From fac49bd0ad3f28ab601ad8e72692bf28615ee217 Mon Sep 17 00:00:00 2001 From: pingcap-github-bot Date: Tue, 17 Mar 2020 20:50:08 +0800 Subject: [PATCH] *: use https protocol between tidb-pd tidb-tidb when cluster-ssl configured (#15342) (#15419) --- server/http_handler.go | 14 ++++++++------ server/http_status.go | 3 ++- store/helper/helper.go | 19 ++++++++----------- tidb-server/main.go | 3 +++ util/misc.go | 37 +++++++++++++++++++++++++++++++++++++ 5 files changed, 58 insertions(+), 18 deletions(-) diff --git a/server/http_handler.go b/server/http_handler.go index 499d9fe2c48c8..674f57cba233a 100644 --- a/server/http_handler.go +++ b/server/http_handler.go @@ -52,6 +52,7 @@ import ( "github.com/pingcap/tidb/table" "github.com/pingcap/tidb/tablecodec" "github.com/pingcap/tidb/types" + "github.com/pingcap/tidb/util" "github.com/pingcap/tidb/util/codec" "github.com/pingcap/tidb/util/logutil" "github.com/pingcap/tidb/util/pdapi" @@ -1012,8 +1013,8 @@ func (h tableHandler) addScatterSchedule(startKey, endKey []byte, name string) e if err != nil { return err } - scheduleURL := fmt.Sprintf("http://%s/pd/api/v1/schedulers", pdAddrs[0]) - resp, err := http.Post(scheduleURL, "application/json", bytes.NewBuffer(v)) + scheduleURL := fmt.Sprintf("%s://%s/pd/api/v1/schedulers", util.InternalHTTPSchema(), pdAddrs[0]) + resp, err := util.InternalHTTPClient().Post(scheduleURL, "application/json", bytes.NewBuffer(v)) if err != nil { return err } @@ -1028,12 +1029,12 @@ func (h tableHandler) deleteScatterSchedule(name string) error { if err != nil { return err } - scheduleURL := fmt.Sprintf("http://%s/pd/api/v1/schedulers/scatter-range-%s", pdAddrs[0], name) + scheduleURL := fmt.Sprintf("%s://%s/pd/api/v1/schedulers/scatter-range-%s", util.InternalHTTPSchema(), pdAddrs[0], name) req, err := http.NewRequest(http.MethodDelete, scheduleURL, nil) if err != nil { return err } - resp, err := http.DefaultClient.Do(req) + resp, err := util.InternalHTTPClient().Do(req) if err != nil { return err } @@ -1201,12 +1202,13 @@ func (h tableHandler) handleDiskUsageRequest(schema infoschema.InfoSchema, tbl t startKey = codec.EncodeBytes([]byte{}, startKey) endKey = codec.EncodeBytes([]byte{}, endKey) - statURL := fmt.Sprintf("http://%s/pd/api/v1/stats/region?start_key=%s&end_key=%s", + statURL := fmt.Sprintf("%s://%s/pd/api/v1/stats/region?start_key=%s&end_key=%s", + util.InternalHTTPSchema(), pdAddrs[0], url.QueryEscape(string(startKey)), url.QueryEscape(string(endKey))) - resp, err := http.Get(statURL) + resp, err := util.InternalHTTPClient().Get(statURL) if err != nil { writeError(w, err) return diff --git a/server/http_status.go b/server/http_status.go index 30ddc3ecb74a6..32f81a15d8729 100644 --- a/server/http_status.go +++ b/server/http_status.go @@ -37,6 +37,7 @@ import ( "github.com/pingcap/parser/terror" "github.com/pingcap/tidb/config" "github.com/pingcap/tidb/kv" + "github.com/pingcap/tidb/util" "github.com/pingcap/tidb/util/logutil" "github.com/pingcap/tidb/util/printer" "github.com/prometheus/client_golang/prometheus/promhttp" @@ -123,7 +124,7 @@ func (s *Server) startHTTPServer() { host = "localhost" } baseURL := &url.URL{ - Scheme: "http", + Scheme: util.InternalHTTPSchema(), Host: fmt.Sprintf("%s:%s", host, port), } router.HandleFunc("/web/trace", traceapp.HandleTiDB).Name("Trace Viewer") diff --git a/store/helper/helper.go b/store/helper/helper.go index 6c2aac6a0ffa9..0ab7ebeed710b 100644 --- a/store/helper/helper.go +++ b/store/helper/helper.go @@ -30,15 +30,12 @@ import ( "github.com/pingcap/tidb/store/tikv" "github.com/pingcap/tidb/store/tikv/tikvrpc" "github.com/pingcap/tidb/tablecodec" + "github.com/pingcap/tidb/util" "github.com/pingcap/tidb/util/logutil" "github.com/pingcap/tidb/util/pdapi" "go.uber.org/zap" ) -const ( - protocol = "http://" -) - // Helper is a middleware to get some information from tikv/pd. It can be used for TiDB's http api or mem table. type Helper struct { Store tikv.Storage @@ -119,11 +116,11 @@ func (h *Helper) FetchHotRegion(rw string) (map[uint64]RegionMetric, error) { if len(pdHosts) == 0 { return nil, errors.New("pd unavailable") } - req, err := http.NewRequest("GET", protocol+pdHosts[0]+rw, nil) + req, err := http.NewRequest("GET", util.InternalHTTPSchema()+"://"+pdHosts[0]+rw, nil) if err != nil { return nil, errors.Trace(err) } - resp, err := http.DefaultClient.Do(req) + resp, err := util.InternalHTTPClient().Do(req) if err != nil { return nil, errors.Trace(err) } @@ -431,12 +428,12 @@ func (h *Helper) requestPD(method, uri string, body io.Reader, res interface{}) return errors.New("pd unavailable") } - logutil.Logger(context.Background()).Debug("RequestPD URL", zap.String("url", protocol+pdHosts[0]+uri)) - req, err := http.NewRequest(method, protocol+pdHosts[0]+uri, body) + logutil.Logger(context.Background()).Debug("RequestPD URL", zap.String("url", util.InternalHTTPSchema()+"://"+pdHosts[0]+uri)) + req, err := http.NewRequest(method, util.InternalHTTPSchema()+"://"+pdHosts[0]+uri, body) if err != nil { return errors.Trace(err) } - resp, err := http.DefaultClient.Do(req) + resp, err := util.InternalHTTPClient().Do(req) if err != nil { return errors.Trace(err) } @@ -511,11 +508,11 @@ func (h *Helper) GetStoresStat() (*StoresStat, error) { if len(pdHosts) == 0 { return nil, errors.New("pd unavailable") } - req, err := http.NewRequest("GET", protocol+pdHosts[0]+pdapi.Stores, nil) + req, err := http.NewRequest("GET", util.InternalHTTPSchema()+"://"+pdHosts[0]+pdapi.Stores, nil) if err != nil { return nil, errors.Trace(err) } - resp, err := http.DefaultClient.Do(req) + resp, err := util.InternalHTTPClient().Do(req) if err != nil { return nil, errors.Trace(err) } diff --git a/tidb-server/main.go b/tidb-server/main.go index e13f0ce99a826..15e0e8602721d 100644 --- a/tidb-server/main.go +++ b/tidb-server/main.go @@ -49,6 +49,7 @@ import ( "github.com/pingcap/tidb/store/mockstore" "github.com/pingcap/tidb/store/tikv" "github.com/pingcap/tidb/store/tikv/gcworker" + "github.com/pingcap/tidb/util" "github.com/pingcap/tidb/util/logutil" "github.com/pingcap/tidb/util/memory" "github.com/pingcap/tidb/util/printer" @@ -539,6 +540,8 @@ func setupLog() { err = logutil.InitLogger(cfg.Log.ToLogConfig()) terror.MustNil(err) + // trigger internal http(s) client init. + util.InternalHTTPClient() } func printInfo() { diff --git a/util/misc.go b/util/misc.go index 743b58fa24a58..56f8814bb5127 100644 --- a/util/misc.go +++ b/util/misc.go @@ -20,9 +20,11 @@ import ( "crypto/x509/pkix" "fmt" "io/ioutil" + "net/http" "runtime" "strconv" "strings" + "sync" "time" "github.com/pingcap/errors" @@ -30,6 +32,7 @@ import ( "github.com/pingcap/parser/model" "github.com/pingcap/parser/mysql" "github.com/pingcap/parser/terror" + "github.com/pingcap/tidb/config" "github.com/pingcap/tidb/util/logutil" "go.uber.org/zap" ) @@ -349,3 +352,37 @@ func IsTLSExpiredError(err error) bool { } return true } + +var ( + internalClientInit sync.Once + internalHTTPClient *http.Client + internalHTTPSchema string +) + +// InternalHTTPClient is used by TiDB-Server to request other components. +func InternalHTTPClient() *http.Client { + internalClientInit.Do(initInternalClient) + return internalHTTPClient +} + +// InternalHTTPSchema specifies use http or https to request other components. +func InternalHTTPSchema() string { + internalClientInit.Do(initInternalClient) + return internalHTTPSchema +} + +func initInternalClient() { + tlsCfg, err := config.GetGlobalConfig().Security.ToTLSConfig() + if err != nil { + logutil.Logger(context.Background()).Fatal("could not load cluster ssl", zap.Error(err)) + } + if tlsCfg == nil { + internalHTTPSchema = "http" + internalHTTPClient = http.DefaultClient + return + } + internalHTTPSchema = "https" + internalHTTPClient = &http.Client{ + Transport: &http.Transport{TLSClientConfig: tlsCfg}, + } +}