From 24b420a8aff76bc06d991045c3b2991ab998c978 Mon Sep 17 00:00:00 2001 From: Robert Steiner Date: Mon, 26 Aug 2024 17:58:12 +0200 Subject: [PATCH] simplify compose file Signed-off-by: Robert Steiner --- src/docker/distributed/client/compose.yml | 54 ++++++++++++++++++-- src/docker/distributed/client/with-tls.yml | 39 -------------- src/docker/distributed/server/compose.yml | 43 ++++++++++++++-- src/docker/distributed/server/with-state.yml | 14 ----- src/docker/distributed/server/with-tls.yml | 46 ----------------- 5 files changed, 91 insertions(+), 105 deletions(-) delete mode 100644 src/docker/distributed/client/with-tls.yml delete mode 100644 src/docker/distributed/server/with-state.yml delete mode 100644 src/docker/distributed/server/with-tls.yml diff --git a/src/docker/distributed/client/compose.yml b/src/docker/distributed/client/compose.yml index 5266757b03cc..576b61f3cbd5 100644 --- a/src/docker/distributed/client/compose.yml +++ b/src/docker/distributed/client/compose.yml @@ -2,7 +2,6 @@ services: supernode-1: image: flwr/supernode:${FLWR_VERSION:-1.10.0} command: - - --insecure - --superlink - ${SUPERLINK_IP:-127.0.0.1}:9092 - --supernode-address @@ -11,11 +10,15 @@ services: - process - --node-config - "partition-id=0 num-partitions=2" + - --root-certificates + - certificates/ca.crt + secrets: + - source: superlink-ca-certfile + target: /app/certificates/ca.crt supernode-2: image: flwr/supernode:${FLWR_VERSION:-1.10.0} command: - - --insecure - --superlink - ${SUPERLINK_IP:-127.0.0.1}:9092 - --supernode-address @@ -24,10 +27,30 @@ services: - process - --node-config - "partition-id=1 num-partitions=2" + - --root-certificates + - certificates/ca.crt + secrets: + - source: superlink-ca-certfile + target: /app/certificates/ca.crt # uncomment to add another SuperNode # - + # supernode-3: + # image: flwr/supernode:${FLWR_VERSION:-1.10.0} + # command: + # - --superlink + # - ${SUPERLINK_IP:-127.0.0.1}:9092 + # - --supernode-address + # - 0.0.0.0:9096 + # - --isolation + # - process + # - --node-config + # - "partition-id=1 num-partitions=2" + # - --root-certificates + # - certificates/ca.crt + # secrets: + # - source: superlink-ca-certfile + # target: /app/certificates/ca.crt clientapp-1: build: @@ -77,4 +100,29 @@ services: # uncomment to add another ClientApp # + # clientapp-3: + # build: + # context: ${PROJECT_DIR:-.} + # dockerfile_inline: | + # FROM flwr/clientapp:${FLWR_VERSION:-1.10.0} + + # WORKDIR /app + # COPY --chown=app:app pyproject.toml . + # RUN sed -i 's/.*flwr\[simulation\].*//' pyproject.toml \ + # && python -m pip install -U --no-cache-dir . + + # ENTRYPOINT ["flwr-clientapp"] + # command: + # - --supernode + # - supernode-3:9096 + # deploy: + # resources: + # limits: + # cpus: "2" + # stop_signal: SIGINT + # depends_on: + # - supernode-3 +secrets: + superlink-ca-certfile: + file: ../superlink-certificates/ca.crt diff --git a/src/docker/distributed/client/with-tls.yml b/src/docker/distributed/client/with-tls.yml deleted file mode 100644 index e8a3da8201b9..000000000000 --- a/src/docker/distributed/client/with-tls.yml +++ /dev/null @@ -1,39 +0,0 @@ -services: - supernode-1: - command: - - --superlink - - ${SUPERLINK_IP:-127.0.0.1}:9092 - - --supernode-address - - 0.0.0.0:9094 - - --isolation - - process - - --node-config - - "partition-id=0 num-partitions=2" - - --root-certificates - - certificates/ca.crt - secrets: - - source: superlink-ca-certfile - target: /app/certificates/ca.crt - - supernode-2: - command: - - --superlink - - ${SUPERLINK_IP:-127.0.0.1}:9092 - - --supernode-address - - 0.0.0.0:9095 - - --isolation - - process - - --node-config - - "partition-id=1 num-partitions=2" - - --root-certificates - - certificates/ca.crt - secrets: - - source: superlink-ca-certfile - target: /app/certificates/ca.crt - - # uncomment to enable TLS on another SuperNode - # - -secrets: - superlink-ca-certfile: - file: ../superlink-certificates/ca.crt diff --git a/src/docker/distributed/server/compose.yml b/src/docker/distributed/server/compose.yml index 5387294c9231..3abc55ae6d44 100644 --- a/src/docker/distributed/server/compose.yml +++ b/src/docker/distributed/server/compose.yml @@ -2,7 +2,19 @@ services: superlink: image: flwr/superlink:${FLWR_VERSION:-1.10.0} command: - - --insecure + - --ssl-ca-certfile=certificates/ca.crt + - --ssl-certfile=certificates/server.pem + - --ssl-keyfile=certificates/server.key + - --database=state/state.db + volumes: + - ./state/:/app/state/:rw + secrets: + - source: superlink-ca-certfile + target: /app/certificates/ca.crt + - source: superlink-certfile + target: /app/certificates/server.pem + - source: superlink-keyfile + target: /app/certificates/server.key ports: - 9092:9092 @@ -21,10 +33,35 @@ services: command: - --executor - flwr.superexec.deployment:executor - - --insecure - --executor-config - - superlink="superlink:9091" + - superlink="superlink:9091" root-certificates="certificates/superlink-ca.crt" + - --ssl-ca-certfile=certificates/ca.crt + - --ssl-certfile=certificates/server.pem + - --ssl-keyfile=certificates/server.key + secrets: + - source: superlink-ca-certfile + target: /app/certificates/superlink-ca.crt + - source: superexec-ca-certfile + target: /app/certificates/ca.crt + - source: superexec-certfile + target: /app/certificates/server.pem + - source: superexec-keyfile + target: /app/certificates/server.key ports: - 9093:9093 depends_on: - superlink + +secrets: + superlink-ca-certfile: + file: ../superlink-certificates/ca.crt + superlink-certfile: + file: ../superlink-certificates/server.pem + superlink-keyfile: + file: ../superlink-certificates/server.key + superexec-ca-certfile: + file: ../superexec-certificates/ca.crt + superexec-certfile: + file: ../superexec-certificates/server.pem + superexec-keyfile: + file: ../superexec-certificates/server.key diff --git a/src/docker/distributed/server/with-state.yml b/src/docker/distributed/server/with-state.yml deleted file mode 100644 index cc922a9ef12e..000000000000 --- a/src/docker/distributed/server/with-state.yml +++ /dev/null @@ -1,14 +0,0 @@ -services: - superlink: - command: - - --insecure - - --database=state/state.db - # To toggle TLS encryption and persisting state for the SuperLink, comment the key `command` - # above and uncomment the lines below: - # command: - # - --ssl-ca-certfile=certificates/ca.crt - # - --ssl-certfile=certificates/server.pem - # - --ssl-keyfile=certificates/server.key - # - --database=state/state.db - volumes: - - ./state/:/app/state/:rw diff --git a/src/docker/distributed/server/with-tls.yml b/src/docker/distributed/server/with-tls.yml deleted file mode 100644 index 3bf1f82465f7..000000000000 --- a/src/docker/distributed/server/with-tls.yml +++ /dev/null @@ -1,46 +0,0 @@ -services: - superlink: - command: - - --ssl-ca-certfile=certificates/ca.crt - - --ssl-certfile=certificates/server.pem - - --ssl-keyfile=certificates/server.key - secrets: - - source: superlink-ca-certfile - target: /app/certificates/ca.crt - - source: superlink-certfile - target: /app/certificates/server.pem - - source: superlink-keyfile - target: /app/certificates/server.key - - superexec: - command: - - --executor - - flwr.superexec.deployment:executor - - --executor-config - - superlink="superlink:9091",root-certificates="certificates/superlink-ca.crt" - - --ssl-ca-certfile=certificates/ca.crt - - --ssl-certfile=certificates/server.pem - - --ssl-keyfile=certificates/server.key - secrets: - - source: superlink-ca-certfile - target: /app/certificates/superlink-ca.crt - - source: superexec-ca-certfile - target: /app/certificates/ca.crt - - source: superexec-certfile - target: /app/certificates/server.pem - - source: superexec-keyfile - target: /app/certificates/server.key - -secrets: - superlink-ca-certfile: - file: ../superlink-certificates/ca.crt - superlink-certfile: - file: ../superlink-certificates/server.pem - superlink-keyfile: - file: ../superlink-certificates/server.key - superexec-ca-certfile: - file: ../superexec-certificates/ca.crt - superexec-certfile: - file: ../superexec-certificates/server.pem - superexec-keyfile: - file: ../superexec-certificates/server.key