Extend RPC to unban peers #9918
Comments
|
mfornet commented: To `unban` peers in this way nodes will need to restart to apply the changes. Another option is adding this function to our RPC, however it needs to be protected, for example, to make an unban request it should be signed with the secret key from the node. by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
|
ilblackdragon commented: I was thinking indeed stop & start node, as this is not normal operation. But through RPC might be useful. If we are going that way, we would want to have API_KEY (signing is complicated and ideally calling RPCs should not happen from the node which means there won't be any keys). We can use http base authentication in RPC for this, e.g. `curl https://x:@rpc-host/unban` But I don't think we should do this for Phase 1, to let's keep this in Icebox for now. by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
|
mfornet commented: What is the best workflow to generate and validate an `API_KEY`? It needs to be generated directly with our binary from the node. I see two ways to do this:
I think, the first variant is strictly better. Ok with doing this after phase 1\. This entire mechanism will be useful not only for ban/unban peers, but with other private functionalities we want to expose through RPC. by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
|
frol commented: Alternatively, we can implement a separate RPC server using a separate TCP port, by default listening on 127.0.0.1, so there is no way to suddenly expose the RPC to the outside world. Exposing this RPC then can be done with a reverse-proxy basic auth configuration or even a custom managing service. This way we don't need to roll out yet another key management. by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
|
stale[bot] commented: This issue has been automatically marked as stale because it has not had recent activity in the last 2 months. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
1 similar comment
|
stale[bot] commented: This issue has been automatically marked as stale because it has not had recent activity in the last 2 months. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
|
frol commented: @janewang I want to bring this up to NodeX team awareness. I feel that there might be a need for granular administration of a running node through a dedicated admin RPC. We already have adversarial features hidden under a compilation flag, which might also be moved under this admin RPC. by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
|
bowenwang1996 commented: > If some peers got banned, it's really hard to unban them right now. That is actually not the case. You can change `ban_window` in config.json to a small number (such as 1s) to unban peers by 557058:c020323a-70e4-4c07-9ccc-3ad89b1c02ec |
|
Closing as duplicate of #2850. |
If some peers got banned, it's really hard to unban them right now. Given it sometimes happens due to issues with network, it would be good to be able to restore them back. Ideally this tool should be inside `neard` to not require another binary.
ND-40 created by None
The text was updated successfully, but these errors were encountered: