From 0bfa1ecd036022437662b1a949aea2ebb4b70400 Mon Sep 17 00:00:00 2001 From: Raul Jordan Date: Wed, 17 Jun 2020 09:32:13 -0500 Subject: [PATCH] Clarify Insecure gRPC Connection Logs (#6276) * clarify insecure conn * fix up broken test * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions * Merge refs/heads/master into amend-grpc-instructions --- beacon-chain/rpc/service.go | 6 +++--- beacon-chain/rpc/service_test.go | 2 +- validator/client/service.go | 15 ++++++++++++--- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/beacon-chain/rpc/service.go b/beacon-chain/rpc/service.go index 329bbd50f..aff845b5b 100644 --- a/beacon-chain/rpc/service.go +++ b/beacon-chain/rpc/service.go @@ -208,8 +208,6 @@ func (s *Service) Start() { )), } grpc_prometheus.EnableHandlingTimeHistogram() - // TODO(#791): Utilize a certificate for secure connections - // between beacon nodes and validator clients. if s.withCert != "" && s.withKey != "" { creds, err := credentials.NewServerTLSFromFile(s.withCert, s.withKey) if err != nil { @@ -218,7 +216,9 @@ func (s *Service) Start() { } opts = append(opts, grpc.Creds(creds)) } else { - log.Warn("You are using an insecure gRPC connection! Provide a certificate and key to connect securely") + log.Warn("You are using an insecure gRPC server. If you are running your beacon node and " + + "validator on the same machines, you can ignore this message. If you want to know " + + "how to enable secure connections, see: https://docs.prylabs.network/docs/prysm-usage/secure-grpc") } s.grpcServer = grpc.NewServer(opts...) diff --git a/beacon-chain/rpc/service_test.go b/beacon-chain/rpc/service_test.go index f2d468db4..2556a79a4 100644 --- a/beacon-chain/rpc/service_test.go +++ b/beacon-chain/rpc/service_test.go @@ -74,7 +74,7 @@ func TestRPC_InsecureEndpoint(t *testing.T) { rpcService.Start() testutil.AssertLogsContain(t, hook, fmt.Sprint("listening on port")) - testutil.AssertLogsContain(t, hook, "You are using an insecure gRPC connection") + testutil.AssertLogsContain(t, hook, "You are using an insecure gRPC server") if err := rpcService.Stop(); err != nil { t.Error(err) diff --git a/validator/client/service.go b/validator/client/service.go index 0e0f04870..c00280a75 100644 --- a/validator/client/service.go +++ b/validator/client/service.go @@ -97,7 +97,12 @@ func (v *ValidatorService) Start() { grpc_retry.StreamClientInterceptor(), )) dialOpts := ConstructDialOptions( - v.maxCallRecvMsgSize, v.withCert, v.grpcHeaders, v.grpcRetries, streamInterceptor) + v.maxCallRecvMsgSize, + v.withCert, + v.grpcHeaders, + v.grpcRetries, + streamInterceptor, + ) if dialOpts == nil { return } @@ -106,7 +111,9 @@ func (v *ValidatorService) Start() { log.Errorf("Could not dial endpoint: %s, %v", v.endpoint, err) return } - log.Debug("Successfully started gRPC connection") + if v.withCert != "" { + log.Info("Established secure gRPC connection") + } pubkeys, err := v.keyManager.FetchValidatingKeys() if err != nil { @@ -209,7 +216,9 @@ func ConstructDialOptions( transportSecurity = grpc.WithTransportCredentials(creds) } else { transportSecurity = grpc.WithInsecure() - log.Warn("You are using an insecure gRPC connection! Please provide a certificate and key to use a secure connection.") + log.Warn("You are using an insecure gRPC connection. If you are running your beacon node and " + + "validator on the same machines, you can ignore this message. If you want to know " + + "how to enable secure connections, see: https://docs.prylabs.network/docs/prysm-usage/secure-grpc") } if maxCallRecvMsgSize == 0 {