Add SSL support to grpc-balancer and update playbook for certificate management

- Modified grpc-balancer.py to start an SSL server using certificates. - Added Ansible tasks in playbook.yml to create and install SSL certificates. - Updated docker-compose.yaml to mount the SSL certificate into the container.
2025-01-20 19:21:12 +03:00
parent b988582553
commit e40e14dea5
3 changed files with 27 additions and 3 deletions
--- a/playbook.yml
+++ b/playbook.yml
@ -203,6 +203,20 @@
          - waitress
        extra_args: --break-system-packages

+    - name: Create SSL certificate for grpcbalancer
+      ansible.builtin.shell: |
+        mkdir -p /root/node
+        openssl req -x509 -newkey rsa:4096 -keyout /root/node/key.pem -out /root/node/cert.pem -days 365 -nodes -subj "/CN=localhost"
+      args:
+        creates: /root/node/cert.pem
+
+    - name: Install SSL certificate to system store
+      ansible.builtin.shell: |
+        cp /root/node/cert.pem /usr/local/share/ca-certificates/grpcbalancer.crt
+        update-ca-certificates
+      args:
+        executable: /bin/bash
+
    - name: Copy grpcbalancer service file
      ansible.builtin.copy:
        dest: /etc/systemd/system/grpcbalancer.service
@ -269,6 +283,11 @@
      args:
        chdir: "{{ ansible_env.HOME }}/node"

+    - name: Update certificates in container
+      ansible.builtin.shell: docker exec infernet-node update-ca-certificates
+      args:
+        executable: /bin/bash
+
    - name: Deploy contracts
      ansible.builtin.shell: project=hello-world make deploy-contracts 2>&1
      register: contract_deploy_output