Allow us to point all the grpc servers at files to pick up credentials about bb-storage HOT 13 CLOSED

Any thoughts on this please? Would you prefer me to propose a code change?

from bb-storage.

Hey! Sorry for letting you wait.

I'm fine with supporting use cases like these. I think the cleanest way to support this is to factor out the keypair string fields we have in our config files to a separate Protobuf message. We can then use a oneof in there to choose between providing the key material inline, vs. using other frameworks.

Instead of using stuff like spiffe-helper, I'm also fine with integrating https://github.com/spiffe/go-spiffe/tree/main/v2. That way you don't need to run all sorts of sidecars just to get TLS working.

from bb-storage.

My turn to apologize to you!

So actually an even better approach (for me anyway!) would be to upgrade to grpc 1.38.0 and then allow use of xds, like this: https://cloud.google.com/traffic-director/docs/security-proxyless-setup. That still requires a bit of changes inside buildbarn - specifically, all the servers will have to do this (https://github.com/grpc/grpc-go/blob/master/examples/features/xds/server/main.go#L82) - but it means that all the certificate specification and discovery and so forth becomes someone else's problem. Wdyt?

from bb-storage.

Oh, that would be pretty sweet. Feel free to submit a PR to add a gRPC configuration for enabling xDS!

from bb-storage.

from bb-storage.

Nothing is ever simple...
grpc/grpc-go#4601

from bb-storage.

Hey @Jonpez2!

Would a change like this be of any use to you?

https://github.com/buildbarn/bb-storage/compare/eschouten/20210719-service-registrar

This would allow you to write something like this in pkg/grpc/server.go:

var s interface {
    grpc.ServiceRegistrar
    GetServiceInfo() map[string]grpc.ServiceInfo
    Serve(net.Listener) error
}
if useXDS {
    s = xds.NewGRPCServer(...)
} else {
    s = grpc.NewServer(...)
}

// The rest of the code that registers services and calls .Serve() can go here.

Just let me know and I'll merge this.

from bb-storage.

from bb-storage.

Great! Merged!

It looks like the construct is sufficient for you to achieve what you want, as long as you take the following into account:

• You need to upgrade gRPC to a version that includes grpc/grpc-go@145f12a, as reflection.Register() won't work otherwise.
• grpc_prometheus.Register() needs to be adjusted similarly. Looks like we can just cherry-pick grpc-ecosystem/go-grpc-prometheus#102 for that.

from bb-storage.

from bb-storage.

It looks like v2 hasn't been released yet, so it wouldn't make a lot of sense to invest in that right now. I'd say, just put that PR that I linked above into the already existing patches/com_github_grpc_ecosystem_go_grpc_prometheus/ directory.

from bb-storage.

ok!

from bb-storage.

Considering that this issue hasn't received any updates for >1y, I'm going to close it. It should be easier nowadays to get xDS support added, especially with the preparations discussed above. Happy to receive contributions going forward!

from bb-storage.