Skip to content

fdctl: add get-identity command to retrieve runtime validator identity #5747

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jul 23, 2025
Merged

fdctl: add get-identity command to retrieve runtime validator identity #5747

merged 2 commits into from
Jul 23, 2025

Conversation

huiskylabs
Copy link
Contributor

@huiskylabs huiskylabs commented Jul 19, 2025
edited
Loading

Add fdctl get-identity command

Problem

  • fdctl set-identity can dynamically change validator identity at runtime
  • No way to query the actual running identity after a switch
  • Config files become outdated after identity changes
  • GUI tile is optional and unreliable for programmatic access
  • Tools like SVS currently rely on solana catchup to infer the active identity, which is indirect, slow and unreliable.

Solution

Add fdctl get-identity to retrieve the current runtime identity from the shred
tile.

Usage

$ fdctl get-identity
7Np41oeYqPefeNQEHSv1UDhYrehxin3NStELsSKCT4K2

Use Cases

  • Pre-switch validation: Verify current identity before switching
  • Post-switch verification: Confirm new identity is active
  • Monitoring tools: Track identity changes programmatically
  • Automation: Enable scripts to handle identity rotation safely

Demonstration:

//current ID
solana@hui-9174F:~$ fdctl --config firedancer-config.toml get-identity
Log at "/mnt/solana/log/solana-validator.log"
8CzCcNCwg8nx3C4LfiUzanwok4EXoJUFBKQeBfHzoJza

//set-identity
solana@hui-9174F:~$ fdctl set-identity --config firedancer-config.toml /home/solana/funded-validator-keypair.json 
Log at "/mnt/solana/log/solana-validator.log"
NOTICE  07-19 02:01:37.160898 11761  f0   
main src/app/shared/commands/set_identity.c(378): 
Validator identity key switched to `Txh6mKsvA7rwesigHzALTiFggyrkGDVtMP1vicuepAs`

//get-identity reflect new id
solana@hui-9174F:~$ fdctl --config firedancer-config.toml get-identity
Log at "/mnt/solana/log/solana-validator.log"
Txh6mKsvA7rwesigHzALTiFggyrkGDVtMP1vicuepAs

@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch 7 times, most recently from 437c8f8 to e82cb5a Compare July 19, 2025 01:51
@huiskylabs huiskylabs marked this pull request as ready for review July 19, 2025 02:06
@mmcgee-jump
Copy link
Contributor

Wow nice, thanks for the contribution! Very helpful

mmcgee-jump
mmcgee-jump reviewed Jul 19, 2025
View reviewed changes
mmcgee-jump
mmcgee-jump reviewed Jul 19, 2025
View reviewed changes
mmcgee-jump
mmcgee-jump reviewed Jul 19, 2025
View reviewed changes
mmcgee-jump
mmcgee-jump reviewed Jul 19, 2025
View reviewed changes
mmcgee-jump
mmcgee-jump reviewed Jul 19, 2025
View reviewed changes
mmcgee-jump
mmcgee-jump reviewed Jul 19, 2025
View reviewed changes
mmcgee-jump
mmcgee-jump reviewed Jul 19, 2025
View reviewed changes
mmcgee-jump
mmcgee-jump previously requested changes Jul 19, 2025
View reviewed changes
Copy link
Contributor

@mmcgee-jump mmcgee-jump left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the contribution!

@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch from e82cb5a to d291afd Compare July 20, 2025 01:28
@huiskylabs huiskylabs requested a review from ptaffet-jump as a code owner July 20, 2025 01:28
@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch from d291afd to a8bedee Compare July 20, 2025 01:30
@huiskylabs
Copy link
Contributor Author

Thank you for the contribution!

Thanks for the quick review!

@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch from a8bedee to ad594b7 Compare July 20, 2025 01:38
@huiskylabs huiskylabs requested a review from mmcgee-jump July 20, 2025 02:06
ripatel-fd
ripatel-fd previously requested changes Jul 21, 2025
View reviewed changes
Copy link
Contributor

@ripatel-fd ripatel-fd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The corrupt read edge case should be prevented

ripatel-fd
ripatel-fd reviewed Jul 21, 2025
View reviewed changes
ripatel-fd
ripatel-fd reviewed Jul 21, 2025
View reviewed changes
@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch 2 times, most recently from 114be1c to a87464c Compare July 21, 2025 04:14
@ripatel-fd ripatel-fd dismissed their stale review July 21, 2025 04:28

Changes addressed

ripatel-fd
ripatel-fd reviewed Jul 21, 2025
View reviewed changes
@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch 2 times, most recently from 5ac1257 to 5429b27 Compare July 21, 2025 05:31
ripatel-fd
ripatel-fd reviewed Jul 21, 2025
View reviewed changes
src/app/shared/commands/get_identity.c
Comment on lines +89 to +93
.perm = NULL, /* TODO: This command may require RLIMIT_MLOCK permissions
to mlock(2) the workspace in memory. This should be
addressed in future updates. */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Going to test locally what happens if the prlimit for memlock is zero 🤔

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

$ sudo prlimit --pid=$$ --memlock=0
$ build/native/gcc/bin/fdctl get-identity --config src/app/fdctl/config/default.toml 
ERR     07-21 13:32:15.567030 278153 f0   0    src/app/shared/boot/fd_boot.c(45): mlock(0x7ffff7fc0000,4096) (1-EPERM-operation not permitted); unable to lock log file shared lock in memory

Sure enough, it's bad ... I'll fix it in a subsequent PR

ripatel-fd
ripatel-fd reviewed Jul 21, 2025
View reviewed changes
@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch from 5429b27 to f7dee4c Compare July 21, 2025 20:31
@huiskylabs
fdctl: add get-identity command to retrieve runtime validator identity
703b6b2 
Add new fdctl command to query the current runtime identity of a running
validator. This command reads the identity from the shred tile's shared
memory, which reflects any changes made by set-identity.

The implementation uses keyswitch state checking to prevent torn reads
during identity updates, ensuring we always get a consistent identity key.

Usage: fdctl get-identity

Returns the validator's current identity public key in base58 format.
@huiskylabs huiskylabs force-pushed the feat/fdctl-get-identity branch from f7dee4c to 703b6b2 Compare July 21, 2025 20:38
ripatel-fd
ripatel-fd approved these changes Jul 21, 2025
View reviewed changes
Copy link
Contributor

@ripatel-fd ripatel-fd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks

@huiskylabs
Copy link
Contributor Author

@mmcgee-jump I’ve updated this as suggested, mind to take another look if it looks good now? 🙏

@ripatel-fd ripatel-fd enabled auto-merge July 23, 2025 19:36
@ripatel-fd ripatel-fd dismissed mmcgee-jump’s stale review July 23, 2025 19:36

Changes addressed

@ripatel-fd ripatel-fd added this pull request to the merge queue Jul 23, 2025
Merged via the queue into firedancer-io:main with commit fe86296 Jul 23, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ripatel-fd ripatel-fd ripatel-fd approved these changes

@ptaffet-jump ptaffet-jump Awaiting requested review from ptaffet-jump ptaffet-jump is a code owner

@mmcgee-jump mmcgee-jump Awaiting requested review from mmcgee-jump mmcgee-jump is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@huiskylabs @mmcgee-jump @ripatel-fd