-
Notifications
You must be signed in to change notification settings - Fork 296
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'eichhorl/key-alert' into 'master'
feat(consensus): CON-1041 ECDSA public key monitoring Currently, if a subnet changes or loses its ECDSA key due to a bug, for instance after a replica upgrade, we will not be aware of it until the issue propagates to users. With this MR we instead detect such a situation by inspecting the CUP of an ECDSA subnet. If its key differs from the one included in the previous CUP of the subnet, we increment an error metric and raise an alert. In particular, by upgrading the ECDSA backup subnet first, this would allow us to be notified of certain problems in advance of upgrading the ECDSA signing subnet. Note the [Design document](https://docs.google.com/document/d/1WBMkPHbUe8R4IWtuQsrOvlcKPzN14dwC6A4QvGUXyJc/edit) primarily talks about only monitoring the first CUP after an upgrade. Here we extend this idea to analogously compare every new CUP with the previous one. One problem is monitoring key changes done in the last CUP before a restart. As the orchestrator typically shuts down immediately after inspecting the CUP, the error metric is reset before it can be scraped. This can be fixed by persisting the metric in the orchestrator's data directory, which will be done in a follow-up MR. See merge request dfinity-lab/public/ic!13013
- Loading branch information
Showing
7 changed files
with
322 additions
and
11 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.