Observe 3rd Party validators are signing at the tip in the relayer

[nambrot]

Compared to v1, the relayer has no practical metric anymore to assess whether validators are signing "at the tip". We should consider adding this functionality to the scraper

Indexing in relayers v2 for validator signature. This will also show up for monitoring and alerting in Grafana.

Tasks

Preview Give feedback

1. Scope: 3rd Party Validator #2938
   +0
   
2. Infra support & grafana alerts for validator observability #3109
   infrastructure operations +2
   

[nambrot]

@tkporter curious to get your thoughts

[nambrot]

@tkporter friendly ping :)

[nambrot]

Another friendly ping @tkporter :)

[tkporter]

i don't have any satisfactory ideas that I can come up with off the top of my head but will think about this more

I'm a little hesitant to put this in the scraper, it doesn't feel too much more natural to put this there than in the relayer

If we're happy with only monitoring the default ISM's validator set then it sort of works. But I don't think there's anything satisfactory that works for all validators. I'd be up for having a metrics loop that tries to fetch the latest signed checkpoint for the set relating to the default ISM every 30s or minute or so

Feels like this could live in the relayer or scraper. and would probably make more sense for PI chains to live in the relayer, given not everyone will be operating a scraper and these metrics are probably useful

[nambrot]

i guess you could actually enumerate the validators on ValidatorAnnounce, but agree that defaultISM makes more sense, and i could see it be useful in the relayer

[avious00]

@tkporter friendly ping

[tkporter]

Thinking the move may be to monitor validators that are enrolled on:

• default ISMs
• ISMs used by a configurable list of application recipients (e.g. we will want monitoring for the Neutron <-> arb warp route)

Some interesting things:

1. We already fetch validator checkpoint info when trying to process a message - it probably doesn’t make sense to have a separate task that does this just for metrics, so instead we can just tap into the existing logic when trying to fetch metadata
2. It’s possible for the validator set or ISMs used by an application to change, in which case we should not keep around the old irrelevant metrics exposed in the /metrics endpoint, and we should start keeping track of the new set
3. An app may be using an ISM that’s really e.g. an aggregation pointing to a routing ISM that finally points to a multisig ISM
4. The validators sets enrolled on destination chains D1 and D2 relating to validators from the same origin chain may be different

Imo the most important thing to track to begin with are validator latest checkpoint indices.
There are a couple snafus we made that are reasonable counterarguments that this isn’t sufficient:

• We mistakenly removed the updating of checkpoint_latest_index.json when we stopped legacy checkpoint support. But this is now added back & will soon be rolled out to all validators in an update, so I think it’s okay to assume this will exist at least soon for all validators
• For some older validators that are susceptible to the bug where merkle tree indexing was still done in a way that’s different from message indexing & where they still are signing legacy checkpoints, it’s possible for the checkpoint_latest_index.json to relate to legacy checkpoints and not the new checkpoint format. Similar deal - I think it’s okay to assume this will not be an issue for folks with newer validator version

  It’s also possible in theory for a validator to have gaps in what checkpoints they’ve signed, and it’d be nice to be aware of this, but this feels a bit out of scope and harder to surface using prom metrics, at least for now

Proposed metric:

Name: hyperlane_relayer_validator_checkpoint_latest_index (there's probably a better name for this that ill try to think of...)
Value: the value of checkpoint_latest_index.json
Labels:

• origin: the origin chain
• validator: the address of the validator
• app: "default-ism" or the name of a configured application to be monitored, e.g. "neutron-arb-tia"
• destination: the destination chain the validator is enrolled on
• ism_address: the address of the ISM that the validator is enrolled on. Because e.g. the default ISM may be an aggregation ISM pointing to routing ISMs which ultimately point to a multisig ISM variant

I’m open to just having the origin and validator labels and scrapping the rest if it doesn’t seem useful to have the app / destination / ism_address. The usefulness of these latter 3 labels is to just have more granularity to know why certain validator are being tracked. Also segmenting them by app / destination / ism_address will make it easy to remove no longer relevant validators from the exposed metrics in the event of an ISM / validator set config change. Otherwise we may have a metric for a validator that has been rotated out of a validator set stick around a pollute alert conditions because it’ll never have its latest checkpoint updated

So to be clear we'd just update the metrics when fetching metadata for validators that are part of the default ISM or for a specially configured app. This also means that if there are no messages, then the metrics won't be updated because this is tapping into the metadata building logic