Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
SSL can't be properly tested while there is a crash in EE: tarantool/tarantool-ee#109. Part of #325 @TarantoolBot document Title: vshard: multilisten and SSL Multilisten is a feature which allows Tarantool to listen on multiple ports at the same time (>= Tarantool 2.10.0-beta2). SSL is a Tarantool Enterprise feature which allows to encrypt the traffic. The features are united by the fact that `box.cfg.listen` is not equal to what is used for connecting to the instance. In case of multilisten `box.cfg.listen` is an array of URIs while `replica_object.uri` in vshard config should be a single URI. In case of SSL `box.cfg.listen` should have a certificate and a private key and an optional password. The connect-URI can have no options, or have a CA-certificate to validate the server, or have an own cert and a private key to be validated by the server. Other combinations of parameters might be possible. To use the features there are 2 ways. The first way - in the common section of vshard config specify only `replica_object.uri` values. Then on the needed storages pass the `listen` option in the root of the config. It works for all `box.cfg` options, not only for `listen`. Example of multilisten usage: ```Lua -- For storage_1_a: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, listen = { 'storage:storage@127.0.0.1:3301', 'storage:storage@127.0.0.1:3302', }, } -- For other storages and all routers: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, } ``` Similar with SSL. The second way - use a new config option: `replica_object.listen`. Example of SSL usage (Tarantool Enterprise only): ```Lua { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = { 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_ca_file = ca_file, } }, listen = { 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_cert_file = cert_1_a_file, ssl_key_file = key_1_a_file, } }, name = 'storage_1_a', }, }, }, }, } ``` Similar with multilisten. All routers and other storages will use the value in `uri` to connect to the instance. The instance itself will use the value from `listen` for `box.cfg.listen`. VShard supports multilisten and SSL since 0.1.20 (not released yet).
- Loading branch information