-
-
Notifications
You must be signed in to change notification settings - Fork 150
make tls default if security is set... #519
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
c375029
3d6a576
e8a40ef
a7eaf8b
467c328
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,3 +10,4 @@ dependencies: | |
| - black | ||
| - pytest | ||
| - pytest-asyncio | ||
| - cryptography | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8,6 +8,8 @@ | |
| import sys | ||
| import weakref | ||
| import abc | ||
| import tempfile | ||
| import copy | ||
|
|
||
| import dask | ||
|
|
||
|
|
@@ -17,6 +19,7 @@ | |
| from distributed.deploy.spec import ProcessInterface, SpecCluster | ||
| from distributed.deploy.local import nprocesses_nthreads | ||
| from distributed.scheduler import Scheduler | ||
| from distributed.security import Security | ||
| from distributed.utils import tmpfile | ||
|
|
||
| logger = logging.getLogger(__name__) | ||
|
|
@@ -220,6 +223,7 @@ def __init__( | |
| extra = extra + ["--protocol", protocol] | ||
| if security: | ||
| worker_security_dict = security.get_tls_config_for_role("worker") | ||
|
|
||
| security_command_line_list = [ | ||
| ["--tls-" + key.replace("_", "-"), value] | ||
| for key, value in worker_security_dict.items() | ||
|
|
@@ -450,7 +454,7 @@ def __init__( | |
| scheduler_cls=Scheduler, # Use local scheduler for now | ||
| # Options for both scheduler and workers | ||
| interface=None, | ||
| protocol="tcp://", | ||
| protocol=None, | ||
|
guillaumeeb marked this conversation as resolved.
|
||
| # Job keywords | ||
| config_name=None, | ||
| **job_kwargs | ||
|
|
@@ -500,6 +504,17 @@ def __init__( | |
| "jobqueue.%s.scheduler-options" % config_name, {} | ||
| ) | ||
|
|
||
| if protocol is None and security is not None: | ||
| protocol = "tls://" | ||
| if security is None and protocol is not None and protocol.startswith("tls"): | ||
| try: | ||
| security = Security.temporary() | ||
| except ImportError: | ||
|
guillaumeeb marked this conversation as resolved.
|
||
| raise ImportError( | ||
| "In order to use TLS without pregenerated certificates `cryptography` is required," | ||
| "please install it using either pip or conda" | ||
| ) | ||
|
|
||
| default_scheduler_options = { | ||
| "protocol": protocol, | ||
| "dashboard_address": ":8787", | ||
|
|
@@ -521,7 +536,26 @@ def __init__( | |
| job_kwargs["config_name"] = config_name | ||
| job_kwargs["interface"] = interface | ||
| job_kwargs["protocol"] = protocol | ||
| job_kwargs["security"] = security | ||
| job_kwargs["security"] = copy.copy(security) | ||
|
guillaumeeb marked this conversation as resolved.
|
||
|
|
||
| if security is not None: | ||
| worker_security_dict = job_kwargs["security"].get_tls_config_for_role( | ||
| "worker" | ||
| ) | ||
| for key, value in worker_security_dict.items(): | ||
| # dump worker in-memory keys for use in job_script | ||
| if value is not None and "\n" in value: | ||
| f = tempfile.NamedTemporaryFile(mode="wt") | ||
| # make sure that tmpfile survives by keeping a reference | ||
| setattr(self, "_job_" + key, f) | ||
|
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. this is ugly, but I having to clean up manually seemed more ugly. Ideas are welcome
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Can you explain what must be done here? Maybe @jacobtomlinson understands better.
Member
Author
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I am setting a reference to keep to the temp file from being deconstructed (which triggers its removal)
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. So it's about the problem underlined in #520 again?
Member
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Could you at least do this part in a separated function? And just to be sure, does this creates a file in /tmp directory (which would not been shared with workers)? Or is this in the job execution folder? I guess it needs to be created in a shared folder? |
||
| f.write(value) | ||
| f.flush() | ||
| setattr( | ||
| job_kwargs["security"], | ||
| "tls_" + ("worker_" if key != "ca_file" else "") + key, | ||
| f.name, | ||
| ) | ||
|
|
||
| self._job_kwargs = job_kwargs | ||
|
|
||
| worker = {"cls": self.job_cls, "options": self._job_kwargs} | ||
|
|
||
Uh oh!
There was an error while loading. Please reload this page.