Restore Armis northbound availability updates #3134

New issue

Closed

opened 2026-04-13 14:26:27 +00:00 by mfreeman451 · 1 comment

mfreeman451 commented 2026-04-13 14:26:27 +00:00

Owner

Copy link

Summary

ServiceRadar currently supports inbound Armis discovery but no longer performs the northbound update flow that writes post-sweep availability back to Armis.

This needs to be restored using the current architecture, not the old NATS KV-heavy path.

Problem

Today we can:

• discover devices from Armis
• populate the database
• perform ICMP/TCP availability checks through agents

But we do not currently:

• schedule outbound Armis update runs in a first-class way
• update Armis device state/tag/custom field by armis_device_id
• expose northbound controls/status in the UI
• emit clear per-run metrics/events for northbound updates

Required behavior

• Use database-backed state as the source of truth for latest consolidated device availability
• Schedule Armis northbound updates with AshOban/Oban
• Make the cadence user-configurable from Settings -> Network -> Integrations
• Support manual "run now"
• Emit one outbound update per Armis device keyed by armis_device_id
• Persist northbound run history, status, and failure details separately from inbound sync status
• Emit metrics and success/failure events for every run
• Surface the behavior in the Integrations and Jobs UI
• Use bulk Armis API updates sized for large fleets; do not perform one-at-a-time writes for ~50k devices

Implementation notes

• Do not revive the legacy NATS KV-driven northbound path
• Prefer the current Elixir control-plane architecture for scheduling/execution
• Existing related work/history:
  • #726 feat: 2-way integration support

Validation

• OpenSpec change: add-armis-northbound-availability-updates
• Demo namespace verification required
• Resulting work should be deployed/tested in Kubernetes demo

## Summary ServiceRadar currently supports inbound Armis discovery but no longer performs the northbound update flow that writes post-sweep availability back to Armis. This needs to be restored using the current architecture, not the old NATS KV-heavy path. ## Problem Today we can: - discover devices from Armis - populate the database - perform ICMP/TCP availability checks through agents But we do not currently: - schedule outbound Armis update runs in a first-class way - update Armis device state/tag/custom field by `armis_device_id` - expose northbound controls/status in the UI - emit clear per-run metrics/events for northbound updates ## Required behavior - Use database-backed state as the source of truth for latest consolidated device availability - Schedule Armis northbound updates with AshOban/Oban - Make the cadence user-configurable from Settings -> Network -> Integrations - Support manual "run now" - Emit one outbound update per Armis device keyed by `armis_device_id` - Persist northbound run history, status, and failure details separately from inbound sync status - Emit metrics and success/failure events for every run - Surface the behavior in the Integrations and Jobs UI - Use bulk Armis API updates sized for large fleets; do not perform one-at-a-time writes for ~50k devices ## Implementation notes - Do not revive the legacy NATS KV-driven northbound path - Prefer the current Elixir control-plane architecture for scheduling/execution - Existing related work/history: - #726 feat: 2-way integration support ## Validation - OpenSpec change: `add-armis-northbound-availability-updates` - Demo namespace verification required - Resulting work should be deployed/tested in Kubernetes `demo`

mfreeman451 referenced this issue from a commit 2026-04-13 15:27:41 +00:00

feat: armis northbound db-backed scheduling

mfreeman451 referenced this issue from a commit 2026-04-14 17:34:37 +00:00

feat: armis northbound db-backed scheduling

mfreeman451 commented 2026-04-14 18:29:59 +00:00

Author

Owner

Copy link

closing as completed

closing as completed

mfreeman451 closed this issue 2026-04-14 18:29:59 +00:00

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

staging

add-signed-wasm-plugin-import

fix-coraza-log-db-writer

fix-log-viewer-syslog-processed

plan-fieldsurvey-spatial-selection

plan-envoy-coraza-waf

plan-alienvault-otx-integration

plan-fieldsurvey-sidekick-daemon

cleanup-openspec-archive-closed-proposals

bug-core-elx-ip-enrichment-reap

fix-release-libcap2-pin-v125

fix-camera-stream-gateway-route

add-core-elx-prometheus-metrics

renovate/debian_testing_slim-testing-slim

renovate/debian_bookworm_slim-bookworm-slim

add-serviceradar-observability-dashboards

add-pgbouncer-helm-cnpg

renovate/ghcr.io-actions-actions-runner

renovate/actions_runner

feat/cluster-agent-runtime-metadata-stability

feat/observability-shell-standardization

feat/observability-live-log-toggle

fix/mtr-bulk-queue-and-srql-targets

fix/mtr-profile-protocol-keyerror

fix/mtr-diagnostics-keyerror

add-demo-rollout-skills

fix-web-ng-test-support-dialyzer

fix-web-ng-dialyzer-findings

add-bulk-queued-mtr-diagnostics

fix-serviceradar-core-integration-failures

harden-agent-updater-exec-arguments

harden-agent-release-trust-boundaries

fix-compose-hermetic-nats-datasvc-bootstrap

fix/openbao-release-issues

elixir/formatting-updates

codex/demo-cnpg-signing-release-fixes

main

chore/lint-fixes

fix/bazel-alpine-bump-and-cosign-skip

fix/mtr-automation-dispatch-cap

update-event-alert-dedup-and-suppression

armis-northbound-events

armis-northbound-availability-updates

renovate/arc_runner

push-owvypksrmooo

codex/topology-endpoint-evidence-investigation

codex/topology-bootstrap-and-layout-simplification

codex/remove-ingress-nginx-edge

fix/forgejo-ci-snmp-cache-and-ubuntu24

bug/cnpg-mtls-failure

bug/log-collector

fix/forgejo-runner-labels

fix/cargo-lock-sync

remove-arc-runner-from-push-all

fix-push-all-cosign-preflight

fix-go-ci

add-versioned-openapi-publish

chore/forgejo-hardening

security/k8s-hardening

update/cluster-page-agents

updates/helm-security-updates

2406-feat-agent-fleet-management-secure-self-update-system

bug/k8s-helm-deployments

chore/k8s-arc-update

rust-fix

2371-analytics-stats-cards-should-abbreviate-numbers

chore/perl-cleanup

2942-featweb-ng-add-logs-tab-to-device-details-page

192-feat-tftp-server

mikemiles-dev/feature/netflow_collection

testing

dependabot/cargo/hostname-0.4.1

dependabot/cargo/redis-1.0.1

dependabot/cargo/bb8-0.9.0

dependabot/cargo/rcgen-0.14.6

dependabot/cargo/hyper-1.8.1

dependabot/cargo/hyper-util-0.1.19

dependabot/cargo/clap-4.5.51

dependabot/cargo/thiserror-2.0.17

dependabot/cargo/time-tz-2.0.0

dependabot/cargo/tonic-build-0.14.2

backup/main-pre-staging-sync-2026-04-02

dependabot/npm_and_yarn/docs/mdast-util-to-hast-13.2.1

815-feat-support-win32-for-agentpoller

gh-pages

v1.2.27

v1.2.26

v1.2.25

v1.2.24

v1.2.23

v1.2.22

v1.2.21

v1.2.20

v1.2.19

v1.2.18

v1.2.17

v1.2.16

v1.2.15

v1.2.14

v1.2.13

v1.2.12

v1.2.11

v1.2.6

v1.2.10

v1.2.9

v1.2.8

v1.2.7

v1.2.5

v1.2.4

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.2

v1.1.0

v1.0.92

v1.0.91

v1.0.90

v1.0.89

v1.0.88

v1.0.87

v1.0.86

v1.0.85

v1.0.84

v1.0.83

v1.0.82

v1.0.81

v1.0.78

v1.0.77

v1.0.76

v1.0.70

v1.0.69

v1.0.68

v1.0.67

v1.0.66

v1.0.65

v1.0.64

v1.0.63

v1.0.62

v1.0.61

v1.0.60

v1.0.59

v1.0.58

1.0.57

v1.0.56

v1.0.55

v1.0.54-pre5

v1.0.53

v1.0.53-pre19

v1.0.53-pre18

v1.0.53-pre17

v1.0.53-pre15

1.0.53-pre10

1.0.53-pre9

1.0.53-pre8

1.0.53-pre7

1.0.53-pre6

1.0.53-pre5

1.0.53-pre4

1.0.53-pre3

1.0.53-pre2

1.0.53-pre1

1.0.52

1.0.51

1.0.50

1.0.49

1.0.49-pre5

1.0.49-pre4

1.0.49-pre3

1.0.49-pre2

1.0.48

1.0.48-rc2

1.0.48-rc1

1.0.48-pre8

1.0.48-pre7

1.0.48-pre6

1.0.48-pre5

1.0.48-pre4

1.0.48-pre3

1.0.48-pre2

1.0.48-pre1

1.0.47

1.0.47-pre8

1.0.47-pre7

1.0.47-pre6

1.0.47-pre5

1.0.47-pre4

1.0.47-pre3

1.0.47-pre2

1.0.47-pre1

1.0.46

1.0.46-pre9

1.0.46-pre8

1.0.46-pre7

1.0.46-pre6

1.0.46-pre5

1.0.46-pre4

1.0.46-pre3

1.0.46-pre2

1.0.46-pre1

1.0.45

1.0.44

1.0.44-pre12

1.0.44-pre11

1.0.44-pre10

1.0.44-pre9

1.0.44-pre8

1.0.44-pre7

1.0.44-pre6

1.0.44-pre5

1.0.44-pre4

1.0.44-pre3

1.0.44-pre2

1.0.44-pre1

1.0.43

1.0.42

1.0.41

1.0.41-pre1

1.0.40

1.0.40-pre11

1.0.40-pre10

1.0.40-pre9

1.0.40-pre8

1.0.40-pre7

1.0.40-pre6

1.0.40-pre5

1.0.40-pre4

1.0.40-pre3

1.0.40-pre2

1.0.40-pre1

1.0.39

1.0.38

1.0.37

1.0.36

1.0.36-pre5

1.0.36-pre4

1.0.36-pre3

1.0.36-pre2

1.0.35

1.0.35-pre3

1.0.35-pre2

1.0.35-pre

1.0.34-pre3

1.0.34-pre2

1.0.34-pre1

1.0.33

1.0.33-pre2

1.0.33-pre

1.0.32

1.0.31

1.0.30

1.0.29

1.0.28

1.0.27

1.0.26

1.0.25

1.0.24

1.0.23

1.0.22

1.0.21

1.0.20

1.0.19

1.0.18

1.0.17

1.0.16

1.0.15

1.0.14

1.0.13

1.0.11

1.0.10

1.0.9

1.0.8

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

Labels

Clear labels   

1week

  

2weeks

  

Failed compliance check

  

IP cameras

  

NATS

NATS JetStream

  

Possible security concern

  

Review effort 1/5

  

Review effort 2/5

  

Review effort 3/5

  

Review effort 4/5

  

Review effort 5/5

  

UI

  

aardvark

  

accessibility

  

amd64

  

api

  

arm64

  

auth

  

back-end

  

bgp

  

blog

  

bug

Something isn't working

  

build

  

checkers

  

ci-cd

continuous integration-continuous deployments

  

cleanup

  

cnpg

cloud-native postgres

  

codex

  

core

core service

  

dependencies

Pull requests that update a dependency file

  

device-management

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

dusk

  

ebpf

  

enhancement

New feature or request

  

eta 1d

  

eta 1hr

  

eta 3d

  

eta 3hr

  

feature

  

fieldsurvey

  

github_actions

Pull requests that update GitHub Actions code

  

go

Pull requests that update Go code

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

javascript

Pull requests that update Javascript code

  

k8s

  

log-collector

  

mapper

  

mtr

multi traceroute

  

needs-triage

  

netflow

  

network-sweep

  

observability

  

oracle

Oracle Linux related issues

  

otel

opentelemetry logs, traces, metrics

  

plug-in

  

proton

timeplus proton streaming database

  

python

  

question

Further information is requested

  

reddit

  

redhat

  

research

  

rperf

  

rperf-checker

  

rust

Pull requests that update rust code

  

sdk

  

security

  

serviceradar-agent

  

serviceradar-agent-gateway

  

serviceradar-web

  

serviceradar-web-ng

  

siem

  

snmp

  

sysmon

  

topology

  

ubiquiti

  

wasm

  

wontfix

This will not be worked on

  

zen-engine

No labels

1week

2weeks

Failed compliance check

IP cameras

NATS

Possible security concern

Review effort 1/5

Review effort 2/5

Review effort 3/5

Review effort 4/5

Review effort 5/5

UI

aardvark

accessibility

amd64

api

arm64

auth

back-end

bgp

blog

bug

build

checkers

ci-cd

cleanup

cnpg

codex

core

dependencies

device-management

documentation

duplicate

dusk

ebpf

enhancement

eta 1d

eta 1hr

eta 3d

eta 3hr

feature

fieldsurvey

github_actions

go

good first issue

help wanted

invalid

javascript

k8s

log-collector

mapper

mtr

needs-triage

netflow

network-sweep

observability

oracle

otel

plug-in

proton

python

question

reddit

redhat

research

rperf

rperf-checker

rust

sdk

security

serviceradar-agent

serviceradar-agent-gateway

serviceradar-web

serviceradar-web-ng

siem

snmp

sysmon

topology

ubiquiti

wasm

wontfix

zen-engine

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

carverauto/serviceradar#3134

No description provided.