Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support TLS for components and downstream db #931

Merged
merged 4 commits into from
Mar 17, 2020
Merged

support TLS for components and downstream db #931

merged 4 commits into from
Mar 17, 2020

Conversation

july2993
Copy link
Contributor

@july2993 july2993 commented Mar 15, 2020
edited
Loading

What problem does this PR solve?

What is changed and how it works?

pick #894 #904 #927

Check List

Tests

  • Unit test
  • Integration test

Code changes

Side effects

Related changes

  • Need to update the documentation
  • Need to be included in the release note

@july2993
support TLS for components (#904)
738f0ca 
truely support TLS for components.
before this pr if enable TLS for components

- `tidb` will fail to connect to `pump`
- no TLS between drainer and pump
- no enable TLS for tikv client in `drainer`
- `binlogctl` can't work actually
...

[relate docs](https://pingcap.com/docs/stable/how-to/secure/enable-tls-between-components/) ([Chinese version](https://pingcap.com/docs-cn/stable/how-to/secure/enable-tls-between-components/))
This Commit:
- properly handle things about TLS when enabling TLS
- enable TLS in the integration tests
- log pump config at startup time
@july2993
Support TLS to connect mysql/TiDB (#894)
7e30098
@july2993
Reload cert/key for every new conn (#927)
b3654f4 
* Reload cert/key for every new conn

support reload cluster/downstream  TLS cert/key.
CA still can not be hot-reload now

* expand the loop
@july2993
Copy link
Contributor Author

/run-all-tests

@july2993
Copy link
Contributor Author

/run-all-tests

@WangXiangUSTC
Copy link
Contributor

LGTM

@IANTHEREAL IANTHEREAL merged commit b9a8759 into release-3.0 Mar 17, 2020
@IANTHEREAL IANTHEREAL deleted the tls3.0 branch March 17, 2020 13:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@WangXiangUSTC WangXiangUSTC Awaiting requested review from WangXiangUSTC

Assignees
No one assigned
Labels
status/LGT1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@july2993 @WangXiangUSTC @IANTHEREAL