change_certs_path && add_"-d" (#190)

update

cmd/kuscia/modules/modules_test.go

@@ -68,23 +68,23 @@ func Test_LoadKusciaConfig(t *testing.T) {
 	content := fmt.Sprintf(`
 rootDir: /home/kuscia
 domainID: kuscia
-caKeyFile: etc/certs/ca.key
-caFile: etc/certs/ca.crt
-domainKeyFile: etc/certs/domain.key
+caKeyFile: var/tmp/ca.key
+caFile: var/tmp//ca.crt
+domainKeyFile: var/tmp//domain.key
 master:
   endpoint: http://127.0.0.1:1080
   tls:
-    certFile: etc/certs/client-admin.crt
-    keyFile: etc/certs/client-admin.key
-    caFile: etc/certs/server-ca.crt
+    certFile: var/tmp/client-admin.crt
+    keyFile: var/tmp/client-admin.key
+    caFile: var/tmp/server-ca.crt
   apiserver:
     kubeconfigFile: etc/kubeconfig
     endpoint:  http://127.0.0.1:1080
 agent:
   allowPrivileged: false
 externalTLS:
-  certFile: etc/certs/external_tls.crt
-  keyFile: etc/certs/external_tls.key
+  certFile: var/tmp/external_tls.crt
+  keyFile: var/tmp/external_tls.key
 dataMesh:
   enableDataProxy : true
 `)

docs/deployment/deploy_master_lite_cn.md

@@ -233,13 +233,13 @@ docker exec -it ${USER}-kuscia-master scripts/deploy/create_domaindata_bob_table
 登录到安装 alice 的机器上，为 alice 的测试数据创建 domaindatagrant
 
 ```bash
-docker exec -it ${USER}-kuscia-lite-alice curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"alice","domaindata_id":"alice-table","grant_domain":"bob"}' --cacert etc/certs/ca.crt --cert etc/certs/ca.crt --key etc/certs/ca.key
+docker exec -it ${USER}-kuscia-lite-alice curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"alice","domaindata_id":"alice-table","grant_domain":"bob"}' --cacert var/tmp/ca.crt --cert var/tmp/ca.crt --key var/tmp/ca.key
 ```
 
 同理，登录到安装 bob 的机器上，为 bob 的测试数据创建 domaindatagrant
 
 ```bash
-docker exec -it ${USER}-kuscia-lite-bob curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"bob","domaindata_id":"bob-table","grant_domain":"alice"}' --cacert etc/certs/ca.crt --cert etc/certs/ca.crt --key etc/certs/ca.key
+docker exec -it ${USER}-kuscia-lite-bob curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"bob","domaindata_id":"bob-table","grant_domain":"alice"}' --cacert var/tmp/ca.crt --cert var/tmp/ca.crt --key var/tmp/ca.key
 ```
 
 #### 执行测试作业

docs/deployment/deploy_p2p_cn.md

@@ -151,7 +151,7 @@ docker exec -it ${USER}-kuscia-autonomy-alice scripts/deploy/create_domaindata_a
 为 alice 的测试数据创建 domaindatagrant
 
 ```bash
-docker exec -it ${USER}-kuscia-autonomy-alice curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"alice","domaindata_id":"alice-table","grant_domain":"bob"}' --cacert etc/certs/ca.crt --cert etc/certs/ca.crt --key etc/certs/ca.key
+docker exec -it ${USER}-kuscia-autonomy-alice curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"alice","domaindata_id":"alice-table","grant_domain":"bob"}' --cacert var/tmp/ca.crt --cert var/tmp/ca.crt --key var/tmp/ca.key
 ```
 
 同理，登录到安装 bob 的机器上，将默认的测试数据拷贝到之前部署目录的 kuscia-autonomy-bob-data 下
@@ -166,7 +166,7 @@ docker exec -it ${USER}-kuscia-autonomy-bob scripts/deploy/create_domaindata_bob
 为 bob 的测试数据创建 domaindatagrant
 
 ```bash
-docker exec -it ${USER}-kuscia-autonomy-bob curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"bob","domaindata_id":"bob-table","grant_domain":"alice"}' --cacert etc/certs/ca.crt --cert etc/certs/ca.crt --key etc/certs/ca.key
+docker exec -it ${USER}-kuscia-autonomy-bob curl https://127.0.0.1:8070/api/v1/datamesh/domaindatagrant/create -X POST -H 'content-type: application/json' -d '{"author":"bob","domaindata_id":"bob-table","grant_domain":"alice"}' --cacert var/tmp/ca.crt --cert var/tmp/ca.crt --key var/tmp/ca.key
 ```
 
 #### 执行作业

docs/development/register_custom_image.md

@@ -34,6 +34,7 @@ docker cp ${USER}-kuscia-autonomy-alice:/home/kuscia/scripts/tools/register_app_
 - `-h`：可选参数，查看工具脚本帮助信息
 - `-m`：必填参数，指定 Kuscia 的部署模式，支持`[center, p2p]`。中心化组网模式为`center`和点对点组网模式为`p2p`
 - `-i`：必填参数，指定需要注册的自定义算法的 Docker 镜像，包含镜像名称和 TAG 信息。可以通过命令`docker images`查询。 镜像示例: `secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow/secretflow-lite-anolis8:latest`
+- `-d`：可选参数，指定节点 Domain IDs，默认为：`alice,bob`。若需指定多节点 Domain ID，各节点 Domain ID 之间以`,`分隔。
 - `-u`：可选参数，指定部署 Kuscia 的用户，默认为：`${USER}`。通过命令`echo ${USER}`可查看当前用户
 - `-n`：可选参数，指定自定义算法镜像相关的 Kuscia AppImage 名称。若不指定，则工具脚本将根据算法镜像名称生成对应的 AppImage 名称。
 

docs/reference/apis/summary_cn.md

@@ -69,10 +69,10 @@ Status 携带请求响应的状态信息。
 Kuscia master 部署完成之后，会默认生成一个 kuscia API client 证书，你可以通过以下命令获取（以中心化组网模式为例）：
 
 ```shell
-docker cp ${USER}-kuscia-master:/home/kuscia/etc/certs/kusciaapi-client.key .
-docker cp ${USER}-kuscia-master:/home/kuscia/etc/certs/kusciaapi-client.crt .
-docker cp ${USER}-kuscia-master:/home/kuscia/etc/certs/ca.crt .
-docker cp ${USER}-kuscia-master:/home/kuscia/etc/certs/token .
+docker cp ${USER}-kuscia-master:/home/kuscia/var/tmp/kusciaapi-client.key .
+docker cp ${USER}-kuscia-master:/home/kuscia/var/tmp/kusciaapi-client.crt .
+docker cp ${USER}-kuscia-master:/home/kuscia/var/tmp/ca.crt .
+docker cp ${USER}-kuscia-master:/home/kuscia/var/tmp/token .
 ```
 
 ### GRPC

docs/reference/concepts/domaindata_cn.md

@@ -164,7 +164,7 @@ Data Mesh API 提供 HTTP 和 GRPC 两种访问方法，分别位于 8070 和 80
 ```shell
 curl -X POST 'http://{{USER-kuscia-lite-alice}:8070/api/v1/datamesh/domaindata/query' --header 'Content-Type: application/json' -d '{
   "domaindata_id": "alice"
-}' --cacert /home/kuscia/etc/certs/ca.crt --cert /home/kuscia/etc/certs/ca.crt --key /home/kuscia/etc/certs/ca.key
+}' --cacert /home/kuscia/var/tmp/ca.crt --cert /home/kuscia/var/tmp/ca.crt --key /home/kuscia/var/tmp/ca.key
 ```
 
 

docs/tutorial/run_secretflow_with_api_cn.md

@@ -14,7 +14,7 @@ Kuscia API 使用双向 HTTPS，所以需要配置你的客户端库的双向 HT
 
 ### 中心化组网模式
 
-证书文件在 ${USER}-kuscia-master 节点的`/home/kuscia/etc/certs/`目录下：
+证书文件在 ${USER}-kuscia-master 节点的`/home/kuscia/var/tmp/`目录下：
 
 | 文件名               | 文件功能                                                |
 | -------------------- | ------------------------------------------------------- |
@@ -27,7 +27,7 @@ Kuscia API 使用双向 HTTPS，所以需要配置你的客户端库的双向 HT
 
 证书的配置参考[配置授权](../deployment/deploy_p2p_cn.md#配置授权)
 
-这里以 alice 节点为例，接口需要的证书文件在 ${USER}-kuscia-autonomy-alice 节点的`/home/kuscia/etc/certs/`目录下：
+这里以 alice 节点为例，接口需要的证书文件在 ${USER}-kuscia-autonomy-alice 节点的`/home/kuscia/var/tmp/`目录下：
 
 | 文件名               | 文件功能                                                |
 | -------------------- | ------------------------------------------------------- |
@@ -107,11 +107,11 @@ docker exec -it ${USER}-kuscia-autonomy-alice
 
 ```shell
 curl -X POST 'https://localhost:8082/api/v1/job/create' \
---header "Token: $(cat /home/kuscia/etc/certs/token)" \
+--header "Token: $(cat /home/kuscia/var/tmp/token)" \
 --header 'Content-Type: application/json' \
---cert '/home/kuscia/etc/certs/kusciaapi-client.crt' \
---key '/home/kuscia/etc/certs/kusciaapi-client.key' \
---cacert '/home/kuscia/etc/certs/ca.crt' \
+--cert '/home/kuscia/var/tmp/kusciaapi-server.crt' \
+--key '/home/kuscia/var/tmp/kusciaapi-server.key' \
+--cacert '/home/kuscia/var/tmp/ca.crt' \
 -d '{
     "job_id": "job-best-effort-linear",
     "initiator": "alice",
@@ -172,11 +172,11 @@ job-best-effort-linear 是你在[配置 Job](#configure-kuscia-job) 中指定的
 
 ```shell
 curl -X POST 'https://localhost:8082/api/v1/job/status/batchQuery' \
---header "Token: $(cat /home/kuscia/etc/certs/token)" \
+--header "Token: $(cat /home/kuscia/var/tmp/token)" \
 --header 'Content-Type: application/json' \
---cert '/home/kuscia/etc/certs/kusciaapi-client.crt' \
---key '/home/kuscia/etc/certs/kusciaapi-client.key' \
---cacert '/home/kuscia/etc/certs/ca.crt' \
+--cert '/home/kuscia/var/tmp/kusciaapi-server.crt' \
+--key '/home/kuscia/var/tmp/kusciaapi-server.key' \
+--cacert '/home/kuscia/var/tmp/ca.crt' \
 -d '{
     "job_ids": ["job-best-effort-linear"]
 }'
@@ -262,11 +262,11 @@ KusciaJob.
 
 ```shell
 curl -X POST 'https://localhost:8082/api/v1/job/delete' \
---header "Token: $(cat /home/kuscia/etc/certs/token)" \
+--header "Token: $(cat /home/kuscia/var/tmp/token)" \
 --header 'Content-Type: application/json' \
---cert '/home/kuscia/etc/certs/kusciaapi-client.crt' \
---key '/home/kuscia/etc/certs/kusciaapi-client.key' \
---cacert '/home/kuscia/etc/certs/ca.crt' \
+--cert '/home/kuscia/var/tmp/kusciaapi-server.crt' \
+--key '/home/kuscia/var/tmp/kusciaapi-server.key' \
+--cacert '/home/kuscia/var/tmp/ca.crt' \
 -d '{
     "job_id": "job-best-effort-linear"
 }'

scripts/deploy/add_domain.sh

@@ -40,7 +40,7 @@ if [[ $SELF_DOMAIN_ID == "" ]]; then
 fi
 
 ROOT=$(cd "$(dirname "${BASH_SOURCE[0]}")/../.." && pwd -P)
-CERT=$(base64 $ROOT/etc/certs/${DOMAIN_ID}.domain.crt | tr -d "\n")
+CERT=$(base64 $ROOT/var/tmp/${DOMAIN_ID}.domain.crt | tr -d "\n")
 
 DOMAIN_TEMPLATE="
 apiVersion: kuscia.secretflow/v1alpha1

scripts/deploy/deploy.sh

@@ -54,7 +54,7 @@ log "SECRETFLOW_IMAGE=${SECRETFLOW_IMAGE}"
 SF_IMAGE_REGISTRY="secretflow-registry.cn-hangzhou.cr.aliyuncs.com/secretflow"
 CTR_ROOT=/home/kuscia
 CTR_TMP_ROOT=${CTR_ROOT}/var/tmp
-CTR_CERT_ROOT=${CTR_ROOT}/etc/certs
+CTR_CERT_ROOT=${CTR_ROOT}/var/tmp
 MASTER_MEMORY_LIMIT=2G
 LITE_MEMORY_LIMIT=4G
 AUTONOMY_MEMORY_LIMIT=6G

scripts/deploy/start_secretpad.sh

@@ -23,7 +23,7 @@ NC='\033[0m'
 
 ROOT=$(pwd)
 CTR_ROOT=/home/kuscia
-CTR_CERT_ROOT=${CTR_ROOT}/etc/certs
+CTR_CERT_ROOT=${CTR_ROOT}/var/tmp
 CTR_PREFIX=${USER}-kuscia
 MASTER_CTR=${CTR_PREFIX}-master
 FORCE_START=false

scripts/deploy/start_standalone.sh

@@ -42,7 +42,7 @@ fi
 
 CTR_PREFIX=${USER}-kuscia
 CTR_ROOT=/home/kuscia
-CTR_CERT_ROOT=${CTR_ROOT}/etc/certs
+CTR_CERT_ROOT=${CTR_ROOT}/var/tmp
 CTR_TMP_ROOT=${CTR_ROOT}/var/tmp
 MASTER_DOMAIN="kuscia-system"
 ALICE_DOMAIN="alice"