175 lines
5.4 KiB
Nim
Raw Normal View History

Support for driving multiple EL nodes from a single Nimbus BN (#4465) * Support for driving multiple EL nodes from a single Nimbus BN Full list of changes: * Eth1Monitor has been renamed to ELManager to match its current responsibilities better. * The ELManager is no longer optional in the code (it won't have a nil value under any circumstances). * The support for subscribing for headers was removed as it only worked with WebSockets and contributed significant complexity while bringing only a very minor advantage. * The `--web3-url` parameter has been deprecated in favor of a new `--el` parameter. The new parameter has a reasonable default value and supports specifying a different JWT for each connection. Each connection can also be configured with a different set of responsibilities (e.g. download deposits, validate blocks and/or produce blocks). On the command-line, these properties can be configured through URL properties stored in the #anchor part of the URL. In TOML files, they come with a very natural syntax (althrough the URL scheme is also supported). * The previously scattered EL-related state and logic is now moved to `eth1_monitor.nim` (this module will be renamed to `el_manager.nim` in a follow-up commit). State is assigned properly either to the `ELManager` or the to individual `ELConnection` objects where appropriate. The ELManager executes all Engine API requests against all attached EL nodes, in parallel. It compares their results and if there is a disagreement regarding the validity of a certain payload, this is detected and the beacon node is protected from publishing a block with a potential execution layer consensus bug in it. The BN provides metrics per EL node for the number of successful or failed requests for each type Engine API requests. If an EL node goes offline and connectivity is resoted later, we report the problem and the remedy in edge-triggered fashion. * More progress towards implementing Deneb block production in the VC and comparing the value of blocks produced by the EL and the builder API. * Adds a Makefile target for the zhejiang testnet
2023-03-05 03:40:21 +02:00
import
std/[options, strutils, uri],
stew/results, chronicles, confutils,
json_serialization, # for logging
toml_serialization, toml_serialization/lexer,
../spec/engine_authentication
type
EngineApiRole* = enum
DepositSyncing = "sync-deposits"
BlockValidation = "validate-blocks"
BlockProduction = "produce-blocks"
EngineApiRoles* = set[EngineApiRole]
EngineApiUrl* = object
url: string
jwtSecret: Option[seq[byte]]
roles: EngineApiRoles
EngineApiUrlConfigValue* = object
url*: string # TODO: Use the URI type here
jwtSecret*: Option[string]
jwtSecretFile*: Option[InputFile]
roles*: Option[EngineApiRoles]
const
defaultEngineApiRoles* = { DepositSyncing, BlockValidation, BlockProduction }
# https://github.com/ethereum/execution-apis/pull/302
defaultJwtSecret* = "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"
defaultEngineApiUrl* = EngineApiUrlConfigValue(
url: "http://127.0.0.1:8551",
jwtSecret: some defaultJwtSecret)
chronicles.formatIt EngineApiUrl:
it.url
proc init*(T: type EngineApiUrl,
url: string,
jwtSecret = none seq[byte],
roles = defaultEngineApiRoles): T =
T(url: url, jwtSecret: jwtSecret, roles: roles)
func url*(engineUrl: EngineApiUrl): string =
engineUrl.url
func jwtSecret*(engineUrl: EngineApiUrl): Option[seq[byte]] =
engineUrl.jwtSecret
func roles*(engineUrl: EngineApiUrl): EngineApiRoles =
engineUrl.roles
func unknownRoleMsg(role: string): string =
"'" & role & "' is not a valid EL function"
template raiseError(reader: var TomlReader, msg: string) =
raiseTomlErr(reader.lex, msg)
template raiseError(reader: var JsonReader, msg: string) =
raiseTomlErr(reader.lex, msg)
proc readValue*(reader: var TomlReader, value: var EngineApiRoles)
{.raises: [Defect, SerializationError, IOError].} =
let roles = reader.readValue seq[string]
if roles.len == 0:
reader.raiseError "At least one role should be provided"
for role in roles:
case role.toLowerAscii
of $DepositSyncing:
value.incl DepositSyncing
of $BlockValidation:
value.incl BlockValidation
of $BlockProduction:
value.incl BlockProduction
else:
reader.raiseError(unknownRoleMsg role)
proc writeValue*(writer: var JsonWriter, roles: EngineApiRoles)
{.raises: [Defect, SerializationError, IOError].} =
var strRoles: seq[string]
for role in EngineApiRole:
if role in roles: strRoles.add $role
writer.writeValue strRoles
proc parseCmdArg*(T: type EngineApiUrlConfigValue, input: string): T
{.raises: [ValueError, Defect].} =
var
uri = parseUri(input)
jwtSecret: Option[string]
jwtSecretFile: Option[InputFile]
roles: Option[EngineApiRoles]
if uri.anchor != "":
for key, value in decodeQuery(uri.anchor):
case key
of "jwtSecret":
jwtSecret = some value
of "jwtSecretFile":
jwtSecretFile = some InputFile.parseCmdArg(value)
of "roles":
var uriRoles: EngineApiRoles = {}
for role in split(value, ","):
case role.toLowerAscii
of $DepositSyncing:
uriRoles.incl DepositSyncing
of $BlockValidation:
uriRoles.incl BlockValidation
of $BlockProduction:
uriRoles.incl BlockProduction
else:
raise newException(ValueError, unknownRoleMsg role)
if uriRoles == {}:
raise newException(ValueError, "The list of roles should not be empty")
roles = some uriRoles
else:
raise newException(ValueError, "'" & key & "' is not a recognized Engine URL property")
uri.anchor = ""
EngineApiUrlConfigValue(
url: $uri,
jwtSecret: jwtSecret,
jwtSecretFile: jwtSecretFile,
roles: roles)
proc toFinalUrl*(confValue: EngineApiUrlConfigValue,
confJwtSecret: Option[seq[byte]]): Result[EngineApiUrl, cstring] =
if confValue.jwtSecret.isSome and confValue.jwtSecretFile.isSome:
return err "The options `jwtSecret` and `jwtSecretFile` should not be specified together"
let jwtSecret = if confValue.jwtSecret.isSome:
some(? parseJwtTokenValue(confValue.jwtSecret.get))
elif confValue.jwtSecretFile.isSome:
some(? loadJwtSecretFile(confValue.jwtSecretFile.get))
else:
confJwtSecret
ok EngineApiUrl.init(
url = confValue.url,
jwtSecret = jwtSecret,
roles = confValue.roles.get(defaultEngineApiRoles))
proc loadJwtSecret*(jwtSecret: Option[InputFile]): Option[seq[byte]] =
if jwtSecret.isSome:
let res = loadJwtSecretFile(jwtSecret.get)
if res.isOk:
some res.value
else:
fatal "Failed to load JWT secret file", err = res.error
quit 1
else:
none seq[byte]
proc toFinalEngineApiUrls*(elUrls: seq[EngineApiUrlConfigValue],
confJwtSecret: Option[InputFile]): seq[EngineApiUrl] =
let jwtSecret = loadJwtSecret confJwtSecret
for elUrl in elUrls:
let engineApiUrl = elUrl.toFinalUrl(jwtSecret).valueOr:
fatal "Invalid EL configuration", err = error
quit 1
result.add engineApiUrl
proc fixupWeb3Urls*(web3Url: var string) =
var normalizedUrl = toLowerAscii(web3Url)
if not (normalizedUrl.startsWith("https://") or
normalizedUrl.startsWith("http://") or
normalizedUrl.startsWith("wss://") or
normalizedUrl.startsWith("ws://")):
warn "The Web3 URL does not specify a protocol. Assuming a WebSocket server", web3Url
web3Url = "ws://" & web3Url