Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Core] Add TLS/SSL support to gRPC channels #18631

Merged
merged 80 commits into from
Oct 21, 2021
Merged

[Core] Add TLS/SSL support to gRPC channels #18631

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
80 commits
Select commit Hold shift + click to select a range
efe18dd
Add use_tls_ member to GrpcServer
oscarknagg Sep 8, 2021
d38af35
Hacky TLS
oscarknagg Sep 8, 2021
3b5f210
Create secure gRPC channels in Python code
oscarknagg Sep 8, 2021
01c5cd9
Remove unecessary std::cout
oscarknagg Sep 8, 2021
2769675
More TLS
oscarknagg Sep 8, 2021
c6ad485
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 8, 2021
2962be3
Linting
oscarknagg Sep 8, 2021
64be21a
Add secure grpc in tests
oscarknagg Sep 8, 2021
d38e2b0
Fix secure grpc server initialisation
oscarknagg Sep 8, 2021
7aaa8ac
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 8, 2021
1668ecc
Use single environment variable as feature flag
oscarknagg Sep 9, 2021
621cfc7
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 9, 2021
a2c49d6
Pass environment in test_client_builder.py
oscarknagg Sep 9, 2021
0b73c38
Read RAY_USE_TLS in client worker
oscarknagg Sep 9, 2021
ddc8749
Unify init_grpc_channel and init_aiogrpc_channel functions
oscarknagg Sep 10, 2021
966fc49
Make function to add port to grpc server
oscarknagg Sep 10, 2021
b173b78
Upgrade to mTLS
oscarknagg Sep 10, 2021
bc39b8f
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 10, 2021
65361a2
Function to load certs from env variables
oscarknagg Sep 10, 2021
2dcff3a
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 13, 2021
f19e7a7
Add example cluster yaml which generates self-signed keys
oscarknagg Sep 13, 2021
b57c2e2
Add TLS auth test
oscarknagg Sep 14, 2021
a4cc458
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 14, 2021
65f0080
Add some fixtures to run test_basic.py with TLS auth
oscarknagg Sep 15, 2021
da45c78
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 15, 2021
b4dc0ca
Fix test_tls_auth.py
oscarknagg Sep 15, 2021
16c0cb3
Remove duplicated ReadFile function
oscarknagg Sep 15, 2021
30bebae
Formatting
oscarknagg Sep 15, 2021
c551c30
Remove EKS cluster YAML
oscarknagg Sep 15, 2021
1fa0fbf
Don't assume TLS env vars are set
oscarknagg Sep 15, 2021
2b0bc68
Add cryptography requirement to generate testing certs
oscarknagg Sep 15, 2021
ef5025a
Linting
oscarknagg Sep 15, 2021
d79fdd7
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 16, 2021
de36d6a
Fix new_dashboard->dashboard merge
oscarknagg Sep 16, 2021
92627a8
Remove possibility of nullptr from RAY_USE_TLS
oscarknagg Sep 16, 2021
d3b47dc
clang-format 7.0.0 linting
oscarknagg Sep 16, 2021
08fc4b0
Linting
oscarknagg Sep 16, 2021
a70a355
Fix failing test_grpc_credentials test
oscarknagg Sep 16, 2021
cd613df
Make dashboard head classes use async grpc again
oscarknagg Sep 16, 2021
b296a8a
Add test_tls_auth to BUILD
oscarknagg Sep 16, 2021
1cc7744
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 17, 2021
5528b51
Relax cryptography requirement
oscarknagg Sep 20, 2021
69f0618
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 20, 2021
c77d97a
Lint
oscarknagg Sep 20, 2021
3cf6271
Worker._secure looks at env var
oscarknagg Sep 20, 2021
b84dbe6
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 23, 2021
b82c932
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Sep 27, 2021
ddfa148
Apply changes from ci/travis/lint.sh
oscarknagg Sep 27, 2021
32acd64
Skip TLS tests on MacOS
oscarknagg Sep 27, 2021
d04fe6d
format.sh changes
oscarknagg Sep 27, 2021
53896b3
Address comments
oscarknagg Sep 27, 2021
09884ad
Merge branch 'tls' of github.com:oscarknagg/ray into tls
oscarknagg Oct 12, 2021
aea3e4e
Revert "Address comments"
oscarknagg Oct 12, 2021
8f02386
Merge master
oscarknagg Oct 12, 2021
6b0bced
Merge branch 'master' into tls
oscarknagg Oct 12, 2021
f57a61e
Merge remote-tracking branch 'upstream/master' into tls
oscarknagg Oct 12, 2021
78bbb34
Squashed commit of the following:
oscarknagg Oct 12, 2021
7639a65
Replace getenv with RayConfig
oscarknagg Oct 12, 2021
d95419a
Remove lingering errors from earlier merge
oscarknagg Oct 12, 2021
1c92af2
Address comments pt2
oscarknagg Oct 14, 2021
f2e1e55
Merge remote-tracking branch 'upstream/master' into tls
oscarknagg Oct 14, 2021
7c3f7b2
Tidy up
oscarknagg Oct 14, 2021
8d204c5
Hopefully fix lint
oscarknagg Oct 15, 2021
6954178
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Oct 15, 2021
94a52ae
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Oct 18, 2021
74d1652
Lint
oscarknagg Oct 18, 2021
c96043d
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Oct 18, 2021
50c2da2
Remove unecessary logic in ray_config_def.h
oscarknagg Oct 19, 2021
8599854
Actually check for ConnectionError in test_client_connect_to_tls_server
oscarknagg Oct 19, 2021
60355a2
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Oct 19, 2021
9dfd106
Remove unused ReadFile declaration
oscarknagg Oct 19, 2021
4feae45
Lint
oscarknagg Oct 19, 2021
5b57d7d
Replace grpc.insercure_channel with ray._private.utils.init_grpc_chan…
oscarknagg Oct 19, 2021
a600eaf
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Oct 19, 2021
67d32b7
Trigger retest
ericl Oct 19, 2021
6fa08dc
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Oct 20, 2021
f4032f1
Attempt to fix windows build
oscarknagg Oct 20, 2021
7fb64f0
Merge branch 'master' of https://github.com/ray-project/ray into tls
oscarknagg Oct 20, 2021
f4c8ae7
Merge branch 'master' into tls
ericl Oct 21, 2021
e74d707
Update worker.py
ericl Oct 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Linting
  • Loading branch information
@oscarknagg
oscarknagg committed Sep 16, 2021
commit 08fc4b0a1319fb170661f6ea3cb3ec8cbe3b1073
2 changes: 0 additions & 2 deletions dashboard/modules/event/event_agent.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,6 @@
import ray._private.utils as utils
import ray.dashboard.utils as dashboard_utils
import ray.dashboard.consts as dashboard_consts
import ray.dashboard.utils as dashboard_utils
import ray.dashboard.consts as dashboard_consts
from ray.ray_constants import env_bool
from ray.dashboard.utils import async_loop_forever, create_task
from ray.dashboard.modules.event import event_consts
Expand Down
4 changes: 0 additions & 4 deletions python/ray/internal/internal_api.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
import os

import ray
import ray._private.services as services
import ray.worker
Expand Down Expand Up @@ -44,7 +42,6 @@ def memory_summary(address=None,
def get_store_stats(state, node_manager_address=None, node_manager_port=None):
"""Returns a formatted string describing memory usage in the cluster."""

import grpc
from ray.core.generated import node_manager_pb2
from ray.core.generated import node_manager_pb2_grpc

Expand Down Expand Up @@ -84,7 +81,6 @@ def node_stats(node_manager_address=None,
include_memory_info=True):
"""Returns NodeStats object describing memory usage in the cluster."""

import grpc
from ray.core.generated import node_manager_pb2
from ray.core.generated import node_manager_pb2_grpc

Expand Down
1 change: 0 additions & 1 deletion python/ray/scripts/scripts.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@

import ray
import psutil
import grpc
import ray._private.services as services
import ray.ray_constants as ray_constants
import ray._private.utils
Expand Down
1 change: 0 additions & 1 deletion python/ray/tests/test_multi_tenancy.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,6 @@
import sys
import time

import grpc
import pytest
import numpy as np

Expand Down
3 changes: 2 additions & 1 deletion python/ray/util/client/server/proxier.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@
from ray._private.parameter import RayParams
from ray._private.runtime_env import RuntimeEnvContext
from ray._private.services import ProcessInfo, start_ray_client_server
from ray._private.utils import detect_fate_sharing_support, add_port_to_grpc_server
from ray._private.utils import (detect_fate_sharing_support,
add_port_to_grpc_server)

# Import psutil after ray so the packaged version is used.
import psutil
Expand Down
1 change: 0 additions & 1 deletion python/ray/util/client/server/server.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
import logging
import os
from concurrent import futures
import grpc
import base64
Expand Down
4 changes: 2 additions & 2 deletions python/ray/util/client/worker.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,8 +106,8 @@ def __init__(

# TODO tidy this up
if self._secure and _credentials is None:
server_cert_chain, private_key, ca_cert = ray._private.utils.load_certs_from_env(
)
server_cert_chain, private_key, ca_cert = ray._private.utils\
.load_certs_from_env()
_credentials = grpc.ssl_channel_credentials(
certificate_chain=server_cert_chain,
private_key=private_key,
Expand Down