zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9865 Commits
183 Branches
291 MiB
Tree: 75dafaeacc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '75dafaeacc'
${ noResults }
tendermint/cmd/priv_val_server/main.go

174 lines
4.8 KiB
Raw Normal View History

Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
libs/os: remove trap signal (#7515)
3 years ago
Close and retry a RemoteSigner on err (#2923) * Close and recreate a RemoteSigner on err * Update changelog * Address Anton's comments / suggestions: - update changelog - restart TCPVal - shut down on `ErrUnexpectedResponse` * re-init remote signer client with fresh connection if Ping fails - add/update TODOs in secret connection - rename tcp.go -> tcp_client.go, same with ipc to clarify their purpose * account for `conn returned by waitConnection can be `nil` - also add TODO about RemoteSigner conn field * Tests for retrying: IPC / TCP - shorter info log on success - set conn and use it in tests to close conn * Tests for retrying: IPC / TCP - shorter info log on success - set conn and use it in tests to close conn - add rwmutex for conn field in IPC * comments and doc.go * fix ipc tests. fixes #2677 * use constants for tests * cleanup some error statements * fixes #2784, race in tests * remove print statement * minor fixes from review * update comment on sts spec * cosmetics * p2p/conn: add failing tests * p2p/conn: make SecretConnection thread safe * changelog * IPCVal signer refactor - use a .reset() method - don't use embedded RemoteSignerClient - guard RemoteSignerClient with mutex - drop the .conn - expose Close() on RemoteSignerClient * apply IPCVal refactor to TCPVal * remove mtx from RemoteSignerClient * consolidate IPCVal and TCPVal, fixes #3104 - done in tcp_client.go - now called SocketVal - takes a listener in the constructor - make tcpListener and unixListener contain all the differences * delete ipc files * introduce unix and tcp dialer for RemoteSigner * rename files - drop tcp_ prefix - rename priv_validator.go to file.go * bring back listener options * fix node * fix priv_val_server * fix node test * minor cleanup and comments
6 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
fix import paths
6 years ago
libs/common: Refactor libs/common 5 (#4240) * libs/common: Refactor libs/common 5 - move mathematical functions and types out of `libs/common` to math pkg - move net functions out of `libs/common` to net pkg - move string functions out of `libs/common` to strings pkg - move async functions out of `libs/common` to async pkg - move bit functions out of `libs/common` to bits pkg - move cmap functions out of `libs/common` to cmap pkg - move os functions out of `libs/common` to os pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing issues * fix tests closes #41417 woooooooooooooooooo kill the cmn pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry * fix goimport issues * run gofmt
5 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
R4R: Split immutable and mutable parts of priv_validator.json (#2870) * split immutable and mutable parts of priv_validator.json * fix bugs * minor changes * retrig test * delete scripts/wire2amino.go * fix test * fixes from review * privval: remove mtx * rearrange priv_validator.go * upgrade path * write tests for the upgrade * fix for unsafe_reset_all * add test * add reset test
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
cmd: avoid package state in cli constructors (#7719)
2 years ago
service: plumb contexts to all (most) threads (#7363) This continues the push of plumbing contexts through tendermint. I attempted to find all goroutines in the production code (non-test) and made sure that these threads would exit when their contexts were canceled, and I believe this PR does that.
3 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
R4R: Split immutable and mutable parts of priv_validator.json (#2870) * split immutable and mutable parts of priv_validator.json * fix bugs * minor changes * retrig test * delete scripts/wire2amino.go * fix test * fixes from review * privval: remove mtx * rearrange priv_validator.go * upgrade path * write tests for the upgrade * fix for unsafe_reset_all * add test * add reset test
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: return errors on loadFilePV (#6185) ## Description - return errors on `loadFilePv` closes #6182
3 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
migrate away from deprecated ioutil APIs (#7175) Co-authored-by: Callum Waters <cmwaters19@gmail.com> Co-authored-by: M. J. Fromberger <fromberger@interchain.io>
3 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
libs/common: Refactor libs/common 5 (#4240) * libs/common: Refactor libs/common 5 - move mathematical functions and types out of `libs/common` to math pkg - move net functions out of `libs/common` to net pkg - move string functions out of `libs/common` to strings pkg - move async functions out of `libs/common` to async pkg - move bit functions out of `libs/common` to bits pkg - move cmap functions out of `libs/common` to cmap pkg - move os functions out of `libs/common` to os pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * fix testing issues * fix tests closes #41417 woooooooooooooooooo kill the cmn pkg Signed-off-by: Marko Baricevic <marbar3778@yahoo.com> * add changelog entry * fix goimport issues * run gofmt
5 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
privval: fixes from review (#3126) https://github.com/tendermint/tendermint/pull/2923#pullrequestreview-192065694
6 years ago
Close and retry a RemoteSigner on err (#2923) * Close and recreate a RemoteSigner on err * Update changelog * Address Anton's comments / suggestions: - update changelog - restart TCPVal - shut down on `ErrUnexpectedResponse` * re-init remote signer client with fresh connection if Ping fails - add/update TODOs in secret connection - rename tcp.go -> tcp_client.go, same with ipc to clarify their purpose * account for `conn returned by waitConnection can be `nil` - also add TODO about RemoteSigner conn field * Tests for retrying: IPC / TCP - shorter info log on success - set conn and use it in tests to close conn * Tests for retrying: IPC / TCP - shorter info log on success - set conn and use it in tests to close conn - add rwmutex for conn field in IPC * comments and doc.go * fix ipc tests. fixes #2677 * use constants for tests * cleanup some error statements * fixes #2784, race in tests * remove print statement * minor fixes from review * update comment on sts spec * cosmetics * p2p/conn: add failing tests * p2p/conn: make SecretConnection thread safe * changelog * IPCVal signer refactor - use a .reset() method - don't use embedded RemoteSignerClient - guard RemoteSignerClient with mutex - drop the .conn - expose Close() on RemoteSignerClient * apply IPCVal refactor to TCPVal * remove mtx from RemoteSignerClient * consolidate IPCVal and TCPVal, fixes #3104 - done in tcp_client.go - now called SocketVal - takes a listener in the constructor - make tcpListener and unixListener contain all the differences * delete ipc files * introduce unix and tcp dialer for RemoteSigner * rename files - drop tcp_ prefix - rename priv_validator.go to file.go * bring back listener options * fix node * fix priv_val_server * fix node test * minor cleanup and comments
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
privval: refactor Remote signers (#3370) This PR is related to #3107 and a continuation of #3351 It is important to emphasise that in the privval original design, client/server and listening/dialing roles are inverted and do not follow a conventional interaction. Given two hosts A and B: Host A is listener/client Host B is dialer/server (contains the secret key) When A requires a signature, it needs to wait for B to dial in before it can issue a request. A only accepts a single connection and any failure leads to dropping the connection and waiting for B to reconnect. The original rationale behind this design was based on security. Host B only allows outbound connections to a list of whitelisted hosts. It is not possible to reach B unless B dials in. There are no listening/open ports in B. This PR results in the following changes: Refactors ping/heartbeat to avoid previously existing race conditions. Separates transport (dialer/listener) from signing (client/server) concerns to simplify workflow. Unifies and abstracts away the differences between unix and tcp sockets. A single signer endpoint implementation unifies connection handling code (read/write/close/connection obj) The signer request handler (server side) is customizable to increase testability. Updates and extends unit tests A high level overview of the classes is as follows: Transport (endpoints): The following classes take care of establishing a connection SignerDialerEndpoint SignerListeningEndpoint SignerEndpoint groups common functionality (read/write/timeouts/etc.) Signing (client/server): The following classes take care of exchanging request/responses SignerClient SignerServer This PR also closes #3601 Commits: * refactoring - work in progress * reworking unit tests * Encapsulating and fixing unit tests * Improve tests * Clean up * Fix/improve unit tests * clean up tests * Improving service endpoint * fixing unit test * fix linter issues * avoid invalid cache values (improve later?) * complete implementation * wip * improved connection loop * Improve reconnections + fixing unit tests * addressing comments * small formatting changes * clean up * Update node/node.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * check during initialization * dropping connecting when writing fails * removing break * use t.log instead * unifying and using cmn.GetFreePort() * review fixes * reordering and unifying drop connection * closing instead of signalling * refactored service loop * removed superfluous brackets * GetPubKey can return errors * Revert "GetPubKey can return errors" This reverts commit 68c06f19b4650389d7e5ab1659b318889028202c. * adding entry to changelog * Update CHANGELOG_PENDING.md Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_client.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_dialer_endpoint.go Co-Authored-By: jleni <juan.leni@zondax.ch> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: jleni <juan.leni@zondax.ch> * updating node.go * review fixes * fixes linter * fixing unit test * small fixes in comments * addressing review comments * addressing review comments 2 * reverting suggestion * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_client_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * Update privval/signer_listener_endpoint_test.go Co-Authored-By: Anton Kaliaev <anton.kalyaev@gmail.com> * do not expose brokenSignerDialerEndpoint * clean up logging * unifying methods shorten test time signer also drops * reenabling pings * improving testability + unit test * fixing go fmt + unit test * remove unused code * Addressing review comments * simplifying connection workflow * fix linter/go import issue * using base service quit * updating comment * Simplifying design + adjusting names * fixing linter issues * refactoring test harness + fixes * Addressing review comments * cleaning up * adding additional error check
5 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
libs/os: remove trap signal (#7515)
3 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
libs/os: remove trap signal (#7515)
3 years ago
Unclean shutdown on SIGINT / SIGTERM (#3308) * libs/common: TrapSignal accepts logger as a first parameter and does not block anymore * previously it was dumping "captured ..." msg to os.Stdout * TrapSignal should not be responsible for blocking thread of execution Refs #3238 * exit with zero (0) code upon receiving SIGTERM/SIGINT Refs #3238 * fix formatting in docs/app-dev/abci-cli.md Co-Authored-By: melekes <anton.kalyaev@gmail.com> * fix formatting in docs/app-dev/abci-cli.md Co-Authored-By: melekes <anton.kalyaev@gmail.com>
5 years ago
Revert "delete everything" (includes everything non-go-crypto) This reverts commit 96a3502
6 years ago
privval: add grpc (#5725) Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
4 years ago
 
  1. package main
  2. 

  3. import (
  4. 	"context"
  5. 	"crypto/tls"
  6. 	"crypto/x509"
  7. 	"flag"
  8. 	"fmt"
  9. 	"net"
  10. 	"net/http"
  11. 	"os"
  12. 	"os/signal"
  13. 	"syscall"
  14. 	"time"
  15. 

  16. 	grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
  17. 	"github.com/prometheus/client_golang/prometheus"
  18. 	"github.com/prometheus/client_golang/prometheus/promhttp"
  19. 	"google.golang.org/grpc"
  20. 	"google.golang.org/grpc/credentials"
  21. 

  22. 	"github.com/tendermint/tendermint/libs/log"
  23. 	tmnet "github.com/tendermint/tendermint/libs/net"
  24. 	"github.com/tendermint/tendermint/privval"
  25. 	grpcprivval "github.com/tendermint/tendermint/privval/grpc"
  26. 	privvalproto "github.com/tendermint/tendermint/proto/tendermint/privval"
  27. )
  28. 

  29. var (
  30. 	// Create a metrics registry.

  31. 	reg = prometheus.NewRegistry()
  32. 

  33. 	// Create some standard server metrics.

  34. 	grpcMetrics = grpc_prometheus.NewServerMetrics()
  35. )
  36. 

  37. func main() {
  38. 	var (
  39. 		addr             = flag.String("addr", "127.0.0.1:26659", "Address to listen on (host:port)")
  40. 		chainID          = flag.String("chain-id", "mychain", "chain id")
  41. 		privValKeyPath   = flag.String("priv-key", "", "priv val key file path")
  42. 		privValStatePath = flag.String("priv-state", "", "priv val state file path")
  43. 		insecure         = flag.Bool("insecure", false, "allow server to run insecurely (no TLS)")
  44. 		certFile         = flag.String("certfile", "", "absolute path to server certificate")
  45. 		keyFile          = flag.String("keyfile", "", "absolute path to server key")
  46. 		rootCA           = flag.String("rootcafile", "", "absolute path to root CA")
  47. 		prometheusAddr   = flag.String("prometheus-addr", "", "address for prometheus endpoint (host:port)")
  48. 	)
  49. 	flag.Parse()
  50. 

  51. 	logger, err := log.NewDefaultLogger(log.LogFormatPlain, log.LogLevelInfo)
  52. 	if err != nil {
  53. 		fmt.Fprintf(os.Stderr, "failed to construct logger: %v", err)
  54. 		os.Exit(1)
  55. 	}
  56. 	logger = logger.With("module", "priv_val")
  57. 

  58. 	ctx, cancel := context.WithCancel(context.Background())
  59. 	defer cancel()
  60. 

  61. 	logger.Info(
  62. 		"Starting private validator",
  63. 		"addr", *addr,
  64. 		"chainID", *chainID,
  65. 		"privKeyPath", *privValKeyPath,
  66. 		"privStatePath", *privValStatePath,
  67. 		"insecure", *insecure,
  68. 		"certFile", *certFile,
  69. 		"keyFile", *keyFile,
  70. 		"rootCA", *rootCA,
  71. 	)
  72. 

  73. 	pv, err := privval.LoadFilePV(*privValKeyPath, *privValStatePath)
  74. 	if err != nil {
  75. 		fmt.Fprint(os.Stderr, err)
  76. 		os.Exit(1)
  77. 	}
  78. 

  79. 	opts := []grpc.ServerOption{}
  80. 	if !*insecure {
  81. 		certificate, err := tls.LoadX509KeyPair(*certFile, *keyFile)
  82. 		if err != nil {
  83. 			fmt.Fprintf(os.Stderr, "failed to load X509 key pair: %v", err)
  84. 			os.Exit(1)
  85. 		}
  86. 

  87. 		certPool := x509.NewCertPool()
  88. 		bs, err := os.ReadFile(*rootCA)
  89. 		if err != nil {
  90. 			fmt.Fprintf(os.Stderr, "failed to read client ca cert: %s", err)
  91. 			os.Exit(1)
  92. 		}
  93. 

  94. 		if ok := certPool.AppendCertsFromPEM(bs); !ok {
  95. 			fmt.Fprintf(os.Stderr, "failed to append client certs")
  96. 			os.Exit(1)
  97. 		}
  98. 

  99. 		tlsConfig := &tls.Config{
  100. 			ClientAuth:   tls.RequireAndVerifyClientCert,
  101. 			Certificates: []tls.Certificate{certificate},
  102. 			ClientCAs:    certPool,
  103. 			MinVersion:   tls.VersionTLS13,
  104. 		}
  105. 

  106. 		creds := grpc.Creds(credentials.NewTLS(tlsConfig))
  107. 		opts = append(opts, creds)
  108. 		logger.Info("SignerServer: Creating security credentials")
  109. 	} else {
  110. 		logger.Info("SignerServer: You are using an insecure gRPC connection!")
  111. 	}
  112. 

  113. 	// add prometheus metrics for unary RPC calls

  114. 	opts = append(opts, grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor))
  115. 

  116. 	ss := grpcprivval.NewSignerServer(*chainID, pv, logger)
  117. 

  118. 	protocol, address := tmnet.ProtocolAndAddress(*addr)
  119. 

  120. 	lis, err := net.Listen(protocol, address)
  121. 	if err != nil {
  122. 		fmt.Fprintf(os.Stderr, "SignerServer: Failed to listen %v", err)
  123. 		os.Exit(1)
  124. 	}
  125. 

  126. 	s := grpc.NewServer(opts...)
  127. 

  128. 	privvalproto.RegisterPrivValidatorAPIServer(s, ss)
  129. 

  130. 	var httpSrv *http.Server
  131. 	if *prometheusAddr != "" {
  132. 		httpSrv = registerPrometheus(*prometheusAddr, s)
  133. 	}
  134. 

  135. 	logger.Info("SignerServer: Starting grpc server")
  136. 	if err := s.Serve(lis); err != nil {
  137. 		fmt.Fprintf(os.Stderr, "Unable to listen on port %s: %v", *addr, err)
  138. 		os.Exit(1)
  139. 	}
  140. 

  141. 	opctx, opcancel := signal.NotifyContext(ctx, os.Interrupt, syscall.SIGTERM)
  142. 	defer opcancel()
  143. 	go func() {
  144. 		<-opctx.Done()
  145. 		if *prometheusAddr != "" {
  146. 			ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second)
  147. 			defer cancel()
  148. 			if err := httpSrv.Shutdown(ctx); err != nil {
  149. 				fmt.Fprintf(os.Stderr, "Unable to stop http server: %v", err)
  150. 				os.Exit(1)
  151. 			}
  152. 		}
  153. 		s.GracefulStop()
  154. 	}()
  155. 

  156. 	// Run forever.

  157. 	select {}
  158. }
  159. 

  160. func registerPrometheus(addr string, s *grpc.Server) *http.Server {
  161. 	// Initialize all metrics.

  162. 	grpcMetrics.InitializeMetrics(s)
  163. 	// create http server to serve prometheus

  164. 	httpServer := &http.Server{Handler: promhttp.HandlerFor(reg, promhttp.HandlerOpts{}), Addr: addr}
  165. 

  166. 	go func() {
  167. 		if err := httpServer.ListenAndServe(); err != nil {
  168. 			fmt.Fprintf(os.Stderr, "Unable to start a http server: %v", err)
  169. 			os.Exit(1)
  170. 		}
  171. 	}()
  172. 

  173. 	return httpServer
  174. }