mirror of
https://gitlab.com/pulsechaincom/prysm-pulse.git
synced 2024-12-24 20:37:17 +00:00
Clarify Insecure gRPC Connection Logs (#6276)
* clarify insecure conn * fix up broken test * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions
This commit is contained in:
parent
af3122a9e8
commit
0bfa1ecd03
@ -208,8 +208,6 @@ func (s *Service) Start() {
|
||||
)),
|
||||
}
|
||||
grpc_prometheus.EnableHandlingTimeHistogram()
|
||||
// TODO(#791): Utilize a certificate for secure connections
|
||||
// between beacon nodes and validator clients.
|
||||
if s.withCert != "" && s.withKey != "" {
|
||||
creds, err := credentials.NewServerTLSFromFile(s.withCert, s.withKey)
|
||||
if err != nil {
|
||||
@ -218,7 +216,9 @@ func (s *Service) Start() {
|
||||
}
|
||||
opts = append(opts, grpc.Creds(creds))
|
||||
} else {
|
||||
log.Warn("You are using an insecure gRPC connection! Provide a certificate and key to connect securely")
|
||||
log.Warn("You are using an insecure gRPC server. If you are running your beacon node and " +
|
||||
"validator on the same machines, you can ignore this message. If you want to know " +
|
||||
"how to enable secure connections, see: https://docs.prylabs.network/docs/prysm-usage/secure-grpc")
|
||||
}
|
||||
s.grpcServer = grpc.NewServer(opts...)
|
||||
|
||||
|
@ -74,7 +74,7 @@ func TestRPC_InsecureEndpoint(t *testing.T) {
|
||||
rpcService.Start()
|
||||
|
||||
testutil.AssertLogsContain(t, hook, fmt.Sprint("listening on port"))
|
||||
testutil.AssertLogsContain(t, hook, "You are using an insecure gRPC connection")
|
||||
testutil.AssertLogsContain(t, hook, "You are using an insecure gRPC server")
|
||||
|
||||
if err := rpcService.Stop(); err != nil {
|
||||
t.Error(err)
|
||||
|
@ -97,7 +97,12 @@ func (v *ValidatorService) Start() {
|
||||
grpc_retry.StreamClientInterceptor(),
|
||||
))
|
||||
dialOpts := ConstructDialOptions(
|
||||
v.maxCallRecvMsgSize, v.withCert, v.grpcHeaders, v.grpcRetries, streamInterceptor)
|
||||
v.maxCallRecvMsgSize,
|
||||
v.withCert,
|
||||
v.grpcHeaders,
|
||||
v.grpcRetries,
|
||||
streamInterceptor,
|
||||
)
|
||||
if dialOpts == nil {
|
||||
return
|
||||
}
|
||||
@ -106,7 +111,9 @@ func (v *ValidatorService) Start() {
|
||||
log.Errorf("Could not dial endpoint: %s, %v", v.endpoint, err)
|
||||
return
|
||||
}
|
||||
log.Debug("Successfully started gRPC connection")
|
||||
if v.withCert != "" {
|
||||
log.Info("Established secure gRPC connection")
|
||||
}
|
||||
|
||||
pubkeys, err := v.keyManager.FetchValidatingKeys()
|
||||
if err != nil {
|
||||
@ -209,7 +216,9 @@ func ConstructDialOptions(
|
||||
transportSecurity = grpc.WithTransportCredentials(creds)
|
||||
} else {
|
||||
transportSecurity = grpc.WithInsecure()
|
||||
log.Warn("You are using an insecure gRPC connection! Please provide a certificate and key to use a secure connection.")
|
||||
log.Warn("You are using an insecure gRPC connection. If you are running your beacon node and " +
|
||||
"validator on the same machines, you can ignore this message. If you want to know " +
|
||||
"how to enable secure connections, see: https://docs.prylabs.network/docs/prysm-usage/secure-grpc")
|
||||
}
|
||||
|
||||
if maxCallRecvMsgSize == 0 {
|
||||
|
Loading…
Reference in New Issue
Block a user