search

akash-network / community

Starting point for joining and contributing to building Akash Network
MIT License
55 stars 28 forks source link

[Provider Audit] provider.akash01.rocklogic.at #650

Closed stefa2k closed 1 month ago

stefa2k commented 3 months ago

Prerequisite Steps:

1. Make sure your provider has community provider attributes and your contact details (email, website):

  Example:
  $ provider-services query provider get akash1<REDACTED> -o text
  ...
  attributes:
  ...
  - key: host
  value: akash
  - key: tier
  value: community
  info:
    email: "<your email>"
    website: "<your website>"

Ref documentation:.

2. Make sure your provider *.ingress resolves to your provider IP (ideally worker node IP)

host <anything>.ingress.<yourdomain>

Example:

$ host anything.ingress.akash.pro
anything.ingress.akash.pro is an alias for nodes.akash.pro.
nodes.akash.pro has address 65.108.6.185

3. Please make sure your Akash provider doesn't block any Akash specific ports.

Audit Steps:

1. Title the issue: " [Provider Audit]: Provider Address" (e.g. "[Provider Audit]: provider.europlots.com")

2. Wait for response via comments. If no issues during provider Audit, process will be complete, provider should start bidding on leases, and Audit ticket will be closed.

3. If there are issues during the provider Audit, debug those issues, and Audit will be complete.

4. Audit Issue will be closed by core team member.

Leave contact information (optional)

  1. Stefan Kobrc
  2. Discord: stefa2k.eth TG: stefa2k
  3. stefan.kobrc@rocklogic.at
shimpa1 commented 3 months ago

hi @stefa2k ,

First of all, very nice provider, welcome to Akash. The provider seems to be working correctly. There are a few administrative things to do before it can get signed. The provider attributes need to be correct and the contact information needs to be present.

If you used Praetor to install the provider: edit the /root/praetor/provider.yaml file

If you used the standard Helm installation method, please edit the file /root/provider/provider.yaml

In both cases add the contact information (do not confuse that with attributes)

info: email: "akash@rocklogic.at" website: "https://www.rocklogic.at/"

Second, since your provider does not have persistent storage, the attributes pertaining to that need to be removed. Remove the following: - key: capabilities/storage/3/class value: beta3

When done, apply these changes with helm upgrade --install akash-provider akash/provider -n akash-services -f provider.yaml --set bidpricescript="$(cat ~/provider/price_script_generic.sh | openssl base64 -A)"

After these steps have been completed, we can continue.

thank you!

stefa2k commented 3 months ago

@shimpa1 , thank you for your detailed review. I believe we are ready to proceed, the requested changes have been applied.

shimpa1 commented 3 months ago

Looks like there's still the contact information missing:

`provider-services query provider get akash17cpl96lyk69pg50ys0w8dqjkcu95hlj8fgxnce attributes:

The info: part needs to be populated as well (check my first message). Just append these lines to your provider.yaml:

email: "akash@rocklogic.at" website: "https://www.rocklogic.at/" and then apply helm upgrade --install akash-provider akash/provider -n akash-services -f provider.yaml --set bidpricescript="$(cat ~/provider/price_script_generic.sh | openssl base64 -A)"

stefa2k commented 3 months ago

the file looks like this now:

info:
email: "akash@rocklogic.at"
website: "https://www.rocklogic.at/"
attributes:
    - key: organization
      value: RockLogic GmbH
    - key: arch
      value: amd64
    - key: email
      value: akash@rocklogic.at
    - key: website
      value: https://www.rocklogic.at/
    - key: location-region
      value: eu-central
    - key: country
      value: AT
    - key: location-type
      value: colo
    - key: capabilities/cpu
      value: amd
    - key: capabilities/memory
      value: ddr5ecc
    - key: network-speed-up
      value: 500
    - key: network-speed-down
      value: 500
    - key: tier
      value: community
    - key: capabilities/cpu/arch
      value: x86-64
    - key: host
      value: akash

I guess I got confused with the intendings, had the email and website as a sub of info.

shimpa1 commented 3 months ago

Excellent, `provider-services query provider get akash17cpl96lyk69pg50ys0w8dqjkcu95hlj8fgxnce attributes:

@andy108369 Provider akash17cpl96lyk69pg50ys0w8dqjkcu95hlj8fgxnce ready to be signed.

stefa2k commented 3 months ago

I'd like to request to remove the audit tag, we are facing some issues with the akash services in k8s and need some time to understand how to resolve and how to mitigate the risk properly.

shimpa1 commented 3 months ago

No need to remove the audited flag, unless you plan to remove the provider permanently. If you want to tell me about the issues you are having, we can get in touch on Discord or if you think it's more serious, you can open a GitHub issue explaining your concerns.

stefa2k commented 3 months ago

The issue is - as far as we can tell right now - with the akash services jumping servers and losing the ability to serve the public endpoint. We are now in the process of resolving this. The setup is currently a akash mgr server with one public ipv4 address and multiple worker servers without dedicated public ipv4 addresses.

Because we also want to offer public ipv4 addresses we anyway need to rethink the setup.

I'll keep you posted.

shimpa1 commented 3 months ago

Akash provider pod (any any other service for that matter) will always be reachable regardless which physical server it's running on as long as one (or more) provider worker nodes are publicly reachable (ports 80, 443, 8443, 8444, 30000-32767 TCP).

Sounds good. If you want to discuss system architecture let me know we can set up a short meeting.

andy108369 commented 1 month ago

provider isn't alive, cannot sign it:

$ nc -vz provider.akash01.rocklogic.at 8443
nc: connect to provider.akash01.rocklogic.at (80.249.120.193) port 8443 (tcp) failed: No route to host

Closing for now... Please feel free to reopen.