def test_connection_pool_tls():
"""
Make sure connection args are supported.
"""
sec = tls_security()
connection_args = sec.get_connection_args('client')
listen_args = sec.get_listen_args('scheduler')
@gen.coroutine
def ping(comm, delay=0.01):
yield gen.sleep(delay)
raise gen.Return('pong')
servers = [Server({'ping': ping}) for i in range(10)]
for server in servers:
server.listen('tls://', listen_args=listen_args)
rpc = ConnectionPool(limit=5, connection_args=connection_args)
yield [rpc(s.address).ping() for s in servers[:5]]
yield [rpc(s.address).ping() for s in servers[::2]]
yield [rpc(s.address).ping() for s in servers]
assert rpc.active == 0
rpc.close()
def test_use_config_file(loop):
with new_config_file(tls_only_config()):
with popen(['dask-scheduler', '--no-bokeh', '--host', 'tls://']) as s:
with popen(['dask-worker', '--no-bokeh', 'tls://127.0.0.1:8786']) as w:
with Client('tls://127.0.0.1:8786', loop=loop,
security=tls_security()) as c:
wait_for_cores(c)
def test_tls(self):
with dask_testing_cluster(
worker_kwargs={'security': tls_security()},
scheduler_kwargs={'security': tls_security()}) as (s, workers):
# These use test certs that ship with dask/distributed and should not be
# used in production
configuration.set('dask', 'tls_ca', get_cert('tls-ca-cert.pem'))
configuration.set('dask', 'tls_cert', get_cert('tls-key-cert.pem'))
configuration.set('dask', 'tls_key', get_cert('tls-key.pem'))
try:
executor = DaskExecutor(cluster_address=s['address'])
self.assert_tasks_on_executor(executor)
executor.end()
# close the executor, the cluster context manager expects all listeners
# and tasks to have completed.
executor.client.close()
finally:
configuration.set('dask', 'tls_ca', '')
configuration.set('dask', 'tls_key', '')
configuration.set('dask', 'tls_cert', '')
async def test_connection_pool_tls():
"""
Make sure connection args are supported.
"""
sec = tls_security()
connection_args = sec.get_connection_args("client")
listen_args = sec.get_listen_args("scheduler")
async def ping(comm, delay=0.01):
await asyncio.sleep(delay)
return "pong"
servers = [Server({"ping": ping}) for i in range(10)]
for server in servers:
await server.listen("tls://", **listen_args)
rpc = await ConnectionPool(limit=5, connection_args=connection_args)
await asyncio.gather(*[rpc(s.address).ping() for s in servers[:5]])
await asyncio.gather(*[rpc(s.address).ping() for s in servers[::2]])
await asyncio.gather(*[rpc(s.address).ping() for s in servers])
assert rpc.active == 0
await rpc.close()
async def test_server_listen():
"""
Test various Server.listen() arguments and their effect.
"""
from contextlib import asynccontextmanager
@asynccontextmanager
async def listen_on(cls, *args, **kwargs):
server = cls({})
await server.listen(*args, **kwargs)
try:
yield server
finally:
server.stop()
# Note server.address is the concrete, contactable address
async with listen_on(Server, 7800) as server:
assert server.port == 7800
assert server.address == "tcp://%s:%d" % (EXTERNAL_IP4, server.port)
await assert_can_connect(server.address)
await assert_can_connect_from_everywhere_4_6(server.port)
async with listen_on(Server) as server:
assert server.port > 0
assert server.address == "tcp://%s:%d" % (EXTERNAL_IP4, server.port)
await assert_can_connect(server.address)
await assert_can_connect_from_everywhere_4_6(server.port)
async with listen_on(MyServer) as server:
assert server.port == MyServer.default_port
assert server.address == "tcp://%s:%d" % (EXTERNAL_IP4, server.port)
await assert_can_connect(server.address)
await assert_can_connect_from_everywhere_4_6(server.port)
async with listen_on(Server, ("", 7801)) as server:
assert server.port == 7801
assert server.address == "tcp://%s:%d" % (EXTERNAL_IP4, server.port)
await assert_can_connect(server.address)
await assert_can_connect_from_everywhere_4_6(server.port)
async with listen_on(Server, "tcp://:7802") as server:
assert server.port == 7802
assert server.address == "tcp://%s:%d" % (EXTERNAL_IP4, server.port)
await assert_can_connect(server.address)
await assert_can_connect_from_everywhere_4_6(server.port)
# Only IPv4
async with listen_on(Server, ("0.0.0.0", 7810)) as server:
assert server.port == 7810
assert server.address == "tcp://%s:%d" % (EXTERNAL_IP4, server.port)
await assert_can_connect(server.address)
await assert_can_connect_from_everywhere_4(server.port)
async with listen_on(Server, ("127.0.0.1", 7811)) as server:
assert server.port == 7811
assert server.address == "tcp://127.0.0.1:%d" % server.port
await assert_can_connect(server.address)
await assert_can_connect_locally_4(server.port)
async with listen_on(Server, "tcp://127.0.0.1:7812") as server:
assert server.port == 7812
assert server.address == "tcp://127.0.0.1:%d" % server.port
await assert_can_connect(server.address)
await assert_can_connect_locally_4(server.port)
# Only IPv6
if has_ipv6():
async with listen_on(Server, ("::", 7813)) as server:
assert server.port == 7813
assert server.address == "tcp://[%s]:%d" % (EXTERNAL_IP6, server.port)
await assert_can_connect(server.address)
await assert_can_connect_from_everywhere_6(server.port)
async with listen_on(Server, ("::1", 7814)) as server:
assert server.port == 7814
assert server.address == "tcp://[::1]:%d" % server.port
await assert_can_connect(server.address)
await assert_can_connect_locally_6(server.port)
async with listen_on(Server, "tcp://[::1]:7815") as server:
assert server.port == 7815
assert server.address == "tcp://[::1]:%d" % server.port
await assert_can_connect(server.address)
await assert_can_connect_locally_6(server.port)
# TLS
sec = tls_security()
async with listen_on(
Server, "tls://", **sec.get_listen_args("scheduler")
) as server:
assert server.address.startswith("tls://")
await assert_can_connect(server.address, **sec.get_connection_args("client"))
# InProc
async with listen_on(Server, "inproc://") as server:
inproc_addr1 = server.address
assert inproc_addr1.startswith("inproc://%s/%d/" % (get_ip(), os.getpid()))
await assert_can_connect(inproc_addr1)
async with listen_on(Server, "inproc://") as server2:
inproc_addr2 = server2.address
assert inproc_addr2.startswith("inproc://%s/%d/" % (get_ip(), os.getpid()))
await assert_can_connect(inproc_addr2)
await assert_can_connect(inproc_addr1)
await assert_cannot_connect(inproc_addr2)
def test_server_listen():
"""
Test various Server.listen() arguments and their effect.
"""
@contextmanager
def listen_on(cls, *args, **kwargs):
server = cls({})
server.listen(*args, **kwargs)
try:
yield server
finally:
server.stop()
# Note server.address is the concrete, contactable address
with listen_on(Server, 7800) as server:
assert server.port == 7800
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(Server) as server:
assert server.port > 0
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(MyServer) as server:
assert server.port == MyServer.default_port
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(Server, ('', 7801)) as server:
assert server.port == 7801
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(Server, 'tcp://:7802') as server:
assert server.port == 7802
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
# Only IPv4
with listen_on(Server, ('0.0.0.0', 7810)) as server:
assert server.port == 7810
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4(server.port)
with listen_on(Server, ('127.0.0.1', 7811)) as server:
assert server.port == 7811
assert server.address == 'tcp://127.0.0.1:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_4(server.port)
with listen_on(Server, 'tcp://127.0.0.1:7812') as server:
assert server.port == 7812
assert server.address == 'tcp://127.0.0.1:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_4(server.port)
# Only IPv6
if has_ipv6():
with listen_on(Server, ('::', 7813)) as server:
assert server.port == 7813
assert server.address == 'tcp://[%s]:%d' % (EXTERNAL_IP6,
server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_6(server.port)
with listen_on(Server, ('::1', 7814)) as server:
assert server.port == 7814
assert server.address == 'tcp://[::1]:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_6(server.port)
with listen_on(Server, 'tcp://[::1]:7815') as server:
assert server.port == 7815
assert server.address == 'tcp://[::1]:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_6(server.port)
# TLS
sec = tls_security()
with listen_on(Server,
'tls://',
listen_args=sec.get_listen_args('scheduler')) as server:
assert server.address.startswith('tls://')
yield assert_can_connect(
server.address, connection_args=sec.get_connection_args('client'))
# InProc
with listen_on(Server, 'inproc://') as server:
inproc_addr1 = server.address
assert inproc_addr1.startswith('inproc://%s/%d/' %
(get_ip(), os.getpid()))
yield assert_can_connect(inproc_addr1)
with listen_on(Server, 'inproc://') as server2:
inproc_addr2 = server2.address
assert inproc_addr2.startswith('inproc://%s/%d/' %
(get_ip(), os.getpid()))
yield assert_can_connect(inproc_addr2)
yield assert_can_connect(inproc_addr1)
yield assert_cannot_connect(inproc_addr2)
def test_rpc_tls():
sec = tls_security()
yield check_rpc('tcp://', None, sec.get_listen_args('scheduler'),
sec.get_connection_args('worker'))
def test_rpc_tls():
sec = tls_security()
yield check_rpc('tcp://', None, sec.get_listen_args('scheduler'),
sec.get_connection_args('worker'))
def test_server_listen():
"""
Test various Server.listen() arguments and their effect.
"""
@contextmanager
def listen_on(cls, *args, **kwargs):
server = cls({})
server.listen(*args, **kwargs)
try:
yield server
finally:
server.stop()
# Note server.address is the concrete, contactable address
with listen_on(Server, 7800) as server:
assert server.port == 7800
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(Server) as server:
assert server.port > 0
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(MyServer) as server:
assert server.port == MyServer.default_port
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(Server, ('', 7801)) as server:
assert server.port == 7801
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
with listen_on(Server, 'tcp://:7802') as server:
assert server.port == 7802
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4_6(server.port)
# Only IPv4
with listen_on(Server, ('0.0.0.0', 7810)) as server:
assert server.port == 7810
assert server.address == 'tcp://%s:%d' % (EXTERNAL_IP4, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_4(server.port)
with listen_on(Server, ('127.0.0.1', 7811)) as server:
assert server.port == 7811
assert server.address == 'tcp://127.0.0.1:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_4(server.port)
with listen_on(Server, 'tcp://127.0.0.1:7812') as server:
assert server.port == 7812
assert server.address == 'tcp://127.0.0.1:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_4(server.port)
# Only IPv6
if has_ipv6():
with listen_on(Server, ('::', 7813)) as server:
assert server.port == 7813
assert server.address == 'tcp://[%s]:%d' % (EXTERNAL_IP6, server.port)
yield assert_can_connect(server.address)
yield assert_can_connect_from_everywhere_6(server.port)
with listen_on(Server, ('::1', 7814)) as server:
assert server.port == 7814
assert server.address == 'tcp://[::1]:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_6(server.port)
with listen_on(Server, 'tcp://[::1]:7815') as server:
assert server.port == 7815
assert server.address == 'tcp://[::1]:%d' % server.port
yield assert_can_connect(server.address)
yield assert_can_connect_locally_6(server.port)
# TLS
sec = tls_security()
with listen_on(Server, 'tls://',
listen_args=sec.get_listen_args('scheduler')) as server:
assert server.address.startswith('tls://')
yield assert_can_connect(server.address,
connection_args=sec.get_connection_args('client'))
# InProc
with listen_on(Server, 'inproc://') as server:
inproc_addr1 = server.address
assert inproc_addr1.startswith('inproc://%s/%d/' % (get_ip(), os.getpid()))
yield assert_can_connect(inproc_addr1)
with listen_on(Server, 'inproc://') as server2:
inproc_addr2 = server2.address
assert inproc_addr2.startswith('inproc://%s/%d/' % (get_ip(), os.getpid()))
yield assert_can_connect(inproc_addr2)
yield assert_can_connect(inproc_addr1)
yield assert_cannot_connect(inproc_addr2)
def test_separate_key_cert(loop):
with popen(['dask-scheduler', '--no-bokeh'] + tls_args_2) as s:
with popen(['dask-worker', '--no-bokeh', 'tls://127.0.0.1:8786'] + tls_args_2) as w:
with Client('tls://127.0.0.1:8786', loop=loop,
security=tls_security()) as c:
wait_for_cores(c)
def test_separate_key_cert(loop):
with popen(['dask-scheduler', '--no-bokeh', '--host', 'tls://'] + tls_args_2) as s:
with popen(['dask-worker', '--no-bokeh', 'tls://127.0.0.1:8786'] + tls_args_2) as w:
with Client('tls://127.0.0.1:8786', loop=loop,
security=tls_security()) as c:
wait_for_cores(c)