Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lightning: reload certificate for new connection #33865

Merged
merged 11 commits into from
Apr 20, 2022
Merged

lightning: reload certificate for new connection #33865

merged 11 commits into from
Apr 20, 2022

Conversation

sleepymole
Copy link
Contributor

@sleepymole sleepymole commented Apr 11, 2022
edited
Loading

What problem does this PR solve?

Issue Number: ref #14666

Problem Summary:
In some cases, the certificate will be renewed within a certain period of time. If it takes long time to import, lightning may encounter certificate expired issue.

What is changed and how it works?

Set GetCertificate and GetClientCertificate in tlsConfig so that lightning will reload certificate for every new connection.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

lightning: reload certificates for every new connection.

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Apr 11, 2022
edited
Loading

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • D3Hunter
  • lance6716

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 11, 2022
@sleepymole sleepymole added the component/lightning This issue is related to Lightning of TiDB. label Apr 11, 2022
@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. release-note-none Denotes a PR that doesn't merit a release note. and removed release-note-none Denotes a PR that doesn't merit a release note. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Apr 11, 2022
@purelind
Copy link
Contributor

/run-all-tests

@sleepymole sleepymole marked this pull request as ready for review April 13, 2022 07:35
@ti-chi-bot ti-chi-bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Apr 13, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Apr 13, 2022
edited
Loading

Code Coverage Details: https://codecov.io/github/pingcap/tidb/commit/f86531eeca570fd2c57e6db40cf3dfd0e8e8f858

@ti-chi-bot ti-chi-bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Apr 15, 2022
@ti-chi-bot ti-chi-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Apr 18, 2022
D3Hunter
D3Hunter reviewed Apr 18, 2022
View reviewed changes
Copy link
Contributor

@D3Hunter D3Hunter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

rest lgtm

br/pkg/lightning/lightning.go Show resolved Hide resolved
br/tests/lightning_reload_cert/run.sh Show resolved Hide resolved
D3Hunter
D3Hunter approved these changes Apr 19, 2022
View reviewed changes
Copy link
Contributor

@D3Hunter D3Hunter left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Apr 19, 2022
@sleepymole
Copy link
Contributor Author

/run-integration-br-test

lance6716
lance6716 reviewed Apr 20, 2022
View reviewed changes
Copy link
Contributor

@lance6716 lance6716 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And I'm not sure if the integration test will cover the case. The lightning process is restarted, it will clean the certificate in memory so the reload will be forced? But my understanding is we need an "online" reload. I suspect if we don't change the code part of this PR, the test will still succeed.

@sleepymole
Copy link
Contributor Author

I suspect if we don't change the code part of this PR, the test will still succeed.

No, the first part of the test is a negative test. There is no restart logic in the test.

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Apr 20, 2022
@sleepymole
Copy link
Contributor Author

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: 789f589

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Apr 20, 2022
@ti-chi-bot ti-chi-bot merged commit ebffff0 into pingcap:master Apr 20, 2022
@sre-bot
Copy link
Contributor

sre-bot commented Apr 20, 2022

TiDB MergeCI notify

✅ Well Done! New fixed [1] after this pr merged.

CI Name Result Duration Compare with Parent commit
idc-jenkins-ci-tidb/integration-compatibility-test ✅ all 1 tests passed 4 min 16 sec Fixed
idc-jenkins-ci-tidb/integration-common-test 🟢 all 11 tests passed 13 min Existing passed
idc-jenkins-ci-tidb/sqllogic-test-2 🟢 all 28 tests passed 8 min 21 sec Existing passed
idc-jenkins-ci-tidb/sqllogic-test-1 🟢 all 26 tests passed 7 min 15 sec Existing passed
idc-jenkins-ci-tidb/common-test 🟢 all 12 tests passed 6 min 55 sec Existing passed
idc-jenkins-ci-tidb/integration-ddl-test 🟢 all 6 tests passed 6 min 35 sec Existing passed
idc-jenkins-ci-tidb/tics-test 🟢 all 1 tests passed 5 min 40 sec Existing passed
idc-jenkins-ci-tidb/mybatis-test 🟢 all 1 tests passed 4 min 0 sec Existing passed
idc-jenkins-ci-tidb/plugin-test 🟢 build success, plugin test success 4min Existing passed

@sleepymole sleepymole deleted the cert-reload branch April 26, 2022 03:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lance6716 lance6716 lance6716 approved these changes

@D3Hunter D3Hunter D3Hunter approved these changes

@lichunzhu lichunzhu Awaiting requested review from lichunzhu

Assignees
No one assigned
Labels
component/lightning This issue is related to Lightning of TiDB. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@sleepymole @ti-chi-bot @purelind @sre-bot @lance6716 @D3Hunter