lightning icon indicating copy to clipboard operation
lightning copied to clipboard
verified publisher icon ElementsProject

plugins/grpc: default value for grpc port

Open jackstar12 opened this issue 1 year ago • 5 comments

The gRPC server will always start this way. Current port choice is arbitrary, open to suggestions.

closes: #7473

jackstar12 avatar Jul 21 '24 20:07 jackstar12

The change in the behavior appears to cause the cln-grpc-plugin to terminate almost immediately which is causing the tests to also fail right away. Can you check what is causing the plugin to exit?

cdecker avatar Jul 31 '24 08:07 cdecker

Can you check what is causing the plugin to exit?

The test is starting two nodes and both are now trying to use the default port 9736 for the cln-grpc plugin which is causing one of them to crash

jackstar12 avatar Aug 12 '24 15:08 jackstar12

So, when people upgrade they will have a new random port open to the internet?

I know @michael1011 wants this, but would it be sufficient to open a localhost-bound port by default in this case?

rustyrussell avatar Aug 13 '24 03:08 rustyrussell

So, when people upgrade they will have a new random port open to the internet?

I know @michael1011 wants this, but would it be sufficient to open a localhost-bound port by default in this case?

@rustyrussell that's a very valid point. What about adding an option to configure the host on which the plugin will listen and defaulting that to 127.0.0.1?

Edit: I can't think of any other sensible option, so let's do that. The only concern is that it's a breaking change for all existing CLNs that have a gRPC port configured and expect the plugin to listen on 0.0.0.0.

michael1011 avatar Aug 13 '24 09:08 michael1011

@jackstar12 Thanks for the PR. Just FYI, I reordered the commits to move 'set default grpc-host to localhost' before the tests. This ensures that test_clnrest with l1.daemon.wait_for_logs([r'serving grpc on 127.0.0.1:' does not fail.

ACK 467fbaa7b920767c22f6315ccd34babc0d40d8f7.

ShahanaFarooqui avatar Oct 10 '24 22:10 ShahanaFarooqui

Only problem now is that this will break existing setups which set grpc-port and do an upgrade!

Suggest that the default grpc-host be localhost IF the port is not specified, otherwise 0.0.0.0?

rustyrussell avatar Nov 01 '24 01:11 rustyrussell

Only problem now is that this will break existing setups which set grpc-port and do an upgrade!

Suggest that the default grpc-host be localhost IF the port is not specified, otherwise 0.0.0.0?

Shouldn't we instead encourage existing users to explicitly configure their grpc-host to limit their node's exposure? New users who wish to run cln-grpc on a custom port may unintentionally expose their node on 0.0.0.0 if they assume the default grpc-host setting of localhost applies universally. We can update the docs to make this clearer, but it might be a good idea to ask existing users to set their grpc-host intentionally and understand the risks.

ShahanaFarooqui avatar Nov 01 '24 19:11 ShahanaFarooqui

While the suggestion from @rustyrussell would maintain backward compatibility, it could become burdensome in the future and complicated to explain in the documentation. So, I think it's easier to simply mention the change in the release notes and have all gRPC users verify whether it affects their setup.

jackstar12 avatar Nov 02 '24 11:11 jackstar12