Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dm failed to run when only ssl-ca is configured #7941

Closed
D3Hunter opened this issue Dec 20, 2022 · 0 comments
Closed

dm failed to run when only ssl-ca is configured #7941

D3Hunter opened this issue Dec 20, 2022 · 0 comments
Labels
affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. area/dm Issues or PRs related to DM. severity/major type/bug The issue is confirmed as a bug.

Comments

@D3Hunter
Copy link
Contributor

D3Hunter commented Dec 20, 2022
edited
Loading

What did you do?

  • target db is tidbcloud tidb cluster
  • use ssl to connect target db, tidbcloud only has ca part
  • start-task, and fail with "Message": "[Lightning:DB:ErrDBConnect]failed to connect database: could not load client key pair: tls: failed to find any PEM data in certificate input",

bug was introduced in #3260, if user didn't specify some ssl-xxx(like in here, there's only ssl-ca config, no ssl-cert and ssl-key), we should not dump it.

tiflow/dm/config/security/security.go

Lines 105 to 109 in 45ee743

if isSSLCertNotExist {
s.SSLCert = path.Join(baseDirPath, "cert.pem")
if err := utils.WriteFileAtomic(s.SSLCert, s.SSLCertBytes, 0o600); err != nil {
return err
}

task cfg

name: test
task-mode: all

target-database:
  host: "xxxxxx.clusters.dev.tidb-cloud.com"
  port: 4000
  user: "root"
  password: "xxx"
  security:
    ssl-ca: "tidbcloud-ca.pem"

mysql-instances:
  - source-id: "mysql-3306"
    block-allow-list: "ba-rule1"
    syncer-config-name: "global"

block-allow-list:
  ba-rule1:
    do-dbs: ["test"]

syncers:
  global:
    worker-count: 1
    batch: 1

What did you expect to see?

success

What did you see instead?

fail

Versions of the cluster

tested using 6.1.3, but is should fail on current master too, master branch change lightning tls config to sslCABytes, so no such problem

current status of DM cluster (execute query-status <task-name> in dmctl)

(paste current status of DM cluster here)
@D3Hunter D3Hunter added type/bug The issue is confirmed as a bug. severity/major area/dm Issues or PRs related to DM. labels Dec 20, 2022
@liumengya94 liumengya94 mentioned this issue Dec 22, 2022
Merged
@lance6716 lance6716 added affects-6.5 This bug affects the 6.5.x(LTS) versions. and removed affects-6.5 This bug affects the 6.5.x(LTS) versions. labels Dec 23, 2022
ti-chi-bot pushed a commit that referenced this issue Dec 23, 2022
@liumengya94
tls(dm): fix the error when only ssl-ca is configured (#7962)
ce45409 
close #7941
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
affects-5.4 This bug affects the 5.4.x(LTS) versions. affects-6.1 This bug affects the 6.1.x(LTS) versions. area/dm Issues or PRs related to DM. severity/major type/bug The issue is confirmed as a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lance6716 @D3Hunter @maxshuang @ti-chi-bot