Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lightning: support Re/ReregisterMySQL by different tls name #30463

Merged
merged 10 commits into from
Dec 8, 2021
Merged

lightning: support Re/ReregisterMySQL by different tls name #30463

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
b34551c
lightning: support Re/ReregisterMySQL by different name
Ehco1996 Dec 7, 2021
a176e2d
fix typo
Ehco1996 Dec 7, 2021
fa72193
address comment
Ehco1996 Dec 7, 2021
53470e2
Update br/pkg/lightning/config/config.go
Ehco1996 Dec 7, 2021
493b630
try fix datarace
Ehco1996 Dec 8, 2021
f900cfa
Merge branch 'master' into lightning-tls
Ehco1996 Dec 8, 2021
ec58788
fix a test
Ehco1996 Dec 8, 2021
cd8752b
Update br/pkg/lightning/config/config.go
Ehco1996 Dec 8, 2021
78666ab
Merge branch 'master' into lightning-tls
ti-chi-bot Dec 8, 2021
529496e
Merge branch 'master' into lightning-tls
Ehco1996 Dec 8, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 20 additions & 7 deletions br/pkg/lightning/config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -552,27 +552,40 @@ type Security struct {
KeyPath string `toml:"key-path" json:"key-path"`
// RedactInfoLog indicates that whether enabling redact log
RedactInfoLog bool `toml:"redact-info-log" json:"redact-info-log"`

// this is used to set tls config for lightning in DM
Ehco1996 marked this conversation as resolved.
Show resolved Hide resolved
// DM may running many lightning instances at same time, so we need to set different tls config name for each lightning
TLSConfigName string `toml:"tls-config-name" json:"tls-config-name"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

seems you didn't change the DSN (param.Connect()) to use this TLSConfigName

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this config something that a user wants to change, or just to be automatically assigned by DM?

if latter i suggest hiding this config from TOML.

}

// RegistersMySQL registers (or deregisters) the TLS config with name "cluster"
// RegistersMySQL registers the TLS config with name "cluster" or security.TLSConfigName
Ehco1996 marked this conversation as resolved.
Show resolved Hide resolved
// for use in `sql.Open()`. This method is goroutine-safe.
func (sec *Security) RegisterMySQL() error {
if sec == nil {
return nil
}
if sec.TLSConfigName == "" {
sec.TLSConfigName = "cluster" // this the default value in Config.TiDB.TLS, see more in `CheckAndAdjustSecurity`
}
tlsConfig, err := common.ToTLSConfig(sec.CAPath, sec.CertPath, sec.KeyPath)
switch {
case err != nil:
if err != nil {
return errors.Trace(err)
case tlsConfig != nil:
}
if tlsConfig != nil {
// error happens only when the key coincides with the built-in names.
_ = gomysql.RegisterTLSConfig("cluster", tlsConfig)
default:
gomysql.DeregisterTLSConfig("cluster")
_ = gomysql.RegisterTLSConfig(sec.TLSConfigName, tlsConfig)
}
return nil
}

// DeregisterMySQL deregisters the TLS config with security.TLSConfigName
func (sec *Security) DeregisterMySQL() {
if sec == nil {
Ehco1996 marked this conversation as resolved.
Show resolved Hide resolved
return
}
gomysql.DeregisterTLSConfig(sec.TLSConfigName)
}

// A duration which can be deserialized from a TOML string.
// Implemented as https://github.com/BurntSushi/toml#using-the-encodingtextunmarshaler-interface
type Duration struct {
Expand Down
9 changes: 9 additions & 0 deletions br/pkg/lightning/config/config_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,6 +307,15 @@ func (s *configTestSuite) TestAdjustSecuritySection(c *C) {
expectedCA: "",
expectedTLS: "skip-verify",
},
{
input: `
[security]
ca-path = "/path/to/ca.pem"
tls-config-name = "third-name"
`,
expectedCA: "/path/to/ca.pem",
expectedTLS: "cluster",
}, // test set tls-config-name not affects TiDB.TLS
}

for _, tc := range testCases {
Expand Down
5 changes: 1 addition & 4 deletions br/pkg/lightning/lightning.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -274,10 +274,7 @@ func (l *Lightning) run(taskCtx context.Context, taskCfg *config.Config, g glue.
if taskCfg.TiDB.Security == nil {
return
}
taskCfg.TiDB.Security.CAPath = ""
if err := taskCfg.TiDB.Security.RegisterMySQL(); err != nil {
log.L().Warn("failed to deregister TLS config", log.ShortError(err))
}
taskCfg.TiDB.Security.DeregisterMySQL()
}()

// initiation of default glue should be after RegisterMySQL, which is ready to be called after taskCfg.Adjust
Expand Down