BrainWH
commented
1 month ago Open moon-177 opened 1 month ago
BrainWH
commented
1 month ago 
moon-177
commented
1 month ago 我们目前就是使用这种方式部署的,使用https进行请求时会报错。需要调整AppImage模版的配置项吗?具体怎么修改?
BrainWH
commented
1 month ago 你好,可以贴一下你的报错信息
BrainWH
commented
1 month ago 没有看到你的报错信息,检查一下https的选项和ssl的选项是否都已打开 :ssl的配置# https flags --server_enable_ssl=true --server_ssl_certificate=/home/admin/engine/conf/cert.pem --server_ssl_private_key=/home/admin/engine/conf/key.pem
moon-177
commented
1 month ago 您好,报错如下: Error: write EPROTO 51404104:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../third_party/boringssl/src/ssl/tls_record.cc:242:
BrainWH
commented
1 month ago 你好,这是执行哪一步报的错?
moon-177
commented
1 month ago 通过postman,使用https调用scql接口(/intra/project/list)时的报错。
BrainWH
commented
1 month ago 方便贴一下你的AppImage吗?
moon-177
commented
1 month ago 您好,除了修改了您刚才提到的ssl配置项,其余都与模板一致。具体如下。 apiVersion: kuscia.secretflow/v1alpha1 kind: AppImage metadata: name: scql spec: configTemplates: brokerConf: |- intra_server: protocol: http host: 0.0.0.0 port: {{.KUSCIA_PORT_INTRA_NUMBER}} inter_server: port: {{.KUSCIA_PORT_INTER_NUMBER}} protocol: http cert_file: "{{.SERVER_CERT_FILE}}" key_file: "{{.SERVER_PRIVATE_KEY_FILE}}" inter_timeout: 30s party_code: {{.KUSCIA_DOMAIN_ID}} private_key_data: {{.KUSCIA_DOMAIN_KEY_DATA}} intra_host: "scql-broker-intra.{{.KUSCIA_DOMAIN_ID}}.svc:{{.KUSCIA_PORT_INTRA_NUMBER}}" discovery: type: kuscia kuscia: endpoint: kusciaapi:8083 tls_mode: {{.KUSCIA_API_PROTOCOL}} cert: {{.CLIENT_CERT_FILE}} key: {{.CLIENT_PRIVATE_KEY_FILE}} cacert: {{.TRUSTED_CA_FILE}} token: {{.KUSCIA_API_TOKEN}} engine: timeout: 120s protocol: http content_type: application/json scheduler: kuscia kuscia_scheduler: endpoint: kusciaapi:8083 tls_mode: {{.KUSCIA_API_PROTOCOL}} cert: {{.CLIENT_CERT_FILE}} key: {{.CLIENT_PRIVATE_KEY_FILE}} cacert: {{.TRUSTED_CA_FILE}} token: {{.KUSCIA_API_TOKEN}} keep_job_alive_for_debug: false storage: type: sqlite conn_str: "/home/kuscia/var/storage/data/broker.db" max_idle_conns: 10 max_open_conns: 100 conn_max_idle_time: 2m conn_max_lifetime: 5m engineConf: |- --listen_port={{.KUSCIA_PORT_ENGINEPORT_NUMBER}} --enable_separate_link_port=true --link_port={{.KUSCIA_PORT_LINKPORT_NUMBER}} --enable_driver_authorization=false --datasource_router=embed
# NOTE: set --datasource_router to kusciadatamesh if use kuscia datamesh
#--datasource_router=kusciadatamesh
--kuscia_datamesh_endpoint=datamesh:8071
--kuscia_datamesh_client_cert_path={{.CLIENT_CERT_FILE}}
--kuscia_datamesh_client_key_path={{.CLIENT_PRIVATE_KEY_FILE}}
--kuscia_datamesh_cacert_path={{.TRUSTED_CA_FILE}}
# party authentication flags
--enable_self_auth=false
--enable_peer_auth=false
# https flags
--server_enable_ssl=true
--server_ssl_certificate=/home/admin/engine/conf/cert.pem
--server_ssl_private_key=/home/admin/engine/conf/key.pem
# set peer_engine_enable_ssl_as_client to true when peer SCQLEngine has https enabled
--peer_engine_enable_ssl_as_client=false
# set false when SCQLBroker IntraServer not enable https
--driver_enable_ssl_as_client=false
--peer_engine_protocol=http:proto
--peer_engine_connection_type=pooled
--peer_engine_load_balancer=rrdeployTemplates:
BrainWH
commented
1 month ago 如果kuscia 是 runc和runp,当前只能通过 http 请求 scql 的接口;如果是runk,那么可以使用https尝试一下。
moon-177
commented
1 month ago 好的谢谢。
github-actions[bot]
commented
6 days ago Stale issue message. Please comment to remove stale tag. Otherwise this issue will be closed soon.
Issue Type
Api Usage
Search for existing issues similar to yours
Yes
Kuscia Version
Kuscia 0.11.0b0 scql 0.9.0b0
Link to Relevant Documentation
No response
Question Details