Redis protected mode does not secure Redis ports

[pschafhalter]

ray.init(redis_protected_mode=True) still allows outside connections to Redis.

Steps to reproduce:

1. On remote: ray.init(redis_protected_mode=True)
2. On local:

$ telnet <remote_ip> <redis_port>
Trying 169.229.49.180...
Connected to 169.229.49.180.
Escape character is '^]'.
PING
+PONG
FLUSHALL
+OK

There's 2 causes to the issue:

1. The redis_protected_mode argument isn't propagated from init() in worker.py to start_redis() in services.py. This is a quick fix.
2. _make_temp_redis_config() which sets the Redis configuration binds to the node IP address. According to the Redis documentation, this disables Redis protected mode. Fixing this is more complicated -- because Ray processes connect to Redis via the node IP address, binding Redis to just 127.0.0.1 results in connection errors.

Solving this is tricky, but there's a few possible solutions:

1. Use Redis protected mode. On every connection, check if the head node IP address == the current node IP address. If so, use 127.0.0.1.
2. Simulate Redis protected mode by generating a password for the Redis server. Expose the password to processes on the same node.

Personally, I prefer option (2) because launching Redis with a password seems like a good feature anyway.

[robertnishihara]

Ok, I see, thanks for catching that! Let's just go with the password then.

[robertnishihara]

Fixed by #2952 and subsequent bug fix.