • HOME/home/nonroot, backed by a per-pod emptyDir (guaranteed writable, off the data PVC). Shell/home writes no longer touch /.sei; a bare seid no longer nests at $HOME/.sei.

Why atomic: a partial change (moving HOME without repointing an invocation) would run seid start --home <wronghome> → boot against an empty dir → validator wipe / state-sync redo. All the refs move together.

Deliberately not changed

  • signing-key / node-key mounts; the sidecar-only operator keyring (assertNoOperatorKeyringOnSeidContainers); TMPDIR (=/.sei/tmp, literal).
  • SEI_HOME is intentionally NOT added to the seid container — the seid CLI doesn't honor it (viper prefix is SEID, and client keys reads the raw --home pflag). Only explicit --home works. (This was a false start in the original proposal, caught in review.)

Remediation for existing pods

/.sei/.sei and /.sei/.bash_history are inert junk (seid reads /.sei/config via explicit --home); no migration needed, optional one-time rm -rf to reclaim disk. The init guard now checks /.sei/config/genesis.json, so an OnDelete rolling restart does not re-init.

Follow-ups (separate)

  • internal/task/bootstrap_resources.go mirrors the same HOME/$HOME pattern on the ephemeral bootstrap pod — deferred (TTL-bounded, rarely exec'd).
  • Operator-keyring DX (client.toml keyring-backend = os vs the sidecar's file keyring) — separate item.

Verification

go build ./..., go vet ./..., and go test ./internal/... all green. Root-caused + fix designed/endorsed by systems-engineer + kubernetes-specialist review.

🤖 Generated with Claude Code

seid containers set HOME=/.sei (the data dir). Cosmos-SDK derives
DefaultNodeHome = filepath.Join(os.UserHomeDir(), ".sei") = $HOME/.sei, so
HOME=/.sei makes any bare `seid` (e.g. a human `kubectl exec` running
`seid keys list`) resolve its home to /.sei/.sei — creating a nested
/.sei/.sei/config, dropping .bash_history onto the data PVC, and making bare
keyring commands look in the wrong place. The controller's own start/init
already pass --home, but they took the value FROM $HOME.

Fix (atomic — a partial change would boot `seid start --home <wronghome>`,
i.e. a validator wipe / state-sync redo):
- Every seid invocation now passes an explicit --home <dataDir> (/.sei),
  independent of $HOME: sidecarWaitCommand (the live start), the base
  buildNodeMainContainer args, and the seid-init script (incl. the
  genesis.json skip-guard and the tmp mkdir).
- HOME moves to /home/nonroot, backed by a per-pod emptyDir (guaranteed
  writable, off the data PVC), so shell/home writes never touch /.sei and a
  bare `seid` no longer nests at $HOME/.sei.

Not changed: signing-key/node-key mounts, the sidecar-only operator keyring
(assertNoOperatorKeyringOnSeidContainers), TMPDIR (=dataDir/tmp, literal).
SEI_HOME is intentionally NOT added to the seid container — the seid CLI does
not honor it (viper prefix is SEID, and client `keys` reads the raw --home
pflag); only an explicit --home works.

Remediation for existing pods: /.sei/.sei and /.sei/.bash_history are inert
junk (seid reads /.sei/config via explicit --home); no migration needed. The
init guard now checks /.sei/config/genesis.json, so an OnDelete restart does
not re-init.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cursor

cursor Bot commented Jul 2, 2026

Copy link
Copy Markdown

PR Summary

High Risk
Changes pod env, volumes, and every seid start/init path for live validators; a mismatched rollout could point seid start at the wrong home and risk state loss, though the atomic change and genesis guard on /.sei/config/genesis.json mitigate rolling restarts.

Overview
Decouples seid’s chain data directory from the container HOME env so Cosmos-SDK’s $HOME/.sei default no longer nests state under /.sei/.sei or writes shell junk onto the data PVC.

SeiNode pod generation now sets HOME=/home/nonroot on a dedicated emptyDir volume, while every seid invocation (start, main container args, and seid-init) passes an explicit --home /.sei. The init skip-guard and tmp mkdir use the literal data path instead of $HOME or $(HOME).

Tests and platform.DataDir comments are updated to match the new volume layout and env semantics.

Reviewed by Cursor Bugbot for commit a8fe210. Bugbot is set up for automated code reviews on this repo. Configure here.

@bdchatham bdchatham merged commit b8d6926 into main Jul 2, 2026
5 checks passed
@bdchatham bdchatham deleted the fix/seid-home-decouple-from-datadir branch July 2, 2026 17:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant