-
Notifications
You must be signed in to change notification settings - Fork 1.6k
service: use deny-list instead of allow-list for BEEFY #5331
service: use deny-list instead of allow-list for BEEFY #5331
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There must be some story behind this code - I haven't seen the PR where it has been introduced. But I wonder if we may change behavior a bit - instead of silently ignoring cli option (I guess enable_beefy
flag value comes from cli, right?) can we return Err(_)
from new_full
when someone is trying to enable BEEFY on Kusama/Polkadot/Westend? Otherwise it seems strange to see node is successfully starting, but BEEFY is not running :) Or it may break some deployments - i.e. is BEEFY cli flag enabled by default?
Unfortunately, I don't know the story of this code and why original decision to override CLI and silently disable (as opposed to explicitly disallow and throw error) BEEFY was made... Now we can either keep that behavior, or as you say return While I agree the latter is cleaner, more clear and explicit, this PR implements the former because I'm not sure about the impact it would otherwise have on deployments. Went the safe route to avoid breakages. Another supportive argument for keeping current behavior is that it is temporary, with plans to have BEEFY running on all chain specs by end of this year. |
I need a @paritytech/core-devs reviewer here, please |
node/service/src/lib.rs
Outdated
config.chain_spec.is_kusama() || | ||
config.chain_spec.is_westend() | ||
{ | ||
enable_beefy = false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would add a warn
: if enable_beefy { warn!("Tried to enable BEEFY on a production network. Refusing as BEEFY is still experimental.") }
. Something along those lines.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought about that as well, but I found it odd that log
crate is not used anywhere in node/service
and I just assumed there's a reason for it...
I'll add log
dependency and log a warn!
, but writing it out here as well so anybody who knows of a reason we shouldn't, can react 😄
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There is a local crate for logging that also deals with tracing gum::warn!
should work.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Still need to make that easier to discover, but here's the rationale for the interested reader around why we need gum
https://github.com/paritytech/polkadot/blob/6cafab2d926000fa612af29b02e8ed482d4dd9c5/node/gum/README.md
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code change looks good to me.
Yet if it matters that we don't have it running for polkadot and kusama. It may matter to other chain, so I would maybe switch to B1-releasenote.
(other node can always override the cli value in their bin crate).
Edit: thinking twice, this comment only really make sense if it was in substrate so please ignore.
We had troubles when first enabled by default, mostly performance related iirc, but that has been a while (1a+) ago. Complexity of |
Instead of allowing BEEFY to run on specific test nets, inverse the condition to explicitly disallow BEEFY on production chains that we don't want it to run on yet. This allows other test chains (other than Rococo/Wococo) that use the polkadot service file to enable and test BEEFY. Signed-off-by: Adrian Catangiu <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally looks good, imho this is breaking the public contract, so it should be part of the changelog since manual intervention is required to maintain the previous behavior.
How does this play out at the perf side? Do we expect any impact for the regular validator execution paths?
Is there anything else to do other than set
No, we do not expect any performance impact even when BEEFY is enabled. BEEFY gadget is driven by finality notifications and other validators' gossip of votes also driven by their finality notifications, so overall little traffic. |
The potential for code reuse of the In bridges, in particular, we'd need the changes from this PR in |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you! LGTM
Signed-off-by: acatangiu <[email protected]>
bot merge |
* use deny-list instead of allow-list for BEEFY Instead of allowing BEEFY to run on specific test nets, inverse the condition to explicitly disallow BEEFY on production chains that we don't want it to run on yet. This allows other test chains (other than Rococo/Wococo) that use the polkadot service file to enable and test BEEFY. Signed-off-by: Adrian Catangiu <[email protected]> * address review comments * throw error if BEEFY enabled on production networks Signed-off-by: acatangiu <[email protected]>
Instead of allowing BEEFY to run on specific test nets, reverse the condition to explicitly disallow BEEFY on production chains that we don't want it to run on yet.
This allows other test chains (Rialto used in bridges) to use the polkadot service file and still be able to run and test BEEFY.
Needed for paritytech/parity-bridges-common#1286
Release Notes
--beefy
CLI option is now explicitly disallowed onpolkadot
,kusama
andwestend
chains, and will error out.