service: use deny-list instead of allow-list for BEEFY #5331
Conversation
acatangiu
added
A0-please_review
There was a problem hiding this comment.
There must be some story behind this code - I haven't seen the PR where it has been introduced. But I wonder if we may change behavior a bit - instead of silently ignoring cli option (I guess enable_beefy flag value comes from cli, right?) can we return Err(_) from new_full when someone is trying to enable BEEFY on Kusama/Polkadot/Westend? Otherwise it seems strange to see node is successfully starting, but BEEFY is not running :) Or it may break some deployments - i.e. is BEEFY cli flag enabled by default?
Unfortunately, I don't know the story of this code and why original decision to override CLI and silently disable (as opposed to explicitly disallow and throw error) BEEFY was made... Now we can either keep that behavior, or as you say return While I agree the latter is cleaner, more clear and explicit, this PR implements the former because I'm not sure about the impact it would otherwise have on deployments. Went the safe route to avoid breakages. Another supportive argument for keeping current behavior is that it is temporary, with plans to have BEEFY running on all chain specs by end of this year. |
|
I need a @paritytech/core-devs reviewer here, please |
node/service/src/lib.rs
Outdated
| config.chain_spec.is_kusama() || | ||
| config.chain_spec.is_westend() | ||
| { | ||
| enable_beefy = false; |
There was a problem hiding this comment.
I would add a warn: if enable_beefy { warn!("Tried to enable BEEFY on a production network. Refusing as BEEFY is still experimental.") }. Something along those lines.
There was a problem hiding this comment.
I thought about that as well, but I found it odd that log crate is not used anywhere in node/service and I just assumed there's a reason for it...
I'll add log dependency and log a warn!, but writing it out here as well so anybody who knows of a reason we shouldn't, can react 😄
There was a problem hiding this comment.
There is a local crate for logging that also deals with tracing gum::warn! should work.
There was a problem hiding this comment.
Still need to make that easier to discover, but here's the rationale for the interested reader around why we need gum https://github.com/paritytech/polkadot/blob/6cafab2d926000fa612af29b02e8ed482d4dd9c5/node/gum/README.md
There was a problem hiding this comment.
Code change looks good to me.
Yet if it matters that we don't have it running for polkadot and kusama. It may matter to other chain, so I would maybe switch to B1-releasenote.
(other node can always override the cli value in their bin crate).
Edit: thinking twice, this comment only really make sense if it was in substrate so please ignore.
acatangiu
added
B1-releasenotes
and removed
B0-silent
|
We had troubles when first enabled by default, mostly performance related iirc, but that has been a while (1a+) ago. Complexity of |
Instead of allowing BEEFY to run on specific test nets, inverse the condition to explicitly disallow BEEFY on production chains that we don't want it to run on yet. This allows other test chains (other than Rococo/Wococo) that use the polkadot service file to enable and test BEEFY. Signed-off-by: Adrian Catangiu <[email protected]>
There was a problem hiding this comment.
Generally looks good, imho this is breaking the public contract, so it should be part of the changelog since manual intervention is required to maintain the previous behavior.
How does this play out at the perf side? Do we expect any impact for the regular validator execution paths?
Is there anything else to do other than set
No, we do not expect any performance impact even when BEEFY is enabled. BEEFY gadget is driven by finality notifications and other validators' gossip of votes also driven by their finality notifications, so overall little traffic. |
The potential for code reuse of the In bridges, in particular, we'd need the changes from this PR in |
Signed-off-by: acatangiu <[email protected]>
|
bot merge |
* use deny-list instead of allow-list for BEEFY Instead of allowing BEEFY to run on specific test nets, inverse the condition to explicitly disallow BEEFY on production chains that we don't want it to run on yet. This allows other test chains (other than Rococo/Wococo) that use the polkadot service file to enable and test BEEFY. Signed-off-by: Adrian Catangiu <[email protected]> * address review comments * throw error if BEEFY enabled on production networks Signed-off-by: acatangiu <[email protected]>
Instead of allowing BEEFY to run on specific test nets, reverse the condition to explicitly disallow BEEFY on production chains that we don't want it to run on yet.
This allows other test chains (Rialto used in bridges) to use the polkadot service file and still be able to run and test BEEFY.
Needed for paritytech/parity-bridges-common#1286
Release Notes
--beefyCLI option is now explicitly disallowed onpolkadot,kusamaandwestendchains, and will error out.