Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Workflow Interface]: Fix for FederatedRuntime with TLS (Issue #1265) #1327

Merged
merged 7 commits into from
Feb 6, 2025
Merged

[Workflow Interface]: Fix for FederatedRuntime with TLS (Issue #1265) #1327

merged 7 commits into from
Feb 6, 2025

Conversation

ishant162
Copy link
Collaborator

@ishant162 ishant162 commented Jan 31, 2025
edited
Loading

Background
Issue: #1265

Change Description & Modifications

  • Updated the agg_addr field to use the Director's hostname and Synchronized the TLS configuration with the values provided by FederatedRuntime in the
    network section of plan.yaml for alignment with the system configuration.
  • Ensured all changes made to plan.yaml are correctly propagated to the prepared workspace.
  • Updated network.yaml by removing unused keys from its settings.

Verfication

  • Verified that the agg_addr is correctly updated with the Director's hostname in plan.yaml, preventing recurrence of the issue.
  • Verified that the experiment runs successfully with mTLS certificates generated using both localhost and the machine's FQDN (e.g soc-PF2F2E02.clients.intel.com)
    as the Common Name for the Director's certificates.

Files modified

  • openfl/experimental/workflow/federated/plan/plan.py
  • openfl/experimental/workflow/runtime/federated_runtime.py
  • openfl/experimental/workflow/workspace_export/export.py
  • openfl-workspace/experimental/workflow/AggregatorBasedWorkflow/workspace/plan/defaults/network.yaml

NOTE
The Director Admin must ensure mTLS certificates have the correct Common Name (CN), matching the hostname in the Director's configuration. Envoy Admin and Experiment Manager must use this hostname to facilitate proper communication and prevent connectivity issues.

This PR fixes #1265

@ishant162
Fix tls issue
1546842 
Signed-off-by: Ishant Thakare <[email protected]>
@ishant162 ishant162 changed the title [WIP][Workflow Interface]: Fix for FederatedRuntime with TLS (Issue #1265) [Workflow Interface]: Fix for FederatedRuntime with TLS (Issue #1265) Feb 5, 2025
@ishant162 ishant162 marked this pull request as ready for review February 5, 2025 06:08
teoparvanov
teoparvanov approved these changes Feb 5, 2025
View reviewed changes
Copy link
Collaborator

@teoparvanov teoparvanov left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, @ishant162! Thanks for the fixes, and for the detailed background which helped me a lot as a reviewer of the proposed code changes.

@teoparvanov teoparvanov merged commit 4f3b3fc into securefederatedai:develop Feb 6, 2025
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teoparvanov teoparvanov teoparvanov approved these changes

@MasterSkepticista MasterSkepticista Awaiting requested review from MasterSkepticista MasterSkepticista is a code owner

@kta-intel kta-intel Awaiting requested review from kta-intel kta-intel is a code owner

@psfoley psfoley Awaiting requested review from psfoley psfoley is a code owner

Assignees
No one assigned
Labels
workflow_interface
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Federated runtime with TLS: network is not getting updated properly with current FQDN
2 participants
@ishant162 @teoparvanov