Skip to content
This repository has been archived by the owner on Nov 24, 2023. It is now read-only.

tiup dm and ssl #2230

Open
4 tasks done
kzinas-adv opened this issue Oct 18, 2021 · 3 comments
Open
4 tasks done

tiup dm and ssl #2230

kzinas-adv opened this issue Oct 18, 2021 · 3 comments
Labels
question This issue is a question

Comments

@kzinas-adv
Copy link

Before asking a question, make sure you have

What is your question?

I have issue that once I started to use ssl "tiup dm display" is not working. Do I miss something or is it a bug?
dmctl CLI has ssl options to connect to endpoint, while dm is missing any such options.
I generated separate key pairs for master, worker and client as it stated in documentation.
Other options like dm options like start, stop, deploy, destroy work fine.

Versions:

[root@dm-test-mst01 log]# tiup dmctl -V
Starting component `dmctl`: /root/.tiup/components/dmctl/v2.0.7/dmctl/dmctl -V
Release Version: v2.0.7
Git Commit Hash: cd46eee3f1d00d6c78888e4a38daf80f29c69266
Git Branch: heads/refs/tags/v2.0.7
UTC Build Time: 2021-09-29 07:40:02
Go Version: go version go1.16.4 linux/amd64

[root@dm-test-mst01 log]# tiup dm -v
Starting component `dm`: /root/.tiup/components/dm/v1.6.0/tiup-dm -v
tiup version 1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@dm-test-mst01 log]#

Cluster creation goes fine:

tiup dm deploy test v2.0.7 /root/.tiup/topology.yaml -y
tiup dm start  test --ssh=system"
tiup dmctl --master-addr="10.3.2.3:8261" operate-source create /root/.tiup/source-source1.yaml --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem    --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem  --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
tiup dmctl --master-addr="10.3.2.3:8261" start-task /root/.tiup/task-task1.yaml --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem    --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem  --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem

But once I query dm status it shows down:

[root@dm-test-mst01 ~]# tiup dm display    test --ssh=system
Starting component `dm`: /root/.tiup/components/dm/v1.6.0/tiup-dm display test --ssh=system
Cluster type:       dm
Cluster name:       test
Cluster version:    v2.0.7
Deploy user:        root
SSH type:           builtin
ID             Role       Host      Ports      OS/Arch       Status  Data Dir                               Deploy Dir
--             ----       ----      -----      -------       ------  --------                               ----------
10.3.2.3:8261  dm-master  10.3.2.3  8261/8291  linux/x86_64  Down    /opt/tidb/dm/data-test/dm-master-8261  /opt/tidb/dm/deploy-test/dm-master-8261
10.3.2.2:8262  dm-worker  10.3.2.2  8262       linux/x86_64  N/A     /opt/tidb/dm/data-test/dm-worker-8262  /opt/tidb/dm/deploy-test/dm-worker-8262
Total nodes: 2
[root@dm-test-mst01 ~]#

dm-master.log show tha tdm does not like not https query:

[2021/10/18 06:36:10.728 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53700] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[2021/10/18 06:36:12.105 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53704] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[2021/10/18 06:36:12.428 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53706] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[2021/10/18 06:36:20.183 +00:00] [INFO] [server.go:2206] [payload="op:Skip task:\"test\" "] [request=HandleError]
[2021/10/18 06:36:20.183 +00:00] [INFO] [server.go:2088] ["sources: [source1]"]
[2021/10/18 06:36:25.609 +00:00] [INFO] [server.go:2206] [payload="name:\"test\" "] [request=QueryStatus]
[2021/10/18 06:36:59.785 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53726] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[root@dm-test-mst01 log]#

Although dmctl with ssl goes fine:

[root@dm-test-mst01 ~]# tiup dmctl --master-addr=10.3.2.3:8261 operate-source show  --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem    --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem  --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem 
Starting component `dmctl`: /root/.tiup/components/dmctl/v2.0.7/dmctl/dmctl --master-addr=10.3.2.3:8261 operate-source show --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
{
    "result": true,
    "msg": "",
    "sources": [
        {
            "result": true,
            "msg": "",
            "source": "source1",
            "worker": "dm-10.3.2.2-8262"
        }
    ]
}



[root@dm-test-mst01 ~]# tiup dmctl --master-addr=10.3.2.3:8261 query-status test  --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
Starting component `dmctl`: /root/.tiup/components/dmctl/v2.0.7/dmctl/dmctl --master-addr=10.3.2.3:8261 query-status test --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
{
    "result": true,
    "msg": "",
    "sources": [
        {
            "result": true,
            "msg": "",
            "sourceStatus": {
                "source": "source1",
                "worker": "dm-10.3.2.2-8262",
                "result": null,
                "relayStatus": null
            },
            "subTaskStatus": [
                {
                    "name": "test",
                    "stage": "Running",
                    "unit": "Sync",
                    "result": null,
                    "unresolvedDDLLockID": "",
                    "sync": {
                        "totalEvents": "0",
                        "totalTps": "0",
                        "recentTps": "0",
                        "masterBinlog": "(mariadb-bin.000006, 24348)",
                        "masterBinlogGtid": "0-1097617723-355",
                        "syncerBinlog": "(, 0)",
                        "syncerBinlogGtid": "0-1097617723-349",
                        "blockingDDLs": [
                        ],
                        "unresolvedGroups": [
                        ],
                        "synced": false,
                        "binlogType": "remote",
                        "secondsBehindMaster": "0"
                    }
                }
            ]
        }
    ]
}
@kzinas-adv kzinas-adv added the question This issue is a question label Oct 18, 2021
@lance6716
Copy link
Collaborator

lance6716 commented Oct 18, 2021
edited

Hi, what's your version of TiUP and tiup dm?

also @lucklove PTAL

@kzinas-adv
Copy link
Author

Tiup version

[root@dm-test-mst01 ~]# tiup -v
1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@adv-dev-dm-test-mst01 ~]#

Dm version, you can also find the in initial post.

[root@adv-dev-dm-test-mst01 ~]# tiup -v
1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@dm-test-mst01 ~]# tiup dm -v
Starting component `dm`: /root/.tiup/components/dm/v1.6.0/tiup-dm -v
tiup version 1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@adv-dev-dm-test-mst01 ~]#

@lance6716
Copy link
Collaborator

currently tiup-dm doesn’t support SSL. welcome to file a feature request in pingcap/tiup

@kzinas-adv kzinas-adv mentioned this issue Feb 8, 2022
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question This issue is a question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lance6716 @kzinas-adv