Slave Setup 👑
Before following this procedure, make sure that the
bloader versionis enabled in the slave and that the Configuration settings for Slave has been completed.
The following configuration assumes
bash, so if you use other shells, please do so while adapting accordingly.
The setup of Slave can be easily performed by following the steps below.
The case where TLS encryption is not required (deprecated)
As described in Communication Security in Master-Slave, TLS is recommended for communication because all information including authentication information is exchanged.
Master Settings
The configuration file does not need to be changed, and Slave Connect(Loader command).
Prepare a Slave Connect configured as follows.
kind: SlaveConnect
slaves:
- id: "Slave Unique ID"
uri: "dns:{{ .Address }}:50051" # support schema https://github.com/grpc/grpc/blob/master/doc/naming.md
The Address part should be your slave’s ip address, etc.
Slave Settings
Add the following configurations.
slave_setting:
port: 50051
All that remains is to enter the following command!
bloader slave run
The case of using HTTPS
Prerequisite
If you can provide signatures (
ca.crton the master side,slave.keyandslave.crton the slave side) from an external provider or on your own, please skip this section. However, theslave.keyandslave.crton the slave side must be signed byca.crton the master side.
The following is a simple way to perform local signing.
Use signatures of trusted providers if possible!
How to create ca.crt with OpenSSL
Execute the following script on the master side. Note that the CERT_DIR part should be changed accordingly.
#!/bin/bash
CERT_DIR="./certs"
mkdir -p $CERT_DIR
openssl genrsa -out $CERT_DIR/ca.key 2048
openssl req -x509 -new -nodes -key $CERT_DIR/ca.key -sha256 -days 365 \
-subj "/CN=BloaderCA" -out $CERT_DIR/ca.crt
echo "Generated CA certificate"
When executed in this way, CERT_DIR/ca.key and CERT_DIR/ca.crt will be created in master.
How to create slave.crt and slave.key
- Copy the
ca.crtgenerated by master to the slave side. - Create
slave.keyandslave.crtby running the following. Note that theCERT_DIRpart should be changed accordingly.
#!/bin/bash
CERT_DIR="./certs"
SLAVE_HOST=${1:-localhost}
openssl genrsa -out $CERT_DIR/slave.key 2048
openssl req -new -key $CERT_DIR/slave.key -subj "/CN=${SLAVE_HOST}" \
-out $CERT_DIR/slave.csr
openssl x509 -req -in $CERT_DIR/slave.csr -CA $CERT_DIR/ca.crt -CAkey $CERT_DIR/ca.key \
-CAcreateserial -out $CERT_DIR/slave.crt -days 365 -sha256
echo "Certificates have been generated for host: $SLAVE_HOST"
When executed in this way, CERT_DIR/slave.key and CERT_DIR/slave.crt will be created in the slave.
Master Settings
The configuration file does not need to be changed, and Slave Connect(Loader command).
Prepare a Slave Connect configured as follows.
kind: SlaveConnect
slaves:
- id: "Slave Unique ID"
uri: "dns:{{ .address }}:{{ .port }}" # support schema https://github.com/grpc/grpc/blob/master/doc/naming.md
certificate:
enabled: true
ca_cert: "certs/ca.crt"
server_name_override: "localhost"
insecure_skip_verify: false
The Address part should be your slave’s ip address, etc. Also, Set server_name_override and insecure_skip_verify as appropriate to avoid errors. For details, see Slave Command Property for details.
Slave Settings
slave_setting:
port: 50051
certificate:
enabled: true
slave_cert: "certs/slave.crt"
slave_key: "certs/slave.key"
All that remains is to enter the following command!
bloader slave run