vvzvlad/ritual
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add SSL support to grpc-balancer and update playbook for certificate management

Browse Source 
- Modified grpc-balancer.py to start an SSL server using certificates.
- Added Ansible tasks in playbook.yml to create and install SSL certificates.
- Updated docker-compose.yaml to mount the SSL certificate into the container.
This commit is contained in:
vvzvlad 2025-01-20 19:21:12 +03:00
parent b988582553
commit e40e14dea5
3 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deploy/docker-compose.yaml
View File

@ -1,4 +1,3 @@
services: services:
node: node:
image: ritualnetwork/infernet-node:1.4.0 image: ritualnetwork/infernet-node:1.4.0
@ -8,6 +7,7 @@ services:
- ./config.json:/app/config.json - ./config.json:/app/config.json
- node-logs:/logs - node-logs:/logs
- /var/run/docker.sock:/var/run/docker.sock - /var/run/docker.sock:/var/run/docker.sock
- /root/node/cert.pem:/usr/local/share/ca-certificates/grpcbalancer.crt:ro
tty: true tty: true
networks: networks:
- network - network

9
grpc-balancer.py
View File

@ -319,5 +319,10 @@ if __name__ == '__main__':
upload_thread.start() upload_thread.start()
from waitress import serve from waitress import serve
logging.info(f"Starting server on port {PORT}") import ssl
serve(app, host='0.0.0.0', port=PORT, threads=MAX_WORKERS, connection_limit=1000)
ssl_context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
ssl_context.load_cert_chain('/root/node/cert.pem', '/root/node/key.pem')
logging.info(f"Starting SSL server on port {PORT}")
serve(app, host='0.0.0.0', port=PORT, threads=MAX_WORKERS, connection_limit=1000, _ssl_context=ssl_context)

19
playbook.yml
View File

@ -203,6 +203,20 @@
- waitress - waitress
extra_args: --break-system-packages extra_args: --break-system-packages
- name: Create SSL certificate for grpcbalancer
ansible.builtin.shell: |
mkdir -p /root/node
openssl req -x509 -newkey rsa:4096 -keyout /root/node/key.pem -out /root/node/cert.pem -days 365 -nodes -subj "/CN=localhost"
args:
creates: /root/node/cert.pem
- name: Install SSL certificate to system store
ansible.builtin.shell: |
cp /root/node/cert.pem /usr/local/share/ca-certificates/grpcbalancer.crt
update-ca-certificates
args:
executable: /bin/bash
- name: Copy grpcbalancer service file - name: Copy grpcbalancer service file
ansible.builtin.copy: ansible.builtin.copy:
dest: /etc/systemd/system/grpcbalancer.service dest: /etc/systemd/system/grpcbalancer.service
@ -269,6 +283,11 @@
args: args:
chdir: "{{ ansible_env.HOME }}/node" chdir: "{{ ansible_env.HOME }}/node"
- name: Update certificates in container
ansible.builtin.shell: docker exec infernet-node update-ca-certificates
args:
executable: /bin/bash
- name: Deploy contracts - name: Deploy contracts
ansible.builtin.shell: project=hello-world make deploy-contracts 2>&1 ansible.builtin.shell: project=hello-world make deploy-contracts 2>&1
register: contract_deploy_output register: contract_deploy_output