Warn operators about upcoming unknown amendments:

* When an unknown amendment reaches majority, log an error-level message, and return a `warnings` array on all successful admin-level RPC calls to `server_info` and `server_state` with a message describing the problem, and the expected deadline. * In addition to the `amendment_blocked` flag returned by `server_info` and `server_state`, return a warning with a more verbose description when the server is amendment blocked. * Check on every flag ledger to see if the amendment(s) lose majority. Logs again if they don't, resumes normal operations if they did. The intention is to give operators earlier warning that their instances are in danger of being amendment blocked, which will hopefully motivate them to update ahead of time.
2025-12-06 17:27:55 +00:00 · 2020-01-09 19:04:20 -05:00
parent 4315913a5d
commit 5ff23f8f31
11 changed files with 418 additions and 50 deletions
--- a/src/ripple/app/ledger/impl/LedgerMaster.cpp
+++ b/src/ripple/app/ledger/impl/LedgerMaster.cpp
@@ -308,12 +308,38 @@ LedgerMaster::setValidLedger(
    app_.getSHAMapStore().onLedgerClosed (getValidatedLedger());
    mLedgerHistory.validatedLedger (l, consensusHash);
    app_.getAmendmentTable().doValidatedLedger (l);
-    if (!app_.getOPs().isAmendmentBlocked() &&
-        app_.getAmendmentTable().hasUnsupportedEnabled ())
+    if (!app_.getOPs().isAmendmentBlocked())
    {
-        JLOG (m_journal.error()) <<
-            "One or more unsupported amendments activated: server blocked.";
-        app_.getOPs().setAmendmentBlocked();
+        if (app_.getAmendmentTable().hasUnsupportedEnabled())
+        {
+            JLOG(m_journal.error()) << "One or more unsupported amendments "
+                "activated: server blocked.";
+            app_.getOPs().setAmendmentBlocked();
+        }
+        else if (!app_.getOPs().isAmendmentWarned() || ((l->seq() % 256) == 0))
+        {
+            // Amendments can lose majority, so re-check periodically (every
+            // flag ledger), and clear the flag if appropriate. If an unknown
+            // amendment gains majority log a warning as soon as it's
+            // discovered, then again every flag ledger until the operator
+            // upgrades, the amendment loses majority, or the amendment goes
+            // live and the node gets blocked. Unlike being amendment blocked,
+            // this message may be logged more than once per session, because
+            // the node will otherwise function normally, and this gives
+            // operators an opportunity to see and resolve the warning.
+            if (auto const first =
+                    app_.getAmendmentTable().firstUnsupportedExpected())
+            {
+                JLOG(m_journal.error()) << "One or more unsupported amendments "
+                                           "reached majority. Upgrade before "
+                                        << to_string(*first)
+                                        << " to prevent your server from "
+                                           "becoming amendment blocked.";
+                app_.getOPs().setAmendmentWarned();
+            }
+            else
+                app_.getOPs().clearAmendmentWarned();
+        }
    }
 }