You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#34 restricted reth's RPC namespaces in deploy_gcp/templates/supervisor.conf from all to eth,net,web3 (correctly — Veridise 1202, and this matches upstream reth's default Standard
selection). But the join flow depends on the admin namespace: when deploying a node with BOOTNODE_RPC set, the DEPLOY_SUPERVISOR step calls fetch_enode()
(deploy_gcp/seismic_deploy/network/bootnode.py), which issues admin_nodeInfo against the
bootnode's public /rpc to learn the enode injected into the new node's --bootnodes flag.
Against any bootnode running the post-#34 config, that call fails with JSON-RPC -32601 Method not found, aborting the deploy at DEPLOY_SUPERVISOR.
When it bites
Deploying a joining node against a bootnode that has been (re)deployed with the post-fix(rpc): restrict node RPC to eth,net,web3 instead of all namespaces (Veridise 1202) #34 supervisor.conf. Bootnodes still running the old config keep working until their supervisor
config is next redeployed — a time bomb, not an immediate outage. Check a live node with:
Every read path is closed, not just the public one:
--http.api applies to the whole HTTP server, so SSH + curl localhost:8545 is equally
restricted; nothing in eth/net/web3 returns the enode.
supervisor.conf passes --ipcdisable, so the geth-style "attach over IPC" path is off
(--auth-ipc is engine-API only, no admin).
The enode startup log is commented out in seismic-reth
(crates/seismic/node/src/node.rs — upstream ethereum/optimism launchers log enode=… "P2P networking initialized" at info; the seismic launcher has the line disabled),
so SSH + grep-the-logs is dead too.
Discovery is no help: the mesh is discv5-only with the seismic fork-id
(--disable-discv4-discovery --disable-dns-discovery), so there is no public DHT to consult,
and crawling our own DHT requires already knowing one live ENR — circular.
The only remaining extraction on a live post-#34 GCP node is SSH + copy the reth discovery-secret from the datadir and derive the secp256k1 pubkey offline. The enode itself is
public-by-design information (it's advertised to every discovery peer); the problem is purely
that its only query method lives in a namespace full of mutating methods (admin_addPeer, …)
that must not be public, and reth's API selection is namespace-granular.
Options
A. Un-deprecate BOOTNODE_ENODE (proposed short-term fix). Restore it as a first-class
config field: when set, skip fetch_enode and use it directly. The operator obtains the enode
out-of-band from whoever runs the bootnode — the normal Ethereum posture (mainnet bootnodes are
published in client source; private networks paste enodes from local admin.nodeInfo/logs).
Note the current backward-compat shim in config.py parses BOOTNODE_ENODE but silently
discards the value (it only feeds the deprecation warning), so this is restoring a code path,
not deleting a warning. BOOTNODE_RPC stays preferred when it works (it also serves fetch_checkpoint, and the enode is volatile across key/IP changes while the RPC URL is
stable).
B. Expose the enode via the seismic namespace (durable fix, follow-up). The seismic
namespace is registered with merge_configured in seismic-reth
(crates/seismic/node/src/node.rs), so it is served regardless of --http.api. A read-only seismic_nodeInfo (enode/ENR only, no admin baggage) would make fetch_enode work again
against the restricted surface with a one-line method swap. Requires a seismic-reth PR and a
binary rollout, hence not the immediate fix. The TEE deploy flow has the same "learn a sealed
node's enode without public admin" need, so this primitive pays for itself twice.
C. Re-enable IPC and fetch over SSH. Drop --ipcdisable and query admin_nodeInfo over the
unix socket via SSH. Works only when the deploying operator has SSH access to the bootnode (not
true for cross-operator joins), adds an SSH dependency to a step that didn't have one, and is a
dead end for the TEE deployment target: sealed TEE nodes have no SSH at all, so any solution
built on it stops at the GCP fleet. Mentioned for completeness; not recommended.
D. Restore the enode startup log in seismic-reth (independent, trivial). Re-enable the
commented-out info! line in the seismic launcher so the enode lands in the service log like
upstream. Not a fix for the CLI flow, but it restores the standard operational escape hatch on
any box where logs are readable, and costs one line.
Recommendation
A + D now, B as follow-up. Either way fetch_enode should fail with a hint ("bootnode does
not serve admin_nodeInfo; set BOOTNODE_ENODE obtained from the bootnode operator") rather
than a raw -32601.
What broke
#34 restricted reth's RPC namespaces in
deploy_gcp/templates/supervisor.conffromalltoeth,net,web3(correctly — Veridise 1202, and this matches upstream reth's defaultStandardselection). But the join flow depends on the
adminnamespace: when deploying a node withBOOTNODE_RPCset, theDEPLOY_SUPERVISORstep callsfetch_enode()(
deploy_gcp/seismic_deploy/network/bootnode.py), which issuesadmin_nodeInfoagainst thebootnode's public
/rpcto learn the enode injected into the new node's--bootnodesflag.Against any bootnode running the post-#34 config, that call fails with JSON-RPC
-32601 Method not found, aborting the deploy atDEPLOY_SUPERVISOR.When it bites
Deploying a joining node against a bootnode that has been (re)deployed with the post-fix(rpc): restrict node RPC to eth,net,web3 instead of all namespaces (Veridise 1202) #34
supervisor.conf. Bootnodes still running the old config keep working until their supervisorconfig is next redeployed — a time bomb, not an immediate outage. Check a live node with:
Re-runs against an already-deployed network are masked by the state-file cache
(
bootnode_enodein<conf_dir>/<node_name>.state.json).fetch_checkpoint(summit endpoint) is unaffected.A post-#34 node exposes its enode nowhere
Every read path is closed, not just the public one:
--http.apiapplies to the whole HTTP server, so SSH +curl localhost:8545is equallyrestricted; nothing in
eth/net/web3returns the enode.supervisor.confpasses--ipcdisable, so the geth-style "attach over IPC" path is off(
--auth-ipcis engine-API only, noadmin).(
crates/seismic/node/src/node.rs— upstream ethereum/optimism launchers logenode=… "P2P networking initialized"at info; the seismic launcher has the line disabled),so SSH + grep-the-logs is dead too.
seismicfork-id(
--disable-discv4-discovery --disable-dns-discovery), so there is no public DHT to consult,and crawling our own DHT requires already knowing one live ENR — circular.
The only remaining extraction on a live post-#34 GCP node is SSH + copy the reth
discovery-secretfrom the datadir and derive the secp256k1 pubkey offline. The enode itself ispublic-by-design information (it's advertised to every discovery peer); the problem is purely
that its only query method lives in a namespace full of mutating methods (
admin_addPeer, …)that must not be public, and reth's API selection is namespace-granular.
Options
A. Un-deprecate
BOOTNODE_ENODE(proposed short-term fix). Restore it as a first-classconfig field: when set, skip
fetch_enodeand use it directly. The operator obtains the enodeout-of-band from whoever runs the bootnode — the normal Ethereum posture (mainnet bootnodes are
published in client source; private networks paste enodes from local
admin.nodeInfo/logs).Note the current backward-compat shim in
config.pyparsesBOOTNODE_ENODEbut silentlydiscards the value (it only feeds the deprecation warning), so this is restoring a code path,
not deleting a warning.
BOOTNODE_RPCstays preferred when it works (it also servesfetch_checkpoint, and the enode is volatile across key/IP changes while the RPC URL isstable).
B. Expose the enode via the
seismicnamespace (durable fix, follow-up). Theseismicnamespace is registered with
merge_configuredin seismic-reth(
crates/seismic/node/src/node.rs), so it is served regardless of--http.api. A read-onlyseismic_nodeInfo(enode/ENR only, noadminbaggage) would makefetch_enodework againagainst the restricted surface with a one-line method swap. Requires a seismic-reth PR and a
binary rollout, hence not the immediate fix. The TEE deploy flow has the same "learn a sealed
node's enode without public
admin" need, so this primitive pays for itself twice.C. Re-enable IPC and fetch over SSH. Drop
--ipcdisableand queryadmin_nodeInfoover theunix socket via SSH. Works only when the deploying operator has SSH access to the bootnode (not
true for cross-operator joins), adds an SSH dependency to a step that didn't have one, and is a
dead end for the TEE deployment target: sealed TEE nodes have no SSH at all, so any solution
built on it stops at the GCP fleet. Mentioned for completeness; not recommended.
D. Restore the enode startup log in seismic-reth (independent, trivial). Re-enable the
commented-out
info!line in the seismic launcher so the enode lands in the service log likeupstream. Not a fix for the CLI flow, but it restores the standard operational escape hatch on
any box where logs are readable, and costs one line.
Recommendation
A + D now, B as follow-up. Either way
fetch_enodeshould fail with a hint ("bootnode doesnot serve
admin_nodeInfo; setBOOTNODE_ENODEobtained from the bootnode operator") ratherthan a raw
-32601.