Merge pull request #1815 from input-output-hk/jpraynaud/1814-calibrate-cardano-transaction-parameters

Configure Cardano transaction signing parameters with CI/CD

Author: jpraynaud

.github/workflows/actions/deploy-terraform-infrastructure/action.yml

@@ -107,9 +107,15 @@ inputs:
   mithril_aggregator_cardano_transactions_prover_cache_pool_size:
     description: Mithril aggregator cardano transactions prover cache pool size.
     required: true
-  cardano_transactions_database_connection_pool_size:
+  mithril_aggregator_cardano_transactions_database_connection_pool_size:
     description: Mithril aggregator cardano transactions database connection pool size.
     required: true
+  mithril_aggregator_cardano_transactions_signing_config_security_parameter:
+    description: Mithril aggregator number of blocks to discard from the tip of the chain when importing Cardano transactions
+    required: true
+  mithril_aggregator_cardano_transactions_signing_config_step:
+    description: Mithril aggregator number of blocks between signature of the Cardano transactions
+    required: true
   prometheus_auth_username:
     description: Prometheus metrics endpoint username.
     required: false
@@ -160,46 +166,48 @@ runs:
       working-directory: mithril-infra
       run: |
         cat > ./env.variables.tfvars << EOF
-          environment_prefix                                             = "${{ inputs.environment_prefix }}"
-          cardano_network                                                = "${{ inputs.cardano_network }}"
-          cardano_image_id                                               = "${{ inputs.cardano_node_version }}"
-          cardano_image_registry                                         = "${{ inputs.cardano_node_docker_registry }}"
-          google_region                                                  = "${{ inputs.google_region }}"
-          google_zone                                                    = "${{ inputs.google_zone }}"
-          google_machine_type                                            = "${{ inputs.google_machine_type }}"
-          google_compute_instance_boot_disk_size                         = "${{ inputs.google_compute_instance_boot_disk_size }}"
-          google_compute_instance_data_disk_size                         = "${{ inputs.google_compute_instance_data_disk_size }}"
-          google_service_credentials_json_file                           = "./google-application-credentials.json"
-          mithril_use_p2p_network                                        = "${{ inputs.mithril_use_p2p_network }}"
-          mithril_api_domain                                             = "${{ inputs.mithril_api_domain }}"
-          mithril_image_id                                               = "${{ inputs.mithril_image_id }}"
-          mithril_genesis_verification_key_url                           = "${{ inputs.mithril_genesis_verification_key_url }}"
-          mithril_genesis_secret_key                                     = "${{ inputs.mithril_genesis_secret_key }}"
-          mithril_protocol_parameters                                    = ${{ fromJSON(inputs.mithril_protocol_parameters) }}
-          mithril_signers                                                = ${{ fromJSON(inputs.mithril_signers) }}
-          mithril_era_reader_adapter_type                                = "${{ inputs.mithril_era_reader_adapter_type }}"
-          mithril_era_reader_address_url                                 = "${{ inputs.mithril_era_reader_address_url }}"
-          mithril_era_reader_verification_key_url                        = "${{ inputs.mithril_era_reader_verification_key_url }}"
-          mithril_era_reader_secret_key                                  = "${{ inputs.mithril_era_reader_secret_key }}"
-          mithril_aggregator_signed_entity_types                         = "${{ inputs.mithril_aggregator_signed_entity_types }}"
-          mithril_aggregator_cdn_cname                                   = "${{ inputs.mithril_aggregator_cdn_cname }}"
-          mithril_aggregator_snapshot_use_cdn_domain                     = ${{ inputs.mithril_aggregator_snapshot_use_cdn_domain }}
-          mithril_aggregator_snapshot_compression_algorithm              = "${{ inputs.mithril_aggregator_snapshot_compression_algorithm }}"
-          mithril_aggregator_zstandard_parameters_level                  = "${{ inputs.mithril_aggregator_zstandard_parameters_level }}"
-          mithril_aggregator_zstandard_parameters_workers                = "${{ inputs.mithril_aggregator_zstandard_parameters_workers }}"
-          mithril_aggregator_cexplorer_pools_url                         = "${{ inputs.mithril_aggregator_cexplorer_pools_url }}"
-          mithril_aggregator_allow_unparsable_block                      = "${{ inputs.mithril_aggregator_allow_unparsable_block }}"
-          mithril_aggregator_cardano_transactions_prover_cache_pool_size = "${{ inputs.mithril_aggregator_cardano_transactions_prover_cache_pool_size }}"
-          prometheus_auth_username                                       = "${{ inputs.prometheus_auth_username }}"
-          prometheus_auth_password                                       = "${{ inputs.prometheus_auth_password }}"
-          prometheus_ingest_host                                         = "${{ inputs.prometheus_ingest_host }}"
-          prometheus_ingest_username                                     = "${{ inputs.prometheus_ingest_username }}"
-          prometheus_ingest_password                                     = "${{ inputs.prometheus_ingest_password }}"
-          loki_auth_username                                             = "${{ inputs.loki_auth_username }}"
-          loki_auth_password                                             = "${{ inputs.loki_auth_password }}"
-          loki_ingest_host                                               = "${{ inputs.loki_ingest_host }}"
-          loki_ingest_username                                           = "${{ inputs.loki_ingest_username }}"
-          loki_ingest_password                                           = "${{ inputs.loki_ingest_password }}"
+          environment_prefix                                                        = "${{ inputs.environment_prefix }}"
+          cardano_network                                                           = "${{ inputs.cardano_network }}"
+          cardano_image_id                                                          = "${{ inputs.cardano_node_version }}"
+          cardano_image_registry                                                    = "${{ inputs.cardano_node_docker_registry }}"
+          google_region                                                             = "${{ inputs.google_region }}"
+          google_zone                                                               = "${{ inputs.google_zone }}"
+          google_machine_type                                                       = "${{ inputs.google_machine_type }}"
+          google_compute_instance_boot_disk_size                                    = "${{ inputs.google_compute_instance_boot_disk_size }}"
+          google_compute_instance_data_disk_size                                    = "${{ inputs.google_compute_instance_data_disk_size }}"
+          google_service_credentials_json_file                                      = "./google-application-credentials.json"
+          mithril_use_p2p_network                                                   = "${{ inputs.mithril_use_p2p_network }}"
+          mithril_api_domain                                                        = "${{ inputs.mithril_api_domain }}"
+          mithril_image_id                                                          = "${{ inputs.mithril_image_id }}"
+          mithril_genesis_verification_key_url                                      = "${{ inputs.mithril_genesis_verification_key_url }}"
+          mithril_genesis_secret_key                                                = "${{ inputs.mithril_genesis_secret_key }}"
+          mithril_protocol_parameters                                               = ${{ fromJSON(inputs.mithril_protocol_parameters) }}
+          mithril_signers                                                           = ${{ fromJSON(inputs.mithril_signers) }}
+          mithril_era_reader_adapter_type                                           = "${{ inputs.mithril_era_reader_adapter_type }}"
+          mithril_era_reader_address_url                                            = "${{ inputs.mithril_era_reader_address_url }}"
+          mithril_era_reader_verification_key_url                                   = "${{ inputs.mithril_era_reader_verification_key_url }}"
+          mithril_era_reader_secret_key                                             = "${{ inputs.mithril_era_reader_secret_key }}"
+          mithril_aggregator_signed_entity_types                                    = "${{ inputs.mithril_aggregator_signed_entity_types }}"
+          mithril_aggregator_cdn_cname                                              = "${{ inputs.mithril_aggregator_cdn_cname }}"
+          mithril_aggregator_snapshot_use_cdn_domain                                = ${{ inputs.mithril_aggregator_snapshot_use_cdn_domain }}
+          mithril_aggregator_snapshot_compression_algorithm                         = "${{ inputs.mithril_aggregator_snapshot_compression_algorithm }}"
+          mithril_aggregator_zstandard_parameters_level                             = "${{ inputs.mithril_aggregator_zstandard_parameters_level }}"
+          mithril_aggregator_zstandard_parameters_workers                           = "${{ inputs.mithril_aggregator_zstandard_parameters_workers }}"
+          mithril_aggregator_cexplorer_pools_url                                    = "${{ inputs.mithril_aggregator_cexplorer_pools_url }}"
+          mithril_aggregator_allow_unparsable_block                                 = "${{ inputs.mithril_aggregator_allow_unparsable_block }}"
+          mithril_aggregator_cardano_transactions_prover_cache_pool_size            = "${{ inputs.mithril_aggregator_cardano_transactions_prover_cache_pool_size }}"
+          mithril_aggregator_cardano_transactions_signing_config_security_parameter = "${{ inputs.mithril_aggregator_cardano_transactions_signing_config_security_parameter }}"
+          mithril_aggregator_cardano_transactions_signing_config_step               = "${{ inputs.mithril_aggregator_cardano_transactions_signing_config_step }}"
+          prometheus_auth_username                                                  = "${{ inputs.prometheus_auth_username }}"
+          prometheus_auth_password                                                  = "${{ inputs.prometheus_auth_password }}"
+          prometheus_ingest_host                                                    = "${{ inputs.prometheus_ingest_host }}"
+          prometheus_ingest_username                                                = "${{ inputs.prometheus_ingest_username }}"
+          prometheus_ingest_password                                                = "${{ inputs.prometheus_ingest_password }}"
+          loki_auth_username                                                        = "${{ inputs.loki_auth_username }}"
+          loki_auth_password                                                        = "${{ inputs.loki_auth_password }}"
+          loki_ingest_host                                                          = "${{ inputs.loki_ingest_host }}"
+          loki_ingest_username                                                      = "${{ inputs.loki_ingest_username }}"
+          loki_ingest_password                                                      = "${{ inputs.loki_ingest_password }}"
         EOF
         terraform fmt ./env.variables.tfvars
         cat ./env.variables.tfvars

.github/workflows/ci.yml

@@ -714,7 +714,9 @@ jobs:
           mithril_aggregator_cexplorer_pools_url: ${{ vars.AGGREGATOR_CEXPLORER_POOLS_URL }}
           mithril_aggregator_allow_unparsable_block: ${{ vars.AGGREGATOR_ALLOW_UNPARSABLE_BLOCK }}
           mithril_aggregator_cardano_transactions_prover_cache_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE }}
-          cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_signing_config_security_parameter: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_SECURITY_PARAMETER }}
+          mithril_aggregator_cardano_transactions_signing_config_step: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_STEP }}
           prometheus_auth_username: ${{ secrets.PROMETHEUS_AUTH_USERNAME }}
           prometheus_auth_password: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }}
           prometheus_ingest_host: ${{ vars.PROMETHEUS_INGEST_HOST }}

.github/workflows/pre-release.yml

@@ -229,7 +229,9 @@ jobs:
           mithril_aggregator_zstandard_parameters_workers: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_WORKERS }}
           mithril_aggregator_cexplorer_pools_url: ${{ vars.AGGREGATOR_CEXPLORER_POOLS_URL }}
           mithril_aggregator_cardano_transactions_prover_cache_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE }}
-          cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_signing_config_security_parameter: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_SECURITY_PARAMETER }}
+          mithril_aggregator_cardano_transactions_signing_config_step: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_STEP }}
           prometheus_auth_username: ${{ secrets.PROMETHEUS_AUTH_USERNAME }}
           prometheus_auth_password: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }}
           prometheus_ingest_host: ${{ vars.PROMETHEUS_INGEST_HOST }}

.github/workflows/release.yml

@@ -157,7 +157,9 @@ jobs:
           mithril_aggregator_zstandard_parameters_workers: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_WORKERS }}
           mithril_aggregator_cexplorer_pools_url: ${{ vars.AGGREGATOR_CEXPLORER_POOLS_URL }}
           mithril_aggregator_cardano_transactions_prover_cache_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE }}
-          cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_signing_config_security_parameter: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_SECURITY_PARAMETER }}
+          mithril_aggregator_cardano_transactions_signing_config_step: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_STEP }}
           prometheus_auth_username: ${{ secrets.PROMETHEUS_AUTH_USERNAME }}
           prometheus_auth_password: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }}
           prometheus_ingest_host: ${{ vars.PROMETHEUS_INGEST_HOST }}

.github/workflows/test-deploy-network.yml

@@ -135,7 +135,9 @@ jobs:
           mithril_aggregator_cexplorer_pools_url: ${{ vars.AGGREGATOR_CEXPLORER_POOLS_URL }}
           mithril_aggregator_allow_unparsable_block: ${{ vars.AGGREGATOR_ALLOW_UNPARSABLE_BLOCK }}
           mithril_aggregator_cardano_transactions_prover_cache_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE }}
-          cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_database_connection_pool_size: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE }}
+          mithril_aggregator_cardano_transactions_signing_config_security_parameter: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_SECURITY_PARAMETER }}
+          mithril_aggregator_cardano_transactions_signing_config_step: ${{ vars.AGGREGATOR_CARDANO_TRANSACTIONS_SIGNING_CONFIG_STEP }}
           prometheus_auth_username: ${{ secrets.PROMETHEUS_AUTH_USERNAME }}
           prometheus_auth_password: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }}
           prometheus_ingest_host: ${{ vars.PROMETHEUS_INGEST_HOST }}

CHANGELOG.md

@@ -9,6 +9,10 @@ As a minor extension, we have adopted a slightly different versioning convention
 
 ## Mithril Distribution [XXXX.X] - UNRELEASED
 
+- **UNSTABLE** Cardano transactions certification:
+
+  - Make Cardano transaction signing settings configurable via the CD.
+
 - Crates versions:
 
 | Crate | Version |

mithril-aggregator/src/configuration.rs

@@ -399,7 +399,7 @@ impl Default for DefaultConfiguration {
                 step: 120,
             },
             cardano_transactions_prover_max_hashes_allowed_by_request: 100,
-            cardano_transactions_block_streamer_max_roll_forwards_per_poll: 1000,
+            cardano_transactions_block_streamer_max_roll_forwards_per_poll: 10000,
         }
     }
 }

mithril-infra/assets/docker/docker-compose-aggregator-auth-p2p.yaml

@@ -78,6 +78,8 @@ services:
       - ALLOW_UNPARSABLE_BLOCK=${ALLOW_UNPARSABLE_BLOCK}
       - CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE=${CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE}
       - CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE=${CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE}
+      - CARDANO_TRANSACTIONS_SIGNING_CONFIG__SECURITY_PARAMETER=${CARDANO_TRANSACTIONS_SIGNING_CONFIG__SECURITY_PARAMETER}
+      - CARDANO_TRANSACTIONS_SIGNING_CONFIG__STEP=${CARDANO_TRANSACTIONS_SIGNING_CONFIG__STEP}
     volumes:
       - ../data/${NETWORK}/mithril-aggregator/mithril:/mithril-aggregator/mithril
       - ../data/${NETWORK}/mithril-aggregator/cardano/db:/db

mithril-infra/assets/docker/docker-compose-aggregator-auth.yaml

@@ -78,6 +78,8 @@ services:
       - ALLOW_UNPARSABLE_BLOCK=${ALLOW_UNPARSABLE_BLOCK}
       - CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE=${CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE}
       - CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE=${CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE}
+      - CARDANO_TRANSACTIONS_SIGNING_CONFIG__SECURITY_PARAMETER=${CARDANO_TRANSACTIONS_SIGNING_CONFIG__SECURITY_PARAMETER}
+      - CARDANO_TRANSACTIONS_SIGNING_CONFIG__STEP=${CARDANO_TRANSACTIONS_SIGNING_CONFIG__STEP}
     volumes:
       - ../data/${NETWORK}/mithril-aggregator/mithril:/mithril-aggregator/mithril
       - ../data/${NETWORK}/mithril-aggregator/cardano/db:/db

mithril-infra/assets/docker/docker-compose-aggregator-noauth-p2p.yaml

@@ -78,6 +78,8 @@ services:
       - ALLOW_UNPARSABLE_BLOCK=${ALLOW_UNPARSABLE_BLOCK}
       - CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE=${CARDANO_TRANSACTIONS_PROVER_CACHE_POOL_SIZE}
       - CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE=${CARDANO_TRANSACTIONS_DATABASE_CONNECTION_POOL_SIZE}
+      - CARDANO_TRANSACTIONS_SIGNING_CONFIG__SECURITY_PARAMETER=${CARDANO_TRANSACTIONS_SIGNING_CONFIG__SECURITY_PARAMETER}
+      - CARDANO_TRANSACTIONS_SIGNING_CONFIG__STEP=${CARDANO_TRANSACTIONS_SIGNING_CONFIG__STEP}
     volumes:
       - ../data/${NETWORK}/mithril-aggregator/mithril:/mithril-aggregator/mithril
       - ../data/${NETWORK}/mithril-aggregator/cardano/db:/db