sql/demo: server TLS cert for system tenant and secondary tenant is different #94310
Assignees
Labels
C-bug
Code not up to spec/doc, specs & docs deemed correct. Solution expected to change code/behavior.
S-3-ux-surprise
Issue leaves users wondering whether CRDB is behaving properly. Likely to hurt reputation/adoption.
T-sql-foundations
SQL Foundations Team (formerly SQL Schema + SQL Sessions)
Comments
knz
added
C-bug
10 tasks
|
This issue should be fixed when the following PRs merge: |
This was referenced Dec 27, 2022
exalate-issue-sync
bot
added
the
T-sql-foundations
dhartunian
added a commit
to dhartunian/cockroach
that referenced
this issue
Jan 3, 2023
Previously, using `--multitenant=true` in demo would run an in-process tenant that was configured to behave like an out-of-process one. Given the goal of a unified architecture where all SQL interactions occur with a tenant context, the multitenant demo will now use the `serverController` to instantiate tenants, which will mimic UA clusters that will be the default in the future. An additional flag `--in-process-tenant` has been added that allows for overriding this behavior at runtime. Setting this to `false` will use the test server tenant infra that simulates an "out of process" tenant. This behavior was retained also to keep prior tenant tests stable. Informs cockroachdb#94310 Informs cockroachdb#94308. Epic: CRDB-14537 Release note: None
dhartunian
added a commit
to dhartunian/cockroach
that referenced
this issue
Jan 4, 2023
Previously, using `--multitenant=true` in demo would run an in-process tenant that was configured to behave like an out-of-process one. Given the goal of a unified architecture where all SQL interactions occur with a tenant context, the multitenant demo will now use the `serverController` to instantiate tenants, which will mimic UA clusters that will be the default in the future. An additional flag `--in-process-tenant` has been added that allows for overriding this behavior at runtime. Setting this to `false` will use the test server tenant infra that simulates an "out of process" tenant. This behavior was retained also to keep prior tenant tests stable. Informs cockroachdb#94310 Informs cockroachdb#94308. Epic: CRDB-14537 Release note: None
dhartunian
added a commit
to dhartunian/cockroach
that referenced
this issue
Jan 5, 2023
Previously, using `--multitenant=true` in demo would run an in-process tenant that was configured to behave like an out-of-process one. Given the goal of a unified architecture where all SQL interactions occur with a tenant context, the multitenant demo will now use the `serverController` to instantiate tenants, which will mimic UA clusters that will be the default in the future. An additional flag `--in-process-tenant` has been added that allows for overriding this behavior at runtime. Setting this to `false` will use the test server tenant infra that simulates an "out of process" tenant. This behavior was retained also to keep prior tenant tests stable. Informs cockroachdb#94310 Informs cockroachdb#94308. Epic: CRDB-14537 Release note: None
craig bot
pushed a commit
that referenced
this issue
Jan 5, 2023
93344: cli: demo uses in-process tenant infrastructure by default r=knz,aadityasondhi a=dhartunian Previously, using `--multitenant=true` in demo would run an in-process tenant that was configured to behave like an out-of-process one. Given the goal of a unified architecture where all SQL interactions occur with a tenant context, the multitenant demo will now use the `serverController` to instantiate tenants, which will mimic UA clusters that will be the default in the future. An additional flag `--in-process-tenant` has been added that allows for overriding this behavior at runtime. Setting this to `false` will use the test server tenant infra that simulates an "out of process" tenant. This behavior was retained also to keep prior tenant tests stable. Informs #94310 Informs #94308. Epic: CRDB-14537 Release note: None Co-authored-by: David Hartunian <davidh@cockroachlabs.com>
craig bot
pushed a commit
that referenced
this issue
Jan 9, 2023
92580: server,pgwire: use a single SQL listener for multiple tenants r=rafiss a=knz Parent PRs: - [x] #84608 - [x] #91739 - [x] #91744 - [x] #92574 - [x] #92575 - [x] #92576 - [x] #92577 - [x] #92578 - [x] #92579 - [ ] #94901 Fixes #84585. Informs #94310. Epic: CRDB-14537 This commit implements tenant routing using a single SQL network listener. The tenant name can be specified: - via the client status param `options`, e.g. `options=-ccrdb:tenant=hello` - via the database name, e.g. `crdb:tenant-hello.defaultdb`. Release note (backward-incompatible change): If a SQL database is created with a name that starts with `crdb:tenant-` (e.g. `CREATE DATABASE "crdb:tenant-foo"`, clients will no longer be able to connect to it directly. Co-authored-by: Raphael 'kena' Poss <knz@thaumogen.net>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Also, the URL for a secondary tenant currently uses a separate cert file. This is confusing, and prevents the user from quickly switching between tenants by just using the
clusterconnection option.Instead, the server cert for secondary tenants should be the same as for the system tenant.
Epic: CRDB-22814
Jira issue: CRDB-22821
The text was updated successfully, but these errors were encountered: