Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Port ams-ps probe-services related endpoints over to new pattern for deployment in ECS #907

Open
hellais opened this issue Jan 6, 2025 · 1 comment
Open

Port ams-ps probe-services related endpoints over to new pattern for deployment in ECS #907

hellais opened this issue Jan 6, 2025 · 1 comment
Assignees
@LDiazN
Labels
funder/otfcred2025 priority/medium

Comments

@hellais
Copy link
Member

hellais commented Jan 6, 2025
edited
Loading

The ams-ps.ooni.nu host runs some the old OONI Orchestra component: https://github.com/ooni/orchestra.

In reality only the "registry" component of orchestra is being used, this is what the nginx configuration on backend-fsn looks like:

  location ~^/api/v1/(login|register|update) {
      proxy_http_version 1.1;
      proxy_set_header Host $http_host;
      proxy_set_header X-Real-IP $external_remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_read_timeout 900;

      proxy_pass https://registry.ooni.io:443;
  }

The goal of the registry is to provide a method for probes to register, login and update their probe metadata, such that we are able to implement access control for gaining access to the tor test helper configuration. This was implemented at a time when:

  1. We needed the push notification tokens as we were using our own custom push notification solution instead of countly
  2. We would be giving out private bridges to probes

Both of these are no longer true and so the login, register and update no longer serve a true purpose.

That said, probes expect these endpoints to work and so we still need to somehow serve responses for them otherwise they risk breaking. That's why we implemented in the API what is effectively a noop for these endpoints, however we haven't yet made the switch over to them (see: https://github.com/ooni/backend/blob/master/api/ooniapi/probe_services.py#L438).

Since we have quite a bit of work related to authenticating probes as part of the anonymous credentials project, it would probably be wise to decouple this piece from the monolith backend and integrate it into a separate component that we deploy using the new pattern.

This will set us up nicely to be able to then place the anonymous credentials code inside of it. Moreover, since probes are submitting metadata about their probe as part of this request, we can also use this endpoint to measure inconsistencies related to probe metadata and public IPs of probes (as per: ooni/ooni.org#1646)

This is related to being able to discontinue ams-ps: #892.
@hellais hellais self-assigned this Jan 6, 2025
@hellais hellais changed the title Port ams-ps related endpoints over to AWS API Port ams-ps probe-services related endpoints over to new pattern for deployment in ECS Jan 8, 2025
@hellais hellais moved this to Backlog in Sprint Planning Jan 8, 2025
@hellais hellais assigned LDiazN and unassigned hellais Jan 8, 2025
@hellais
Copy link
Member Author

hellais commented Jan 8, 2025
edited
Loading

We should put this inside of the OONI probe component: https://github.com/ooni/backend/tree/master/ooniapi/services/ooniprobe

@LDiazN LDiazN mentioned this issue Jan 17, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LDiazN LDiazN

Labels
funder/otfcred2025 priority/medium
Projects
Sprint Planning
Status: Backlog
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hellais @LDiazN