98.6% OF DEVELOPERS CANNOT REVIEW THIS PR! [read more...] #7337
Conversation
…ut-worker-binaries
…ut-worker-binaries
…ut-worker-binaries
…ut-worker-binaries
…ut-worker-binaries
s0me0ne-unkn0wn
added
A0-please_review
Why do collators need validation workers? For malus, I think it should just work if everything is in the same directory. I imagine a single folder where the polkadot, malus and worker binaries live - have not checked, but isn't this how things end up in the target directory? |
I found out that they don't, however we still instantiate the whole candidate-validation subsystem for collators and that requires workers currently. I'm not sure how easy it would be to remove that subsystem. I guess we can just pass whatever path for the workers since they should never get used, but that seems ugly. Or pass
Yep. |
That's worth experimenting with, but it might be as simple as popping in a |
Cool, I see we do that for pvf-checker too. I've just tried it and it works and collators function normally. So I will go with this and implement @ordian's suggestion, seems cleaner overall! |
+ [X] Remove --dont-run-external-workers + [X] Add --disable-worker-version-check + [X] Remove PVF subcommands + [X] Redo malus changes
|
As long as there is a reasonable way to bypass the check, and we can still somewhat hackily copy around binaries if necessary, I think we're all good. ZombieNet is often overkill for small one-off test scenarios. |
|
Thanks @rphmeier, much appreciate your help! I think we are all set to merge this on Monday. 😁 |
|
bot merge |
|
Error: Github API says paritytech/cumulus#2929 is not mergeable |
|
bot merge |
paritytech-processbot
bot
deleted the
mrcnski/pvf-split-out-worker-binaries
branch
* Companion for Polkadot#7337 Companion for paritytech/polkadot#7337 * Remove unnecessary items relating to PVF workers * Remove `dont_use_external_workers` parameter * Update Cargo.lock * update lockfile for {"polkadot", "substrate"} * Update Cargo.lock * update lockfile for {"polkadot", "substrate"} --------- Co-authored-by: parity-processbot <>
paritytech/polkadot#7337 changed that polkadot requires three binaries which is required for the integration tests.
paritytech/polkadot#7337 changed that polkadot requires three binaries which is required for the integration tests.
Overview
This PR separates Polkadot node functionality into three binaries: the main
polkadotbinary that is started by a user to run the node (as it always has been) and two auxiliary binaries,polkadot-prepare-workerandpolkadot-execute-workerwhich are not intended for any user interaction and are only run by the node software itself. The auxiliary binaries are actually only required if the node runs as a validator, but in the current design, the node will fail to run without them even if it's not a validator.TL;DR: Why separate binaries?
We want to implement[mrcnski: I don't think this is relevant? We don't need separate binaries to enable landlock on the spawned processes.]landlocksandboxing, which should be enabled for the whole process. Although that does not strictly require a separate binary, it is much easier to implement if binaries are split-out. (See PVF worker: consider securing withlandlock#7243 and discussions in PVF worker: restrict networking #7334)seccomp-based sandboxing, will benefit from split-out binaries. (See PVF host: sandbox/harden worker process polkadot-sdk#882, PVF worker: restrict network access polkadot-sdk#619, PVF: Research the use of CPU virtualization for PVF execution polkadot-sdk#652)Placement of binaries in the filesystem
When users install from source or download pre-compiled binaries, they are free to place them anywhere in the filesystem as long as the location allows for binary execution and all three are in the same directory. A new
--workers-pathcommand line option is provided for those requiring to place the auxiliary binaries into a different location. That option also allows users to specify the binary itself, in which case it will be used for both preparation and execution jobs, but it is only intended for testing and development.When installing from
.debpackage, the main binary goes to/usr/bin, and the auxiliary ones go to/usr/libexec. This is due to FHS Specification, which prohibits polluting/usr/binwith binaries that are not intended to be run directly by users, and.debpackages must comply with it.When the node starts, if the location of the auxiliary binaries is not specified explicitly with
--workers-path, it searches for them in the directory where the main binary resides and then in/usr/libexec. If not found, it falls back to executing them from$PATH.UX implications
The vast majority of usual users (those who use
.debpackages, docker images, or build and install from source) will not notice any difference. Auxiliary binaries are built automatically and placed into a proper location by the package manager or installation procedure. However, some individual users running in more sophisticated configurations may need some handwork to make things run. We must provide them with the proper documentation to make it possible to deploy the node in any configuration.Original discussions
UX implications of PVF executor environment versioning
UX of distributing multiple binaries [take 2]
Proposed documentation changes
w3f/polkadot-wiki#4860
Cumulus companion: paritytech/cumulus#2929