fix(node): gracefully clean up iota-node validator components

[semenov-vladyslav]

Description of change

After a validator node leaves the committee, a few resources in validator components are leaked including metrics and grpc server. If the node will try to re-join the committee it will crash due to resources already being in use.

This PR:

• changes the way validator metrics are registered: a dedicated registry is used instead of default one;
• adds a graceful shutdown of validator grpc server and metrics registry clean up during reconfiguration when a validator leaves the committee;
• adds a reproducer test.

Notes

There are a few ways to handle metrics issue:

• ignore AlreadyReg error while trying to re-register metrics with the default registry; requires special unwrap handling for each metric;
• unregister individual metrics with the default registry; the existing components do not provide such functionality; requires unregistering all individual metrics;
• use a dedicated registry and remove it entirely from the registry service once node is not validator anymore; this seems to be the easiest and cleanest way.

⚠️ There may be other undetected resources leaking that do not cause error if validator components are re-created.

Links to any relevant issues

Fixes #6277.

Type of change

• Bug fix (a non-breaking change which fixes an issue)

How the change has been tested

scripts/simtest/cargo-simtest simtest --package iota-e2e-tests --test "reconfiguration_tests" --profile ci -- test_reconfig_with_same_validator

Change checklist

• I have followed the contribution guidelines for this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have added tests that prove my fix is effective or that my feature works
• I have checked that new and existing unit tests pass locally with my changes

Release Notes

• Protocol:
• Nodes (Validators and Full nodes): Fixed a bug causing iota-node to crash after re-joining the consensus committee as validator.
• Indexer:
• JSON-RPC:
• GraphQL:
• CLI:
• Rust SDK:
• REST API:

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

4 Skipped Deployments

Name	Status	Preview	Comments	Updated (UTC)
apps-backend	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2025 8:32am
apps-ui-kit	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2025 8:32am
rebased-explorer	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2025 8:32am
wallet-dashboard	⬜️ Ignored (Inspect)	Visit Preview		May 22, 2025 8:32am

[jkrvivian]

Good catch on the grpc server cancellation!! 🤯

[piotrm50]

lgtm

[nmrshll]

Would it make sense to make the return type a struct ? so both return values can be named ? (just for clarity & knowing what they are, wouldn't change functionality)

[nmrshll]

I suppose unwrapping is okay here since this only gets run once at node startup ? Also should we use expect instead of unwrap to add error context ?

[nmrshll]

Actually, cancel_handle seems to always contain a handle (at least until using take() the first time):
https://vscode.dev/github/iotaledger/iota/blob/node/fix-6277-revalidator-crash/crates/iota-network-stack/src/server.rs#L210

Would it then make sense to implement cancel() on the server itself ? e.g. grpc_server.cancel() or grpc_server.shutdown() ? then the server can handle the logic of take()-ing its own cancel handle ,and just emit a warning if it's already received a cancel order previously ?

Again this wouldn't really change the logic, it's just for clarity, so it's also fine with me if we don't want to spend time on changing this

[bingyanglin]

LGTM!