[Merged by Bors] - Add listener that allows remote connections without mTLS #5418
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## develop #5418 +/- ##
=========================================
- Coverage 77.6% 77.6% -0.1%
=========================================
Files 267 267
Lines 30976 31059 +83
=========================================
+ Hits 24067 24109 +42
- Misses 5393 5421 +28
- Partials 1516 1529 +13 ☔ View full report in Codecov by Sentry. |
fasmat
force-pushed
the
allow-remote-post-without-tls
branch
2 times, most recently
from
e281bdd to
0110842
Compare
fasmat
force-pushed
the
allow-remote-post-without-tls
branch
4 times, most recently
from
a130f9f to
2e17094
Compare
poszu
reviewed
Jan 16, 2024
fasmat
force-pushed
the
allow-remote-post-without-tls
branch
2 times, most recently
from
787fabb to
9c8fdac
Compare
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 22, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Build failed:
|
|
bors merge |
|
Merge conflict. |
fasmat
force-pushed
the
allow-remote-post-without-tls
branch
from
0d153e9 to
92a1eaa
Compare
|
bors merge |
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 22, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Build failed (retrying...): |
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 22, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Build failed: |
|
grpc disconnects in bors merge |
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 22, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Build failed: |
|
bors merge |
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 22, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Build failed: |
|
bors merge |
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 22, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Build failed: |
|
bors merge |
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 22, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Build failed: |
|
bors merge |
spacemesh-bors bot
pushed a commit
that referenced
this pull request
Jan 23, 2024
## Motivation Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS. ## Changes - add new `grpcPostServer` that allows remote connection to a post service without setting up mTLS - Post is now available on `grpcPostServer` (default: 0.0.0.0:9094) to allow exposing it without mTLS and - on `grpcTLSServer` (no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future) - GRPC services are now true singletons - simplified code to instantiate and register in `node.go` during startup - updated GRPC `PostService` to allow connections from multiple post services. (prep. work for multiple smeshers) - `nipostBuilder` / `atxBuilder` can select the required client based on the node Id the post service reports after connecting - only one post service can connect per Node ID - Merged similar functionality of `grpc.NewPublic` and `grpc.NewPrivate` into one `grpc.NewWithServices` - function checks if listening IP is in a public network and prints a waring (displayed during startup) to ensure to be careful not to expose it over public networks - Expanded system tests to automatically add nodes with remote smeshing setups to all tests. - By default 25% of all nodes will be deployed in a remote setup (i.e. with a separate pod running the post service remotely and connecting to the node) - The node running the post service has an init container where `postcli` is used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from the `smesherConfig` that is deployed with every node and translated into parameters for `postcli` / `post-service` - systest Makefile has been updated with image names and tags for `post-service` and `postcli` - systest Dockerfile has been expanded to include `libpost`. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs) - Fixed a few minor issues with existing system tests - tests now generate the same number of keys as nodes are used during the test (1 per node) - `AddBootnodes` didn't keep track of the correct number of bootnodes after deployment ## Test Plan - Extended existing system tests to deploy 1/4 of the nodes during the test with a remote post service. ## TODO <!-- This section should be removed when all items are complete --> - [x] Explain motivation or link existing issue(s) - [x] Test changes and document test plan - [x] Update documentation as needed - [x] Update [changelog](../CHANGELOG.md) as needed
|
Pull request successfully merged into develop. Build succeeded: |
spacemesh-bors
bot
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation
Adds a new listener to allow remote post services to connect if they are within the same private network without having to setup mTLS.
Changes
grpcPostServerthat allows remote connection to a post service without setting up mTLSgrpcPostServer(default: 0.0.0.0:9094) to allow exposing it without mTLS andgrpcTLSServer(no default listening address) to allow exposing over insecure networks (to allow transmitting keys securely between node and post service in the future)node.goduring startupPostServiceto allow connections from multiple post services. (prep. work for multiple smeshers)nipostBuilder/atxBuildercan select the required client based on the node Id the post service reports after connectinggrpc.NewPublicandgrpc.NewPrivateinto onegrpc.NewWithServicespostcliis used to create the post data with the same setting as the node would use in a supervised setup. Those settings are picked from thesmesherConfigthat is deployed with every node and translated into parameters forpostcli/post-servicepost-serviceandpostclilibpost. This has unfortunately become necessary to parse the config used during system tests with the same code as we use during the startup of the node (to ensure compatibility with changing configs)AddBootnodesdidn't keep track of the correct number of bootnodes after deploymentTest Plan
TODO