Support transport parameters in the netbox connections #325
Assignees
Labels
teamS
Scaling
Comments
Gerold103
added a commit
that referenced
this issue
May 9, 2022
Since 2.10.0-beta2 URI in all APIs can be passed not only as a string or number but also as a table. The table can be used to pass options like transport type (plain, SSL), encryption certificate and key, and potentially more. VShard always supported only string URIs but now it allows numbers and tables as well. In the config the replica_object.uri field is affected by the change. Part of #325
Gerold103
added a commit
that referenced
this issue
May 9, 2022
The test function used to return 2 values: config and its meta. The meta can be used to retrieve certain sections of the config by name, without knowing the automatically generated UUIDs. The approach with 2 values return appeared to be too clumsy in the next patches. It would be easier to operate on a single value which contains meta and cfg in it. Part of #325
Gerold103
added a commit
that referenced
this issue
May 9, 2022
SSL can't be properly tested while there is a crash in EE: tarantool/tarantool-ee#109. Part of #325 @TarantoolBot document Title: vshard: multilisten and SSL Multilisten is a feature which allows Tarantool to listen on multiple ports at the same time. SSL is a Tarantool Enterprise feature which allows to encrypt the traffic. The features are united by the fact that `box.cfg.listen` is not equal to what is used for connecting to the instance. In case of multilisten `box.cfg.listen` is an array of URIs while `replica_object.uri` in vshard config should be a single URI. In case of SSL `box.cfg.listen` should have a certificate and a private key and an optional password. The connect-URI can have no options, or have a CA-certificate to validate the server, or have an own cert and a private key to be validated by the server. Other combinations of parameters might be possible. To use the features there are 2 ways. The first way - in the common section of vshard config specify only `replica_object.uri` values. Then on the needed storages pass the `listen` option the root of the config. It works for all `box.cfg` options, not only for listen. Example of multilisten usage (>= Tarantool 2.10.0-beta2): ```Lua -- For storage_1_a: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, listen = { 'storage:storage@127.0.0.1:3301', 'storage:storage@127.0.0.1:3302', }, } -- For other nodes: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, } ``` The second way - use a new config option: `replica_object.listen`. Example of SSL usage (Tarantool Enterprise only): ```Lua { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = { 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_ca_file = ca_file, } }, listen = { 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_cert_file = cert_1_a_file, ssl_key_file = key_1_a_file, } }, name = 'storage_1_a', }, }, }, }, } ``` Example of multilisten usage: ```Lua { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', listen = { 'storage:storage@127.0.0.1:3301', 'storage:storage@127.0.0.1:3302', }, name = 'storage_1_a', }, }, }, }, } ``` All routers and other storages will use the value in `uri` to connect to the instance. The instance itself will use the value from `listen` for `box.cfg.listen`. VShard supports multilisten and SSL since 0.1.20 (not released yet).
Gerold103
added a commit
that referenced
this issue
May 9, 2022
URI comparison is used in order not to recreate netbox connections
on storage/router reconfig. For tables it wasn't working properly
when compared the tables by values. The patch introduces deep
comparison. For example, now {3313} and 3313 are considered the
same URI. If such a change happened in vshard config, it won't
lead to a reconnect.
Closes #325
Gerold103
added a commit
that referenced
this issue
May 10, 2022
Since 2.10.0-beta2 URI in all APIs can be passed not only as a string or number but also as a table. The table can be used to pass options like transport type (plain, SSL), encryption certificate and key, and potentially more. VShard always supported only string URIs but now it allows numbers and tables as well. In the config the replica_object.uri field is affected by the change. Part of #325
Gerold103
added a commit
that referenced
this issue
May 10, 2022
The test function used to return 2 values: config and its meta. The meta could be used to retrieve certain sections of the config by name, without knowing the automatically generated UUIDs. The approach appeared to be too clumsy in the next patches. It would be easier to get UUIDs from the instances like this patch does. Part of #325
Gerold103
added a commit
that referenced
this issue
May 10, 2022
SSL can't be properly tested while there is a crash in EE: tarantool/tarantool-ee#109. Part of #325 @TarantoolBot document Title: vshard: multilisten and SSL Multilisten is a feature which allows Tarantool to listen on multiple ports at the same time (>= Tarantool 2.10.0-beta2). SSL is a Tarantool Enterprise feature which allows to encrypt the traffic. The features are united by the fact that `box.cfg.listen` is not equal to what is used for connecting to the instance. In case of multilisten `box.cfg.listen` is an array of URIs while `replica_object.uri` in vshard config should be a single URI. In case of SSL `box.cfg.listen` should have a certificate and a private key and an optional password. The connect-URI can have no options, or have a CA-certificate to validate the server, or have an own cert and a private key to be validated by the server. Other combinations of parameters might be possible. To use the features there are 2 ways. The first way - in the common section of vshard config specify only `replica_object.uri` values. Then on the needed storages pass the `listen` option in the root of the config. It works for all `box.cfg` options, not only for `listen`. Example of multilisten usage: ```Lua -- For storage_1_a: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, listen = { 'storage:storage@127.0.0.1:3301', 'storage:storage@127.0.0.1:3302', }, } -- For other storages and all routers: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, } ``` Similar with SSL. The second way - use a new config option: `replica_object.listen`. Example of SSL usage (Tarantool Enterprise only): ```Lua { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = { 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_ca_file = ca_file, } }, listen = { 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_cert_file = cert_1_a_file, ssl_key_file = key_1_a_file, } }, name = 'storage_1_a', }, }, }, }, } ``` Similar with multilisten. All routers and other storages will use the value in `uri` to connect to the instance. The instance itself will use the value from `listen` for `box.cfg.listen`. VShard supports multilisten and SSL since 0.1.20 (not released yet).
Gerold103
added a commit
that referenced
this issue
May 10, 2022
URI comparison is used in order not to recreate netbox connections
on storage/router reconfig. For tables it wasn't working properly
when compared the tables by values. The patch introduces deep
comparison. For example, now {3313} and 3313 are considered the
same URI. If such a change happened in vshard config, it won't
lead to a reconnect.
Closes #325
Gerold103
added a commit
that referenced
this issue
May 11, 2022
Since 2.10.0-beta2 URI in all APIs can be passed not only as a string or number but also as a table. The table can be used to pass options like transport type (plain, SSL), encryption certificate and key, and potentially more. VShard always supported only string URIs but now it allows numbers and tables as well. In the config the replica_object.uri field is affected by the change. Part of #325
Gerold103
added a commit
that referenced
this issue
May 11, 2022
The test function used to return 2 values: config and its meta. The meta could be used to retrieve certain sections of the config by name, without knowing the automatically generated UUIDs. The approach appeared to be too clumsy in the next patches. It would be easier to get UUIDs from the instances like this patch does. Part of #325
Gerold103
added a commit
that referenced
this issue
May 11, 2022
SSL can't be properly tested while there is a crash in EE: tarantool/tarantool-ee#109. Part of #325 @TarantoolBot document Title: vshard: multilisten and SSL Multilisten is a feature which allows Tarantool to listen on multiple ports at the same time (>= Tarantool 2.10.0-beta2). SSL is a Tarantool Enterprise feature which allows to encrypt the traffic. The features are united by the fact that `box.cfg.listen` is not equal to what is used for connecting to the instance. In case of multilisten `box.cfg.listen` is an array of URIs while `replica_object.uri` in vshard config should be a single URI. In case of SSL `box.cfg.listen` should have a certificate and a private key and an optional password. The connect-URI can have no options, or have a CA-certificate to validate the server, or have an own cert and a private key to be validated by the server. Other combinations of parameters might be possible. To use the features there are 2 ways. The first way - in the common section of vshard config specify only `replica_object.uri` values. Then on the needed storages pass the `listen` option in the root of the config. It works for all `box.cfg` options, not only for `listen`. Example of multilisten usage: ```Lua -- For storage_1_a: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, listen = { 'storage:storage@127.0.0.1:3301', 'storage:storage@127.0.0.1:3302', }, } -- For other storages and all routers: { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = 'storage:storage@127.0.0.1:3301', name = 'storage_1_a', }, }, }, }, } ``` Similar with SSL. The second way - use a new config option: `replica_object.listen`. Example of SSL usage (Tarantool Enterprise only): ```Lua { sharding = { ['storage_1_uuid'] = { replicas = { ['storage_1_a_uuid'] = { uri = { uri = 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_ca_file = ca_file, } }, listen = { uri = 'storage:storage@127.0.0.1:3301', params = { transport = 'plain', ssl_cert_file = cert_1_a_file, ssl_key_file = key_1_a_file, } }, name = 'storage_1_a', }, }, }, }, } ``` Similar with multilisten. All routers and other storages will use the value in `uri` to connect to the instance. The instance itself will use the value from `listen` for `box.cfg.listen`. VShard supports multilisten and SSL since 0.1.20 (not released yet).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
To support extended configuration of
net.boxconnections there should be some updates to the configuration and/or its propagation to the replicaset connection. Looks like config for router/storages can handle extension without any changes, unlike connections between router and storages.The text was updated successfully, but these errors were encountered: