diff --git a/.github/tests/mix-with-tools.yaml b/.github/tests/mix-with-tools.yaml index 87e02b931..f172b0ce6 100644 --- a/.github/tests/mix-with-tools.yaml +++ b/.github/tests/mix-with-tools.yaml @@ -26,3 +26,4 @@ additional_services: - blockscout ethereum_metrics_exporter_enabled: true snooper_enabled: true +keymanager_enabled: true diff --git a/README.md b/README.md index 90f5166b5..7d2743c0c 100644 --- a/README.md +++ b/README.md @@ -440,6 +440,11 @@ participants: # ] builder_network_params: null + # Participant flag for keymanager api + # This will open up http ports to your validator services! + # Defaults to false + keymanager_enabled: false + # Default configuration parameters for the network network_params: # Network name, used to enable syncing of alternative networks @@ -720,6 +725,11 @@ global_tolerations: [] # Example: global_node_selectors: { "disktype": "ssd" } # Defaults to empty global_node_selectors: {} + +# Global parameters for keymanager api +# This will open up http ports to your validator services! +# Defaults to false +keymanager_enabled: false ``` #### Example configurations @@ -827,7 +837,7 @@ snooper_enabled: true | Lighthouse BN | ✅ | ❌ | ❌ | ❌ | ✅ | Prysm BN | ✅ | ✅ | ✅ | ❌ | ✅ | Teku BN | ✅ | ❌ | ✅ | ✅ | ✅ -| Lodestar BN | ✅ | ❌ | ❌ | ✅ | ❌ +| Lodestar BN | ✅ | ❌ | ❌ | ✅ | ❌ | Nimbus BN | ✅ | ❌ | ✅ | ✅ | ✅ | Grandine BN | ✅ | ❌ | ✅ | ❌ | ❌ diff --git a/main.star b/main.star index 969226028..ca1dd83a8 100644 --- a/main.star +++ b/main.star @@ -62,6 +62,7 @@ def run(plan, args={}): xatu_sentry_params = args_with_right_defaults.xatu_sentry_params global_tolerations = args_with_right_defaults.global_tolerations global_node_selectors = args_with_right_defaults.global_node_selectors + keymanager_enabled = args_with_right_defaults.keymanager_enabled grafana_datasource_config_template = read_file( static_files.GRAFANA_DATASOURCE_CONFIG_TEMPLATE_FILEPATH @@ -107,6 +108,7 @@ def run(plan, args={}): xatu_sentry_params, global_tolerations, global_node_selectors, + keymanager_enabled, parallel_keystore_generation, ) diff --git a/network_params.yaml b/network_params.yaml index 17e82bcdc..c02da9c53 100644 --- a/network_params.yaml +++ b/network_params.yaml @@ -52,6 +52,7 @@ participants: blobber_enabled: false blobber_extra_params: [] builder_network_params: null + keymanager_enabled: false network_params: network: kurtosis network_id: "3151908" @@ -136,3 +137,4 @@ xatu_sentry_params: - blob_sidecar global_tolerations: [] global_node_selectors: {} +keymanager_enabled: false diff --git a/src/cl/cl_launcher.star b/src/cl/cl_launcher.star index 8462d70be..c5be6faa7 100644 --- a/src/cl/cl_launcher.star +++ b/src/cl/cl_launcher.star @@ -176,6 +176,7 @@ def launch( global_tolerations, node_selectors, participant.use_separate_vc, + participant.keymanager_enabled, ) else: boot_cl_client_ctx = all_cl_contexts @@ -208,6 +209,7 @@ def launch( global_tolerations, node_selectors, participant.use_separate_vc, + participant.keymanager_enabled, ) # Add participant cl additional prometheus labels diff --git a/src/cl/grandine/grandine_launcher.star b/src/cl/grandine/grandine_launcher.star index a6ee47c7d..e78fe6e7b 100644 --- a/src/cl/grandine/grandine_launcher.star +++ b/src/cl/grandine/grandine_launcher.star @@ -89,6 +89,7 @@ def launch( global_tolerations, node_selectors, use_separate_vc, + keymanager_enabled, ): beacon_service_name = "{0}".format(service_name) log_level = input_parser.get_client_log_level_or_default( @@ -127,6 +128,7 @@ def launch( launcher.el_cl_genesis_data, launcher.jwt_file, launcher.network, + keymanager_enabled, image, beacon_service_name, bootnode_context, @@ -205,6 +207,7 @@ def get_beacon_config( el_cl_genesis_data, jwt_file, network, + keymanager_enabled, image, service_name, bootnode_contexts, @@ -273,13 +276,15 @@ def get_beacon_config( # ^^^^^^^^^^^^^^^^^^^ METRICS CONFIG ^^^^^^^^^^^^^^^^^^^^^ # To enable syncing other networks too without checkpoint syncing ] - validator_flags = [ + validator_default_cmd = [ "--keystore-dir=" + validator_keys_dirpath, "--keystore-password-file=" + validator_secrets_dirpath, "--suggested-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT, "--graffiti=" + full_name, ] + keymanager_api_cmd = [] + if network not in constants.PUBLIC_NETWORKS: cmd.append( "--configuration-directory=" @@ -341,30 +346,29 @@ def get_beacon_config( constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid, constants.JWT_MOUNTPOINT_ON_CLIENTS: jwt_file, } - beacon_validator_used_ports = {} - beacon_validator_used_ports.update(BEACON_USED_PORTS) + + ports = {} + ports.update(BEACON_USED_PORTS) if node_keystore_files != None and not use_separate_vc: - # validator_http_port_id_spec = shared_utils.new_port_spec( - # vc_shared.VALIDATOR_HTTP_PORT_NUM, - # shared_utils.TCP_PROTOCOL, - # shared_utils.HTTP_APPLICATION_PROTOCOL, - # ) - # beacon_validator_used_ports.update( - # {VALIDATOR_HTTP_PORT_ID: validator_http_port_id_spec} - # ) - cmd.extend(validator_flags) + cmd.extend(validator_default_cmd) files[ VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER ] = node_keystore_files.files_artifact_uuid + # Keymanager is still unimplemented in grandine + # if keymanager_enabled: + # cmd.extend(keymanager_api_cmd) + # ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + if persistent: files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory( persistent_key="data-{0}".format(service_name), size=cl_volume_size, ) + return ServiceConfig( image=image, - ports=beacon_validator_used_ports, + ports=ports, cmd=cmd, env_vars=extra_env_vars, files=files, diff --git a/src/cl/lighthouse/lighthouse_launcher.star b/src/cl/lighthouse/lighthouse_launcher.star index 7ec3744f5..cfa00da74 100644 --- a/src/cl/lighthouse/lighthouse_launcher.star +++ b/src/cl/lighthouse/lighthouse_launcher.star @@ -91,6 +91,7 @@ def launch( global_tolerations, node_selectors, use_separate_vc=True, + keymanager_enabled=False, ): beacon_service_name = "{0}".format(service_name) diff --git a/src/cl/lodestar/lodestar_launcher.star b/src/cl/lodestar/lodestar_launcher.star index 33c1ed693..f0a075ad6 100644 --- a/src/cl/lodestar/lodestar_launcher.star +++ b/src/cl/lodestar/lodestar_launcher.star @@ -80,6 +80,7 @@ def launch( global_tolerations, node_selectors, use_separate_vc=True, + keymanager_enabled=False, ): beacon_service_name = "{0}".format(service_name) log_level = input_parser.get_client_log_level_or_default( diff --git a/src/cl/nimbus/nimbus_launcher.star b/src/cl/nimbus/nimbus_launcher.star index 0e8e9c7b4..9f9c414b2 100644 --- a/src/cl/nimbus/nimbus_launcher.star +++ b/src/cl/nimbus/nimbus_launcher.star @@ -102,6 +102,7 @@ def launch( global_tolerations, node_selectors, use_separate_vc, + keymanager_enabled, ): beacon_service_name = "{0}".format(service_name) @@ -138,6 +139,7 @@ def launch( plan, launcher.el_cl_genesis_data, launcher.jwt_file, + keymanager_enabled, launcher.keymanager_file, launcher.network, image, @@ -215,6 +217,7 @@ def get_beacon_config( plan, el_cl_genesis_data, jwt_file, + keymanager_enabled, keymanager_file, network, image, @@ -297,11 +300,14 @@ def get_beacon_config( # ^^^^^^^^^^^^^^^^^^^ METRICS CONFIG ^^^^^^^^^^^^^^^^^^^^^ ] - validator_flags = [ + validator_default_cmd = [ "--validators-dir=" + validator_keys_dirpath, "--secrets-dir=" + validator_secrets_dirpath, "--suggested-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT, "--graffiti=" + full_name, + ] + + keymanager_api_cmd = [ "--keymanager", "--keymanager-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), "--keymanager-address=0.0.0.0", @@ -333,23 +339,19 @@ def get_beacon_config( constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid, constants.JWT_MOUNTPOINT_ON_CLIENTS: jwt_file, } - beacon_validator_used_ports = {} - beacon_validator_used_ports.update(BEACON_USED_PORTS) + ports = {} + ports.update(BEACON_USED_PORTS) if node_keystore_files != None and not use_separate_vc: - validator_http_port_id_spec = shared_utils.new_port_spec( - vc_shared.VALIDATOR_HTTP_PORT_NUM, - shared_utils.TCP_PROTOCOL, - shared_utils.HTTP_APPLICATION_PROTOCOL, - ) - beacon_validator_used_ports.update( - {VALIDATOR_HTTP_PORT_ID: validator_http_port_id_spec} - ) - cmd.extend(validator_flags) + cmd.extend(validator_default_cmd) files[ VALIDATOR_KEYS_MOUNTPOINT_ON_CLIENTS ] = node_keystore_files.files_artifact_uuid files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file + if keymanager_enabled: + cmd.extend(keymanager_api_cmd) + ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + if persistent: files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory( persistent_key="data-{0}".format(service_name), @@ -358,7 +360,7 @@ def get_beacon_config( return ServiceConfig( image=image, - ports=beacon_validator_used_ports, + ports=ports, cmd=cmd, env_vars=extra_env_vars, files=files, diff --git a/src/cl/prysm/prysm_launcher.star b/src/cl/prysm/prysm_launcher.star index 4612f4aef..dd4889cd0 100644 --- a/src/cl/prysm/prysm_launcher.star +++ b/src/cl/prysm/prysm_launcher.star @@ -87,6 +87,7 @@ def launch( global_tolerations, node_selectors, use_separate_vc=True, + keymanager_enabled=False, ): beacon_service_name = "{0}".format(service_name) log_level = input_parser.get_client_log_level_or_default( diff --git a/src/cl/teku/teku_launcher.star b/src/cl/teku/teku_launcher.star index 4700c57ac..9919181c8 100644 --- a/src/cl/teku/teku_launcher.star +++ b/src/cl/teku/teku_launcher.star @@ -91,6 +91,7 @@ def launch( global_tolerations, node_selectors, use_separate_vc, + keymanager_enabled, ): beacon_service_name = "{0}".format(service_name) log_level = input_parser.get_client_log_level_or_default( @@ -128,6 +129,7 @@ def launch( plan, launcher.el_cl_genesis_data, launcher.jwt_file, + keymanager_enabled, launcher.keymanager_file, launcher.keymanager_p12_file, launcher.network, @@ -208,6 +210,7 @@ def get_beacon_config( plan, el_cl_genesis_data, jwt_file, + keymanager_enabled, keymanager_file, keymanager_p12_file, network, @@ -291,7 +294,7 @@ def get_beacon_config( # To enable syncing other networks too without checkpoint syncing "--ignore-weak-subjectivity-period-enabled=true", ] - validator_flags = [ + validator_default_cmd = [ "--validator-keys={0}:{1}".format( validator_keys_dirpath, validator_secrets_dirpath, @@ -299,6 +302,9 @@ def get_beacon_config( "--validators-proposer-default-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT, "--validators-graffiti=" + full_name, + ] + + keymanager_api_cmd = [ "--validator-api-enabled=true", "--validator-api-host-allowlist=*", "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), @@ -381,32 +387,29 @@ def get_beacon_config( constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid, constants.JWT_MOUNTPOINT_ON_CLIENTS: jwt_file, } - beacon_validator_used_ports = {} - beacon_validator_used_ports.update(BEACON_USED_PORTS) + ports = {} + ports.update(BEACON_USED_PORTS) if node_keystore_files != None and not use_separate_vc: - validator_http_port_id_spec = shared_utils.new_port_spec( - vc_shared.VALIDATOR_HTTP_PORT_NUM, - shared_utils.TCP_PROTOCOL, - shared_utils.HTTP_APPLICATION_PROTOCOL, - ) - beacon_validator_used_ports.update( - {VALIDATOR_HTTP_PORT_ID: validator_http_port_id_spec} - ) - cmd.extend(validator_flags) + cmd.extend(validator_default_cmd) files[ VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER ] = node_keystore_files.files_artifact_uuid files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file files[constants.KEYMANAGER_P12_MOUNT_PATH_ON_CLIENTS] = keymanager_p12_file + if keymanager_enabled: + cmd.extend(keymanager_api_cmd) + ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + if persistent: files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory( persistent_key="data-{0}".format(service_name), size=cl_volume_size, ) + return ServiceConfig( image=image, - ports=beacon_validator_used_ports, + ports=ports, cmd=cmd, env_vars=extra_env_vars, files=files, diff --git a/src/package_io/input_parser.star b/src/package_io/input_parser.star index 6a4f29a32..96999a205 100644 --- a/src/package_io/input_parser.star +++ b/src/package_io/input_parser.star @@ -205,6 +205,7 @@ def input_parser(plan, input_args): ), blobber_enabled=participant["blobber_enabled"], blobber_extra_params=participant["blobber_extra_params"], + keymanager_enabled=participant["keymanager_enabled"], ) for participant in result["participants"] ], @@ -303,6 +304,7 @@ def input_parser(plan, input_args): ), global_tolerations=result["global_tolerations"], global_node_selectors=result["global_node_selectors"], + keymanager_enabled=result["keymanager_enabled"], ) @@ -415,6 +417,12 @@ def parse_network_params(input_args): if default_snooper_enabled: participant["snooper_enabled"] = default_snooper_enabled + keymanager_enabled = participant["keymanager_enabled"] + if keymanager_enabled == False: + default_keymanager_enabled = result["keymanager_enabled"] + if default_keymanager_enabled: + participant["keymanager_enabled"] = default_keymanager_enabled + ethereum_metrics_exporter_enabled = participant[ "ethereum_metrics_exporter_enabled" ] @@ -582,6 +590,7 @@ def default_input_args(): "xatu_sentry_enabled": False, "global_tolerations": [], "global_node_selectors": {}, + "keymanager_enabled": False, } @@ -659,6 +668,7 @@ def default_participant(): "blobber_enabled": False, "blobber_extra_params": [], "builder_network_params": None, + "keymanager_enabled": False, } diff --git a/src/participant_network.star b/src/participant_network.star index e82a5a366..2c88af8d5 100644 --- a/src/participant_network.star +++ b/src/participant_network.star @@ -39,6 +39,7 @@ def launch_participant_network( xatu_sentry_params, global_tolerations, global_node_selectors, + keymanager_enabled, parallel_keystore_generation=False, ): network_id = network_params.network_id @@ -343,6 +344,7 @@ def launch_participant_network( participant_tolerations=participant.tolerations, global_tolerations=global_tolerations, node_selectors=node_selectors, + keymanager_enabled=participant.keymanager_enabled, network=network_params.network, electra_fork_epoch=network_params.electra_fork_epoch, ) diff --git a/src/vc/lighthouse.star b/src/vc/lighthouse.star index d3aee527b..bbe140d56 100644 --- a/src/vc/lighthouse.star +++ b/src/vc/lighthouse.star @@ -34,6 +34,7 @@ def get_config( extra_labels, tolerations, node_selectors, + keymanager_enabled, network, electra_fork_epoch, ): @@ -64,11 +65,6 @@ def get_config( # "--enable-doppelganger-protection", // Disabled to not have to wait 2 epochs before validator can start # burn address - If unset, the validator will scream in its logs "--suggested-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT, - "--http", - "--http-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), - "--http-address=0.0.0.0", - "--http-allow-origin=*", - "--unencrypted-http-transport", # vvvvvvvvvvvvvvvvvvv PROMETHEUS CONFIG vvvvvvvvvvvvvvvvvvvvv "--metrics", "--metrics-address=0.0.0.0", @@ -78,6 +74,14 @@ def get_config( "--graffiti=" + full_name, ] + keymanager_api_cmd = [ + "--http", + "--http-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), + "--http-address=0.0.0.0", + "--http-allow-origin=*", + "--unencrypted-http-transport", + ] + if not (constants.NETWORK_NAME.verkle in network or electra_fork_epoch != None): cmd.append("--produce-block-v3") @@ -90,9 +94,17 @@ def get_config( } env = {RUST_BACKTRACE_ENVVAR_NAME: RUST_FULL_BACKTRACE_KEYWORD} env.update(extra_env_vars) + + ports = {} + ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS) + + if keymanager_enabled: + cmd.extend(keymanager_api_cmd) + ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + return ServiceConfig( image=image, - ports=vc_shared.VALIDATOR_CLIENT_USED_PORTS, + ports=ports, cmd=cmd, env_vars=env, files=files, diff --git a/src/vc/lodestar.star b/src/vc/lodestar.star index e05b1c0a7..4b6925624 100644 --- a/src/vc/lodestar.star +++ b/src/vc/lodestar.star @@ -31,6 +31,7 @@ def get_config( extra_labels, tolerations, node_selectors, + keymanager_enabled, ): log_level = input_parser.get_client_log_level_or_default( participant_log_level, global_log_level, VERBOSITY_LEVELS @@ -56,11 +57,6 @@ def get_config( "--keystoresDir=" + validator_keys_dirpath, "--secretsDir=" + validator_secrets_dirpath, "--suggestedFeeRecipient=" + constants.VALIDATING_REWARDS_ACCOUNT, - "--keymanager", - "--keymanager.authEnabled=true", - "--keymanager.port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), - "--keymanager.address=0.0.0.0", - "--keymanager.cors=*", # vvvvvvvvvvvvvvvvvvv PROMETHEUS CONFIG vvvvvvvvvvvvvvvvvvvvv "--metrics", "--metrics.address=0.0.0.0", @@ -70,6 +66,14 @@ def get_config( "--useProduceBlockV3", ] + keymanager_api_cmd = [ + "--keymanager", + "--keymanager.authEnabled=true", + "--keymanager.port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), + "--keymanager.address=0.0.0.0", + "--keymanager.cors=*", + ] + if len(extra_params) > 0: # this is a repeated, we convert it into Starlark cmd.extend([param for param in extra_params]) @@ -79,9 +83,16 @@ def get_config( vc_shared.VALIDATOR_CLIENT_KEYS_MOUNTPOINT: node_keystore_files.files_artifact_uuid, } + ports = {} + ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS) + + if keymanager_enabled: + cmd.extend(keymanager_api_cmd) + ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + return ServiceConfig( image=image, - ports=vc_shared.VALIDATOR_CLIENT_USED_PORTS, + ports=ports, cmd=cmd, env_vars=extra_env_vars, files=files, diff --git a/src/vc/nimbus.star b/src/vc/nimbus.star index 93c9ba897..4d9d40183 100644 --- a/src/vc/nimbus.star +++ b/src/vc/nimbus.star @@ -21,6 +21,7 @@ def get_config( extra_labels, tolerations, node_selectors, + keymanager_enabled, ): validator_keys_dirpath = "" validator_secrets_dirpath = "" @@ -39,11 +40,6 @@ def get_config( "--validators-dir=" + validator_keys_dirpath, "--secrets-dir=" + validator_secrets_dirpath, "--suggested-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT, - "--keymanager", - "--keymanager-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), - "--keymanager-address=0.0.0.0", - "--keymanager-allow-origin=*", - "--keymanager-token-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER, # vvvvvvvvvvvvvvvvvvv METRICS CONFIG vvvvvvvvvvvvvvvvvvvvv "--metrics", "--metrics-address=0.0.0.0", @@ -51,6 +47,14 @@ def get_config( "--graffiti=" + full_name, ] + keymanager_api_cmd = [ + "--keymanager", + "--keymanager-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), + "--keymanager-address=0.0.0.0", + "--keymanager-allow-origin=*", + "--keymanager-token-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER, + ] + if len(extra_params) > 0: # this is a repeated, we convert it into Starlark cmd.extend([param for param in extra_params]) @@ -60,9 +64,16 @@ def get_config( constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS: keymanager_file, } + ports = {} + ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS) + + if keymanager_enabled: + cmd.extend(keymanager_api_cmd) + ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + return ServiceConfig( image=image, - ports=vc_shared.VALIDATOR_CLIENT_USED_PORTS, + ports=ports, cmd=cmd, env_vars=extra_env_vars, files=files, diff --git a/src/vc/prysm.star b/src/vc/prysm.star index da14312c9..3ce0af3ca 100644 --- a/src/vc/prysm.star +++ b/src/vc/prysm.star @@ -25,6 +25,7 @@ def get_config( prysm_password_artifact_uuid, tolerations, node_selectors, + keymanager_enabled, ): validator_keys_dirpath = shared_utils.path_join( vc_shared.VALIDATOR_CLIENT_KEYS_MOUNTPOINT, @@ -49,15 +50,19 @@ def get_config( "--wallet-dir=" + validator_keys_dirpath, "--wallet-password-file=" + validator_secrets_dirpath, "--suggested-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT, - "--rpc", - "--rpc-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), - "--rpc-host=0.0.0.0", # vvvvvvvvvvvvvvvvvvv METRICS CONFIG vvvvvvvvvvvvvvvvvvvvv "--disable-monitoring=false", "--monitoring-host=0.0.0.0", "--monitoring-port={0}".format(vc_shared.VALIDATOR_CLIENT_METRICS_PORT_NUM), # ^^^^^^^^^^^^^^^^^^^ METRICS CONFIG ^^^^^^^^^^^^^^^^^^^^^ "--graffiti=" + full_name, + "--enable-beacon-rest-api", + ] + + keymanager_api_cmd = [ + "--rpc", + "--rpc-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), + "--rpc-host=0.0.0.0", ] if len(extra_params) > 0: @@ -70,9 +75,16 @@ def get_config( PRYSM_PASSWORD_MOUNT_DIRPATH_ON_SERVICE_CONTAINER: prysm_password_artifact_uuid, } + ports = {} + ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS) + + if keymanager_enabled: + cmd.extend(keymanager_api_cmd) + ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + return ServiceConfig( image=image, - ports=vc_shared.VALIDATOR_CLIENT_USED_PORTS, + ports=ports, cmd=cmd, env_vars=extra_env_vars, files=files, diff --git a/src/vc/shared.star b/src/vc/shared.star index 1eb7cdbd3..b07792d41 100644 --- a/src/vc/shared.star +++ b/src/vc/shared.star @@ -4,21 +4,24 @@ PRIVATE_IP_ADDRESS_PLACEHOLDER = "KURTOSIS_IP_ADDR_PLACEHOLDER" VALIDATOR_CLIENT_KEYS_MOUNTPOINT = "/keystores" VALIDATOR_HTTP_PORT_NUM = 5056 -VALIDATOR_HTTP_PORT_ID = "http" +VALIDATOR_HTTP_PORT_ID = "vc-http" VALIDATOR_CLIENT_METRICS_PORT_NUM = 8080 VALIDATOR_CLIENT_METRICS_PORT_ID = "metrics" METRICS_PATH = "/metrics" VALIDATOR_CLIENT_USED_PORTS = { - VALIDATOR_HTTP_PORT_ID: shared_utils.new_port_spec( - VALIDATOR_HTTP_PORT_NUM, - shared_utils.TCP_PROTOCOL, - shared_utils.HTTP_APPLICATION_PROTOCOL, - ), VALIDATOR_CLIENT_METRICS_PORT_ID: shared_utils.new_port_spec( VALIDATOR_CLIENT_METRICS_PORT_NUM, shared_utils.TCP_PROTOCOL, shared_utils.HTTP_APPLICATION_PROTOCOL, ), } + +VALIDATOR_KEYMANAGER_USED_PORTS = { + VALIDATOR_HTTP_PORT_ID: shared_utils.new_port_spec( + VALIDATOR_HTTP_PORT_NUM, + shared_utils.TCP_PROTOCOL, + shared_utils.HTTP_APPLICATION_PROTOCOL, + ) +} diff --git a/src/vc/teku.star b/src/vc/teku.star index c774d2123..7a8f4db6b 100644 --- a/src/vc/teku.star +++ b/src/vc/teku.star @@ -22,6 +22,7 @@ def get_config( extra_labels, tolerations, node_selectors, + keymanager_enabled, ): validator_keys_dirpath = "" validator_secrets_dirpath = "" @@ -48,6 +49,14 @@ def get_config( "--validators-proposer-default-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT, "--validators-graffiti=" + full_name, + # vvvvvvvvvvvvvvvvvvv METRICS CONFIG vvvvvvvvvvvvvvvvvvvvv + "--metrics-enabled=true", + "--metrics-host-allowlist=*", + "--metrics-interface=0.0.0.0", + "--metrics-port={0}".format(vc_shared.VALIDATOR_CLIENT_METRICS_PORT_NUM), + ] + + keymanager_api_cmd = [ "--validator-api-enabled=true", "--validator-api-host-allowlist=*", "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM), @@ -56,11 +65,6 @@ def get_config( + constants.KEYMANAGER_P12_MOUNT_PATH_ON_CONTAINER, "--validator-api-keystore-password-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER, - # vvvvvvvvvvvvvvvvvvv METRICS CONFIG vvvvvvvvvvvvvvvvvvvvv - "--metrics-enabled=true", - "--metrics-host-allowlist=*", - "--metrics-interface=0.0.0.0", - "--metrics-port={0}".format(vc_shared.VALIDATOR_CLIENT_METRICS_PORT_NUM), ] if len(extra_params) > 0: @@ -74,9 +78,16 @@ def get_config( constants.KEYMANAGER_P12_MOUNT_PATH_ON_CLIENTS: keymanager_p12_file, } + ports = {} + ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS) + + if keymanager_enabled: + cmd.extend(keymanager_api_cmd) + ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS) + return ServiceConfig( image=image, - ports=vc_shared.VALIDATOR_CLIENT_USED_PORTS, + ports=ports, cmd=cmd, env_vars=extra_env_vars, files=files, diff --git a/src/vc/vc_launcher.star b/src/vc/vc_launcher.star index 69e3c0c1d..d50facf0f 100644 --- a/src/vc/vc_launcher.star +++ b/src/vc/vc_launcher.star @@ -46,6 +46,7 @@ def launch( participant_tolerations, global_tolerations, node_selectors, + keymanager_enabled, network, # TODO: remove when deneb rebase is done electra_fork_epoch, # TODO: remove when deneb rebase is done ): @@ -92,6 +93,7 @@ def launch( extra_labels=extra_labels, tolerations=tolerations, node_selectors=node_selectors, + keymanager_enabled=keymanager_enabled, network=network, # TODO: remove when deneb rebase is done electra_fork_epoch=electra_fork_epoch, # TODO: remove when deneb rebase is done ) @@ -115,6 +117,7 @@ def launch( extra_labels=extra_labels, tolerations=tolerations, node_selectors=node_selectors, + keymanager_enabled=keymanager_enabled, ) elif vc_type == constants.VC_TYPE.teku: config = teku.get_config( @@ -136,6 +139,7 @@ def launch( extra_labels=extra_labels, tolerations=tolerations, node_selectors=node_selectors, + keymanager_enabled=keymanager_enabled, ) elif vc_type == constants.VC_TYPE.nimbus: config = nimbus.get_config( @@ -156,6 +160,7 @@ def launch( extra_labels=extra_labels, tolerations=tolerations, node_selectors=node_selectors, + keymanager_enabled=keymanager_enabled, ) elif vc_type == constants.VC_TYPE.prysm: # Prysm VC only works with Prysm beacon node right now @@ -184,6 +189,7 @@ def launch( prysm_password_artifact_uuid=prysm_password_artifact_uuid, tolerations=tolerations, node_selectors=node_selectors, + keymanager_enabled=keymanager_enabled, ) elif vc_type == constants.VC_TYPE.grandine: fail("Grandine VC is not yet supported") @@ -202,7 +208,11 @@ def launch( service_name, vc_shared.METRICS_PATH, validator_metrics_url ) - validator_http_port = validator_service.ports[vc_shared.VALIDATOR_HTTP_PORT_ID] + validator_http_port = ( + validator_service.ports[vc_shared.VALIDATOR_HTTP_PORT_ID] + if keymanager_enabled + else None + ) return vc_context.new_vc_context( client_name=vc_type,