feat: make keymanager optional

.github/tests/mix-with-tools.yaml

@@ -26,3 +26,4 @@ additional_services:
   - blockscout
 ethereum_metrics_exporter_enabled: true
 snooper_enabled: true
+keymanager_enabled: true

README.md

@@ -440,6 +440,11 @@ participants:
   # ]
   builder_network_params: null
 
+  # Participant flag for keymanager api
+  # This will open up http ports to your validator services!
+  # Defaults to false
+  keymanager_enabled: false
+
 # Default configuration parameters for the network
 network_params:
   # Network name, used to enable syncing of alternative networks
@@ -720,6 +725,11 @@ global_tolerations: []
 # Example: global_node_selectors: { "disktype": "ssd" }
 # Defaults to empty
 global_node_selectors: {}
+
+# Global parameters for keymanager api
+# This will open up http ports to your validator services!
+# Defaults to false
+keymanager_enabled: false
 ```
 
 #### Example configurations
@@ -827,7 +837,7 @@ snooper_enabled: true
 | Lighthouse BN | ✅            | ❌       | ❌      | ❌          | ✅
 | Prysm BN      | ✅            | ✅       | ✅      | ❌          | ✅
 | Teku BN       | ✅            | ❌       | ✅      | ✅          | ✅
-| Lodestar BN   | ✅            | ❌       | ❌      | ✅          | ❌ 
+| Lodestar BN   | ✅            | ❌       | ❌      | ✅          | ❌
 | Nimbus BN     | ✅            | ❌       | ✅      | ✅          | ✅
 | Grandine BN   | ✅            | ❌       | ✅      | ❌          | ❌
 

main.star

@@ -62,6 +62,7 @@ def run(plan, args={}):
     xatu_sentry_params = args_with_right_defaults.xatu_sentry_params
     global_tolerations = args_with_right_defaults.global_tolerations
     global_node_selectors = args_with_right_defaults.global_node_selectors
+    keymanager_enabled = args_with_right_defaults.keymanager_enabled
 
     grafana_datasource_config_template = read_file(
         static_files.GRAFANA_DATASOURCE_CONFIG_TEMPLATE_FILEPATH
@@ -107,6 +108,7 @@ def run(plan, args={}):
         xatu_sentry_params,
         global_tolerations,
         global_node_selectors,
+        keymanager_enabled,
         parallel_keystore_generation,
     )
 

network_params.yaml

@@ -52,6 +52,7 @@ participants:
     blobber_enabled: false
     blobber_extra_params: []
     builder_network_params: null
+    keymanager_enabled: false
 network_params:
   network: kurtosis
   network_id: "3151908"
@@ -136,3 +137,4 @@ xatu_sentry_params:
     - blob_sidecar
 global_tolerations: []
 global_node_selectors: {}
+keymanager_enabled: false

src/cl/cl_launcher.star

@@ -176,6 +176,7 @@ def launch(
                 global_tolerations,
                 node_selectors,
                 participant.use_separate_vc,
+                participant.keymanager_enabled,
             )
         else:
             boot_cl_client_ctx = all_cl_contexts
@@ -208,6 +209,7 @@ def launch(
                 global_tolerations,
                 node_selectors,
                 participant.use_separate_vc,
+                participant.keymanager_enabled,
             )
 
         # Add participant cl additional prometheus labels

src/cl/grandine/grandine_launcher.star

@@ -89,6 +89,7 @@ def launch(
     global_tolerations,
     node_selectors,
     use_separate_vc,
+    keymanager_enabled,
 ):
     beacon_service_name = "{0}".format(service_name)
     log_level = input_parser.get_client_log_level_or_default(
@@ -127,6 +128,7 @@ def launch(
         launcher.el_cl_genesis_data,
         launcher.jwt_file,
         launcher.network,
+        keymanager_enabled,
         image,
         beacon_service_name,
         bootnode_context,
@@ -205,6 +207,7 @@ def get_beacon_config(
     el_cl_genesis_data,
     jwt_file,
     network,
+    keymanager_enabled,
     image,
     service_name,
     bootnode_contexts,
@@ -273,13 +276,15 @@ def get_beacon_config(
         # ^^^^^^^^^^^^^^^^^^^ METRICS CONFIG ^^^^^^^^^^^^^^^^^^^^^
         # To enable syncing other networks too without checkpoint syncing
     ]
-    validator_flags = [
+    validator_default_cmd = [
         "--keystore-dir=" + validator_keys_dirpath,
         "--keystore-password-file=" + validator_secrets_dirpath,
         "--suggested-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT,
         "--graffiti=" + full_name,
     ]
 
+    keymanager_api_cmd = []
+
     if network not in constants.PUBLIC_NETWORKS:
         cmd.append(
             "--configuration-directory="
@@ -341,30 +346,29 @@ def get_beacon_config(
         constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid,
         constants.JWT_MOUNTPOINT_ON_CLIENTS: jwt_file,
     }
-    beacon_validator_used_ports = {}
-    beacon_validator_used_ports.update(BEACON_USED_PORTS)
+
+    ports = {}
+    ports.update(BEACON_USED_PORTS)
     if node_keystore_files != None and not use_separate_vc:
-        # validator_http_port_id_spec = shared_utils.new_port_spec(
-        #     vc_shared.VALIDATOR_HTTP_PORT_NUM,
-        #     shared_utils.TCP_PROTOCOL,
-        #     shared_utils.HTTP_APPLICATION_PROTOCOL,
-        # )
-        # beacon_validator_used_ports.update(
-        #     {VALIDATOR_HTTP_PORT_ID: validator_http_port_id_spec}
-        # )
-        cmd.extend(validator_flags)
+        cmd.extend(validator_default_cmd)
         files[
             VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER
         ] = node_keystore_files.files_artifact_uuid
 
+        # Keymanager is still unimplemented in grandine
+        # if keymanager_enabled:
+        #     cmd.extend(keymanager_api_cmd)
+        #     ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
+
     if persistent:
         files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory(
             persistent_key="data-{0}".format(service_name),
             size=cl_volume_size,
         )
+
     return ServiceConfig(
         image=image,
-        ports=beacon_validator_used_ports,
+        ports=ports,
         cmd=cmd,
         env_vars=extra_env_vars,
         files=files,

src/cl/lighthouse/lighthouse_launcher.star

@@ -91,6 +91,7 @@ def launch(
     global_tolerations,
     node_selectors,
     use_separate_vc=True,
+    keymanager_enabled=False,
 ):
     beacon_service_name = "{0}".format(service_name)
 

src/cl/lodestar/lodestar_launcher.star

@@ -80,6 +80,7 @@ def launch(
     global_tolerations,
     node_selectors,
     use_separate_vc=True,
+    keymanager_enabled=False,
 ):
     beacon_service_name = "{0}".format(service_name)
     log_level = input_parser.get_client_log_level_or_default(

src/cl/nimbus/nimbus_launcher.star

@@ -102,6 +102,7 @@ def launch(
     global_tolerations,
     node_selectors,
     use_separate_vc,
+    keymanager_enabled,
 ):
     beacon_service_name = "{0}".format(service_name)
 
@@ -138,6 +139,7 @@ def launch(
         plan,
         launcher.el_cl_genesis_data,
         launcher.jwt_file,
+        keymanager_enabled,
         launcher.keymanager_file,
         launcher.network,
         image,
@@ -215,6 +217,7 @@ def get_beacon_config(
     plan,
     el_cl_genesis_data,
     jwt_file,
+    keymanager_enabled,
     keymanager_file,
     network,
     image,
@@ -297,11 +300,14 @@ def get_beacon_config(
         # ^^^^^^^^^^^^^^^^^^^ METRICS CONFIG ^^^^^^^^^^^^^^^^^^^^^
     ]
 
-    validator_flags = [
+    validator_default_cmd = [
         "--validators-dir=" + validator_keys_dirpath,
         "--secrets-dir=" + validator_secrets_dirpath,
         "--suggested-fee-recipient=" + constants.VALIDATING_REWARDS_ACCOUNT,
         "--graffiti=" + full_name,
+    ]
+
+    keymanager_api_cmd = [
         "--keymanager",
         "--keymanager-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
         "--keymanager-address=0.0.0.0",
@@ -333,23 +339,19 @@ def get_beacon_config(
         constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid,
         constants.JWT_MOUNTPOINT_ON_CLIENTS: jwt_file,
     }
-    beacon_validator_used_ports = {}
-    beacon_validator_used_ports.update(BEACON_USED_PORTS)
+    ports = {}
+    ports.update(BEACON_USED_PORTS)
     if node_keystore_files != None and not use_separate_vc:
-        validator_http_port_id_spec = shared_utils.new_port_spec(
-            vc_shared.VALIDATOR_HTTP_PORT_NUM,
-            shared_utils.TCP_PROTOCOL,
-            shared_utils.HTTP_APPLICATION_PROTOCOL,
-        )
-        beacon_validator_used_ports.update(
-            {VALIDATOR_HTTP_PORT_ID: validator_http_port_id_spec}
-        )
-        cmd.extend(validator_flags)
+        cmd.extend(validator_default_cmd)
         files[
             VALIDATOR_KEYS_MOUNTPOINT_ON_CLIENTS
         ] = node_keystore_files.files_artifact_uuid
         files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
 
+        if keymanager_enabled:
+            cmd.extend(keymanager_api_cmd)
+            ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
+
     if persistent:
         files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory(
             persistent_key="data-{0}".format(service_name),
@@ -358,7 +360,7 @@ def get_beacon_config(
 
     return ServiceConfig(
         image=image,
-        ports=beacon_validator_used_ports,
+        ports=ports,
         cmd=cmd,
         env_vars=extra_env_vars,
         files=files,

src/cl/prysm/prysm_launcher.star

@@ -87,6 +87,7 @@ def launch(
     global_tolerations,
     node_selectors,
     use_separate_vc=True,
+    keymanager_enabled=False,
 ):
     beacon_service_name = "{0}".format(service_name)
     log_level = input_parser.get_client_log_level_or_default(

src/cl/teku/teku_launcher.star

@@ -91,6 +91,7 @@ def launch(
     global_tolerations,
     node_selectors,
     use_separate_vc,
+    keymanager_enabled,
 ):
     beacon_service_name = "{0}".format(service_name)
     log_level = input_parser.get_client_log_level_or_default(
@@ -128,6 +129,7 @@ def launch(
         plan,
         launcher.el_cl_genesis_data,
         launcher.jwt_file,
+        keymanager_enabled,
         launcher.keymanager_file,
         launcher.keymanager_p12_file,
         launcher.network,
@@ -208,6 +210,7 @@ def get_beacon_config(
     plan,
     el_cl_genesis_data,
     jwt_file,
+    keymanager_enabled,
     keymanager_file,
     keymanager_p12_file,
     network,
@@ -291,14 +294,17 @@ def get_beacon_config(
         # To enable syncing other networks too without checkpoint syncing
         "--ignore-weak-subjectivity-period-enabled=true",
     ]
-    validator_flags = [
+    validator_default_cmd = [
         "--validator-keys={0}:{1}".format(
             validator_keys_dirpath,
             validator_secrets_dirpath,
         ),
         "--validators-proposer-default-fee-recipient="
         + constants.VALIDATING_REWARDS_ACCOUNT,
         "--validators-graffiti=" + full_name,
+    ]
+
+    keymanager_api_cmd = [
         "--validator-api-enabled=true",
         "--validator-api-host-allowlist=*",
         "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
@@ -381,32 +387,29 @@ def get_beacon_config(
         constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid,
         constants.JWT_MOUNTPOINT_ON_CLIENTS: jwt_file,
     }
-    beacon_validator_used_ports = {}
-    beacon_validator_used_ports.update(BEACON_USED_PORTS)
+    ports = {}
+    ports.update(BEACON_USED_PORTS)
     if node_keystore_files != None and not use_separate_vc:
-        validator_http_port_id_spec = shared_utils.new_port_spec(
-            vc_shared.VALIDATOR_HTTP_PORT_NUM,
-            shared_utils.TCP_PROTOCOL,
-            shared_utils.HTTP_APPLICATION_PROTOCOL,
-        )
-        beacon_validator_used_ports.update(
-            {VALIDATOR_HTTP_PORT_ID: validator_http_port_id_spec}
-        )
-        cmd.extend(validator_flags)
+        cmd.extend(validator_default_cmd)
         files[
             VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER
         ] = node_keystore_files.files_artifact_uuid
         files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
         files[constants.KEYMANAGER_P12_MOUNT_PATH_ON_CLIENTS] = keymanager_p12_file
 
+        if keymanager_enabled:
+            cmd.extend(keymanager_api_cmd)
+            ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
+
     if persistent:
         files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory(
             persistent_key="data-{0}".format(service_name),
             size=cl_volume_size,
         )
+
     return ServiceConfig(
         image=image,
-        ports=beacon_validator_used_ports,
+        ports=ports,
         cmd=cmd,
         env_vars=extra_env_vars,
         files=files,

src/package_io/input_parser.star

@@ -205,6 +205,7 @@ def input_parser(plan, input_args):
                 ),
                 blobber_enabled=participant["blobber_enabled"],
                 blobber_extra_params=participant["blobber_extra_params"],
+                keymanager_enabled=participant["keymanager_enabled"],
             )
             for participant in result["participants"]
         ],
@@ -303,6 +304,7 @@ def input_parser(plan, input_args):
         ),
         global_tolerations=result["global_tolerations"],
         global_node_selectors=result["global_node_selectors"],
+        keymanager_enabled=result["keymanager_enabled"],
     )
 
 
@@ -415,6 +417,12 @@ def parse_network_params(input_args):
             if default_snooper_enabled:
                 participant["snooper_enabled"] = default_snooper_enabled
 
+        keymanager_enabled = participant["keymanager_enabled"]
+        if keymanager_enabled == False:
+            default_keymanager_enabled = result["keymanager_enabled"]
+            if default_keymanager_enabled:
+                participant["keymanager_enabled"] = default_keymanager_enabled
+
         ethereum_metrics_exporter_enabled = participant[
             "ethereum_metrics_exporter_enabled"
         ]
@@ -582,6 +590,7 @@ def default_input_args():
         "xatu_sentry_enabled": False,
         "global_tolerations": [],
         "global_node_selectors": {},
+        "keymanager_enabled": False,
     }
 
 
@@ -659,6 +668,7 @@ def default_participant():
         "blobber_enabled": False,
         "blobber_extra_params": [],
         "builder_network_params": None,
+        "keymanager_enabled": False,
     }