Krish1979
commented
3 years ago @nabbdl - Currently the same key can be used in more than one Tessera for only one purpose, to recycle the IP address associated with the key. To prevent the error of duplicate key, you need to enable enableRemoteKeyValidation flag in configuration, where the peers will rotate mapping the same key against two or more IP address of Tessera's using the same key on subsequent partying exchange.
Allowing peer nodes to map the same key against more than one Tessera presents lot of challenges:
If say Tessera A & B share same public key AB, and there is also Tessera C in the network
1) When Tessera C sends transaction privateFor key 'AB' , it will send to both Tessera A & B. What if Tessera B is down, should it fail the transaction or process it as success ? If your requirement is all Tessera nodes advertising the same key need to up all the time,, then you are adding more complexity and dependency and so it is not HA solution. If you are happy only one of them processing successful is fine,, then how will you keep Tessera A and Tessera B in same state in DB , unless they share the same DB. If they both are connected to the same Quorum ,, which Tessera should respond and again should Quorum deal with duplicates on response back from Tessera. There are many challenges in allowing multiple Tessera handle same key and the risk of mishandling far outweighs the advantage of this solution. If you think otherwise and have a detailed requirement, please feel free to reopen the request.
We are currently in the process of testing Quorum blockchain with the privacy. The underlying infrastructure deployment is multi-regions and all the surrounding applications are deployed in an HA way. For context we are deploying the chain in Kubernetes and we're using the latest version of Quorum and Tessera. Peerdiscovery is not used (static peerlist), each Tessera has its own dedicated IP. We need to deploy a resilient Quorum based blockchain. All Tessera are spread over multiple region and share the same identity. However when starting Tessera with the same ID (privatekey) we are facing the following error message : "Duplicate key PublicKey[..]Attempted merging values https://x.x.x.2:9001/ and https://x.x.x.3:9001/ ". We are aware that we are sharing the private key across the nodes (that's the main goal). https://github.com/ConsenSys/tessera/blob/7efd0633bc7cfdf6226cdd93e3bdeef86c82a837/tessera-partyinfo/src/main/java/com/quorum/tessera/partyinfo/node/NodeInfo.java#L11 This map create a unique relationship between IP and Key. Is there a way to support our use case ? We have seen the following setup in your documentation but this is not an option as we don't have a multi-region loadbalancer. https://docs.goquorum.consensys.net/en/stable/HowTo/Configure/HighAvailability/ if any code modification is necessary we'll be pleased to contribute.