implement tls support

pkg/cluster/operation/action.go

@@ -310,7 +310,7 @@ func systemctlMonitor(ctx context.Context, hosts []string, noAgentHosts set.Stri
 	return nil
 }
 
-func restartInstance(ctx context.Context, ins spec.Instance, timeout uint64) error {
+func restartInstance(ctx context.Context, ins spec.Instance, timeout uint64, tlsCfg *tls.Config) error {
 	e := ctxt.GetInner(ctx).Get(ins.GetHost())
 	log.Infof("\tRestarting instance %s", ins.ID())
 
@@ -319,7 +319,7 @@ func restartInstance(ctx context.Context, ins spec.Instance, timeout uint64) err
 	}
 
 	// Check ready.
-	if err := ins.Ready(ctx, e, timeout); err != nil {
+	if err := ins.Ready(ctx, e, timeout, tlsCfg); err != nil {
 		return toFailedActionError(err, "restart", ins.GetHost(), ins.ServiceName(), ins.LogDir())
 	}
 
@@ -328,25 +328,6 @@ func restartInstance(ctx context.Context, ins spec.Instance, timeout uint64) err
 	return nil
 }
 
-// RestartComponent restarts the component.
-func RestartComponent(ctx context.Context, instances []spec.Instance, timeout uint64) error {
-	if len(instances) == 0 {
-		return nil
-	}
-
-	name := instances[0].ComponentName()
-	log.Infof("Restarting component %s", name)
-
-	for _, ins := range instances {
-		err := restartInstance(ctx, ins, timeout)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
 func enableInstance(ctx context.Context, ins spec.Instance, timeout uint64, isEnable bool) error {
 	e := ctxt.GetInner(ctx).Get(ins.GetHost())
 
@@ -366,7 +347,7 @@ func enableInstance(ctx context.Context, ins spec.Instance, timeout uint64, isEn
 	return nil
 }
 
-func startInstance(ctx context.Context, ins spec.Instance, timeout uint64) error {
+func startInstance(ctx context.Context, ins spec.Instance, timeout uint64, tlsCfg *tls.Config) error {
 	e := ctxt.GetInner(ctx).Get(ins.GetHost())
 	log.Infof("\tStarting instance %s", ins.ID())
 
@@ -375,7 +356,7 @@ func startInstance(ctx context.Context, ins spec.Instance, timeout uint64) error
 	}
 
 	// Check ready.
-	if err := ins.Ready(ctx, e, timeout); err != nil {
+	if err := ins.Ready(ctx, e, timeout, tlsCfg); err != nil {
 		return toFailedActionError(err, "start", ins.GetHost(), ins.ServiceName(), ins.LogDir())
 	}
 
@@ -501,7 +482,7 @@ func StartComponent(ctx context.Context, instances []spec.Instance, noAgentHosts
 			if err := ins.PrepareStart(nctx, tlsCfg); err != nil {
 				return err
 			}
-			return startInstance(nctx, ins, options.OptTimeout)
+			return startInstance(nctx, ins, options.OptTimeout, tlsCfg)
 		})
 	}
 
@@ -513,7 +494,7 @@ func serialStartInstances(ctx context.Context, instances []spec.Instance, option
 		if err := ins.PrepareStart(ctx, tlsCfg); err != nil {
 			return err
 		}
-		if err := startInstance(ctx, ins, options.OptTimeout); err != nil {
+		if err := startInstance(ctx, ins, options.OptTimeout, tlsCfg); err != nil {
 			return err
 		}
 	}

pkg/cluster/operation/upgrade.go

@@ -147,7 +147,7 @@ func upgradeInstance(ctx context.Context, topo spec.Topology, instance spec.Inst
 		}
 	}
 
-	if err := restartInstance(ctx, instance, options.OptTimeout); err != nil && !options.Force {
+	if err := restartInstance(ctx, instance, options.OptTimeout, tlsCfg); err != nil && !options.Force {
 		return err
 	}
 

pkg/cluster/spec/instance.go

@@ -81,7 +81,7 @@ type RollingUpdateInstance interface {
 type Instance interface {
 	InstanceSpec
 	ID() string
-	Ready(context.Context, ctxt.Executor, uint64) error
+	Ready(context.Context, ctxt.Executor, uint64, *tls.Config) error
 	InitConfig(ctx context.Context, e ctxt.Executor, clusterName string, clusterVersion string, deployUser string, paths meta.DirPaths) error
 	ScaleConfig(ctx context.Context, e ctxt.Executor, topo Topology, clusterName string, clusterVersion string, deployUser string, paths meta.DirPaths) error
 	PrepareStart(ctx context.Context, tlsCfg *tls.Config) error
@@ -143,7 +143,7 @@ type BaseInstance struct {
 }
 
 // Ready implements Instance interface
-func (i *BaseInstance) Ready(ctx context.Context, e ctxt.Executor, timeout uint64) error {
+func (i *BaseInstance) Ready(ctx context.Context, e ctxt.Executor, timeout uint64, _ *tls.Config) error {
 	return PortStarted(ctx, e, i.Port, timeout)
 }
 

pkg/cluster/spec/tiflash.go

@@ -740,16 +740,16 @@ func (i *TiFlashInstance) PrepareStart(ctx context.Context, tlsCfg *tls.Config)
 }
 
 // Ready implements Instance interface
-func (i *TiFlashInstance) Ready(ctx context.Context, e ctxt.Executor, timeout uint64) error {
+func (i *TiFlashInstance) Ready(ctx context.Context, e ctxt.Executor, timeout uint64, tlsCfg *tls.Config) error {
+	// FIXME: the timeout is applied twice in the whole `Ready()` process, in the worst
+	// case it might wait double time as other components
 	if err := PortStarted(ctx, e, i.Port, timeout); err != nil {
 		return err
 	}
 
 	scheme := "http"
 	if i.topo.BaseTopo().GlobalOptions.TLSEnabled {
 		scheme = "https"
-		// TODO: implement tls config for tiflash instances
-		// (we don't support tiflash instance in tls enabled cluster yet)
 	}
 	addr := fmt.Sprintf("%s://%s:%d/tiflash/store-status", scheme, i.Host, i.GetStatusPort())
 	req, err := http.NewRequest("GET", addr, nil)
@@ -764,7 +764,7 @@ func (i *TiFlashInstance) Ready(ctx context.Context, e ctxt.Executor, timeout ui
 	}
 	var queryErr error
 	if err := utils.Retry(func() error {
-		client := utils.NewHTTPClient(statusQueryTimeout, nil)
+		client := utils.NewHTTPClient(statusQueryTimeout, tlsCfg)
 		res, err := client.Client().Do(req)
 		if err != nil {
 			queryErr = err