-
Notifications
You must be signed in to change notification settings - Fork 188
Conversation
/lgtm |
/lgtm |
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see below comment
@@ -1230,7 +1230,7 @@ func enableTLS(tlsCfg *config.Security) bool { | |||
return false | |||
} | |||
|
|||
if len(tlsCfg.SSLCA) == 0 || len(tlsCfg.SSLCert) == 0 || len(tlsCfg.SSLKey) == 0 { | |||
if len(tlsCfg.SSLCA) == 0 { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The issue in #1555 was a MySQL client side tls issue , but this line of change is for DM server side tls config that will effect on the AdvertiseAddr
. IIUC, it's unrelated, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/pingcap/dm/pull/1560/files#diff-d42d00fe16fdbc10836731179db540c30ef59f1eb7789bf2ad3ea771554eceb5R67
The MySQL related file is in pkg/conn/basedb.go. I change this line because it's wrong for dm-master too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does dm-worker need similar change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just searched len(.*SSLCA)
, looks that's the only place left.
/hold |
The TLS issue isn't completely fixed. I got another similar error from worker side when I tried to create a migration task. Please update the TLS code for dumper/loader/syncer as well. example errror:
@lichunzhu Would you please test the whole migration procedure after you fixed the rest? Much appreciated! |
The above |
@coderplay This commit d0a90a3 will fix the problem for heartbeat. |
@coderplay: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
@coderplay: In response to this: Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the ti-community-infra/tichi repository. |
seems I don't have permission to approve, but LGTM! |
@lichunzhu please fix CI |
CI will be fixed in #1575. |
@lichunzhu: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
replaced by #1575
What problem does this PR solve?
fix #1555
What is changed and how it works?
Set TLS too even if we only have
ssl-ca
.Check List
Tests
This works fine on my PC mysql with
require_secure_transport=ON
.Related changes