Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

access: quick option to limit load #245

Open
1 of 4 tasks
diegodelemos opened this issue Jan 17, 2020 · 2 comments
Open
1 of 4 tasks

access: quick option to limit load #245

diegodelemos opened this issue Jan 17, 2020 · 2 comments
Labels
system/api system/scalability system/tests

Comments

@diegodelemos
Copy link
Member

diegodelemos commented Jan 17, 2020
edited
Loading

During the coming workshop and after we might be subject of attacks or mistakes in user's scripts, which could lead to high amount of requests coming to REANA. We should prevent this:

  • Check whether lightweight accounts can login to REANA.
  • Check how to block IPs, like iptables or modevasive for Traefik and flask-ratelimiter for REANA-Server.
  • Improve uwsgi configuration.
  • Investigate how to block users who try to exploit the system

Observations: Flask running the web app only in R-J-C for now, and the performance is good.
@diegodelemos diegodelemos self-assigned this Feb 5, 2020
@diegodelemos
Copy link
Member Author

Maximum number of requests per user by configuring Traefik, following the docs (tested in reana-qa.cern.ch):

$ cat rate-limit.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: main-ratelimit
spec:
  rateLimit:
      average: 50
      burst: 25
$ kubectl create -f rete-limit.yaml
$ for i in {1..100}; do curl -k "https://reana-qa.cern.ch/api/workflows?access_token=$REANA_ACCESS_TOKEN" &; done
$ # reaches the limit, and next requests get:
$ curl -k "https://reana-qa.cern.ch/api/workflows?access_token=$REANA_ACCESS_TOKEN"                                                                                                           
{                                                                                                                                                                                                                                      
  "message": "60 per 1 minute",                                                                                                                                                                                                        
  "status": 429                                                                                                                                                                                                                        
}

I will leave the issue opened in the backlog as the stress tests can bring the need to change something here, if there is no need we will move it to Awesome-Workshop-Morrows.

@diegodelemos diegodelemos removed their assignment Feb 6, 2020
@diegodelemos
Copy link
Member Author

Moved back to Ready for work, what is left: decide the numbers to limit the load to.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
system/api system/scalability system/tests
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@diegodelemos