Trait Scheduler Copy item path

A user may register a new node with greenlight by providing some basic metadata and proving that they have access to the corresponding private key (see challenge-response mechanism below). This means that in order to register a new node the user must have access to the corresponding private keys to prove ownership, and prevent users from just registering arbitrary node_ids without actually knowing the corresponding secrets.

Upon successful registration an mTLS certificate and private key are returned. These can be used to authenticate future connections to the scheduler or the node.

Each node may be registered once, any later attempt will result in an error being returned. If the user lost its credentials it can make use of the Recover RPC method to recover the credentials. Notice that this also means that the same node_id cannot be reused for different networks.

Should a user have lost its credentials (mTLS keypair) for any reason, they may regain access to their node using the Recover RPC method. Similar to the initial registration the caller needs to authenticate the call by proving access to the node’s secret. This also uses the challenge-response mechanism.

Upon success a newly generated mTLS certificate and private key are returned, allowing the user to authenticate going forward. Existing keypairs are not revoked, in order to avoid locking out other authenticated applications.

Challenges are one-time values issued by the server, used to authenticate a user/device against the server. A user or device can authenticate to the server by signing the challenge and returning the signed message as part of the request that is to be authenticated.

Challenges may not be reused, and are bound to the scope they have been issued for. Attempting to reuse a challenge or use a challenge with a different scope will result in an error being returned.

Scheduling takes a previously registered node, locates a free slot in greenlight’s infrastructure and allocates it to run the node. The node then goes through the startup sequence, synchronizing with the blockchain, and finally binding its grpc interface (see Node service below) to a public IP address and port. Access is authenticated via the mTLS keypair the user received from registering or recovering the node.

Upon success a NodeInfoResponse containing the grpc connection details and some metadata is returned. The application must use the grpc details and its node-specific mTLS keypair to interact with the node directly.

Much like Schedule this call is used to retrieve the metadata and grpc details of a node. Unlike the other call however it is passive, and will not result in the node being scheduled if it isn’t already running. This can be used to check if a node is already scheduled, or to wait for it to be scheduled (e.g., if the caller is an hsmd that signs off on changes, but doesn’t want to keep the node itself scheduled).

The signer may want to trigger an upgrade of the node before waiting for the node to be scheduled. This ensures that the signer version is in sync with the node version. The scheduler may decide to defer upgrading if the protocols are compatible. Please do not use this directly, rather use the Signer in the client library to trigger this automatically when required. Posting an incomplete or non-functional UpgradeRequest may result in unschedulable nodes.

This call is used to fetch a list of invite codes associated with the node id of the client. These invite codes can be used for further registration of new nodes.

Exporting a node allows users to take control of their node

This method initiates the node export on Greenlight, allowing users to offboard from GL into their own infrastructure. After calling this method the node will no longer be schedulable on Greenlight, since it is never safe to assume there haven’t been changes in the node’s state (see CLN Backups documentation for details). ExportNode marks the node as Exporting, then generates an encryption secret which is then used to encrypt a database backup. This encrypted database backup is then made accessible through an HTTP server, and a link to it is returned as a response to ExportNode. After the export completes the node is marked as Exported. The encryption key can then be derived using the signer, using ECDH, allowing only users with the node secret to decrypt it.

ExportNode is idempotent and may be called multiple times, without causing the node to be re-exported multiple times, should the call or the download be interrupted. DO NOT import the backup multiple times into your infrastructure, as that can lead to dataloss (old state being replayed) and loss of funds (see CLN Backups documentation for more information)

Attaches a Signer via a bidirectional stream to the scheduler. This is a communication channel between greenlight and the signing device that is used for requests that are not part of the node api.

The stream is used to hand out the ApprovePairingRequests that the signer answers with a ApprovePairingResponse.