-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Operator node reachability scanner #506
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we just add an API to dataapi for this check? It shouldn't need another server and new interface under api/
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Few comments:
- Can we move this under
tools/
directory? - I think it should have some automated testing
8ce4434
to
e2236b4
Compare
|
e9eb1bd
to
fdc52a8
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LG
@@ -586,6 +599,36 @@ func (s *server) FetchDeregisteredOperators(c *gin.Context) { | |||
}) | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we need another API which takes the socket as parameter? That could be used by CLI before registration.
This OperatorPortCheck
will still be useful for creating a metric at Node to check reachability periodically.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Adding generic socket port check opens the door to it being abused as a general purpose penetration testing service. Forcing operator_id avoids a swath of potential attacks on the endpoint/dataapi in general.
aba080f
to
2734155
Compare
200 OK
404 Not Found
|
272d5f8
to
1063b0a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM! We can add a metric to node based on this API
2e697bd
to
07e5a6f
Compare
…rt scans from the EigenDA backend to validate e2e reachability. ``` ┌─────────────────────────────────────────────┐ ┌─────────────────────────────────────────────┐ │ │ │ │ │ EigenDA Operator Node │ │ EigenDA Operator Node │ │ │ │ │ │ │ │ │ └───────┬────────▲────────────────▲───────────┘ └───────┬─────────────────────────────────────┘ ┌───────┴────────┴────────────────┴───────────┐ ┌───────┴─────────────────────────────────────┐ │ Operator Firewall Allowing 32005 │ │ Operator Firewall Blocking 32005 │ └───────┬────────┬────────────────┬───────────┘ └───────┬─────────────────────────────────────┘ │ │ │ │ X X PortCheck │ │ PortCheck │ │ Request │ │ Request │ │ 32005 │ │ 32005 │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ │ Reachability Dispersal │ Reachability Dispersal │ Check Request │ Check Request │ 32005 32005 │ 32005 32005 ┌───────┴────────┴────────────────┴───────────┐ ┌───────┴────────┴────────────────┴───────────┐ │ Nat Gateway │ │ Nat Gateway │ └───────┬────────┬────────────────┬───────────┘ └───────┬────────┬────────────────┬───────────┘ ┌───────┼────────┼────────────────┼───────────┐ ┌───────┼────────┼────────────────┼───────────┐ │ │ │ │ │ │ │ │ │ │ │ ▼ │ │ │ │ ▼ │ │ │ │ ┌──────────────┴────┐┌──────────┴────────┐ │ │ ┌──────────────┴────┐┌──────────┴────────┐ │ │ │ ││ │ │ │ │ ││ │ │ │ │ dataapi ││ disperser │ │ │ │ dataapi ││ disperser │ │ │ │ ││ │ │ │ │ ││ │ │ │ └───────────────────┘└───────────────────┘ │ │ └───────────────────┘└───────────────────┘ │ │ EigenDA VPC │ │ EigenDA VPC │ └─────────────────────────────────────────────┘ └─────────────────────────────────────────────┘ ```
07e5a6f
to
cb67a1e
Compare
Fix tests
c8bdcf4
to
6c789dc
Compare
The EigenDA Node Reachability Scanner allows Operators to initiate port scans from the EigenDA backend to validate e2e reachability.