This repository has been archived by the owner on Jun 6, 2024. It is now read-only.
Https英文文档 #5078
Merged
Https英文文档 #5078
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hzy46
reviewed
Nov 12, 2020
| @@ -40,7 +40,7 @@ There is a shortcut to k8s dashboard on the webportal. However, it needs special | |||
|
|
|||
| <img src="./imgs/k8s-dashboard.png" width="100%" height="100%" /> | |||
|
|
|||
| To use it, you should first set up `https` access (Using `http://<ip>` won't work) for OpenPAI. Then, on the dev box machine, follow the steps below: | |||
| To use it, you should first set up `https` access (Using `http://<ip>` won't work) for OpenPAI.Please refer to [here](#how-to-set-up-https). Then, on the dev box machine, follow the steps below: | |||
There was a problem hiding this comment.
Add space before Please refer to here
hzy46
reviewed
Nov 12, 2020
| You can use `exit` to leave the dev-box container, and use `sudo docker exec -it dev-box bash` to re-enter it if you desire so. If you don't need it any more, use `sudo docker stop dev-box` and `sudo docker rm dev-box` to delete the docker container. | ||
|
|
||
| ## <div id="how-to-set-up-https">How To Set Up Https</div> |
hzy46
reviewed
Nov 12, 2020
| ## <div id="how-to-set-up-https">How To Set Up Https</div> | ||
|
|
||
| To configure https certificate for pylon, you need to obtain a digital certificate first, and then save the digital certificate related files in the dev-box container. In the dev-box, you can find the configuration file `services-configuration.yaml`, and then you need to Enter the file path of the saved digital certificate into the `services-configuration.yaml` file. You can choose a self-signed certificate or a certificate issued by a CA. Next, we will first demonstrate the configuration process of a self-signed certificate. The configuration process for the two types of certificates is similar. |
There was a problem hiding this comment.
digital certificate related files -> digital certificate-related files
In the dev-box -> In the dev-box container
Enter the file path -> add the file path
The configuration process for the two types of certificates is similar. -> The configuration processes for the two types of certificates are similar.
hzy46
reviewed
Nov 12, 2020
|
|
||
|
|
||
| #### 1. Enter the dev-box onctainer |
hzy46
reviewed
Nov 12, 2020
|
|
||
| #### 2. Create a folder in the dev-box container | ||
| When you enter the container, you need to create a folder and generate a self-signed certificate in this folder. We can create an ssl folder in the home folder. |
There was a problem hiding this comment.
Use ` around ssl and home.
We can create an ssl folder in the home folder.
->
You can create an `ssl` folder in the `home` folder.
hzy46
reviewed
Nov 12, 2020
| ``` | ||
| #### 3. Generate RSA private key with openssl | ||
| The next commands you enter will use the FileName parameter multiple times. You can choose a suitable file name to replace FileName. |
There was a problem hiding this comment.
commands -> command
FileName
->
`FileName`
There was a problem hiding this comment.
I think plurals should be used here because there are many commands
There was a problem hiding this comment.
The following commands? the next + plural form is not common.
hzy46
reviewed
Nov 12, 2020
| ``` | ||
|
|
||
| In this step, password will be asked. |
There was a problem hiding this comment.
password will be asked. -> A password will be asked.
hzy46
reviewed
Nov 12, 2020
|
|
||
|
|
||
| If you are configuring for the first time, `services-configuration.yaml` may not exist in the dev-box container. You should follow the procedure below to change the configuration file and make it effective. Close the pylon service, pull the OpenPAI configuration file `services-configuration.yaml` to the local, change the configuration file, upload the configuration file, and restart the pylon service. The commands you need are: |
There was a problem hiding this comment.
If you are configuring for the first time -> If you are configuring PAI service for the first time
Close the pylon service, -> Then, stop the pylon service,
hzy46
reviewed
Nov 12, 2020
| key_path: /path/to/yyyyyy | ||
| ``` | ||
| In the example we just gave, the configuration file content should be: |
There was a problem hiding this comment.
In the example we just gave -> With the example we just gave
hzy46
reviewed
Nov 12, 2020
| key_path: /home/ssl/FileName.key | ||
| ``` | ||
| Restart the pylon service, you can access OpenPAI via https. |
There was a problem hiding this comment.
Restart the pylon service, you can access OpenPAI via https. -> Restart the pylon service, and you will be able to access OpenPAI via https.
hzy46
reviewed
Nov 12, 2020
| #### Configure CA certificate | ||
| ##### 1. Save the CA certificate in the dev-box container | ||
| To configure a CA certificate, you first need to apply for and export your CA certificate, you will eventually get a crt file and a key file, and then save these two files in the dev-box container, such as the one stored in the dev-box container /home/ssl folder. as the picture shows: |
There was a problem hiding this comment.
To configure a CA certificate, you first need to apply for and export your CA certificate, you will eventually get a crt file and a key file, and then save these two files in the dev-box container, such as the one stored in the dev-box container /home/ssl folder. as the picture shows:
->
To configure a CA certificate, you first need to apply for and export it. You will eventually get a crt file and a key file. Please save these two files in the dev-box container. As shown in the following picture, the two files are saved in `/home/ssl`.
hzy46
reviewed
Nov 12, 2020
|
|
||
| ##### 2. Configure services-configuration.yaml | ||
| In this step, you can configure it in accordance with Step 7 in the process of `Configure a self-signed certificate`, just change the FileName field. For example: |
There was a problem hiding this comment.
In this step, you can configure it in accordance with Step 7 in the process of `Configure a self-signed certificate`, just change the FileName field.
->
In this step, you can configure the `services-configuration.yaml` in accordance with the Step 7 in the process of `Configure a self-signed certificate`. For example:
hzy46
reviewed
Nov 12, 2020
| @@ -25,61 +25,8 @@ In this section, we will cover how to set up the integration step by step. | |||
|
|
|||
| #### Note | |||
|
|
|||
| Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism. | |||
| Previous user data in webportal is required to be mapping/migrate to AAD. Once the integration is enabled, instead of using basic user authentication, OpenPAI will switch to use (and only use) AAD as user authentication mechanism.To set up AAD, follow the instructions in [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI. | |||
There was a problem hiding this comment.
Add space before To set up AAD.
follow the instructions in [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI.
->
please follow the instructions [here](./basic-management-operations.md#how-to-set-up-https) to set up HTTPS access for OpenPAI first.
|
ok
…---原始邮件---
发件人: "Zhiyuan He"<notifications@github.com>
发送时间: 2020年11月12日(周四) 中午11:02
收件人: "microsoft/pai"<pai@noreply.github.com>;
抄送: "vvfreesoul"<285009003@qq.com>;"Author"<author@noreply.github.com>;
主题: Re: [microsoft/pai] Https英文文档 (#5078)
@hzy46 commented on this pull request.
In docs/manual/cluster-admin/basic-management-operations.md:
> + +You need to use [`paictl`](#pai-service-management-and-paictl) to enter the container in the following way: + +```bash +sudo docker exec -it dev-box bash +``` + +#### 2. Create a folder in the dev-box container +When you enter the container, you need to create a folder and generate a self-signed certificate in this folder. We can create an ssl folder in the home folder. + +``` bash +mkdir /home/ssl +cd /home/ssl +``` +#### 3. Generate RSA private key with openssl +The next commands you enter will use the FileName parameter multiple times. You can choose a suitable file name to replace FileName.
The following commands? the next + plural form is not common.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
hzy46
reviewed
Nov 12, 2020
| You can use `exit` to leave the dev-box container, and use `sudo docker exec -it dev-box bash` to re-enter it if you desire so. If you don't need it any more, use `sudo docker stop dev-box` and `sudo docker rm dev-box` to delete the docker container. | ||
|
|
||
| ## <div id="how-to-set-up-https">How To Set Up HTTPS</div> |
hzy46
approved these changes
Nov 12, 2020
hzy46
reviewed
Nov 13, 2020
| openssl genrsa -des3 -out FileName.key 1024 | ||
| ``` | ||
| In this step, a password will be asked.The following commands you enter will use the `FileName` parameter multiple times. You can choose a suitable file name to replace `FileName`. |
There was a problem hiding this comment.
Please add a space before The following commands you enter will
hzy46
reviewed
Nov 13, 2020
|
|
||
| <div align="center"> | ||
| <img src="./imgs/openssl_CA_result.png" alt="paictl overview picture" style="float: center; margin-right: 10px;" /> |
There was a problem hiding this comment.
The image links for Chinese version doc should also be updated. Please update them in this pr too.
This was referenced Nov 19, 2020
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
还是有为英文标题设置id,不然无法引用链接