Skip to content

fetch_enode broken since #34 — and post-#34 nodes expose their enode nowhere #63

Description

@samlaf

What broke

#34 restricted reth's RPC namespaces in deploy_gcp/templates/supervisor.conf from all to
eth,net,web3 (correctly — Veridise 1202, and this matches upstream reth's default Standard
selection). But the join flow depends on the admin namespace: when deploying a node with
BOOTNODE_RPC set, the DEPLOY_SUPERVISOR step calls fetch_enode()
(deploy_gcp/seismic_deploy/network/bootnode.py), which issues admin_nodeInfo against the
bootnode's public /rpc to learn the enode injected into the new node's --bootnodes flag.

Against any bootnode running the post-#34 config, that call fails with JSON-RPC
-32601 Method not found, aborting the deploy at DEPLOY_SUPERVISOR.

When it bites

  • Deploying a joining node against a bootnode that has been (re)deployed with the post-fix(rpc): restrict node RPC to eth,net,web3 instead of all namespaces (Veridise 1202) #34
    supervisor.conf. Bootnodes still running the old config keep working until their supervisor
    config is next redeployed — a time bomb, not an immediate outage. Check a live node with:

    curl -s https://<node-fqdn>/rpc -H 'Content-Type: application/json' \
      -d '{"jsonrpc":"2.0","method":"admin_nodeInfo","params":[],"id":1}'
  • Re-runs against an already-deployed network are masked by the state-file cache
    (bootnode_enode in <conf_dir>/<node_name>.state.json).

  • fetch_checkpoint (summit endpoint) is unaffected.

A post-#34 node exposes its enode nowhere

Every read path is closed, not just the public one:

  • --http.api applies to the whole HTTP server, so SSH + curl localhost:8545 is equally
    restricted; nothing in eth/net/web3 returns the enode.
  • supervisor.conf passes --ipcdisable, so the geth-style "attach over IPC" path is off
    (--auth-ipc is engine-API only, no admin).
  • The enode startup log is commented out in seismic-reth
    (crates/seismic/node/src/node.rs — upstream ethereum/optimism launchers log
    enode=… "P2P networking initialized" at info; the seismic launcher has the line disabled),
    so SSH + grep-the-logs is dead too.
  • Discovery is no help: the mesh is discv5-only with the seismic fork-id
    (--disable-discv4-discovery --disable-dns-discovery), so there is no public DHT to consult,
    and crawling our own DHT requires already knowing one live ENR — circular.

The only remaining extraction on a live post-#34 GCP node is SSH + copy the reth
discovery-secret from the datadir and derive the secp256k1 pubkey offline. The enode itself is
public-by-design information (it's advertised to every discovery peer); the problem is purely
that its only query method lives in a namespace full of mutating methods (admin_addPeer, …)
that must not be public, and reth's API selection is namespace-granular.

Options

A. Un-deprecate BOOTNODE_ENODE (proposed short-term fix). Restore it as a first-class
config field: when set, skip fetch_enode and use it directly. The operator obtains the enode
out-of-band from whoever runs the bootnode — the normal Ethereum posture (mainnet bootnodes are
published in client source; private networks paste enodes from local admin.nodeInfo/logs).
Note the current backward-compat shim in config.py parses BOOTNODE_ENODE but silently
discards the value
(it only feeds the deprecation warning), so this is restoring a code path,
not deleting a warning. BOOTNODE_RPC stays preferred when it works (it also serves
fetch_checkpoint, and the enode is volatile across key/IP changes while the RPC URL is
stable).

B. Expose the enode via the seismic namespace (durable fix, follow-up). The seismic
namespace is registered with merge_configured in seismic-reth
(crates/seismic/node/src/node.rs), so it is served regardless of --http.api. A read-only
seismic_nodeInfo (enode/ENR only, no admin baggage) would make fetch_enode work again
against the restricted surface with a one-line method swap. Requires a seismic-reth PR and a
binary rollout, hence not the immediate fix. The TEE deploy flow has the same "learn a sealed
node's enode without public admin" need, so this primitive pays for itself twice.

C. Re-enable IPC and fetch over SSH. Drop --ipcdisable and query admin_nodeInfo over the
unix socket via SSH. Works only when the deploying operator has SSH access to the bootnode (not
true for cross-operator joins), adds an SSH dependency to a step that didn't have one, and is a
dead end for the TEE deployment target: sealed TEE nodes have no SSH at all, so any solution
built on it stops at the GCP fleet. Mentioned for completeness; not recommended.

D. Restore the enode startup log in seismic-reth (independent, trivial). Re-enable the
commented-out info! line in the seismic launcher so the enode lands in the service log like
upstream. Not a fix for the CLI flow, but it restores the standard operational escape hatch on
any box where logs are readable, and costs one line.

Recommendation

A + D now, B as follow-up. Either way fetch_enode should fail with a hint ("bootnode does
not serve admin_nodeInfo; set BOOTNODE_ENODE obtained from the bootnode operator") rather
than a raw -32601.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions