-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
*: support reload tls used by mysql protocol in place (#14749) #15081
Conversation
/run-all-tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
LGTM |
I think we don't need to cherry pick to release 4.0 manually since we are going to merge master branch to release-4.0 for fast forward? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@zz-jason O.O I'm misled by other PRs and add need-cherry-pick 4.0 |
cherry-pick #14749 to release-4.0
What problem does this PR solve?
ref #14666
preliminary support reload tls used by mysql protocol
this PR doesn't try to full support mysql's dynamic modify "ssl_ca/ssl_key/ssl_cert" value, but can reload tls used old file path specified by old "ssl_ca/ssl_key/ssl_cert" value(so ssl_cert/ssl_ca/ssl_key keep read-only after this PR).
so user can:
alter instance reload tls
then all new db connection will use new cert file, old connection will keep work just like mysql does
What is changed and how it works?
LoadTLSCertificates
server.tlsConfig
can be atomic swapCheck List
Tests
Code changes
Side effects
Related changes
Release note
This change is