1use anemo::Network;
5use anemo::PeerId;
6use anemo_tower::callback::CallbackLayer;
7use anemo_tower::trace::DefaultMakeSpan;
8use anemo_tower::trace::DefaultOnFailure;
9use anemo_tower::trace::TraceLayer;
10use anyhow::Context;
11use anyhow::Result;
12use anyhow::anyhow;
13use arc_swap::ArcSwap;
14use fastcrypto_zkp::bn254::zk_login::JwkId;
15use fastcrypto_zkp::bn254::zk_login::OIDCProvider;
16use futures::future::BoxFuture;
17use mysten_common::in_test_configuration;
18use prometheus::Registry;
19use std::collections::{BTreeSet, HashMap, HashSet};
20use std::fmt;
21use std::future::Future;
22use std::path::Path;
23use std::path::PathBuf;
24use std::str::FromStr;
25#[cfg(msim)]
26use std::sync::atomic::Ordering;
27use std::sync::{Arc, Weak};
28use std::time::Duration;
29use sui_core::admission_queue::{
30 AdmissionQueueContext, AdmissionQueueManager, AdmissionQueueMetrics,
31};
32use sui_core::authority::ExecutionEnv;
33use sui_core::authority::authority_store_tables::AuthorityPerpetualTablesOptions;
34use sui_core::authority::backpressure::BackpressureManager;
35use sui_core::authority::epoch_start_configuration::EpochFlag;
36use sui_core::authority::execution_time_estimator::ExecutionTimeObserver;
37use sui_core::consensus_adapter::ConsensusClient;
38use sui_core::consensus_manager::UpdatableConsensusClient;
39use sui_core::epoch::randomness::RandomnessManager;
40use sui_core::execution_cache::build_execution_cache;
41use sui_core::randomness_round_receiver::{RandomnessRoundReceiver, RandomnessRoundReceiverHandle};
42use sui_network::endpoint_manager::{AddressSource, EndpointId};
43use sui_network::validator::server::SUI_TLS_SERVER_NAME;
44use sui_types::full_checkpoint_content::Checkpoint;
45use sui_types::node_role::NodeRole;
46
47use sui_core::global_state_hasher::GlobalStateHashMetrics;
48use sui_core::storage::RestReadStore;
49use sui_json_rpc::bridge_api::BridgeReadApi;
50use sui_json_rpc_api::JsonRpcMetrics;
51use sui_network::randomness;
52use sui_rpc_api::RpcMetrics;
53use sui_rpc_api::ServerVersion;
54use sui_rpc_api::subscription::SubscriptionService;
55use sui_types::base_types::ConciseableName;
56use sui_types::crypto::RandomnessRound;
57use sui_types::digests::{
58 ChainIdentifier, CheckpointDigest, TransactionDigest, TransactionEffectsDigest,
59};
60use sui_types::messages_consensus::AuthorityCapabilitiesV2;
61use sui_types::sui_system_state::SuiSystemState;
62use tap::tap::TapFallible;
63use tokio::sync::oneshot;
64use tokio::sync::{Mutex, broadcast, mpsc};
65use tokio::task::JoinHandle;
66use tower::ServiceBuilder;
67use tracing::{Instrument, error_span, info};
68use tracing::{debug, error, warn};
69
70macro_rules! jwk_log {
74 ($($arg:tt)+) => {
75 if in_test_configuration() {
76 debug!($($arg)+);
77 } else {
78 info!($($arg)+);
79 }
80 };
81}
82
83use fastcrypto_zkp::bn254::zk_login::JWK;
84pub use handle::SuiNodeHandle;
85use mysten_metrics::{RegistryService, spawn_monitored_task};
86use mysten_service::server_timing::server_timing_middleware;
87use sui_config::node::{DBCheckpointConfig, RunWithRange};
88use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
89use sui_config::node_config_metrics::NodeConfigMetrics;
90use sui_config::{ConsensusConfig, NodeConfig};
91use sui_core::authority::authority_per_epoch_store::AuthorityPerEpochStore;
92use sui_core::authority::authority_store_tables::AuthorityPerpetualTables;
93use sui_core::authority::epoch_start_configuration::EpochStartConfigTrait;
94use sui_core::authority::epoch_start_configuration::EpochStartConfiguration;
95use sui_core::authority::submitted_transaction_cache::SubmittedTransactionCacheMetrics;
96use sui_core::authority_aggregator::AuthorityAggregator;
97use sui_core::authority_server::{ValidatorService, ValidatorServiceMetrics};
98use sui_core::checkpoints::checkpoint_executor::metrics::CheckpointExecutorMetrics;
99use sui_core::checkpoints::checkpoint_executor::{CheckpointExecutor, StopReason};
100use sui_core::checkpoints::{
101 CheckpointMetrics, CheckpointOutput, CheckpointService, CheckpointStore, LogCheckpointOutput,
102 SendCheckpointToStateSync, SubmitCheckpointToConsensus,
103};
104use sui_core::consensus_adapter::{ConsensusAdapter, ConsensusAdapterMetrics};
105use sui_core::consensus_manager::ConsensusManager;
106use sui_core::consensus_throughput_calculator::ConsensusThroughputCalculator;
107use sui_core::consensus_validator::{SuiTxValidator, SuiTxValidatorMetrics};
108use sui_core::db_checkpoint_handler::DBCheckpointHandler;
109use sui_core::epoch::committee_store::CommitteeStore;
110use sui_core::epoch::consensus_store_pruner::ConsensusStorePruner;
111use sui_core::epoch::epoch_metrics::EpochMetrics;
112use sui_core::epoch::reconfiguration::ReconfigurationInitiator;
113use sui_core::global_state_hasher::GlobalStateHasher;
114use sui_core::jsonrpc_index::IndexStore;
115use sui_core::module_cache_metrics::ResolverMetrics;
116use sui_core::overload_monitor::overload_monitor;
117use sui_core::rpc_store_embed::EmbeddedRpcStore;
118use sui_core::signature_verifier::SignatureVerifierMetrics;
119use sui_core::storage::RocksDbStore;
120use sui_core::storage::RpcStoreReadStore;
121use sui_core::transaction_orchestrator::TransactionOrchestrator;
122use sui_core::{
123 authority::{AuthorityState, AuthorityStore},
124 authority_client::NetworkAuthorityClient,
125};
126use sui_json_rpc::JsonRpcServerBuilder;
127use sui_json_rpc::coin_api::CoinReadApi;
128use sui_json_rpc::governance_api::GovernanceReadApi;
129use sui_json_rpc::indexer_api::IndexerApi;
130use sui_json_rpc::move_utils::MoveUtils;
131use sui_json_rpc::read_api::ReadApi;
132use sui_json_rpc::transaction_builder_api::TransactionBuilderApi;
133use sui_json_rpc::transaction_execution_api::TransactionExecutionApi;
134use sui_macros::fail_point;
135use sui_macros::{fail_point_async, replay_log};
136use sui_network::api::ValidatorServer;
137use sui_network::discovery;
138use sui_network::endpoint_manager::EndpointManager;
139use sui_network::state_sync;
140use sui_network::validator::server::ServerBuilder;
141use sui_protocol_config::{Chain, ProtocolConfig, ProtocolVersion};
142use sui_snapshot::uploader::StateSnapshotUploader;
143use sui_storage::{
144 http_key_value_store::HttpKVStore,
145 key_value_store::{FallbackTransactionKVStore, TransactionKeyValueStore},
146 key_value_store_metrics::KeyValueStoreMetrics,
147};
148use sui_types::base_types::{AuthorityName, EpochId};
149use sui_types::committee::Committee;
150use sui_types::crypto::KeypairTraits;
151use sui_types::error::{SuiError, SuiResult};
152use sui_types::messages_consensus::{ConsensusTransaction, check_total_jwk_size};
153use sui_types::storage::RpcStateReader;
154use sui_types::sui_system_state::SuiSystemStateTrait;
155use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemState;
156use sui_types::sui_system_state::epoch_start_sui_system_state::EpochStartSystemStateTrait;
157use sui_types::supported_protocol_versions::SupportedProtocolVersions;
158use typed_store::DBMetrics;
159use typed_store::rocks::default_db_options;
160
161use crate::metrics::{GrpcMetrics, SuiNodeMetrics};
162
163pub mod address_prober;
164pub mod admin;
165pub mod db_shell;
166mod handle;
167pub mod metrics;
168
169pub struct ValidatorComponents {
170 validator_server_handle: Option<SpawnOnce>,
171 validator_overload_monitor_handle: Option<JoinHandle<()>>,
172 consensus_manager: Arc<ConsensusManager>,
173 consensus_store_pruner: ConsensusStorePruner,
174 consensus_adapter: Arc<ConsensusAdapter>,
175 checkpoint_metrics: Arc<CheckpointMetrics>,
176 sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
177 admission_queue: Option<AdmissionQueueContext>,
178}
179
180pub struct P2pComponents {
181 p2p_network: Network,
182 known_peers: HashMap<PeerId, String>,
183 discovery_handle: discovery::Handle,
184 state_sync_handle: state_sync::Handle,
185 randomness_handle: randomness::Handle,
186 endpoint_manager: EndpointManager,
187}
188
189#[cfg(msim)]
190mod simulator {
191 use std::sync::atomic::AtomicBool;
192 use sui_types::error::SuiErrorKind;
193
194 use super::*;
195 pub(super) struct SimState {
196 pub sim_node: sui_simulator::runtime::NodeHandle,
197 pub sim_safe_mode_expected: AtomicBool,
198 _leak_detector: sui_simulator::NodeLeakDetector,
199 }
200
201 impl Default for SimState {
202 fn default() -> Self {
203 Self {
204 sim_node: sui_simulator::runtime::NodeHandle::current(),
205 sim_safe_mode_expected: AtomicBool::new(false),
206 _leak_detector: sui_simulator::NodeLeakDetector::new(),
207 }
208 }
209 }
210
211 type JwkInjector = dyn Fn(AuthorityName, &OIDCProvider) -> SuiResult<Vec<(JwkId, JWK)>>
212 + Send
213 + Sync
214 + 'static;
215
216 fn default_fetch_jwks(
217 _authority: AuthorityName,
218 _provider: &OIDCProvider,
219 ) -> SuiResult<Vec<(JwkId, JWK)>> {
220 use fastcrypto_zkp::bn254::zk_login::parse_jwks;
221 parse_jwks(
223 sui_types::zk_login_util::DEFAULT_JWK_BYTES,
224 &OIDCProvider::Twitch,
225 true,
226 )
227 .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
228 }
229
230 thread_local! {
231 static JWK_INJECTOR: std::cell::RefCell<Arc<JwkInjector>> = std::cell::RefCell::new(Arc::new(default_fetch_jwks));
232 }
233
234 pub(super) fn get_jwk_injector() -> Arc<JwkInjector> {
235 JWK_INJECTOR.with(|injector| injector.borrow().clone())
236 }
237
238 pub fn set_jwk_injector(injector: Arc<JwkInjector>) {
239 JWK_INJECTOR.with(|cell| *cell.borrow_mut() = injector);
240 }
241}
242
243#[cfg(msim)]
244pub use simulator::set_jwk_injector;
245#[cfg(msim)]
246use simulator::*;
247use sui_core::authority::authority_store_pruner::PrunerWatermarks;
248use sui_core::{
249 consensus_handler::ConsensusHandlerInitializer, safe_client::SafeClientMetricsBase,
250};
251
252const DEFAULT_GRPC_CONNECT_TIMEOUT: Duration = Duration::from_secs(60);
253
254pub struct SuiNode {
255 config: NodeConfig,
256 validator_components: Mutex<Option<ValidatorComponents>>,
257
258 #[allow(unused)]
260 http_servers: HttpServers,
261
262 state: Arc<AuthorityState>,
263 transaction_orchestrator: Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
264 registry_service: RegistryService,
265 metrics: Arc<SuiNodeMetrics>,
266 checkpoint_metrics: Arc<CheckpointMetrics>,
267
268 _discovery: discovery::Handle,
269 _connection_monitor_handle: mysten_network::anemo_connection_monitor::ConnectionMonitorHandle,
270 state_sync_handle: state_sync::Handle,
271 randomness_handle: randomness::Handle,
272 checkpoint_store: Arc<CheckpointStore>,
273 global_state_hasher: Mutex<Option<Arc<GlobalStateHasher>>>,
274
275 end_of_epoch_channel: broadcast::Sender<SuiSystemState>,
277
278 endpoint_manager: EndpointManager,
280
281 address_prober: Option<address_prober::Handle>,
283
284 backpressure_manager: Arc<BackpressureManager>,
285
286 _db_checkpoint_handle: Option<tokio::sync::broadcast::Sender<()>>,
287
288 #[cfg(msim)]
289 sim_state: SimState,
290
291 _state_snapshot_uploader_handle: Option<broadcast::Sender<()>>,
292 shutdown_channel_tx: broadcast::Sender<Option<RunWithRange>>,
294
295 randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
297
298 auth_agg: Arc<ArcSwap<AuthorityAggregator<NetworkAuthorityClient>>>,
303
304 subscription_service_checkpoint_sender: Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
305
306 embedded_rpc_store: Option<EmbeddedRpcStore>,
311}
312
313impl fmt::Debug for SuiNode {
314 fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
315 f.debug_struct("SuiNode")
316 .field("name", &self.state.name.concise())
317 .finish()
318 }
319}
320
321static MAX_JWK_KEYS_PER_FETCH: usize = 100;
322
323impl SuiNode {
324 pub async fn start(
325 config: NodeConfig,
326 registry_service: RegistryService,
327 ) -> Result<Arc<SuiNode>> {
328 Self::start_async(
329 config,
330 registry_service,
331 ServerVersion::new("sui-node", "unknown"),
332 )
333 .await
334 }
335
336 fn start_jwk_updater(
337 config: &NodeConfig,
338 metrics: Arc<SuiNodeMetrics>,
339 authority: AuthorityName,
340 epoch_store: Arc<AuthorityPerEpochStore>,
341 consensus_adapter: Arc<ConsensusAdapter>,
342 ) {
343 let epoch = epoch_store.epoch();
344
345 let supported_providers = config
346 .zklogin_oauth_providers
347 .get(&epoch_store.get_chain_identifier().chain())
348 .unwrap_or(&BTreeSet::new())
349 .iter()
350 .map(|s| OIDCProvider::from_str(s).expect("Invalid provider string"))
351 .collect::<Vec<_>>();
352
353 let fetch_interval = Duration::from_secs(config.jwk_fetch_interval_seconds);
354
355 info!(
356 ?fetch_interval,
357 "Starting JWK updater tasks with supported providers: {:?}", supported_providers
358 );
359
360 fn validate_jwk(
361 metrics: &Arc<SuiNodeMetrics>,
362 provider: &OIDCProvider,
363 id: &JwkId,
364 jwk: &JWK,
365 ) -> bool {
366 let Ok(iss_provider) = OIDCProvider::from_iss(&id.iss) else {
367 warn!(
368 "JWK iss {:?} (retrieved from {:?}) is not a valid provider",
369 id.iss, provider
370 );
371 metrics
372 .invalid_jwks
373 .with_label_values(&[&provider.to_string()])
374 .inc();
375 return false;
376 };
377
378 if iss_provider != *provider {
379 warn!(
380 "JWK iss {:?} (retrieved from {:?}) does not match provider {:?}",
381 id.iss, provider, iss_provider
382 );
383 metrics
384 .invalid_jwks
385 .with_label_values(&[&provider.to_string()])
386 .inc();
387 return false;
388 }
389
390 if !check_total_jwk_size(id, jwk) {
391 warn!("JWK {:?} (retrieved from {:?}) is too large", id, provider);
392 metrics
393 .invalid_jwks
394 .with_label_values(&[&provider.to_string()])
395 .inc();
396 return false;
397 }
398
399 true
400 }
401
402 for p in supported_providers.into_iter() {
411 let provider_str = p.to_string();
412 let epoch_store = epoch_store.clone();
413 let consensus_adapter = consensus_adapter.clone();
414 let metrics = metrics.clone();
415 spawn_monitored_task!(epoch_store.clone().within_alive_epoch(
416 async move {
417 let mut seen = HashSet::new();
420 loop {
421 jwk_log!("fetching JWK for provider {:?}", p);
422 metrics.jwk_requests.with_label_values(&[&provider_str]).inc();
423 match Self::fetch_jwks(authority, &p).await {
424 Err(e) => {
425 metrics.jwk_request_errors.with_label_values(&[&provider_str]).inc();
426 warn!("Error when fetching JWK for provider {:?} {:?}", p, e);
427 tokio::time::sleep(Duration::from_secs(30)).await;
429 continue;
430 }
431 Ok(mut keys) => {
432 metrics.total_jwks
433 .with_label_values(&[&provider_str])
434 .inc_by(keys.len() as u64);
435
436 keys.retain(|(id, jwk)| {
437 validate_jwk(&metrics, &p, id, jwk) &&
438 !epoch_store.jwk_active_in_current_epoch(id, jwk) &&
439 seen.insert((id.clone(), jwk.clone()))
440 });
441
442 metrics.unique_jwks
443 .with_label_values(&[&provider_str])
444 .inc_by(keys.len() as u64);
445
446 if keys.len() > MAX_JWK_KEYS_PER_FETCH {
449 warn!("Provider {:?} sent too many JWKs, only the first {} will be used", p, MAX_JWK_KEYS_PER_FETCH);
450 keys.truncate(MAX_JWK_KEYS_PER_FETCH);
451 }
452
453 for (id, jwk) in keys.into_iter() {
454 jwk_log!("Submitting JWK to consensus: {:?}", id);
455
456 let txn = ConsensusTransaction::new_jwk_fetched(authority, id, jwk);
457 consensus_adapter.submit(txn, None, &epoch_store, None, None)
458 .tap_err(|e| warn!("Error when submitting JWKs to consensus {:?}", e))
459 .ok();
460 }
461 }
462 }
463 tokio::time::sleep(fetch_interval).await;
464 }
465 }
466 .instrument(error_span!("jwk_updater_task", epoch)),
467 ));
468 }
469 }
470
471 pub async fn start_async(
472 config: NodeConfig,
473 registry_service: RegistryService,
474 server_version: ServerVersion,
475 ) -> Result<Arc<SuiNode>> {
476 if let Some(prober_config) = &config.address_prober {
478 prober_config.validate()?;
479 }
480
481 NodeConfigMetrics::new(®istry_service.default_registry()).record_metrics(&config);
482 let mut config = config.clone();
483 if config.supported_protocol_versions.is_none() {
484 info!(
485 "populating config.supported_protocol_versions with default {:?}",
486 SupportedProtocolVersions::SYSTEM_DEFAULT
487 );
488 config.supported_protocol_versions = Some(SupportedProtocolVersions::SYSTEM_DEFAULT);
489 }
490
491 let run_with_range = config.run_with_range;
492 let prometheus_registry = registry_service.default_registry();
493 let node_role = config.intended_node_role();
494
495 info!(node =? config.protocol_public_key(),
496 "Initializing sui-node listening on {} with role {:?}", config.network_address, node_role
497 );
498
499 DBMetrics::init(registry_service.clone());
501
502 typed_store::init_write_sync(config.enable_db_sync_to_disk);
504
505 mysten_metrics::init_metrics(&prometheus_registry);
507 #[cfg(not(msim))]
509 mysten_metrics::thread_stall_monitor::start_thread_stall_monitor();
510
511 let genesis = config.genesis()?.clone();
512
513 let secret = Arc::pin(config.protocol_key_pair().copy());
514 let genesis_committee = genesis.committee();
515 let committee_store = Arc::new(CommitteeStore::new(
516 config.db_path().join("epochs"),
517 &genesis_committee,
518 None,
519 ));
520
521 let pruner_watermarks = Arc::new(PrunerWatermarks::default());
522 let checkpoint_store = CheckpointStore::new(
523 &config.db_path().join("checkpoints"),
524 pruner_watermarks.clone(),
525 );
526 let checkpoint_metrics = CheckpointMetrics::new(®istry_service.default_registry());
527
528 if node_role.runs_consensus() {
529 Self::check_and_recover_forks(
530 &checkpoint_store,
531 &checkpoint_metrics,
532 config.fork_recovery.as_ref(),
533 )
534 .await?;
535 }
536
537 let enable_write_stall = config
539 .enable_db_write_stall
540 .unwrap_or(node_role.runs_consensus());
541 let enable_objects_compactor = node_role.is_validator()
548 || config.authority_store_pruning_config.num_epochs_to_retain == 0;
549 let perpetual_tables_options = AuthorityPerpetualTablesOptions {
550 enable_write_stall,
551 enable_objects_compactor,
552 };
553 let perpetual_tables = Arc::new(AuthorityPerpetualTables::open(
554 &config.db_store_path(),
555 Some(perpetual_tables_options),
556 Some(pruner_watermarks.epoch_id.clone()),
557 ));
558 let is_genesis = perpetual_tables
559 .database_is_empty()
560 .expect("Database read should not fail at init.");
561
562 let backpressure_manager =
563 BackpressureManager::new_from_checkpoint_store(&checkpoint_store);
564
565 let store =
566 AuthorityStore::open(perpetual_tables, &genesis, &config, &prometheus_registry).await?;
567
568 let cur_epoch = store.get_recovery_epoch_at_restart()?;
569 let committee = committee_store
570 .get_committee(&cur_epoch)?
571 .expect("Committee of the current epoch must exist");
572 let epoch_start_configuration = store
573 .get_epoch_start_configuration()?
574 .expect("EpochStartConfiguration of the current epoch must exist");
575 let cache_metrics = Arc::new(ResolverMetrics::new(&prometheus_registry));
576 let signature_verifier_metrics = SignatureVerifierMetrics::new(&prometheus_registry);
577
578 let cache_traits = build_execution_cache(
579 &config.execution_cache,
580 &prometheus_registry,
581 &store,
582 backpressure_manager.clone(),
583 );
584
585 let auth_agg = {
586 let safe_client_metrics_base = SafeClientMetricsBase::new(&prometheus_registry);
587 Arc::new(ArcSwap::new(Arc::new(
588 AuthorityAggregator::new_from_epoch_start_state(
589 epoch_start_configuration.epoch_start_state(),
590 &committee_store,
591 safe_client_metrics_base,
592 ),
593 )))
594 };
595
596 let chain_id = ChainIdentifier::from(*genesis.checkpoint().digest());
597 let chain = match config.chain_override_for_testing {
598 Some(chain) => chain,
599 None => ChainIdentifier::from(*genesis.checkpoint().digest()).chain(),
600 };
601
602 let highest_executed_checkpoint = checkpoint_store
603 .get_highest_executed_checkpoint_seq_number()
604 .expect("checkpoint store read cannot fail")
605 .unwrap_or(0);
606
607 let previous_epoch_last_checkpoint = if cur_epoch == 0 {
608 0
609 } else {
610 checkpoint_store
611 .get_epoch_last_checkpoint_seq_number(cur_epoch - 1)
612 .expect("checkpoint store read cannot fail")
613 .unwrap_or(highest_executed_checkpoint)
614 };
615
616 let epoch_options = default_db_options().optimize_db_for_write_throughput(4, false);
617 let epoch_store = AuthorityPerEpochStore::new(
618 config.protocol_public_key(),
619 committee.clone(),
620 &config.db_store_path(),
621 Some(epoch_options.options),
622 EpochMetrics::new(®istry_service.default_registry()),
623 epoch_start_configuration,
624 cache_traits.backing_package_store.clone(),
625 cache_traits.object_store.clone(),
626 cache_metrics,
627 signature_verifier_metrics,
628 &config.expensive_safety_check_config,
629 (chain_id, chain),
630 highest_executed_checkpoint,
631 previous_epoch_last_checkpoint,
632 Arc::new(SubmittedTransactionCacheMetrics::new(
633 ®istry_service.default_registry(),
634 )),
635 config.fullnode_sync_mode,
636 )?;
637
638 info!("created epoch store");
639
640 replay_log!(
641 "Beginning replay run. Epoch: {:?}, Protocol config: {:?}",
642 epoch_store.epoch(),
643 epoch_store.protocol_config()
644 );
645
646 if is_genesis {
648 info!("checking SUI conservation at genesis");
649 cache_traits
654 .reconfig_api
655 .expensive_check_sui_conservation(&epoch_store)
656 .expect("SUI conservation check cannot fail at genesis");
657 }
658
659 let effective_buffer_stake = epoch_store.get_effective_buffer_stake_bps();
660 let default_buffer_stake = epoch_store
661 .protocol_config()
662 .buffer_stake_for_protocol_upgrade_bps();
663 if effective_buffer_stake != default_buffer_stake {
664 warn!(
665 ?effective_buffer_stake,
666 ?default_buffer_stake,
667 "buffer_stake_for_protocol_upgrade_bps is currently overridden"
668 );
669 }
670
671 checkpoint_store.insert_genesis_checkpoint(
672 genesis.checkpoint(),
673 genesis.checkpoint_contents().clone(),
674 &epoch_store,
675 );
676
677 info!("creating state sync store");
678 let state_sync_store = RocksDbStore::new(
679 cache_traits.clone(),
680 committee_store.clone(),
681 checkpoint_store.clone(),
682 );
683
684 let index_store = if node_role.is_fullnode() && config.enable_index_processing {
685 info!("creating jsonrpc index store");
686 Some(Arc::new(IndexStore::new(
687 config.db_path().join("indexes"),
688 &prometheus_registry,
689 epoch_store
690 .protocol_config()
691 .max_move_identifier_len_as_option(),
692 config.remove_deprecated_tables,
693 )))
694 } else {
695 None
696 };
697
698 let chain_identifier = epoch_store.get_chain_identifier();
699
700 let mut embedded_rpc_store =
706 if node_role.is_fullnode() && config.rpc().is_some_and(|rpc| rpc.enable_indexing()) {
707 info!("creating embedded rpc-store");
708 remove_legacy_rpc_index_store(&config.db_path());
712 let ingestion_source = RocksDbStore::new(
715 cache_traits.clone(),
716 committee_store.clone(),
717 checkpoint_store.clone(),
718 );
719 let embedded_rpc_store = EmbeddedRpcStore::bootstrap(
720 &config,
721 &store,
722 &checkpoint_store,
723 ingestion_source,
724 chain_identifier,
725 &prometheus_registry,
726 )
727 .await?;
728 Some(embedded_rpc_store)
729 } else {
730 None
731 };
732
733 info!("creating archive reader");
734 let (randomness_tx, randomness_rx) = mpsc::channel(
736 config
737 .p2p_config
738 .randomness
739 .clone()
740 .unwrap_or_default()
741 .mailbox_capacity(),
742 );
743 let P2pComponents {
744 p2p_network,
745 known_peers,
746 discovery_handle,
747 state_sync_handle,
748 randomness_handle,
749 endpoint_manager,
750 } = Self::create_p2p_network(
751 &config,
752 state_sync_store.clone(),
753 chain_identifier,
754 randomness_tx,
755 &prometheus_registry,
756 )?;
757
758 for peer in &config.p2p_config.peer_address_overrides {
760 endpoint_manager
761 .update_endpoint(
762 EndpointId::P2p(peer.peer_id),
763 AddressSource::Config,
764 peer.addresses.clone(),
765 )
766 .expect("Updating peer address overrides should not fail");
767 }
768
769 update_peer_addresses(
771 &config,
772 &endpoint_manager,
773 epoch_store.epoch_start_state(),
774 None,
775 );
776
777 info!("start snapshot upload");
778 let state_snapshot_handle = Self::start_state_snapshot(
780 &config,
781 &prometheus_registry,
782 checkpoint_store.clone(),
783 chain_identifier,
784 )?;
785
786 info!("start db checkpoint");
788 let (db_checkpoint_config, db_checkpoint_handle) = Self::start_db_checkpoint(
789 &config,
790 &prometheus_registry,
791 state_snapshot_handle.is_some(),
792 )?;
793
794 if !epoch_store
795 .protocol_config()
796 .simplified_unwrap_then_delete()
797 {
798 config
800 .authority_store_pruning_config
801 .set_killswitch_tombstone_pruning(true);
802 }
803
804 let authority_name = config.protocol_public_key();
805
806 info!("create authority state");
807 let state = AuthorityState::new(
808 authority_name,
809 secret,
810 config.supported_protocol_versions.unwrap(),
811 store.clone(),
812 cache_traits.clone(),
813 epoch_store.clone(),
814 committee_store.clone(),
815 index_store.clone(),
816 embedded_rpc_store.as_ref().map(|embedded| embedded.store()),
817 checkpoint_store.clone(),
818 &prometheus_registry,
819 genesis.objects(),
820 &db_checkpoint_config,
821 config.clone(),
822 chain_identifier,
823 config.policy_config.clone(),
824 config.firewall_config.clone(),
825 pruner_watermarks,
826 )
827 .await;
828 if epoch_store.epoch() == 0 {
830 let txn = &genesis.transaction();
831 let span = error_span!("genesis_txn", tx_digest = ?txn.digest());
832 let transaction =
833 sui_types::executable_transaction::VerifiedExecutableTransaction::new_unchecked(
834 sui_types::executable_transaction::ExecutableTransaction::new_from_data_and_sig(
835 genesis.transaction().data().clone(),
836 sui_types::executable_transaction::CertificateProof::Checkpoint(0, 0),
837 ),
838 );
839 let _enter = span.enter();
840 state
841 .try_execute_immediately(&transaction, ExecutionEnv::new(), &epoch_store)
842 .unwrap();
843 }
844
845 let randomness_receiver_handle =
848 RandomnessRoundReceiver::spawn(state.clone(), randomness_rx);
849
850 let (end_of_epoch_channel, end_of_epoch_receiver) =
851 broadcast::channel(config.end_of_epoch_broadcast_channel_capacity);
852
853 let transaction_orchestrator = if node_role.is_fullnode() && run_with_range.is_none() {
854 Some(Arc::new(TransactionOrchestrator::new_with_auth_aggregator(
855 auth_agg.load_full(),
856 state.clone(),
857 end_of_epoch_receiver,
858 &config.db_path(),
859 &prometheus_registry,
860 &config,
861 )))
862 } else {
863 None
864 };
865
866 let (http_servers, subscription_service_checkpoint_sender) = build_http_servers(
867 state.clone(),
868 state_sync_store,
869 &transaction_orchestrator.clone(),
870 &config,
871 &prometheus_registry,
872 server_version,
873 node_role,
874 embedded_rpc_store.as_ref(),
875 )
876 .await?;
877
878 if let Some(embedded) = embedded_rpc_store.as_mut() {
885 embedded.spawn_indexer(
886 subscription_service_checkpoint_sender.clone(),
887 prometheus_registry.clone(),
888 );
889 }
890
891 let global_state_hasher = Arc::new(GlobalStateHasher::new(
892 cache_traits.global_state_hash_store.clone(),
893 GlobalStateHashMetrics::new(&prometheus_registry),
894 ));
895
896 let network_connection_metrics = mysten_network::quinn_metrics::QuinnConnectionMetrics::new(
897 "sui",
898 ®istry_service.default_registry(),
899 );
900
901 let connection_monitor_handle =
902 mysten_network::anemo_connection_monitor::AnemoConnectionMonitor::spawn(
903 p2p_network.downgrade(),
904 Arc::new(network_connection_metrics),
905 known_peers,
906 );
907
908 let sui_node_metrics = Arc::new(SuiNodeMetrics::new(®istry_service.default_registry()));
909
910 sui_node_metrics
911 .binary_max_protocol_version
912 .set(ProtocolVersion::MAX.as_u64() as i64);
913 sui_node_metrics
914 .configured_max_protocol_version
915 .set(config.supported_protocol_versions.unwrap().max.as_u64() as i64);
916
917 let node_role = epoch_store.node_role();
918 let validator_components = if node_role.runs_consensus() {
919 let mut components = Self::construct_validator_components(
920 config.clone(),
921 state.clone(),
922 committee,
923 epoch_store.clone(),
924 checkpoint_store.clone(),
925 state_sync_handle.clone(),
926 randomness_handle.clone(),
927 Arc::downgrade(&global_state_hasher),
928 backpressure_manager.clone(),
929 ®istry_service,
930 sui_node_metrics.clone(),
931 checkpoint_metrics.clone(),
932 node_role,
933 randomness_receiver_handle.clone(),
934 )
935 .await?;
936
937 if node_role.is_validator() {
938 components
939 .consensus_adapter
940 .recover_end_of_publish(&epoch_store);
941
942 components.validator_server_handle = Some(
944 components
945 .validator_server_handle
946 .take()
947 .unwrap()
948 .start()
949 .await,
950 );
951
952 endpoint_manager
954 .set_consensus_address_updater(components.consensus_manager.clone());
955 } else {
956 info!("Starting node as Observer — connecting to configured peers");
957 }
958
959 Some(components)
960 } else {
961 None
962 };
963
964 let address_prober = if Self::address_prober_enabled(&config) {
965 let handle = address_prober::Builder::new()
966 .config(config.address_prober.clone().unwrap_or_default())
967 .with_metrics(&prometheus_registry)
968 .build()
969 .start(
970 p2p_network.clone(),
971 discovery_handle.sender(),
972 consensus_config::NetworkKeyPair::new(config.network_key_pair().copy()),
973 );
974 if node_role.is_validator()
976 && let Some(components) = &validator_components
977 {
978 handle.update_epoch(
979 epoch_store.epoch(),
980 epoch_store.epoch_start_state().get_consensus_committee(),
981 components.consensus_manager.clone(),
982 );
983 }
984 Some(handle)
985 } else {
986 None
987 };
988
989 let (shutdown_channel, _) = broadcast::channel::<Option<RunWithRange>>(1);
991
992 let node = Self {
993 config,
994 validator_components: Mutex::new(validator_components),
995 http_servers,
996 state,
997 transaction_orchestrator,
998 registry_service,
999 metrics: sui_node_metrics,
1000 checkpoint_metrics,
1001
1002 _discovery: discovery_handle,
1003 _connection_monitor_handle: connection_monitor_handle,
1004 state_sync_handle,
1005 randomness_handle,
1006 checkpoint_store,
1007 global_state_hasher: Mutex::new(Some(global_state_hasher)),
1008 end_of_epoch_channel,
1009 endpoint_manager,
1010 backpressure_manager,
1011 address_prober,
1012
1013 _db_checkpoint_handle: db_checkpoint_handle,
1014
1015 #[cfg(msim)]
1016 sim_state: Default::default(),
1017
1018 _state_snapshot_uploader_handle: state_snapshot_handle,
1019 shutdown_channel_tx: shutdown_channel,
1020 randomness_receiver_handle,
1021
1022 auth_agg,
1023 subscription_service_checkpoint_sender,
1024 embedded_rpc_store,
1025 };
1026
1027 info!("SuiNode started!");
1028 let node = Arc::new(node);
1029 let node_copy = node.clone();
1030 spawn_monitored_task!(async move {
1031 let result = Self::monitor_reconfiguration(node_copy, epoch_store).await;
1032 if let Err(error) = result {
1033 warn!("Reconfiguration finished with error {:?}", error);
1034 }
1035 });
1036
1037 Ok(node)
1038 }
1039
1040 pub fn subscribe_to_epoch_change(&self) -> broadcast::Receiver<SuiSystemState> {
1041 self.end_of_epoch_channel.subscribe()
1042 }
1043
1044 pub fn subscribe_to_shutdown_channel(&self) -> broadcast::Receiver<Option<RunWithRange>> {
1045 self.shutdown_channel_tx.subscribe()
1046 }
1047
1048 pub fn current_epoch_for_testing(&self) -> EpochId {
1049 self.state.current_epoch_for_testing()
1050 }
1051
1052 pub fn db_checkpoint_path(&self) -> PathBuf {
1053 self.config.db_checkpoint_path()
1054 }
1055
1056 pub async fn close_epoch(&self, epoch_store: &Arc<AuthorityPerEpochStore>) -> SuiResult {
1058 info!("close_epoch (current epoch = {})", epoch_store.epoch());
1059 self.validator_components
1060 .lock()
1061 .await
1062 .as_ref()
1063 .ok_or_else(|| SuiError::from("Node is not a validator"))?
1064 .consensus_adapter
1065 .close_epoch(epoch_store);
1066 Ok(())
1067 }
1068
1069 pub fn clear_override_protocol_upgrade_buffer_stake(&self, epoch: EpochId) -> SuiResult {
1070 self.state
1071 .clear_override_protocol_upgrade_buffer_stake(epoch)
1072 }
1073
1074 pub fn set_override_protocol_upgrade_buffer_stake(
1075 &self,
1076 epoch: EpochId,
1077 buffer_stake_bps: u64,
1078 ) -> SuiResult {
1079 self.state
1080 .set_override_protocol_upgrade_buffer_stake(epoch, buffer_stake_bps)
1081 }
1082
1083 pub async fn close_epoch_for_testing(&self) -> SuiResult {
1086 let epoch_store = self.state.epoch_store_for_testing();
1087 self.close_epoch(&epoch_store).await
1088 }
1089
1090 fn start_state_snapshot(
1091 config: &NodeConfig,
1092 prometheus_registry: &Registry,
1093 checkpoint_store: Arc<CheckpointStore>,
1094 chain_identifier: ChainIdentifier,
1095 ) -> Result<Option<tokio::sync::broadcast::Sender<()>>> {
1096 if let Some(remote_store_config) = &config.state_snapshot_write_config.object_store_config {
1097 let snapshot_uploader = StateSnapshotUploader::new(
1098 &config.db_checkpoint_path(),
1099 &config.snapshot_path(),
1100 remote_store_config.clone(),
1101 60,
1102 prometheus_registry,
1103 checkpoint_store,
1104 chain_identifier,
1105 config.state_snapshot_write_config.archive_interval_epochs,
1106 )?;
1107 Ok(Some(snapshot_uploader.start()))
1108 } else {
1109 Ok(None)
1110 }
1111 }
1112
1113 fn start_db_checkpoint(
1114 config: &NodeConfig,
1115 prometheus_registry: &Registry,
1116 state_snapshot_enabled: bool,
1117 ) -> Result<(
1118 DBCheckpointConfig,
1119 Option<tokio::sync::broadcast::Sender<()>>,
1120 )> {
1121 let checkpoint_path = Some(
1122 config
1123 .db_checkpoint_config
1124 .checkpoint_path
1125 .clone()
1126 .unwrap_or_else(|| config.db_checkpoint_path()),
1127 );
1128 let db_checkpoint_config = if config.db_checkpoint_config.checkpoint_path.is_none() {
1129 DBCheckpointConfig {
1130 checkpoint_path,
1131 perform_db_checkpoints_at_epoch_end: if state_snapshot_enabled {
1132 true
1133 } else {
1134 config
1135 .db_checkpoint_config
1136 .perform_db_checkpoints_at_epoch_end
1137 },
1138 ..config.db_checkpoint_config.clone()
1139 }
1140 } else {
1141 config.db_checkpoint_config.clone()
1142 };
1143
1144 match (
1145 db_checkpoint_config.object_store_config.as_ref(),
1146 state_snapshot_enabled,
1147 ) {
1148 (None, false) => Ok((db_checkpoint_config, None)),
1153 (_, _) => {
1154 let handler = DBCheckpointHandler::new(
1155 &db_checkpoint_config.checkpoint_path.clone().unwrap(),
1156 db_checkpoint_config.object_store_config.as_ref(),
1157 60,
1158 db_checkpoint_config
1159 .prune_and_compact_before_upload
1160 .unwrap_or(true),
1161 config.authority_store_pruning_config.clone(),
1162 prometheus_registry,
1163 state_snapshot_enabled,
1164 )?;
1165 Ok((
1166 db_checkpoint_config,
1167 Some(DBCheckpointHandler::start(handler)),
1168 ))
1169 }
1170 }
1171 }
1172
1173 fn create_p2p_network(
1174 config: &NodeConfig,
1175 state_sync_store: RocksDbStore,
1176 chain_identifier: ChainIdentifier,
1177 randomness_tx: mpsc::Sender<(EpochId, RandomnessRound, Vec<u8>)>,
1178 prometheus_registry: &Registry,
1179 ) -> Result<P2pComponents> {
1180 let mut p2p_config = config.p2p_config.clone();
1181 {
1182 let disc = p2p_config.discovery.get_or_insert_with(Default::default);
1183 if disc.peer_addr_store_path.is_none() {
1184 disc.peer_addr_store_path =
1185 Some(config.db_path().join("discovery_peer_cache.yaml"));
1186 }
1187 }
1188 let mut discovery_builder = discovery::Builder::new().config(p2p_config.clone());
1189 if let Some(consensus_config) = &config.consensus_config {
1190 let effective_addr = consensus_config
1191 .external_address
1192 .as_ref()
1193 .or(consensus_config.listen_address.as_ref());
1194 if let Some(addr) = effective_addr {
1195 discovery_builder = discovery_builder.consensus_external_address(addr.clone());
1196 }
1197 }
1198 let (discovery, discovery_server, endpoint_manager) = discovery_builder.build();
1199 let discovery_sender = discovery.sender();
1200
1201 let (state_sync, state_sync_router) = state_sync::Builder::new()
1202 .config(config.p2p_config.state_sync.clone().unwrap_or_default())
1203 .store(state_sync_store)
1204 .archive_config(config.archive_reader_config())
1205 .discovery_sender(discovery_sender)
1206 .with_metrics(prometheus_registry)
1207 .build();
1208
1209 let discovery_config = config.p2p_config.discovery.clone().unwrap_or_default();
1210 let known_peers: HashMap<PeerId, String> = discovery_config
1211 .allowlisted_peers
1212 .clone()
1213 .into_iter()
1214 .map(|ap| (ap.peer_id, "allowlisted_peer".to_string()))
1215 .chain(config.p2p_config.seed_peers.iter().filter_map(|peer| {
1216 peer.peer_id
1217 .map(|peer_id| (peer_id, "seed_peer".to_string()))
1218 }))
1219 .collect();
1220
1221 let (randomness, randomness_router) =
1222 randomness::Builder::new(config.protocol_public_key(), randomness_tx)
1223 .config(config.p2p_config.randomness.clone().unwrap_or_default())
1224 .with_metrics(prometheus_registry)
1225 .build();
1226
1227 let p2p_network = {
1228 let routes = anemo::Router::new()
1229 .add_rpc_service(discovery_server)
1230 .merge(state_sync_router);
1231 let routes = routes.merge(randomness_router);
1232
1233 let inbound_network_metrics =
1234 mysten_network::metrics::NetworkMetrics::new("sui", "inbound", prometheus_registry);
1235 let outbound_network_metrics = mysten_network::metrics::NetworkMetrics::new(
1236 "sui",
1237 "outbound",
1238 prometheus_registry,
1239 );
1240
1241 let service = ServiceBuilder::new()
1242 .layer(
1243 TraceLayer::new_for_server_errors()
1244 .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1245 .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1246 )
1247 .layer(CallbackLayer::new(
1248 mysten_network::metrics::MetricsMakeCallbackHandler::new(
1249 Arc::new(inbound_network_metrics),
1250 config.p2p_config.excessive_message_size(),
1251 ),
1252 ))
1253 .service(routes);
1254
1255 let outbound_layer = ServiceBuilder::new()
1256 .layer(
1257 TraceLayer::new_for_client_and_server_errors()
1258 .make_span_with(DefaultMakeSpan::new().level(tracing::Level::INFO))
1259 .on_failure(DefaultOnFailure::new().level(tracing::Level::WARN)),
1260 )
1261 .layer(CallbackLayer::new(
1262 mysten_network::metrics::MetricsMakeCallbackHandler::new(
1263 Arc::new(outbound_network_metrics),
1264 config.p2p_config.excessive_message_size(),
1265 ),
1266 ))
1267 .into_inner();
1268
1269 let mut anemo_config = config.p2p_config.anemo_config.clone().unwrap_or_default();
1270 anemo_config.max_request_frame_size = Some(1 << 20);
1273 anemo_config.max_response_frame_size = Some(128 << 20);
1276
1277 let mut quic_config = anemo_config.quic.unwrap_or_default();
1280 if quic_config.socket_send_buffer_size.is_none() {
1281 quic_config.socket_send_buffer_size = Some(20 << 20);
1282 }
1283 if quic_config.socket_receive_buffer_size.is_none() {
1284 quic_config.socket_receive_buffer_size = Some(20 << 20);
1285 }
1286 quic_config.allow_failed_socket_buffer_size_setting = true;
1287
1288 if quic_config.max_concurrent_bidi_streams.is_none() {
1291 quic_config.max_concurrent_bidi_streams = Some(500);
1292 }
1293 if quic_config.max_concurrent_uni_streams.is_none() {
1294 quic_config.max_concurrent_uni_streams = Some(500);
1295 }
1296 if quic_config.stream_receive_window.is_none() {
1297 quic_config.stream_receive_window = Some(100 << 20);
1298 }
1299 if quic_config.receive_window.is_none() {
1300 quic_config.receive_window = Some(200 << 20);
1301 }
1302 if quic_config.send_window.is_none() {
1303 quic_config.send_window = Some(200 << 20);
1304 }
1305 if quic_config.crypto_buffer_size.is_none() {
1306 quic_config.crypto_buffer_size = Some(1 << 20);
1307 }
1308 if quic_config.max_idle_timeout_ms.is_none() {
1309 quic_config.max_idle_timeout_ms = Some(10_000);
1310 }
1311 if quic_config.keep_alive_interval_ms.is_none() {
1312 quic_config.keep_alive_interval_ms = Some(5_000);
1313 }
1314 anemo_config.quic = Some(quic_config);
1315
1316 let server_name = format!("sui-{}", chain_identifier);
1317 let network = Network::bind(config.p2p_config.listen_address)
1318 .server_name(&server_name)
1319 .private_key(config.network_key_pair().copy().private().0.to_bytes())
1320 .config(anemo_config)
1321 .outbound_request_layer(outbound_layer)
1322 .start(service)?;
1323 info!(
1324 server_name = server_name,
1325 "P2p network started on {}",
1326 network.local_addr()
1327 );
1328
1329 network
1330 };
1331
1332 let discovery_handle =
1333 discovery.start(p2p_network.clone(), config.network_key_pair().copy());
1334 let state_sync_handle = state_sync.start(p2p_network.clone());
1335 let randomness_handle = randomness.start(p2p_network.clone());
1336
1337 Ok(P2pComponents {
1338 p2p_network,
1339 known_peers,
1340 discovery_handle,
1341 state_sync_handle,
1342 randomness_handle,
1343 endpoint_manager,
1344 })
1345 }
1346
1347 async fn construct_validator_components(
1348 config: NodeConfig,
1349 state: Arc<AuthorityState>,
1350 committee: Arc<Committee>,
1351 epoch_store: Arc<AuthorityPerEpochStore>,
1352 checkpoint_store: Arc<CheckpointStore>,
1353 state_sync_handle: state_sync::Handle,
1354 randomness_handle: randomness::Handle,
1355 global_state_hasher: Weak<GlobalStateHasher>,
1356 backpressure_manager: Arc<BackpressureManager>,
1357 registry_service: &RegistryService,
1358 sui_node_metrics: Arc<SuiNodeMetrics>,
1359 checkpoint_metrics: Arc<CheckpointMetrics>,
1360 node_role: NodeRole,
1361 randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1362 ) -> Result<ValidatorComponents> {
1363 let mut config_clone = config.clone();
1364 let consensus_config = config_clone
1365 .consensus_config
1366 .as_mut()
1367 .ok_or_else(|| anyhow!("Node is missing consensus config"))?;
1368
1369 let client = Arc::new(UpdatableConsensusClient::new());
1370 let inflight_slot_freed_notify = Arc::new(tokio::sync::Notify::new());
1371 let consensus_adapter = Arc::new(Self::construct_consensus_adapter(
1372 &committee,
1373 consensus_config,
1374 state.name,
1375 ®istry_service.default_registry(),
1376 client.clone(),
1377 checkpoint_store.clone(),
1378 inflight_slot_freed_notify.clone(),
1379 ));
1380
1381 let consensus_manager = Arc::new(ConsensusManager::new(
1382 &config,
1383 consensus_config,
1384 registry_service,
1385 client,
1386 node_role,
1387 ));
1388
1389 let consensus_store_pruner = ConsensusStorePruner::new(
1391 consensus_manager.get_storage_base_path(),
1392 consensus_config.db_retention_epochs(),
1393 consensus_config.db_pruner_period(),
1394 ®istry_service.default_registry(),
1395 );
1396
1397 let sui_tx_validator_metrics =
1398 SuiTxValidatorMetrics::new(®istry_service.default_registry());
1399
1400 let (validator_server_handle, admission_queue) = if node_role.is_validator() {
1401 let (handle, queue) = Self::start_grpc_validator_service(
1402 &config,
1403 state.clone(),
1404 consensus_adapter.clone(),
1405 epoch_store.clone(),
1406 ®istry_service.default_registry(),
1407 inflight_slot_freed_notify,
1408 )
1409 .await?;
1410 (Some(handle), queue)
1411 } else {
1412 (None, None)
1413 };
1414
1415 let validator_overload_monitor_handle = if node_role.is_validator()
1418 && config
1419 .authority_overload_config
1420 .max_load_shedding_percentage
1421 > 0
1422 {
1423 let authority_state = Arc::downgrade(&state);
1424 let overload_config = config.authority_overload_config.clone();
1425 fail_point!("starting_overload_monitor");
1426 Some(spawn_monitored_task!(overload_monitor(
1427 authority_state,
1428 overload_config,
1429 )))
1430 } else {
1431 None
1432 };
1433
1434 Self::start_epoch_specific_validator_components(
1435 &config,
1436 state.clone(),
1437 consensus_adapter,
1438 checkpoint_store,
1439 epoch_store,
1440 state_sync_handle,
1441 randomness_handle,
1442 randomness_receiver_handle,
1443 consensus_manager,
1444 consensus_store_pruner,
1445 global_state_hasher,
1446 backpressure_manager,
1447 validator_server_handle,
1448 validator_overload_monitor_handle,
1449 checkpoint_metrics,
1450 sui_node_metrics,
1451 sui_tx_validator_metrics,
1452 admission_queue,
1453 node_role,
1454 )
1455 .await
1456 }
1457
1458 fn address_prober_enabled(config: &NodeConfig) -> bool {
1459 let prober_enabled = config
1460 .address_prober
1461 .as_ref()
1462 .map(|c| c.enabled())
1463 .unwrap_or(true);
1464 let v3_enabled = config
1465 .p2p_config
1466 .discovery
1467 .as_ref()
1468 .is_some_and(|d| d.use_get_known_peers_v3());
1469 prober_enabled && v3_enabled
1470 }
1471
1472 fn update_address_prober_epoch(
1473 &self,
1474 epoch_store: &AuthorityPerEpochStore,
1475 consensus_manager: &Arc<ConsensusManager>,
1476 ) {
1477 if !epoch_store.is_validator() {
1478 return;
1479 }
1480 if let Some(handle) = &self.address_prober {
1481 handle.update_epoch(
1482 epoch_store.epoch(),
1483 epoch_store.epoch_start_state().get_consensus_committee(),
1484 consensus_manager.clone(),
1485 );
1486 }
1487 }
1488
1489 async fn start_epoch_specific_validator_components(
1490 config: &NodeConfig,
1491 state: Arc<AuthorityState>,
1492 consensus_adapter: Arc<ConsensusAdapter>,
1493 checkpoint_store: Arc<CheckpointStore>,
1494 epoch_store: Arc<AuthorityPerEpochStore>,
1495 state_sync_handle: state_sync::Handle,
1496 randomness_handle: randomness::Handle,
1497 randomness_receiver_handle: Arc<RandomnessRoundReceiverHandle>,
1498 consensus_manager: Arc<ConsensusManager>,
1499 consensus_store_pruner: ConsensusStorePruner,
1500 state_hasher: Weak<GlobalStateHasher>,
1501 backpressure_manager: Arc<BackpressureManager>,
1502 validator_server_handle: Option<SpawnOnce>,
1503 validator_overload_monitor_handle: Option<JoinHandle<()>>,
1504 checkpoint_metrics: Arc<CheckpointMetrics>,
1505 sui_node_metrics: Arc<SuiNodeMetrics>,
1506 sui_tx_validator_metrics: Arc<SuiTxValidatorMetrics>,
1507 admission_queue: Option<AdmissionQueueContext>,
1508 node_role: NodeRole,
1509 ) -> Result<ValidatorComponents> {
1510 let checkpoint_service = Self::build_checkpoint_service(
1511 config,
1512 consensus_adapter.clone(),
1513 checkpoint_store.clone(),
1514 epoch_store.clone(),
1515 state.clone(),
1516 state_sync_handle,
1517 state_hasher,
1518 checkpoint_metrics.clone(),
1519 node_role,
1520 );
1521
1522 randomness_receiver_handle.clear_public_key();
1525
1526 if node_role.runs_consensus() && epoch_store.randomness_state_enabled() {
1527 let authority_key_pair = if node_role.is_validator() {
1528 Some(config.protocol_key_pair())
1529 } else {
1530 None
1531 };
1532 let randomness_manager = RandomnessManager::try_new(
1533 Arc::downgrade(&epoch_store),
1534 Box::new(consensus_adapter.clone()),
1535 randomness_handle,
1536 authority_key_pair,
1537 randomness_receiver_handle.clone(),
1538 )
1539 .await;
1540 if let Some(randomness_manager) = randomness_manager {
1541 epoch_store
1542 .set_randomness_manager(randomness_manager)
1543 .await?;
1544 }
1545 }
1546
1547 if node_role.is_validator() {
1548 ExecutionTimeObserver::spawn(
1549 epoch_store.clone(),
1550 Box::new(consensus_adapter.clone()),
1551 config
1552 .execution_time_observer_config
1553 .clone()
1554 .unwrap_or_default(),
1555 );
1556 }
1557
1558 let throughput_calculator = Arc::new(ConsensusThroughputCalculator::new(
1559 None,
1560 state.metrics.clone(),
1561 ));
1562
1563 let consensus_handler_initializer = ConsensusHandlerInitializer::new(
1564 state.clone(),
1565 checkpoint_service.clone(),
1566 epoch_store.clone(),
1567 consensus_adapter.clone(),
1568 throughput_calculator,
1569 backpressure_manager,
1570 config.congestion_log.clone(),
1571 );
1572
1573 info!("Starting consensus manager asynchronously");
1574
1575 tokio::spawn({
1577 let config = config.clone();
1578 let epoch_store = epoch_store.clone();
1579 let sui_tx_validator = SuiTxValidator::new(
1580 state.clone(),
1581 epoch_store.clone(),
1582 checkpoint_service.clone(),
1583 sui_tx_validator_metrics.clone(),
1584 );
1585 let consensus_manager = consensus_manager.clone();
1586 async move {
1587 consensus_manager
1588 .start(
1589 &config,
1590 epoch_store,
1591 consensus_handler_initializer,
1592 sui_tx_validator,
1593 Some(randomness_receiver_handle),
1594 )
1595 .await;
1596 }
1597 });
1598 let replay_waiter = consensus_manager.replay_waiter();
1599
1600 info!("Spawning checkpoint service");
1601 let replay_waiter = if std::env::var("DISABLE_REPLAY_WAITER").is_ok() {
1602 None
1603 } else {
1604 Some(replay_waiter)
1605 };
1606 checkpoint_service
1607 .spawn(epoch_store.clone(), replay_waiter)
1608 .await;
1609
1610 if node_role.is_validator() && epoch_store.authenticator_state_enabled() {
1611 Self::start_jwk_updater(
1612 config,
1613 sui_node_metrics,
1614 state.name,
1615 epoch_store.clone(),
1616 consensus_adapter.clone(),
1617 );
1618 }
1619
1620 if let Some(ctx) = &admission_queue {
1621 ctx.rotate_for_epoch(epoch_store);
1622 }
1623
1624 Ok(ValidatorComponents {
1625 validator_server_handle,
1626 validator_overload_monitor_handle,
1627 consensus_manager,
1628 consensus_store_pruner,
1629 consensus_adapter,
1630 checkpoint_metrics,
1631 sui_tx_validator_metrics,
1632 admission_queue,
1633 })
1634 }
1635
1636 fn build_checkpoint_service(
1637 config: &NodeConfig,
1638 consensus_adapter: Arc<ConsensusAdapter>,
1639 checkpoint_store: Arc<CheckpointStore>,
1640 epoch_store: Arc<AuthorityPerEpochStore>,
1641 state: Arc<AuthorityState>,
1642 state_sync_handle: state_sync::Handle,
1643 state_hasher: Weak<GlobalStateHasher>,
1644 checkpoint_metrics: Arc<CheckpointMetrics>,
1645 node_role: NodeRole,
1646 ) -> Arc<CheckpointService> {
1647 let epoch_start_timestamp_ms = epoch_store.epoch_start_state().epoch_start_timestamp_ms();
1648 let epoch_duration_ms = epoch_store.epoch_start_state().epoch_duration_ms();
1649
1650 debug!(
1651 "Starting checkpoint service with epoch start timestamp {}
1652 and epoch duration {}",
1653 epoch_start_timestamp_ms, epoch_duration_ms
1654 );
1655
1656 let checkpoint_output: Box<dyn CheckpointOutput> = if node_role.is_validator() {
1657 Box::new(SubmitCheckpointToConsensus::new(
1658 consensus_adapter,
1659 state.secret.clone(),
1660 config.protocol_public_key(),
1661 epoch_start_timestamp_ms
1662 .checked_add(epoch_duration_ms)
1663 .expect("Overflow calculating next_reconfiguration_timestamp_ms"),
1664 checkpoint_metrics.clone(),
1665 ))
1666 } else {
1667 Box::new(LogCheckpointOutput::new(checkpoint_metrics.clone()))
1668 };
1669
1670 let certified_checkpoint_output = SendCheckpointToStateSync::new(state_sync_handle);
1671
1672 CheckpointService::build(
1673 state.clone(),
1674 checkpoint_store,
1675 epoch_store,
1676 state.get_transaction_cache_reader().clone(),
1677 state_hasher,
1678 checkpoint_output,
1679 Box::new(certified_checkpoint_output),
1680 checkpoint_metrics,
1681 )
1682 }
1683
1684 fn construct_consensus_adapter(
1685 committee: &Committee,
1686 consensus_config: &ConsensusConfig,
1687 authority: AuthorityName,
1688 prometheus_registry: &Registry,
1689 consensus_client: Arc<dyn ConsensusClient>,
1690 checkpoint_store: Arc<CheckpointStore>,
1691 inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1692 ) -> ConsensusAdapter {
1693 let ca_metrics = ConsensusAdapterMetrics::new(prometheus_registry);
1694 ConsensusAdapter::new(
1697 consensus_client,
1698 checkpoint_store,
1699 authority,
1700 consensus_config.max_pending_transactions(),
1701 consensus_config.max_pending_transactions() * 2 / committee.num_members(),
1702 ca_metrics,
1703 inflight_slot_freed_notify,
1704 )
1705 }
1706
1707 async fn start_grpc_validator_service(
1708 config: &NodeConfig,
1709 state: Arc<AuthorityState>,
1710 consensus_adapter: Arc<ConsensusAdapter>,
1711 epoch_store: Arc<AuthorityPerEpochStore>,
1712 prometheus_registry: &Registry,
1713 inflight_slot_freed_notify: Arc<tokio::sync::Notify>,
1714 ) -> Result<(SpawnOnce, Option<AdmissionQueueContext>)> {
1715 let overload_config = &config.authority_overload_config;
1716 let admission_queue = overload_config.admission_queue_enabled.then(|| {
1717 let manager = Arc::new(AdmissionQueueManager::new(
1718 consensus_adapter.clone(),
1719 Arc::new(AdmissionQueueMetrics::new(prometheus_registry)),
1720 overload_config.admission_queue_capacity_fraction,
1721 overload_config.admission_queue_failover_timeout,
1722 inflight_slot_freed_notify,
1723 ));
1724 AdmissionQueueContext::spawn(manager, epoch_store)
1725 });
1726 let validator_service = ValidatorService::new(
1727 state.clone(),
1728 consensus_adapter,
1729 Arc::new(ValidatorServiceMetrics::new(prometheus_registry)),
1730 config.policy_config.clone().map(|p| p.client_id_source),
1731 admission_queue.clone(),
1732 );
1733
1734 let mut server_conf = mysten_network::config::Config::new();
1735 server_conf.connect_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1736 server_conf.http2_keepalive_interval = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1737 server_conf.http2_keepalive_timeout = Some(DEFAULT_GRPC_CONNECT_TIMEOUT);
1738 server_conf.global_concurrency_limit = config.grpc_concurrency_limit;
1739 server_conf.load_shed = config.grpc_load_shed;
1740 let mut server_builder =
1741 ServerBuilder::from_config(&server_conf, GrpcMetrics::new(prometheus_registry));
1742
1743 server_builder = server_builder.add_service(ValidatorServer::new(validator_service));
1744
1745 let tls_config = sui_tls::create_rustls_server_config(
1746 config.network_key_pair().copy().private(),
1747 SUI_TLS_SERVER_NAME.to_string(),
1748 );
1749
1750 let network_address = config.network_address().clone();
1751
1752 let (ready_tx, ready_rx) = oneshot::channel();
1753
1754 let spawn_once = SpawnOnce::new(ready_rx, async move {
1755 let server = server_builder
1756 .bind(&network_address, Some(tls_config))
1757 .await
1758 .unwrap_or_else(|err| panic!("Failed to bind to {network_address}: {err}"));
1759 let local_addr = server.local_addr();
1760 info!("Listening to traffic on {local_addr}");
1761 ready_tx.send(()).unwrap();
1762 if let Err(err) = server.serve().await {
1763 info!("Server stopped: {err}");
1764 }
1765 info!("Server stopped");
1766 });
1767 Ok((spawn_once, admission_queue))
1768 }
1769
1770 pub fn state(&self) -> Arc<AuthorityState> {
1771 self.state.clone()
1772 }
1773
1774 pub fn embedded_rpc_store(&self) -> Option<&EmbeddedRpcStore> {
1780 self.embedded_rpc_store.as_ref()
1781 }
1782
1783 #[cfg(any(test, msim))]
1784 pub fn connection_monitor_handle_for_testing(
1785 &self,
1786 ) -> &mysten_network::anemo_connection_monitor::ConnectionMonitorHandle {
1787 &self._connection_monitor_handle
1788 }
1789
1790 #[cfg(any(test, msim))]
1791 pub fn address_prober_metrics_for_testing(
1792 &self,
1793 ) -> std::sync::Arc<address_prober::AddressProberMetrics> {
1794 self.address_prober
1795 .as_ref()
1796 .expect("address prober should be running in tests")
1797 .metrics_for_testing()
1798 }
1799
1800 pub fn node_role(&self) -> NodeRole {
1801 self.state.load_epoch_store_one_call_per_task().node_role()
1802 }
1803
1804 pub fn reference_gas_price_for_testing(&self) -> Result<u64, anyhow::Error> {
1806 self.state.reference_gas_price_for_testing()
1807 }
1808
1809 pub fn clone_committee_store(&self) -> Arc<CommitteeStore> {
1810 self.state.committee_store().clone()
1811 }
1812
1813 pub fn clone_checkpoint_store(&self) -> Arc<CheckpointStore> {
1814 self.checkpoint_store.clone()
1815 }
1816
1817 pub fn clone_authority_store(&self) -> Arc<AuthorityStore> {
1818 self.state.authority_store()
1819 }
1820
1821 pub fn clone_consensus_store(
1822 &self,
1823 ) -> Option<Arc<consensus_core::storage::rocksdb_store::RocksDBStore>> {
1824 self.validator_components
1825 .try_lock()
1826 .ok()?
1827 .as_ref()?
1828 .consensus_manager
1829 .consensus_store()
1830 }
1831
1832 pub fn clone_authority_aggregator(
1837 &self,
1838 ) -> Option<Arc<AuthorityAggregator<NetworkAuthorityClient>>> {
1839 self.transaction_orchestrator
1840 .as_ref()
1841 .map(|to| to.clone_authority_aggregator())
1842 }
1843
1844 pub fn transaction_orchestrator(
1845 &self,
1846 ) -> Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>> {
1847 self.transaction_orchestrator.clone()
1848 }
1849
1850 pub async fn monitor_reconfiguration(
1853 self: Arc<Self>,
1854 mut epoch_store: Arc<AuthorityPerEpochStore>,
1855 ) -> Result<()> {
1856 let checkpoint_executor_metrics =
1857 CheckpointExecutorMetrics::new(&self.registry_service.default_registry());
1858
1859 loop {
1860 let mut hasher_guard = self.global_state_hasher.lock().await;
1861 let hasher = hasher_guard.take().unwrap();
1862 info!(
1863 "Creating checkpoint executor for epoch {}",
1864 epoch_store.epoch()
1865 );
1866 let checkpoint_executor = CheckpointExecutor::new(
1867 epoch_store.clone(),
1868 self.checkpoint_store.clone(),
1869 self.state.clone(),
1870 hasher.clone(),
1871 self.backpressure_manager.clone(),
1872 self.config.checkpoint_executor_config.clone(),
1873 checkpoint_executor_metrics.clone(),
1874 self.subscription_service_checkpoint_sender.clone(),
1875 );
1876
1877 let run_with_range = self.config.run_with_range;
1878
1879 let cur_epoch_store = self.state.load_epoch_store_one_call_per_task();
1880
1881 self.metrics
1883 .current_protocol_version
1884 .set(cur_epoch_store.protocol_config().version.as_u64() as i64);
1885
1886 if let Some(components) = &*self.validator_components.lock().await
1889 && cur_epoch_store.is_validator()
1890 {
1891 tokio::time::sleep(Duration::from_millis(1)).await;
1893
1894 let config = cur_epoch_store.protocol_config();
1895 let mut supported_protocol_versions = self
1896 .config
1897 .supported_protocol_versions
1898 .expect("Supported versions should be populated")
1899 .truncate_below(config.version);
1901
1902 while supported_protocol_versions.max > config.version {
1903 let proposed_protocol_config = ProtocolConfig::get_for_version(
1904 supported_protocol_versions.max,
1905 cur_epoch_store.get_chain(),
1906 );
1907
1908 if proposed_protocol_config.enable_accumulators()
1909 && !epoch_store.accumulator_root_exists()
1910 {
1911 error!(
1912 "cannot upgrade to protocol version {:?} because accumulator root does not exist",
1913 supported_protocol_versions.max
1914 );
1915 supported_protocol_versions.max = supported_protocol_versions.max.prev();
1916 } else {
1917 break;
1918 }
1919 }
1920
1921 let binary_config = config.binary_config(None);
1922 let transaction = ConsensusTransaction::new_capability_notification_v2(
1923 AuthorityCapabilitiesV2::new(
1924 self.state.name,
1925 cur_epoch_store.get_chain_identifier().chain(),
1926 supported_protocol_versions,
1927 self.state
1928 .get_available_system_packages(&binary_config)
1929 .await,
1930 ),
1931 );
1932 info!(?transaction, "submitting capabilities to consensus");
1933 components.consensus_adapter.submit(
1934 transaction,
1935 None,
1936 &cur_epoch_store,
1937 None,
1938 None,
1939 )?;
1940 }
1941
1942 let stop_condition = checkpoint_executor.run_epoch(run_with_range).await;
1943
1944 if stop_condition == StopReason::RunWithRangeCondition {
1945 SuiNode::shutdown(&self).await;
1946 self.shutdown_channel_tx
1947 .send(run_with_range)
1948 .expect("RunWithRangeCondition met but failed to send shutdown message");
1949 return Ok(());
1950 }
1951
1952 let latest_system_state = self
1954 .state
1955 .get_object_cache_reader()
1956 .get_sui_system_state_object_unsafe()
1957 .expect("Read Sui System State object cannot fail");
1958
1959 #[cfg(msim)]
1960 if !self
1961 .sim_state
1962 .sim_safe_mode_expected
1963 .load(Ordering::Relaxed)
1964 {
1965 debug_assert!(!latest_system_state.safe_mode());
1966 }
1967
1968 #[cfg(not(msim))]
1969 debug_assert!(!latest_system_state.safe_mode());
1970
1971 if let Err(err) = self.end_of_epoch_channel.send(latest_system_state.clone())
1972 && self.state.is_fullnode(&cur_epoch_store)
1973 {
1974 warn!(
1975 "Failed to send end of epoch notification to subscriber: {:?}",
1976 err
1977 );
1978 }
1979
1980 cur_epoch_store.record_is_safe_mode_metric(latest_system_state.safe_mode());
1981 let new_epoch_start_state = latest_system_state.into_epoch_start_state();
1982
1983 self.auth_agg.store(Arc::new(
1984 self.auth_agg
1985 .load()
1986 .recreate_with_new_epoch_start_state(&new_epoch_start_state),
1987 ));
1988
1989 let next_epoch_committee = new_epoch_start_state.get_sui_committee();
1990 let next_epoch = next_epoch_committee.epoch();
1991 assert_eq!(cur_epoch_store.epoch() + 1, next_epoch);
1992
1993 info!(
1994 next_epoch,
1995 "Finished executing all checkpoints in epoch. About to reconfigure the system."
1996 );
1997
1998 fail_point_async!("reconfig_delay");
1999
2000 cur_epoch_store.record_epoch_reconfig_start_time_metric();
2001
2002 update_peer_addresses(
2003 &self.config,
2004 &self.endpoint_manager,
2005 &new_epoch_start_state,
2006 Some(cur_epoch_store.epoch_start_state()),
2007 );
2008
2009 let mut validator_components_lock_guard = self.validator_components.lock().await;
2010
2011 let new_epoch_store = self
2015 .reconfigure_state(
2016 &self.state,
2017 &cur_epoch_store,
2018 next_epoch_committee.clone(),
2019 new_epoch_start_state,
2020 hasher.clone(),
2021 )
2022 .await;
2023
2024 let new_role = new_epoch_store.node_role();
2025
2026 let new_validator_components = if let Some(ValidatorComponents {
2027 validator_server_handle,
2028 validator_overload_monitor_handle,
2029 consensus_manager,
2030 consensus_store_pruner,
2031 consensus_adapter,
2032 checkpoint_metrics,
2033 sui_tx_validator_metrics,
2034 admission_queue,
2035 }) = validator_components_lock_guard.take()
2036 {
2037 info!("Reconfiguring node (was running consensus).");
2038
2039 consensus_manager.shutdown().await;
2040 info!("Consensus has shut down.");
2041
2042 if let Some(handle) = &self.address_prober {
2043 handle.leave_committee();
2044 }
2045
2046 info!("Epoch store finished reconfiguration.");
2047
2048 let global_state_hasher_metrics = Arc::into_inner(hasher)
2051 .expect("Object state hasher should have no other references at this point")
2052 .metrics();
2053 let new_hasher = Arc::new(GlobalStateHasher::new(
2054 self.state.get_global_state_hash_store().clone(),
2055 global_state_hasher_metrics,
2056 ));
2057 let weak_hasher = Arc::downgrade(&new_hasher);
2058 *hasher_guard = Some(new_hasher);
2059
2060 consensus_store_pruner.prune(next_epoch).await;
2061
2062 if new_role.runs_consensus() {
2063 info!("Restarting consensus as {new_role}");
2064 let components = Self::start_epoch_specific_validator_components(
2065 &self.config,
2066 self.state.clone(),
2067 consensus_adapter,
2068 self.checkpoint_store.clone(),
2069 new_epoch_store.clone(),
2070 self.state_sync_handle.clone(),
2071 self.randomness_handle.clone(),
2072 self.randomness_receiver_handle.clone(),
2073 consensus_manager,
2074 consensus_store_pruner,
2075 weak_hasher,
2076 self.backpressure_manager.clone(),
2077 validator_server_handle,
2078 validator_overload_monitor_handle,
2079 checkpoint_metrics,
2080 self.metrics.clone(),
2081 sui_tx_validator_metrics,
2082 admission_queue,
2083 new_role,
2084 )
2085 .await?;
2086 self.update_address_prober_epoch(
2087 &new_epoch_store,
2088 &components.consensus_manager,
2089 );
2090 Some(components)
2091 } else {
2092 info!(
2093 "This node has new role {new_role} and no longer runs consensus after reconfiguration"
2094 );
2095 None
2096 }
2097 } else {
2098 let global_state_hasher_metrics = Arc::into_inner(hasher)
2101 .expect("Object state hasher should have no other references at this point")
2102 .metrics();
2103 let new_hasher = Arc::new(GlobalStateHasher::new(
2104 self.state.get_global_state_hash_store().clone(),
2105 global_state_hasher_metrics,
2106 ));
2107 let weak_hasher = Arc::downgrade(&new_hasher);
2108 *hasher_guard = Some(new_hasher);
2109
2110 if new_role.runs_consensus() {
2111 info!("Promoting node to {new_role}, starting consensus components");
2112
2113 let mut components = Self::construct_validator_components(
2114 self.config.clone(),
2115 self.state.clone(),
2116 Arc::new(next_epoch_committee.clone()),
2117 new_epoch_store.clone(),
2118 self.checkpoint_store.clone(),
2119 self.state_sync_handle.clone(),
2120 self.randomness_handle.clone(),
2121 weak_hasher,
2122 self.backpressure_manager.clone(),
2123 &self.registry_service,
2124 self.metrics.clone(),
2125 self.checkpoint_metrics.clone(),
2126 new_role,
2127 self.randomness_receiver_handle.clone(),
2128 )
2129 .await?;
2130
2131 if new_role.is_validator() {
2132 components.validator_server_handle = Some(
2133 components
2134 .validator_server_handle
2135 .take()
2136 .unwrap()
2137 .start()
2138 .await,
2139 );
2140
2141 self.endpoint_manager
2142 .set_consensus_address_updater(components.consensus_manager.clone());
2143 }
2144
2145 self.update_address_prober_epoch(
2146 &new_epoch_store,
2147 &components.consensus_manager,
2148 );
2149 Some(components)
2150 } else {
2151 None
2152 }
2153 };
2154 *validator_components_lock_guard = new_validator_components;
2155
2156 cur_epoch_store.release_db_handles();
2159
2160 if cfg!(msim)
2161 && !matches!(
2162 self.config
2163 .authority_store_pruning_config
2164 .num_epochs_to_retain_for_checkpoints(),
2165 None | Some(u64::MAX) | Some(0)
2166 )
2167 {
2168 self.state
2169 .prune_checkpoints_for_eligible_epochs_for_testing(
2170 self.config.clone(),
2171 sui_core::authority::authority_store_pruner::AuthorityStorePruningMetrics::new_for_test(),
2172 )
2173 .await?;
2174 }
2175
2176 epoch_store = new_epoch_store;
2177 info!("Reconfiguration finished");
2178 }
2179 }
2180
2181 async fn shutdown(&self) {
2182 if let Some(validator_components) = &*self.validator_components.lock().await {
2183 validator_components.consensus_manager.shutdown().await;
2184 }
2185 }
2186
2187 async fn reconfigure_state(
2188 &self,
2189 state: &Arc<AuthorityState>,
2190 cur_epoch_store: &AuthorityPerEpochStore,
2191 next_epoch_committee: Committee,
2192 next_epoch_start_system_state: EpochStartSystemState,
2193 global_state_hasher: Arc<GlobalStateHasher>,
2194 ) -> Arc<AuthorityPerEpochStore> {
2195 let next_epoch = next_epoch_committee.epoch();
2196
2197 let last_checkpoint = self
2198 .checkpoint_store
2199 .get_epoch_last_checkpoint(cur_epoch_store.epoch())
2200 .expect("Error loading last checkpoint for current epoch")
2201 .expect("Could not load last checkpoint for current epoch");
2202
2203 let last_checkpoint_seq = *last_checkpoint.sequence_number();
2204
2205 assert_eq!(
2206 Some(last_checkpoint_seq),
2207 self.checkpoint_store
2208 .get_highest_executed_checkpoint_seq_number()
2209 .expect("Error loading highest executed checkpoint sequence number")
2210 );
2211
2212 let epoch_start_configuration = EpochStartConfiguration::new(
2213 next_epoch_start_system_state,
2214 *last_checkpoint.digest(),
2215 state.get_object_store().as_ref(),
2216 EpochFlag::default_flags_for_new_epoch(&state.config),
2217 )
2218 .expect("EpochStartConfiguration construction cannot fail");
2219
2220 let new_epoch_store = self
2221 .state
2222 .reconfigure(
2223 cur_epoch_store,
2224 self.config.supported_protocol_versions.unwrap(),
2225 next_epoch_committee,
2226 epoch_start_configuration,
2227 global_state_hasher,
2228 &self.config.expensive_safety_check_config,
2229 last_checkpoint_seq,
2230 )
2231 .await
2232 .expect("Reconfigure authority state cannot fail");
2233 info!(next_epoch, "Node State has been reconfigured");
2234 assert_eq!(next_epoch, new_epoch_store.epoch());
2235 self.state.get_reconfig_api().update_epoch_flags_metrics(
2236 cur_epoch_store.epoch_start_config().flags(),
2237 new_epoch_store.epoch_start_config().flags(),
2238 );
2239
2240 new_epoch_store
2241 }
2242
2243 pub fn get_config(&self) -> &NodeConfig {
2244 &self.config
2245 }
2246
2247 pub fn randomness_handle(&self) -> randomness::Handle {
2248 self.randomness_handle.clone()
2249 }
2250
2251 pub fn state_sync_handle(&self) -> state_sync::Handle {
2252 self.state_sync_handle.clone()
2253 }
2254
2255 pub fn endpoint_manager(&self) -> &EndpointManager {
2256 &self.endpoint_manager
2257 }
2258
2259 pub async fn address_prober_report(&self) -> Option<address_prober::ProbeReport> {
2260 match &self.address_prober {
2261 Some(handle) => handle.probe_report().await,
2262 None => None,
2263 }
2264 }
2265
2266 fn get_digest_prefix(digest: impl std::fmt::Display) -> String {
2268 let digest_str = digest.to_string();
2269 if digest_str.len() >= 8 {
2270 digest_str[0..8].to_string()
2271 } else {
2272 digest_str
2273 }
2274 }
2275
2276 async fn check_and_recover_forks(
2280 checkpoint_store: &CheckpointStore,
2281 checkpoint_metrics: &CheckpointMetrics,
2282 fork_recovery: Option<&ForkRecoveryConfig>,
2283 ) -> Result<()> {
2284 if let Some(recovery) = fork_recovery {
2286 Self::try_recover_checkpoint_fork(checkpoint_store, recovery)?;
2287 Self::try_recover_transaction_fork(checkpoint_store, recovery)?;
2288 }
2289
2290 if let Some((checkpoint_seq, checkpoint_digest)) = checkpoint_store
2291 .get_checkpoint_fork_detected()
2292 .map_err(|e| {
2293 error!("Failed to check for checkpoint fork: {:?}", e);
2294 e
2295 })?
2296 {
2297 Self::handle_checkpoint_fork(
2298 checkpoint_seq,
2299 checkpoint_digest,
2300 checkpoint_metrics,
2301 fork_recovery,
2302 )
2303 .await?;
2304 }
2305 if let Some((tx_digest, expected_effects, actual_effects)) = checkpoint_store
2306 .get_transaction_fork_detected()
2307 .map_err(|e| {
2308 error!("Failed to check for transaction fork: {:?}", e);
2309 e
2310 })?
2311 {
2312 Self::handle_transaction_fork(
2313 tx_digest,
2314 expected_effects,
2315 actual_effects,
2316 checkpoint_metrics,
2317 fork_recovery,
2318 )
2319 .await?;
2320 }
2321
2322 Ok(())
2323 }
2324
2325 fn try_recover_checkpoint_fork(
2326 checkpoint_store: &CheckpointStore,
2327 recovery: &ForkRecoveryConfig,
2328 ) -> Result<()> {
2329 for (seq, expected_digest_str) in &recovery.checkpoint_overrides {
2332 let Ok(expected_digest) = CheckpointDigest::from_str(expected_digest_str) else {
2333 anyhow::bail!(
2334 "Invalid checkpoint digest override for seq {}: {}",
2335 seq,
2336 expected_digest_str
2337 );
2338 };
2339
2340 if let Some(local_summary) = checkpoint_store.get_locally_computed_checkpoint(*seq)? {
2341 let local_digest = sui_types::message_envelope::Message::digest(&local_summary);
2342 if local_digest != expected_digest {
2343 info!(
2344 seq,
2345 local = %Self::get_digest_prefix(local_digest),
2346 expected = %Self::get_digest_prefix(expected_digest),
2347 "Fork recovery: clearing locally_computed_checkpoints from {} due to digest mismatch",
2348 seq
2349 );
2350 checkpoint_store
2351 .clear_locally_computed_checkpoints_from(*seq)
2352 .context(
2353 "Failed to clear locally computed checkpoints from override seq",
2354 )?;
2355 }
2356 }
2357 }
2358
2359 if let Some((checkpoint_seq, checkpoint_digest)) =
2360 checkpoint_store.get_checkpoint_fork_detected()?
2361 && recovery.checkpoint_overrides.contains_key(&checkpoint_seq)
2362 {
2363 info!(
2364 "Fork recovery enabled: clearing checkpoint fork at seq {} with digest {:?}",
2365 checkpoint_seq, checkpoint_digest
2366 );
2367 checkpoint_store
2368 .clear_checkpoint_fork_detected()
2369 .expect("Failed to clear checkpoint fork detected marker");
2370 }
2371 Ok(())
2372 }
2373
2374 fn try_recover_transaction_fork(
2375 checkpoint_store: &CheckpointStore,
2376 recovery: &ForkRecoveryConfig,
2377 ) -> Result<()> {
2378 if recovery.transaction_overrides.is_empty() {
2379 return Ok(());
2380 }
2381
2382 if let Some((tx_digest, _, _)) = checkpoint_store.get_transaction_fork_detected()?
2383 && recovery
2384 .transaction_overrides
2385 .contains_key(&tx_digest.to_string())
2386 {
2387 info!(
2388 "Fork recovery enabled: clearing transaction fork for tx {:?}",
2389 tx_digest
2390 );
2391 checkpoint_store
2392 .clear_transaction_fork_detected()
2393 .expect("Failed to clear transaction fork detected marker");
2394 }
2395 Ok(())
2396 }
2397
2398 fn get_current_timestamp() -> u64 {
2399 std::time::SystemTime::now()
2400 .duration_since(std::time::SystemTime::UNIX_EPOCH)
2401 .unwrap()
2402 .as_secs()
2403 }
2404
2405 async fn handle_checkpoint_fork(
2406 checkpoint_seq: u64,
2407 checkpoint_digest: CheckpointDigest,
2408 checkpoint_metrics: &CheckpointMetrics,
2409 fork_recovery: Option<&ForkRecoveryConfig>,
2410 ) -> Result<()> {
2411 checkpoint_metrics
2412 .checkpoint_fork_crash_mode
2413 .with_label_values(&[
2414 &checkpoint_seq.to_string(),
2415 &Self::get_digest_prefix(checkpoint_digest),
2416 &Self::get_current_timestamp().to_string(),
2417 ])
2418 .set(1);
2419
2420 let behavior = fork_recovery
2421 .map(|fr| fr.fork_crash_behavior)
2422 .unwrap_or_default();
2423
2424 match behavior {
2425 ForkCrashBehavior::AwaitForkRecovery => {
2426 error!(
2427 checkpoint_seq = checkpoint_seq,
2428 checkpoint_digest = ?checkpoint_digest,
2429 "Checkpoint fork detected! Node startup halted. Sleeping indefinitely."
2430 );
2431 futures::future::pending::<()>().await;
2432 unreachable!("pending() should never return");
2433 }
2434 ForkCrashBehavior::ReturnError => {
2435 error!(
2436 checkpoint_seq = checkpoint_seq,
2437 checkpoint_digest = ?checkpoint_digest,
2438 "Checkpoint fork detected! Returning error."
2439 );
2440 Err(anyhow::anyhow!(
2441 "Checkpoint fork detected! checkpoint_seq: {}, checkpoint_digest: {:?}",
2442 checkpoint_seq,
2443 checkpoint_digest
2444 ))
2445 }
2446 }
2447 }
2448
2449 async fn handle_transaction_fork(
2450 tx_digest: TransactionDigest,
2451 expected_effects_digest: TransactionEffectsDigest,
2452 actual_effects_digest: TransactionEffectsDigest,
2453 checkpoint_metrics: &CheckpointMetrics,
2454 fork_recovery: Option<&ForkRecoveryConfig>,
2455 ) -> Result<()> {
2456 checkpoint_metrics
2457 .transaction_fork_crash_mode
2458 .with_label_values(&[
2459 &Self::get_digest_prefix(tx_digest),
2460 &Self::get_digest_prefix(expected_effects_digest),
2461 &Self::get_digest_prefix(actual_effects_digest),
2462 &Self::get_current_timestamp().to_string(),
2463 ])
2464 .set(1);
2465
2466 let behavior = fork_recovery
2467 .map(|fr| fr.fork_crash_behavior)
2468 .unwrap_or_default();
2469
2470 match behavior {
2471 ForkCrashBehavior::AwaitForkRecovery => {
2472 error!(
2473 tx_digest = ?tx_digest,
2474 expected_effects_digest = ?expected_effects_digest,
2475 actual_effects_digest = ?actual_effects_digest,
2476 "Transaction fork detected! Node startup halted. Sleeping indefinitely."
2477 );
2478 futures::future::pending::<()>().await;
2479 unreachable!("pending() should never return");
2480 }
2481 ForkCrashBehavior::ReturnError => {
2482 error!(
2483 tx_digest = ?tx_digest,
2484 expected_effects_digest = ?expected_effects_digest,
2485 actual_effects_digest = ?actual_effects_digest,
2486 "Transaction fork detected! Returning error."
2487 );
2488 Err(anyhow::anyhow!(
2489 "Transaction fork detected! tx_digest: {:?}, expected_effects: {:?}, actual_effects: {:?}",
2490 tx_digest,
2491 expected_effects_digest,
2492 actual_effects_digest
2493 ))
2494 }
2495 }
2496 }
2497}
2498
2499#[cfg(not(msim))]
2500impl SuiNode {
2501 async fn fetch_jwks(
2502 _authority: AuthorityName,
2503 provider: &OIDCProvider,
2504 ) -> SuiResult<Vec<(JwkId, JWK)>> {
2505 use fastcrypto_zkp::bn254::zk_login::fetch_jwks;
2506 use sui_types::error::SuiErrorKind;
2507 let client = reqwest::Client::new();
2508 fetch_jwks(provider, &client, true)
2509 .await
2510 .map_err(|_| SuiErrorKind::JWKRetrievalError.into())
2511 }
2512}
2513
2514#[cfg(msim)]
2515impl SuiNode {
2516 pub fn get_sim_node_id(&self) -> sui_simulator::task::NodeId {
2517 self.sim_state.sim_node.id()
2518 }
2519
2520 pub fn set_safe_mode_expected(&self, new_value: bool) {
2521 info!("Setting safe mode expected to {}", new_value);
2522 self.sim_state
2523 .sim_safe_mode_expected
2524 .store(new_value, Ordering::Relaxed);
2525 }
2526
2527 #[allow(unused_variables)]
2528 async fn fetch_jwks(
2529 authority: AuthorityName,
2530 provider: &OIDCProvider,
2531 ) -> SuiResult<Vec<(JwkId, JWK)>> {
2532 get_jwk_injector()(authority, provider)
2533 }
2534}
2535
2536enum SpawnOnce {
2537 Unstarted(oneshot::Receiver<()>, Mutex<BoxFuture<'static, ()>>),
2539 #[allow(unused)]
2540 Started(JoinHandle<()>),
2541}
2542
2543impl SpawnOnce {
2544 pub fn new(
2545 ready_rx: oneshot::Receiver<()>,
2546 future: impl Future<Output = ()> + Send + 'static,
2547 ) -> Self {
2548 Self::Unstarted(ready_rx, Mutex::new(Box::pin(future)))
2549 }
2550
2551 pub async fn start(self) -> Self {
2552 match self {
2553 Self::Unstarted(ready_rx, future) => {
2554 let future = future.into_inner();
2555 let handle = tokio::spawn(future);
2556 ready_rx.await.unwrap();
2557 Self::Started(handle)
2558 }
2559 Self::Started(_) => self,
2560 }
2561 }
2562}
2563
2564fn update_peer_addresses(
2568 config: &NodeConfig,
2569 endpoint_manager: &EndpointManager,
2570 epoch_start_state: &EpochStartSystemState,
2571 prev_epoch_start_state: Option<&EpochStartSystemState>,
2572) {
2573 if config.consensus_config().is_none() {
2574 return;
2575 }
2576 let new_peers: HashSet<PeerId> = epoch_start_state
2577 .get_validator_as_p2p_peers(config.protocol_public_key())
2578 .into_iter()
2579 .map(|(peer_id, address)| {
2580 endpoint_manager
2581 .update_endpoint(
2582 EndpointId::P2p(peer_id),
2583 AddressSource::Chain,
2584 vec![address],
2585 )
2586 .expect("Updating peer addresses should not fail");
2587 peer_id
2588 })
2589 .collect();
2590
2591 if let Some(prev) = prev_epoch_start_state {
2593 for (peer_id, _) in prev.get_validator_as_p2p_peers(config.protocol_public_key()) {
2594 if !new_peers.contains(&peer_id) {
2595 endpoint_manager
2596 .update_endpoint(EndpointId::P2p(peer_id), AddressSource::Chain, vec![])
2597 .expect("Clearing peer addresses should not fail");
2598 }
2599 }
2600 }
2601}
2602
2603fn build_kv_store(
2604 state: &Arc<AuthorityState>,
2605 config: &NodeConfig,
2606 registry: &Registry,
2607) -> Result<Arc<TransactionKeyValueStore>> {
2608 let metrics = KeyValueStoreMetrics::new(registry);
2609 let db_store = TransactionKeyValueStore::new("rocksdb", metrics.clone(), state.clone());
2610
2611 let base_url = &config.transaction_kv_store_read_config.base_url;
2612
2613 if base_url.is_empty() {
2614 info!("no http kv store url provided, using local db only");
2615 return Ok(Arc::new(db_store));
2616 }
2617
2618 let base_url: url::Url = base_url.parse().tap_err(|e| {
2619 error!(
2620 "failed to parse config.transaction_kv_store_config.base_url ({:?}) as url: {}",
2621 base_url, e
2622 )
2623 })?;
2624
2625 let network_str = match state.get_chain_identifier().chain() {
2626 Chain::Mainnet => "/mainnet",
2627 _ => {
2628 info!("using local db only for kv store");
2629 return Ok(Arc::new(db_store));
2630 }
2631 };
2632
2633 let base_url = base_url.join(network_str)?.to_string();
2634 let http_store = HttpKVStore::new_kv(
2635 &base_url,
2636 config.transaction_kv_store_read_config.cache_size,
2637 metrics.clone(),
2638 )?;
2639 info!("using local key-value store with fallback to http key-value store");
2640 Ok(Arc::new(FallbackTransactionKVStore::new_kv(
2641 db_store,
2642 http_store,
2643 metrics,
2644 "json_rpc_fallback",
2645 )))
2646}
2647
2648async fn build_json_rpc_router(
2649 state: &Arc<AuthorityState>,
2650 transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2651 config: &NodeConfig,
2652 prometheus_registry: &Registry,
2653) -> Result<axum::Router> {
2654 let traffic_controller = state.traffic_controller.clone();
2655 let mut server = JsonRpcServerBuilder::new(
2656 env!("CARGO_PKG_VERSION"),
2657 prometheus_registry,
2658 traffic_controller,
2659 config.policy_config.clone(),
2660 );
2661
2662 let kv_store = build_kv_store(state, config, prometheus_registry)?;
2663
2664 let metrics = Arc::new(JsonRpcMetrics::new(prometheus_registry));
2665 server.register_module(ReadApi::new(
2666 state.clone(),
2667 kv_store.clone(),
2668 metrics.clone(),
2669 ))?;
2670 server.register_module(CoinReadApi::new(
2671 state.clone(),
2672 kv_store.clone(),
2673 metrics.clone(),
2674 ))?;
2675
2676 if config.run_with_range.is_none() {
2679 server.register_module(TransactionBuilderApi::new(state.clone()))?;
2680 }
2681 server.register_module(GovernanceReadApi::new(state.clone(), metrics.clone()))?;
2682 server.register_module(BridgeReadApi::new(state.clone(), metrics.clone()))?;
2683
2684 if let Some(transaction_orchestrator) = transaction_orchestrator {
2685 server.register_module(TransactionExecutionApi::new(
2686 state.clone(),
2687 transaction_orchestrator.clone(),
2688 metrics.clone(),
2689 ))?;
2690 }
2691
2692 let name_service_config = if let (
2693 Some(package_address),
2694 Some(registry_id),
2695 Some(reverse_registry_id),
2696 ) = (
2697 config.name_service_package_address,
2698 config.name_service_registry_id,
2699 config.name_service_reverse_registry_id,
2700 ) {
2701 sui_name_service::NameServiceConfig::new(package_address, registry_id, reverse_registry_id)
2702 } else {
2703 match state.get_chain_identifier().chain() {
2704 Chain::Mainnet => sui_name_service::NameServiceConfig::mainnet(),
2705 Chain::Testnet => sui_name_service::NameServiceConfig::testnet(),
2706 Chain::Unknown => sui_name_service::NameServiceConfig::default(),
2707 }
2708 };
2709
2710 server.register_module(IndexerApi::new(
2711 state.clone(),
2712 ReadApi::new(state.clone(), kv_store.clone(), metrics.clone()),
2713 kv_store,
2714 name_service_config,
2715 metrics,
2716 config.indexer_max_subscriptions,
2717 ))?;
2718 server.register_module(MoveUtils::new(state.clone()))?;
2719
2720 let server_type = config.jsonrpc_server_type();
2721
2722 Ok(server.to_router(server_type).await?)
2723}
2724
2725fn remove_legacy_rpc_index_store(db_path: &Path) {
2734 let legacy_dir = db_path.join("rpc-index");
2735 match std::fs::remove_dir_all(&legacy_dir) {
2736 Ok(()) => info!(
2737 "removed legacy rpc-index directory {}",
2738 legacy_dir.display()
2739 ),
2740 Err(e) if e.kind() == std::io::ErrorKind::NotFound => {}
2743 Err(e) => warn!(
2744 "failed to remove legacy rpc-index directory {}: {e:?}",
2745 legacy_dir.display()
2746 ),
2747 }
2748}
2749
2750async fn build_http_servers(
2751 state: Arc<AuthorityState>,
2752 store: RocksDbStore,
2753 transaction_orchestrator: &Option<Arc<TransactionOrchestrator<NetworkAuthorityClient>>>,
2754 config: &NodeConfig,
2755 prometheus_registry: &Registry,
2756 server_version: ServerVersion,
2757 node_role: NodeRole,
2758 embedded_rpc_store: Option<&EmbeddedRpcStore>,
2759) -> Result<(
2760 HttpServers,
2761 Option<tokio::sync::broadcast::Sender<Arc<Checkpoint>>>,
2762)> {
2763 if !node_role.is_fullnode() {
2765 return Ok((HttpServers::default(), None));
2766 }
2767
2768 info!("starting rpc service with config: {:?}", config.rpc);
2769
2770 let mut router = axum::Router::new();
2771
2772 if config.json_rpc_enabled() {
2776 router = router.merge(
2777 build_json_rpc_router(
2778 &state,
2779 transaction_orchestrator,
2780 config,
2781 prometheus_registry,
2782 )
2783 .await?,
2784 );
2785 } else {
2786 info!("json-rpc service is disabled");
2787 }
2788
2789 let indexed_checkpoint = embedded_rpc_store.map(|embedded| embedded.indexed_checkpoint_fn());
2793 let subscription_watermark_interval = config
2794 .rpc
2795 .as_ref()
2796 .and_then(|rpc| rpc.subscription_watermark_interval);
2797 let subscription_shards = config.rpc.as_ref().and_then(|rpc| rpc.subscription_shards);
2798 let (subscription_service_checkpoint_sender, subscription_service_handle) =
2799 SubscriptionService::build(
2800 prometheus_registry,
2801 indexed_checkpoint,
2802 subscription_watermark_interval,
2803 subscription_shards,
2804 );
2805 let rpc_router = {
2806 let reader: Arc<dyn RpcStateReader> = match embedded_rpc_store {
2810 Some(embedded) => Arc::new(RpcStoreReadStore::new(
2811 state.clone(),
2812 store,
2813 embedded.reader(),
2814 )),
2815 None => Arc::new(RestReadStore::new(state.clone(), store)),
2816 };
2817 let mut rpc_service = sui_rpc_api::RpcService::new(reader);
2818 rpc_service.with_server_version(server_version);
2819
2820 if let Some(config) = config.rpc.clone() {
2821 config.validate()?;
2822 rpc_service.with_config(config);
2823 }
2824
2825 rpc_service.with_metrics(RpcMetrics::new(prometheus_registry));
2826 rpc_service.with_subscription_service(subscription_service_handle);
2827
2828 if let Some(transaction_orchestrator) = transaction_orchestrator {
2829 rpc_service.with_executor(transaction_orchestrator.clone())
2830 }
2831
2832 rpc_service.into_router().await
2833 };
2834
2835 let layers = ServiceBuilder::new()
2836 .map_request(|mut request: axum::http::Request<_>| {
2837 if let Some(connect_info) = request.extensions().get::<sui_http::ConnectInfo>() {
2838 let axum_connect_info = axum::extract::ConnectInfo(connect_info.remote_addr);
2839 request.extensions_mut().insert(axum_connect_info);
2840 }
2841 request
2842 })
2843 .layer(axum::middleware::from_fn(server_timing_middleware))
2844 .layer(
2846 tower_http::cors::CorsLayer::new()
2847 .allow_methods([http::Method::GET, http::Method::POST])
2848 .allow_origin(tower_http::cors::Any)
2849 .allow_headers(tower_http::cors::Any)
2850 .expose_headers(tower_http::cors::Any),
2851 );
2852
2853 router = router.merge(rpc_router).layer(layers);
2854
2855 let https = if let Some((tls_config, https_address)) = config
2856 .rpc()
2857 .and_then(|config| config.tls_config().map(|tls| (tls, config.https_address())))
2858 {
2859 let tls_server_config = https_rustls_config(tls_config.cert(), tls_config.key())?;
2860 let https = sui_http::Builder::new()
2861 .tls_config(tls_server_config)
2862 .serve(https_address, router.clone())
2863 .map_err(|e| anyhow::anyhow!(e))?;
2864
2865 info!(
2866 https_address =? https.local_addr(),
2867 "HTTPS rpc server listening on {}",
2868 https.local_addr()
2869 );
2870
2871 Some(https)
2872 } else {
2873 None
2874 };
2875
2876 let http = sui_http::Builder::new()
2877 .serve(&config.json_rpc_address, router)
2878 .map_err(|e| anyhow::anyhow!(e))?;
2879
2880 info!(
2881 http_address =? http.local_addr(),
2882 "HTTP rpc server listening on {}",
2883 http.local_addr()
2884 );
2885
2886 Ok((
2887 HttpServers {
2888 http: Some(http),
2889 https,
2890 },
2891 Some(subscription_service_checkpoint_sender),
2892 ))
2893}
2894
2895fn https_rustls_config(cert: &str, key: &str) -> Result<sui_http::rustls::ServerConfig> {
2904 use sui_http::rustls;
2905 use sui_http::rustls::pki_types::pem::PemObject;
2906
2907 let certs = rustls::pki_types::CertificateDer::pem_file_iter(cert)
2908 .with_context(|| format!("failed to read TLS certificate chain from {cert}"))?
2909 .collect::<Result<Vec<_>, _>>()
2910 .with_context(|| format!("failed to parse TLS certificate chain from {cert}"))?;
2911 let private_key = rustls::pki_types::PrivateKeyDer::from_pem_file(key)
2912 .with_context(|| format!("failed to read TLS private key from {key}"))?;
2913 let config = rustls::ServerConfig::builder_with_provider(Arc::new(
2914 rustls::crypto::ring::default_provider(),
2915 ))
2916 .with_protocol_versions(rustls::DEFAULT_VERSIONS)?
2917 .with_no_client_auth()
2918 .with_single_cert(certs, private_key)?;
2919 Ok(config)
2920}
2921
2922#[derive(Default)]
2923struct HttpServers {
2924 #[allow(unused)]
2925 http: Option<sui_http::ServerHandle>,
2926 #[allow(unused)]
2927 https: Option<sui_http::ServerHandle>,
2928}
2929
2930#[cfg(test)]
2931mod tests {
2932 use super::*;
2933 use prometheus::Registry;
2934 use std::collections::BTreeMap;
2935 use sui_config::node::{ForkCrashBehavior, ForkRecoveryConfig};
2936 use sui_core::checkpoints::{CheckpointMetrics, CheckpointStore};
2937 use sui_types::digests::{CheckpointDigest, TransactionDigest, TransactionEffectsDigest};
2938
2939 #[test]
2943 fn removes_only_the_legacy_rpc_index_directory() {
2944 let db = tempfile::tempdir().unwrap();
2945 let legacy = db.path().join("rpc-index");
2946 let sibling = db.path().join("indexes");
2947 std::fs::create_dir(&legacy).unwrap();
2948 std::fs::create_dir(&sibling).unwrap();
2949 std::fs::write(legacy.join("CURRENT"), b"stale").unwrap();
2950
2951 remove_legacy_rpc_index_store(db.path());
2952 assert!(
2953 !legacy.exists(),
2954 "legacy rpc-index directory should be gone"
2955 );
2956 assert!(sibling.exists(), "sibling stores must be left untouched");
2957
2958 remove_legacy_rpc_index_store(db.path());
2961 assert!(!legacy.exists());
2962 assert!(sibling.exists());
2963 }
2964
2965 #[tokio::test]
2966 async fn test_fork_error_and_recovery_both_paths() {
2967 let checkpoint_store = CheckpointStore::new_for_tests();
2968 let checkpoint_metrics = CheckpointMetrics::new(&Registry::new());
2969
2970 let seq_num = 42;
2972 let digest = CheckpointDigest::random();
2973 checkpoint_store
2974 .record_checkpoint_fork_detected(seq_num, digest)
2975 .unwrap();
2976
2977 let fork_recovery = ForkRecoveryConfig {
2978 transaction_overrides: Default::default(),
2979 checkpoint_overrides: Default::default(),
2980 fork_crash_behavior: ForkCrashBehavior::ReturnError,
2981 };
2982
2983 let r = SuiNode::check_and_recover_forks(
2984 &checkpoint_store,
2985 &checkpoint_metrics,
2986 Some(&fork_recovery),
2987 )
2988 .await;
2989 assert!(r.is_err());
2990 assert!(
2991 r.unwrap_err()
2992 .to_string()
2993 .contains("Checkpoint fork detected")
2994 );
2995
2996 let mut checkpoint_overrides = BTreeMap::new();
2997 checkpoint_overrides.insert(seq_num, digest.to_string());
2998 let fork_recovery_with_override = ForkRecoveryConfig {
2999 transaction_overrides: Default::default(),
3000 checkpoint_overrides,
3001 fork_crash_behavior: ForkCrashBehavior::ReturnError,
3002 };
3003 let r = SuiNode::check_and_recover_forks(
3004 &checkpoint_store,
3005 &checkpoint_metrics,
3006 Some(&fork_recovery_with_override),
3007 )
3008 .await;
3009 assert!(r.is_ok());
3010 assert!(
3011 checkpoint_store
3012 .get_checkpoint_fork_detected()
3013 .unwrap()
3014 .is_none()
3015 );
3016
3017 let tx_digest = TransactionDigest::random();
3019 let expected_effects = TransactionEffectsDigest::random();
3020 let actual_effects = TransactionEffectsDigest::random();
3021 checkpoint_store
3022 .record_transaction_fork_detected(tx_digest, expected_effects, actual_effects)
3023 .unwrap();
3024
3025 let fork_recovery = ForkRecoveryConfig {
3026 transaction_overrides: Default::default(),
3027 checkpoint_overrides: Default::default(),
3028 fork_crash_behavior: ForkCrashBehavior::ReturnError,
3029 };
3030 let r = SuiNode::check_and_recover_forks(
3031 &checkpoint_store,
3032 &checkpoint_metrics,
3033 Some(&fork_recovery),
3034 )
3035 .await;
3036 assert!(r.is_err());
3037 assert!(
3038 r.unwrap_err()
3039 .to_string()
3040 .contains("Transaction fork detected")
3041 );
3042
3043 let mut transaction_overrides = BTreeMap::new();
3044 transaction_overrides.insert(tx_digest.to_string(), actual_effects.to_string());
3045 let fork_recovery_with_override = ForkRecoveryConfig {
3046 transaction_overrides,
3047 checkpoint_overrides: Default::default(),
3048 fork_crash_behavior: ForkCrashBehavior::ReturnError,
3049 };
3050 let r = SuiNode::check_and_recover_forks(
3051 &checkpoint_store,
3052 &checkpoint_metrics,
3053 Some(&fork_recovery_with_override),
3054 )
3055 .await;
3056 assert!(r.is_ok());
3057 assert!(
3058 checkpoint_store
3059 .get_transaction_fork_detected()
3060 .unwrap()
3061 .is_none()
3062 );
3063 }
3064}