regression: Support TLS connections when only ssl-ca is set

[kolbe]

What did you do?

Something caused the fix in pingcap/dm#1555 to be lost. Perhaps code refactoring or something changed the way TLS options are validated? At any rate, it's no longer possible to use only ssl-ca to connect to an upstream/source that requires TLS but does not provide client certificates.

What did you expect to see?

No response

What did you see instead?

# MySQL1 Configuration.

source-id: "dm-source-1"
# This indicates that whether DM-worker uses Global Transaction Identifier (GTID) to pull binlog. Before you use this configuration item, make sure that the GTID mode is enabled in the upstream MySQL.
enable-gtid: false
relay-dir: "/var/lib/dm-worker/relay"

from:
  host: "kolbe-rds-1.clv3ykk55yww.us-west-2.rds.amazonaws.com"
  user: "admin"
  password: "mypassword"  # Encrypted by dmctl
  port: 3306
  security:
          ssl-ca: /home/ubuntu/us-west-2-bundle.pem

Behavior with dmctl:v5.4.0:

$ tiup dmctl:v5.4.0 operate-source create source1.yaml --master-addr 10.0.61.136:8261
Starting component `dmctl`: /home/ubuntu/.tiup/components/dmctl/v5.4.0/dmctl/dmctl /home/ubuntu/.tiup/components/dmctl/v5.4.0/dmctl/dmctl operate-source create source1.yaml --master-addr 10.0.61.136:8261
{
    "result": false,
    "msg": "[code=11112:class=functional:scope=internal:level=medium], Message: invalid TLS config, RawCause: failed to generate cert, Workaround: Please check the `ssl-ca`, `ssl-cert` and `ssl-key` config.",
    "sources": [
    ]
}

Different behavior with dmctl:v6.0.0:

$ tiup dmctl:v6.0.0 operate-source create source1.yaml --master-addr 10.0.61.136:8261
Starting component `dmctl`: /home/ubuntu/.tiup/components/dmctl/v6.0.0/dmctl/dmctl /home/ubuntu/.tiup/components/dmctl/v6.0.0/dmctl/dmctl operate-source create source1.yaml --master-addr 10.0.61.136:8261
{
    "result": false,
    "msg": "[code=20003:class=config:scope=internal:level=medium], Message: decode source config, RawCause: yaml: unmarshal errors:\n  line 1: field enable not found in type config.SourceConfig, Workaround: Please check the configuration file has correct YAML format.",
    "sources": [
    ]
}

Versions of the cluster

Cluster type:       dm
Cluster name:       dm
Cluster version:    v5.4.0
Deploy user:        tidb
SSH type:           builtin
ID                Role       Host         Ports      OS/Arch       Status     Data Dir                           Deploy Dir
--                ----       ----         -----      -------       ------     --------                           ----------
10.0.61.136:8261  dm-master  10.0.61.136  8261/8291  linux/x86_64  Healthy|L  /home/tidb/dm/data/dm-master-8261  /home/tidb/dm/deploy/dm-master-8261
10.0.61.136:8262  dm-worker  10.0.61.136  8262       linux/x86_64  Free       /home/tidb/dm/data/dm-worker-8262  /home/tidb/dm/deploy/dm-worker-8262
Total nodes: 2

current status of DM cluster (execute query-status <task-name> in dmctl)

No response

[lance6716]

Can you provide the related log of DMmaster and worker? Maybe they can't access /home/ubuntu/us-west-2-bundle.pem

[kolbe]

The log doesn't show anything useful... in fact it doesn't even show the error emitted by dmctl. dm-logs.tar.gz

[lance6716]

introduced by pingcap/tidb-tools#458 and pingcap/dm#1910 .

Do you have time to fix it? @Ehco1996 Note that in the master branch we might have been switched to tidb rather than tidb-tools for the package.

[Ehco1996]

introduced by pingcap/tidb-tools#458 and pingcap/dm#1910 .

Do you have time to fix it? @Ehco1996 Note that in the master branch we might have been switched to tidb rather than tidb-tools for the package.

ok, let me handle this issue

[Ehco1996]

closed due to #5393 is merged, will release in v6.1