-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Core] Add TLS/SSL support to gRPC channels #18631
Changes from 1 commit
efe18dd
d38af35
3b5f210
01c5cd9
2769675
c6ad485
2962be3
64be21a
d38e2b0
7aaa8ac
1668ecc
621cfc7
a2c49d6
0b73c38
ddc8749
966fc49
b173b78
bc39b8f
65361a2
2dcff3a
f19e7a7
b57c2e2
a4cc458
65f0080
da45c78
b4dc0ca
16c0cb3
30bebae
c551c30
1fa0fbf
2b0bc68
ef5025a
d79fdd7
de36d6a
92627a8
d3b47dc
08fc4b0
a70a355
cd613df
b296a8a
1cc7744
5528b51
69f0618
c77d97a
3cf6271
b84dbe6
b82c932
ddfa148
32acd64
d04fe6d
53896b3
09884ad
aea3e4e
8f02386
6b0bced
f57a61e
78bbb34
7639a65
d95419a
1c92af2
f2e1e55
7c3f7b2
8d204c5
6954178
94a52ae
74d1652
c96043d
50c2da2
8599854
60355a2
9dfd106
4feae45
5b57d7d
a600eaf
67d32b7
6fa08dc
f4032f1
7fb64f0
f4c8ae7
e74d707
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
// Copyright 2017 The Ray Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http:https://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
#include <fstream> | ||
#include <sstream> | ||
|
||
#include "ray/rpc/common.h" | ||
|
||
namespace ray { | ||
namespace rpc { | ||
|
||
std::string ReadCert(std::string cert_filepath) { | ||
std::ifstream t(cert_filepath); | ||
std::stringstream buffer; | ||
buffer << t.rdbuf(); | ||
return buffer.str(); | ||
}; | ||
|
||
} // namespace rpc | ||
} // namespace ray |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
// Copyright 2017 The Ray Authors. | ||
// | ||
// Licensed under the Apache License, Version 2.0 (the "License"); | ||
// you may not use this file except in compliance with the License. | ||
// You may obtain a copy of the License at | ||
// | ||
// http:https://www.apache.org/licenses/LICENSE-2.0 | ||
// | ||
// Unless required by applicable law or agreed to in writing, software | ||
// distributed under the License is distributed on an "AS IS" BASIS, | ||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
// See the License for the specific language governing permissions and | ||
// limitations under the License. | ||
|
||
namespace ray { | ||
namespace rpc { | ||
|
||
// Utility to read cert file from a particular location | ||
std::string ReadCert(std::string cert_filepath); | ||
|
||
} // namespace rpc | ||
} // namespace ray |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -17,11 +17,10 @@ | |
#include <grpcpp/impl/service_type.h> | ||
|
||
#include <boost/asio/detail/socket_holder.hpp> | ||
#include <fstream> | ||
#include <sstream> | ||
|
||
#include "ray/common/ray_config.h" | ||
#include "ray/rpc/grpc_server.h" | ||
#include "ray/rpc/common.h" | ||
#include "ray/stats/metric.h" | ||
#include "ray/util/util.h" | ||
|
||
|
@@ -48,13 +47,6 @@ GrpcServer::GrpcServer(std::string name, const uint32_t port, int num_threads, b | |
cqs_.resize(num_threads_); | ||
} | ||
|
||
std::string GrpcServer::ReadFile(std::string filename) { | ||
std::ifstream t(filename); | ||
std::stringstream buffer; | ||
buffer << t.rdbuf(); | ||
return buffer.str(); | ||
}; | ||
|
||
void GrpcServer::Run() { | ||
uint32_t specified_port = port_; | ||
std::string server_address("0.0.0.0:" + std::to_string(port_)); | ||
|
@@ -80,9 +72,9 @@ void GrpcServer::Run() { | |
std::string root_cert_file = std::string(std::getenv("RAY_TLS_CA_CERT")); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We generally don't use std::getenv except at process startup since it's not thread-safe; you can instead define these in There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I read the comments in In fact I could change the Python code to access these via There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Makes sense to move it to ray_config_def.h then! |
||
|
||
// Create credentials from hardcoded location | ||
std::string rootcert = ReadFile(root_cert_file); | ||
std::string servercert = ReadFile(server_cert_file); | ||
std::string serverkey = ReadFile(server_key_file); | ||
std::string rootcert = ReadCert(root_cert_file); | ||
std::string servercert = ReadCert(server_cert_file); | ||
std::string serverkey = ReadCert(server_key_file); | ||
grpc::SslServerCredentialsOptions::PemKeyCertPair pkcp = {serverkey.c_str(), | ||
servercert.c_str()}; | ||
// grpc::SslServerCredentialsOptions ssl_opts; | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could we document how to configure TLS in Ray? Could be a README or added to .rst