hotfix(el/cl): allow multi clients to start if at least one node is up

[y0sher]

#1964 was merged but it doesn't allow nodes to be unreachable on start. The idea was that when we have issues with nodes, it's always the out-of-sync issue and the node is still reachable, and we want to catch cases when we provide a bad node URL. However, it makes testing more complicated as we cannot shut down the node, we have to make it desynced instead. Also, there may be cases when a node is down due to some issue like infra issues, so this PR allows SSV node to start if at least one node is up

[codecov]

Codecov Report

Attention: Patch coverage is 45.92145% with 179 lines in your changes missing coverage. Please review.

Project coverage is 48.0%. Comparing base (860597a) to head (4751783).
Report is 1 commits behind head on stage.

Files with missing lines	Patch %	Lines
beacon/goclient/goclient.go	57.6%	40 Missing and 4 partials ⚠️
beacon/goclient/proposer.go	0.0%	42 Missing ⚠️
eth/executionclient/multi_client.go	71.2%	31 Missing and 5 partials ⚠️
beacon/goclient/aggregator.go	0.0%	11 Missing ⚠️
beacon/goclient/committee_subscribe.go	0.0%	10 Missing ⚠️
beacon/goclient/sync_committee.go	0.0%	10 Missing ⚠️
beacon/goclient/sync_committee_contribution.go	0.0%	10 Missing ⚠️
beacon/goclient/attest.go	0.0%	9 Missing ⚠️
beacon/goclient/voluntary_exit.go	0.0%	7 Missing ⚠️

Additional details and impacted files

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[y0sher]

might be smart to take this out to a function since its not the only place we do it.

[nkryuchkov]

We do it in two places:

			if mc.clients[i] == nil {
				if err := mc.connect(ctx, i); err != nil {
					mc.logger.Warn("failed to connect to client",
						zap.String("addr", mc.nodeAddrs[i]),
						zap.Error(err))

					mc.clientsMu[i].Unlock()
					return err
				}
			}

		if client == nil {
			if err := mc.connect(ctx, i); err != nil {
				mc.logger.Warn("failed to connect to client",
					zap.String("addr", mc.nodeAddrs[i]),
					zap.Error(err))

				allErrs = errors.Join(allErrs, err)
				mc.currentClientIndex.Store(int64(nextClientIndex)) // Advance.
				mc.clientsMu[i].Unlock()
				continue
			}
		}

So the repetitive parts are the nil check and the log. Do you want me to move them inside the connect and rename them to something like connectIfDisconnected?

[nkryuchkov]

Spec Alignment failure is supposed to be fixed by #2003

[y0sher]

this might crash the program after a while that it's running if the second client won't be actuveat start but become active later. We should instead just stop using this client.
This is much easier to achieve if we just check the genesis comparing to a local stored value (e.g: saving genesis fork version in networkconfig )

[nkryuchkov]

Clients should never have the same geneses because it would mean they use different ETH networks, so IMO we shouldn't continue in this case. If it were just a log, the multi-client would just silently log it and switch to the next client.

[iurii-ssv]

Left some suggestions

[iurii-ssv]

Not really specific to this PR but we often (and here as well) do 2 "duplicate" things

• log error
• return that same error (that's always gonna be logged eventually by the caller resulting in roughly duplicate log-line)

maybe would be simpler to just return error (with formatted with fmt.Errorf to provide the necessary context) in places like this, bringing it up so we can get on the same page (whether we want to keep an eye on things like this or not)

[y0sher]

The main difference and issue is that when logging with zap and adding fields its easy to search them by the label value. we'll need to squeeze everything to the fmt.Errorf, it'll still be searchable, but not by label.

[nkryuchkov]

I agree that we could think more about our logging approach, but I think this package currently uses logging in a way similar to other packages. If we decide to improve logging (e.g. use custom error types with fields), we need to do it project-wide

[iurii-ssv]

Is that only because if we are only using 1 client and it doesn't initialize on MultiClient.New we just terminate SSV node ? I guess it works that way, but do we need to handle it as "an edge case" - why not just let it get handled by the code below ?

[nkryuchkov]

Yes, it works that way. IMO, this check doesn't add much code and it's very easy to read. Thinking about how the code below would handle one client is much harder. Generally, we never use the multi-client with only one client except for tests (I think we need to use the previous implementation with only one client because it's been used for a long time without any issues)

[iurii-ssv]

I think it does handle the case of 1-client correctly (if it doesn't that would indicate there might be some other issue with that code, plus it's something that's easy to test)

I guess a related discussion would be - #1308 (comment) (where we also "fall back" to older code rather than using the new implementation)

I understand that "fall back to previous code" might be slightly safer to do short-term, but this approach keeps accruing tech-debt over time

[nkryuchkov]

In this case, I think it's not a tech debt because the ExecutionClient implementation remains. I don't like using multi-client just for one client because it also changes logging, and adds some overhead. Similarly, we didn't use the beacon client's multi-client implementation just for one client. The first implementation didn't have MultiClient, in that case, I would prefer using just one client for everything. But we decided to keep the original version the least modified possible, so in this case, keeping using the old implementation just for one client looks good to me.

Maybe we need to allow MultiClient to be used only if 2+ clients are provided though

[nkryuchkov]

This is not working as expected, I saw it returning ErrUnhealthy when the client was healthy. This channel looks tricky and dangerous to work with (see another comment about closing channel), so I'm removing it
FYI @moshe-blox

[iurii-ssv]

+1

Just briefly looking at this channel (and corresponding mutex) - it's not entirely clear how it is supposed to be used (what it's for, etc.)

so if we aren't gonna remove it entirely we need to at least re-think it's purpose/usage

[nkryuchkov]

This triggers closing of closed channel which panics, I'm removing it as it's dangerous to use
FYI @moshe-blox

[iurii-ssv]

Well, it seems now this is not entirely true for len(mc.clients) == 1 (which is why I sort of called it a tech debt)

[nkryuchkov]

Fixed the comment

[iurii-ssv]

It kind of begs the question now - why behavior for 1 client is different (my guess would be because it's just "old behavior we want to preserve"), maybe worth leaving a comment about it

[iurii-ssv]

It seems when "spinning forever" here - under certain circumstances (when clients error immediately)

• we can potentially exhaust math.MaxInt32 (so I'd use 64 bit instead)
• we can generate a lot of spamming logs

so we'd probably want to introduce some kind of delay (when "spinning forever") after we've done 1 round over all the clients (after i has increased by len(mc.clients))

and this is also why I'd prefer "spinning forever" to be implemented in a separate method - #2000 (comment) - otherwise this code gets more complex than it should be

[nkryuchkov]

Yes, it can potentially exhaust but I thought it's hardly reachable and we need to review the logic if so, so I thought this would be a bit simpler to understand. I agree with spamming logs, but I think we need to switch clients ASAP without any delays.

I rewrote this using another approach

[iurii-ssv]

I agree with spamming logs, but I think we need to switch clients ASAP without any delays.

I was thinking of something like 100ms-1000ms delay, but maybe for time-constraint duty (like block production) that's too high of an additional burden ...

we can get back to it if it (log-spamming) proves to be an actual issue in prod

[iurii-ssv]

LGTM (with minor comments)