Commit cd6fc8bc authored by njapke's avatar njapke Committed by pfandzelter
Browse files

Fix for alexandra and README.md update

parent fee7a022
Pipeline #164506 passed with stages
in 13 minutes and 8 seconds
......@@ -102,7 +102,8 @@ In this example case, the following commands are required:
```bash
./gen-cert.sh etcdnase 172.26.1.1
./gen-cert.sh fredNodeA 172.26.1.2
./gen-cert.sh fredClient 172.26.1.3
./gen-cert.sh alexandra 172.26.1.3
./gen-cert.sh fredClient 172.26.1.4
```
#### Network
......@@ -182,10 +183,37 @@ This starts an instance of the `fred` software with the `info` log level using t
The ID of this node is `fredNodeA`.
It also uses an embedded BadgerDB database as a storage backend.
#### ALExANDRA
We will use the `alexandra` middleware for handling client requests. `alexandra` can be started with the following command.
```bash
docker pull git.tu-berlin.de:5000/mcc-fred/fred/alexandra:latest
docker run -d \
-v $(pwd)/alexandra.crt:/cert/alexandra.crt \
-v $(pwd)/alexandra.key:/cert/alexandra.key \
-v $(pwd)/ca.crt:/cert/ca.crt \
--network=fredwork \
--ip=172.26.1.3 \
-p 10000:10000 \
git.tu-berlin.de:5000/mcc-fred/fred/alexandra:latest \
--address :10000 \
--lighthouse 172.26.1.2:9001 \
--ca-cert /cert/ca.crt \
--alexandra-key /cert/alexandra.key \
--alexandra-cert /cert/alexandra.crt \
--clients-key /cert/alexandra.key \
--clients-cert /cert/alexandra.crt \
--experimental
```
This starts `alexandra` in a Docker container, connects it to `fred` and exposes the port 10000 on localhost with port forwarding, so that
clients can easily connect to it from the same machine.
#### Using FReD
Your initial FReD deployment is now complete!
If you want to try it out, use the `client.proto` in `./proto` to build a client or use [`grpcc`](https://github.com/njpatel/grpcc) to get a REPL interface:
If you want to try it out, use the `middleware.proto` in `./proto/middleware` to build a client or use [`grpcc`](https://github.com/njpatel/grpcc) to get a REPL interface:
```bash
docker build -t grpcc -f grpcc.Dockerfile .
......@@ -193,20 +221,24 @@ docker run \
-v $(pwd)/fredClient.crt:/cert/fredClient.crt \
-v $(pwd)/fredClient.key:/cert/fredClient.key \
-v $(pwd)/ca.crt:/cert/ca.crt \
-v $(pwd)/proto/client/client.proto:/client.proto \
-v $(pwd)/proto/middleware/middleware.proto:/middleware.proto \
--network=fredwork \
--ip=172.26.1.3 \
--ip=172.26.1.4 \
-it \
grpcc \
grpcc -p client.proto \
-a 172.26.1.2:9001 \
grpcc -p middleware.proto \
-a 172.26.1.3:10000 \
--root_cert /cert/ca.crt \
--private_key /cert/fredClient.key \
--cert_chain /cert/fredClient.crt
```
This uses the direct client interface of FReD instead of the recommended ALExANDRA middleware.
This is possible yet suboptimal and this behaviour will be deprecated in the future as ALExANDRA is built out.
Alternatively, you may use [`grpcui`](https://github.com/fullstorydev/grpcui), which gives you a webinterface to interactively call ALExANDRA.
After building `grpcui`, you can run it with the following command.
```bash
grpcui -open-browser -proto $(pwd)/proto/middleware/middleware.proto -cacert ca.crt -cert fredClient.crt -key fredClient.key 127.0.0.1:10000
```
You may now also add new FReD nodes, different storage backends, Trigger nodes, and more to extend your FReD deployment.
......
......@@ -87,9 +87,6 @@ func main() {
log.Info().Msg("No Loglevel specified, using 'debug'")
}
// Setup alexandra
m := alexandra.NewMiddleware(c.nodesCert, c.nodesKey, c.lightHouse, c.isProxied, c.proxyHost, c.experimental)
if c.alexandraCert == "" {
log.Fatal().Msg("alexandra server: no certificate file given")
}
......@@ -102,6 +99,9 @@ func main() {
log.Fatal().Msg("alexandra server: no root certificate file given")
}
// Setup alexandra
m := alexandra.NewMiddleware(c.nodesCert, c.nodesKey, c.caCert, c.lightHouse, c.isProxied, c.proxyHost, c.experimental)
// Load server's certificate and private key
loadedServerCert, err := tls.LoadX509KeyPair(c.alexandraCert, c.alexandraKey)
......
......@@ -42,17 +42,18 @@ type keygroupSet struct {
type ClientsMgr struct {
// Mutex for the keygroups map, because it might be changed while iterated over
sync.Mutex
clients map[string]*Client
clientsCert, clientsKey, lighthouse string
keygroups map[string]*keygroupSet
experimental bool
clients map[string]*Client
clientsCert, clientsKey, caCert, lighthouse string
keygroups map[string]*keygroupSet
experimental bool
}
func newClientsManager(clientsCert string, clientsKey string, lighthouse string, experimental bool) *ClientsMgr {
func newClientsManager(clientsCert string, clientsKey string, caCert string, lighthouse string, experimental bool) *ClientsMgr {
mgr := &ClientsMgr{
clients: make(map[string]*Client),
clientsCert: clientsCert,
clientsKey: clientsKey,
caCert: caCert,
lighthouse: lighthouse,
keygroups: make(map[string]*keygroupSet),
experimental: experimental,
......@@ -209,7 +210,7 @@ func (m *ClientsMgr) getClientTo(host string, nodeID string) (client *Client) {
return
}
client = newClient(nodeID, host, m.clientsCert, m.clientsKey)
client = newClient(nodeID, host, m.clientsCert, m.clientsKey, m.caCert)
m.clients[nodeID] = client
return
}
......
......@@ -25,7 +25,7 @@ type Client struct {
ReadSpeed float32
}
func newClient(nodeID string, host string, certFile string, keyFile string) *Client {
func newClient(nodeID string, host string, certFile string, keyFile string, caCert string) *Client {
if certFile == "" {
log.Fatal().Msg("fredclient: no certificate file given")
......@@ -45,7 +45,7 @@ func newClient(nodeID string, host string, certFile string, keyFile string) *Cli
// Create a new cert pool and add our own CA certificate
rootCAs := x509.NewCertPool()
loaded, err := ioutil.ReadFile("/cert/ca.crt")
loaded, err := ioutil.ReadFile(caCert)
if err != nil {
log.Fatal().Msgf("unexpected missing certfile: %v", err)
......
......@@ -12,12 +12,12 @@ type Middleware struct {
}
// NewMiddleware creates a new Middleware for requests from Alexandra Clients
func NewMiddleware(nodesCert string, nodesKey string, lighthouse string, isProxied bool, proxyHost string, experimental bool) *Middleware {
func NewMiddleware(nodesCert string, nodesKey string, caCert string, lighthouse string, isProxied bool, proxyHost string, experimental bool) *Middleware {
return &Middleware{
isProxied: isProxied,
proxyHost: proxyHost,
clientsMgr: newClientsManager(nodesCert, nodesKey, lighthouse, experimental),
clientsMgr: newClientsManager(nodesCert, nodesKey, caCert, lighthouse, experimental),
lighthouse: lighthouse,
cache: newCache(),
experimental: experimental,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment