Pool Upgrade Guideline¶
There is quite interesting and automated process of the pool (network) upgrade.
The whole pool (that is each node in the pool) can be upgraded automatically without any manual actions via
POOL_UPGRADE
transaction.As a result of Upgrade, each Node will be at the specified version, that is a new package, for example deb package, will be installed.
Migration scripts can also be performed during Upgrade to deal with breaking changes between the versions.
Pool Upgrade Transaction¶
Pool Upgrade is done via
POOL_UPGRADE
transaction.The txn defines a schedule of Upgrade (upgrade time) for each node in the pool.
Only the
TRUSTEE
can sendPOOL_UPGRADE
.This is a common transaction (written to config ledger), so consensus is required.
There are two main modes for
POOL_UPGRADE
: forced and non-forced (default).Non-forced mode schedules upgrade only after
POOL_UPGRADE
transaction is written to the ledger, that is there was consensus. Forced upgrade schedules upgrade for each node regardless of whetherPOOL_UPGRADE
transaction is actually written to the ledger, that is it can be scheduled even if the pool lost consensus.Non-forced mode requires that upgrade of each node is done sequentially and not at the same time (so that a pool is still working and can reach consensus during upgrade). Forced upgrade allows upgrade of the whole pool at the same time.
One should usually use non-forced Upgrades assuming that all changes are backward-compatible.
If there are non-backward-compatible (breaking) changes, then one needs to use forced Upgrade and make it happen at the same time on all nodes (see below).
Node Upgrade Transaction¶
Each node sends
NODE_UPGRADE
transaction twice:in_progress
action: just before start of the Upgrade (that is re-starting the node and applying a new package) to log that Upgrade started on the node.success
orfail
action: after upgrade of the node to log the upgrade result.
NODE_UPGRADE
transaction is a common transaction (written to config ledger), so consensus is required.
Node Control Tool¶
Upgrade is performed by a
node-control-tool
.See
node_control_tool.py
.On Ubuntu it’s installed as a systemd service (
indy-node-control
) in addition to the node service (indy-node
).indy-node-control
is executed from theroot
user.When upgrade time for the node comes, it sends a message to node-control-tool.
The node-control-tool then does the following:
stops
indy-node
service;upgrades
indy-node
package (apt-get install
on Ubuntu);back-ups node data (ledger, etc.);
runs migration scripts (see
migration_tool.py
);starts
indy-node
service;restarts
indy-node-control
service.
If upgrade failed for some reasons, node-control-tool tries to restore the data (ledger) from back-up and revert to the version of the code before upgrade.
Migrations¶
Although we must try keeping backward-compatibility between the versions, it may be possible that there are some (for example, changes in ledger and state data format, re-branding, etc.).
We can write migration scripts to support this kind of breaking changes and perform necessary steps for data migration and/or running some scripts.
The migration should go to
data/migration
folder under the package name (so this isdata/migration/deb
on Ubuntu).Please have a look at the following doc for more information about how to write migration scripts.
When to Run Forced Upgrades¶
Any changes in Ledger transactions format leading to changes in transactions root hash.
Any changes in State transactions format (for example new fields added to State values) requiring re-creation of the state from the ledger.
Any changes in Requests/Replies/Messages without compatibility and versioning support.