Add snapshot booting proposal#6936
Add snapshot booting proposal#6936TristanDebrunner wants to merge 26 commits intosolana-labs:masterfrom
Conversation
TristanDebrunner
requested review from
aeyakovenko,
carllin,
mvines and
sagar-solana
|
The PR problem description doesn't describe a problem. |
|
That better @garious? |
TristanDebrunner
force-pushed
the
add-cold-boot-design
branch
from
202faa4 to
6484207
Compare
|
After re-writing the problem description, I think it may be better to split this into two parts:
|
Though I'm not sure where restoring lockouts fits in, might be a third part. |
carllin
force-pushed
the
add-cold-boot-design
branch
8 times, most recently
from
6d9bf99 to
46beaad
Compare
|
I just spoke offline with greg, and he suggested that all the vote txs applied to the working banks should be included in the snapshots, then a validator can verify the signatures and be fully confident in the snapshot just from the information it contains. |
|
My suggestion was that any vote on the slot height of the snapshot be included in the snapshot. After signature verification, the validator can be certain that a trusted validator calculated a bank hash that matches the hash of the accounts in the snapshot. Any use of validator stake to add weight to the notion of a "trusted" validator is completely optional. And the votes don't need to be on the ledger, since it's a slashable offense to vote on any other blockhash at that same slot height. |
|
@garious, @TristanDebrunner, I think it would have to be a vote on the bank hash of the snapshot, otherwise, a somebody malicious could make up bank state in the snapshot. A few questions:
|
|
@carllin, regarding the canary procedure, I think you might be two steps ahead of me and solving problems I haven't worked up to yet. If we have a valid snapshot, I think the next problem is: validator is not caught up to tip and therefore cannot vote and collect rewards. So, of course, the validator would make repair requests. What problems will it encounter there? |
|
@garious, we are hoping repairman + repair will be sufficient to catch the validator up, but this has not been validated on a network going full throttle |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
stale
Bot
added
the
stale
t-nelson
removed
the
stale
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
stale
Bot
added
the
stale
t-nelson
removed
the
stale
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
stale
Bot
added
the
stale
|
This stale pull request has been automatically closed. Thank you for your contributions. |
stale
Bot
removed
the
stale
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
stale
Bot
added
the
stale
|
This stale pull request has been automatically closed. Thank you for your contributions. |
stale
Bot
removed
the
stale
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
stale
Bot
added
the
stale
|
This stale pull request has been automatically closed. Thank you for your contributions. |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
|
⚰️ |
9 participants
Problem
A validator booting from a snapshot doesn't ensure that it is caught up and connected to the correct cluster before it starts voting.
Summary of Changes
Add a design proposal for confirming that a validator is caught up.
Towards #6727