TLS support in transport between RAFT nodes.

63 views
Skip to first unread message

AJ

unread,
Apr 29, 2024, 12:45:57 PMApr 29
to raft-dev
Hi, 


It uses the default NetworkTransport implemented out of the box. 

I am trying to understand how we can enable TLS on the transport used between the RAFT nodes, so that all heartbeat and data updates are done over a secure transport. 

The NetworkTransport does discuss about TLS but it is not clear how it is achieved. 

NetworkTransport provides a network based transport that can be used to communicate with Raft on remote machines. It requires an underlying stream layer to provide a stream abstraction, which can be simple TCP, TLS, etc.

Thanks,
Anil.


Diego Ongaro

unread,
Apr 29, 2024, 9:50:18 PMApr 29
to raft...@googlegroups.com
Hi AJ,

From the docs, it sounds like you're supposed to implement the StreamLayer interface and then pass your implementation into NewNetworkTransport. Maybe that's enough to point you in the right direction.

A better place for this question may be the hashicorp/raft issue tracker: https://github.com/hashicorp/raft/issues/ . This issue from 2017 looks relevant: https://github.com/hashicorp/raft/issues/201

Hope this helps,
Diego

--
You received this message because you are subscribed to the Google Groups "raft-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to raft-dev+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/raft-dev/55f44134-7677-4c64-ac41-f4261c74ef4en%40googlegroups.com.

Philip O'Toole

unread,
Apr 30, 2024, 12:56:27 PMApr 30
to raft...@googlegroups.com
Wrap your TLS Listener (and Dialer) in this interface:


and then pass it to:


Then pass that Network Transport object to the Rest of the Hashicorp code. This is basically what rqlite does (see https://github.com/rqlite/rqlite/blob/master/store/store.go#L449) though it's more complicated as it multiplexes a couple of logical connections over the single physical TLS connection.

Philip

Reply all
Reply to author
Forward
0 new messages