Closed YuXiaoCoder closed 1 year ago
@YuXiaoCoder You are probably loading encrypted private keys from local disk, the decryption of these keys at web3signer start up takes time (depending upon the parameters in the encryption file). 300 encrypted keys decrypted within a minute is within expected parameters. The keys loaded from external vaults such as Hashicorp or Azure are already decrypted, i.e. they are stored as decrypted (raw) private key in these vaults. Hope this helps.
Let us know if you are not loading from local encrypted keys but actually attempting to load from Hashicorp vault?
Why do you limit the number of Keys loaded per batch to 10 and the maximum number of CPU cores that can be utilized to 5? https://github.com/Consensys/web3signer/blob/master/signing/src/main/java/tech/pegasys/web3signer/signing/config/SignerLoader.java#L262
@YuXiaoCoder We do limit to max of 5 "availableProcessors" as we have seen performance issues in past when we utilised all the cores.
We are simply reporting 10 keys (an arbitrary number), its not that we are only dealing with 10 keys per batch.
if (filesProcessed % FILES_PROCESSED_TO_REPORT == 0) {
LOG.info("{} signing metadata processed", filesProcessed);
}
Is there any local deployment documentation for HashiCorp? Also I didn't find how to configure the use of HashiCorp in the configuration file of Web3Signer, is it by visiting http://127.0.0.1:8200吗? https://docs.web3signer.consensys.net/how-to/store-keys-vaults/hashicorp
How can we improve CPU utilization if we continue to store the Key to local disk
@YuXiaoCoder this loading is a one-time (start up) operation. Once all keys are loaded then web3signer starts signing. If startup of web3signer is a concern, you can use unencrypted keys which loads within seconds as no decryption is involved.
https://docs.web3signer.consensys.net/how-to/store-keys-vaults/hashicorp assumes that you have Hashicorp vault already installed and setup vault locally.
You can check these third party docker compose examples (not endorsed by Consensys) that configures Hashicorp and Web3Signer in dockerized environment. https://github.com/usmansaleem/signers_docker_compose/tree/main/web3signer-hashicorp
Feel free to reach out on our Discord channel web3signer channel for further discussion (https://discord.gg/consensys) or reopen this or a new issue in github repo.
My node has 8 CPUs, I added JAVA_OPTS, there are 298 Keys in total, it takes 1 minute to finish loading, I refer to this ISSUE (https://github.com/Consensys/web3signer/issues/786) and found that others load 5000 Keys only It takes 7 seconds, I'm not sure what I'm configuring wrong.
The configuration file is as follows