binlog: test binlog tls manually and fix bug

pingcap · Feb 21, 2020 · 1dd2f35 · 1dd2f35
1 parent 6a589e2
commit 1dd2f35
Show file tree

Hide file tree

Showing 11 changed files with 20 additions and 17 deletions.
diff --git a/charts/tidb-cluster/templates/_helpers.tpl b/charts/tidb-cluster/templates/_helpers.tpl
@@ -128,9 +128,9 @@ pump-config: |-
 {{ .Values.binlog.pump.config | indent 2 }}
     {{- if .Values.enableTLSCluster }}
   [security]
-  cacert-path = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
-  cert-path = "/var/lib/pump-tls/cert"
-  key-path = "/var/lib/pump-tls/key"
+  ssl-ca = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+  ssl-cert = "/var/lib/pump-tls/cert"
+  ssl-key = "/var/lib/pump-tls/key"
     {{- end -}}
     {{- else -}}
 {{ tuple "config/_pump-config.tpl" . | include "helm-toolkit.utils.template" | indent 2 }}

diff --git a/charts/tidb-cluster/templates/config/_drainer-config.tpl b/charts/tidb-cluster/templates/config/_drainer-config.tpl
@@ -40,7 +40,7 @@ txn-batch = {{ .Values.binlog.drainer.txnBatch | default 20 }}
 # to get higher throughput by higher concurrent write to the downstream
 worker-count = {{ .Values.binlog.drainer.workerCount | default 16 }}
 
-disable-dispatch = {{ .Values.binlog.drainer.disableDispatch | default false }}
+enable-dispatch = {{ .Values.binlog.drainer.enableDispatch | default false }}
 
 # safe mode will split update to delete and insert
 safe-mode = {{ .Values.binlog.drainer.safeMode | default false }}

diff --git a/charts/tidb-cluster/templates/config/_pump-config.tpl b/charts/tidb-cluster/templates/config/_pump-config.tpl
@@ -42,6 +42,6 @@ ssl-ca = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
 # Path of file that contains X509 certificate in PEM format for connection with cluster components.
 ssl-cert = "/var/lib/pump-tls/cert.pem"
 # Path of file that contains X509 key in PEM format for connection with cluster components.
-key-path = "/var/lib/pump-tls/key.pem"
+ssl-key = "/var/lib/pump-tls/key.pem"
 {{- end -}}
 
diff --git a/charts/tidb-cluster/templates/scripts/_start_drainer.sh.tpl b/charts/tidb-cluster/templates/scripts/_start_drainer.sh.tpl
@@ -29,7 +29,7 @@ done
 -pd-urls={{ template "cluster.scheme" . }}://{{ template "cluster.name" . }}-pd:2379 \
 -addr=`echo ${HOSTNAME}`.{{ template "cluster.name" . }}-drainer:8249 \
 -config=/etc/drainer/drainer.toml \
--disable-detect={{ .Values.binlog.drainer.disableDetect | default false }} \
+-enable-detect={{ .Values.binlog.drainer.enableDetect | default true }} \
 -initial-commit-ts={{ .Values.binlog.drainer.initialCommitTs | default 0 }} \
 -data-dir=/data \
 -log-file=
diff --git a/charts/tidb-cluster/values.yaml b/charts/tidb-cluster/values.yaml
@@ -642,9 +642,9 @@ binlog:
     # the interval time (in seconds) of detect pumps' status (default 10)
     detectInterval: 10
     # disbale detect causality
-    disableDetect: false
+    enableDetect: false
     # disable dispatching sqls that in one same binlog; if set true, work-count and txn-batch would be useless
-    disableDispatch: false
+    enableDispatch: false
     # # disable sync these schema
     ignoreSchemas: "INFORMATION_SCHEMA,PERFORMANCE_SCHEMA,mysql,test"
     # if drainer donesn't have checkpoint, use initial commitTS to initial checkpoint
@@ -685,7 +685,7 @@ binlog:
     #   detect-interval = 10
     #   [syncer]
     #   worker-count = 16
-    #   disable-dispatch = false
+    #   enable-dispatch = true
     #   ignore-schemas = "INFORMATION_SCHEMA,PERFORMANCE_SCHEMA,mysql"
     #   safe-mode = false
     #   txn-batch = 20

diff --git a/charts/tidb-drainer/templates/scripts/_start_drainer.sh.tpl b/charts/tidb-drainer/templates/scripts/_start_drainer.sh.tpl
@@ -29,7 +29,7 @@ done
 -pd-urls={{ include "cluster.scheme" . }}://{{ .Values.pdServiceAddr }}:2379 \
 -addr=`echo ${HOSTNAME}`.{{ include "drainer.name" . }}:8249 \
 -config=/etc/drainer/drainer.toml \
--disable-detect={{ .Values.disableDetect | default false }} \
+-enable-detect={{ .Values.enableDetect | default true }} \
 -initial-commit-ts={{ .Values.initialCommitTs | default 0 }} \
 -data-dir=/data \
 -log-file=""
diff --git a/charts/tidb-drainer/values.yaml b/charts/tidb-drainer/values.yaml
@@ -20,7 +20,7 @@ logLevel: info
 storageClassName: local-storage
 storage: 10Gi
 # disbale detect causality
-disableDetect: false
+enableDetect: true
 # if drainer donesn't have checkpoint, use initial commitTS to initial checkpoint
 initialCommitTs: 0
 
@@ -30,15 +30,15 @@ initialCommitTs: 0
 enableTLSCluster: true
 
 # Pd cluster address pointed to by drainer
-pdServiceAddr: "127.0.0.1"
+pdServiceAddr: "cluster1-pd.cluster1"
 
 # Refer to https://github.com/pingcap/tidb-binlog/blob/master/cmd/drainer/drainer.toml
 config: |
   detect-interval = 10
   compressor = ""
   [syncer]
   worker-count = 16
-  disable-dispatch = false
+  enable-dispatch = true
   ignore-schemas = "INFORMATION_SCHEMA,PERFORMANCE_SCHEMA,mysql"
   safe-mode = false
   txn-batch = 20

diff --git a/go.mod b/go.mod
@@ -69,7 +69,6 @@ require (
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 // indirect
 	gocloud.dev v0.18.0
-	golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e
 	gomodules.xyz/jsonpatch/v2 v2.0.1
 	gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce // indirect
 	gopkg.in/yaml.v2 v2.2.4
@@ -88,7 +87,7 @@ require (
 	k8s.io/kubernetes v1.16.0
 	k8s.io/utils v0.0.0-20190801114015-581e00157fb1
 	sigs.k8s.io/apiserver-builder-alpha v0.0.0-20191113095113-4493943d2568
-	sigs.k8s.io/apiserver-builder-alpha/cmd v0.0.0-20191113095113-4493943d2568
+	sigs.k8s.io/apiserver-builder-alpha/cmd v0.0.0-20191113095113-4493943d2568 // indirect
 	sigs.k8s.io/controller-runtime v0.4.0
 )
 

diff --git a/hack/create-cert.sh b/hack/create-cert.sh
@@ -61,6 +61,9 @@ subjectAltName = @alt_names
 DNS.1 = ${service}
 DNS.2 = ${service}.${namespace}
 DNS.3 = ${service}.${namespace}.svc
+DNS.4 = *.${service}
+DNS.5 = *.${service}.${namespace}
+DNS.5 = *.${service}.${namespace}.svc
 IP.1 = 127.0.0.1
 EOF
 
@@ -84,6 +87,7 @@ spec:
   - digital signature
   - key encipherment
   - server auth
+  - client auth
 EOF
 
  # verify CSR has been created

diff --git a/tests/actions.go b/tests/actions.go
@@ -2838,7 +2838,7 @@ func (oa *operatorActions) DeployIncrementalBackup(from *TidbClusterConfig, to *
 				`compressor = ""`,
 				`[syncer]`,
 				`worker-count = 16`,
-				`disable-dispatch = false`,
+				`enable-dispatch = true`,
 				`ignore-schemas = "INFORMATION_SCHEMA,PERFORMANCE_SCHEMA,mysql"`,
 				`safe-mode = false`,
 				`txn-batch = 20`,

diff --git a/tests/util.go b/tests/util.go
@@ -152,7 +152,7 @@ config: |
   compressor = ""
   [syncer]
   worker-count = 16
-  disable-dispatch = false
+  enable-dispatch = true
   ignore-schemas = "INFORMATION_SCHEMA,PERFORMANCE_SCHEMA,mysql"
   safe-mode = false
   txn-batch = 20