[feature] Base setup for WHOIS model #1032 #1033 #1037 #1045

[DragnEmperor]

Checklist

• I have read the OpenWISP Contributing Guidelines.
• I have manually tested the changes proposed in this pull request.
• I have written new test cases for new code and/or updated existing tests for changes to existing code.
• I have updated the documentation.

Reference to Existing Issue

Closes #1032
Closes #1033
Closes #1037
Closes #1045

Description of Changes

Added a new model to store WHOIS details for a device with the required fields.
Implemented a new celery task to fetch WHOIS details using the geoip2 web service.
Using an external library instead of the wrapper class provided by django because the wrapper class is designed to work with local databases and also is not currently designed to work with ASN databases.
In order to trigger the task whenever last_ip changes, using existing logic of _changed_fields to track the changes.

Steps to obtain GeoIP creds

1. Create Maxmind account using the following link: https://www.maxmind.com/en/geolite2/signup?utm_source=kb&utm_medium=kb-link&utm_campaign=kb-create-account

2. Go to Manage License Keys
   

3. Generate a New license Key. Name it whatever you like
   

4. Copy the Account Id and License Key and Paste it in the environment variables: GEOIP_ACCOUNT_ID and GEOIP_LICENSE_KEY.

[nemesifier]

Good progress.

Please start creating a dedicated docs page for this feature, shouldn't be long, just add basic info for now.

I don't see a way to turn off this feature, we need a setting to turn this off, I recommend also adding a fallback field at organization level to turn it on selectively for specific organizations, see https://openwisp.io/docs/24.11/utils/developer/custom-fields.html#openwisp-utils-fields-fallbackbooleanchoicefield.

[nemesifier]

we could move all this logic to a private method, eg: _needs_whois_update()

[codesankalp]

As discussed in the last meeting, should we create separate folders, classes, and functions for the WHOIS functionality to maintain modularity in the OpenWISP codebase?

We could introduce a new class that takes the device instance as input, where methods like _needs_whois_update, trigger_whois_lookup, and the WHOIS-related Celery tasks would be defined. Going forward, we would only update this class, and simply call it from the current context.

What are your thoughts on this approach, @DragnEmperor @pandafy @devkapilbansal @nemesifier ?

[nemesifier]

Why not use the default OpenWISP celery task settings?

Suggested change

	@shared_task(soft_time_limit=7200)
	@shared_task(base=OpenwispCeleryTask)

I don't see reasons for which this task should take 7200 seconds.

[devkapilbansal]

Hi @DragnEmperor
Do we know how much time if takes to fetch data once?

[DragnEmperor]

Hi Kapil,
The API responds within few milliseconds : https://support.maxmind.com/hc/en-us/articles/26441247274011-Latency-and-Uptime-for-the-GeoIP-Web-Services

[devkapilbansal]

We should also re-order the conditions, in and operations, if first is false then other statements are not evaluated

Suggested change

	(not hasattr(self, 'whois_info') or self.last_ip != self._initial_last_ip)
	and self.last_ip
	and ip_address(self.last_ip).is_global
	self.last_ip
	and (not hasattr(self, 'whois_info') or self.last_ip != self._initial_last_ip)
	and ip_address(self.last_ip).is_global

[nemesifier]

We discussed this in the weekly meeting, I proposed the following:

• if last_ip is not falsy
• and is a public IP
• and:
  • the device doesn't have whois yet
  • or the device has whois but the ip is changing

Hopefully I am not forgetting anything here.

[devkapilbansal]

Hi @DragnEmperor
Do we know how much time if takes to fetch data once?

[devkapilbansal]

What is the reason behind this One to One mapping?

[DragnEmperor]

During the initial discussions in April, we came to a conclusion that adding whois record per device would reduce bloating which might occur in case we map to ip_address. So this was done in accordance to it.

As per today's discussion and more research regarding the rate limits on webservice, mapping to ip_address adds more benefit. I still want to look into it a bit more, if there can be some cases we might be missing before doing this change so as to have a clear picture. Adding a link to the discussion : #1032

[nemesifier]

An important point to check for switching to using the ip address as primary key for this model is how to make sure we don't leave orphan data in the DB when devices are deleted. Worst case scenario we need to handle this with a post_delete signal receiver function.

[nemesifier]

I updated gsoc25-whois to keep it up to date (let's do that as often as possible please).
Could you run openwisp-qa-format again and merge with the latest version of the target branch?

[nemesifier]

We discussed this in the weekly meeting, I proposed the following:

• if last_ip is not falsy
• and is a public IP
• and:
  • the device doesn't have whois yet
  • or the device has whois but the ip is changing

Hopefully I am not forgetting anything here.

[nemesifier]

An important point to check for switching to using the ip address as primary key for this model is how to make sure we don't leave orphan data in the DB when devices are deleted. Worst case scenario we need to handle this with a post_delete signal receiver function.

[nemesifier]

I think we can get rid of this help text as we won't show this in the admin I believe as it's going to be redundant with last_ip.

[nemesifier]

Let's add basic validation which raises a ValidationError if someone tries to save this with a private IP.

[nemesifier]

If more convenient we could use https://github.com/kevin1024/vcrpy for mocking API responses.
It would make test if we need to do this over and over.

[codesankalp]

This comment would be better placed in the function’s docstring. Additionally, we can make it configurable and trigger it only when the feature is enabled.

[codesankalp]

As discussed in the last meeting, should we create separate folders, classes, and functions for the WHOIS functionality to maintain modularity in the OpenWISP codebase?

We could introduce a new class that takes the device instance as input, where methods like _needs_whois_update, trigger_whois_lookup, and the WHOIS-related Celery tasks would be defined. Going forward, we would only update this class, and simply call it from the current context.

What are your thoughts on this approach, @DragnEmperor @pandafy @devkapilbansal @nemesifier ?

[codesankalp]

let's add these settings in docs and steps to get these values.

[codesankalp]

Should we concatenate all of this into a single field, or store each component in separate fields? If adding more fields isn’t ideal, we could consider using a jsonb field instead.

By the way, what would be the maximum length after concatenation?

[DragnEmperor]

Yes, storing the address as JSONField is also an option. Gives the flexibility to construct complete address as per requirement. We can create a helper to provide a standard constructed address as above.

The max length is : 130 (Country : 44 city : 64 continent : 14 postal : 8). I queried the CSV version of Maxmind's DB for this.

[codesankalp]

Let’s monitor for request exceptions. If it’s a rate limit issue, we can retry the request after a delay.

[nemesifier]

Let’s monitor for request exceptions. If it’s a rate limit issue, we can retry the request after a delay.

It depends if the rate limiting is daily or for bursts.

[DragnEmperor]

Forgot to add a comment here, will add it in next commit :

Let me know if I am wrong, but we are adding fields in present_values based on certain conditions just above, so shouldn't we loop in present_values instead of _changed_checked_fields?

[devkapilbansal]

Not sure on this but it should work

[devkapilbansal]

Have few doubts that I asked in below comments.

[devkapilbansal]

Suggested change

	Ensure the your project ``settings.py`` contains the variables as follows:
	Ensure that your project ``settings.py`` contains the variables as follows:

[devkapilbansal]

Shouldn't this be OPENWISP_CONTROLLER_GEOIP_ACCOUNT_ID?

Suggested change

	GEOIP_ACCOUNT_ID = os.getenv("GEOIP_ACCOUNT_ID", "")
	OPENWISP_CONTROLLER_GEOIP_ACCOUNT_ID = os.getenv("OPENWISP_CONTROLLER_GEOIP_ACCOUNT_ID", "")

Same for below as well

[devkapilbansal]

Suggested change

	variables: **GEOIP_ACCOUNT_ID** and **GEOIP_LICENSE_KEY**.
	variables: **OPENWISP_CONTROLLER_GEOIP_ACCOUNT_ID** and **OPENWISP_CONTROLLER_GEOIP_LICENSE_KEY**.

[devkapilbansal]

We should make calls only when all other conditions are met

Suggested change

	return (
	getattr(org_settings, "whois_enabled", app_settings.WHOIS_ENABLED)
	and new_ip
	and ip_address(new_ip).is_global
	and (not hasattr(self, "whois_info") or old_ip != new_ip)
	return (
	getattr(org_settings, "whois_enabled", app_settings.WHOIS_ENABLED)
	and new_ip
	and (not hasattr(self, "whois_info") or old_ip != new_ip)
	and ip_address(new_ip).is_global

[devkapilbansal]

Shouldn't we keep this configurable as well?

[DragnEmperor]

I found something that we are using to define these options for zerotier tasks:

API_TASK_RETRY_OPTIONS = get_setting(
    "API_TASK_RETRY_OPTIONS",
    dict(max_retries=5, retry_backoff=True, retry_backoff_max=600, retry_jitter=True),
)

Is it fine if I use this or are we looking for creating these settings dedicated for WhoIs?

[devkapilbansal]

I believe we can use it.
@codesankalp What are your opinions?

[devkapilbansal]

Shouldn't this be the first check? Also, I doubt it this check will ever be executed since we already have this condition in _need_whois_lookup

[DragnEmperor]

I need device in order to fetch organization so thats why it is after device fetch.
Yes, this function is currently executed only via trigger_whois_lookup in device model, but imo its better to add the checks here as well, its a personal preference.
Let me know if these checks needs to be removed (including the device exists check, since that will also be guaranteed to exist as we are running the task via transaction.on_commit)

[DragnEmperor]

@devkapilbansal i have updated the above comment, please take a look at your convenience

[devkapilbansal]

imo its better to add the checks here as well

Why do you think so? Like, what benefits it may serve?

[DragnEmperor]

imo its better to add the checks here as well

Why do you think so? Like, what benefits it may serve?

I think keeping the critical checks (whois enabled or not in above), is better for cases like the task gets delayed and in between its next execution the feature gets disabled or device gets deleted then we will have these checks to ensure the task returns before fetching data.
Again, it is a personal preference and I can change it if these checks seem redundant.

Let me know your thoughts!

Edit: Now that we are going to map to ip_address, we will not require the device check and thus these checks seem redundant, but again let me know if the above case is valid or not.

[devkapilbansal]

Any reasons for the same? Comments should basically focus on why instead of what

[DragnEmperor]

I will add the link to docs here, something like this:
For reference : https://geoip2.readthedocs.io/en/latest/#sync-web-service-example

[codesankalp]

let's remove the query params:

Suggested change

	- Create Maxmind account using the following link: `Create Account
	<https://www.maxmind.com/en/geolite2/signup?utm_source=kb&utm_medium=kb-link&utm_campaign=kb-create-account>`_.
	- Create Maxmind account using the following link: `Create Account
	<https://www.maxmind.com/en/geolite2/signup`_.

[codesankalp]

It’s better to initialize the service using a cached_property. This way, you can access it directly from the device with device.who_is_service and call all its methods as needed from other places

Suggested change

	@property
	def whois_info(self):
	"""
	Used as a shortcut to get WhoIsInfo
	"""
	service = WhoIsService(self)
	return service.get_whois_info()
	from functools import cached_property
	@cached_property
	def who_is_service(self):
	return WhoIsService(self)

[codesankalp]

Suggested change

	service = WhoIsService(self)
	service.trigger_whois_lookup()
	self.who_is_service.trigger_whois_lookup()

[codesankalp]

Suggested change

	elif not getattr(device, "whois_info", None):
	service = WhoIsService(device)
	service.trigger_whois_lookup()
	elif not device.who_is_service.get_whois_info():
	device.who_is_service.trigger_whois_lookup()

[codesankalp]

no need to add this comment

[codesankalp]

Should this be sync, or can it be async?

asking because it is adding some time in device save operation

[DragnEmperor]

I can make this function as a separate task to make the deletion non-blocking.
I was also using the same function in fetch_whois_details task, so there won't be a problem as I can call it directly without .delay.

[devkapilbansal]

I agree, we should keep it async

[DragnEmperor]

Okay!

[codesankalp]

this client can be a separate method in service.

[codesankalp]

file name can be service.py

[codesankalp]

This check can be on top to avoid extra db query.

[codesankalp]

Only load the configuration when it’s actually needed. you can load it in respective method.

[codesankalp]

this can be in the last.

[devkapilbansal]

Hi Sankalp,
Why it should be the last? I believe that third party calls should come at last so that we can prevent calling them in case other conditions are not met

[codesankalp]

After this line, it uses the ipaddress package to confirm the IP isn’t private.

Since we already fetched the WhoIs info earlier (which might involve an external lookup), we can just check if the IP is private here and return immediately if it is. This avoids any extra checks.

Also, reviewing both functions again, I notice there’s duplicated logic — this could be refactored - @DragnEmperor

[devkapilbansal]

Not sure on this but it should work

[devkapilbansal]

Is this condition required? We are only creating WhoIs Info if IP is not private

[DragnEmperor]

I think it is better to add a validation check in model itself : #1054 (comment)

[devkapilbansal]

Might have to check but do you know why the number of queries have been reduced here?

[DragnEmperor]

The reduced count was due to prefetched organization settings when device was retrieved.

[devkapilbansal]

I agree, we should keep it async

[devkapilbansal]

If we are creating a cached property, do we need to define slots? I am not sure of their relevance here

[DragnEmperor]

Initially there was no cached property here, but working on the changes I found one property 'is_whois_enabled' (will be added in the new commit) which we can cache, so removing slots for the time being.
Thanks!

[devkapilbansal]

+1 to this

[devkapilbansal]

This comment is not necessary here

[devkapilbansal]

Where are we using this function?

[DragnEmperor]

When deleting record along with device in device_whois_info_delete_handler and in fetch_whois_details when deleting old whois record (refering to commit : 0b1bef4)

[devkapilbansal]

Comment not needed

[pandafy]

I did a quick reqview on he caching of OrganizationConfigSettings and shared few suggestions. I haven't performed manual testing.

[pandafy]

Can we move these to class methods in the Whois model? In general, we want to keep all business logic in the models.

[pandafy]

This query seems over-complicated to me.

We already have the required org_pk. Why can't we do this?

OrganizationConfiguSettings.objects.get(organization_id=org_pk)

[DragnEmperor]

Initially I had a case in mind what would happen if device's org is changed, so i did this to ensure latest value is fetched. I missed that we are invalidating the cache on device save :

openwisp-controller/openwisp_controller/config/apps.py

Line 316 in 85eee35

post_save.connect(

It was my mistake, I will remove this subquery. Thanks!

[pandafy]

For keeping it DRY (Don't Repeat Yourself), let's create a static method get_cache_key(org_id) which would return the cache key for the organization.

[pandafy]

Question: Is celery worker picking up this task? AFAIK, it only registers task which are present in tasks,py

[DragnEmperor]

Yes the tasks are getting discovered:

[codesankalp]

@DragnEmperor – I followed the docs and ran this locally; it worked perfectly 👏.

I think we can deploy this on staging environment.

Just a few minor suggestions below 👇

[codesankalp]

Shouldn't we do this when flag is enabled?

[DragnEmperor]

Hi @codesankalp ,we are talking about the whois_enabled flag, right? The trigger_whois_lookup task has the conditions to check for all these.

[codesankalp]

this logic is complex, i think we can separate it into multiple if statement for readability.

[DragnEmperor]

I have split it into multiple lines as:

def _need_who_is_lookup(self, initial_ip, new_ip):
        """
        This is used to determine if the WhoIs lookup should be triggered
        when the device is saved.

        The lookup is not triggered if:
            - The new IP address is None or it is a private IP address.
            - The WhoIs information of new ip is already present.
            - WhoIs is disabled in the organization settings. (query from db)
        """
        if not self.is_valid_public_ip_address(new_ip):
            return False
        
        if self._get_who_is_info_from_db(new_ip):
            return False
        
        return self.is_who_is_enabled

I modified the second conditions as I found that we need not to check if ip is updated or not, checking if it already exists in db should be enough.

[codesankalp]

client initialization can be outside of this block

[pandafy]

Are you sure this is correct? I see an error on the staging VM:

value too long for type character varying(4)

For my IP address, the value of data.country.name is India. Did you mean to store a country code here?

[DragnEmperor]

Yes, it was to store country code. As sqlite does not enforce this so was not able to catch this. Thanks @pandafy

[nemesifier]

I don't see a lot of usage of WHO_IS_ENABLED, we want to make sure if we set it to False most of if not all of the whois code is not executed.

I am also reasoning on the possibility of making the geoip dependency optional. I need to analyze the stability and other dependencies of this library before deciding, but in the meantime I wanted to share this view to make all of us aware of this.

[nemesifier]

if this is t true, we need to assert that GEOIP_ACCOUNT_ID and GEOIP_LICENSE_KEY are set (not falsy) otherwise we should raise ImproperlyConfigured.