1use anemo::Network;
5use anemo::PeerId;
6use anemo_tower::callback::CallbackLayer;
7use anemo_tower::trace::DefaultMakeSpan;
8use anemo_tower::trace::DefaultOnFailure;
9use anemo_tower::trace::TraceLayer;
10use anyhow::Context;
11use anyhow::Result;
12use anyhow::anyhow;
13use arc_swap::ArcSwap;
14use fastcrypto_zkp::bn254::zk_login::JwkId;
15use fastcrypto_zkp::bn254::zk_login::OIDCProvider;
16use futures::future::BoxFuture;
17use mysten_common::in_test_configuration;
18use prometheus::Registry;
19use std::collections::{BTreeSet, HashMap, HashSet};
20use std::fmt;
21use std::future::Future;
22use std::path::Path;
23use std::path::PathBuf;
24use std::str::FromStr;
25#[cfg(msim)]
26use std::sync::atomic::Ordering;
27use std::sync::{Arc, Weak};
28use std::time::Duration;
29use sui_core::admission_queue::{
30 AdmissionQueueContext, AdmissionQueueManager, AdmissionQueueMetrics,
31};
32use sui_core::authority::ExecutionEnv;
33use sui_core::authority::authority_store_tables::AuthorityPerpetualTablesOptions;
34use sui_core::authority::backpressure::BackpressureManager;
35use sui_core::authority::epoch_start_configuration::EpochFlag;
36use sui_core::authority::execution_time_estimator::ExecutionTimeObserver;
37use sui_core::consensus_adapter::ConsensusClient;
38use sui_core::consensus_manager::UpdatableConsensusClient;
39use sui_core::epoch::randomness::RandomnessManager;
40use sui_core::execution_cache::build_execution_cache;
41use sui_core::randomness_round_receiver::{RandomnessRoundReceiver, RandomnessRoundReceiverHandle};
42use sui_network::endpoint_manager::{AddressSource, EndpointId};
43use sui_network::validator::server::SUI_TLS_SERVER_NAME;
44use sui_types::full_checkpoint_content::Checkpoint;
45use sui_types::node_role::NodeRole;
46
47use sui_core::global_state_hasher::GlobalStateHashMetrics;
48use sui_core::storage::RestReadStore;
49use sui_json_rpc::bridge_api::BridgeReadApi;
50use sui_json_rpc_api::JsonRpcMetrics;
51use sui_network::randomness;
52use sui_rpc_api::RpcMetrics;
53use sui_rpc_api::ServerVersion;
54use sui_rpc_api::subscription::SubscriptionService;
55use sui_types::base_types::ConciseableName;
56use sui_types::crypto::RandomnessRound;
57use sui_types::digests::{
58 ChainIdentifier, CheckpointDigest, TransactionDigest, TransactionEffectsDigest,
59};
60use sui_types::messages_consensus::AuthorityCapabilitiesV2;
61use sui_types::sui_system_state::SuiSystemState;
62use tap::tap::TapFallible;
63use tokio::sync::oneshot;
64use tokio::sync::{Mutex, broadcast, mpsc};
65use tokio::task::JoinHandle;
66use tower::ServiceBuilder;
67use tracing::{Instrument, error_span, info};
68use tracing::{debug, error, warn};
69
70macro_rules! jwk_log {
74 ($($arg:tt)+) => {
75 if in_test_configuration() {
76 debug!($($arg)+);
77 } else {
78 info!($($arg)+);
79 }
80 };
81}
82
83use fastcrypto_zkp::bn254::zk_login::JWK;
84pub use handle::SuiNodeHandle;
85use mysten_metrics::{RegistryService, spawn_monitored_task};
86use mysten_service::server_timing::server_timing_middleware;
87use sui_config::node::{DBCheckpointConfig, RunWithRange};
88use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
89use sui_config::node_config_metrics::NodeConfigMetrics;
90use sui_config::{ConsensusConfig, NodeConfig};
91use sui_core::authority::authority_per_epoch_store::AuthorityPerEpochStore;
92use sui_core::authority::authority_store_tables::AuthorityPerpetualTables;
93use sui_core::authority::epoch_start_configuration::EpochStartConfigTrait;
94use sui_core::authority::epoch_start_configuration::EpochStartConfiguration;
95use sui_core::authority::submitted_transaction_cache::SubmittedTransactionCacheMetrics;
96use sui_core::authority_aggregator::AuthorityAggregator;
97use sui_core::authority_server::{ValidatorService, ValidatorServiceMetrics};
98use sui_core::checkpoints::checkpoint_executor::metrics::CheckpointExecutorMetrics;
99use sui_core::checkpoints::checkpoint_executor::{CheckpointExecutor, StopReason};
100use sui_core::checkpoints::{
101 CheckpointMetrics, CheckpointOutput, CheckpointService, CheckpointStore, LogCheckpointOutput,
102 SendCheckpointToStateSync, SubmitCheckpointToConsensus,
103};
104use sui_core::consensus_adapter::{ConsensusAdapter, ConsensusAdapterMetrics};
105use sui_core::consensus_manager::ConsensusManager;
106use sui_core::consensus_throughput_calculator::ConsensusThroughputCalculator;
107use sui_core::consensus_validator::{SuiTxValidator, SuiTxValidatorMetrics};
108use sui_core::db_checkpoint_handler::DBCheckpointHandler;
109use sui_core::epoch::committee_store::CommitteeStore;
110use sui_core::epoch::consensus_store_pruner::ConsensusStorePruner;
111use sui_core::epoch::epoch_metrics::EpochMetrics;
112use sui_core::epoch::reconfiguration::ReconfigurationInitiator;
113use sui_core::global_state_hasher::GlobalStateHasher;
114use sui_core::jsonrpc_index::IndexStore;
115use sui_core::module_cache_metrics::ResolverMetrics;
116use sui_core::overload_monitor::overload_monitor;
117use sui_core::rpc_store_embed::EmbeddedRpcStore;
118use sui_core::signature_verifier::SignatureVerifierMetrics;
119use sui_core::storage::RocksDbStore;
120use sui_core::storage::RpcStoreReadStore;
121use sui_core::transaction_orchestrator::TransactionOrchestrator;
122use sui_core::{
123 authority::{AuthorityState, AuthorityStore},
124 authority_client::NetworkAuthorityClient,
125};
126use sui_json_rpc::JsonRpcServerBuilder;
127use sui_json_rpc::coin_api::CoinReadApi;
128use sui_json_rpc::governance_api::GovernanceReadApi;
129use sui_json_rpc::indexer_api::IndexerApi;
130use sui_json_rpc::move_utils::MoveUtils;
131use sui_json_rpc::read_api::ReadApi;
132use sui_json_rpc::transaction_builder_api::TransactionBuilderApi;
133use sui_json_rpc::transaction_execution_api::TransactionExecutionApi;
134use sui_macros::fail_point;
135use sui_macros::{fail_point_async, replay_log};
136use sui_network::api::ValidatorServer;
137use sui_network::discovery;
138use sui_network::endpoint_manager::EndpointManager;
139use sui_network::state_sync;
140use sui_network::validator::server::ServerBuilder;
141use sui_protocol_config::{Chain, ProtocolConfig, ProtocolVersion};
142use sui_snapshot::uploader::StateSnapshotUploader;
143use sui_storage::{
144 http_key_value_store::HttpKVStore,
145 key_value_store::{FallbackTransactionKVStore, TransactionKeyValueStore},
146 key_value_store_metrics::KeyValueStoreMetrics,
147};
148use sui_types::base_types::{AuthorityName, EpochId};
149use sui_types::committee::Committee;
150use sui_types::crypto::KeypairTraits;
151use sui_types::error::{SuiError, SuiResult};
152use sui_types::messages_consensus::{ConsensusTransaction, check_total_jwk_size};
153use sui_types::storage::RpcStateReader;
154use sui_types::sui_system_state::SuiSystemStateTrait;
155use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemState;
156use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemStateTrait;
157use sui_types::supported_protocol_versions::SupportedProtocolVersions;
158use typed_store::DBMetrics;
159use typed_store::rocks::default_db_options;
160
161use crate::metrics::{GrpcMetrics, SuiNodeMetrics};
162
163pub mod admin;
164pub mod db_shell;
165mod handle;
166pub mod metrics;
167
168pub struct ValidatorComponents {
169 validator_server_handle: Option<SpawnOnce>,
170 validator_overload_monitor_handle: Option<JoinHandle<()>>,
171 consensus_manager: Arc<ConsensusManager>,
172 consensus_store_pruner: ConsensusStorePruner,
173 consensus_adapter: Arc<ConsensusAdapter>,
174 checkpoint_metrics: Arc<CheckpointMetrics>,
175 sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
176 admission_queue: Option<AdmissionQueueContext>,
177}
178pub struct P2pComponents {
179 p2p_network: Network,
180 known_peers: HashMap<PeerId, String>,
181 discovery_handle: discovery::Handle,
182 state_sync_handle: state_sync::Handle,
183 randomness_handle: randomness::Handle,
184 endpoint_manager: EndpointManager,
185}
186
187#[cfg(msim)]
188mod simulator {
189 use std::sync::atomic::AtomicBool;
190 use sui_types::error::SuiErrorKind;
191
192 use super::*;
193 pub(super) struct SimState {
194 pub sim_node: sui_simulator::runtime::NodeHandle,
195 pub sim_safe_mode_expected: AtomicBool,
196 _leak_detector: sui_simulator::NodeLeakDetector,
197 }
198
199 impl Default for SimState {
200 fn default() -> Self {
201 Self {
202 sim_node: sui_simulator::runtime::NodeHandle::current(),
203 sim_safe_mode_expected: AtomicBool::new(false),
204 _leak_detector: sui_simulator::NodeLeakDetector::new(),
205 }
206 }
207 }
208
209 type JwkInjector = dyn Fn(AuthorityName, &OIDCProvider) -> SuiResult<Vec<(JwkId, JWK)>>
210 + Send
211 + Sync
212 + 'static;
213
214 fn default_fetch_jwks(
215 _authority: AuthorityName,
216 _provider: &OIDCProvider,
217 ) -> SuiResult<Vec<(JwkId, JWK)>> {
218 use fastcrypto_zkp::bn254::zk_login::parse_jwks;
219 parse_jwks(
221 sui_types::zk_login_util::DEFAULT_JWK_BYTES,
222 &OIDCProvider::Twitch,
223 true,
224 )
225 .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
226 }
227
228 thread_local! {
229 static JWK_INJECTOR: std::cell::RefCell<Arc<JwkInjector>> = std::cell::RefCell::new(Arc::new(default_fetch_jwks));
230 }
231
232 pub(super) fn get_jwk_injector() -> Arc<JwkInjector> {
233 JWK_INJECTOR.with(|injector| injector.borrow().clone())
234 }
235
236 pub fn set_jwk_injector(injector: Arc<JwkInjector>) {
237 JWK_INJECTOR.with(|cell| *cell.borrow_mut() = injector);
238 }
239}
240
241#[cfg(msim)]
242pub use simulator::set_jwk_injector;
243#[cfg(msim)]
244use simulator::*;
245use sui_core::authority::authority_store_pruner::PrunerWatermarks;
246use sui_core::{
247 consensus_handler::ConsensusHandlerInitializer, safe_client::SafeClientMetricsBase,
248};
249
250const DEFAULT_GRPC_CONNECT_TIMEOUT: Duration = Duration::from_secs(60);
251
252pub struct SuiNode {
253 config: NodeConfig,
254 validator_components: Mutex<Option<ValidatorComponents>>,
255
256 #[allow(unused)]
258 http_servers: HttpServers,
259
260 state: Arc<AuthorityState>,
261 transaction_orchestrator: Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
262 registry_service: RegistryService,
263 metrics: Arc<SuiNodeMetrics>,
264 checkpoint_metrics: Arc<CheckpointMetrics>,
265
266 _discovery: discovery::Handle,
267 _connection_monitor_handle: mysten_network::anemo_connection_monitor::ConnectionMonitorHandle,
268 state_sync_handle: state_sync::Handle,
269 randomness_handle: randomness::Handle,
270 checkpoint_store: Arc<CheckpointStore>,
271 global_state_hasher: Mutex<Option<Arc<GlobalStateHasher>>>,
272
273 end_of_epoch_channel: broadcast::Sender<SuiSystemState>,
275
276 endpoint_manager: EndpointManager,
278
279 backpressure_manager: Arc<BackpressureManager>,
280
281 _db_checkpoint_handle: Option<tokio::sync::broadcast::Sender<()>>,
282
283 #[cfg(msim)]
284 sim_state: SimState,
285
286 _state_snapshot_uploader_handle: Option<broadcast::Sender<()>>,
287 shutdown_channel_tx: broadcast::Sender<Option<RunWithRange>>,
289
290 randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
292
293 auth_agg: Arc<ArcSwap<AuthorityAggregator<NetworkAuthorityClient>>>,
298
299 subscription_service_checkpoint_sender: Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
300
301 embedded_rpc_store: Option<EmbeddedRpcStore>,
306}
307
308impl fmt::Debug for SuiNode {
309 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
310 f.debug_struct("SuiNode")
311 .field("name", &self.state.name.concise())
312 .finish()
313 }
314}
315
316static MAX_JWK_KEYS_PER_FETCH: usize = 100;
317
318impl SuiNode {
319 pub async fn start(
320 config: NodeConfig,
321 registry_service: RegistryService,
322 ) -> Result<Arc<SuiNode>> {
323 Self::start_async(
324 config,
325 registry_service,
326 ServerVersion::new("sui-node", "unknown"),
327 )
328 .await
329 }
330
331 fn start_jwk_updater(
332 config: &NodeConfig,
333 metrics: Arc<SuiNodeMetrics>,
334 authority: AuthorityName,
335 epoch_store: Arc<AuthorityPerEpochStore>,
336 consensus_adapter: Arc<ConsensusAdapter>,
337 ) {
338 let epoch = epoch_store.epoch();
339
340 let supported_providers = config
341 .zklogin_oauth_providers
342 .get(&epoch_store.get_chain_identifier().chain())
343 .unwrap_or(&BTreeSet::new())
344 .iter()
345 .map(|s| OIDCProvider::from_str(s).expect("Invalid provider string"))
346 .collect::<Vec<_>>();
347
348 let fetch_interval = Duration::from_secs(config.jwk_fetch_interval_seconds);
349
350 info!(
351 ?fetch_interval,
352 "Starting JWK updater tasks with supported providers: {:?}", supported_providers
353 );
354
355 fn validate_jwk(
356 metrics: &Arc<SuiNodeMetrics>,
357 provider: &OIDCProvider,
358 id: &JwkId,
359 jwk: &JWK,
360 ) -> bool {
361 let Ok(iss_provider) = OIDCProvider::from_iss(&id.iss) else {
362 warn!(
363 "JWK iss {:?} (retrieved from {:?}) is not a valid provider",
364 id.iss, provider
365 );
366 metrics
367 .invalid_jwks
368 .with_label_values(&[&provider.to_string()])
369 .inc();
370 return false;
371 };
372
373 if iss_provider != *provider {
374 warn!(
375 "JWK iss {:?} (retrieved from {:?}) does not match provider {:?}",
376 id.iss, provider, iss_provider
377 );
378 metrics
379 .invalid_jwks
380 .with_label_values(&[&provider.to_string()])
381 .inc();
382 return false;
383 }
384
385 if !check_total_jwk_size(id, jwk) {
386 warn!("JWK {:?} (retrieved from {:?}) is too large", id, provider);
387 metrics
388 .invalid_jwks
389 .with_label_values(&[&provider.to_string()])
390 .inc();
391 return false;
392 }
393
394 true
395 }
396
397 for p in supported_providers.into_iter() {
406 let provider_str = p.to_string();
407 let epoch_store = epoch_store.clone();
408 let consensus_adapter = consensus_adapter.clone();
409 let metrics = metrics.clone();
410 spawn_monitored_task!(epoch_store.clone().within_alive_epoch(
411 async move {
412 let mut seen = HashSet::new();
415 loop {
416 jwk_log!("fetching JWK for provider {:?}", p);
417 metrics.jwk_requests.with_label_values(&[&provider_str]).inc();
418 match Self::fetch_jwks(authority, &p).await {
419 Err(e) => {
420 metrics.jwk_request_errors.with_label_values(&[&provider_str]).inc();
421 warn!("Error when fetching JWK for provider {:?} {:?}", p, e);
422 tokio::time::sleep(Duration::from_secs(30)).await;
424 continue;
425 }
426 Ok(mut keys) => {
427 metrics.total_jwks
428 .with_label_values(&[&provider_str])
429 .inc_by(keys.len() as u64);
430
431 keys.retain(|(id, jwk)| {
432 validate_jwk(&metrics, &p, id, jwk) &&
433 !epoch_store.jwk_active_in_current_epoch(id, jwk) &&
434 seen.insert((id.clone(), jwk.clone()))
435 });
436
437 metrics.unique_jwks
438 .with_label_values(&[&provider_str])
439 .inc_by(keys.len() as u64);
440
441 if keys.len() > MAX_JWK_KEYS_PER_FETCH {
444 warn!("Provider {:?} sent too many JWKs, only the first {} will be used", p, MAX_JWK_KEYS_PER_FETCH);
445 keys.truncate(MAX_JWK_KEYS_PER_FETCH);
446 }
447
448 for (id, jwk) in keys.into_iter() {
449 jwk_log!("Submitting JWK to consensus: {:?}", id);
450
451 let txn = ConsensusTransaction::new_jwk_fetched(authority, id, jwk);
452 consensus_adapter.submit(txn, None, &epoch_store, None, None)
453 .tap_err(|e| warn!("Error when submitting JWKs to consensus {:?}", e))
454 .ok();
455 }
456 }
457 }
458 tokio::time::sleep(fetch_interval).await;
459 }
460 }
461 .instrument(error_span!("jwk_updater_task", epoch)),
462 ));
463 }
464 }
465
466 pub async fn start_async(
467 config: NodeConfig,
468 registry_service: RegistryService,
469 server_version: ServerVersion,
470 ) -> Result<Arc<SuiNode>> {
471 NodeConfigMetrics::new(®istry_service.default_registry()).record_metrics(&config);
472 let mut config = config.clone();
473 if config.supported_protocol_versions.is_none() {
474 info!(
475 "populating config.supported_protocol_versions with default {:?}",
476 SupportedProtocolVersions::SYSTEM_DEFAULT
477 );
478 config.supported_protocol_versions = Some(SupportedProtocolVersions::SYSTEM_DEFAULT);
479 }
480
481 let run_with_range = config.run_with_range;
482 let prometheus_registry = registry_service.default_registry();
483 let node_role = config.intended_node_role();
484
485 info!(node =? config.protocol_public_key(),
486 "Initializing sui-node listening on {} with role {:?}", config.network_address, node_role
487 );
488
489 DBMetrics::init(registry_service.clone());
491
492 typed_store::init_write_sync(config.enable_db_sync_to_disk);
494
495 mysten_metrics::init_metrics(&prometheus_registry);
497 #[cfg(not(msim))]
499 mysten_metrics::thread_stall_monitor::start_thread_stall_monitor();
500
501 let genesis = config.genesis()?.clone();
502
503 let secret = Arc::pin(config.protocol_key_pair().copy());
504 let genesis_committee = genesis.committee();
505 let committee_store = Arc::new(CommitteeStore::new(
506 config.db_path().join("epochs"),
507 &genesis_committee,
508 None,
509 ));
510
511 let pruner_watermarks = Arc::new(PrunerWatermarks::default());
512 let checkpoint_store = CheckpointStore::new(
513 &config.db_path().join("checkpoints"),
514 pruner_watermarks.clone(),
515 );
516 let checkpoint_metrics = CheckpointMetrics::new(®istry_service.default_registry());
517
518 if node_role.runs_consensus() {
519 Self::check_and_recover_forks(
520 &checkpoint_store,
521 &checkpoint_metrics,
522 config.fork_recovery.as_ref(),
523 )
524 .await?;
525 }
526
527 let enable_write_stall = config
529 .enable_db_write_stall
530 .unwrap_or(node_role.runs_consensus());
531 let enable_objects_compactor = node_role.is_validator()
538 || config.authority_store_pruning_config.num_epochs_to_retain == 0;
539 let perpetual_tables_options = AuthorityPerpetualTablesOptions {
540 enable_write_stall,
541 enable_objects_compactor,
542 };
543 let perpetual_tables = Arc::new(AuthorityPerpetualTables::open(
544 &config.db_store_path(),
545 Some(perpetual_tables_options),
546 Some(pruner_watermarks.epoch_id.clone()),
547 ));
548 let is_genesis = perpetual_tables
549 .database_is_empty()
550 .expect("Database read should not fail at init.");
551
552 let backpressure_manager =
553 BackpressureManager::new_from_checkpoint_store(&checkpoint_store);
554
555 let store =
556 AuthorityStore::open(perpetual_tables, &genesis, &config, &prometheus_registry).await?;
557
558 let cur_epoch = store.get_recovery_epoch_at_restart()?;
559 let committee = committee_store
560 .get_committee(&cur_epoch)?
561 .expect("Committee of the current epoch must exist");
562 let epoch_start_configuration = store
563 .get_epoch_start_configuration()?
564 .expect("EpochStartConfiguration of the current epoch must exist");
565 let cache_metrics = Arc::new(ResolverMetrics::new(&prometheus_registry));
566 let signature_verifier_metrics = SignatureVerifierMetrics::new(&prometheus_registry);
567
568 let cache_traits = build_execution_cache(
569 &config.execution_cache,
570 &prometheus_registry,
571 &store,
572 backpressure_manager.clone(),
573 );
574
575 let auth_agg = {
576 let safe_client_metrics_base = SafeClientMetricsBase::new(&prometheus_registry);
577 Arc::new(ArcSwap::new(Arc::new(
578 AuthorityAggregator::new_from_epoch_start_state(
579 epoch_start_configuration.epoch_start_state(),
580 &committee_store,
581 safe_client_metrics_base,
582 ),
583 )))
584 };
585
586 let chain_id = ChainIdentifier::from(*genesis.checkpoint().digest());
587 let chain = match config.chain_override_for_testing {
588 Some(chain) => chain,
589 None => ChainIdentifier::from(*genesis.checkpoint().digest()).chain(),
590 };
591
592 let highest_executed_checkpoint = checkpoint_store
593 .get_highest_executed_checkpoint_seq_number()
594 .expect("checkpoint store read cannot fail")
595 .unwrap_or(0);
596
597 let previous_epoch_last_checkpoint = if cur_epoch == 0 {
598 0
599 } else {
600 checkpoint_store
601 .get_epoch_last_checkpoint_seq_number(cur_epoch - 1)
602 .expect("checkpoint store read cannot fail")
603 .unwrap_or(highest_executed_checkpoint)
604 };
605
606 let epoch_options = default_db_options().optimize_db_for_write_throughput(4, false);
607 let epoch_store = AuthorityPerEpochStore::new(
608 config.protocol_public_key(),
609 committee.clone(),
610 &config.db_store_path(),
611 Some(epoch_options.options),
612 EpochMetrics::new(®istry_service.default_registry()),
613 epoch_start_configuration,
614 cache_traits.backing_package_store.clone(),
615 cache_traits.object_store.clone(),
616 cache_metrics,
617 signature_verifier_metrics,
618 &config.expensive_safety_check_config,
619 (chain_id, chain),
620 highest_executed_checkpoint,
621 previous_epoch_last_checkpoint,
622 Arc::new(SubmittedTransactionCacheMetrics::new(
623 ®istry_service.default_registry(),
624 )),
625 config.fullnode_sync_mode,
626 )?;
627
628 info!("created epoch store");
629
630 replay_log!(
631 "Beginning replay run. Epoch: {:?}, Protocol config: {:?}",
632 epoch_store.epoch(),
633 epoch_store.protocol_config()
634 );
635
636 if is_genesis {
638 info!("checking SUI conservation at genesis");
639 cache_traits
644 .reconfig_api
645 .expensive_check_sui_conservation(&epoch_store)
646 .expect("SUI conservation check cannot fail at genesis");
647 }
648
649 let effective_buffer_stake = epoch_store.get_effective_buffer_stake_bps();
650 let default_buffer_stake = epoch_store
651 .protocol_config()
652 .buffer_stake_for_protocol_upgrade_bps();
653 if effective_buffer_stake != default_buffer_stake {
654 warn!(
655 ?effective_buffer_stake,
656 ?default_buffer_stake,
657 "buffer_stake_for_protocol_upgrade_bps is currently overridden"
658 );
659 }
660
661 checkpoint_store.insert_genesis_checkpoint(
662 genesis.checkpoint(),
663 genesis.checkpoint_contents().clone(),
664 &epoch_store,
665 );
666
667 info!("creating state sync store");
668 let state_sync_store = RocksDbStore::new(
669 cache_traits.clone(),
670 committee_store.clone(),
671 checkpoint_store.clone(),
672 );
673
674 let index_store = if node_role.is_fullnode() && config.enable_index_processing {
675 info!("creating jsonrpc index store");
676 Some(Arc::new(IndexStore::new(
677 config.db_path().join("indexes"),
678 &prometheus_registry,
679 epoch_store
680 .protocol_config()
681 .max_move_identifier_len_as_option(),
682 config.remove_deprecated_tables,
683 )))
684 } else {
685 None
686 };
687
688 let chain_identifier = epoch_store.get_chain_identifier();
689
690 let mut embedded_rpc_store =
696 if node_role.is_fullnode() && config.rpc().is_some_and(|rpc| rpc.enable_indexing()) {
697 info!("creating embedded rpc-store");
698 remove_legacy_rpc_index_store(&config.db_path());
702 let ingestion_source = RocksDbStore::new(
705 cache_traits.clone(),
706 committee_store.clone(),
707 checkpoint_store.clone(),
708 );
709 let embedded_rpc_store = EmbeddedRpcStore::bootstrap(
710 &config,
711 &store,
712 &checkpoint_store,
713 ingestion_source,
714 chain_identifier,
715 &prometheus_registry,
716 )
717 .await?;
718 Some(embedded_rpc_store)
719 } else {
720 None
721 };
722
723 info!("creating archive reader");
724 let (randomness_tx, randomness_rx) = mpsc::channel(
726 config
727 .p2p_config
728 .randomness
729 .clone()
730 .unwrap_or_default()
731 .mailbox_capacity(),
732 );
733 let P2pComponents {
734 p2p_network,
735 known_peers,
736 discovery_handle,
737 state_sync_handle,
738 randomness_handle,
739 endpoint_manager,
740 } = Self::create_p2p_network(
741 &config,
742 state_sync_store.clone(),
743 chain_identifier,
744 randomness_tx,
745 &prometheus_registry,
746 )?;
747
748 for peer in &config.p2p_config.peer_address_overrides {
750 endpoint_manager
751 .update_endpoint(
752 EndpointId::P2p(peer.peer_id),
753 AddressSource::Config,
754 peer.addresses.clone(),
755 )
756 .expect("Updating peer address overrides should not fail");
757 }
758
759 update_peer_addresses(
761 &config,
762 &endpoint_manager,
763 epoch_store.epoch_start_state(),
764 None,
765 );
766
767 info!("start snapshot upload");
768 let state_snapshot_handle = Self::start_state_snapshot(
770 &config,
771 &prometheus_registry,
772 checkpoint_store.clone(),
773 chain_identifier,
774 )?;
775
776 info!("start db checkpoint");
778 let (db_checkpoint_config, db_checkpoint_handle) = Self::start_db_checkpoint(
779 &config,
780 &prometheus_registry,
781 state_snapshot_handle.is_some(),
782 )?;
783
784 if !epoch_store
785 .protocol_config()
786 .simplified_unwrap_then_delete()
787 {
788 config
790 .authority_store_pruning_config
791 .set_killswitch_tombstone_pruning(true);
792 }
793
794 let authority_name = config.protocol_public_key();
795
796 info!("create authority state");
797 let state = AuthorityState::new(
798 authority_name,
799 secret,
800 config.supported_protocol_versions.unwrap(),
801 store.clone(),
802 cache_traits.clone(),
803 epoch_store.clone(),
804 committee_store.clone(),
805 index_store.clone(),
806 embedded_rpc_store.as_ref().map(|embedded| embedded.store()),
807 checkpoint_store.clone(),
808 &prometheus_registry,
809 genesis.objects(),
810 &db_checkpoint_config,
811 config.clone(),
812 chain_identifier,
813 config.policy_config.clone(),
814 config.firewall_config.clone(),
815 pruner_watermarks,
816 )
817 .await;
818 if epoch_store.epoch() == 0 {
820 let txn = &genesis.transaction();
821 let span = error_span!("genesis_txn", tx_digest = ?txn.digest());
822 let transaction =
823 sui_types::executable_transaction::VerifiedExecutableTransaction::new_unchecked(
824 sui_types::executable_transaction::ExecutableTransaction::new_from_data_and_sig(
825 genesis.transaction().data().clone(),
826 sui_types::executable_transaction::CertificateProof::Checkpoint(0, 0),
827 ),
828 );
829 let _enter = span.enter();
830 state
831 .try_execute_immediately(&transaction, ExecutionEnv::new(), &epoch_store)
832 .unwrap();
833 }
834
835 let randomness_receiver_handle =
838 RandomnessRoundReceiver::spawn(state.clone(), randomness_rx);
839
840 let (end_of_epoch_channel, end_of_epoch_receiver) =
841 broadcast::channel(config.end_of_epoch_broadcast_channel_capacity);
842
843 let transaction_orchestrator = if node_role.is_fullnode() && run_with_range.is_none() {
844 Some(Arc::new(TransactionOrchestrator::new_with_auth_aggregator(
845 auth_agg.load_full(),
846 state.clone(),
847 end_of_epoch_receiver,
848 &config.db_path(),
849 &prometheus_registry,
850 &config,
851 )))
852 } else {
853 None
854 };
855
856 let (http_servers, subscription_service_checkpoint_sender) = build_http_servers(
857 state.clone(),
858 state_sync_store,
859 &transaction_orchestrator.clone(),
860 &config,
861 &prometheus_registry,
862 server_version,
863 node_role,
864 embedded_rpc_store.as_ref(),
865 )
866 .await?;
867
868 if let Some(embedded) = embedded_rpc_store.as_mut() {
875 embedded.spawn_indexer(
876 subscription_service_checkpoint_sender.clone(),
877 prometheus_registry.clone(),
878 );
879 }
880
881 let global_state_hasher = Arc::new(GlobalStateHasher::new(
882 cache_traits.global_state_hash_store.clone(),
883 GlobalStateHashMetrics::new(&prometheus_registry),
884 ));
885
886 let network_connection_metrics = mysten_network::quinn_metrics::QuinnConnectionMetrics::new(
887 "sui",
888 ®istry_service.default_registry(),
889 );
890
891 let connection_monitor_handle =
892 mysten_network::anemo_connection_monitor::AnemoConnectionMonitor::spawn(
893 p2p_network.downgrade(),
894 Arc::new(network_connection_metrics),
895 known_peers,
896 );
897
898 let sui_node_metrics = Arc::new(SuiNodeMetrics::new(®istry_service.default_registry()));
899
900 sui_node_metrics
901 .binary_max_protocol_version
902 .set(ProtocolVersion::MAX.as_u64() as i64);
903 sui_node_metrics
904 .configured_max_protocol_version
905 .set(config.supported_protocol_versions.unwrap().max.as_u64() as i64);
906
907 let node_role = epoch_store.node_role();
908 let validator_components = if node_role.runs_consensus() {
909 let mut components = Self::construct_validator_components(
910 config.clone(),
911 state.clone(),
912 committee,
913 epoch_store.clone(),
914 checkpoint_store.clone(),
915 state_sync_handle.clone(),
916 randomness_handle.clone(),
917 Arc::downgrade(&global_state_hasher),
918 backpressure_manager.clone(),
919 ®istry_service,
920 sui_node_metrics.clone(),
921 checkpoint_metrics.clone(),
922 node_role,
923 randomness_receiver_handle.clone(),
924 )
925 .await?;
926
927 if node_role.is_validator() {
928 components
929 .consensus_adapter
930 .recover_end_of_publish(&epoch_store);
931
932 components.validator_server_handle = Some(
934 components
935 .validator_server_handle
936 .take()
937 .unwrap()
938 .start()
939 .await,
940 );
941
942 endpoint_manager
944 .set_consensus_address_updater(components.consensus_manager.clone());
945 } else {
946 info!("Starting node as Observer — connecting to configured peers");
947 }
948
949 Some(components)
950 } else {
951 None
952 };
953
954 let (shutdown_channel, _) = broadcast::channel::<Option<RunWithRange>>(1);
956
957 let node = Self {
958 config,
959 validator_components: Mutex::new(validator_components),
960 http_servers,
961 state,
962 transaction_orchestrator,
963 registry_service,
964 metrics: sui_node_metrics,
965 checkpoint_metrics,
966
967 _discovery: discovery_handle,
968 _connection_monitor_handle: connection_monitor_handle,
969 state_sync_handle,
970 randomness_handle,
971 checkpoint_store,
972 global_state_hasher: Mutex::new(Some(global_state_hasher)),
973 end_of_epoch_channel,
974 endpoint_manager,
975 backpressure_manager,
976
977 _db_checkpoint_handle: db_checkpoint_handle,
978
979 #[cfg(msim)]
980 sim_state: Default::default(),
981
982 _state_snapshot_uploader_handle: state_snapshot_handle,
983 shutdown_channel_tx: shutdown_channel,
984 randomness_receiver_handle,
985
986 auth_agg,
987 subscription_service_checkpoint_sender,
988 embedded_rpc_store,
989 };
990
991 info!("SuiNode started!");
992 let node = Arc::new(node);
993 let node_copy = node.clone();
994 spawn_monitored_task!(async move {
995 let result = Self::monitor_reconfiguration(node_copy, epoch_store).await;
996 if let Err(error) = result {
997 warn!("Reconfiguration finished with error {:?}", error);
998 }
999 });
1000
1001 Ok(node)
1002 }
1003
1004 pub fn subscribe_to_epoch_change(&self) -> broadcast::Receiver<SuiSystemState> {
1005 self.end_of_epoch_channel.subscribe()
1006 }
1007
1008 pub fn subscribe_to_shutdown_channel(&self) -> broadcast::Receiver<Option<RunWithRange>> {
1009 self.shutdown_channel_tx.subscribe()
1010 }
1011
1012 pub fn current_epoch_for_testing(&self) -> EpochId {
1013 self.state.current_epoch_for_testing()
1014 }
1015
1016 pub fn db_checkpoint_path(&self) -> PathBuf {
1017 self.config.db_checkpoint_path()
1018 }
1019
1020 pub async fn close_epoch(&self, epoch_store: &Arc<AuthorityPerEpochStore>) -> SuiResult {
1022 info!("close_epoch (current epoch = {})", epoch_store.epoch());
1023 self.validator_components
1024 .lock()
1025 .await
1026 .as_ref()
1027 .ok_or_else(|| SuiError::from("Node is not a validator"))?
1028 .consensus_adapter
1029 .close_epoch(epoch_store);
1030 Ok(())
1031 }
1032
1033 pub fn clear_override_protocol_upgrade_buffer_stake(&self, epoch: EpochId) -> SuiResult {
1034 self.state
1035 .clear_override_protocol_upgrade_buffer_stake(epoch)
1036 }
1037
1038 pub fn set_override_protocol_upgrade_buffer_stake(
1039 &self,
1040 epoch: EpochId,
1041 buffer_stake_bps: u64,
1042 ) -> SuiResult {
1043 self.state
1044 .set_override_protocol_upgrade_buffer_stake(epoch, buffer_stake_bps)
1045 }
1046
1047 pub async fn close_epoch_for_testing(&self) -> SuiResult {
1050 let epoch_store = self.state.epoch_store_for_testing();
1051 self.close_epoch(&epoch_store).await
1052 }
1053
1054 fn start_state_snapshot(
1055 config: &NodeConfig,
1056 prometheus_registry: &Registry,
1057 checkpoint_store: Arc<CheckpointStore>,
1058 chain_identifier: ChainIdentifier,
1059 ) -> Result<Option<tokio::sync::broadcast::Sender<()>>> {
1060 if let Some(remote_store_config) = &config.state_snapshot_write_config.object_store_config {
1061 let snapshot_uploader = StateSnapshotUploader::new(
1062 &config.db_checkpoint_path(),
1063 &config.snapshot_path(),
1064 remote_store_config.clone(),
1065 60,
1066 prometheus_registry,
1067 checkpoint_store,
1068 chain_identifier,
1069 config.state_snapshot_write_config.archive_interval_epochs,
1070 )?;
1071 Ok(Some(snapshot_uploader.start()))
1072 } else {
1073 Ok(None)
1074 }
1075 }
1076
1077 fn start_db_checkpoint(
1078 config: &NodeConfig,
1079 prometheus_registry: &Registry,
1080 state_snapshot_enabled: bool,
1081 ) -> Result<(
1082 DBCheckpointConfig,
1083 Option<tokio::sync::broadcast::Sender<()>>,
1084 )> {
1085 let checkpoint_path = Some(
1086 config
1087 .db_checkpoint_config
1088 .checkpoint_path
1089 .clone()
1090 .unwrap_or_else(|| config.db_checkpoint_path()),
1091 );
1092 let db_checkpoint_config = if config.db_checkpoint_config.checkpoint_path.is_none() {
1093 DBCheckpointConfig {
1094 checkpoint_path,
1095 perform_db_checkpoints_at_epoch_end: if state_snapshot_enabled {
1096 true
1097 } else {
1098 config
1099 .db_checkpoint_config
1100 .perform_db_checkpoints_at_epoch_end
1101 },
1102 ..config.db_checkpoint_config.clone()
1103 }
1104 } else {
1105 config.db_checkpoint_config.clone()
1106 };
1107
1108 match (
1109 db_checkpoint_config.object_store_config.as_ref(),
1110 state_snapshot_enabled,
1111 ) {
1112 (None, false) => Ok((db_checkpoint_config, None)),
1117 (_, _) => {
1118 let handler = DBCheckpointHandler::new(
1119 &db_checkpoint_config.checkpoint_path.clone().unwrap(),
1120 db_checkpoint_config.object_store_config.as_ref(),
1121 60,
1122 db_checkpoint_config
1123 .prune_and_compact_before_upload
1124 .unwrap_or(true),
1125 config.authority_store_pruning_config.clone(),
1126 prometheus_registry,
1127 state_snapshot_enabled,
1128 )?;
1129 Ok((
1130 db_checkpoint_config,
1131 Some(DBCheckpointHandler::start(handler)),
1132 ))
1133 }
1134 }
1135 }
1136
1137 fn create_p2p_network(
1138 config: &NodeConfig,
1139 state_sync_store: RocksDbStore,
1140 chain_identifier: ChainIdentifier,
1141 randomness_tx: mpsc::Sender<(EpochId, RandomnessRound, Vec<u8>)>,
1142 prometheus_registry: &Registry,
1143 ) -> Result<P2pComponents> {
1144 let mut p2p_config = config.p2p_config.clone();
1145 {
1146 let disc = p2p_config.discovery.get_or_insert_with(Default::default);
1147 if disc.peer_addr_store_path.is_none() {
1148 disc.peer_addr_store_path =
1149 Some(config.db_path().join("discovery_peer_cache.yaml"));
1150 }
1151 }
1152 let mut discovery_builder = discovery::Builder::new().config(p2p_config.clone());
1153 if let Some(consensus_config) = &config.consensus_config {
1154 let effective_addr = consensus_config
1155 .external_address
1156 .as_ref()
1157 .or(consensus_config.listen_address.as_ref());
1158 if let Some(addr) = effective_addr {
1159 discovery_builder = discovery_builder.consensus_external_address(addr.clone());
1160 }
1161 }
1162 let (discovery, discovery_server, endpoint_manager) = discovery_builder.build();
1163 let discovery_sender = discovery.sender();
1164
1165 let (state_sync, state_sync_router) = state_sync::Builder::new()
1166 .config(config.p2p_config.state_sync.clone().unwrap_or_default())
1167 .store(state_sync_store)
1168 .archive_config(config.archive_reader_config())
1169 .discovery_sender(discovery_sender)
1170 .with_metrics(prometheus_registry)
1171 .build();
1172
1173 let discovery_config = config.p2p_config.discovery.clone().unwrap_or_default();
1174 let known_peers: HashMap<PeerId, String> = discovery_config
1175 .allowlisted_peers
1176 .clone()
1177 .into_iter()
1178 .map(|ap| (ap.peer_id, "allowlisted_peer".to_string()))
1179 .chain(config.p2p_config.seed_peers.iter().filter_map(|peer| {
1180 peer.peer_id
1181 .map(|peer_id| (peer_id, "seed_peer".to_string()))
1182 }))
1183 .collect();
1184
1185 let (randomness, randomness_router) =
1186 randomness::Builder::new(config.protocol_public_key(), randomness_tx)
1187 .config(config.p2p_config.randomness.clone().unwrap_or_default())
1188 .with_metrics(prometheus_registry)
1189 .build();
1190
1191 let p2p_network = {
1192 let routes = anemo::Router::new()
1193 .add_rpc_service(discovery_server)
1194 .merge(state_sync_router);
1195 let routes = routes.merge(randomness_router);
1196
1197 let inbound_network_metrics =
1198 mysten_network::metrics::NetworkMetrics::new("sui", "inbound", prometheus_registry);
1199 let outbound_network_metrics = mysten_network::metrics::NetworkMetrics::new(
1200 "sui",
1201 "outbound",
1202 prometheus_registry,
1203 );
1204
1205 let service = ServiceBuilder::new()
1206 .layer(
1207 TraceLayer::new_for_server_errors()
1208 .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1209 .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1210 )
1211 .layer(CallbackLayer::new(
1212 mysten_network::metrics::MetricsMakeCallbackHandler::new(
1213 Arc::new(inbound_network_metrics),
1214 config.p2p_config.excessive_message_size(),
1215 ),
1216 ))
1217 .service(routes);
1218
1219 let outbound_layer = ServiceBuilder::new()
1220 .layer(
1221 TraceLayer::new_for_client_and_server_errors()
1222 .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1223 .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1224 )
1225 .layer(CallbackLayer::new(
1226 mysten_network::metrics::MetricsMakeCallbackHandler::new(
1227 Arc::new(outbound_network_metrics),
1228 config.p2p_config.excessive_message_size(),
1229 ),
1230 ))
1231 .into_inner();
1232
1233 let mut anemo_config = config.p2p_config.anemo_config.clone().unwrap_or_default();
1234 anemo_config.max_request_frame_size = Some(1 << 20);
1237 anemo_config.max_response_frame_size = Some(128 << 20);
1240
1241 let mut quic_config = anemo_config.quic.unwrap_or_default();
1244 if quic_config.socket_send_buffer_size.is_none() {
1245 quic_config.socket_send_buffer_size = Some(20 << 20);
1246 }
1247 if quic_config.socket_receive_buffer_size.is_none() {
1248 quic_config.socket_receive_buffer_size = Some(20 << 20);
1249 }
1250 quic_config.allow_failed_socket_buffer_size_setting = true;
1251
1252 if quic_config.max_concurrent_bidi_streams.is_none() {
1255 quic_config.max_concurrent_bidi_streams = Some(500);
1256 }
1257 if quic_config.max_concurrent_uni_streams.is_none() {
1258 quic_config.max_concurrent_uni_streams = Some(500);
1259 }
1260 if quic_config.stream_receive_window.is_none() {
1261 quic_config.stream_receive_window = Some(100 << 20);
1262 }
1263 if quic_config.receive_window.is_none() {
1264 quic_config.receive_window = Some(200 << 20);
1265 }
1266 if quic_config.send_window.is_none() {
1267 quic_config.send_window = Some(200 << 20);
1268 }
1269 if quic_config.crypto_buffer_size.is_none() {
1270 quic_config.crypto_buffer_size = Some(1 << 20);
1271 }
1272 if quic_config.max_idle_timeout_ms.is_none() {
1273 quic_config.max_idle_timeout_ms = Some(10_000);
1274 }
1275 if quic_config.keep_alive_interval_ms.is_none() {
1276 quic_config.keep_alive_interval_ms = Some(5_000);
1277 }
1278 anemo_config.quic = Some(quic_config);
1279
1280 let server_name = format!("sui-{}", chain_identifier);
1281 let network = Network::bind(config.p2p_config.listen_address)
1282 .server_name(&server_name)
1283 .private_key(config.network_key_pair().copy().private().0.to_bytes())
1284 .config(anemo_config)
1285 .outbound_request_layer(outbound_layer)
1286 .start(service)?;
1287 info!(
1288 server_name = server_name,
1289 "P2p network started on {}",
1290 network.local_addr()
1291 );
1292
1293 network
1294 };
1295
1296 let discovery_handle =
1297 discovery.start(p2p_network.clone(), config.network_key_pair().copy());
1298 let state_sync_handle = state_sync.start(p2p_network.clone());
1299 let randomness_handle = randomness.start(p2p_network.clone());
1300
1301 Ok(P2pComponents {
1302 p2p_network,
1303 known_peers,
1304 discovery_handle,
1305 state_sync_handle,
1306 randomness_handle,
1307 endpoint_manager,
1308 })
1309 }
1310
1311 async fn construct_validator_components(
1312 config: NodeConfig,
1313 state: Arc<AuthorityState>,
1314 committee: Arc<Committee>,
1315 epoch_store: Arc<AuthorityPerEpochStore>,
1316 checkpoint_store: Arc<CheckpointStore>,
1317 state_sync_handle: state_sync::Handle,
1318 randomness_handle: randomness::Handle,
1319 global_state_hasher: Weak<GlobalStateHasher>,
1320 backpressure_manager: Arc<BackpressureManager>,
1321 registry_service: &RegistryService,
1322 sui_node_metrics: Arc<SuiNodeMetrics>,
1323 checkpoint_metrics: Arc<CheckpointMetrics>,
1324 node_role: NodeRole,
1325 randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1326 ) -> Result<ValidatorComponents> {
1327 let mut config_clone = config.clone();
1328 let consensus_config = config_clone
1329 .consensus_config
1330 .as_mut()
1331 .ok_or_else(|| anyhow!("Node is missing consensus config"))?;
1332
1333 let client = Arc::new(UpdatableConsensusClient::new());
1334 let inflight_slot_freed_notify = Arc::new(tokio::sync::Notify::new());
1335 let consensus_adapter = Arc::new(Self::construct_consensus_adapter(
1336 &committee,
1337 consensus_config,
1338 state.name,
1339 ®istry_service.default_registry(),
1340 client.clone(),
1341 checkpoint_store.clone(),
1342 inflight_slot_freed_notify.clone(),
1343 ));
1344
1345 let consensus_manager = Arc::new(ConsensusManager::new(
1346 &config,
1347 consensus_config,
1348 registry_service,
1349 client,
1350 node_role,
1351 ));
1352
1353 let consensus_store_pruner = ConsensusStorePruner::new(
1355 consensus_manager.get_storage_base_path(),
1356 consensus_config.db_retention_epochs(),
1357 consensus_config.db_pruner_period(),
1358 ®istry_service.default_registry(),
1359 );
1360
1361 let sui_tx_validator_metrics =
1362 SuiTxValidatorMetrics::new(®istry_service.default_registry());
1363
1364 let (validator_server_handle, admission_queue) = if node_role.is_validator() {
1365 let (handle, queue) = Self::start_grpc_validator_service(
1366 &config,
1367 state.clone(),
1368 consensus_adapter.clone(),
1369 epoch_store.clone(),
1370 ®istry_service.default_registry(),
1371 inflight_slot_freed_notify,
1372 )
1373 .await?;
1374 (Some(handle), queue)
1375 } else {
1376 (None, None)
1377 };
1378
1379 let validator_overload_monitor_handle = if node_role.is_validator()
1382 && config
1383 .authority_overload_config
1384 .max_load_shedding_percentage
1385 > 0
1386 {
1387 let authority_state = Arc::downgrade(&state);
1388 let overload_config = config.authority_overload_config.clone();
1389 fail_point!("starting_overload_monitor");
1390 Some(spawn_monitored_task!(overload_monitor(
1391 authority_state,
1392 overload_config,
1393 )))
1394 } else {
1395 None
1396 };
1397
1398 Self::start_epoch_specific_validator_components(
1399 &config,
1400 state.clone(),
1401 consensus_adapter,
1402 checkpoint_store,
1403 epoch_store,
1404 state_sync_handle,
1405 randomness_handle,
1406 randomness_receiver_handle,
1407 consensus_manager,
1408 consensus_store_pruner,
1409 global_state_hasher,
1410 backpressure_manager,
1411 validator_server_handle,
1412 validator_overload_monitor_handle,
1413 checkpoint_metrics,
1414 sui_node_metrics,
1415 sui_tx_validator_metrics,
1416 admission_queue,
1417 node_role,
1418 )
1419 .await
1420 }
1421
1422 async fn start_epoch_specific_validator_components(
1423 config: &NodeConfig,
1424 state: Arc<AuthorityState>,
1425 consensus_adapter: Arc<ConsensusAdapter>,
1426 checkpoint_store: Arc<CheckpointStore>,
1427 epoch_store: Arc<AuthorityPerEpochStore>,
1428 state_sync_handle: state_sync::Handle,
1429 randomness_handle: randomness::Handle,
1430 randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1431 consensus_manager: Arc<ConsensusManager>,
1432 consensus_store_pruner: ConsensusStorePruner,
1433 state_hasher: Weak<GlobalStateHasher>,
1434 backpressure_manager: Arc<BackpressureManager>,
1435 validator_server_handle: Option<SpawnOnce>,
1436 validator_overload_monitor_handle: Option<JoinHandle<()>>,
1437 checkpoint_metrics: Arc<CheckpointMetrics>,
1438 sui_node_metrics: Arc<SuiNodeMetrics>,
1439 sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
1440 admission_queue: Option<AdmissionQueueContext>,
1441 node_role: NodeRole,
1442 ) -> Result<ValidatorComponents> {
1443 let checkpoint_service = Self::build_checkpoint_service(
1444 config,
1445 consensus_adapter.clone(),
1446 checkpoint_store.clone(),
1447 epoch_store.clone(),
1448 state.clone(),
1449 state_sync_handle,
1450 state_hasher,
1451 checkpoint_metrics.clone(),
1452 node_role,
1453 );
1454
1455 randomness_receiver_handle.clear_public_key();
1458
1459 if node_role.runs_consensus() && epoch_store.randomness_state_enabled() {
1460 let authority_key_pair = if node_role.is_validator() {
1461 Some(config.protocol_key_pair())
1462 } else {
1463 None
1464 };
1465 let randomness_manager = RandomnessManager::try_new(
1466 Arc::downgrade(&epoch_store),
1467 Box::new(consensus_adapter.clone()),
1468 randomness_handle,
1469 authority_key_pair,
1470 randomness_receiver_handle.clone(),
1471 )
1472 .await;
1473 if let Some(randomness_manager) = randomness_manager {
1474 epoch_store
1475 .set_randomness_manager(randomness_manager)
1476 .await?;
1477 }
1478 }
1479
1480 if node_role.is_validator() {
1481 ExecutionTimeObserver::spawn(
1482 epoch_store.clone(),
1483 Box::new(consensus_adapter.clone()),
1484 config
1485 .execution_time_observer_config
1486 .clone()
1487 .unwrap_or_default(),
1488 );
1489 }
1490
1491 let throughput_calculator = Arc::new(ConsensusThroughputCalculator::new(
1492 None,
1493 state.metrics.clone(),
1494 ));
1495
1496 let consensus_handler_initializer = ConsensusHandlerInitializer::new(
1497 state.clone(),
1498 checkpoint_service.clone(),
1499 epoch_store.clone(),
1500 consensus_adapter.clone(),
1501 throughput_calculator,
1502 backpressure_manager,
1503 config.congestion_log.clone(),
1504 );
1505
1506 info!("Starting consensus manager asynchronously");
1507
1508 tokio::spawn({
1510 let config = config.clone();
1511 let epoch_store = epoch_store.clone();
1512 let sui_tx_validator = SuiTxValidator::new(
1513 state.clone(),
1514 epoch_store.clone(),
1515 checkpoint_service.clone(),
1516 sui_tx_validator_metrics.clone(),
1517 );
1518 let consensus_manager = consensus_manager.clone();
1519 async move {
1520 consensus_manager
1521 .start(
1522 &config,
1523 epoch_store,
1524 consensus_handler_initializer,
1525 sui_tx_validator,
1526 Some(randomness_receiver_handle),
1527 )
1528 .await;
1529 }
1530 });
1531 let replay_waiter = consensus_manager.replay_waiter();
1532
1533 info!("Spawning checkpoint service");
1534 let replay_waiter = if std::env::var("DISABLE_REPLAY_WAITER").is_ok() {
1535 None
1536 } else {
1537 Some(replay_waiter)
1538 };
1539 checkpoint_service
1540 .spawn(epoch_store.clone(), replay_waiter)
1541 .await;
1542
1543 if node_role.is_validator() && epoch_store.authenticator_state_enabled() {
1544 Self::start_jwk_updater(
1545 config,
1546 sui_node_metrics,
1547 state.name,
1548 epoch_store.clone(),
1549 consensus_adapter.clone(),
1550 );
1551 }
1552
1553 if let Some(ctx) = &admission_queue {
1554 ctx.rotate_for_epoch(epoch_store);
1555 }
1556
1557 Ok(ValidatorComponents {
1558 validator_server_handle,
1559 validator_overload_monitor_handle,
1560 consensus_manager,
1561 consensus_store_pruner,
1562 consensus_adapter,
1563 checkpoint_metrics,
1564 sui_tx_validator_metrics,
1565 admission_queue,
1566 })
1567 }
1568
1569 fn build_checkpoint_service(
1570 config: &NodeConfig,
1571 consensus_adapter: Arc<ConsensusAdapter>,
1572 checkpoint_store: Arc<CheckpointStore>,
1573 epoch_store: Arc<AuthorityPerEpochStore>,
1574 state: Arc<AuthorityState>,
1575 state_sync_handle: state_sync::Handle,
1576 state_hasher: Weak<GlobalStateHasher>,
1577 checkpoint_metrics: Arc<CheckpointMetrics>,
1578 node_role: NodeRole,
1579 ) -> Arc<CheckpointService> {
1580 let epoch_start_timestamp_ms = epoch_store.epoch_start_state().epoch_start_timestamp_ms();
1581 let epoch_duration_ms = epoch_store.epoch_start_state().epoch_duration_ms();
1582
1583 debug!(
1584 "Starting checkpoint service with epoch start timestamp {}
1585 and epoch duration {}",
1586 epoch_start_timestamp_ms, epoch_duration_ms
1587 );
1588
1589 let checkpoint_output: Box<dyn CheckpointOutput> = if node_role.is_validator() {
1590 Box::new(SubmitCheckpointToConsensus::new(
1591 consensus_adapter,
1592 state.secret.clone(),
1593 config.protocol_public_key(),
1594 epoch_start_timestamp_ms
1595 .checked_add(epoch_duration_ms)
1596 .expect("Overflow calculating next_reconfiguration_timestamp_ms"),
1597 checkpoint_metrics.clone(),
1598 ))
1599 } else {
1600 Box::new(LogCheckpointOutput::new(checkpoint_metrics.clone()))
1601 };
1602
1603 let certified_checkpoint_output = SendCheckpointToStateSync::new(state_sync_handle);
1604
1605 CheckpointService::build(
1606 state.clone(),
1607 checkpoint_store,
1608 epoch_store,
1609 state.get_transaction_cache_reader().clone(),
1610 state_hasher,
1611 checkpoint_output,
1612 Box::new(certified_checkpoint_output),
1613 checkpoint_metrics,
1614 )
1615 }
1616
1617 fn construct_consensus_adapter(
1618 committee: &Committee,
1619 consensus_config: &ConsensusConfig,
1620 authority: AuthorityName,
1621 prometheus_registry: &Registry,
1622 consensus_client: Arc<dyn ConsensusClient>,
1623 checkpoint_store: Arc<CheckpointStore>,
1624 inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1625 ) -> ConsensusAdapter {
1626 let ca_metrics = ConsensusAdapterMetrics::new(prometheus_registry);
1627 ConsensusAdapter::new(
1630 consensus_client,
1631 checkpoint_store,
1632 authority,
1633 consensus_config.max_pending_transactions(),
1634 consensus_config.max_pending_transactions() * 2 / committee.num_members(),
1635 ca_metrics,
1636 inflight_slot_freed_notify,
1637 )
1638 }
1639
1640 async fn start_grpc_validator_service(
1641 config: &NodeConfig,
1642 state: Arc<AuthorityState>,
1643 consensus_adapter: Arc<ConsensusAdapter>,
1644 epoch_store: Arc<AuthorityPerEpochStore>,
1645 prometheus_registry: &Registry,
1646 inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1647 ) -> Result<(SpawnOnce, Option<AdmissionQueueContext>)> {
1648 let overload_config = &config.authority_overload_config;
1649 let admission_queue = overload_config.admission_queue_enabled.then(|| {
1650 let manager = Arc::new(AdmissionQueueManager::new(
1651 consensus_adapter.clone(),
1652 Arc::new(AdmissionQueueMetrics::new(prometheus_registry)),
1653 overload_config.admission_queue_capacity_fraction,
1654 overload_config.admission_queue_bypass_fraction,
1655 overload_config.admission_queue_failover_timeout,
1656 inflight_slot_freed_notify,
1657 ));
1658 AdmissionQueueContext::spawn(manager, epoch_store)
1659 });
1660 let validator_service = ValidatorService::new(
1661 state.clone(),
1662 consensus_adapter,
1663 Arc::new(ValidatorServiceMetrics::new(prometheus_registry)),
1664 config.policy_config.clone().map(|p| p.client_id_source),
1665 admission_queue.clone(),
1666 );
1667
1668 let mut server_conf = mysten_network::config::Config::new();
1669 server_conf.connect_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1670 server_conf.http2_keepalive_interval = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1671 server_conf.http2_keepalive_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1672 server_conf.global_concurrency_limit = config.grpc_concurrency_limit;
1673 server_conf.load_shed = config.grpc_load_shed;
1674 let mut server_builder =
1675 ServerBuilder::from_config(&server_conf, GrpcMetrics::new(prometheus_registry));
1676
1677 server_builder = server_builder.add_service(ValidatorServer::new(validator_service));
1678
1679 let tls_config = sui_tls::create_rustls_server_config(
1680 config.network_key_pair().copy().private(),
1681 SUI_TLS_SERVER_NAME.to_string(),
1682 );
1683
1684 let network_address = config.network_address().clone();
1685
1686 let (ready_tx, ready_rx) = oneshot::channel();
1687
1688 let spawn_once = SpawnOnce::new(ready_rx, async move {
1689 let server = server_builder
1690 .bind(&network_address, Some(tls_config))
1691 .await
1692 .unwrap_or_else(|err| panic!("Failed to bind to {network_address}: {err}"));
1693 let local_addr = server.local_addr();
1694 info!("Listening to traffic on {local_addr}");
1695 ready_tx.send(()).unwrap();
1696 if let Err(err) = server.serve().await {
1697 info!("Server stopped: {err}");
1698 }
1699 info!("Server stopped");
1700 });
1701 Ok((spawn_once, admission_queue))
1702 }
1703
1704 pub fn state(&self) -> Arc<AuthorityState> {
1705 self.state.clone()
1706 }
1707
1708 pub fn embedded_rpc_store(&self) -> Option<&EmbeddedRpcStore> {
1714 self.embedded_rpc_store.as_ref()
1715 }
1716
1717 #[cfg(any(test, msim))]
1718 pub fn connection_monitor_handle_for_testing(
1719 &self,
1720 ) -> &mysten_network::anemo_connection_monitor::ConnectionMonitorHandle {
1721 &self._connection_monitor_handle
1722 }
1723
1724 pub fn node_role(&self) -> NodeRole {
1725 self.state.load_epoch_store_one_call_per_task().node_role()
1726 }
1727
1728 pub fn reference_gas_price_for_testing(&self) -> Result<u64, anyhow::Error> {
1730 self.state.reference_gas_price_for_testing()
1731 }
1732
1733 pub fn clone_committee_store(&self) -> Arc<CommitteeStore> {
1734 self.state.committee_store().clone()
1735 }
1736
1737 pub fn clone_checkpoint_store(&self) -> Arc<CheckpointStore> {
1738 self.checkpoint_store.clone()
1739 }
1740
1741 pub fn clone_authority_store(&self) -> Arc<AuthorityStore> {
1742 self.state.authority_store()
1743 }
1744
1745 pub fn clone_consensus_store(
1746 &self,
1747 ) -> Option<Arc<consensus_core::storage::rocksdb_store::RocksDBStore>> {
1748 self.validator_components
1749 .try_lock()
1750 .ok()?
1751 .as_ref()?
1752 .consensus_manager
1753 .consensus_store()
1754 }
1755
1756 pub fn clone_authority_aggregator(
1761 &self,
1762 ) -> Option<Arc<AuthorityAggregator<NetworkAuthorityClient>>> {
1763 self.transaction_orchestrator
1764 .as_ref()
1765 .map(|to| to.clone_authority_aggregator())
1766 }
1767
1768 pub fn transaction_orchestrator(
1769 &self,
1770 ) -> Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>> {
1771 self.transaction_orchestrator.clone()
1772 }
1773
1774 pub async fn monitor_reconfiguration(
1777 self: Arc<Self>,
1778 mut epoch_store: Arc<AuthorityPerEpochStore>,
1779 ) -> Result<()> {
1780 let checkpoint_executor_metrics =
1781 CheckpointExecutorMetrics::new(&self.registry_service.default_registry());
1782
1783 loop {
1784 let mut hasher_guard = self.global_state_hasher.lock().await;
1785 let hasher = hasher_guard.take().unwrap();
1786 info!(
1787 "Creating checkpoint executor for epoch {}",
1788 epoch_store.epoch()
1789 );
1790 let checkpoint_executor = CheckpointExecutor::new(
1791 epoch_store.clone(),
1792 self.checkpoint_store.clone(),
1793 self.state.clone(),
1794 hasher.clone(),
1795 self.backpressure_manager.clone(),
1796 self.config.checkpoint_executor_config.clone(),
1797 checkpoint_executor_metrics.clone(),
1798 self.subscription_service_checkpoint_sender.clone(),
1799 );
1800
1801 let run_with_range = self.config.run_with_range;
1802
1803 let cur_epoch_store = self.state.load_epoch_store_one_call_per_task();
1804
1805 self.metrics
1807 .current_protocol_version
1808 .set(cur_epoch_store.protocol_config().version.as_u64() as i64);
1809
1810 if let Some(components) = &*self.validator_components.lock().await
1813 && cur_epoch_store.is_validator()
1814 {
1815 tokio::time::sleep(Duration::from_millis(1)).await;
1817
1818 let config = cur_epoch_store.protocol_config();
1819 let mut supported_protocol_versions = self
1820 .config
1821 .supported_protocol_versions
1822 .expect("Supported versions should be populated")
1823 .truncate_below(config.version);
1825
1826 while supported_protocol_versions.max > config.version {
1827 let proposed_protocol_config = ProtocolConfig::get_for_version(
1828 supported_protocol_versions.max,
1829 cur_epoch_store.get_chain(),
1830 );
1831
1832 if proposed_protocol_config.enable_accumulators()
1833 && !epoch_store.accumulator_root_exists()
1834 {
1835 error!(
1836 "cannot upgrade to protocol version {:?} because accumulator root does not exist",
1837 supported_protocol_versions.max
1838 );
1839 supported_protocol_versions.max = supported_protocol_versions.max.prev();
1840 } else {
1841 break;
1842 }
1843 }
1844
1845 let binary_config = config.binary_config(None);
1846 let transaction = ConsensusTransaction::new_capability_notification_v2(
1847 AuthorityCapabilitiesV2::new(
1848 self.state.name,
1849 cur_epoch_store.get_chain_identifier().chain(),
1850 supported_protocol_versions,
1851 self.state
1852 .get_available_system_packages(&binary_config)
1853 .await,
1854 ),
1855 );
1856 info!(?transaction, "submitting capabilities to consensus");
1857 components.consensus_adapter.submit(
1858 transaction,
1859 None,
1860 &cur_epoch_store,
1861 None,
1862 None,
1863 )?;
1864 }
1865
1866 let stop_condition = checkpoint_executor.run_epoch(run_with_range).await;
1867
1868 if stop_condition == StopReason::RunWithRangeCondition {
1869 SuiNode::shutdown(&self).await;
1870 self.shutdown_channel_tx
1871 .send(run_with_range)
1872 .expect("RunWithRangeCondition met but failed to send shutdown message");
1873 return Ok(());
1874 }
1875
1876 let latest_system_state = self
1878 .state
1879 .get_object_cache_reader()
1880 .get_sui_system_state_object_unsafe()
1881 .expect("Read Sui System State object cannot fail");
1882
1883 #[cfg(msim)]
1884 if !self
1885 .sim_state
1886 .sim_safe_mode_expected
1887 .load(Ordering::Relaxed)
1888 {
1889 debug_assert!(!latest_system_state.safe_mode());
1890 }
1891
1892 #[cfg(not(msim))]
1893 debug_assert!(!latest_system_state.safe_mode());
1894
1895 if let Err(err) = self.end_of_epoch_channel.send(latest_system_state.clone())
1896 && self.state.is_fullnode(&cur_epoch_store)
1897 {
1898 warn!(
1899 "Failed to send end of epoch notification to subscriber: {:?}",
1900 err
1901 );
1902 }
1903
1904 cur_epoch_store.record_is_safe_mode_metric(latest_system_state.safe_mode());
1905 let new_epoch_start_state = latest_system_state.into_epoch_start_state();
1906
1907 self.auth_agg.store(Arc::new(
1908 self.auth_agg
1909 .load()
1910 .recreate_with_new_epoch_start_state(&new_epoch_start_state),
1911 ));
1912
1913 let next_epoch_committee = new_epoch_start_state.get_sui_committee();
1914 let next_epoch = next_epoch_committee.epoch();
1915 assert_eq!(cur_epoch_store.epoch() + 1, next_epoch);
1916
1917 info!(
1918 next_epoch,
1919 "Finished executing all checkpoints in epoch. About to reconfigure the system."
1920 );
1921
1922 fail_point_async!("reconfig_delay");
1923
1924 cur_epoch_store.record_epoch_reconfig_start_time_metric();
1925
1926 update_peer_addresses(
1927 &self.config,
1928 &self.endpoint_manager,
1929 &new_epoch_start_state,
1930 Some(cur_epoch_store.epoch_start_state()),
1931 );
1932
1933 let mut validator_components_lock_guard = self.validator_components.lock().await;
1934
1935 let new_epoch_store = self
1939 .reconfigure_state(
1940 &self.state,
1941 &cur_epoch_store,
1942 next_epoch_committee.clone(),
1943 new_epoch_start_state,
1944 hasher.clone(),
1945 )
1946 .await;
1947
1948 let new_role = new_epoch_store.node_role();
1949
1950 let new_validator_components = if let Some(ValidatorComponents {
1951 validator_server_handle,
1952 validator_overload_monitor_handle,
1953 consensus_manager,
1954 consensus_store_pruner,
1955 consensus_adapter,
1956 checkpoint_metrics,
1957 sui_tx_validator_metrics,
1958 admission_queue,
1959 }) = validator_components_lock_guard.take()
1960 {
1961 info!("Reconfiguring node (was running consensus).");
1962
1963 consensus_manager.shutdown().await;
1964 info!("Consensus has shut down.");
1965
1966 info!("Epoch store finished reconfiguration.");
1967
1968 let global_state_hasher_metrics = Arc::into_inner(hasher)
1971 .expect("Object state hasher should have no other references at this point")
1972 .metrics();
1973 let new_hasher = Arc::new(GlobalStateHasher::new(
1974 self.state.get_global_state_hash_store().clone(),
1975 global_state_hasher_metrics,
1976 ));
1977 let weak_hasher = Arc::downgrade(&new_hasher);
1978 *hasher_guard = Some(new_hasher);
1979
1980 consensus_store_pruner.prune(next_epoch).await;
1981
1982 if new_role.runs_consensus() {
1983 info!("Restarting consensus as {new_role}");
1984 Some(
1985 Self::start_epoch_specific_validator_components(
1986 &self.config,
1987 self.state.clone(),
1988 consensus_adapter,
1989 self.checkpoint_store.clone(),
1990 new_epoch_store.clone(),
1991 self.state_sync_handle.clone(),
1992 self.randomness_handle.clone(),
1993 self.randomness_receiver_handle.clone(),
1994 consensus_manager,
1995 consensus_store_pruner,
1996 weak_hasher,
1997 self.backpressure_manager.clone(),
1998 validator_server_handle,
1999 validator_overload_monitor_handle,
2000 checkpoint_metrics,
2001 self.metrics.clone(),
2002 sui_tx_validator_metrics,
2003 admission_queue,
2004 new_role,
2005 )
2006 .await?,
2007 )
2008 } else {
2009 info!(
2010 "This node has new role {new_role} and no longer runs consensus after reconfiguration"
2011 );
2012 None
2013 }
2014 } else {
2015 let global_state_hasher_metrics = Arc::into_inner(hasher)
2018 .expect("Object state hasher should have no other references at this point")
2019 .metrics();
2020 let new_hasher = Arc::new(GlobalStateHasher::new(
2021 self.state.get_global_state_hash_store().clone(),
2022 global_state_hasher_metrics,
2023 ));
2024 let weak_hasher = Arc::downgrade(&new_hasher);
2025 *hasher_guard = Some(new_hasher);
2026
2027 if new_role.runs_consensus() {
2028 info!("Promoting node to {new_role}, starting consensus components");
2029
2030 let mut components = Self::construct_validator_components(
2031 self.config.clone(),
2032 self.state.clone(),
2033 Arc::new(next_epoch_committee.clone()),
2034 new_epoch_store.clone(),
2035 self.checkpoint_store.clone(),
2036 self.state_sync_handle.clone(),
2037 self.randomness_handle.clone(),
2038 weak_hasher,
2039 self.backpressure_manager.clone(),
2040 &self.registry_service,
2041 self.metrics.clone(),
2042 self.checkpoint_metrics.clone(),
2043 new_role,
2044 self.randomness_receiver_handle.clone(),
2045 )
2046 .await?;
2047
2048 if new_role.is_validator() {
2049 components.validator_server_handle = Some(
2050 components
2051 .validator_server_handle
2052 .take()
2053 .unwrap()
2054 .start()
2055 .await,
2056 );
2057
2058 self.endpoint_manager
2059 .set_consensus_address_updater(components.consensus_manager.clone());
2060 }
2061
2062 Some(components)
2063 } else {
2064 None
2065 }
2066 };
2067 *validator_components_lock_guard = new_validator_components;
2068
2069 cur_epoch_store.release_db_handles();
2072
2073 if cfg!(msim)
2074 && !matches!(
2075 self.config
2076 .authority_store_pruning_config
2077 .num_epochs_to_retain_for_checkpoints(),
2078 None | Some(u64::MAX) | Some(0)
2079 )
2080 {
2081 self.state
2082 .prune_checkpoints_for_eligible_epochs_for_testing(
2083 self.config.clone(),
2084 sui_core::authority::authority_store_pruner::AuthorityStorePruningMetrics::new_for_test(),
2085 )
2086 .await?;
2087 }
2088
2089 epoch_store = new_epoch_store;
2090 info!("Reconfiguration finished");
2091 }
2092 }
2093
2094 async fn shutdown(&self) {
2095 if let Some(validator_components) = &*self.validator_components.lock().await {
2096 validator_components.consensus_manager.shutdown().await;
2097 }
2098 }
2099
2100 async fn reconfigure_state(
2101 &self,
2102 state: &Arc<AuthorityState>,
2103 cur_epoch_store: &AuthorityPerEpochStore,
2104 next_epoch_committee: Committee,
2105 next_epoch_start_system_state: EpochStartSystemState,
2106 global_state_hasher: Arc<GlobalStateHasher>,
2107 ) -> Arc<AuthorityPerEpochStore> {
2108 let next_epoch = next_epoch_committee.epoch();
2109
2110 let last_checkpoint = self
2111 .checkpoint_store
2112 .get_epoch_last_checkpoint(cur_epoch_store.epoch())
2113 .expect("Error loading last checkpoint for current epoch")
2114 .expect("Could not load last checkpoint for current epoch");
2115
2116 let last_checkpoint_seq = *last_checkpoint.sequence_number();
2117
2118 assert_eq!(
2119 Some(last_checkpoint_seq),
2120 self.checkpoint_store
2121 .get_highest_executed_checkpoint_seq_number()
2122 .expect("Error loading highest executed checkpoint sequence number")
2123 );
2124
2125 let epoch_start_configuration = EpochStartConfiguration::new(
2126 next_epoch_start_system_state,
2127 *last_checkpoint.digest(),
2128 state.get_object_store().as_ref(),
2129 EpochFlag::default_flags_for_new_epoch(&state.config),
2130 )
2131 .expect("EpochStartConfiguration construction cannot fail");
2132
2133 let new_epoch_store = self
2134 .state
2135 .reconfigure(
2136 cur_epoch_store,
2137 self.config.supported_protocol_versions.unwrap(),
2138 next_epoch_committee,
2139 epoch_start_configuration,
2140 global_state_hasher,
2141 &self.config.expensive_safety_check_config,
2142 last_checkpoint_seq,
2143 )
2144 .await
2145 .expect("Reconfigure authority state cannot fail");
2146 info!(next_epoch, "Node State has been reconfigured");
2147 assert_eq!(next_epoch, new_epoch_store.epoch());
2148 self.state.get_reconfig_api().update_epoch_flags_metrics(
2149 cur_epoch_store.epoch_start_config().flags(),
2150 new_epoch_store.epoch_start_config().flags(),
2151 );
2152
2153 new_epoch_store
2154 }
2155
2156 pub fn get_config(&self) -> &NodeConfig {
2157 &self.config
2158 }
2159
2160 pub fn randomness_handle(&self) -> randomness::Handle {
2161 self.randomness_handle.clone()
2162 }
2163
2164 pub fn state_sync_handle(&self) -> state_sync::Handle {
2165 self.state_sync_handle.clone()
2166 }
2167
2168 pub fn endpoint_manager(&self) -> &EndpointManager {
2169 &self.endpoint_manager
2170 }
2171
2172 fn get_digest_prefix(digest: impl std::fmt::Display) -> String {
2174 let digest_str = digest.to_string();
2175 if digest_str.len() >= 8 {
2176 digest_str[0..8].to_string()
2177 } else {
2178 digest_str
2179 }
2180 }
2181
2182 async fn check_and_recover_forks(
2186 checkpoint_store: &CheckpointStore,
2187 checkpoint_metrics: &CheckpointMetrics,
2188 fork_recovery: Option<&ForkRecoveryConfig>,
2189 ) -> Result<()> {
2190 if let Some(recovery) = fork_recovery {
2192 Self::try_recover_checkpoint_fork(checkpoint_store, recovery)?;
2193 Self::try_recover_transaction_fork(checkpoint_store, recovery)?;
2194 }
2195
2196 if let Some((checkpoint_seq, checkpoint_digest)) = checkpoint_store
2197 .get_checkpoint_fork_detected()
2198 .map_err(|e| {
2199 error!("Failed to check for checkpoint fork: {:?}", e);
2200 e
2201 })?
2202 {
2203 Self::handle_checkpoint_fork(
2204 checkpoint_seq,
2205 checkpoint_digest,
2206 checkpoint_metrics,
2207 fork_recovery,
2208 )
2209 .await?;
2210 }
2211 if let Some((tx_digest, expected_effects, actual_effects)) = checkpoint_store
2212 .get_transaction_fork_detected()
2213 .map_err(|e| {
2214 error!("Failed to check for transaction fork: {:?}", e);
2215 e
2216 })?
2217 {
2218 Self::handle_transaction_fork(
2219 tx_digest,
2220 expected_effects,
2221 actual_effects,
2222 checkpoint_metrics,
2223 fork_recovery,
2224 )
2225 .await?;
2226 }
2227
2228 Ok(())
2229 }
2230
2231 fn try_recover_checkpoint_fork(
2232 checkpoint_store: &CheckpointStore,
2233 recovery: &ForkRecoveryConfig,
2234 ) -> Result<()> {
2235 for (seq, expected_digest_str) in &recovery.checkpoint_overrides {
2238 let Ok(expected_digest) = CheckpointDigest::from_str(expected_digest_str) else {
2239 anyhow::bail!(
2240 "Invalid checkpoint digest override for seq {}: {}",
2241 seq,
2242 expected_digest_str
2243 );
2244 };
2245
2246 if let Some(local_summary) = checkpoint_store.get_locally_computed_checkpoint(*seq)? {
2247 let local_digest = sui_types::message_envelope::Message::digest(&local_summary);
2248 if local_digest != expected_digest {
2249 info!(
2250 seq,
2251 local = %Self::get_digest_prefix(local_digest),
2252 expected = %Self::get_digest_prefix(expected_digest),
2253 "Fork recovery: clearing locally_computed_checkpoints from {} due to digest mismatch",
2254 seq
2255 );
2256 checkpoint_store
2257 .clear_locally_computed_checkpoints_from(*seq)
2258 .context(
2259 "Failed to clear locally computed checkpoints from override seq",
2260 )?;
2261 }
2262 }
2263 }
2264
2265 if let Some((checkpoint_seq, checkpoint_digest)) =
2266 checkpoint_store.get_checkpoint_fork_detected()?
2267 && recovery.checkpoint_overrides.contains_key(&checkpoint_seq)
2268 {
2269 info!(
2270 "Fork recovery enabled: clearing checkpoint fork at seq {} with digest {:?}",
2271 checkpoint_seq, checkpoint_digest
2272 );
2273 checkpoint_store
2274 .clear_checkpoint_fork_detected()
2275 .expect("Failed to clear checkpoint fork detected marker");
2276 }
2277 Ok(())
2278 }
2279
2280 fn try_recover_transaction_fork(
2281 checkpoint_store: &CheckpointStore,
2282 recovery: &ForkRecoveryConfig,
2283 ) -> Result<()> {
2284 if recovery.transaction_overrides.is_empty() {
2285 return Ok(());
2286 }
2287
2288 if let Some((tx_digest, _, _)) = checkpoint_store.get_transaction_fork_detected()?
2289 && recovery
2290 .transaction_overrides
2291 .contains_key(&tx_digest.to_string())
2292 {
2293 info!(
2294 "Fork recovery enabled: clearing transaction fork for tx {:?}",
2295 tx_digest
2296 );
2297 checkpoint_store
2298 .clear_transaction_fork_detected()
2299 .expect("Failed to clear transaction fork detected marker");
2300 }
2301 Ok(())
2302 }
2303
2304 fn get_current_timestamp() -> u64 {
2305 std::time::SystemTime::now()
2306 .duration_since(std::time::SystemTime::UNIX_EPOCH)
2307 .unwrap()
2308 .as_secs()
2309 }
2310
2311 async fn handle_checkpoint_fork(
2312 checkpoint_seq: u64,
2313 checkpoint_digest: CheckpointDigest,
2314 checkpoint_metrics: &CheckpointMetrics,
2315 fork_recovery: Option<&ForkRecoveryConfig>,
2316 ) -> Result<()> {
2317 checkpoint_metrics
2318 .checkpoint_fork_crash_mode
2319 .with_label_values(&[
2320 &checkpoint_seq.to_string(),
2321 &Self::get_digest_prefix(checkpoint_digest),
2322 &Self::get_current_timestamp().to_string(),
2323 ])
2324 .set(1);
2325
2326 let behavior = fork_recovery
2327 .map(|fr| fr.fork_crash_behavior)
2328 .unwrap_or_default();
2329
2330 match behavior {
2331 ForkCrashBehavior::AwaitForkRecovery => {
2332 error!(
2333 checkpoint_seq = checkpoint_seq,
2334 checkpoint_digest = ?checkpoint_digest,
2335 "Checkpoint fork detected! Node startup halted. Sleeping indefinitely."
2336 );
2337 futures::future::pending::<()>().await;
2338 unreachable!("pending() should never return");
2339 }
2340 ForkCrashBehavior::ReturnError => {
2341 error!(
2342 checkpoint_seq = checkpoint_seq,
2343 checkpoint_digest = ?checkpoint_digest,
2344 "Checkpoint fork detected! Returning error."
2345 );
2346 Err(anyhow::anyhow!(
2347 "Checkpoint fork detected! checkpoint_seq: {}, checkpoint_digest: {:?}",
2348 checkpoint_seq,
2349 checkpoint_digest
2350 ))
2351 }
2352 }
2353 }
2354
2355 async fn handle_transaction_fork(
2356 tx_digest: TransactionDigest,
2357 expected_effects_digest: TransactionEffectsDigest,
2358 actual_effects_digest: TransactionEffectsDigest,
2359 checkpoint_metrics: &CheckpointMetrics,
2360 fork_recovery: Option<&ForkRecoveryConfig>,
2361 ) -> Result<()> {
2362 checkpoint_metrics
2363 .transaction_fork_crash_mode
2364 .with_label_values(&[
2365 &Self::get_digest_prefix(tx_digest),
2366 &Self::get_digest_prefix(expected_effects_digest),
2367 &Self::get_digest_prefix(actual_effects_digest),
2368 &Self::get_current_timestamp().to_string(),
2369 ])
2370 .set(1);
2371
2372 let behavior = fork_recovery
2373 .map(|fr| fr.fork_crash_behavior)
2374 .unwrap_or_default();
2375
2376 match behavior {
2377 ForkCrashBehavior::AwaitForkRecovery => {
2378 error!(
2379 tx_digest = ?tx_digest,
2380 expected_effects_digest = ?expected_effects_digest,
2381 actual_effects_digest = ?actual_effects_digest,
2382 "Transaction fork detected! Node startup halted. Sleeping indefinitely."
2383 );
2384 futures::future::pending::<()>().await;
2385 unreachable!("pending() should never return");
2386 }
2387 ForkCrashBehavior::ReturnError => {
2388 error!(
2389 tx_digest = ?tx_digest,
2390 expected_effects_digest = ?expected_effects_digest,
2391 actual_effects_digest = ?actual_effects_digest,
2392 "Transaction fork detected! Returning error."
2393 );
2394 Err(anyhow::anyhow!(
2395 "Transaction fork detected! tx_digest: {:?}, expected_effects: {:?}, actual_effects: {:?}",
2396 tx_digest,
2397 expected_effects_digest,
2398 actual_effects_digest
2399 ))
2400 }
2401 }
2402 }
2403}
2404
2405#[cfg(not(msim))]
2406impl SuiNode {
2407 async fn fetch_jwks(
2408 _authority: AuthorityName,
2409 provider: &OIDCProvider,
2410 ) -> SuiResult<Vec<(JwkId, JWK)>> {
2411 use fastcrypto_zkp::bn254::zk_login::fetch_jwks;
2412 use sui_types::error::SuiErrorKind;
2413 let client = reqwest::Client::new();
2414 fetch_jwks(provider, &client, true)
2415 .await
2416 .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
2417 }
2418}
2419
2420#[cfg(msim)]
2421impl SuiNode {
2422 pub fn get_sim_node_id(&self) -> sui_simulator::task::NodeId {
2423 self.sim_state.sim_node.id()
2424 }
2425
2426 pub fn set_safe_mode_expected(&self, new_value: bool) {
2427 info!("Setting safe mode expected to {}", new_value);
2428 self.sim_state
2429 .sim_safe_mode_expected
2430 .store(new_value, Ordering::Relaxed);
2431 }
2432
2433 #[allow(unused_variables)]
2434 async fn fetch_jwks(
2435 authority: AuthorityName,
2436 provider: &OIDCProvider,
2437 ) -> SuiResult<Vec<(JwkId, JWK)>> {
2438 get_jwk_injector()(authority, provider)
2439 }
2440}
2441
2442enum SpawnOnce {
2443 Unstarted(oneshot::Receiver<()>, Mutex<BoxFuture<'static, ()>>),
2445 #[allow(unused)]
2446 Started(JoinHandle<()>),
2447}
2448
2449impl SpawnOnce {
2450 pub fn new(
2451 ready_rx: oneshot::Receiver<()>,
2452 future: impl Future<Output = ()> + Send + 'static,
2453 ) -> Self {
2454 Self::Unstarted(ready_rx, Mutex::new(Box::pin(future)))
2455 }
2456
2457 pub async fn start(self) -> Self {
2458 match self {
2459 Self::Unstarted(ready_rx, future) => {
2460 let future = future.into_inner();
2461 let handle = tokio::spawn(future);
2462 ready_rx.await.unwrap();
2463 Self::Started(handle)
2464 }
2465 Self::Started(_) => self,
2466 }
2467 }
2468}
2469
2470fn update_peer_addresses(
2474 config: &NodeConfig,
2475 endpoint_manager: &EndpointManager,
2476 epoch_start_state: &EpochStartSystemState,
2477 prev_epoch_start_state: Option<&EpochStartSystemState>,
2478) {
2479 if config.consensus_config().is_none() {
2480 return;
2481 }
2482 let new_peers: HashSet<PeerId> = epoch_start_state
2483 .get_validator_as_p2p_peers(config.protocol_public_key())
2484 .into_iter()
2485 .map(|(peer_id, address)| {
2486 endpoint_manager
2487 .update_endpoint(
2488 EndpointId::P2p(peer_id),
2489 AddressSource::Chain,
2490 vec![address],
2491 )
2492 .expect("Updating peer addresses should not fail");
2493 peer_id
2494 })
2495 .collect();
2496
2497 if let Some(prev) = prev_epoch_start_state {
2499 for (peer_id, _) in prev.get_validator_as_p2p_peers(config.protocol_public_key()) {
2500 if !new_peers.contains(&peer_id) {
2501 endpoint_manager
2502 .update_endpoint(EndpointId::P2p(peer_id), AddressSource::Chain, vec![])
2503 .expect("Clearing peer addresses should not fail");
2504 }
2505 }
2506 }
2507}
2508
2509fn build_kv_store(
2510 state: &Arc<AuthorityState>,
2511 config: &NodeConfig,
2512 registry: &Registry,
2513) -> Result<Arc<TransactionKeyValueStore>> {
2514 let metrics = KeyValueStoreMetrics::new(registry);
2515 let db_store = TransactionKeyValueStore::new("rocksdb", metrics.clone(), state.clone());
2516
2517 let base_url = &config.transaction_kv_store_read_config.base_url;
2518
2519 if base_url.is_empty() {
2520 info!("no http kv store url provided, using local db only");
2521 return Ok(Arc::new(db_store));
2522 }
2523
2524 let base_url: url::Url = base_url.parse().tap_err(|e| {
2525 error!(
2526 "failed to parse config.transaction_kv_store_config.base_url ({:?}) as url: {}",
2527 base_url, e
2528 )
2529 })?;
2530
2531 let network_str = match state.get_chain_identifier().chain() {
2532 Chain::Mainnet => "/mainnet",
2533 _ => {
2534 info!("using local db only for kv store");
2535 return Ok(Arc::new(db_store));
2536 }
2537 };
2538
2539 let base_url = base_url.join(network_str)?.to_string();
2540 let http_store = HttpKVStore::new_kv(
2541 &base_url,
2542 config.transaction_kv_store_read_config.cache_size,
2543 metrics.clone(),
2544 )?;
2545 info!("using local key-value store with fallback to http key-value store");
2546 Ok(Arc::new(FallbackTransactionKVStore::new_kv(
2547 db_store,
2548 http_store,
2549 metrics,
2550 "json_rpc_fallback",
2551 )))
2552}
2553
2554async fn build_json_rpc_router(
2555 state: &Arc<AuthorityState>,
2556 transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2557 config: &NodeConfig,
2558 prometheus_registry: &Registry,
2559) -> Result<axum::Router> {
2560 let traffic_controller = state.traffic_controller.clone();
2561 let mut server = JsonRpcServerBuilder::new(
2562 env!("CARGO_PKG_VERSION"),
2563 prometheus_registry,
2564 traffic_controller,
2565 config.policy_config.clone(),
2566 );
2567
2568 let kv_store = build_kv_store(state, config, prometheus_registry)?;
2569
2570 let metrics = Arc::new(JsonRpcMetrics::new(prometheus_registry));
2571 server.register_module(ReadApi::new(
2572 state.clone(),
2573 kv_store.clone(),
2574 metrics.clone(),
2575 ))?;
2576 server.register_module(CoinReadApi::new(
2577 state.clone(),
2578 kv_store.clone(),
2579 metrics.clone(),
2580 ))?;
2581
2582 if config.run_with_range.is_none() {
2585 server.register_module(TransactionBuilderApi::new(state.clone()))?;
2586 }
2587 server.register_module(GovernanceReadApi::new(state.clone(), metrics.clone()))?;
2588 server.register_module(BridgeReadApi::new(state.clone(), metrics.clone()))?;
2589
2590 if let Some(transaction_orchestrator) = transaction_orchestrator {
2591 server.register_module(TransactionExecutionApi::new(
2592 state.clone(),
2593 transaction_orchestrator.clone(),
2594 metrics.clone(),
2595 ))?;
2596 }
2597
2598 let name_service_config = if let (
2599 Some(package_address),
2600 Some(registry_id),
2601 Some(reverse_registry_id),
2602 ) = (
2603 config.name_service_package_address,
2604 config.name_service_registry_id,
2605 config.name_service_reverse_registry_id,
2606 ) {
2607 sui_name_service::NameServiceConfig::new(package_address, registry_id, reverse_registry_id)
2608 } else {
2609 match state.get_chain_identifier().chain() {
2610 Chain::Mainnet => sui_name_service::NameServiceConfig::mainnet(),
2611 Chain::Testnet => sui_name_service::NameServiceConfig::testnet(),
2612 Chain::Unknown => sui_name_service::NameServiceConfig::default(),
2613 }
2614 };
2615
2616 server.register_module(IndexerApi::new(
2617 state.clone(),
2618 ReadApi::new(state.clone(), kv_store.clone(), metrics.clone()),
2619 kv_store,
2620 name_service_config,
2621 metrics,
2622 config.indexer_max_subscriptions,
2623 ))?;
2624 server.register_module(MoveUtils::new(state.clone()))?;
2625
2626 let server_type = config.jsonrpc_server_type();
2627
2628 Ok(server.to_router(server_type).await?)
2629}
2630
2631fn remove_legacy_rpc_index_store(db_path: &Path) {
2640 let legacy_dir = db_path.join("rpc-index");
2641 match std::fs::remove_dir_all(&legacy_dir) {
2642 Ok(()) => info!(
2643 "removed legacy rpc-index directory {}",
2644 legacy_dir.display()
2645 ),
2646 Err(e) if e.kind() == std::io::ErrorKind::NotFound => {}
2649 Err(e) => warn!(
2650 "failed to remove legacy rpc-index directory {}: {e:?}",
2651 legacy_dir.display()
2652 ),
2653 }
2654}
2655
2656async fn build_http_servers(
2657 state: Arc<AuthorityState>,
2658 store: RocksDbStore,
2659 transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2660 config: &NodeConfig,
2661 prometheus_registry: &Registry,
2662 server_version: ServerVersion,
2663 node_role: NodeRole,
2664 embedded_rpc_store: Option<&EmbeddedRpcStore>,
2665) -> Result<(
2666 HttpServers,
2667 Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
2668)> {
2669 if !node_role.is_fullnode() {
2671 return Ok((HttpServers::default(), None));
2672 }
2673
2674 info!("starting rpc service with config: {:?}", config.rpc);
2675
2676 let mut router = axum::Router::new();
2677
2678 if config.json_rpc_enabled() {
2682 router = router.merge(
2683 build_json_rpc_router(
2684 &state,
2685 transaction_orchestrator,
2686 config,
2687 prometheus_registry,
2688 )
2689 .await?,
2690 );
2691 } else {
2692 info!("json-rpc service is disabled");
2693 }
2694
2695 let indexed_checkpoint = embedded_rpc_store.map(|embedded| embedded.indexed_checkpoint_fn());
2699 let (subscription_service_checkpoint_sender, subscription_service_handle) =
2700 SubscriptionService::build(prometheus_registry, indexed_checkpoint);
2701 let rpc_router = {
2702 let reader: Arc<dyn RpcStateReader> = match embedded_rpc_store {
2706 Some(embedded) => Arc::new(RpcStoreReadStore::new(
2707 state.clone(),
2708 store,
2709 embedded.reader(),
2710 )),
2711 None => Arc::new(RestReadStore::new(state.clone(), store)),
2712 };
2713 let mut rpc_service = sui_rpc_api::RpcService::new(reader);
2714 rpc_service.with_server_version(server_version);
2715
2716 if let Some(config) = config.rpc.clone() {
2717 config.validate()?;
2718 rpc_service.with_config(config);
2719 }
2720
2721 rpc_service.with_metrics(RpcMetrics::new(prometheus_registry));
2722 rpc_service.with_subscription_service(subscription_service_handle);
2723
2724 if let Some(transaction_orchestrator) = transaction_orchestrator {
2725 rpc_service.with_executor(transaction_orchestrator.clone())
2726 }
2727
2728 rpc_service.into_router().await
2729 };
2730
2731 let layers = ServiceBuilder::new()
2732 .map_request(|mut request: axum::http::Request<_>| {
2733 if let Some(connect_info) = request.extensions().get::<sui_http::ConnectInfo>() {
2734 let axum_connect_info = axum::extract::ConnectInfo(connect_info.remote_addr);
2735 request.extensions_mut().insert(axum_connect_info);
2736 }
2737 request
2738 })
2739 .layer(axum::middleware::from_fn(server_timing_middleware))
2740 .layer(
2742 tower_http::cors::CorsLayer::new()
2743 .allow_methods([http::Method::GET, http::Method::POST])
2744 .allow_origin(tower_http::cors::Any)
2745 .allow_headers(tower_http::cors::Any)
2746 .expose_headers(tower_http::cors::Any),
2747 );
2748
2749 router = router.merge(rpc_router).layer(layers);
2750
2751 let https = if let Some((tls_config, https_address)) = config
2752 .rpc()
2753 .and_then(|config| config.tls_config().map(|tls| (tls, config.https_address())))
2754 {
2755 let https = sui_http::Builder::new()
2756 .tls_single_cert(tls_config.cert(), tls_config.key())
2757 .and_then(|builder| builder.serve(https_address, router.clone()))
2758 .map_err(|e| anyhow::anyhow!(e))?;
2759
2760 info!(
2761 https_address =? https.local_addr(),
2762 "HTTPS rpc server listening on {}",
2763 https.local_addr()
2764 );
2765
2766 Some(https)
2767 } else {
2768 None
2769 };
2770
2771 let http = sui_http::Builder::new()
2772 .serve(&config.json_rpc_address, router)
2773 .map_err(|e| anyhow::anyhow!(e))?;
2774
2775 info!(
2776 http_address =? http.local_addr(),
2777 "HTTP rpc server listening on {}",
2778 http.local_addr()
2779 );
2780
2781 Ok((
2782 HttpServers {
2783 http: Some(http),
2784 https,
2785 },
2786 Some(subscription_service_checkpoint_sender),
2787 ))
2788}
2789
2790#[derive(Default)]
2791struct HttpServers {
2792 #[allow(unused)]
2793 http: Option<sui_http::ServerHandle>,
2794 #[allow(unused)]
2795 https: Option<sui_http::ServerHandle>,
2796}
2797
2798#[cfg(test)]
2799mod tests {
2800 use super::*;
2801 use prometheus::Registry;
2802 use std::collections::BTreeMap;
2803 use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
2804 use sui_core::checkpoints::{CheckpointMetrics, CheckpointStore};
2805 use sui_types::digests::{CheckpointDigest, TransactionDigest, TransactionEffectsDigest};
2806
2807 #[test]
2811 fn removes_only_the_legacy_rpc_index_directory() {
2812 let db = tempfile::tempdir().unwrap();
2813 let legacy = db.path().join("rpc-index");
2814 let sibling = db.path().join("indexes");
2815 std::fs::create_dir(&legacy).unwrap();
2816 std::fs::create_dir(&sibling).unwrap();
2817 std::fs::write(legacy.join("CURRENT"), b"stale").unwrap();
2818
2819 remove_legacy_rpc_index_store(db.path());
2820 assert!(
2821 !legacy.exists(),
2822 "legacy rpc-index directory should be gone"
2823 );
2824 assert!(sibling.exists(), "sibling stores must be left untouched");
2825
2826 remove_legacy_rpc_index_store(db.path());
2829 assert!(!legacy.exists());
2830 assert!(sibling.exists());
2831 }
2832
2833 #[tokio::test]
2834 async fn test_fork_error_and_recovery_both_paths() {
2835 let checkpoint_store = CheckpointStore::new_for_tests();
2836 let checkpoint_metrics = CheckpointMetrics::new(&Registry::new());
2837
2838 let seq_num = 42;
2840 let digest = CheckpointDigest::random();
2841 checkpoint_store
2842 .record_checkpoint_fork_detected(seq_num, digest)
2843 .unwrap();
2844
2845 let fork_recovery = ForkRecoveryConfig {
2846 transaction_overrides: Default::default(),
2847 checkpoint_overrides: Default::default(),
2848 fork_crash_behavior: ForkCrashBehavior::ReturnError,
2849 };
2850
2851 let r = SuiNode::check_and_recover_forks(
2852 &checkpoint_store,
2853 &checkpoint_metrics,
2854 Some(&fork_recovery),
2855 )
2856 .await;
2857 assert!(r.is_err());
2858 assert!(
2859 r.unwrap_err()
2860 .to_string()
2861 .contains("Checkpoint fork detected")
2862 );
2863
2864 let mut checkpoint_overrides = BTreeMap::new();
2865 checkpoint_overrides.insert(seq_num, digest.to_string());
2866 let fork_recovery_with_override = ForkRecoveryConfig {
2867 transaction_overrides: Default::default(),
2868 checkpoint_overrides,
2869 fork_crash_behavior: ForkCrashBehavior::ReturnError,
2870 };
2871 let r = SuiNode::check_and_recover_forks(
2872 &checkpoint_store,
2873 &checkpoint_metrics,
2874 Some(&fork_recovery_with_override),
2875 )
2876 .await;
2877 assert!(r.is_ok());
2878 assert!(
2879 checkpoint_store
2880 .get_checkpoint_fork_detected()
2881 .unwrap()
2882 .is_none()
2883 );
2884
2885 let tx_digest = TransactionDigest::random();
2887 let expected_effects = TransactionEffectsDigest::random();
2888 let actual_effects = TransactionEffectsDigest::random();
2889 checkpoint_store
2890 .record_transaction_fork_detected(tx_digest, expected_effects, actual_effects)
2891 .unwrap();
2892
2893 let fork_recovery = ForkRecoveryConfig {
2894 transaction_overrides: Default::default(),
2895 checkpoint_overrides: Default::default(),
2896 fork_crash_behavior: ForkCrashBehavior::ReturnError,
2897 };
2898 let r = SuiNode::check_and_recover_forks(
2899 &checkpoint_store,
2900 &checkpoint_metrics,
2901 Some(&fork_recovery),
2902 )
2903 .await;
2904 assert!(r.is_err());
2905 assert!(
2906 r.unwrap_err()
2907 .to_string()
2908 .contains("Transaction fork detected")
2909 );
2910
2911 let mut transaction_overrides = BTreeMap::new();
2912 transaction_overrides.insert(tx_digest.to_string(), actual_effects.to_string());
2913 let fork_recovery_with_override = ForkRecoveryConfig {
2914 transaction_overrides,
2915 checkpoint_overrides: Default::default(),
2916 fork_crash_behavior: ForkCrashBehavior::ReturnError,
2917 };
2918 let r = SuiNode::check_and_recover_forks(
2919 &checkpoint_store,
2920 &checkpoint_metrics,
2921 Some(&fork_recovery_with_override),
2922 )
2923 .await;
2924 assert!(r.is_ok());
2925 assert!(
2926 checkpoint_store
2927 .get_transaction_fork_detected()
2928 .unwrap()
2929 .is_none()
2930 );
2931 }
2932}