Context and Scope

Currently a baker binary is produced for each protocol. At migration between two protocols (P1 and P2), it forces users to run two bakers:

• P1-baker to be able to bake/(pre)attest until migration, potentially bake the migration block
• P2-baker to bake/(pre)attest after migration

This leads to very bad user experience. We continuously have to remind bakers of this and they have to adapt their infra for migration only. This is true for all networks, including weeklynet that starts with a migration and thus migrates once per week. This might lead to poor participation to this network.
Besides, this is error prone, it often occurs that bakers fail to run both bakers, or make mistakes and end up running twice the same baker, putting them at risk of double signing and being slashed.

Besides,  our monitoring tools only show the hash of the head commit used to compile the octez baker binary that baked the latest block of the baker. This gives too few information. In particular, it does not tell us the version of the node the baker is connected to, nor if the baker is running both binaries in case of a protocol migration. 

Goals and Non goals

Goals:

• handle baker migration during protocol upgrade automatically
  • automatically start second baker before migration
  • automatically stops first baker after migration 
• increase our confidence in baker infra, our knowledge on its running version of bakers/nodes
  • ensure both bakers are built using the right octez version
  • ensure they are able to handle migration correctly (using automatic migration tests)
  • increase confidence in the baking node version used by bakers
• fully compatible with current baker command arguments

Non goals:

• TBD

Stretch-goals:

• Make the baker hypervisor a library for other octez-binaries to use

Future improvements (not to be done in this project):

• Handle the baking node with the same hypervisor

Design

General design:

• Checks node version, only starts if node version is high enough (can be bypassed with an option for tests and advanced users)
• Wait to be bootstrapped
• Start curr_baker based on protocol in head
• Monitor new_heads and voting periods
• Start next_baker in adoption period
• Kill curr_baker after several blocks in new protocol

First implementation:

• Build a binary that controls both existing baker binaries. 

Improvement:

• Use a single binary that automatically forks processes for both bakers

Work breakdown - Phase 1 -- OUTDATED

• Deliverable 1
  • Check node version in alpha baker #7359 (closed) !14044 (merged)
  • Backport node version check in parisc baker !14492 (merged)
  • Add option to accept specific node version !14189 (merged)
• Deliverable 2
  • Create a new binary that only starts a baker binary with the right parameters !14489 (closed)
  • (In a temporary branch for validation only) replace baker binaries in tezt with the new baker (keep the commit(s) for future tests)
  • Monitor heads and stop baker when enough blocks have been baked with a more recent protocol
  • Monitor voting periods and start a new baker when adoption period starts
• Deliverable 3
  • Test (tezt) that migrations are handled correctly with the new agnostic baker handler
  • Add more tests for special cases (multiple bakers, with a remote signer, with a ledger etc.) The goal here is to be on par (or better) than with the current bakers
• Deliverable 4 (to be refined)
  • Replace binary calls with process forks

Work breakdown - Phase 2

Share delegate cmd. line args amongst baker daemon -- Cancelled

• Introduce a lib to factorise and shard baker command line arguments
  • Create a lib_delegate_config
  • Extract some Shared_args as done in lib_node_config
• Assume that the delegates of every proto are sharing the same argos
• Introduce some genericity to allow specific arguments for specific protocols
  • Implement a signature specific to one or several protocol environment
• (Optional: generalise to the accuser)

Dummy agnostic baker (@vect0r)

• Introduce a dummy agnostic baker (TZenbaker ?) that only spawn the alpha baker internally
  • Introduce dummy agnostic baker !15029 (merged)
  • Prevent agnostic baker to be run without arguments !15202 (merged)
• Along to the running baker, add a daemon that monitors a node and displays period informations
  • Agnostic bakers monitors voting periods !15046 (merged)

Simple Agnostic baker (@vect0r)

• Based on the daemon, spawn and stop baker right on time
  • Agnostic baker starts on known proto !15071 (merged)
  • Agnostic baker: improve logs !15072 (merged)
  • Agnostic baker switches on new protocol !15305 (merged)
  • Agnostic baker refacto/cleanup !15324 (merged)
• Secure baker lifecycle by introducing a daemon that will restart crashed bakers
  • Lift process watchdog as dedicated lib !15485 (merged) (side MR)
  • Agnostic baker benefits from generic watchdog !15508 (merged)
  • Introduce baker resilience test !15513 (merged)
• Plug the agnostic baker into Tezt
  • Agnostic baker switches on new protocol !15305 (merged)

Consolidate agnostic baker (@gabriel.moise, @vch9, @vect0r)

• Design document

• Improve and add more tezt testing #7761 (closed)

  • Add remote signer option to agnostic baker tezt test !16201 (merged)
  • Check Ledger support - done on ghostnet - schedule
  • Fix test issue generated by addition of --without-dal flag !16426 (merged)
  • Replace Baker with Agnostic_baker module !16833 (merged)
  • Add agnostic baker scenarios for protocol migration !16878 (merged)
  • Revert change from kill to terminate #7786 (closed) !17442 (merged)
  • More replacing of Baker with Agnostic_baker !17294 (merged)
  • Fix --keep-alive tezt !17866 (merged)

• Agnostic baker becomes EXPERIMENTAL release

  • Change the name of the binary to octez-experimental-agnostic-baker !16434 (merged)
  • Make octez-agnostic-baker releasable from manifest (but experimental) !16318 (merged)
  • Fix tezt test !16492 (merged)
  • Add documentation and changelog !16491 (merged)
  • Remove experimental notion from the agnostic baker !17491 (merged)
  • Remove agnostic term from the agnostic baker !17851 (closed)

• Remove dependency on baking binaries

  • Dependency graph
  • Refactor agnostic baker to directly call the main entrypoint of the necessary bakers !16583 (merged)
  • Move shell code from plugin to agnostic baker !16730 (merged)
  • Unify CLI #7762 (closed) !16968 (merged)
  • Introduce safety delay when migrating from old baker to new one #7818 (closed) !17285 (merged)
  • Remove differences between CLIs agnostic baker vs protocol baker #7852 (closed) !17348 (merged)
  • Fix manual command !17410 (merged)
  • Remove Baker module from tezt #7773 (closed) !17397 (merged)
  • Fix empty command line !17652 (merged)
  • Fix --keep-alive option !17685 (merged)
  • Add agnostic-baker to sandbox !17695 (merged)
  • Add config commands for the agnostic baker - !17522 (closed) (draft)

• PROFILING !17050 (merged)

• TEZT-CLOUD scenarios:

  • Fix double logging issue !17227 (merged)
  • Adapt existing layer 1 scenario to use agnostic bakers !17069 (merged)
  • Add migration option for layer 1 scenario !17231 (merged)

• Improve code quality and documentation !17440 (merged)

Packaging + consolidation (@vch9)

• Agnostic baker debian package #7764 (closed) !17580 (merged)
• Agnostic baker rpm package !17600 (merged)
• Purge logs for baker packages !17720 (merged)
• Homebrew: Add to formula !17612 (merged)
• Remove agnostic term from executable #7904 (closed) !17747 (merged)
• Merge into single octez-baker package !17759 (merged)
• Recommend using octez-baker instead of protocol binaries !17782 (merged)
• Pipeline with remote mode baker !17786 (merged)
• Add agnostic accuser package !17868 (merged)

Agnostic accuser (@gabriel.moise)

• Add run accuser command option to the agnostic baker - !17767 (merged)
• Introduction of the agnostic accuser binary - !17738 (merged)
• Tezt testing (with migration scenarios) - !17810 (merged)
• Documentation - !17826 (merged)
• Add --with-accuser optional argument for baker - !17873 (closed)
• Tezt_cloud: Add option to run accusers - !17882 (closed)

Risks:

• Risks are very high here
• It is likely to bring a lot of flakiness to Tezt
• The handling of the remote signers/ledger is likely to bring unexpected behaviours