http协议下的明文任务执行

[T-ze-yu]

Issue Type

Running

Search for existing issues similar to yours

Yes

OS Platform and Distribution

Ubuntu 20.04.6 LTS

Kuscia Version

kuscia 0.9.0b0

Deployment

docker

deployment Version

Docker version 24.0.5

App Running type

secretflow

App Running version

secretflow 1.7.0b0

Configuration file used to run kuscia.

mode: autonomy
domainID: p207
domainKeyData: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBNDQxeGlrVXUzTGlkc1RFSmdqLzhBZGFrMEJhT1lXaWNPdmp1Q05BV2VlMTNiRGpICjI2NERRdlAzcVROOGJxQlJrRXl4VzNnOWtSS3FrcXlmbHByT01LRmJVMnROMWNyVlR3TU9yaW1pMnp1MlpvVWYKSnZtbGVTbkdwREpYMWVQQXJZRU1TOG5FbHA2bnRGTkhsYnVSWUJTeXMvaHpPLzBRZU03dHcyZnlQSVNDMHVvVAp0WDBHQlRLd3VUbC9Tek9TV1ZOOWhDZGNQekJRV2lPZXJGRURqRVBEWERaUUp4bkViNWlFTmlQdlhWQlZYcFlSCkxZVlRKbTRDMTlNMVcyQXQxNVFkTTcrcHJnZ3hRV0NRaGlKaVpSYXFMNWxnSkZCTXVsUG5qQ3lOR0tXa0s0R2cKY242R2lEbVhrQXl2aG1tamRWL2pTVXN6VDh3ZlRERXEyOVBKM1FJREFRQUJBb0lCQUhlUEg3TG91c0NaOTdEYgo5UVVNblZwUjd2S3VoMHpDN0NOSUc3bGhyQTJRS1lraEpGRldVcnhnOXlWZHVlbGVMcnpFcndOQ1lBYlRhZS82CjV6YjRTNUhkbGVCMHBzYkg5ZCszMllURXQ1Njg5dzlTcnBXSjRkbVJpNTlHSEVSemtBOFptTjVST3d0d2ZPa1EKUUxKNWhONll3WFF4L0VudW96TDJkcEtQRVFXZUZEd05jeTdNbmpHZWgyOUJ5RVVnTkIvZENmRlcwY3hSNzlhVwo5RkFxVy80MWZEM3k4c3VVbGlBR0YxcS9yWlU5ayt6UkhFYlhRTVVBQkVCeUp4cU10RHNuUXo4VmNKWTY0TW9NCm1SQUthK3hiU0FoaVdlSm1UUEhhb284WWYvbUdVeGpqQTJ3ZWR5UHA3SnpDcHhsV1ZEaHNVWElIMktmSmVnNm4Kc0hFSG9BRUNnWUVBNWgrbngza1diTnVGU1lEUngzSFFHQUhmOU1tN2psOWd3RzhleDFGekpwM0IxU3FWcVk3aApqY2JiS1lTTHVBU3BSN3RHVUdzNEdoZUd1aEtucXhRNlhXeFBHVHpkbjdrVzRZMExNUVc0L1QyUTN4d2N3ZGpZCmJta0N0VnNiSm81VFNZYVk3dTRTTWNtVUdwakFUMTRMeGR2UlhjaGVTbFVFSHR1VWRiSVY3ZDBDZ1lFQS9TUEcKZFptRzVydVU2OE93YXBVOWhkbUlJUTc5am9uaWVYSndxaWpmT3ROSlJxOENXWDZxRVZ6elhQb3hQdWhsektDcwpDWEJyNHIzY2hrOUZSRlFzcGVqWG53QktPb1dBMVo5eWN0ZHFDT2F6R0taNnAxUmZsNWx6THY4d2U5VWo4WGR3ClMvQkUzOGc2b3FzMFFsU2JOQ0hJWUxyY1JEdkpvM0t5R0pZOWpBRUNnWUFIcnM3ZkxmKzlxcWFNaWF4M1NDbDIKWTdtaVpvbklldzZ6M2dIZERhOFdmdlhWdEJKREV1NGMyYUsvaEJsV0QzSEhYMDA5cWhhNWFFZXJOcXc2WGZhRQozL1RVRnVBZlVRS2VqU0x1aEE1bEJnVXNMYmdZRUxGSkhtQmt4YUhtYTZJRU5tWXNzKzRQazNkS1hBY3ZueWd0CmR1VktpRUg5b1ZEOTVyN1NIeHYwVVFLQmdCa3BIeWE5TmMxbFE2NFRhMHVNdmVxNTdtL3F2NFVWYTI5SzBxdjMKR0FrT3l5KzlZV3huekp1aE00ZEFUdmpEdktxVUpjVmlhVGJHVEU4RlBndEdtcEY3RFVOK2tlSXpOdFVFM2lsUQpBL2dTaGlhakZYbmdSd2dZZG54clhQUlNBUnFWRnBKVnRXTFEwaE10RlNxcW9pcVNXUXBVU0dSMzFOanNJNHVTCkUxZ0JBb0dBZlcrTlpweENpL082Q0U2bmcxNFZYejd4d29Ra2VQaFNrTk1TcGoxbU1Nb3hLbzdBa2gvZW9zY0oKZ0RwaG5mTllTYjc4U1NJcmxJOUM2QmkzMGJ2enFQVmpwRjg0RjNNdXFiZXEzN0pERVIrOUVVbXFxMUdhOHBMMAp2SGFPN3VaNTVCRXFCanBXc1dCcGpTVC9WdGcwcTFkS1h3TXZhSVZyTGtidnJpSkNCTVk9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
protocol: NOTLS
logLevel: INFO
runtime: runc
runk:
  namespace: ""
  dnsServers: []
  kubeconfigFile: ""
capacity:
  cpu: ""
  memory: ""
  pods: ""
  storage: ""
reservedResources:
  cpu: ""
  memory: ""
image:
  pullPolicy: ""
  defaultRegistry: ""
  registries: []
datastoreEndpoint: ""
enableWorkloadApprove: false

What happend and What you expected to happen.

在创建数据以及相互授权时，使用http协议能够正常执行，但在运行求交任务时遇到了，job状态AwaitingApproval导致没有运行成功。
{'status': {'code': 0, 'message': 'success', 'details': []}, 'data': {'jobs': [{'job_id': 'iotgenb8i17a572k', 'status': {'state': 'AwaitingApproval', 'err_msg': '', 'create_time': '2024-11-06T06:44:29Z', 'start_time': '2024-11-06T06:44:29Z', 'end_time': '', 'tasks': [{'task_id': 'cbw66pdv47mmkvkk', 'state': 'Pending', 'err_msg': '', 'create_time': '', 'start_time': '', 'end_time': '', 'parties': [], 'alias': 'intersection'}], 'stage_status_list': [{'domain_id': 'p207', 'state': 'JobCreateStageSucceeded'}], 'approve_status_list': [{'domain_id': 'p207', 'state': 'JobAccepted'}]}}]}}

Kuscia log output.

p207:
2024-11-06 16:23:40.770 INFO controller/domain_route.go:432 add cluster p207-to-p208 name:http protocol:HTTP port:11080
2024-11-06 16:23:40.770 INFO xds/cluster_config.go:131 Generate tls config for p207-to-p208-http
2024-11-06 16:23:40.770 INFO xds/xds.go:439 Add cluster:p207-to-p208-http
2024-11-06 16:23:40.770 INFO xds/xds.go:439 Add cluster:p207-to-p208-http
2024-11-06 16:23:40.770 INFO controller/domain_route.go:293 DomainRoute p207/p207-p208 starts handshake, the last revision is 0
2024-11-06 16:23:45.787 ERROR controller/handshake.go:307 DomainRoute p207-p208: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:23:45.787 ERROR controller/domain_route.go:297 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:23:45.787 INFO queue/queue.go:109 Re-syncing: queue id[domain-route-queue], retry:[13] key[p207/p207-p208]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL", re-queuing (5.017405177s)
2024-11-06 16:24:15.026 WARN domainroute/check.go:46 Domainroute p207/p208-p207 checkEffectiveInstances failed: tokens is nil, please check the result of handshake in instance's log
2024-11-06 16:24:15.026 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p207/p208-p207] (99.107µs)
2024-11-06 16:24:15.026 WARN domainroute/check.go:138 Domainroute p207/p207-p208 token is waiting more than 2 minutes for ready, so need to re-handshake
2024-11-06 16:24:15.032 INFO domainroute/rolling.go:47 PreRollingDomainRoute p207/p207-p208, new revision 0
2024-11-06 16:24:15.032 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p207/p207-p208] (5.818168ms)
2024-11-06 16:24:15.032 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p207/p207-p208] (18.185µs)
2024-11-06 16:24:15.032 INFO controller/domain_route.go:432 add cluster p207-to-p208 name:http protocol:HTTP port:11080
2024-11-06 16:24:15.032 INFO xds/cluster_config.go:131 Generate tls config for p207-to-p208-http
2024-11-06 16:24:15.032 INFO xds/xds.go:439 Add cluster:p207-to-p208-http
2024-11-06 16:24:15.032 INFO xds/xds.go:439 Add cluster:p207-to-p208-http
2024-11-06 16:24:15.032 INFO controller/domain_route.go:293 DomainRoute p207/p207-p208 starts handshake, the last revision is 0
2024-11-06 16:24:15.037 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p207-p208 update status
2024-11-06 16:24:15.038 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p207/p207-p208] (5.443525ms)
2024-11-06 16:24:15.044 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p207-p208 update status
2024-11-06 16:24:15.044 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p207-p208] (5.52646ms)
2024-11-06 16:24:15.049 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/domaindatagrant-bd6efcb0be0c44bc0c2b137243f81162] (20.025µs)
2024-11-06 16:24:15.049 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/69d7e6049c0a11efbfd4ecd68aece617] (35.881µs)
2024-11-06 16:24:15.049 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/69d7e6049c0a11efbfd4ecd68aece617] (5.998µs)
2024-11-06 16:24:15.052 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/domaindatagrant-bd6efcb0be0c44bc0c2b137243f81162] (3.241593ms)
2024-11-06 16:24:15.088 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p208-p207] (137.577µs)
2024-11-06 16:24:15.093 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p207-p208 update status
2024-11-06 16:24:15.094 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p207-p208] (5.953777ms)
2024-11-06 16:24:20.047 ERROR controller/handshake.go:307 DomainRoute p207-p208: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:24:20.047 ERROR controller/domain_route.go:297 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:24:20.047 INFO queue/queue.go:109 Re-syncing: queue id[domain-route-queue], retry:[14] key[p207/p207-p208]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL", re-queuing (5.014657165s)
2024-11-06 16:24:26.748 INFO controller/domain_route.go:432 add cluster p207-to-p208 name:http protocol:HTTP port:11080
2024-11-06 16:24:26.748 INFO xds/cluster_config.go:131 Generate tls config for p207-to-p208-http
2024-11-06 16:24:26.748 INFO xds/xds.go:439 Add cluster:p207-to-p208-http
2024-11-06 16:24:26.748 INFO xds/xds.go:439 Add cluster:p207-to-p208-http
2024-11-06 16:24:26.748 INFO controller/domain_route.go:293 DomainRoute p207/p207-p208 starts handshake, the last revision is 0
2024-11-06 16:24:31.766 ERROR controller/handshake.go:307 DomainRoute p207-p208: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:24:31.766 ERROR controller/domain_route.go:297 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:24:31.766 INFO queue/queue.go:109 Re-syncing: queue id[domain-route-queue], retry:[15] key[p207/p207-p208]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL", re-queuing (5.018181787s)
2024-11-06 16:24:48.442 INFO resources/kusciajob.go:91 update kuscia job eyeow7jijcee93e1
2024-11-06 16:24:48.448 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/eyeow7jijcee93e1] (5.559072ms)
2024-11-06 16:24:48.448 INFO resources/kusciajob.go:121 Start updating kuscia job "eyeow7jijcee93e1" status
2024-11-06 16:24:48.453 INFO resources/kusciajob.go:125 Finish updating kuscia job "eyeow7jijcee93e1" status
2024-11-06 16:24:48.453 INFO kusciajob/controller.go:304 Finished syncing KusciaJob "cross-domain/eyeow7jijcee93e1" (5.372698ms)
2024-11-06 16:24:48.453 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/eyeow7jijcee93e1] (5.396255ms)
2024-11-06 16:24:48.454 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[cross-domain/eyeow7jijcee93e1] (24.101µs)
2024-11-06 16:24:48.457 INFO queue/queue.go:124 Finish processing item: queue id[kuscia-job-controller], key[p208/eyeow7jijcee93e1] (29.582µs)
2024-11-06 16:24:48.460 INFO queue/queue.go:124 Finish processing item: queue id[interconn-kuscia-job-queue], key[cross-domain/eyeow7jijcee93e1] (12.168157ms)
2024-11-06 16:24:48.461 INFO queue/queue.go:124 Finish processing item: queue id[interconn-kuscia-jobsummary-queue], key[p208/eyeow7jijcee93e1] (20.156µs)
2024-11-06 16:24:48.465 INFO queue/queue.go:124 Finish processing item: queue id[interconn-kuscia-job-queue], key[cross-domain/eyeow7jijcee93e1] (4.870945ms)

p208:
2024-11-06 16:23:23.644 INFO queue/queue.go:109 Re-syncing: queue id[domain-route-queue], retry:[13] key[p208/p208-p207]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL", re-queuing (5.017339285s)
2024-11-06 16:23:52.874 WARN domainroute/check.go:46 Domainroute p208/p207-p208 checkEffectiveInstances failed: tokens is nil, please check the result of handshake in instance's log
2024-11-06 16:23:52.874 WARN domainroute/check.go:138 Domainroute p208/p208-p207 token is waiting more than 2 minutes for ready, so need to re-handshake
2024-11-06 16:23:52.874 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p208/p207-p208] (118.391µs)
2024-11-06 16:23:52.881 INFO domainroute/rolling.go:47 PreRollingDomainRoute p208/p208-p207, new revision 0
2024-11-06 16:23:52.881 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p208/p208-p207] (6.966957ms)
2024-11-06 16:23:52.881 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p208/p208-p207] (12.677µs)
2024-11-06 16:23:52.882 INFO controller/domain_route.go:432 add cluster p208-to-p207 name:http protocol:HTTP port:11080
2024-11-06 16:23:52.882 INFO xds/cluster_config.go:131 Generate tls config for p208-to-p207-http
2024-11-06 16:23:52.882 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:23:52.882 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:23:52.882 INFO controller/domain_route.go:293 DomainRoute p208/p208-p207 starts handshake, the last revision is 0
2024-11-06 16:23:52.888 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p208-p207 update status
2024-11-06 16:23:52.888 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p208/p208-p207] (6.944279ms)
2024-11-06 16:23:52.896 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p208-p207 update status
2024-11-06 16:23:52.896 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p208-p207] (6.891297ms)
2024-11-06 16:23:52.900 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (22.362µs)
2024-11-06 16:23:52.900 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/69da9f849c0a11efbb5decd68aece6cb] (8.102µs)
2024-11-06 16:23:52.900 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/69da9f849c0a11efbb5decd68aece6cb] (40.424µs)
2024-11-06 16:23:52.904 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (4.106769ms)
2024-11-06 16:23:52.931 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p207-p208] (205.785µs)
2024-11-06 16:23:52.938 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p208-p207 update status
2024-11-06 16:23:52.939 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p208-p207] (7.231809ms)
2024-11-06 16:23:57.898 ERROR controller/handshake.go:307 DomainRoute p208-p207: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:23:57.898 ERROR controller/domain_route.go:297 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:23:57.898 INFO queue/queue.go:109 Re-syncing: queue id[domain-route-queue], retry:[14] key[p208/p208-p207]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL", re-queuing (5.015949299s)
2024-11-06 16:24:04.604 INFO controller/domain_route.go:432 add cluster p208-to-p207 name:http protocol:HTTP port:11080
2024-11-06 16:24:04.605 INFO xds/cluster_config.go:131 Generate tls config for p208-to-p207-http
2024-11-06 16:24:04.605 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:24:04.605 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:24:04.605 INFO controller/domain_route.go:293 DomainRoute p208/p208-p207 starts handshake, the last revision is 0
2024-11-06 16:24:09.621 ERROR controller/handshake.go:307 DomainRoute p208-p207: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:24:09.622 ERROR controller/domain_route.go:297 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:24:09.622 INFO queue/queue.go:109 Re-syncing: queue id[domain-route-queue], retry:[15] key[p208/p208-p207]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL", re-queuing (5.017143791s)
2024-11-06 16:24:52.901 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (33.888µs)
2024-11-06 16:24:52.901 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/69da9f849c0a11efbb5decd68aece6cb] (8.358µs)
2024-11-06 16:24:52.901 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/69da9f849c0a11efbb5decd68aece6cb] (88.965µs)
2024-11-06 16:24:52.905 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (4.117694ms)
2024-11-06 16:25:52.875 WARN domainroute/check.go:138 Domainroute p208/p208-p207 token is waiting more than 2 minutes for ready, so need to re-handshake
2024-11-06 16:25:52.875 WARN domainroute/check.go:46 Domainroute p208/p207-p208 checkEffectiveInstances failed: tokens is nil, please check the result of handshake in instance's log
2024-11-06 16:25:52.875 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p208/p207-p208] (100.901µs)
2024-11-06 16:25:52.883 INFO domainroute/rolling.go:47 PreRollingDomainRoute p208/p208-p207, new revision 0
2024-11-06 16:25:52.883 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p208/p208-p207] (8.136781ms)
2024-11-06 16:25:52.883 INFO queue/queue.go:176 Finish processing item: queue id[domain-route-controller], key[p208/p208-p207] (12.862µs)
2024-11-06 16:25:52.883 INFO controller/domain_route.go:432 add cluster p208-to-p207 name:http protocol:HTTP port:11080
2024-11-06 16:25:52.884 INFO xds/cluster_config.go:131 Generate tls config for p208-to-p207-http
2024-11-06 16:25:52.884 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:25:52.884 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:25:52.884 INFO controller/domain_route.go:293 DomainRoute p208/p208-p207 starts handshake, the last revision is 0
2024-11-06 16:25:52.891 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p208-p207 update status
2024-11-06 16:25:52.891 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p208/p208-p207] (7.761ms)
2024-11-06 16:25:52.899 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p208-p207 update status
2024-11-06 16:25:52.899 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p208-p207] (7.433496ms)
2024-11-06 16:25:52.901 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (17.468µs)
2024-11-06 16:25:52.901 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/69da9f849c0a11efbb5decd68aece6cb] (3.963µs)
2024-11-06 16:25:52.902 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/69da9f849c0a11efbb5decd68aece6cb] (91.031µs)
2024-11-06 16:25:52.905 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (3.841695ms)
2024-11-06 16:25:52.932 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p207-p208] (130.323µs)
2024-11-06 16:25:52.939 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute p208-p207 update status
2024-11-06 16:25:52.939 INFO queue/queue.go:176 Finish processing item: queue id[cluster-domain-route-controller], key[p208-p207] (7.025526ms)
2024-11-06 16:25:57.900 ERROR controller/handshake.go:307 DomainRoute p208-p207: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:25:57.900 ERROR controller/domain_route.go:297 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:25:57.900 ERROR queue/queue.go:115 Forgetting: queue id[domain-route-queue], key[p208/p208-p207] (5.016400742s), due to maximum retries[16] reached, last error: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL"
2024-11-06 16:26:52.902 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/69da9f849c0a11efbb5decd68aece6cb] (66.664µs)
2024-11-06 16:26:52.902 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (18.355µs)
2024-11-06 16:26:52.902 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p207/69da9f849c0a11efbb5decd68aece6cb] (14.036µs)
2024-11-06 16:26:52.907 INFO queue/queue.go:124 Finish processing item: queue id[domaindatagrant_controller], key[p208/domaindatagrant-7f02cc39a349fe0968e2368a58fe1dda] (4.216477ms)
2024-11-06 16:26:53.463 INFO controller/domain_route.go:432 add cluster p208-to-p207 name:http protocol:HTTP port:11080
2024-11-06 16:26:53.463 INFO xds/cluster_config.go:131 Generate tls config for p208-to-p207-http
2024-11-06 16:26:53.463 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:26:53.463 INFO xds/xds.go:439 Add cluster:p208-to-p207-http
2024-11-06 16:26:53.463 INFO controller/domain_route.go:293 DomainRoute p208/p208-p207 starts handshake, the last revision is 0
2024-11-06 16:26:58.479 ERROR controller/handshake.go:307 DomainRoute p208-p207: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:26:58.479 ERROR controller/domain_route.go:297 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL
2024-11-06 16:26:58.479 INFO queue/queue.go:109 Re-syncing: queue id[domain-route-queue], retry:[0] key[p208/p208-p207]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: remote connection failure, transport failure reason: TLS_error:|268435703:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:TL", re-queuing (5.016320863s)
2024-11-06 16:26:58.485 INFO controller/domain_route.go:432 add cluster p208-to-p207 name:http protocol:HTTP port:11080
2024-11-06 16:26:58.485 INFO xds/cluster_config.go:131 Generate tls config for p208-to-p207-http

[BrainWH]

1、在对应的容器内部执行kubectl get cdr 查看授权信息，看一下返回值 2、执行命令curl -kvvv http://1.1.1.1:18080（此处为示例 ip 与端口），看一下返回的结果。

[T-ze-yu]

看来是授权不成功

[BrainWH]

可以执行kubectl get cdr -n xxx xxx -o yaml看一下对应的路由的yaml 信息

[T-ze-yu]

kubectl get cdr -n xxx xxx -o yaml

kubectl get cdr -n p208 -o yaml apiVersion: v1 items:

• apiVersion: kuscia.secretflow/v1alpha1 kind: ClusterDomainRoute metadata: creationTimestamp: "2024-11-06T06:43:06Z" generation: 2 labels: kuscia.secertflow/domainroute-partner: p207 kuscia.secretflow/clusterdomainroute-destination: p208 kuscia.secretflow/clusterdomainroute-source: p207 name: p207-p208 ownerReferences:
  • apiVersion: kuscia.secretflow/v1alpha1 blockOwnerDeletion: true controller: true kind: Domain name: p207 uid: 83c66649-f636-4867-ac2f-c4b80fc00c47 resourceVersion: "486" uid: 7db54796-7b7c-431a-86b3-7f90270bc577 spec: authenticationType: Token destination: p208 endpoint: {} interConnProtocol: kuscia requestHeadersToAdd: Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IlB6Q21XUmplYzlfeGFJdm1xSXBjb1h3aF9lQ2VPM3FTVkhpa0dOT1BISHcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrM3MiXSwiZXhwIjoyMDQ2MjM1Mzg2LCJpYXQiOjE3MzA4NzUzODYsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJwMjA3Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6InAyMDciLCJ1aWQiOiI5MGM3ZjY4Yy1mZmRlLTRjNWYtOTFlZi1kMDM0OTNiNTZjYjIifX0sIm5iZiI6MTczMDg3NTM4Niwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnAyMDc6cDIwNyJ9.mQBqTabUKNHXDOCQnjNW851YVx9zt0jAGrzE2H0oQiPdJuAJhbLNMPek6RDb9lQ4S2Dt_nnY78juII6HWZ8nng9jGsNOujcETgfMPLP_E4hn-CrAC2IpScW0uJ57HPGM4nr_MuJA3Is1RKH56Buo3UybgO75F_T_sOUYkIrlyPAJLRrbQVB7e_JKg4gVIdcvBTf0KKA15vyO3nr_-xnTyO6nqGN5W_VuqIrcpWLw0L0-z_VCh60ID_eb0djuq0Oj_CqhZG46Uu5OQeLquiwlm0Xk9zbkFngpeU_amFMy0DwOQmKh-VNdabo9qPPouBlqVbdnEZ0-hVuLTOpv7e_sLg source: p207 tokenConfig: destinationPublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQW9oNEw5VVNFcEErSnJTa3RHYjh5ZFg5WFMxS29oMHM1ejBDODRkS1ZTV3ZXSGJmaEtSNloKSk9sNHliOFBnY3JYR1lZdzJIekxaQVlNZy81MHprQWJMNE9aNHZDdzFtQjRUc2U3SGtKNkNSR1QrWHNsVGZpYwpQL0VOZi9kQlJMc0xjSUJjSzQza2lENi9UczdEcjBzQnZ6UW10Z1RubElnZm5jc0N1Qk5BVHE4bHM4eW0vN0ZRCmVBTWhvelBUazBjdUVYTWZmWlVxUjJibmhFdlNtd2xBV3FaUVlGS3I0bzUvc3VRa0lwelcvMGdnQnRKTEMyZ04KcFJhMzFQQzJZVUFnN0NNMzhPMFF1OHo2cmhUZjUzNUhMbXlMM1ZPTHFPWVRlWFkrVUM2TGZxWFhxMWpuem9zVApKUDVZVTNQV3k2YVFwVnJsb1BIQ2Z4RlYwNGR2ZXpMV2F3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K rollingUpdatePeriod: 86400 sourcePublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQTQ0MXhpa1V1M0xpZHNURUpnai84QWRhazBCYU9ZV2ljT3ZqdUNOQVdlZTEzYkRqSDI2NEQKUXZQM3FUTjhicUJSa0V5eFczZzlrUktxa3F5Zmxwck9NS0ZiVTJ0TjFjclZUd01PcmltaTJ6dTJab1VmSnZtbAplU25HcERKWDFlUEFyWUVNUzhuRWxwNm50Rk5IbGJ1UllCU3lzL2h6Ty8wUWVNN3R3MmZ5UElTQzB1b1R0WDBHCkJUS3d1VGwvU3pPU1dWTjloQ2RjUHpCUVdpT2VyRkVEakVQRFhEWlFKeG5FYjVpRU5pUHZYVkJWWHBZUkxZVlQKSm00QzE5TTFXMkF0MTVRZE03K3ByZ2d4UVdDUWhpSmlaUmFxTDVsZ0pGQk11bFBuakN5TkdLV2tLNEdnY242RwppRG1Ya0F5dmhtbWpkVi9qU1VzelQ4d2ZUREVxMjlQSjNRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K tokenGenMethod: RSA-GEN
• apiVersion: kuscia.secretflow/v1alpha1 kind: ClusterDomainRoute metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"kuscia.secretflow/v1alpha1","kind":"ClusterDomainRoute","metadata":{"annotations":{},"name":"p208-p207"},"spec":{"authenticationType":"Token","destination":"p207","endpoint":{"host":"192.168.210.207","ports":[{"isTLS":true,"name":"http","pathPrefix":"/","port":11080,"protocol":"HTTP"}]},"interConnProtocol":"kuscia","requestHeadersToAdd":{"Authorization":"Bearer"},"source":"p208","tokenConfig":{"rollingUpdatePeriod":86400,"tokenGenMethod":"RSA-GEN"}}} creationTimestamp: "2024-11-06T06:43:06Z" generation: 2 labels: kuscia.secertflow/domainroute-partner: p207 kuscia.secretflow/clusterdomainroute-destination: p207 kuscia.secretflow/clusterdomainroute-source: p208 name: p208-p207 resourceVersion: "113677" uid: bf7ec5fc-c345-4fd5-a775-3888561a6aa1 spec: authenticationType: Token destination: p207 endpoint: host: 192.168.210.207 ports: - isTLS: true name: http pathPrefix: / port: 11080 protocol: HTTP interConnProtocol: kuscia requestHeadersToAdd: Authorization: Bearer source: p208 tokenConfig: destinationPublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQTQ0MXhpa1V1M0xpZHNURUpnai84QWRhazBCYU9ZV2ljT3ZqdUNOQVdlZTEzYkRqSDI2NEQKUXZQM3FUTjhicUJSa0V5eFczZzlrUktxa3F5Zmxwck9NS0ZiVTJ0TjFjclZUd01PcmltaTJ6dTJab1VmSnZtbAplU25HcERKWDFlUEFyWUVNUzhuRWxwNm50Rk5IbGJ1UllCU3lzL2h6Ty8wUWVNN3R3MmZ5UElTQzB1b1R0WDBHCkJUS3d1VGwvU3pPU1dWTjloQ2RjUHpCUVdpT2VyRkVEakVQRFhEWlFKeG5FYjVpRU5pUHZYVkJWWHBZUkxZVlQKSm00QzE5TTFXMkF0MTVRZE03K3ByZ2d4UVdDUWhpSmlaUmFxTDVsZ0pGQk11bFBuakN5TkdLV2tLNEdnY242RwppRG1Ya0F5dmhtbWpkVi9qU1VzelQ4d2ZUREVxMjlQSjNRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K rollingUpdatePeriod: 86400 sourcePublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQW9oNEw5VVNFcEErSnJTa3RHYjh5ZFg5WFMxS29oMHM1ejBDODRkS1ZTV3ZXSGJmaEtSNloKSk9sNHliOFBnY3JYR1lZdzJIekxaQVlNZy81MHprQWJMNE9aNHZDdzFtQjRUc2U3SGtKNkNSR1QrWHNsVGZpYwpQL0VOZi9kQlJMc0xjSUJjSzQza2lENi9UczdEcjBzQnZ6UW10Z1RubElnZm5jc0N1Qk5BVHE4bHM4eW0vN0ZRCmVBTWhvelBUazBjdUVYTWZmWlVxUjJibmhFdlNtd2xBV3FaUVlGS3I0bzUvc3VRa0lwelcvMGdnQnRKTEMyZ04KcFJhMzFQQzJZVUFnN0NNMzhPMFF1OHo2cmhUZjUzNUhMbXlMM1ZPTHFPWVRlWFkrVUM2TGZxWFhxMWpuem9zVApKUDVZVTNQV3k2YVFwVnJsb1BIQ2Z4RlYwNGR2ZXpMV2F3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K tokenGenMethod: RSA-GEN status: conditions:
  • lastTransitionTime: "2024-11-07T02:55:53Z" lastUpdateTime: "2024-11-07T02:55:53Z" message: TokenNotGenerate reason: DestinationIsNotAuthrized status: "False" type: Ready tokenStatus: {} kind: List metadata: resourceVersion: ""

[BrainWH]

可以贴下创建路由的命令

[T-ze-yu]

可以贴下创建路由的命令

参照的https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.9.0b0/deployment/Docker_deployment_kuscia/deploy_p2p_cn#id7 相互颁发证书后在208执行scripts/deploy/add_domain.sh p207 p2p ；207执行scripts/deploy/add_domain.sh p208 p2p 之后在208执行scripts/deploy/join_to_host.sh p208 p207 https://192.168.210.207:11080；207执行：scripts/deploy/join_to_host.sh p207 p208 https://192.168.210.208:11080

[T-ze-yu]

可以贴下创建路由的命令

参照的https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.9.0b0/deployment/Docker_deployment_kuscia/deploy_p2p_cn#id7 相互颁发证书后在208执行scripts/deploy/add_domain.sh p207 p2p ；207执行scripts/deploy/add_domain.sh p208 p2p 之后在208执行scripts/deploy/join_to_host.sh p208 p207 https://192.168.210.207:11080；207执行：scripts/deploy/join_to_host.sh p207 p208 https://192.168.210.208:11080

把其中的https换成http好像就可以了

[BrainWH]

Protocol 设置为 NOTLS 时，节点间通信使用http

[T-ze-yu]

但在执行求交任务还是报错了domain_data = get_domain_data(domaindata_stub, domaindata_id) 2024-11-07T15:45:07.381023627+08:00 stderr F File "/usr/local/lib/python3.10/site-packages/secretflow/kuscia/datamesh.py", line 81, in get_domain_data 2024-11-07T15:45:07.381047985+08:00 stderr F raise RuntimeError(f"get_dist_data failed for {id}: status = {ret.status}") 2024-11-07T15:45:07.381051804+08:00 stderr F RuntimeError: get_dist_data failed for 9dd7d6909cdb11ef9d84ecd68aece6cb: status = code: 12201 2024-11-07T15:45:07.381053666+08:00 stderr F message: "domaindatas.kuscia.secretflow "9dd7d6909cdb11ef9d84ecd68aece6cb" not found" 2024-11-07T15:45:07.381055566+08:00 stderr F

[T-ze-yu]

但在执行求交任务还是报错了domain_data = get_domain_data(domaindata_stub, domaindata_id) 2024-11-07T15:45:07.381023627+08:00 stderr F File "/usr/local/lib/python3.10/site-packages/secretflow/kuscia/datamesh.py", line 81, in get_domain_data 2024-11-07T15:45:07.381047985+08:00 stderr F raise RuntimeError(f"get_dist_data failed for {id}: status = {ret.status}") 2024-11-07T15:45:07.381051804+08:00 stderr F RuntimeError: get_dist_data failed for 9dd7d6909cdb11ef9d84ecd68aece6cb: status = code: 12201 2024-11-07T15:45:07.381053666+08:00 stderr F message: "domaindatas.kuscia.secretflow "9dd7d6909cdb11ef9d84ecd68aece6cb" not found" 2024-11-07T15:45:07.381055566+08:00 stderr F

通过分析9dd7d6909cdb11ef9d84ecd68aece6cb是合作方是数据，但在合作方已经进行了数据授权是操作： json_body: {'domain_id': 'p208', 'domaindata_id': '9dd7d6909cdb11ef9d84ecd68aece6cb', 'grant_domain': 'p207'} response: {'status': {'code': 0, 'message': 'success', 'details': []}, 'data': {'domaindatagrant_id': 'domaindatagrant-fa80775cccd18aa84ae80645a864014b'}}

[T-ze-yu]

还是授权不到位

[BrainWH]

kubectl get cdr -n xxx xxx -o yaml看一下对应的路由的yaml 信息

[T-ze-yu]

我刚才丰富进行了一下授权，现在正常了 但数据授权还是存在之前一样的问题

[T-ze-yu]

kubectl get cdr -n xxx xxx -o yaml

kubectl get cdr -n p207-p208 -o yaml apiVersion: v1 items:

• apiVersion: kuscia.secretflow/v1alpha1 kind: ClusterDomainRoute metadata: annotations: kubectl.kubernetes.io/last-applied-configuration: | {"apiVersion":"kuscia.secretflow/v1alpha1","kind":"ClusterDomainRoute","metadata":{"annotations":{},"name":"p207-p208"},"spec":{"authenticationType":"Token","destination":"p208","endpoint":{"host":"192.168.210.208","ports":[{"isTLS":false,"name":"http","pathPrefix":"/","port":11080,"protocol":"HTTP"}]},"interConnProtocol":"kuscia","requestHeadersToAdd":{"Authorization":"Bearer"},"source":"p207","tokenConfig":{"rollingUpdatePeriod":86400,"tokenGenMethod":"RSA-GEN"}}} creationTimestamp: "2024-11-07T08:25:00Z" generation: 5 labels: kuscia.secertflow/domainroute-partner: p208 kuscia.secretflow/clusterdomainroute-destination: p208 kuscia.secretflow/clusterdomainroute-source: p207 name: p207-p208 resourceVersion: "710" uid: c581e28b-c1f1-4c87-8391-33c016bf826c spec: authenticationType: Token destination: p208 endpoint: host: 192.168.210.208 ports: - isTLS: false name: http pathPrefix: / port: 11080 protocol: HTTP interConnProtocol: kuscia requestHeadersToAdd: Authorization: Bearer source: p207 tokenConfig: destinationPublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQW9oNEw5VVNFcEErSnJTa3RHYjh5ZFg5WFMxS29oMHM1ejBDODRkS1ZTV3ZXSGJmaEtSNloKSk9sNHliOFBnY3JYR1lZdzJIekxaQVlNZy81MHprQWJMNE9aNHZDdzFtQjRUc2U3SGtKNkNSR1QrWHNsVGZpYwpQL0VOZi9kQlJMc0xjSUJjSzQza2lENi9UczdEcjBzQnZ6UW10Z1RubElnZm5jc0N1Qk5BVHE4bHM4eW0vN0ZRCmVBTWhvelBUazBjdUVYTWZmWlVxUjJibmhFdlNtd2xBV3FaUVlGS3I0bzUvc3VRa0lwelcvMGdnQnRKTEMyZ04KcFJhMzFQQzJZVUFnN0NNMzhPMFF1OHo2cmhUZjUzNUhMbXlMM1ZPTHFPWVRlWFkrVUM2TGZxWFhxMWpuem9zVApKUDVZVTNQV3k2YVFwVnJsb1BIQ2Z4RlYwNGR2ZXpMV2F3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K rollingUpdatePeriod: 86400 sourcePublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQTQ0MXhpa1V1M0xpZHNURUpnai84QWRhazBCYU9ZV2ljT3ZqdUNOQVdlZTEzYkRqSDI2NEQKUXZQM3FUTjhicUJSa0V5eFczZzlrUktxa3F5Zmxwck9NS0ZiVTJ0TjFjclZUd01PcmltaTJ6dTJab1VmSnZtbAplU25HcERKWDFlUEFyWUVNUzhuRWxwNm50Rk5IbGJ1UllCU3lzL2h6Ty8wUWVNN3R3MmZ5UElTQzB1b1R0WDBHCkJUS3d1VGwvU3pPU1dWTjloQ2RjUHpCUVdpT2VyRkVEakVQRFhEWlFKeG5FYjVpRU5pUHZYVkJWWHBZUkxZVlQKSm00QzE5TTFXMkF0MTVRZE03K3ByZ2d4UVdDUWhpSmlaUmFxTDVsZ0pGQk11bFBuakN5TkdLV2tLNEdnY242RwppRG1Ya0F5dmhtbWpkVi9qU1VzelQ4d2ZUREVxMjlQSjNRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K tokenGenMethod: RSA-GEN status: conditions:
  • lastTransitionTime: "2024-11-07T08:27:06Z" lastUpdateTime: "2024-11-07T08:27:06Z" message: Success status: "True" type: Ready endpointStatuses: mpc-middle-autonomy-p207-http: endpointHealthy: true tokenStatus: sourceTokens:
    • effectiveInstances:
      • mpc-middle-autonomy-p207 expirationTime: "2024-11-09T08:27:05Z" isReady: true revision: 1 revisionTime: "2024-11-07T08:27:06Z" token: D7wf9ztVjKZJsgGFALmFBv9yjfCHy+4qQ7fjqCDPl4JkR85Vi50Cit3rRnwCGsTqavgCsvtRaIDPkNmuCIk+a31q1s0R+uGWRGnQwY0exdQsIZsZ1EXaQ6FPsVYyeuqMh2Ho5J3v0gMVIRtsERyPoakr14t3cFRgGvcbEpFkdoGM8A4Itqh8em8XYZ45X0ZQnLDYxMrP2Z8lEDm0BKOPgWo9A7KtmMUI7NmUhCFieuKST+7w/E8OaligXxejy7MiHAtAmHU6DnXBvNbSgK1yRQEp0oTfhY4CfGHkVae84DpbdXDygD4t13T5XnjdyvhTA63YfgKJyDpsO3h4Fc3AZw==
• apiVersion: kuscia.secretflow/v1alpha1 kind: ClusterDomainRoute metadata: creationTimestamp: "2024-11-07T08:25:00Z" generation: 2 labels: kuscia.secertflow/domainroute-partner: p208 kuscia.secretflow/clusterdomainroute-destination: p207 kuscia.secretflow/clusterdomainroute-source: p208 name: p208-p207 ownerReferences:
  • apiVersion: kuscia.secretflow/v1alpha1 blockOwnerDeletion: true controller: true kind: Domain name: p208 uid: d4b04dbd-eddd-4a27-9137-f3e1f5d3c5c6 resourceVersion: "741" uid: 48464611-0948-4073-afc5-8b6f00f612e2 spec: authenticationType: Token destination: p207 endpoint: {} interConnProtocol: kuscia requestHeadersToAdd: Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6ImQyZ2hsRU9vYk9hZlpUX1l2UFNlWUtST2J0ajhDRHJzdENrcGFvVVdKbkEifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiLCJrM3MiXSwiZXhwIjoyMDQ2MzI3OTAwLCJpYXQiOjE3MzA5Njc5MDAsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJwMjA4Iiwic2VydmljZWFjY291bnQiOnsibmFtZSI6InAyMDgiLCJ1aWQiOiIzNDk1NjFmNC0wMTM5LTRhNWItYjczMC1mZTc0YzJmYTg4MDcifX0sIm5iZiI6MTczMDk2NzkwMCwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OnAyMDg6cDIwOCJ9.WG5VJllcLMHmLuicNwcE7Ch_OlDLwBwozzN4CEkbw5uYkuSSZUXQN-bDqvOeLt72FWouUVp1VYmrBAXUx2Ub1tWOdUuJWQNQT8LLg3lh3aKXSqeUIIGw7OVl67Obmf9moYikXUpiqlbNE9WAM-IvXm9cKMJbAGd4F5OXmshsVi5NEfqFgumXcJceqD6CgTfo5iT4aODrI8fWc40qgEAqjzyAbE_miKxGsWIW3GDY1R8cniTi-gJi5m8VD2GH6zLPvK2UIMSvRC_fKm5JXLNWNRNgremsqAisuPKKUmYr23UFDuGNbM9RTD-GzFpozD8kXxGxNYpY4w9Nc4U3Xj3zAQ source: p208 tokenConfig: destinationPublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQTQ0MXhpa1V1M0xpZHNURUpnai84QWRhazBCYU9ZV2ljT3ZqdUNOQVdlZTEzYkRqSDI2NEQKUXZQM3FUTjhicUJSa0V5eFczZzlrUktxa3F5Zmxwck9NS0ZiVTJ0TjFjclZUd01PcmltaTJ6dTJab1VmSnZtbAplU25HcERKWDFlUEFyWUVNUzhuRWxwNm50Rk5IbGJ1UllCU3lzL2h6Ty8wUWVNN3R3MmZ5UElTQzB1b1R0WDBHCkJUS3d1VGwvU3pPU1dWTjloQ2RjUHpCUVdpT2VyRkVEakVQRFhEWlFKeG5FYjVpRU5pUHZYVkJWWHBZUkxZVlQKSm00QzE5TTFXMkF0MTVRZE03K3ByZ2d4UVdDUWhpSmlaUmFxTDVsZ0pGQk11bFBuakN5TkdLV2tLNEdnY242RwppRG1Ya0F5dmhtbWpkVi9qU1VzelQ4d2ZUREVxMjlQSjNRSURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K rollingUpdatePeriod: 86400 sourcePublicKey: LS0tLS1CRUdJTiBSU0EgUFVCTElDIEtFWS0tLS0tCk1JSUJDZ0tDQVFFQW9oNEw5VVNFcEErSnJTa3RHYjh5ZFg5WFMxS29oMHM1ejBDODRkS1ZTV3ZXSGJmaEtSNloKSk9sNHliOFBnY3JYR1lZdzJIekxaQVlNZy81MHprQWJMNE9aNHZDdzFtQjRUc2U3SGtKNkNSR1QrWHNsVGZpYwpQL0VOZi9kQlJMc0xjSUJjSzQza2lENi9UczdEcjBzQnZ6UW10Z1RubElnZm5jc0N1Qk5BVHE4bHM4eW0vN0ZRCmVBTWhvelBUazBjdUVYTWZmWlVxUjJibmhFdlNtd2xBV3FaUVlGS3I0bzUvc3VRa0lwelcvMGdnQnRKTEMyZ04KcFJhMzFQQzJZVUFnN0NNMzhPMFF1OHo2cmhUZjUzNUhMbXlMM1ZPTHFPWVRlWFkrVUM2TGZxWFhxMWpuem9zVApKUDVZVTNQV3k2YVFwVnJsb1BIQ2Z4RlYwNGR2ZXpMV2F3SURBUUFCCi0tLS0tRU5EIFJTQSBQVUJMSUMgS0VZLS0tLS0K tokenGenMethod: RSA-GEN status: conditions:
  • lastTransitionTime: "2024-11-07T08:25:42Z" lastUpdateTime: "2024-11-07T08:25:42Z" message: Success status: "True" type: Ready tokenStatus: destinationTokens:
    • effectiveInstances:
      • mpc-middle-autonomy-p207 expirationTime: "2024-11-09T08:25:42Z" isReady: true revision: 1 revisionTime: "2024-11-07T08:25:42Z" token: Zah8cfCDnxvxu3h9GIrDTx3jFUw8kXRCY2htsAXc2/CR/pvsGZbtZo7aUoPh2U22L40fDjlNls8t5l9dOXk/bX2SleDdqRY7wVgqTqBoOQRUkTlAMypMgOMHSwtjDZdPGsSShAAQlw35KTWl3enPNSpXLDAcOhNpfSYT7UPRHk8JpWZbNBUdsnG4/iP9IlvZDQlF1SzqznRuB+vOkys9PKMuTzWa/k8oTLI6d2oWzROesjirMFmEA5+tqbr13dM/oKRtMC0HoC+T1qjnauOIBN4ums+ShOHKKOUitUNW9N4BO8nc7WTR7roaY7CwSU+6dv/hPXOxP+GB08NLJfV7Ag==
    • effectiveInstances:
      • mpc-middle-autonomy-p207 expirationTime: "2024-11-09T08:25:43Z" isReady: true revision: 2 revisionTime: "2024-11-07T08:25:43Z" token: hJYfsLv8dYQS5PS33e0uF2IReVQyS/NwcpRg0ZF/T+t/yOU4/hxD68gcmh04RAqKFaLxTDONUU9afY0OLfpoGEurM5cavfpJmE8Y5619n5l7zMbnCXMYrw88FyCEAcetpznxhtOvFOVFRdBDv41OwBFQ0gtWGbfYxc0H4Gx2ZCcQfDpFcEH6SQ7cB5iA8MmHeq34pmsihlSjl4muTEKJdqoxT66ifysqsuTTCG7lmlh+VmL7fAdrPzJ/QurX5thTXU/PqlbwdhvSny4evoV01Qpk0NIwFCK8JAQAtfmAe64NXHT4aOD+3+wy7arR0BdReiCHAqhw3tWMmeRnHM0mbA==
    • effectiveInstances:
      • mpc-middle-autonomy-p207 expirationTime: "2024-11-09T08:27:21Z" isReady: true revision: 3 revisionTime: "2024-11-07T08:27:21Z" token: RCdJ4/RkU3NtbzTMm1bPpM73v3+kRuNbu7rr/sckpN52elnvGtYRP9Eye1Uem8IERqwJoFGmPoqpvHmpfi1xRZKzIxljO7SFzvs53Jmnhgqqx4fYbXTv8Ive6hAovDCwxdNhL6NMUS6E6TeBPtXAqyrRgGYRlS4r7bQyEGdPAuJTH4F99q6je8wR1kLVjyvH2DpVyL/ulj7ZXx3mcTkeoXv244fNZT64mJmnngCuGXfNiS8CQ28ql8rWyXRFy7o19FjgQHbBdBK67OYbfSi8xTDLm0vXuyHHo1SFU/Pv1r2SyUhDBxNA0eDQwhaLRPfM9xFWt0f3gMpLO4XV6gCvAQ== kind: List metadata: resourceVersion: ""

[BrainWH]

看到上面截图中的kubectl get cdr的返回值是true，现在的问题是出在哪里？目前正常了吗？

我刚才丰富进行了一下授权，现在正常了 但数据授权还是存在之前一样的问题

[T-ze-yu]

但在执行求交任务还是报错了domain_data = get_domain_data(domaindata_stub, domaindata_id) 2024-11-07T15:45:07.381023627+08:00 stderr F File "/usr/local/lib/python3.10/site-packages/secretflow/kuscia/datamesh.py", line 81, in get_domain_data 2024-11-07T15:45:07.381047985+08:00 stderr F raise RuntimeError(f"get_dist_data failed for {id}: status = {ret.status}") 2024-11-07T15:45:07.381051804+08:00 stderr F RuntimeError: get_dist_data failed for 9dd7d6909cdb11ef9d84ecd68aece6cb: status = code: 12201 2024-11-07T15:45:07.381053666+08:00 stderr F message: "domaindatas.kuscia.secretflow "9dd7d6909cdb11ef9d84ecd68aece6cb" not found" 2024-11-07T15:45:07.381055566+08:00 stderr F

通过分析9dd7d6909cdb11ef9d84ecd68aece6cb是合作方是数据，但在合作方已经进行了数据授权是操作： json_body: {'domain_id': 'p208', 'domaindata_id': '9dd7d6909cdb11ef9d84ecd68aece6cb', 'grant_domain': 'p207'} response: {'status': {'code': 0, 'message': 'success', 'details': []}, 'data': {'domaindatagrant_id': 'domaindatagrant-fa80775cccd18aa84ae80645a864014b'}}

还是存在这样的问题，在207拿不到授权的数据

[BrainWH]

确保alice和bob的数据都创建了domaindata和domaindatagrant，可以重新执行：https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.12.0b0/deployment/Docker_deployment_kuscia/deploy_p2p_cn#id9

[T-ze-yu]

并 不能授权成功

[BrainWH]

并 不能授权成功

如果你的Protocol 设置为 NOTLS 时，节点间通信使用http。看到你的授权命令里面用的还是https, 改成http就好了

[T-ze-yu]

抱歉！前面命令忘记改了，是用的http，但还是有一方得不到授权

[BrainWH]

先把失败方的cdr、domaindata、domaindatagrant全部删除，然后重新授权

[T-ze-yu]

先把失败方的cdr、domaindata、domaindatagrant全部删除，然后重新授权

有删除的命令吗？还是需要重新部署

[BrainWH]

可以 kubectl delete 删除

[T-ze-yu]

嗯，可以了，感谢

[JiangDonglai98]

可以贴下创建路由的命令

参照的https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.9.0b0/deployment/Docker_deployment_kuscia/deploy_p2p_cn#id7 相互颁发证书后在208执行scripts/deploy/add_domain.sh p207 p2p ；207执行scripts/deploy/add_domain.sh p208 p2p 之后在208执行scripts/deploy/join_to_host.sh p208 p207 https://192.168.210.207:11080；207执行：scripts/deploy/join_to_host.sh p207 p208 https://192.168.210.208:11080

把其中的https换成http好像就可以了

您好，我目前MTLS按照https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.13.0b1/deployment/Docker_deployment_kuscia/deploy_p2p_cn给出docker 点对点的部署是成功的，但是在部署 notls 和 tls的时候不太成功。 看到这个issue 想问一下，对于notls和tls不应该是不用互相颁发证书吗？为什么这里还是要互相颁发证书（相互颁发证书后在208执行）。是否有notls和tls的部署教程指引。谢谢

[BrainWH]

notls/tls/mtls 对于两个节点进行通信都需要相互颁发证书，获取对方的证书的。notls/tls/mtls 是针对本方内部提供的 kusciaapi 服务以及对外提供的通信服务的是 http 还是 https。

[JiangDonglai98]

notls/tls/mtls 对于两个节点进行通信都需要相互颁发证书，获取对方的证书的。notls/tls/mtls 是针对本方内部提供的 kusciaapi 服务以及对外提供的通信服务的是 http 还是 https。

感谢您的回复！