Remove Redis protected mode (#3073)

Follow-up to #2925 and #2952. Removes the Redis protected mode implementation from Ray which was replaced by Redis port authentication.

python/ray/scripts/scripts.py

@@ -279,7 +279,6 @@ def start(node_ip_address, redis_address, redis_port, num_redis_shards,
             resources=resources,
             num_redis_shards=num_redis_shards,
             redis_max_clients=redis_max_clients,
-            redis_protected_mode=False,
             redis_password=redis_password,
             include_webui=(not no_ui),
             plasma_directory=plasma_directory,

python/ray/services.py

@@ -26,11 +26,11 @@ import ray.plasma
 
 from ray.tempfile_services import (
     get_ipython_notebook_path, get_logs_dir_path, get_raylet_socket_name,
-    get_temp_redis_config_path, get_temp_root, new_global_scheduler_log_file,
-    new_local_scheduler_log_file, new_log_monitor_log_file,
-    new_monitor_log_file, new_plasma_manager_log_file,
-    new_plasma_store_log_file, new_raylet_log_file, new_redis_log_file,
-    new_webui_log_file, new_worker_log_file, set_temp_root)
+    get_temp_root, new_global_scheduler_log_file, new_local_scheduler_log_file,
+    new_log_monitor_log_file, new_monitor_log_file,
+    new_plasma_manager_log_file, new_plasma_store_log_file,
+    new_raylet_log_file, new_redis_log_file, new_webui_log_file,
+    new_worker_log_file, set_temp_root)
 
 PROCESS_TYPE_MONITOR = "monitor"
 PROCESS_TYPE_LOG_MONITOR = "log_monitor"
@@ -434,7 +434,6 @@ def start_redis(node_ip_address,
                 redirect_output=False,
                 redirect_worker_output=False,
                 cleanup=True,
-                protected_mode=False,
                 password=None,
                 use_credis=None):
     """Start the Redis global state store.
@@ -497,7 +496,6 @@ def start_redis(node_ip_address,
             stdout_file=redis_stdout_file,
             stderr_file=redis_stderr_file,
             cleanup=cleanup,
-            protected_mode=protected_mode,
             password=password)
     else:
         assigned_port, _ = _start_redis_instance(
@@ -507,7 +505,6 @@ def start_redis(node_ip_address,
             stdout_file=redis_stdout_file,
             stderr_file=redis_stderr_file,
             cleanup=cleanup,
-            protected_mode=protected_mode,
             executable=CREDIS_EXECUTABLE,
             # It is important to load the credis module BEFORE the ray module,
             # as the latter contains an extern declaration that the former
@@ -553,7 +550,6 @@ def start_redis(node_ip_address,
                 stdout_file=redis_stdout_file,
                 stderr_file=redis_stderr_file,
                 cleanup=cleanup,
-                protected_mode=protected_mode,
                 password=password)
         else:
             assert num_redis_shards == 1, \
@@ -566,7 +562,6 @@ def start_redis(node_ip_address,
                 stdout_file=redis_stdout_file,
                 stderr_file=redis_stderr_file,
                 cleanup=cleanup,
-                protected_mode=protected_mode,
                 password=password,
                 executable=CREDIS_EXECUTABLE,
                 # It is important to load the credis module BEFORE the ray
@@ -593,22 +588,6 @@ def start_redis(node_ip_address,
     return redis_address, redis_shards
 
 
-def _make_temp_redis_config(node_ip_address):
-    """Create a configuration file for Redis.
-
-    Args:
-        node_ip_address: The IP address of this node. This should not be
-            127.0.0.1.
-    """
-    redis_config_name = get_temp_redis_config_path()
-    with open(redis_config_name, 'w') as f:
-        # This allows redis clients on the same machine to connect using the
-        # node's IP address as opposed to just 127.0.0.1. This is only relevant
-        # when the server is in protected mode.
-        f.write("bind 127.0.0.1 {}".format(node_ip_address))
-    return redis_config_name
-
-
 def _start_redis_instance(node_ip_address="127.0.0.1",
                           port=None,
                           redis_max_clients=None,
@@ -616,7 +595,6 @@ def _start_redis_instance(node_ip_address="127.0.0.1",
                           stdout_file=None,
                           stderr_file=None,
                           cleanup=True,
-                          protected_mode=False,
                           password=None,
                           executable=REDIS_EXECUTABLE,
                           modules=None):
@@ -637,10 +615,6 @@ def _start_redis_instance(node_ip_address="127.0.0.1",
         cleanup (bool): True if using Ray in local mode. If cleanup is true,
             then this process will be killed by serices.cleanup() when the
             Python process that imported services exits.
-        protected_mode: True if we should start the Redis server in protected
-            mode. This will prevent clients on other machines from connecting
-            and is only used when the Redis servers are started via ray.init()
-            as opposed to ray start.
         password (str): Prevents external clients without the password
             from connecting to Redis if provided.
         executable (str): Full path tho the redis-server executable.
@@ -668,9 +642,6 @@ def _start_redis_instance(node_ip_address="127.0.0.1",
     else:
         port = new_port()
 
-    if protected_mode:
-        redis_config_filename = _make_temp_redis_config(node_ip_address)
-
     load_module_args = []
     for module in modules:
         load_module_args += ["--loadmodule", module]
@@ -681,8 +652,6 @@ def _start_redis_instance(node_ip_address="127.0.0.1",
 
         # Construct the command to start the Redis server.
         command = [executable]
-        if protected_mode:
-            command += [redis_config_filename]
         if password:
             command += ["--requirepass", password]
         command += (
@@ -713,8 +682,7 @@ def _start_redis_instance(node_ip_address="127.0.0.1",
 
     # Configure Redis to not run in protected mode so that processes on other
     # hosts can connect to it. TODO(rkn): Do this in a more secure way.
-    if not protected_mode:
-        redis_client.config_set("protected-mode", "no")
+    redis_client.config_set("protected-mode", "no")
 
     # If redis_max_clients is provided, attempt to raise the number of maximum
     # number of Redis clients.
@@ -1378,7 +1346,6 @@ def start_ray_processes(address_info=None,
                         object_store_memory=None,
                         num_redis_shards=1,
                         redis_max_clients=None,
-                        redis_protected_mode=False,
                         redis_password=None,
                         worker_path=None,
                         cleanup=True,
@@ -1422,9 +1389,6 @@ def start_ray_processes(address_info=None,
             the primary Redis shard.
         redis_max_clients: If provided, attempt to configure Redis with this
             maxclients number.
-        redis_protected_mode: True if we should start Redis in protected mode.
-            This will prevent clients from other machines from connecting and
-            is only done when Redis is started via ray.init().
         redis_password (str): Prevents external clients without the password
             from connecting to Redis if provided.
         worker_path (str): The path of the source code that will be run by the
@@ -1512,7 +1476,6 @@ def start_ray_processes(address_info=None,
             redirect_output=True,
             redirect_worker_output=redirect_worker_output,
             cleanup=cleanup,
-            protected_mode=redis_protected_mode,
             password=redis_password)
         address_info["redis_address"] = redis_address
         time.sleep(0.1)
@@ -1820,7 +1783,6 @@ def start_ray_head(address_info=None,
                    resources=None,
                    num_redis_shards=None,
                    redis_max_clients=None,
-                   redis_protected_mode=False,
                    redis_password=None,
                    include_webui=True,
                    plasma_directory=None,
@@ -1870,9 +1832,6 @@ def start_ray_head(address_info=None,
             the primary Redis shard.
         redis_max_clients: If provided, attempt to configure Redis with this
             maxclients number.
-        redis_protected_mode: True if we should start Redis in protected mode.
-            This will prevent clients from other machines from connecting and
-            is only done when Redis is started via ray.init().
         redis_password (str): Prevents external clients without the password
             from connecting to Redis if provided.
         include_webui: True if the UI should be started and false otherwise.
@@ -1914,7 +1873,6 @@ def start_ray_head(address_info=None,
         resources=resources,
         num_redis_shards=num_redis_shards,
         redis_max_clients=redis_max_clients,
-        redis_protected_mode=redis_protected_mode,
         redis_password=redis_password,
         plasma_directory=plasma_directory,
         huge_pages=huge_pages,

python/ray/tempfile_services.py

@@ -156,13 +156,6 @@ def get_ipython_notebook_path(port):
     return new_notebook_directory, webui_url, token
 
 
-def get_temp_redis_config_path():
-    """Get a temp name of the redis config file."""
-    redis_config_name = make_inc_temp(
-        prefix="redis_conf", directory_name=get_temp_root())
-    return redis_config_name
-
-
 def new_log_files(name, redirect_output):
     """Generate partially randomized filenames for log files.