Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Remove stale validator keys during reload #1054

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

feat: Remove stale validator keys during reload #1054

wants to merge 12 commits into from

Conversation

usmansaleem
Copy link
Contributor

@usmansaleem usmansaleem commented Jan 13, 2025
edited
Loading

PR Description

Remove stale validator keys during reload API call. The stale keys will not be listed in public keys API call after reload. They are also disabled in slashing database in eth2 mode.

Fixed Issue(s)

Fixes #1018

Documentation

  • I thought about documentation and added the doc-change-required label to this PR if updates are required.

Changelog

  • I thought about adding a changelog entry, and added one if I deemed necessary.

Testing

  • I thought about testing these changes in a realistic/non-local environment.

@usmansaleem usmansaleem added the doc-change-required Indicates an issue or PR that requires doc to be updated label Jan 13, 2025
@usmansaleem usmansaleem self-assigned this Jan 13, 2025
@usmansaleem usmansaleem marked this pull request as ready for review January 14, 2025 02:22
Matilda-Clerke
Matilda-Clerke reviewed Jan 14, 2025
View reviewed changes
Copy link

@Matilda-Clerke Matilda-Clerke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just the one comment below

signing/src/main/java/tech/pegasys/web3signer/signing/config/DefaultArtifactSignerProvider.java Outdated Show resolved Hide resolved
@usmansaleem
Remove disable validator logic in slashing db. Improved signers loadi…
35680e9 
…ng logic to avoid clearing the map. Also made sure maps are thread-safe by using concurrent maps
jframe
jframe reviewed Jan 20, 2025
View reviewed changes
CHANGELOG.md Outdated
Comment on lines 7 to 11
The reload API call will remove all in-memory keys before loading them again using configuration files and bulk loading.
This unfortunately results in behaviour change of local configuration files pointing to encrypted keystores. Previously
cached local configuration files were avoided being reloaded during reload API call, now they will be reloaded and
reparsed. To keep the old behavior `--reload-keep-stale-keys=true` option can be used which will not remove stale keys
during reload API call.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this still true after the latest changes?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The wording need to change a bit, but we are still loading all the local keystores during the reload because otherwise we won't be able to figure out which keystores are removed. Let me go through the local keystores logic again.

CHANGELOG.md
cached local configuration files were avoided being reloaded during reload API call, now they will be reloaded and
reparsed. To keep the old behavior `--reload-keep-stale-keys=true` option can be used which will not remove stale keys
during reload API call.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should also add a note about the deprecated vertx pool size option being removed

jframe
jframe reviewed Jan 20, 2025
View reviewed changes
signing/src/main/java/tech/pegasys/web3signer/signing/config/DefaultArtifactSignerProvider.java
private final Optional<KeystoresParameters> commitBoostKeystoresParameters;

private final ConcurrentMap<String, ArtifactSigner> signers = new ConcurrentHashMap<>();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What impact does switching to ConcurrentMap have on the startup time for Web3Signer when we have a lot of keys?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will create a performance test (outside of this PR) loading of about 5000 fully encrypted keystores load time at start up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Matilda-Clerke Matilda-Clerke Matilda-Clerke left review comments

@jframe jframe jframe requested changes

Requested changes must be addressed to merge this pull request.

Assignees

@usmansaleem usmansaleem

Labels
doc-change-required Indicates an issue or PR that requires doc to be updated
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Reload endpoint to remove keys that have been deleted
3 participants
@usmansaleem @jframe @Matilda-Clerke