feat: High availabilty via RAFT #2954
Conversation
* main: build(deps): Bump the go_modules group across 2 directories with 3 updates (#2846) build(deps): Bump github.com/dvsekhvalnov/jose2go from 1.7.0 to 1.8.0 in /test/e2e (#2851) build(deps): Bump github.com/consensys/gnark-crypto from 0.18.0 to 0.18.1 in /test/e2e (#2844) build(deps): Bump github.com/cometbft/cometbft from 0.38.17 to 0.38.19 in /test/e2e (#2843) build(deps): Bump github.com/dvsekhvalnov/jose2go from 1.6.0 to 1.7.0 in /test/e2e (#2845)
(cherry picked from commit c44cd77e665f6d5d463295c6ed61c59a56d88db3)
* main: chore: fix some comments (#2874) chore: bump node in evm-single (#2875) refactor(syncer,cache): use compare and swap loop and add comments (#2873) refactor: use state da height as well (#2872) refactor: retrieve highest da height in cache (#2870) chore: change from event count to start and end height (#2871)
* main: chore: remove extra github action yml file (#2882) fix(execution/evm): verify payload status (#2863) feat: fetch included da height from store (#2880) chore: better output on errors (#2879) refactor!: create da client and split cache interface (#2878) chore!: rename `evm-single` and `grpc-single` (#2839) build(deps): Bump golang.org/x/crypto from 0.42.0 to 0.45.0 in /tools/da-debug in the go_modules group across 1 directory (#2876) chore: parallel cache de/serialization (#2868) chore: bump blob size (#2877)
* main: build(deps): Bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /docs in the npm_and_yarn group across 1 directory (#2900) refactor(block): centralize timeout in client (#2903) build(deps): Bump the all-go group across 2 directories with 3 updates (#2898) chore: bump default timeout (#2902) fix: revert default db (#2897) refactor: remove obsolete // +build tag (#2899) fix:da visualiser namespace (#2895) refactor: omit unnecessary reassignment (#2892) build(deps): Bump the all-go group across 5 directories with 6 updates (#2881) chore: fix inconsistent method name in retryWithBackoffOnPayloadStatus comment (#2889) fix: ensure consistent network ID usage in P2P subscriber (#2884) build(deps): Bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 (#2885) build(deps): Bump actions/checkout from 5 to 6 (#2886)
* main: (34 commits) feat: make reaper poll duration configurable (#2951) chore!: move sequencers to pkg (#2931) feat: Ensure Header integrity on DA (#2948) feat(testda): add header support with GetHeaderByHeight method (#2946) chore: improve code comments clarity (#2947) chore(sequencers): optimize store check (#2945) fix: make evm_execution more robust (#2942) fix(sequencers/single): deterministic queue (#2938) fix(block): fix init logic sequencer for da epoch fetching (#2926) feat: use DA timestamp (#2939) chore: improve code comments clarity (#2943) build(deps): bump libp2p (#2937) build(deps): Bump actions/cache from 4 to 5 (#2934) build(deps): Bump actions/download-artifact from 6 to 7 (#2933) build(deps): Bump actions/upload-artifact from 5 to 6 (#2932) feat: DA Client remove interface part 3, replace types with new code (#2910) DA Client remove interface: Part 2.5, create e2e test to validate that a blob is posted in DA layer. (#2920) fix(syncing): skip forced txs checks for p2p blocks (#2922) build(deps): Bump the all-go group across 5 directories with 5 updates (#2919) chore: loosen syncer state check (#2927) ...
|
The latest Buf updates on your PR. Results from workflow CI / buf-check (pull_request).
|
|
Claude finished @alpe's task in 5m 20s —— View job Code Review: High Availability via RAFT ✅I've completed a comprehensive review of this RAFT high availability implementation. This is a substantial and well-architected change that introduces dynamic leader election and state replication. Below are my findings organized by severity and category. Critical Issues1. Bootstrap Mode Restriction Blocks Non-Bootstrap NodesLocation: The current logic prevents any node from starting if if !n.config.Bootstrap {
return fmt.Errorf("raft cluster requires bootstrap mode")
}Issue: This blocks legitimate follower nodes from joining an existing cluster. Only the first node should bootstrap; subsequent nodes should join the existing cluster without bootstrapping. Impact: Prevents horizontal scaling - you can only run a single-node cluster. Recommendation:
2. Naked Returns Swallow ErrorsLocations: if leaderElection, err = newSingleRoleElector(leaderFactory); err != nil {
return // naked return here - loses error!
}Issue: The naked Impact: Silent failures during node startup could lead to runtime panics or undefined behavior. Recommendation: Return the error explicitly: if leaderElection, err = newSingleRoleElector(leaderFactory); err != nil {
return nil, err
}High Priority Issues3. Race Condition in Leadership TransitionLocation: During the transition from follower to leader, there's a critical window where:
Issue: Between the leadership check and actually starting leader operations, the node could lose leadership again, potentially leading to:
Mitigation Already Present: The code does check leadership again after waiting, which is good. However, consider:
Current State: The implementation has reasonable safeguards, but this is an inherently tricky area. Document the race conditions and mitigation strategy clearly. 4. Context Cancellation Handling in Raft ApplyLocation: The
Concern: If the apply channel consumer is slow or blocked, state updates will be silently dropped. This could cause:
Recommendation:
5. Missing Error Context in Block BroadcastLocation: if err := e.raftNode.Broadcast(e.ctx, raftState); err != nil {
return fmt.Errorf("failed to propose block to raft: %w", err)
}Issue: If Raft broadcast fails, the block has already been committed to local storage (line 453) but hasn't been replicated to the cluster. Impact:
Current Mitigation: The code has recovery logic (
Medium Priority Issues6. Inconsistent Naming: NodeId vs NodeIDLocation: Go convention uses NodeId string `json:"node_id"` // Should be NodeIDRecommendation: Rename to 7. Debug Log at Info LevelLocation: s.logger.Debug().Uint64("header_height", state.LastSubmittedDAHeaderHeight)...The log message has .Msg("received raft block state") // Previous versions had "+++" prefixRecommendation: Ensure this is truly at the appropriate log level for production. 8. Method Name ClarityLocation: Method func (ph *PendingHeaders) GetLastSubmittedDataHeight() uint64Recommendation: Either rename the method or document why headers track data height. 9. Redundant Type ConversionLocation: for i, tx := range batchData.Transactions {
data.Txs[i] = tx // types.Tx is already []byte
}Recommendation: Replace with more efficient slice append: data.Txs = append(data.Txs, batchData.Transactions...)Architectural ObservationsPositive Aspects
Design Considerations
Concurrency & Resource ManagementStrengths
Areas for Improvement
Error Handling & ResilienceStrengths
Concerns
Testing & Code CoverageTest Coverage AnalysisFrom Codecov report, patch coverage is 38.81% with 607 missing lines. Key gaps:
Test Quality ObservationsThe existing tests in
Recommendations:
Security ConsiderationsPositive Aspects
Areas to Review
Configuration & DocumentationConfiguration CompletenessNew Raft-specific flags (from
Good: Comprehensive configuration coverage. Needs Documentation:
Code CommentsStrengths:
Gaps:
Performance ConsiderationsPotential Bottlenecks
Optimization Opportunities
API & Interface DesignStrengths
Suggestions
Recommendations SummaryMust Fix Before Merge
Should Fix Soon
Consider for Follow-up
ConclusionThis is a well-structured and thoughtful implementation of Raft-based HA. The architecture cleanly separates concerns, provides good recovery mechanisms, and includes reasonable test coverage of the election logic. The critical issues (bootstrap restriction and naked returns) should be addressed before merge, as they prevent the feature from working correctly in multi-node deployments. The low test coverage in key areas ( Overall, this is production-quality code with some rough edges that need smoothing. The team clearly understands distributed systems challenges and has built appropriate safeguards. With the critical fixes and improved test coverage, this will be a solid HA implementation. Estimated Effort for Critical Fixes: 4-8 hours |
Summary of ChangesHello @alpe, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request significantly enhances the Rollkit network's resilience and fault tolerance by integrating the Raft consensus algorithm. The changes enable a robust failover mechanism, allowing nodes to seamlessly transition between leader and follower roles. This ensures continuous operation and consistent state across the network, even if individual nodes experience failures. The update touches various core components, from dependency management and block processing to RPC services and node lifecycle management, all aimed at achieving high availability. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces high availability via RAFT consensus, which is a significant architectural change. The implementation is extensive, touching many parts of the system from node startup to block processing and syncing. Overall, the changes are well-structured, introducing clear interfaces for RAFT integration and refactoring the node components to support dynamic role switching between leader and follower. I've identified a few critical issues related to error handling and startup logic that need to be addressed, along with some medium-severity issues for improving code clarity and maintainability. Great work on this complex feature.
I am having trouble creating individual review comments. Click here to see my feedback.
node/full.go (113-115)
The naked return here will not propagate the error from newSingleRoleElector. This will cause the function to return (nil, nil), masking the underlying error. The error should be returned to the caller.
if leaderElection, err = newSingleRoleElector(leaderFactory); err != nil {
return nil, err
}
node/full.go (117-119)
Similar to the previous case, the naked return here will swallow the error from newSingleRoleElector. The error should be propagated up to the caller.
if leaderElection, err = newSingleRoleElector(followerFactory); err != nil {
return nil, err
}
pkg/raft/node.go (111-113)
This check prevents a node from starting if Bootstrap is false, which is problematic for nodes joining an existing cluster. A new node attempting to join will fail to start. The bootstrap logic should only execute if n.config.Bootstrap is true, and the function should return nil otherwise, allowing non-bootstrap nodes to start and join a cluster.
block/internal/cache/pending_headers.go (69-71)
The method name GetLastSubmittedDataHeight is misleading as it's part of the PendingHeaders struct. For clarity and consistency, it should be renamed to GetLastSubmittedHeaderHeight.
This change will also require updating the call site in block/internal/cache/manager.go.
func (ph *PendingHeaders) GetLastSubmittedHeaderHeight() uint64 {
return ph.base.getLastSubmittedHeight()
}
block/internal/executing/executor.go (570-572)
The explicit type conversion types.Tx(tx) is redundant since types.Tx is an alias for []byte, and tx is already of type []byte. The change to a direct assignment is good, but it seems this loop could be replaced with a single, more efficient append call.
data.Txs = append(data.Txs, batchData.Transactions...)block/internal/syncing/syncer.go (184)
This log message seems to be for debugging purposes, indicated by the +++ prefix. It should be logged at the Debug level instead of Info to avoid cluttering the logs in a production environment.
s.logger.Debug().Uint64("header_height", state.LastSubmittedDAHeaderHeight).Uint64("data_height", state.LastSubmittedDADataHeight).Msg("received raft block state")
pkg/rpc/server/http.go (143-146)
To adhere to Go's naming conventions for initialisms, the struct field NodeId should be renamed to NodeID.
NodeID string `json:"node_id"`
}{
IsLeader: raftNode.IsLeader(),
NodeID: raftNode.NodeID(),
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #2954 +/- ##
==========================================
- Coverage 58.74% 55.67% -3.08%
==========================================
Files 93 104 +11
Lines 8863 10149 +1286
==========================================
+ Hits 5207 5650 +443
- Misses 3067 3857 +790
- Partials 589 642 +53
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Replaces #2836