search

secretflow / secretpad

SecretPad is a privacy-preserving computing web platform based on the Kuscia framework, designed to provide easy access to privacy-preserving data intelligence and machine learning functions.
https://www.secretflow.org.cn
Apache License 2.0
34 stars 20 forks source link

部署secretpad v0.6.0 p2p模式的 mtls通讯协议在添加节点进行通信测试时提示不可用 #57

Open Yanziwanglu opened 2 months ago

Yanziwanglu commented 2 months ago

安装命令: bash install.sh autonomy -n alice -s 8081 -g 40803 -k 40802 -p 10080 -q 13081 -P mtls bash install.sh autonomy -n bob -s 8082 -g 41803 -k 41802 -p 11080 -q 14081 -P mtls

本机IP: image

docker ps信息: image

系统信息(WSL 2 后端): image

问题: image image

image

Chrisdehe commented 2 months ago

@Yanziwanglu 节点信息里修改下ip,使用本机的ip,不要用127.0.0.1

Yanziwanglu commented 2 months ago

节点信息已经更换为本机IP:10.8.4.174

wenkesong-li commented 2 months ago

在部署节点的时候,节点使用https://

重新尝试一下

wenkesong-li commented 2 months ago

可以贴一下kuscia的日志

Yanziwanglu commented 2 months ago

2024-04-24 10:39:21.986 INFO controller/domain_route.go:274 DomainRoute alice/alice-bob starts handshake, the last revision is 0 2024-04-24 10:39:51.642 WARN domainroute/check.go:138 Domainroute alice/alice-bob token is waiting more than 2 minutes for ready, so need to re-handshake 2024-04-24 10:39:51.643 WARN domainroute/check.go:46 Domainroute alice/bob-alice checkEffectiveInstances failed: tokens is nil, please check the result of handshake in instance's log 2024-04-24 10:39:51.643 INFO queue/queue.go:178 Finish processing item: queue id[domain-route-controller], key[alice/bob-alice] (1.073503ms) 2024-04-24 10:39:51.649 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[bob-alice] (1.471341ms) 2024-04-24 10:39:51.650 INFO domainroute/rolling.go:47 PreRollingDomainRoute alice/alice-bob, new revision 0 2024-04-24 10:39:51.650 INFO queue/queue.go:178 Finish processing item: queue id[domain-route-controller], key[alice/alice-bob] (7.533398ms) 2024-04-24 10:39:51.650 INFO queue/queue.go:178 Finish processing item: queue id[domain-route-controller], key[alice/alice-bob] (8.994µs) 2024-04-24 10:39:51.654 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute alice-bob update status 2024-04-24 10:39:51.654 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[alice-bob] (6.940948ms) 2024-04-24 10:39:51.657 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[alice/alice-bob] (6.561178ms) 2024-04-24 10:39:51.657 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute alice-bob update status 2024-04-24 10:39:51.657 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[alice-bob] (2.6046ms) 2024-04-24 10:40:17.051 ERROR controller/handshake.go:298 DomainRoute alice-bob: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: connection failure 2024-04-24 10:40:17.051 ERROR controller/domain_route.go:278 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: connection failure 2024-04-24 10:40:17.051 WARN queue/queue.go:109 Error syncing: queue id[domain-route-queue], retry:[5] key[alice/alice-bob]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: connection failure", re-queuing (55.059614553s) 2024-04-24 10:40:17.052 INFO controller/domain_route.go:414 add cluster alice-to-bob name:https protocol:HTTP port:11080 2024-04-24 10:40:17.057 INFO xds/cluster_config.go:131 Generate tls config for alice-to-bob-https 2024-04-24 10:40:17.057 INFO xds/xds.go:434 Add cluster:alice-to-bob-https 2024-04-24 10:40:17.057 INFO xds/xds.go:434 Add cluster:alice-to-bob-https 2024-04-24 10:40:17.057 INFO controller/domain_route.go:274 DomainRoute alice/alice-bob starts handshake, the last revision is 0 2024-04-24 10:41:02.226 INFO domain/domain.go:57 Update domain alice status 2024-04-24 10:41:02.227 INFO domain/domain.go:153 Update domain alice status 2024-04-24 10:41:02.235 INFO domain/namespace.go:72 Update domain namespace alice 2024-04-24 10:41:02.238 INFO queue/queue.go:124 Finish processing item: queue id[domain-controller], key[alice] (3.021743ms) 2024-04-24 10:41:12.106 ERROR controller/handshake.go:298 DomainRoute alice-bob: handshake fail:response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: connection failure 2024-04-24 10:41:12.106 ERROR controller/domain_route.go:278 response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: connection failure 2024-04-24 10:41:12.106 WARN queue/queue.go:109 Error syncing: queue id[domain-route-queue], retry:[6] key[alice/alice-bob]: "response status code [503], detail -> upstream connect error or disconnect/reset before headers. reset reason: connection failure", re-queuing (55.05001107s) 2024-04-24 10:41:12.106 INFO controller/domain_route.go:414 add cluster alice-to-bob name:https protocol:HTTP port:11080 2024-04-24 10:41:12.107 INFO xds/cluster_config.go:131 Generate tls config for alice-to-bob-https 2024-04-24 10:41:12.107 INFO xds/xds.go:434 Add cluster:alice-to-bob-https 2024-04-24 10:41:12.108 INFO xds/xds.go:434 Add cluster:alice-to-bob-https 2024-04-24 10:41:12.108 INFO controller/domain_route.go:274 DomainRoute alice/alice-bob starts handshake, the last revision is 0 2024-04-24 10:41:51.658 WARN domainroute/check.go:46 Domainroute alice/bob-alice checkEffectiveInstances failed: tokens is nil, please check the result of handshake in instance's log 2024-04-24 10:41:51.658 INFO queue/queue.go:178 Finish processing item: queue id[domain-route-controller], key[alice/bob-alice] (1.067955ms) 2024-04-24 10:41:51.658 WARN domainroute/check.go:138 Domainroute alice/alice-bob token is waiting more than 2 minutes for ready, so need to re-handshake 2024-04-24 10:41:51.660 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[bob-alice] (1.739924ms) 2024-04-24 10:41:51.667 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute alice-bob update status 2024-04-24 10:41:51.667 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[alice-bob] (8.345491ms) 2024-04-24 10:41:51.668 INFO domainroute/rolling.go:47 PreRollingDomainRoute alice/alice-bob, new revision 0 2024-04-24 10:41:51.668 INFO queue/queue.go:178 Finish processing item: queue id[domain-route-controller], key[alice/alice-bob] (10.328009ms) 2024-04-24 10:41:51.669 INFO queue/queue.go:178 Finish processing item: queue id[domain-route-controller], key[alice/alice-bob] (928.236µs) 2024-04-24 10:41:51.670 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute alice-bob update status 2024-04-24 10:41:51.670 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[alice-bob] (2.400101ms) 2024-04-24 10:41:51.671 INFO clusterdomainroute/domainroute.go:143 ClusterDomainRoute alice-bob update status 2024-04-24 10:41:51.671 INFO queue/queue.go:178 Finish processing item: queue id[cluster-domain-route-controller], key[alice/alice-bob] (2.727961ms)

wenkesong-li commented 2 months ago

尝试把节点remove,重新添加一下~ 注意节点使用https://

Yanziwanglu commented 2 months ago

把节点删除了,重新添加节点,使用https方式,mtls通讯协议下是有问题的。

wenkesong-li commented 2 months ago

发一下kuscia的日志,两方的都发一下~

Yanziwanglu commented 2 months ago

kuscia-autonomy-alice.log kuscia-autonomy-bob.log

wenkesong-li commented 2 months ago

MTLS 相关配置,authenticationType 为MTLS时,源节点需配置 mTLSConfig。该配置项在目标节点不生效。

可以看下这个文档

https://www.secretflow.org.cn/zh-CN/docs/kuscia/v0.7.0b0/reference/apis/domainroute_cn#create-domain-route