add gencert_ray.sh to vllm image

[Jooho]

Description

To support ray cluster tls feature, it needs a script for generating certificate when the vllm image starts.
This PR add the script and update Dockerfile to copy the file into /etc/ folder.

This file is pre-requirement for this ticket - opendatahub-io/odh-model-controller#314

How Has This Been Tested?

CA cert will be provided through odh-model-controller and mounted by servingruntime template.
POD_NAMESPACE and POD_IP will be set by template too.

The following script verify the script is working well.

export RAY_CERT_DIR=/tmp/test/ray
export RAY_CA_CERT_DIR=/tmp/test/ca
export POD_NAMESPACE=test
export POD_IP=192.168.0.1


mkdir -p $RAY_CERT_DIR
mkdir -p $RAY_CA_CERT_DIR

# generate test ca cert
touch $RAY_CA_CERT_DIR/index.txt && echo 1000 > $RAY_CA_CERT_DIR/serial
openssl genrsa -out $RAY_CA_CERT_DIR/tls.key 4096
openssl req -new -key $RAY_CA_CERT_DIR/tls.key -out $RAY_CA_CERT_DIR/tls.csr -subj "/C=US/ST=California/L=San Francisco/O=MyCompany/OU=IT/CN=My Root CA"
openssl x509 -req -days 3650 -in $RAY_CA_CERT_DIR/tls.csr -signkey $RAY_CA_CERT_DIR/tls.key -out $RAY_CA_CERT_DIR/tls.crt
openssl x509 -in $RAY_CA_CERT_DIR/tls.crt -text -noout

# generate ray cert
./tools/gencert_ray.sh

# verify the ray cert by ca cert
openssl verify -CAfile $RAY_CA_CERT_DIR/tls.crt $RAY_CERT_DIR/tls.crt

# verify the SNI
openssl x509 -in $RAY_CERT_DIR/tls.crt -text|grep $POD_NAMESPACE -q && echo "Success" ||echo "Fail"
openssl x509 -in $RAY_CERT_DIR/tls.crt -text|grep $POD_IP -q && echo "Success" ||echo "Fail"

Merge criteria:

• The commits are squashed in a cohesive manner and have meaningful messages.
• Testing instructions have been added in the PR body (for PRs involving changes that are not immediately obvious).
• The developer has manually tested the changes and verified that the changes work

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Jooho
Once this PR has been reviewed and has the lgtm label, please assign rh-steve-grubb for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@Jooho: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/smoke-test	15abd61	link	true	/test smoke-test
ci/prow/images	15abd61	link	true	/test images

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[Jooho]

Please do not merge by next Monday(1/6)

[Jooho]

Changed a plan to achieve this so I close this for now.