Added pool upgrade how-to document (#280)

spivachuk · web-flow · commit a62dba12e7fd · 2022-03-11T15:09:18.000+05:00
Added pool upgrade how-to document
diff --git a/README.md b/README.md
@@ -49,7 +49,8 @@ In order to send write transactions to the ledger you need:
      - **Private Sentry Node:** connected to other Validators or Sentry nodes only; should not be accessed by clients.
      - **Public Sentry Node:** clients and other nodes can access it; basically the same as an Observer node.
   - **Observer Node (ON):** a full node that doesn't participate in consensus. Should be used to receive read/write requests from the clients. Technically can be a Public Sentry node. 
-- **Light Client Proxy Node**: doesn't contain a full replication of data. Can be used as a proxy to untrusted Full nodes for single-value query requests sent via CLI or Tendermint RPC. It will verify all state proofs automatically. 
+- **Light Client Proxy Node**: doesn't contain a full replication of data. Can be used as a proxy to untrusted Full nodes for single-value query requests sent via CLI or Tendermint RPC. 
+  It will verify all state proofs automatically. 
 - **Seed Node**: provides a list of peers which a node can connect to. 
 
 See
@@ -193,6 +194,10 @@ you will need to create a genesis node and a genesis file first as described in
 Please note, that these instructions describe the case when the genesis block consists of a single node only. 
 This is done just for simplicity, and nothing prevents you from adding more nodes to the genesis file by adapting the instructions accordingly. 
 
+### Upgrade all nodes in a pool to a new version of DCL application
+DCL application can be simultaneously updated on all nodes in the pool without breaking consensus. 
+See [Pool Upgrade](docs/pool-upgrade.md) and [Pool Upgrade How To](docs/pool-upgrade-how-to.md) for details.
+
 ## Useful Links 
 - [OpenAPI specification](https://zigbee-alliance.github.io/distributed-compliance-ledger/)
 - [Quick Start](docs/quickStartGuide.adoc)
@@ -204,6 +209,7 @@ This is done just for simplicity, and nothing prevents you from adding more node
     - [Device off-ledger certification](docs/use_cases/use_cases_device_off_ledger_certification.png)
     - [Auth](docs/use_cases/use_cases_txn_auth.png)
     - [Validators](docs/use_cases/use_cases_add_validator_node.png)
+    - [Pool Upgrade](docs/use_cases/use_cases_upgrade_pool.png)
 - [DC Ledger Overview](docs/design/DCL-Overview.pdf)
 - [DC Ledger Architecture Details](docs/design/DCL-arch-overview.pdf)
 - [Deployment Pattern](docs/deployment.png)
@@ -213,9 +219,7 @@ This is done just for simplicity, and nothing prevents you from adding more node
   - [Running a Genesis Validator Node](docs/advanced/running-genesis-node.md)
   - [Running a Validator Node](docs/advanced/running-validator-node.md)
   - [Running an Observer Node](docs/advanced/running-observer-node.md)
+- [Pool Upgrade](docs/pool-upgrade.md)
+- [Pool Upgrade How To Guide](docs/pool-upgrade-how-to.md)
 - [Tendermint](https://tendermint.com/)
 - [Cosmos SDK](https://cosmos.network/sdk)
-     
-
-
-
diff --git a/docs/pool-upgrade-how-to.md b/docs/pool-upgrade-how-to.md
@@ -0,0 +1,146 @@
+# Pool Upgrade How To
+
+Below there are steps which need to be done to upgrade a pool to a new DCL
+application version:
+
+1. **[Dev Team] New Release and Upgrade Name**: A new release of
+   [distributed-compliance-ledger](https://github.com/zigbee-alliance/distributed-compliance-ledger)
+   project is issued. The code of the new released application version must be
+   augmented by a new upgrade handler which will handle an upgrade to this new
+   version. This upgrade handler must have a unique name which will serve as the
+   name of the upgrade to this new version.
+
+2. **[Trustees] Upgrade Height**: A ledger height not reached yet at which all
+   the nodes in the pool must be upgraded to the new application version is
+   chosen.
+
+3. **[A Trustee] ProposeUpgrade**: One of trustees proposes the upgrade using
+   the following steps:
+
+   1. Calculates SHA-256 or SHA-512 checksums of the new application version
+      binaries (for the supported platforms) taken from the project release.
+      This can be done using `sha256sum` or `sha512sum` tool. For example:
+      ```
+      sha256sum ./dcld
+      ```
+
+   2. Sends [`ProposeUpgrade`](./transactions.md#propose_upgrade) transaction
+      with the name of the new upgrade handler, the chosen ledger height and the
+      info containing URLs of the new application version binaries for supported
+      platforms with the calculated checksums. For example:
+      ```
+      dcld tx dclupgrade propose-upgrade --name=v0.7.0 --upgrade-height=10000 --upgrade-info="{\"binaries\":{\"linux/amd64\":\"https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/v0.7.0/dcld?checksum=sha256:50708d4f7e00da347d4e678bf26780cd424232461c4bb414f72391c75e39545a\"}}" --from=alice
+      ```
+
+4. **[Trustees] ApproveUpgrade**: Other trustees approve the proposed upgrade
+   until it turns into the approved state and is scheduled (this happens when
+   the count of approvals including the proposal reaches 2/3 of the total count
+   of trustees). Each of them uses the following steps to accomplish this:
+
+   1. Re-calculates checksums of the new application version binaries (for the
+      supported platforms) taken from the project release. This can be done
+      using `sha256sum` / `sha512sum` tool. For example:
+      ```
+      sha256sum ./dcld
+      ```
+
+   2. Ensures that the re-calculated values are equal to the checksums specified
+      in the proposed upgrade plan `Info` field. Example how to view the
+      proposed upgrade plan:
+      ```
+      dcld query dclupgrade proposed-upgrade --name=v0.7.0
+      ```
+
+   3. Verifies that the application binaries URLs provided in the proposed
+      upgrade plan `Info` field are valid and that the files referenced by them
+      match the provided checksums.
+
+   4. Verifies that `Height` field of the proposed upgrade plan has the proper
+      value.
+
+   5. Sends [`ApproveUpgrade`](./transactions.md#approve_upgrade) transaction
+      with the name of the proposed upgrade. For example:
+      ```
+      dcld tx dclupgrade approve-upgrade --name=v0.7.0 --from=bob
+      ```
+
+5. **[Anyone] Ensure That Upgrade Has Been Scheduled**: It makes sense to ensure
+   that the upgrade has been approved and scheduled. Example how to view the
+   approved upgrade plan:
+   ```
+   dcld query dclupgrade approved-upgrade --name=v0.7.0
+   ```
+   Command to view the current scheduled upgrade plan:
+   ```
+   dcld query upgrade plan
+   ```
+
+6. **[All Node Admins] Download New Binary**: Before the ledger reaches the
+   height specified in the upgrade plan, each node admin does the following
+   steps:
+
+    1. Downloads the application binary from the URL specified in the upgrade
+       plan `Info` field and corresponding to the node platform. Command to view
+       the current scheduled upgrade plan:
+       ```
+       dcld query upgrade plan
+       ```
+
+    2. Verifies that the downloaded application binary matches the checksum
+       specified in the URL. This can be done automatically together with the
+       previous step by [`go-getter`](https://github.com/hashicorp/go-getter)
+       download tool (its executable binaries for various platforms can be
+       downloaded from https://github.com/hashicorp/go-getter/releases). For
+       example:
+       ```
+       go-getter https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/v0.7.0/dcld?checksum=sha256:50708d4f7e00da347d4e678bf26780cd424232461c4bb414f72391c75e39545a ~/Downloads
+       ```
+       `go-getter` verifies that the downloaded file matches the checksum when
+       the URL is provided in the specified format. If the downloaded file
+       checksum does not equal to the checksum provided in the URL, `go-getter`
+       reports that checksums did not match.
+
+    3. Creates a directory with the name of the upgrade within
+       `/var/lib/<USERNAME>/.dcl/cosmovisor/` (where <USERNAME> is the name of
+       the user on behalf of whom `cosmovisor` service is running), creates
+       `bin` sub-directory within the created directory, and puts the new
+       application binary within `bin` sub-directory.
+       
+       Example (for the user `ubuntu`):
+       ```
+       cd /var/lib/ubuntu/.dcl/cosmovisor
+       mkdir -p upgrades
+       cd upgrades
+       mkdir v0.7.0
+       cd v0.7.0
+       mkdir bin
+       cd ~/Downloads
+       cp ./dcld /var/lib/ubuntu/.dcl/cosmovisor/upgrades/v0.7.0/bin/
+       ```
+       Ensure that `dcld` file has been copied to the new application version
+       binary directory:
+       ```
+       ls -l /var/lib/ubuntu/.dcl/cosmovisor/upgrades/v0.7.0/bin/dcld
+       ```
+       The command output must contatain information about `dcld` file like
+       following:
+       ```
+       -rw-r--r--    1 ubuntu   ubuntu    55816720 Mar 11 08:23 /var/lib/ubuntu/.dcl/cosmovisor/upgrades/v0.7.0/bin/dcld
+       ```
+
+7. **Upgrade Is Applied**: The upgrade is applied on all the nodes in the pool
+   when the ledger reaches the height specified in the upgrade plan.
+   
+   Command to view the current pool status:
+   ```
+   dcld status
+   ```
+   The current ledger height is reported in `SyncInfo` -> `latest_block_height`
+   field.
+   
+   Example of command to check whether the upgrade was applied:
+   ```
+   dcld query upgrade applied v0.7.0
+   ```
+   If the upgrade with the passed name was applied, this command output will
+   contain information about it.
diff --git a/docs/pool-upgrade.md b/docs/pool-upgrade.md
@@ -18,7 +18,7 @@ Any upgrade plan has the following fields:
     proposed, it is impossible to propose an upgrade with the same name any time
     in the future).
 *   `Height: int64` - the height of the ledger at which the upgrade must be
-    performed on all the nodes in the pool.
+    applied on all the nodes in the pool.
 *   `Info: optional(string)` - a string containing any additional information
     about the upgrade, e.g. URLs for downloading the new application version
     binaries for supported platforms (see below).
@@ -36,9 +36,10 @@ and is actually scheduled.
 There can be multiple proposed upgrade plans at the same time but not more than
 one scheduled upgrade plan at a time. If there is currently a scheduled upgrade
 plan and another upgrade plan turns into the approved state, then the latter is
-scheduled and the former is actually discarded. When the upgrade procedure is
-completed, the current scheduled upgrade plan is cleared. However, the approved
-upgrade plan entity remains in the store forever for information purposes.
+scheduled and the former is actually cancelled. When the upgrade procedure is
+completed, the current scheduled upgrade plan is cleared. Please note, once an
+upgrade is approved, the approved upgrade entity remains in the store forever
+(no matter if the upgrade is later completed or cancelled).
 
 For the upgrade procedure to be feasible in an automated mode, the application
 process `dcld` is controlled as a sub-process by the parent process
@@ -52,10 +53,10 @@ documentation](https://github.com/cosmos/cosmos-sdk/tree/cosmovisor/v1.0.0/cosmo
 for details.
 
 When the ledger reaches the height specified in the current scheduled upgrade
-plan, `dcld` notifies `cosmovisor` that the upgrade must be performed and stops.
+plan, `dcld` notifies `cosmovisor` that the upgrade must be applied and stops.
 `cosmovisor`, having been notified, performs data back-up, switches `current`
 symbolic link to the new application version directory and launches the new
-`dcld` binary which performes necessary store migrations and clears the current
+`dcld` binary which performs necessary store migrations and clears the current
 scheduled upgrade plan on start.
 
 ## Application Binary Download
@@ -73,7 +74,9 @@ note that the URLs should include checksums. This allows to verify that no false
 binary is run. It is recommended to use
 [`go-getter`](https://github.com/hashicorp/go-getter) tool for downloading the
 application binaries because it verifies that the downloaded file matches the
-checksum when the URL is provided in the specified format. To view `Info` field
-value of an upgrade plan, just execute an appropriate query command from
-`dclupgrade` or `upgrade` module. See [Upgrade CLI commands
-reference](./transactions.md#upgrade) for details.
+checksum when the URL is provided in the specified format. If the downloaded
+file checksum does not equal to the checksum provided in the URL, `go-getter`
+reports that checksums did not match. To view `Info` field value of an upgrade
+plan, just execute an appropriate query command from `dclupgrade` or `upgrade`
+module. See [Upgrade CLI commands reference](./transactions.md#upgrade) for
+details.
diff --git a/docs/transactions.md b/docs/transactions.md
@@ -1240,7 +1240,19 @@ Proposes an upgrade plan with the given name at the given height.
 - Parameters:
     - name: `string` - upgrade plan name
     - upgrade-height: `int64` -  upgrade plan height (positive non-zero)
-    - upgrade-info: `optional(string)` - upgrade plan info
+    - upgrade-info: `optional(string)` - upgrade plan info (for node admins to
+      read). Recommended format is an os/architecture -> application binary URL
+      map as a JSON under `binaries` key where each URL should include the
+      corresponding checksum as `checksum` query parameter with the value in the
+      format `type:value` where `type` is `sha256` or `sha512` and `value` is
+      the actual checksum value. For example:
+```json
+{
+  "binaries": {
+    "linux/amd64":"https://github.com/zigbee-alliance/distributed-compliance-ledger/releases/download/v0.7.0/dcld?checksum=sha256:aec070645fe53ee3b3763059376134f058cc337247c978add178b6ccdfb0019f"
+  }
+}
+```
 - In State: `dclupgrade/ProposedUpgrade/value/<name>`
 - Who can send: 
     - Trustee
@@ -1343,7 +1355,10 @@ dcld query upgrade plan
 #### APPLIED
 **Status: Implemented**
 
-Returns the header for the block at which the upgrade with the given name was applied, if it was previously executed on the chain. This helps a client determine which binary was valid over a given range of blocks, as well as gives more context to understand past migrations.
+Returns the header for the block at which the upgrade with the given name was
+applied, if it was previously executed on the chain. This helps a client
+determine which binary was valid over a given range of blocks, as well as gives
+more context to understand past migrations.
 
 - Parameters:
     - `string` - upgrade name
@@ -1357,7 +1372,9 @@ dcld query upgrade applied <string>
 #### MODULE_VERSIONS
 **Status: Implemented**
 
-Gets a list of module names and their respective consensus versions. Following the command with a specific module name will return only that module's information.
+Gets a list of module names and their respective consensus versions. Following
+the command with a specific module name will return only that module's
+information.
 
 - Parameters:
     - `optional(string)` - module name
