roachprod: default to secure clusters

Before: roachprod defaulted to making insecure clusters and the useneeded to use the --secure flag to create a secure cluster. Why change? We tell our users that the best practice is to run in secure mode but we don't dog food that configuration enough. Setting roachprod to secure by default will require us to debug problems in secure mode, which means we'll make it easer to run secure mode and we'll get better knowledge of how to run in secure mode. Now: clusters will be spun up in secure mode by default. To get an insecure cluster, use the --insecure flag. Fixes cockroachdb#38539. Release note: None
jlinder · Jan 16, 2020 · 094dbb6 · 094dbb6
1 parent 16d4f36
commit 094dbb6
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 20 deletions.
diff --git a/pkg/cmd/roachprod/install/cluster_synced.go b/pkg/cmd/roachprod/install/cluster_synced.go
@@ -65,7 +65,7 @@ type SyncedCluster struct {
 	VPCs       []string
 	// all other fields are populated in newCluster.
 	Nodes       []int
-	Secure      bool
+	Insecure    bool
 	Env         string
 	Args        []string
 	Tag         string

diff --git a/pkg/cmd/roachprod/install/cockroach.go b/pkg/cmd/roachprod/install/cockroach.go
@@ -122,7 +122,7 @@ func (r Cockroach) Start(c *SyncedCluster, extraArgs []string) {
 		}
 	}
 
-	if c.Secure && bootstrapped {
+	if !c.Insecure && bootstrapped {
 		c.DistributeCerts()
 	}
 
@@ -179,10 +179,10 @@ func (r Cockroach) Start(c *SyncedCluster, extraArgs []string) {
 		port := r.NodePort(c, nodes[i])
 
 		var args []string
-		if c.Secure {
-			args = append(args, "--certs-dir="+c.Impl.CertsDir(c, nodes[i]))
-		} else {
+		if c.Insecure {
 			args = append(args, "--insecure")
+		} else {
+			args = append(args, "--certs-dir="+c.Impl.CertsDir(c, nodes[i]))
 		}
 		dir := c.Impl.NodeDir(c, nodes[i])
 		logDir := c.Impl.LogDir(c, nodes[i])
@@ -366,11 +366,11 @@ func (Cockroach) CertsDir(c *SyncedCluster, index int) string {
 // NodeURL implements the ClusterImpl.NodeDir interface.
 func (Cockroach) NodeURL(c *SyncedCluster, host string, port int) string {
 	url := fmt.Sprintf("'postgres://root@%s:%d", host, port)
-	if c.Secure {
-		url += "?sslcert=certs%2Fnode.crt&sslkey=certs%2Fnode.key&" +
-			"sslrootcert=certs%2Fca.crt&sslmode=verify-full"
-	} else {
+	if c.Insecure {
 		url += "?sslmode=disable"
+	} else {
+		url += "?sslcert=certs%2Fclient.root.crt&sslkey=certs%2Fclient.root.key&" +
+			"sslrootcert=certs%2Fca.crt&sslmode=verify-full"
 	}
 	url += "'"
 	return url

diff --git a/pkg/cmd/roachprod/main.go b/pkg/cmd/roachprod/main.go
@@ -78,7 +78,7 @@ var (
 	listJSON          bool
 	listMine          bool
 	clusterType       = "cockroach"
-	secure            = false
+	insecure          = false
 	nodeEnv           = "COCKROACH_ENABLE_RPC_COMPRESSION=false"
 	nodeArgs          []string
 	tag               string
@@ -177,7 +177,7 @@ Hint: use "roachprod sync" to update the list of available clusters.
 		}
 	}
 	c.Nodes = nodes
-	c.Secure = secure
+	c.Insecure = insecure
 	c.Env = nodeEnv
 	c.Args = nodeArgs
 	if tag != "" {
@@ -957,10 +957,11 @@ var startCmd = &cobra.Command{
 	Short: "start nodes on a cluster",
 	Long: `Start nodes on a cluster.
 
-The --secure flag can be used to start nodes in secure mode (i.e. using
-certs). When specified, there is a one time initialization for the cluster to
-create and distribute the certs. Note that running some modes in secure mode
-and others in insecure mode is not a supported Cockroach configuration.
+The --insecure flag can be used to start nodes in insecure mode (i.e. without
+using certs). When it is specified, the one time initialization for the
+cluster to create and distribute the certs is skipped. Note that running some
+nodes in insecure mode and others in secure mode is not a supported Cockroach
+configuration.
 
 As a debugging aid, the --sequential flag starts the nodes sequentially so node
 IDs match hostnames. Otherwise nodes are started are parallel.
@@ -1455,9 +1456,9 @@ var adminurlCmd = &cobra.Command{
 				host = c.VMs[node-1]
 			}
 			port := install.GetAdminUIPort(c.Impl.NodePort(c, node))
-			scheme := "http"
-			if c.Secure {
-				scheme = "https"
+			scheme := "https"
+			if c.Insecure {
+				scheme = "http"
 			}
 			if !strings.HasPrefix(adminurlPath, "/") {
 				adminurlPath = "/" + adminurlPath
@@ -1647,7 +1648,7 @@ func main() {
 		&external, "external", false, "return external IP addresses")
 
 	runCmd.Flags().BoolVar(
-		&secure, "secure", false, "use a secure cluster")
+		&insecure, "insecure", false, "use an insecure cluster")
 
 	startCmd.Flags().IntVarP(&numRacks,
 		"racks", "r", 0, "the number of racks to partition the nodes into")
@@ -1729,7 +1730,7 @@ func main() {
 			fallthrough
 		case pgurlCmd, adminurlCmd:
 			cmd.Flags().BoolVar(
-				&secure, "secure", false, "use a secure cluster")
+				&insecure, "insecure", false, "use an insecure cluster")
 		}
 
 		if cmd.Long == "" {