github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/docs/switch_https.md

github.com/NVIDIA/aistore@v1.3.23-0.20240517131212-7df6609be51d/docs/switch_https.md (about)

     1  Here's a quick sequence with detailed comments inline.
     2  
     3  ## From HTTP to HTTPS
     4  
     5  This assumes that [X.509 certificate already exists](getting_started.md#setting-up-https-locally) and the (HTTP-based) cluster is up and running. All we need to do at this point is switch it to HTTPS.
     6  
     7  ```console
     8  # step 1: reconfigure cluster to use HTTPS
     9  $ ais config cluster net.http.use_https true
    10  
    11  # step 2: add information related to certs
    12  $ ais config cluster net.http.skip_verify true
    13  $ ais config cluster net.http.server_key <path-to-cert>/cert.key
    14  $ ais config cluster net.http.server_crt <path-to-cert>/cert.crt
    15  
    16  # step 3: shutdown
    17  $ ais cluster shutdown
    18  
    19  # step 4: remove cluster map - all copies at all possible locations, for example:
    20  $ find ~/.ais* -type f -name ".ais.smap" | xargs rm
    21  
    22  # step 5: restart
    23  $ make kill cli deploy <<< $'6\n6\n4\ny\ny\nn\n'
    24  
    25  # step 6: optionally, run aisloader
    26  $ AIS_ENDPOINT=https://localhost:8080 aisloader -bucket=ais://nnn -cleanup=false -numworkers=8 -pctput=0 -randomproxy
    27  
    28  # step 7: optionally, reconfigure CLI to skip X.509 verification:
    29  $ ais config cli set cluster.skip_verify_crt true
    30  
    31  # step 8: run CLI
    32  $ AIS_ENDPOINT=https://127.0.0.1:8080 ais show cluster
    33  
    34  $ AIS_ENDPOINT=https://127.0.0.1:8080 ais archive gen-shards "ais://abc/shard-{001..999}.tar.lz4"
    35  Shards created: 999/999 [==============================================================] 100 %
    36  
    37  $ export AIS_ENDPOINT=https://localhost:8080
    38  
    39  $ ais ls ais://abc --summary
    40  NAME           PRESENT         OBJECTS         SIZE (apparent, objects, remote)        USAGE(%)
    41  ais://abc      yes             999 0           5.86MiB 5.20MiB 0B                      0%
    42  ...
    43  ...
    44  ```
    45  
    46  Goes without saying that `localhost` etc. are used here (and elsewhere) for purely illustrative purposes.
    47  
    48  Instead of `localhost`, `127.0.0.1`, port `8080`, and the `make` command above one must use their respective correct endpoints and proper deployment operations.
    49  
    50  ## From HTTPS back to HTTP
    51  
    52  ```console
    53  # step 1: disable HTTPS
    54  $ AIS_ENDPOINT=https://127.0.0.1:8080 ais config cluster net.http.use_https false
    55  
    56  # step 2: shutdown (notice that we are still using HTTPS endpoint)
    57  $ AIS_ENDPOINT=https://127.0.0.1:8080 ais cluster shutdown -y
    58  
    59  # step 3: remove cluster maps
    60  $ find ~/.ais* -type f -name ".ais.smap" | xargs rm
    61  
    62  # step 4: restart
    63  $ make kill cli deploy <<< $'6\n6\n4\ny\ny\nn\n'
    64  
    65  # step 5: and use
    66  $ ais show cluster
    67  ```