fix: uniformize keymanager (#534)

a6a2830e · Barnabas Busa · GitHub · 35bb9adf · a6a2830e · a6a2830e
Commit a6a2830e authored Apr 19, 2024 by Barnabas Busa Committed by GitHub Apr 19, 2024
12 changed files
--- a/main.star
+++ b/main.star
@@ -88,10 +88,7 @@ def run(plan, args={}):
        src=static_files.KEYMANAGER_PATH_FILEPATH,
        name="keymanager_file",
    )
-    keymanager_p12_file = plan.upload_files(
-        src=static_files.KEYMANAGER_P12_PATH_FILEPATH,
-        name="keymanager_p12_file",
-    )
+
    plan.print("Read the prometheus, grafana templates")

    plan.print(
@@ -111,7 +108,6 @@ def run(plan, args={}):
        args_with_right_defaults.global_log_level,
        jwt_file,
        keymanager_file,
-        keymanager_p12_file,
        persistent,
        xatu_sentry_params,
        global_tolerations,

--- a/src/cl/cl_launcher.star
+++ b/src/cl/cl_launcher.star
@@ -20,7 +20,6 @@ def launch(
    el_cl_data,
    jwt_file,
    keymanager_file,
-    keymanager_p12_file,
    participants,
    all_el_contexts,
    global_log_level,
@@ -73,7 +72,6 @@ def launch(
                jwt_file,
                network_params.network,
                keymanager_file,
-                keymanager_p12_file,
            ),
            "launch_method": teku.launch,
        },

--- a/src/cl/grandine/grandine_launcher.star
+++ b/src/cl/grandine/grandine_launcher.star
@@ -284,7 +284,13 @@ def get_beacon_config(
        "--enable-private-discovery",
    ]

-    keymanager_api_cmd = []
+    keymanager_api_cmd = [
+        "--enable-validator-api",
+        "--validator-api-address=0.0.0.0",
+        "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
+        "--validator-api-allowed-origins=*",
+        # "--validator-api-bearer-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER, Not yet supported
+    ]

    if network not in constants.PUBLIC_NETWORKS:
        cmd.append(
@@ -356,10 +362,9 @@ def get_beacon_config(
            VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER
        ] = node_keystore_files.files_artifact_uuid

-        # Keymanager is still unimplemented in grandine
-        # if keymanager_enabled:
-        #     cmd.extend(keymanager_api_cmd)
-        #     ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
+        if keymanager_enabled:
+            cmd.extend(keymanager_api_cmd)
+            ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)

    if persistent:
        files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory(

--- a/src/cl/teku/teku_launcher.star
+++ b/src/cl/teku/teku_launcher.star
@@ -131,7 +131,6 @@ def launch(
        launcher.jwt_file,
        keymanager_enabled,
        launcher.keymanager_file,
-        launcher.keymanager_p12_file,
        launcher.network,
        image,
        beacon_service_name,
@@ -213,7 +212,6 @@ def get_beacon_config(
    jwt_file,
    keymanager_enabled,
    keymanager_file,
-    keymanager_p12_file,
    network,
    image,
    service_name,
@@ -310,11 +308,9 @@ def get_beacon_config(
        "--validator-api-host-allowlist=*",
        "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
        "--validator-api-interface=0.0.0.0",
-        "--validator-api-keystore-file="
-        + constants.KEYMANAGER_P12_MOUNT_PATH_ON_CONTAINER,
-        "--validator-api-keystore-password-file="
-        + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
-        "--validator-api-docs-enabled=true",
+        "--validator-api-bearer-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
+        "--Xvalidator-api-ssl-enabled=false",
+        "--Xvalidator-api-unsafe-hosts-enabled=true",
    ]

    if network not in constants.PUBLIC_NETWORKS:
@@ -386,10 +382,9 @@ def get_beacon_config(
        files[
            VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER
        ] = node_keystore_files.files_artifact_uuid
-        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
-        files[constants.KEYMANAGER_P12_MOUNT_PATH_ON_CLIENTS] = keymanager_p12_file

        if keymanager_enabled:
+            files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
            cmd.extend(keymanager_api_cmd)
            ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)

@@ -426,13 +421,10 @@ def get_beacon_config(
    )


-def new_teku_launcher(
-    el_cl_genesis_data, jwt_file, network, keymanager_file, keymanager_p12_file
-):
+def new_teku_launcher(el_cl_genesis_data, jwt_file, network, keymanager_file):
    return struct(
        el_cl_genesis_data=el_cl_genesis_data,
        jwt_file=jwt_file,
        network=network,
        keymanager_file=keymanager_file,
-        keymanager_p12_file=keymanager_p12_file,
    )
--- a/src/package_io/input_parser.star
+++ b/src/package_io/input_parser.star
@@ -19,13 +19,13 @@ DEFAULT_CL_IMAGES = {
    "teku": "consensys/teku:latest",
    "nimbus": "statusim/nimbus-eth2:multiarch-latest",
    "prysm": "gcr.io/prysmaticlabs/prysm/beacon-chain:latest",
-    "lodestar": "chainsafe/lodestar:latest",
+    "lodestar": "chainsafe/lodestar:next",
    "grandine": "ethpandaops/grandine:develop",
 }

 DEFAULT_VC_IMAGES = {
    "lighthouse": "sigp/lighthouse:latest",
-    "lodestar": "chainsafe/lodestar:latest",
+    "lodestar": "chainsafe/lodestar:next",
    "nimbus": "statusim/nimbus-validator-client:multiarch-latest",
    "prysm": "gcr.io/prysmaticlabs/prysm/validator:latest",
    "teku": "consensys/teku:latest",

--- a/src/participant_network.star
+++ b/src/participant_network.star
@@ -34,7 +34,6 @@ def launch_participant_network(
    global_log_level,
    jwt_file,
    keymanager_file,
-    keymanager_p12_file,
    persistent,
    xatu_sentry_params,
    global_tolerations,
@@ -170,7 +169,6 @@ def launch_participant_network(
        el_cl_data,
        jwt_file,
        keymanager_file,
-        keymanager_p12_file,
        participants,
        all_el_contexts,
        global_log_level,
@@ -309,7 +307,6 @@ def launch_participant_network(
            plan=plan,
            launcher=vc.new_vc_launcher(el_cl_genesis_data=el_cl_data),
            keymanager_file=keymanager_file,
-            keymanager_p12_file=keymanager_p12_file,
            service_name="vc-{0}-{1}-{2}".format(index_str, vc_type, el_type),
            vc_type=vc_type,
            image=participant.vc_image,

--- a/src/vc/lighthouse.star
+++ b/src/vc/lighthouse.star
@@ -82,9 +82,6 @@ def get_config(
        "--unencrypted-http-transport",
    ]

-    if not (constants.NETWORK_NAME.verkle in network or electra_fork_epoch != None):
-        cmd.append("--produce-block-v3")
-
    if len(extra_params):
        cmd.extend([param for param in extra_params])


--- a/src/vc/lodestar.star
+++ b/src/vc/lodestar.star
@@ -14,6 +14,7 @@ VERBOSITY_LEVELS = {

 def get_config(
    el_cl_genesis_data,
+    keymanager_file,
    image,
    participant_log_level,
    global_log_level,
@@ -72,6 +73,7 @@ def get_config(
        "--keymanager.port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
        "--keymanager.address=0.0.0.0",
        "--keymanager.cors=*",
+        "--keymanager.tokenFile=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
    ]

    if len(extra_params) > 0:
@@ -87,6 +89,7 @@ def get_config(
    ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS)

    if keymanager_enabled:
+        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
        cmd.extend(keymanager_api_cmd)
        ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)


--- a/src/vc/prysm.star
+++ b/src/vc/prysm.star
@@ -8,6 +8,7 @@ PRYSM_BEACON_RPC_PORT = 4000

 def get_config(
    el_cl_genesis_data,
+    keymanager_file,
    image,
    beacon_http_url,
    cl_context,
@@ -56,12 +57,7 @@ def get_config(
        "--rpc",
        "--rpc-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
        "--rpc-host=0.0.0.0",
-    ]
-
-    keymanager_api_cmd = [
-        "--rpc",
-        "--rpc-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
-        "--rpc-host=0.0.0.0",
+        "--keymanager-token-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
    ]

    if cl_context.client_name != constants.CL_TYPE.prysm:
@@ -86,6 +82,7 @@ def get_config(
    ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS)

    if keymanager_enabled:
+        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
        cmd.extend(keymanager_api_cmd)
        ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)


--- a/src/vc/teku.star
+++ b/src/vc/teku.star
@@ -6,7 +6,6 @@ vc_shared = import_module("./shared.star")
 def get_config(
    el_cl_genesis_data,
    keymanager_file,
-    keymanager_p12_file,
    image,
    beacon_http_url,
    cl_context,
@@ -61,10 +60,9 @@ def get_config(
        "--validator-api-host-allowlist=*",
        "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
        "--validator-api-interface=0.0.0.0",
-        "--validator-api-keystore-file="
-        + constants.KEYMANAGER_P12_MOUNT_PATH_ON_CONTAINER,
-        "--validator-api-keystore-password-file="
-        + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
+        "--validator-api-bearer-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
+        "--Xvalidator-api-ssl-enabled=false",
+        "--Xvalidator-api-unsafe-hosts-enabled=true",
    ]

    if len(extra_params) > 0:
@@ -74,14 +72,13 @@ def get_config(
    files = {
        constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid,
        vc_shared.VALIDATOR_CLIENT_KEYS_MOUNTPOINT: node_keystore_files.files_artifact_uuid,
-        constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS: keymanager_file,
-        constants.KEYMANAGER_P12_MOUNT_PATH_ON_CLIENTS: keymanager_p12_file,
    }

    ports = {}
    ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS)

    if keymanager_enabled:
+        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
        cmd.extend(keymanager_api_cmd)
        ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)


--- a/src/vc/vc_launcher.star
+++ b/src/vc/vc_launcher.star
@@ -21,7 +21,6 @@ def launch(
    plan,
    launcher,
    keymanager_file,
-    keymanager_p12_file,
    service_name,
    vc_type,
    image,
@@ -98,6 +97,7 @@ def launch(
    elif vc_type == constants.VC_TYPE.lodestar:
        config = lodestar.get_config(
            el_cl_genesis_data=launcher.el_cl_genesis_data,
+            keymanager_file=keymanager_file,
            image=image,
            participant_log_level=participant_log_level,
            global_log_level=global_log_level,
@@ -121,7 +121,6 @@ def launch(
        config = teku.get_config(
            el_cl_genesis_data=launcher.el_cl_genesis_data,
            keymanager_file=keymanager_file,
-            keymanager_p12_file=keymanager_p12_file,
            image=image,
            beacon_http_url=beacon_http_url,
            cl_context=cl_context,
@@ -163,6 +162,7 @@ def launch(
    elif vc_type == constants.VC_TYPE.prysm:
        config = prysm.get_config(
            el_cl_genesis_data=launcher.el_cl_genesis_data,
+            keymanager_file=keymanager_file,
            image=image,
            beacon_http_url=beacon_http_url,
            cl_context=cl_context,

--- a/static_files/keymanager/keymanager.txt
+++ b/static_files/keymanager/keymanager.txt
-api-token-0x7443c65f8cb0eb4ef6ab78c173d085f28b349f40dda27c74604439e07848a6d4
\ No newline at end of file
+0x3ec0ad340bb9ca21e5593045b533d11d1b6784e03468af01db621db1804c2f0f
\ No newline at end of file