From 9a6e565eb86cac2eb3112c9ef466dc090bef651e Mon Sep 17 00:00:00 2001 From: Joyinqin Date: Wed, 10 Mar 2021 11:18:56 +0800 Subject: [PATCH 1/8] Update log-redaction.md --- log-redaction.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/log-redaction.md b/log-redaction.md index 588ec122d695c..71a29ada99c80 100644 --- a/log-redaction.md +++ b/log-redaction.md @@ -44,3 +44,7 @@ To enable log redaction in the TiKV side, set the value of [`security.redact-inf ## Log redaction in PD side To enable log redaction in the PD side, set the value of [`security.redact-info-log`](/pd-configuration-file.md#redact-info-log-new-in-v500-rc) to `true`. This configuration value defaults to `false`, which means that log redaction is disabled. + +## Log desensitization of TiFlash components + +To desensitize the log on the TiFlash side, you need to set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) configuration item in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) configuration item to `true`. The default values of these two configuration items are both `false`, which means that desensitization is turned off. \ No newline at end of file From d7caeb2500fb30147bd908c137f9491f4da83deb Mon Sep 17 00:00:00 2001 From: Joyinqin Date: Wed, 10 Mar 2021 11:25:11 +0800 Subject: [PATCH 2/8] Update log-redaction.md --- log-redaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log-redaction.md b/log-redaction.md index 71a29ada99c80..64c9ae6e3d435 100644 --- a/log-redaction.md +++ b/log-redaction.md @@ -47,4 +47,4 @@ To enable log redaction in the PD side, set the value of [`security.redact-info- ## Log desensitization of TiFlash components -To desensitize the log on the TiFlash side, you need to set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) configuration item in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) configuration item to `true`. The default values of these two configuration items are both `false`, which means that desensitization is turned off. \ No newline at end of file +To desensitize the log on the TiFlash side, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) configuration item in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) configuration item to `true`. The default values of these two configuration items are both `false`, which means that desensitization is disabled. \ No newline at end of file From 32503300aad262c92c508ae16f52992d7d7f8a70 Mon Sep 17 00:00:00 2001 From: Joyinqin Date: Wed, 10 Mar 2021 11:28:21 +0800 Subject: [PATCH 3/8] Update log-redaction.md --- log-redaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log-redaction.md b/log-redaction.md index 64c9ae6e3d435..61475dc740061 100644 --- a/log-redaction.md +++ b/log-redaction.md @@ -47,4 +47,4 @@ To enable log redaction in the PD side, set the value of [`security.redact-info- ## Log desensitization of TiFlash components -To desensitize the log on the TiFlash side, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) configuration item in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) configuration item to `true`. The default values of these two configuration items are both `false`, which means that desensitization is disabled. \ No newline at end of file +To desensitize the log on the TiFlash side, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that desensitization is disabled. \ No newline at end of file From be84bc5b4ff8940acdf80b663ab9a36560656014 Mon Sep 17 00:00:00 2001 From: Joyinqin Date: Wed, 10 Mar 2021 11:37:59 +0800 Subject: [PATCH 4/8] Update log-redaction.md --- log-redaction.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/log-redaction.md b/log-redaction.md index 61475dc740061..b4ee516458474 100644 --- a/log-redaction.md +++ b/log-redaction.md @@ -45,6 +45,6 @@ To enable log redaction in the TiKV side, set the value of [`security.redact-inf To enable log redaction in the PD side, set the value of [`security.redact-info-log`](/pd-configuration-file.md#redact-info-log-new-in-v500-rc) to `true`. This configuration value defaults to `false`, which means that log redaction is disabled. -## Log desensitization of TiFlash components +## Log redaction in TiFlash side -To desensitize the log on the TiFlash side, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that desensitization is disabled. \ No newline at end of file +To enable log redaction in the TiFlash side,, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that log redaction is disabled. \ No newline at end of file From 5e5ae684aa68b162f867b508903e3c46485dac36 Mon Sep 17 00:00:00 2001 From: Joyinqin Date: Wed, 10 Mar 2021 11:40:26 +0800 Subject: [PATCH 5/8] fix the link --- log-redaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log-redaction.md b/log-redaction.md index b4ee516458474..e614add55b66e 100644 --- a/log-redaction.md +++ b/log-redaction.md @@ -47,4 +47,4 @@ To enable log redaction in the PD side, set the value of [`security.redact-info- ## Log redaction in TiFlash side -To enable log redaction in the TiFlash side,, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-toml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learner-toml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that log redaction is disabled. \ No newline at end of file +To enable log redaction in the TiFlash side,, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflashtoml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learnertoml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that log redaction is disabled. \ No newline at end of file From 3fa6de3ca1b137d98e9724a04a8dfe86f15397f9 Mon Sep 17 00:00:00 2001 From: JoyinQ <56883733+Joyinqin@users.noreply.github.com> Date: Wed, 10 Mar 2021 14:02:32 +0800 Subject: [PATCH 6/8] Apply suggestions from code review Co-authored-by: JaySon --- log-redaction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/log-redaction.md b/log-redaction.md index e614add55b66e..9b82706e09fc2 100644 --- a/log-redaction.md +++ b/log-redaction.md @@ -47,4 +47,4 @@ To enable log redaction in the PD side, set the value of [`security.redact-info- ## Log redaction in TiFlash side -To enable log redaction in the TiFlash side,, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflashtoml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learnertoml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that log redaction is disabled. \ No newline at end of file +To enable log redaction in the TiFlash side, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflashtoml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learnertoml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that log redaction is disabled. From 5cc5edaa24df87f51ba888285a53c5c6f1d6999a Mon Sep 17 00:00:00 2001 From: TomShawn <41534398+TomShawn@users.noreply.github.com> Date: Wed, 10 Mar 2021 14:51:00 +0800 Subject: [PATCH 7/8] add tiflash learner config --- log-redaction.md | 2 +- tiflash/tiflash-configuration.md | 16 ++++++++++------ 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/log-redaction.md b/log-redaction.md index 9b82706e09fc2..e25ec98cde0eb 100644 --- a/log-redaction.md +++ b/log-redaction.md @@ -47,4 +47,4 @@ To enable log redaction in the PD side, set the value of [`security.redact-info- ## Log redaction in TiFlash side -To enable log redaction in the TiFlash side, set the value of the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflashtoml-file) in the tiflash-server and the value of the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learnertoml-file) in the tiflash-learner to `true`. The default values of these two configuration items are both `false`, which means that log redaction is disabled. +To enable log redaction in the TiFlash side, set both the [`security.redact_info_log`](/tiflash/tiflash-configuration.md#configure-the-tiflashtoml-file) value in tiflash-server and the [`security.redact-info-log`](/tiflash/tiflash-configuration.md#configure-the-tiflash-learnertoml-file) value in tiflash-learner to `true`. Both configuration values default to `false`, which means that log redaction is disabled. diff --git a/tiflash/tiflash-configuration.md b/tiflash/tiflash-configuration.md index a1d8bda715772..84039c6c61c7f 100644 --- a/tiflash/tiflash-configuration.md +++ b/tiflash/tiflash-configuration.md @@ -153,10 +153,9 @@ delta_index_cache_size = 0 ## Security settings take effect starting from v4.0.5. [security] - ## This configuration item enables or disables log redaction. If the configuration value + ## New in v5.0.0-rc. This configuration item enables or disables log redaction. If the configuration value ## is set to `true`, all user data in the log will be replaced by `?`. - ## Note that you also need to set `security.redact-info-log` for tiflash-learner's logging - ## in tiflash-learner.toml + ## Note that you also need to set `security.redact-info-log` for tiflash-learner's logging in tiflash-learner.toml. # redact_info_log = false ## Path of the file that contains a list of trusted SSL CAs. If set, the following settings @@ -175,22 +174,27 @@ delta_index_cache_size = 0 engine-addr = The external access address of the TiFlash coprocessor service. [raftstore] ## Specifies the number of threads that handle snapshots. - ## The default number is 2. + ## The default number is 2. ## If you set it to 0, the multi-thread optimization is disabled. - snap-handle-pool-size = 2 + snap-handle-pool-size = 2 ## Specifies the shortest interval at which Raft store persists WAL. ## You can properly increase the latency to reduce IOPS usage. ## The default value is "4ms". ## If you set it to 0ms, the optimization is disabled. store-batch-retry-recv-timeout = "4ms" +[security] + ## This configuration item enables or disables log redaction. + ## If the configuration value is set to true, + ## all user data in the log will be replaced by ?. The default value is false. + redact-info-log = false ``` In addition to the items above, other parameters are the same with those of TiKV. Note that the configuration items in `tiflash.toml [flash.proxy]` will override the overlapping parameters in `tiflash-learner.toml`; The `label` whose key is `engine` is reserved and cannot be configured manually. ### Multi-disk deployment -TiFlash supports multi-disk deployment. If there are multiple disks in your TiFlash node, you can make full use of those disks by configuring the parameters described in the following sections. For TiFlash's configuration template to be used for TiUP, see [The complex template for the TiFlash topology](https://github.com/pingcap/docs/blob/master/config-templates/complex-tiflash.yaml). +TiFlash supports multi-disk deployment. If there are multiple disks in your TiFlash node, you can make full use of those disks by configuring the parameters described in the following sections. For TiFlash's configuration template to be used for TiUP, see [The complex template for the TiFlash topology](https://github.com/pingcap/docs/blob/master/config-templates/complex-tiflash.yaml). #### Multi-disk deployment with TiDB version earlier than v4.0.9 From 834a4e4e465045a4066cd9dba9a6193c4ba01a6f Mon Sep 17 00:00:00 2001 From: TomShawn <41534398+TomShawn@users.noreply.github.com> Date: Wed, 10 Mar 2021 14:54:27 +0800 Subject: [PATCH 8/8] add version --- tiflash/tiflash-configuration.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tiflash/tiflash-configuration.md b/tiflash/tiflash-configuration.md index 84039c6c61c7f..286bedba929b2 100644 --- a/tiflash/tiflash-configuration.md +++ b/tiflash/tiflash-configuration.md @@ -184,7 +184,7 @@ delta_index_cache_size = 0 ## If you set it to 0ms, the optimization is disabled. store-batch-retry-recv-timeout = "4ms" [security] - ## This configuration item enables or disables log redaction. + ## New in v4.0.10. This configuration item enables or disables log redaction. ## If the configuration value is set to true, ## all user data in the log will be replaced by ?. The default value is false. redact-info-log = false