Clarify Insecure gRPC Connection Logs (#6276)

* clarify insecure conn
* fix up broken test
* Merge refs/heads/master into amend-grpc-instructions
* Merge refs/heads/master into amend-grpc-instructions
* Merge refs/heads/master into amend-grpc-instructions
* Merge refs/heads/master into amend-grpc-instructions
* Merge refs/heads/master into amend-grpc-instructions
* Merge refs/heads/master into amend-grpc-instructions
* Merge refs/heads/master into amend-grpc-instructions
This commit is contained in:
Raul Jordan 2020-06-17 09:32:13 -05:00 committed by GitHub
parent af3122a9e8
commit 0bfa1ecd03
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 16 additions and 7 deletions

View File

@ -208,8 +208,6 @@ func (s *Service) Start() {
)),
}
grpc_prometheus.EnableHandlingTimeHistogram()
// TODO(#791): Utilize a certificate for secure connections
// between beacon nodes and validator clients.
if s.withCert != "" && s.withKey != "" {
creds, err := credentials.NewServerTLSFromFile(s.withCert, s.withKey)
if err != nil {
@ -218,7 +216,9 @@ func (s *Service) Start() {
}
opts = append(opts, grpc.Creds(creds))
} else {
log.Warn("You are using an insecure gRPC connection! Provide a certificate and key to connect securely")
log.Warn("You are using an insecure gRPC server. If you are running your beacon node and " +
"validator on the same machines, you can ignore this message. If you want to know " +
"how to enable secure connections, see: https://docs.prylabs.network/docs/prysm-usage/secure-grpc")
}
s.grpcServer = grpc.NewServer(opts...)

View File

@ -74,7 +74,7 @@ func TestRPC_InsecureEndpoint(t *testing.T) {
rpcService.Start()
testutil.AssertLogsContain(t, hook, fmt.Sprint("listening on port"))
testutil.AssertLogsContain(t, hook, "You are using an insecure gRPC connection")
testutil.AssertLogsContain(t, hook, "You are using an insecure gRPC server")
if err := rpcService.Stop(); err != nil {
t.Error(err)

View File

@ -97,7 +97,12 @@ func (v *ValidatorService) Start() {
grpc_retry.StreamClientInterceptor(),
))
dialOpts := ConstructDialOptions(
v.maxCallRecvMsgSize, v.withCert, v.grpcHeaders, v.grpcRetries, streamInterceptor)
v.maxCallRecvMsgSize,
v.withCert,
v.grpcHeaders,
v.grpcRetries,
streamInterceptor,
)
if dialOpts == nil {
return
}
@ -106,7 +111,9 @@ func (v *ValidatorService) Start() {
log.Errorf("Could not dial endpoint: %s, %v", v.endpoint, err)
return
}
log.Debug("Successfully started gRPC connection")
if v.withCert != "" {
log.Info("Established secure gRPC connection")
}
pubkeys, err := v.keyManager.FetchValidatingKeys()
if err != nil {
@ -209,7 +216,9 @@ func ConstructDialOptions(
transportSecurity = grpc.WithTransportCredentials(creds)
} else {
transportSecurity = grpc.WithInsecure()
log.Warn("You are using an insecure gRPC connection! Please provide a certificate and key to use a secure connection.")
log.Warn("You are using an insecure gRPC connection. If you are running your beacon node and " +
"validator on the same machines, you can ignore this message. If you want to know " +
"how to enable secure connections, see: https://docs.prylabs.network/docs/prysm-usage/secure-grpc")
}
if maxCallRecvMsgSize == 0 {