blockworks-foundation
/
solana-with-rpc-optimizations
mirror of https://github.com/blockworks-foundation/solana-with-rpc-optimizations.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

validator: Trusted validators are now called known validators

This commit is contained in:
Trent Nelson 2021-08-17 22:17:46 -06:00 committed by Trent Nelson
parent 169ded9a70
commit e0bc5fa690
8 changed files with 56 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/accounts_hash_verifier.rs
View File

@ -1,7 +1,7 @@
// Service to verify accounts hashes with other trusted validator nodes.
//
// Each interval, publish the snapshat hash which is the full accounts state
// hash on gossip. Monitor gossip for messages from validators in the --trusted-validators
// hash on gossip. Monitor gossip for messages from validators in the `--known-validator`s
// set and halt the node if a mismatch is detected.
use rayon::ThreadPool;

30
docs/src/clusters.md
View File

@ -44,8 +44,8 @@ solana config set --url https://api.devnet.solana.com
$ solana-validator \
--identity validator-keypair.json \
--vote-account vote-account-keypair.json \
--trusted-validator dv1LfzJvDF7S1fBKpFgKoKXK5yoSosmkAdfbxBo1GqJ \
--no-untrusted-rpc \
--known-validator dv1LfzJvDF7S1fBKpFgKoKXK5yoSosmkAdfbxBo1GqJ \
--only-known-rpc \
--ledger ledger \
--rpc-port 8899 \
--dynamic-port-range 8000-8010 \
@ -55,7 +55,7 @@ $ solana-validator \
--limit-ledger-size
```
The `--trusted-validator`s is operated by Solana
The `--known-validator`s is operated by Solana
## Testnet
@ -88,11 +88,11 @@ solana config set --url https://api.testnet.solana.com
$ solana-validator \
--identity validator-keypair.json \
--vote-account vote-account-keypair.json \
--trusted-validator 5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on \
--trusted-validator 7XSY3MrYnK8vq693Rju17bbPkCN3Z7KvvfvJx4kdrsSY \
--trusted-validator Ft5fbkqNa76vnsjYNwjDZUXoTWpP7VYm3mtsaQckQADN \
--trusted-validator 9QxCLckBiJc783jnMvXZubK4wH86Eqqvashtrwvcsgkv \
--no-untrusted-rpc \
--known-validator 5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on \
--known-validator 7XSY3MrYnK8vq693Rju17bbPkCN3Z7KvvfvJx4kdrsSY \
--known-validator Ft5fbkqNa76vnsjYNwjDZUXoTWpP7VYm3mtsaQckQADN \
--known-validator 9QxCLckBiJc783jnMvXZubK4wH86Eqqvashtrwvcsgkv \
--only-known-rpc \
--ledger ledger \
--rpc-port 8899 \
--dynamic-port-range 8000-8010 \
@ -104,7 +104,7 @@ $ solana-validator \
--limit-ledger-size
```
The identity of the `--trusted-validator`s are:
The identity of the `--known-validator`s are:
- `5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on` - Solana Foundation (testnet.solana.com)
- `7XSY3MrYnK8vq693Rju17bbPkCN3Z7KvvfvJx4kdrsSY` - Solana Foundation (Break RPC node)
@ -142,11 +142,11 @@ solana config set --url https://api.mainnet-beta.solana.com
$ solana-validator \
--identity ~/validator-keypair.json \
--vote-account ~/vote-account-keypair.json \
--trusted-validator 7Np41oeYqPefeNQEHSv1UDhYrehxin3NStELsSKCT4K2 \
--trusted-validator GdnSyH3YtwcxFvQrVVJMm1JhTS4QVX7MFsX56uJLUfiZ \
--trusted-validator DE1bawNcRJB9rVm3buyMVfr8mBEoyyu73NBovf2oXJsJ \
--trusted-validator CakcnaRDHka2gXyfbEd2d3xsvkJkqsLw2akB3zsN1D2S \
--no-untrusted-rpc \
--known-validator 7Np41oeYqPefeNQEHSv1UDhYrehxin3NStELsSKCT4K2 \
--known-validator GdnSyH3YtwcxFvQrVVJMm1JhTS4QVX7MFsX56uJLUfiZ \
--known-validator DE1bawNcRJB9rVm3buyMVfr8mBEoyyu73NBovf2oXJsJ \
--known-validator CakcnaRDHka2gXyfbEd2d3xsvkJkqsLw2akB3zsN1D2S \
--only-known-rpc \
--ledger ledger \
--rpc-port 8899 \
--private-rpc \
@ -161,4 +161,4 @@ $ solana-validator \
--limit-ledger-size
```
All four `--trusted-validator`s are operated by Solana
All four `--known-validator`s are operated by Solana

14
docs/src/developing/clients/jsonrpc-api.md
View File

@ -205,11 +205,11 @@ health-check mechanism for use by load balancers or other network
infrastructure. This request will always return a HTTP 200 OK response with a body of
"ok", "behind" or "unknown" based on the following conditions:
1. If one or more `--trusted-validator` arguments are provided to `solana-validator`, "ok" is returned
1. If one or more `--known-validator` arguments are provided to `solana-validator`, "ok" is returned
when the node has within `HEALTH_CHECK_SLOT_DISTANCE` slots of the highest
trusted validator, otherwise "behind". "unknown" is returned when no slot
information from trusted validators is not yet available.
2. "ok" is always returned if no trusted validators are provided.
known validator, otherwise "behind". "unknown" is returned when no slot
information from known validators is not yet available.
2. "ok" is always returned if no known validators are provided.
## JSON RPC API Reference
@ -1195,10 +1195,10 @@ Result:
Returns the current health of the node.
If one or more `--trusted-validator` arguments are provided to
If one or more `--known-validator` arguments are provided to
`solana-validator`, "ok" is returned when the node has within
`HEALTH_CHECK_SLOT_DISTANCE` slots of the highest trusted validator, otherwise
an error is returned. "ok" is always returned if no trusted validators are
`HEALTH_CHECK_SLOT_DISTANCE` slots of the highest known validator, otherwise
an error is returned. "ok" is always returned if no known validators are
provided.
#### Parameters:

6
docs/src/integrations/exchange.md
View File

@ -37,8 +37,8 @@ solana-validator \
--no-voting \
--enable-rpc-transaction-history \
--limit-ledger-size \
--trusted-validator <VALIDATOR_ADDRESS> \
--no-untrusted-rpc
--known-validator <VALIDATOR_ADDRESS> \
--only-known-rpc
```
Customize `--ledger` to your desired ledger storage location, and `--rpc-port` to the port you want to expose.
@ -56,7 +56,7 @@ default limit value used by `--limit-ledger-size`. More information about
selecting a custom limit value is [available
here](https://github.com/solana-labs/solana/blob/583cec922b6107e0f85c7e14cb5e642bc7dfb340/core/src/ledger_cleanup_service.rs#L15-L26).
Specifying one or more `--trusted-validator` parameters can protect you from booting from a malicious snapshot. [More on the value of booting with trusted validators](../running-validator/validator-start.md#trusted-validators)
Specifying one or more `--known-validator` parameters can protect you from booting from a malicious snapshot. [More on the value of booting with known validators](../running-validator/validator-start.md#known-validators)
Optional parameters to consider:

8
docs/src/running-validator/restart-cluster.md
View File

@ -54,9 +54,9 @@ Post something like the following to #announcements (adjusting the text as appro
> --hard-fork SLOT_X # <-- NEW! IMPORTANT! REMOVE AFTER THIS RESTART
> --no-snapshot-fetch # <-- NEW! IMPORTANT! REMOVE AFTER THIS RESTART
> --entrypoint entrypoint.testnet.solana.com:8001
> --trusted-validator 5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on
> --known-validator 5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on
> --expected-genesis-hash 4uhcVJyU9pJkvQyS88uRDiswHXSCkY3zQawwpjk2NsNY
> --no-untrusted-rpc
> --only-known-rpc
> --limit-ledger-size
> ... # <-- your other --identity/--vote-account/etc arguments
> ```
@ -68,9 +68,9 @@ Post something like the following to #announcements (adjusting the text as appro
> --wait-for-supermajority SLOT_X # <-- NEW! IMPORTANT! REMOVE AFTER THIS RESTART
> --expected-bank-hash NEW_BANK_HASH # <-- NEW! IMPORTANT! REMOVE AFTER THIS RESTART
> --entrypoint entrypoint.testnet.solana.com:8001
> --trusted-validator 5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on
> --known-validator 5D1fNXzvv5NjV1ysLjirC4WY92RNsVH18vjmcszZd8on
> --expected-genesis-hash 4uhcVJyU9pJkvQyS88uRDiswHXSCkY3zQawwpjk2NsNY
> --no-untrusted-rpc
> --only-known-rpc
> --limit-ledger-size
> ... # <-- your other --identity/--vote-account/etc arguments
> ```

14
docs/src/running-validator/validator-start.md
View File

@ -258,15 +258,15 @@ solana create-vote-account ~/vote-account-keypair.json ~/validator-keypair.json
Read more about [creating and managing a vote account](vote-accounts.md).
## Trusted validators
## Known validators
If you know and trust other validator nodes, you can specify this on the command line with the `--trusted-validator <PUBKEY>`
argument to `solana-validator`. You can specify multiple ones by repeating the argument `--trusted-validator <PUBKEY1> --trusted-validator <PUBKEY2>`.
This has two effects, one is when the validator is booting with `--no-untrusted-rpc`, it will only ask that set of
trusted nodes for downloading genesis and snapshot data. Another is that in combination with the `--halt-on-trusted-validator-hash-mismatch` option,
it will monitor the merkle root hash of the entire accounts state of other trusted nodes on gossip and if the hashes produce any mismatch,
If you know and respect other validator operators, you can specify this on the command line with the `--known-validator <PUBKEY>`
argument to `solana-validator`. You can specify multiple ones by repeating the argument `--known-validator <PUBKEY1> --known-validator <PUBKEY2>`.
This has two effects, one is when the validator is booting with `--only-known-rpc`, it will only ask that set of
known nodes for downloading genesis and snapshot data. Another is that in combination with the `--halt-on-known-validator-hash-mismatch` option,
it will monitor the merkle root hash of the entire accounts state of other known nodes on gossip and if the hashes produce any mismatch,
the validator will halt the node to prevent the validator from voting or processing potentially incorrect state values. At the moment, the slot that
the validator publishes the hash on is tied to the snapshot interval. For the feature to be effective, all validators in the trusted
the validator publishes the hash on is tied to the snapshot interval. For the feature to be effective, all validators in the known
set should be set to the same snapshot interval value or multiples of the same.
It is highly recommended you use these options to prevent malicious snapshot state download or

4
multinode-demo/validator.sh
View File

@ -143,10 +143,10 @@ while [[ -n $1 ]]; do
elif [[ $1 = --log ]]; then
args+=("$1" "$2")
shift 2
elif [[ $1 = --trusted-validator ]]; then
elif [[ $1 = --known-validator ]]; then
args+=("$1" "$2")
shift 2
elif [[ $1 = --halt-on-trusted-validators-accounts-hash-mismatch ]]; then
elif [[ $1 = --halt-on-known-validators-accounts-hash-mismatch ]]; then
args+=("$1")
shift
elif [[ $1 = --max-genesis-archive-unpacked-size ]]; then

30
validator/src/main.rs
View File

@ -462,7 +462,7 @@ fn get_rpc_node(
.count();
info!(
"Total {} RPC nodes found. {} trusted, {} blacklisted ",
"Total {} RPC nodes found. {} known, {} blacklisted ",
rpc_peers_total, rpc_peers_trusted, rpc_peers_blacklisted
);
@ -475,7 +475,7 @@ fn get_rpc_node(
blacklisted_rpc_nodes.clear();
Some("Blacklist timeout expired".to_owned())
} else {
Some("Wait for trusted rpc peers".to_owned())
Some("Wait for known rpc peers".to_owned())
};
continue;
}
@ -937,11 +937,12 @@ fn rpc_bootstrap(
&& trusted_validators.len() == 1
&& bootstrap_config.no_untrusted_rpc {
warn!("The snapshot download is too slow, throughput: {} < min speed {} bytes/sec, but will NOT abort \
and try a different node as it is the only trusted validator and the no-untrusted-rpc is set. \
and try a different node as it is the only known validator and the --only-known-rpc flag \
is set. \
Abort count: {}, Progress detail: {:?}",
download_progress.last_throughput, minimal_snapshot_download_speed,
download_abort_count, download_progress);
return true; // Do not abort download from the one-and-only trusted validator
return true; // Do not abort download from the one-and-only known validator
}
}
warn!("The snapshot download is too slow, throughput: {} < min speed {} bytes/sec, will abort \
@ -1258,10 +1259,10 @@ pub fn main() {
.value_name("SLOT_DISTANCE")
.takes_value(true)
.default_value("150")
.help("If --trusted-validators are specified, report this validator healthy \
.help("If --known-validators are specified, report this validator healthy \
if its latest account hash is no further behind than this number of \
slots from the latest trusted validator account hash. \
If no --trusted-validators are specified, the validator will always \
slots from the latest known validator account hash. \
If no --known-validators are specified, the validator will always \
report itself to be healthy")
)
.arg(
@ -1555,7 +1556,8 @@ pub fn main() {
)
.arg(
Arg::with_name("trusted_validators")
.long("trusted-validator")
.alias("trusted-validator")
.long("known-validator")
.validator(is_pubkey)
.value_name("VALIDATOR IDENTITY")
.multiple(true)
@ -1574,9 +1576,10 @@ pub fn main() {
)
.arg(
Arg::with_name("no_untrusted_rpc")
.long("no-untrusted-rpc")
.alias("no-untrusted-rpc")
.long("only-known-rpc")
.takes_value(false)
.help("Use the RPC service of trusted validators only")
.help("Use the RPC service of known validators only")
)
.arg(
Arg::with_name("repair_validators")
@ -1744,10 +1747,11 @@ pub fn main() {
)
.arg(
Arg::with_name("halt_on_trusted_validators_accounts_hash_mismatch")
.long("halt-on-trusted-validators-accounts-hash-mismatch")
.alias("halt-on-trusted-validators-accounts-hash-mismatch")
.long("halt-on-known-validators-accounts-hash-mismatch")
.requires("trusted_validators")
.takes_value(false)
.help("Abort the validator if a bank hash mismatch is detected within trusted validator set"),
.help("Abort the validator if a bank hash mismatch is detected within known validator set"),
)
.arg(
Arg::with_name("frozen_accounts")
@ -2282,7 +2286,7 @@ pub fn main() {
&identity_keypair.pubkey(),
&matches,
"trusted_validators",
"--trusted-validator",
"--known-validator",
);
let repair_validators = validators_set(
&identity_keypair.pubkey(),