Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[docdb] Add --certs_dir plumbing to yb-ts-cli #2877

Closed
bmatican opened this issue Nov 7, 2019 · 3 comments
Closed

[docdb] Add --certs_dir plumbing to yb-ts-cli #2877

bmatican opened this issue Nov 7, 2019 · 3 comments
Assignees
@srivignessh
Labels
area/docdb YugabyteDB core features good first issue This is a good issue to start contributing! help wanted We welcome your contributions for this issue!

Comments

@bmatican
Copy link
Contributor

bmatican commented Nov 7, 2019

Currently, we support --certs_dir for the servers, to setup TLS.
We also support --certs_dir_name for yb-admin, to be able to send secure RPCs to the servers.

We need to add support for this to yb-ts-cli.

See 9739e4a
@bmatican bmatican added the area/docdb YugabyteDB core features label Nov 7, 2019
@bmatican bmatican added good first issue This is a good issue to start contributing! help wanted We welcome your contributions for this issue! labels Nov 7, 2019
@bmatican bmatican mentioned this issue Nov 13, 2019
Merged
@bmatican
Copy link
Contributor Author

@srivignessh Did you want to look into this? I can assign it to you. Let me know if you'd like some more pointers on where to get started. We document how to start clusters with TLS in our docs.

One simple command you can do is try to change flag values:

./build/latest/bin/yb-ts-cli --server_address=$ip:9100 set_flag -force follower_unavailable_considered_failed_sec 900

This should fail if TLS is enabled on the cluster you're targeting.

@srivignessh
Copy link
Contributor

srivignessh commented Nov 13, 2019
edited
Loading

@bmatican Sure. Thanks, you can assign it to me. I will work on it.
I am able to find TLS in docs.
https://docs.yugabyte.com/latest/secure/tls-encryption/server-to-server/

Can you point me to the docs for tablet server cli? (yb-ts-cli).

@bmatican
Copy link
Contributor Author

@srivignessh Oh, good question, I think we do not have docs yet for yb-ts-cli! cc @stevebang

I think for the purposes of this task, any command you run from it should fail without certs plumbed through, as they will all try to send RPC requests to the servers. That's why I just referenced one example command above.

Also, a useful commit for reference might be 9739e4a, which added support for yb-admin to use certs!

srivignessh added a commit to srivignessh/yugabyte-db that referenced this issue Nov 18, 2019
@srivignessh
Add TLS encryption support to yb-ts-cli
b4b3950 
Add --certs_dir plumbing to yb-ts-cli from yb-admin.

Fixes yugabyte#2877

TODO: Unit test
@srivignessh srivignessh mentioned this issue Nov 18, 2019
Closed
@stevebang stevebang mentioned this issue Jan 22, 2020
Closed
d-uspenskiy added a commit that referenced this issue Apr 15, 2020
@d-uspenskiy
#2877 Add TLS encryption support to yb-ts-cli [GH PR PORT]
448514b 
Summary: Porting PR: #2953

Test Plan:
New unit test was introduced

./yb_build.sh --java-test org.yb.pgsql.TestSecureCluster

Reviewers: bogdan, sergei

Reviewed By: sergei

Subscribers: ybase

Differential Revision: https://phabricator.dev.yugabyte.com/D8252
@bmatican bmatican mentioned this issue Jun 30, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@srivignessh srivignessh

Labels
area/docdb YugabyteDB core features good first issue This is a good issue to start contributing! help wanted We welcome your contributions for this issue!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add TLS encryption support to yb-ts-cli srivignessh/yugabyte-db
3 participants
@bmatican @srivignessh @d-uspenskiy