Integrate trustedcoin clightning plugin

[seberm]

This PR tries to add a trustedcoin support into the nix-bitcoin.

The work is based on PRs:

• clightning: add trustedcoin plugin #533
• cln: add alternative bitcoin backend config option #583

The code is rebased on current master.

I have removed the clightning.useBcli option and replaced it with clightning.useBitcoind. When setting this option to true, the bitcoind unit is forcerly disabled and clightning.plugins.trustedcoin.enabled is set to true as suggested in #533 (comment).

I also tried to add some basic tests.

@erikarvstedt , could you please take a look and give me some suggestions? Please keep in mind this is only a draft but I would like to move this feature forward.

Thanks!

CC: @neverupdate , @MatthewCroughan , @elsirion
Closes #533

[seberm]

Hello everyone,
I've pushed another set of changes.

I have completely removed the useBitcoind option from the clightning module. Setting the services.clightning.plugins.trustedcoin option to true should be enough to enable trustedcoin. The plugin will then add a disable-plugin=bcli into clightning's configuration automatically.

Let me know what you think.

Thanks!
O.

[seberm]

I am still not sure if it makes sense to run trustedcoin scenario regurarly in CI.

[elsirion]

Looks good to me

[jonasnick]

Thanks again for your work on this. Left a few comments. Did you test whether this actually works and you can use clightning with an unsynced bitcoind?

[seberm]

Thanks again for your work on this. Left a few comments. Did you test whether this actually works and you can use clightning with an unsynced bitcoind?

Hello @jonasnick,
a did some tests in my testing VM. The bitcoind is syncing:

[root@default-test:~]# bitcoin-cli -getinfo
Chain: main
Blocks: 18147
Headers: 784393
Verification progress: ▒░░░░░░░░░░░░░░░░░░░░ 0.0022%
Difficulty: 1

Network: in 0, out 1, total 1
Version: 240001
Time offset (s): 0
Proxies: 127.0.0.1:9050 (ipv4, ipv6, onion, cjdns)
Min tx relay fee rate (BTC/kvB): 0.00001000

Warnings: (none)

But the clightning service is restarting on timeout (Failed with result 'timeout'.). The trustedcoin plugin seems to be working correctly, because the tip is updated. But the ExecStartPost script is probably failing (start-post operation timed out. Terminating.) because the clightning's RPC is not working. See the logs:

The ExecStartPost script:

[root@default-test:~]# cat /nix/store/rkg4sfr6km866afdqaq0d6xipbphqxqf-unit-script-clightning-post-start/bin/clightning-post-start 
#!/nix/store/96ky1zdkpq871h2dlk198fz0zvklr1dr-bash-5.1-p16/bin/bash
set -e           
while [[ ! -e /var/lib/clightning/bitcoin/lightning-rpc ]]; do
    sleep 0.1            
done                                                       
# Needed to enable lightning-cli for users with group 'clightning'
chmod g+x /var/lib/clightning/bitcoin

The output of journalctl -u clightning.service:

Apr 07 22:18:15 default-test systemd[1]: Starting clightning.service...
Apr 07 22:18:15 default-test lightningd[2914]: INFO    plugin-manager: /nix/store/1iia6a4zslg95iqw3g1w9xyp18xfjqx8-clightning-23.02/libexec/c-lightning/plugins/bcli: disabled via disable-plugin
Apr 07 22:18:15 default-test lightningd[2932]: plugin-trustedcoin  initialized plugin v0.6.1
Apr 07 22:18:15 default-test lightningd[2932]: plugin-trustedcoin  bitcoind RPC working, will use that with highest priority and fall back to block explorers if it fails.
Apr 07 22:18:15 default-test lightningd[2932]: plugin-trustedcoin tip: 0
Apr 07 22:18:15 default-test lightningd[2932]: plugin-trustedcoin returning block 0, 000000000019d6689c085ae165…, 285 bytes
Apr 07 22:19:45 default-test systemd[1]: clightning.service: start-post operation timed out. Terminating.
Apr 07 22:19:45 default-test systemd[1]: clightning.service: Control process exited, code=killed, status=15/TERM
Apr 07 22:19:45 default-test systemd[1]: clightning.service: Failed with result 'timeout'.
Apr 07 22:19:45 default-test systemd[1]: Failed to start clightning.service.
Apr 07 22:19:45 default-test systemd[1]: clightning.service: Consumed 1.779s CPU time, read 0B from disk, written 64.0K to disk, received 6.8K IP traffic, sent 5.5K IP traffic.
Apr 07 22:19:55 default-test systemd[1]: clightning.service: Scheduled restart job, restart counter is at 3.
Apr 07 22:19:55 default-test systemd[1]: Stopped clightning.service.
Apr 07 22:19:55 default-test systemd[1]: clightning.service: Consumed 1.779s CPU time, read 0B from disk, written 64.0K to disk, received 6.8K IP traffic, sent 5.5K IP traffic.
Apr 07 22:19:55 default-test systemd[1]: Starting clightning.service...
Apr 07 22:19:56 default-test lightningd[3857]: INFO    plugin-manager: /nix/store/1iia6a4zslg95iqw3g1w9xyp18xfjqx8-clightning-23.02/libexec/c-lightning/plugins/bcli: disabled via disable-plugin
Apr 07 22:19:56 default-test lightningd[3875]: plugin-trustedcoin  initialized plugin v0.6.1
Apr 07 22:19:56 default-test lightningd[3875]: plugin-trustedcoin  bitcoind RPC working, will use that with highest priority and fall back to block explorers if it fails.
Apr 07 22:19:56 default-test lightningd[3875]: plugin-trustedcoin tip: 28041
Apr 07 22:21:26 default-test systemd[1]: clightning.service: start-post operation timed out. Terminating.
Apr 07 22:21:26 default-test systemd[1]: clightning.service: Control process exited, code=killed, status=15/TERM
Apr 07 22:21:26 default-test systemd[1]: clightning.service: Failed with result 'timeout'.
Apr 07 22:21:26 default-test systemd[1]: Failed to start clightning.service.
Apr 07 22:21:26 default-test systemd[1]: clightning.service: Consumed 1.745s CPU time, received 5.8K IP traffic, sent 4.9K IP traffic.
Apr 07 22:21:36 default-test systemd[1]: clightning.service: Scheduled restart job, restart counter is at 4.
Apr 07 22:21:36 default-test systemd[1]: Stopped clightning.service.
Apr 07 22:21:36 default-test systemd[1]: clightning.service: Consumed 1.745s CPU time, received 5.8K IP traffic, sent 4.9K IP traffic.
Apr 07 22:21:36 default-test systemd[1]: Starting clightning.service...
Apr 07 22:21:36 default-test lightningd[4786]: INFO    plugin-manager: /nix/store/1iia6a4zslg95iqw3g1w9xyp18xfjqx8-clightning-23.02/libexec/c-lightning/plugins/bcli: disabled via disable-plugin
Apr 07 22:21:36 default-test lightningd[4804]: plugin-trustedcoin  initialized plugin v0.6.1
Apr 07 22:21:36 default-test lightningd[4804]: plugin-trustedcoin  bitcoind RPC working, will use that with highest priority and fall back to block explorers if it fails.
Apr 07 22:21:36 default-test lightningd[4804]: plugin-trustedcoin tip: 772000
Apr 07 22:23:06 default-test systemd[1]: clightning.service: start-post operation timed out. Terminating.
Apr 07 22:23:06 default-test systemd[1]: clightning.service: Control process exited, code=killed, status=15/TERM
Apr 07 22:23:06 default-test systemd[1]: clightning.service: Failed with result 'timeout'.
Apr 07 22:23:06 default-test systemd[1]: Failed to start clightning.service.
Apr 07 22:23:06 default-test systemd[1]: clightning.service: Consumed 1.738s CPU time, received 5.8K IP traffic, sent 4.9K IP traffic.
Apr 07 22:23:16 default-test systemd[1]: clightning.service: Scheduled restart job, restart counter is at 5.
Apr 07 22:23:16 default-test systemd[1]: Stopped clightning.service.
Apr 07 22:23:16 default-test systemd[1]: clightning.service: Consumed 1.738s CPU time, received 5.8K IP traffic, sent 4.9K IP traffic.
Apr 07 22:23:16 default-test systemd[1]: Starting clightning.service...
Apr 07 22:23:17 default-test lightningd[5719]: INFO    plugin-manager: /nix/store/1iia6a4zslg95iqw3g1w9xyp18xfjqx8-clightning-23.02/libexec/c-lightning/plugins/bcli: disabled via disable-plugin
Apr 07 22:23:17 default-test lightningd[5737]: plugin-trustedcoin  initialized plugin v0.6.1
Apr 07 22:23:17 default-test lightningd[5737]: plugin-trustedcoin  bitcoind RPC working, will use that with highest priority and fall back to block explorers if it fails.
Apr 07 22:23:17 default-test lightningd[5737]: plugin-trustedcoin tip: 784393
Apr 07 22:23:17 default-test systemd[1]: clightning.service: Control process exited, code=killed, status=15/TERM
Apr 07 22:23:17 default-test systemd[1]: clightning.service: Failed with result 'signal'.
Apr 07 22:23:17 default-test systemd[1]: Stopped clightning.service.
Apr 07 22:23:17 default-test systemd[1]: clightning.service: Consumed 323ms CPU time, received 5.8K IP traffic, sent 4.9K IP traffic.

Ota

[jonasnick]

@seberm Thanks for investigating this. I don't know why clightning's RPC does not get ready in time when trustedcoin is enabled. Maybe while syncing the plugin is in some initialization phase which blocks clightnings RPC startup? It seems like trustedcoin is doing some work despite the timeouts. Does clightning stop restarting on timeout at some after a while or does this go on forever?

[seberm]

Hello @jonasnick . I did some more testing and found the issue. The reason the clightning RPC socket (/var/lib/clightning/bitcoin/lightning-rpc) isn't available is caused by network hardening. The trustedcoin must be allowed to reach the outside world.

To be concrete, the issue is caused by these options in clightning's systemd service:

IPAddressAllow=127.0.0.1/32                                                                                            
IPAddressAllow=::1/128                                                                                                 
IPAddressAllow=169.254.0.0/16                                                                                                                                                                                                                 
IPAddressDeny=any

If I set services.clightning.tor.enforce = false; the clightning with trustedcoin plugin is started correctly and the RPC socket is created.

See journalctl -u clightning.service output:

-- Boot 454a515e66c141b29a7e10296ec48110 --
Apr 10 20:08:54 default-test systemd[1]: Starting clightning.service...
Apr 10 20:08:54 default-test lightningd[1012]: INFO    plugin-manager: /nix/store/1iia6a4zslg95iqw3g1w9xyp18xfjqx8-clightning-23.02/libexec/c-lightning/plugins/bcli: disabled via disable-plugin
Apr 10 20:08:55 default-test lightningd[1032]: plugin-trustedcoin  initialized plugin v0.6.1
Apr 10 20:08:55 default-test lightningd[1032]: plugin-trustedcoin  bitcoind RPC working, will use that with highest priority and fall back to block explorers if it fails.
Apr 10 20:08:55 default-test lightningd[1032]: plugin-trustedcoin tip: 784807
Apr 10 20:08:57 default-test lightningd[1032]: plugin-trustedcoin returning block 784792, 0000000000000000000457b471…, 1563020 bytes
Apr 10 20:08:57 default-test lightningd[1012]: INFO    lightningd: --------------------------------------------------
Apr 10 20:08:57 default-test lightningd[1012]: INFO    lightningd: Server started with public key 0309cf83dbebc6f44d22c1f806168b588ca8959008c211e26309e37779c2a6982a, alias STRANGEGLEE (color #0309cf) and lightningd v23.02
Apr 10 20:08:57 default-test systemd[1]: Started clightning.service.
Apr 10 20:08:59 default-test lightningd[1032]: plugin-trustedcoin returning block 784793, 00000000000000000003713003…, 1728500 bytes
Apr 10 20:09:01 default-test lightningd[1032]: plugin-trustedcoin returning block 784794, 0000000000000000000364831c…, 2158847 bytes
Apr 10 20:09:05 default-test lightningd[1032]: plugin-trustedcoin returning block 784795, 00000000000000000002de857a…, 1699162 bytes
Apr 10 20:09:06 default-test lightningd[1032]: plugin-trustedcoin returning block 784796, 000000000000000000026ac332…, 1392627 bytes
Apr 10 20:09:09 default-test lightningd[1032]: plugin-trustedcoin returning block 784797, 00000000000000000004b999d1…, 1523143 bytes
Apr 10 20:09:13 default-test lightningd[1032]: plugin-trustedcoin returning block 784798, 000000000000000000018b93b7…, 1634486 bytes
Apr 10 20:09:15 default-test lightningd[1032]: plugin-trustedcoin returning block 784799, 000000000000000000022b1ce3…, 1419438 bytes
Apr 10 20:09:16 default-test lightningd[1032]: plugin-trustedcoin returning block 784800, 00000000000000000001dbd7ff…, 1442001 bytes
Apr 10 20:09:17 default-test lightningd[1032]: plugin-trustedcoin returning block 784801, 00000000000000000003ca8537…, 1168411 bytes
Apr 10 20:09:18 default-test lightningd[1032]: plugin-trustedcoin returning block 784802, 00000000000000000005c9e751…, 1489396 bytes
Apr 10 20:09:22 default-test lightningd[1032]: plugin-trustedcoin returning block 784803, 000000000000000000029a89d9…, 1470353 bytes
Apr 10 20:09:23 default-test lightningd[1032]: plugin-trustedcoin returning block 784804, 00000000000000000000df30d6…, 1534350 bytes
Apr 10 20:09:25 default-test lightningd[1032]: plugin-trustedcoin returning block 784805, 0000000000000000000103b248…, 1549587 bytes
Apr 10 20:09:27 default-test lightningd[1032]: plugin-trustedcoin returning block 784806, 00000000000000000005714a98…, 1474955 bytes
Apr 10 20:09:29 default-test lightningd[1032]: plugin-trustedcoin returning block 784807, 000000000000000000015434ce…, 1454662 bytes
Apr 10 20:09:29 default-test lightningd[1012]: UNUSUAL plugin-bookkeeper: Snapshot balance does not equal ondisk reported 0msat, off by (+0msat/-0msat) (account wallet) Logging journal entry.

So the question is how we should handle the network hardening in a case of trustedcoin plugin is enabled? Should I just disable tor enforcing? What's your opinion?

Thank you!

[seberm]

Just to answer your question:

Does clightning stop restarting on timeout at some after a while or does this go on forever?

It seems to be restarting forewer :).

[jonasnick]

Very nice @seberm. I don't really like to disable Tor in a way that is unexpected for the user. This would be a huge footgun. But as I see it, trustedcoin is anyway only something you'd do for demonstration purposes. So it may be ok if we very clearly document this. Alternatively we can try to tunnel trustedcoin traffic through Tor.

[seberm]

I don't really like to disable Tor in a way that is unexpected for the user. This would be a huge footgun.

I agree, I don't like it either.

Alternatively we can try to tunnel trustedcoin traffic through Tor.

It seems trustedcoin does not honor the clightning's proxy configuration. I will try to look into its code, maybe we could add support for it. Otherwise I will add clear documentation about trustedcoin and it's configuration to this PR.

[seberm]

Hello @jonasnick,
I think I found a way to proxy all the http/https trustedcoin connections via Tor using the HTTP_PROXY and HTTPS_PROXY env variables. Please, take a look.

I also created nbd-wtf/trustedcoin#19 to discuss possible changes in trustedcoin itself.

[jonasnick]

ACK a3c6547