eggroll icon indicating copy to clipboard operation
eggroll copied to clipboard

Published 20 hours ago verified publisher icon FederatedAI

eggroll with TLS in docker compose mode, but it use grpc insecure channel, it seems configuration is wrong.

Open hqsh opened this issue 2 years ago • 0 comments

I follow the document (https://github.com/FederatedAI/KubeFATE/blob/develop-1.9.0/docs/Eggroll_with_TLS.md#eggroll-with-tls) to make fate eggroll run with TLS.

The command "docker logs confs-10001-rollsite-1" show as follow, it seemed same as the document. current dir: /data/projects/fate/eggroll/. [INFO ][763][2022-09-02 07:03:47,249][main,pid:7,tid:1][c.w.e.r.EggSiteBootstrap:107] - conf file: /data/projects/fate/eggroll/conf/eggroll.properties [INFO ][775][2022-09-02 07:03:47,261][main,pid:7,tid:1][c.w.e.r.EggSiteBootstrap:107] - initing router at path=conf/route_table.json [INFO ][794][2022-09-02 07:03:47,280][main,pid:7,tid:1][c.w.e.r.EggSiteBootstrap:107] - start refreshing route table per min [INFO ][999][2022-09-02 07:03:47,485][main,pid:7,tid:1][c.w.e.c.t.GrpcServerUtils:107] - gRPC server at 9370 starting in insecure mode [INFO ][1137][2022-09-02 07:03:47,623][main,pid:7,tid:1][c.w.e.r.EggSiteBootstrap:107] - server started at 9370 [INFO ][1362][2022-09-02 07:03:47,848][main,pid:7,tid:1][c.w.e.c.t.GrpcServerUtils:107] - gRPC server at port=9380 starting in secure mode. server private key path: /data/projects/fate/eggroll/conf/cert/server.key, key crt path: /data/projects/fate/eggroll/conf/cert/server.crt, ca crt path: /data/projects/fate/eggroll/conf/cert/ca.pem [INFO ][1364][2022-09-02 07:03:47,850][main,pid:7,tid:1][c.w.e.r.EggSiteBootstrap:107] - secure server started at 9380

But when use the command "docker ps" to show the container ports, the output shows: confs-10001-python-1 use 9380 port (0.0.0.0:9360->9360/tcp, 8080/tcp, 0.0.0.0:9380->9380/tcp) confs-10001-rollsite-1 use 9370 port (0.0.0.0:9370->9370/tcp, 8080/tcp)

Now, I found "confs-10001-python-1" use 9380 to submit a job. Although I add "eggroll.rollsite.secure.port=9388" in "eggroll.properties", and expose 9388 on "training_template/docker-compose-eggroll.yml", "confs-10001-rollsite-1" only use 9370 port to do GRPC communication.

So, the issue seems "eggroll.properties" or other eggroll configuration file is wrong. It maybe configured to use secure channel, not just only open it.

I don't know how to modify the configuration. Who can advice me?

Thank you!

hqsh avatar Sep 02 '22 09:09 hqsh