fix: uniformize keymanager (ethereum#534)

Author: barnabasbusa

main.star

@@ -88,10 +88,7 @@ def run(plan, args={}):
         src=static_files.KEYMANAGER_PATH_FILEPATH,
         name="keymanager_file",
     )
-    keymanager_p12_file = plan.upload_files(
-        src=static_files.KEYMANAGER_P12_PATH_FILEPATH,
-        name="keymanager_p12_file",
-    )
+
     plan.print("Read the prometheus, grafana templates")
 
     plan.print(
@@ -111,7 +108,6 @@ def run(plan, args={}):
         args_with_right_defaults.global_log_level,
         jwt_file,
         keymanager_file,
-        keymanager_p12_file,
         persistent,
         xatu_sentry_params,
         global_tolerations,

src/cl/cl_launcher.star

@@ -20,7 +20,6 @@ def launch(
     el_cl_data,
     jwt_file,
     keymanager_file,
-    keymanager_p12_file,
     participants,
     all_el_contexts,
     global_log_level,
@@ -73,7 +72,6 @@ def launch(
                 jwt_file,
                 network_params.network,
                 keymanager_file,
-                keymanager_p12_file,
             ),
             "launch_method": teku.launch,
         },

src/cl/grandine/grandine_launcher.star

@@ -284,7 +284,13 @@ def get_beacon_config(
         "--enable-private-discovery",
     ]
 
-    keymanager_api_cmd = []
+    keymanager_api_cmd = [
+        "--enable-validator-api",
+        "--validator-api-address=0.0.0.0",
+        "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
+        "--validator-api-allowed-origins=*",
+        # "--validator-api-bearer-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER, Not yet supported
+    ]
 
     if network not in constants.PUBLIC_NETWORKS:
         cmd.append(
@@ -356,10 +362,9 @@ def get_beacon_config(
             VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER
         ] = node_keystore_files.files_artifact_uuid
 
-        # Keymanager is still unimplemented in grandine
-        # if keymanager_enabled:
-        #     cmd.extend(keymanager_api_cmd)
-        #     ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
+        if keymanager_enabled:
+            cmd.extend(keymanager_api_cmd)
+            ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
 
     if persistent:
         files[BEACON_DATA_DIRPATH_ON_SERVICE_CONTAINER] = Directory(

src/cl/teku/teku_launcher.star

@@ -131,7 +131,6 @@ def launch(
         launcher.jwt_file,
         keymanager_enabled,
         launcher.keymanager_file,
-        launcher.keymanager_p12_file,
         launcher.network,
         image,
         beacon_service_name,
@@ -213,7 +212,6 @@ def get_beacon_config(
     jwt_file,
     keymanager_enabled,
     keymanager_file,
-    keymanager_p12_file,
     network,
     image,
     service_name,
@@ -310,11 +308,9 @@ def get_beacon_config(
         "--validator-api-host-allowlist=*",
         "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
         "--validator-api-interface=0.0.0.0",
-        "--validator-api-keystore-file="
-        + constants.KEYMANAGER_P12_MOUNT_PATH_ON_CONTAINER,
-        "--validator-api-keystore-password-file="
-        + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
-        "--validator-api-docs-enabled=true",
+        "--validator-api-bearer-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
+        "--Xvalidator-api-ssl-enabled=false",
+        "--Xvalidator-api-unsafe-hosts-enabled=true",
     ]
 
     if network not in constants.PUBLIC_NETWORKS:
@@ -386,10 +382,9 @@ def get_beacon_config(
         files[
             VALIDATOR_KEYS_DIRPATH_ON_SERVICE_CONTAINER
         ] = node_keystore_files.files_artifact_uuid
-        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
-        files[constants.KEYMANAGER_P12_MOUNT_PATH_ON_CLIENTS] = keymanager_p12_file
 
         if keymanager_enabled:
+            files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
             cmd.extend(keymanager_api_cmd)
             ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
 
@@ -426,13 +421,10 @@ def get_beacon_config(
     )
 
 
-def new_teku_launcher(
-    el_cl_genesis_data, jwt_file, network, keymanager_file, keymanager_p12_file
-):
+def new_teku_launcher(el_cl_genesis_data, jwt_file, network, keymanager_file):
     return struct(
         el_cl_genesis_data=el_cl_genesis_data,
         jwt_file=jwt_file,
         network=network,
         keymanager_file=keymanager_file,
-        keymanager_p12_file=keymanager_p12_file,
     )

src/package_io/input_parser.star

@@ -19,13 +19,13 @@ DEFAULT_CL_IMAGES = {
     "teku": "consensys/teku:latest",
     "nimbus": "statusim/nimbus-eth2:multiarch-latest",
     "prysm": "gcr.io/prysmaticlabs/prysm/beacon-chain:latest",
-    "lodestar": "chainsafe/lodestar:latest",
+    "lodestar": "chainsafe/lodestar:next",
     "grandine": "ethpandaops/grandine:develop",
 }
 
 DEFAULT_VC_IMAGES = {
     "lighthouse": "sigp/lighthouse:latest",
-    "lodestar": "chainsafe/lodestar:latest",
+    "lodestar": "chainsafe/lodestar:next",
     "nimbus": "statusim/nimbus-validator-client:multiarch-latest",
     "prysm": "gcr.io/prysmaticlabs/prysm/validator:latest",
     "teku": "consensys/teku:latest",

src/participant_network.star

@@ -34,7 +34,6 @@ def launch_participant_network(
     global_log_level,
     jwt_file,
     keymanager_file,
-    keymanager_p12_file,
     persistent,
     xatu_sentry_params,
     global_tolerations,
@@ -170,7 +169,6 @@ def launch_participant_network(
         el_cl_data,
         jwt_file,
         keymanager_file,
-        keymanager_p12_file,
         participants,
         all_el_contexts,
         global_log_level,
@@ -309,7 +307,6 @@ def launch_participant_network(
             plan=plan,
             launcher=vc.new_vc_launcher(el_cl_genesis_data=el_cl_data),
             keymanager_file=keymanager_file,
-            keymanager_p12_file=keymanager_p12_file,
             service_name="vc-{0}-{1}-{2}".format(index_str, vc_type, el_type),
             vc_type=vc_type,
             image=participant.vc_image,

src/vc/lighthouse.star

@@ -82,9 +82,6 @@ def get_config(
         "--unencrypted-http-transport",
     ]
 
-    if not (constants.NETWORK_NAME.verkle in network or electra_fork_epoch != None):
-        cmd.append("--produce-block-v3")
-
     if len(extra_params):
         cmd.extend([param for param in extra_params])
 

src/vc/lodestar.star

@@ -14,6 +14,7 @@ VERBOSITY_LEVELS = {
 
 def get_config(
     el_cl_genesis_data,
+    keymanager_file,
     image,
     participant_log_level,
     global_log_level,
@@ -72,6 +73,7 @@ def get_config(
         "--keymanager.port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
         "--keymanager.address=0.0.0.0",
         "--keymanager.cors=*",
+        "--keymanager.tokenFile=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
     ]
 
     if len(extra_params) > 0:
@@ -87,6 +89,7 @@ def get_config(
     ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS)
 
     if keymanager_enabled:
+        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
         cmd.extend(keymanager_api_cmd)
         ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
 

src/vc/prysm.star

@@ -8,6 +8,7 @@ PRYSM_BEACON_RPC_PORT = 4000
 
 def get_config(
     el_cl_genesis_data,
+    keymanager_file,
     image,
     beacon_http_url,
     cl_context,
@@ -56,12 +57,7 @@ def get_config(
         "--rpc",
         "--rpc-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
         "--rpc-host=0.0.0.0",
-    ]
-
-    keymanager_api_cmd = [
-        "--rpc",
-        "--rpc-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
-        "--rpc-host=0.0.0.0",
+        "--keymanager-token-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
     ]
 
     if cl_context.client_name != constants.CL_TYPE.prysm:
@@ -86,6 +82,7 @@ def get_config(
     ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS)
 
     if keymanager_enabled:
+        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
         cmd.extend(keymanager_api_cmd)
         ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)
 

src/vc/teku.star

@@ -6,7 +6,6 @@ vc_shared = import_module("./shared.star")
 def get_config(
     el_cl_genesis_data,
     keymanager_file,
-    keymanager_p12_file,
     image,
     beacon_http_url,
     cl_context,
@@ -61,10 +60,9 @@ def get_config(
         "--validator-api-host-allowlist=*",
         "--validator-api-port={0}".format(vc_shared.VALIDATOR_HTTP_PORT_NUM),
         "--validator-api-interface=0.0.0.0",
-        "--validator-api-keystore-file="
-        + constants.KEYMANAGER_P12_MOUNT_PATH_ON_CONTAINER,
-        "--validator-api-keystore-password-file="
-        + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
+        "--validator-api-bearer-file=" + constants.KEYMANAGER_MOUNT_PATH_ON_CONTAINER,
+        "--Xvalidator-api-ssl-enabled=false",
+        "--Xvalidator-api-unsafe-hosts-enabled=true",
     ]
 
     if len(extra_params) > 0:
@@ -74,14 +72,13 @@ def get_config(
     files = {
         constants.GENESIS_DATA_MOUNTPOINT_ON_CLIENTS: el_cl_genesis_data.files_artifact_uuid,
         vc_shared.VALIDATOR_CLIENT_KEYS_MOUNTPOINT: node_keystore_files.files_artifact_uuid,
-        constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS: keymanager_file,
-        constants.KEYMANAGER_P12_MOUNT_PATH_ON_CLIENTS: keymanager_p12_file,
     }
 
     ports = {}
     ports.update(vc_shared.VALIDATOR_CLIENT_USED_PORTS)
 
     if keymanager_enabled:
+        files[constants.KEYMANAGER_MOUNT_PATH_ON_CLIENTS] = keymanager_file
         cmd.extend(keymanager_api_cmd)
         ports.update(vc_shared.VALIDATOR_KEYMANAGER_USED_PORTS)