From 0641b599d69e20a92001207d665295c969dbcc5f Mon Sep 17 00:00:00 2001 From: nexustar Date: Fri, 28 Jan 2022 18:20:54 +0800 Subject: [PATCH 1/6] dm: add TLS support --- components/dm/spec/logic.go | 84 +++++++++++++++++-- embed/templates/scripts/run_dm-master.sh.tpl | 2 +- .../scripts/run_dm-master_scale.sh.tpl | 2 +- embed/templates/scripts/run_dm-worker.sh.tpl | 2 +- 4 files changed, 79 insertions(+), 11 deletions(-) diff --git a/components/dm/spec/logic.go b/components/dm/spec/logic.go index 11775a02ba..10f81c6df3 100644 --- a/components/dm/spec/logic.go +++ b/components/dm/spec/logic.go @@ -119,6 +119,7 @@ func (i *MasterInstance) InitConfig( return err } + enableTLS := i.topo.GlobalOptions.TLSEnabled spec := i.InstanceSpec.(*MasterSpec) cfg := scripts.NewDMMasterScript( spec.Name, @@ -136,12 +137,12 @@ func (i *MasterInstance) InitConfig( if err := e.Transfer(ctx, fp, dst, false, 0, false); err != nil { return err } - if _, _, err := e.Execute(ctx, "chmod +x "+dst, false); err != nil { + _, _, err := e.Execute(ctx, "chmod +x "+dst, false) + if err != nil { return err } - // doesn't work - if _, err := i.setTLSConfig(ctx, false, nil, paths); err != nil { + if spec.Config, err = i.setTLSConfig(ctx, enableTLS, spec.Config, paths); err != nil { return err } @@ -152,7 +153,40 @@ func (i *MasterInstance) InitConfig( // setTLSConfig set TLS Config to support enable/disable TLS // MasterInstance no need to configure TLS func (i *MasterInstance) setTLSConfig(ctx context.Context, enableTLS bool, configs map[string]interface{}, paths meta.DirPaths) (map[string]interface{}, error) { - return nil, nil + // set TLS configs + if enableTLS { + if configs == nil { + configs = make(map[string]interface{}) + } + configs["ssl-ca"] = fmt.Sprintf( + "%s/tls/%s", + paths.Deploy, + "ca.crt", + ) + configs["ssl-cert"] = fmt.Sprintf( + "%s/tls/%s.crt", + paths.Deploy, + i.Role()) + configs["ssl-key"] = fmt.Sprintf( + "%s/tls/%s.pem", + paths.Deploy, + i.Role()) + } else { + // dm-master tls config list + tlsConfigs := []string{ + "ssl-ca", + "ssl-cert", + "ssl-key", + } + // delete TLS configs + if configs != nil { + for _, config := range tlsConfigs { + delete(configs, config) + } + } + } + + return configs, nil } // ScaleConfig deploy temporary config on scaling @@ -261,6 +295,7 @@ func (i *WorkerInstance) InitConfig( return err } + enableTLS := i.topo.GlobalOptions.TLSEnabled spec := i.InstanceSpec.(*WorkerSpec) cfg := scripts.NewDMWorkerScript( i.Name, @@ -278,12 +313,12 @@ func (i *WorkerInstance) InitConfig( return err } - if _, _, err := e.Execute(ctx, "chmod +x "+dst, false); err != nil { + _, _, err := e.Execute(ctx, "chmod +x "+dst, false) + if err != nil { return err } - // doesn't work - if _, err := i.setTLSConfig(ctx, false, nil, paths); err != nil { + if spec.Config, err = i.setTLSConfig(ctx, enableTLS, spec.Config, paths); err != nil { return err } @@ -294,7 +329,40 @@ func (i *WorkerInstance) InitConfig( // setTLSConfig set TLS Config to support enable/disable TLS // workrsInstance no need to configure TLS func (i *WorkerInstance) setTLSConfig(ctx context.Context, enableTLS bool, configs map[string]interface{}, paths meta.DirPaths) (map[string]interface{}, error) { - return nil, nil + // set TLS configs + if enableTLS { + if configs == nil { + configs = make(map[string]interface{}) + } + configs["ssl-ca"] = fmt.Sprintf( + "%s/tls/%s", + paths.Deploy, + "ca.crt", + ) + configs["ssl-cert"] = fmt.Sprintf( + "%s/tls/%s.crt", + paths.Deploy, + i.Role()) + configs["ssl-key"] = fmt.Sprintf( + "%s/tls/%s.pem", + paths.Deploy, + i.Role()) + } else { + // dm-worker tls config list + tlsConfigs := []string{ + "ssl-ca", + "ssl-cert", + "ssl-key", + } + // delete TLS configs + if configs != nil { + for _, config := range tlsConfigs { + delete(configs, config) + } + } + } + + return configs, nil } // ScaleConfig deploy temporary config on scaling diff --git a/embed/templates/scripts/run_dm-master.sh.tpl b/embed/templates/scripts/run_dm-master.sh.tpl index 271a15286e..b1c50b9277 100644 --- a/embed/templates/scripts/run_dm-master.sh.tpl +++ b/embed/templates/scripts/run_dm-master.sh.tpl @@ -25,7 +25,7 @@ exec bin/dm-master/dm-master \ --v1-sources-path="{{.V1SourcePath}}" \ {{- end}} --name="{{.Name}}" \ - --master-addr="0.0.0.0:{{.Port}}" \ + --master-addr="{{.IP}}:{{.Port}}" \ --advertise-addr="{{.IP}}:{{.Port}}" \ --peer-urls="{{.IP}}:{{.PeerPort}}" \ --advertise-peer-urls="{{.IP}}:{{.PeerPort}}" \ diff --git a/embed/templates/scripts/run_dm-master_scale.sh.tpl b/embed/templates/scripts/run_dm-master_scale.sh.tpl index 13a31977aa..90572b0241 100644 --- a/embed/templates/scripts/run_dm-master_scale.sh.tpl +++ b/embed/templates/scripts/run_dm-master_scale.sh.tpl @@ -22,7 +22,7 @@ exec numactl --cpunodebind={{.NumaNode}} --membind={{.NumaNode}} bin/dm-master/d exec bin/dm-master/dm-master \ {{- end}} --name="{{.Name}}" \ - --master-addr="0.0.0.0:{{.Port}}" \ + --master-addr="{{.IP}}:{{.Port}}" \ --advertise-addr="{{.IP}}:{{.Port}}" \ --peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ --advertise-peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ diff --git a/embed/templates/scripts/run_dm-worker.sh.tpl b/embed/templates/scripts/run_dm-worker.sh.tpl index f1074b4967..df11e96e20 100644 --- a/embed/templates/scripts/run_dm-worker.sh.tpl +++ b/embed/templates/scripts/run_dm-worker.sh.tpl @@ -23,7 +23,7 @@ exec numactl --cpunodebind={{.NumaNode}} --membind={{.NumaNode}} bin/dm-worker/d exec bin/dm-worker/dm-worker \ {{- end}} --name="{{.Name}}" \ - --worker-addr="0.0.0.0:{{.Port}}" \ + --worker-addr="{{.IP}}:{{.Port}}" \ --advertise-addr="{{.IP}}:{{.Port}}" \ --log-file="{{.LogDir}}/dm-worker.log" \ --join="{{template "MasterList" .Endpoints}}" \ From 45257f1191109b3006ba7e3be7c3ec094d589416 Mon Sep 17 00:00:00 2001 From: nexustar Date: Mon, 7 Feb 2022 16:37:13 +0800 Subject: [PATCH 2/6] dm: fix advertise-addr --- components/dm/spec/logic.go | 7 ++++++- embed/templates/scripts/run_dm-master.sh.tpl | 2 +- embed/templates/scripts/run_dm-master_scale.sh.tpl | 2 +- embed/templates/scripts/run_dm-worker.sh.tpl | 2 +- pkg/cluster/template/scripts/dm_master.go | 9 +++++---- pkg/cluster/template/scripts/dm_worker.go | 5 ++++- pkg/utils/utils.go | 8 ++++++++ 7 files changed, 26 insertions(+), 9 deletions(-) diff --git a/components/dm/spec/logic.go b/components/dm/spec/logic.go index 10f81c6df3..72075a0dd9 100644 --- a/components/dm/spec/logic.go +++ b/components/dm/spec/logic.go @@ -127,6 +127,7 @@ func (i *MasterInstance) InitConfig( paths.Deploy, paths.Data[0], paths.Log, + enableTLS, ).WithPort(spec.Port).WithNumaNode(spec.NumaNode).WithPeerPort(spec.PeerPort).AppendEndpoints(i.topo.Endpoints(deployUser)...).WithV1SourcePath(spec.V1SourcePath) fp := filepath.Join(paths.Cache, fmt.Sprintf("run_dm-master_%s_%d.sh", i.GetHost(), i.GetPort())) @@ -203,6 +204,7 @@ func (i *MasterInstance) ScaleConfig( return err } + enableTLS := i.topo.GlobalOptions.TLSEnabled c := topo.(*Specification) spec := i.InstanceSpec.(*MasterSpec) cfg := scripts.NewDMMasterScaleScript( @@ -211,6 +213,7 @@ func (i *MasterInstance) ScaleConfig( paths.Deploy, paths.Data[0], paths.Log, + enableTLS, ).WithPort(spec.Port).WithNumaNode(spec.NumaNode).WithPeerPort(spec.PeerPort).AppendEndpoints(c.Endpoints(deployUser)...) fp := filepath.Join(paths.Cache, fmt.Sprintf("run_dm-master_%s_%d.sh", i.GetHost(), i.GetPort())) @@ -302,6 +305,7 @@ func (i *WorkerInstance) InitConfig( i.GetHost(), paths.Deploy, paths.Log, + enableTLS, ).WithPort(spec.Port).WithNumaNode(spec.NumaNode).AppendEndpoints(i.topo.Endpoints(deployUser)...) fp := filepath.Join(paths.Cache, fmt.Sprintf("run_dm-worker_%s_%d.sh", i.GetHost(), i.GetPort())) if err := cfg.ConfigToFile(fp); err != nil { @@ -479,7 +483,8 @@ func (topo *Specification) Endpoints(user string) []*scripts.DMMasterScript { s.Host, deployDir, dataDir, - logDir). + logDir, + topo.GlobalOptions.TLSEnabled). WithPort(s.Port). WithPeerPort(s.PeerPort) ends = append(ends, script) diff --git a/embed/templates/scripts/run_dm-master.sh.tpl b/embed/templates/scripts/run_dm-master.sh.tpl index b1c50b9277..c7e04180fa 100644 --- a/embed/templates/scripts/run_dm-master.sh.tpl +++ b/embed/templates/scripts/run_dm-master.sh.tpl @@ -26,7 +26,7 @@ exec bin/dm-master/dm-master \ {{- end}} --name="{{.Name}}" \ --master-addr="{{.IP}}:{{.Port}}" \ - --advertise-addr="{{.IP}}:{{.Port}}" \ + --advertise-addr="{{.Scheme}}://{{.IP}}:{{.Port}}" \ --peer-urls="{{.IP}}:{{.PeerPort}}" \ --advertise-peer-urls="{{.IP}}:{{.PeerPort}}" \ --log-file="{{.LogDir}}/dm-master.log" \ diff --git a/embed/templates/scripts/run_dm-master_scale.sh.tpl b/embed/templates/scripts/run_dm-master_scale.sh.tpl index 90572b0241..3d53345d0e 100644 --- a/embed/templates/scripts/run_dm-master_scale.sh.tpl +++ b/embed/templates/scripts/run_dm-master_scale.sh.tpl @@ -23,7 +23,7 @@ exec bin/dm-master/dm-master \ {{- end}} --name="{{.Name}}" \ --master-addr="{{.IP}}:{{.Port}}" \ - --advertise-addr="{{.IP}}:{{.Port}}" \ + --advertise-addr="{{.Scheme}}://{{.IP}}:{{.Port}}" \ --peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ --advertise-peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ --log-file="{{.LogDir}}/dm-master.log" \ diff --git a/embed/templates/scripts/run_dm-worker.sh.tpl b/embed/templates/scripts/run_dm-worker.sh.tpl index df11e96e20..2113291cdc 100644 --- a/embed/templates/scripts/run_dm-worker.sh.tpl +++ b/embed/templates/scripts/run_dm-worker.sh.tpl @@ -24,7 +24,7 @@ exec bin/dm-worker/dm-worker \ {{- end}} --name="{{.Name}}" \ --worker-addr="{{.IP}}:{{.Port}}" \ - --advertise-addr="{{.IP}}:{{.Port}}" \ + --advertise-addr="{{.Scheme}}://{{.IP}}:{{.Port}}" \ --log-file="{{.LogDir}}/dm-worker.log" \ --join="{{template "MasterList" .Endpoints}}" \ --config=conf/dm-worker.toml >> "{{.LogDir}}/dm-worker_stdout.log" 2>> "{{.LogDir}}/dm-worker_stderr.log" diff --git a/pkg/cluster/template/scripts/dm_master.go b/pkg/cluster/template/scripts/dm_master.go index d0e52e8e58..3dce4bca17 100644 --- a/pkg/cluster/template/scripts/dm_master.go +++ b/pkg/cluster/template/scripts/dm_master.go @@ -21,6 +21,7 @@ import ( "text/template" "github.com/pingcap/tiup/embed" + "github.com/pingcap/tiup/pkg/utils" ) // DMMasterScript represent the data to generate TiDB config @@ -39,10 +40,10 @@ type DMMasterScript struct { } // NewDMMasterScript returns a DMMasterScript with given arguments -func NewDMMasterScript(name, ip, deployDir, dataDir, logDir string) *DMMasterScript { +func NewDMMasterScript(name, ip, deployDir, dataDir, logDir string, enableTLS bool) *DMMasterScript { return &DMMasterScript{ Name: name, - Scheme: "http", + Scheme: utils.Ternary(enableTLS, "https", "http").(string), IP: ip, Port: 8261, PeerPort: 8291, @@ -137,8 +138,8 @@ type DMMasterScaleScript struct { } // NewDMMasterScaleScript return a new DMMasterScaleScript -func NewDMMasterScaleScript(name, ip, deployDir, dataDir, logDir string) *DMMasterScaleScript { - return &DMMasterScaleScript{*NewDMMasterScript(name, ip, deployDir, dataDir, logDir)} +func NewDMMasterScaleScript(name, ip, deployDir, dataDir, logDir string, enableTLS bool) *DMMasterScaleScript { + return &DMMasterScaleScript{*NewDMMasterScript(name, ip, deployDir, dataDir, logDir, enableTLS)} } // WithScheme set Scheme field of DMMasterScaleScript diff --git a/pkg/cluster/template/scripts/dm_worker.go b/pkg/cluster/template/scripts/dm_worker.go index 1bdd1f6536..535620a398 100644 --- a/pkg/cluster/template/scripts/dm_worker.go +++ b/pkg/cluster/template/scripts/dm_worker.go @@ -20,11 +20,13 @@ import ( "text/template" "github.com/pingcap/tiup/embed" + "github.com/pingcap/tiup/pkg/utils" ) // DMWorkerScript represent the data to generate TiDB config type DMWorkerScript struct { Name string + Scheme string IP string Port int DeployDir string @@ -34,9 +36,10 @@ type DMWorkerScript struct { } // NewDMWorkerScript returns a DMWorkerScript with given arguments -func NewDMWorkerScript(name, ip, deployDir, logDir string) *DMWorkerScript { +func NewDMWorkerScript(name, ip, deployDir, logDir string, enableTLS bool) *DMWorkerScript { return &DMWorkerScript{ Name: name, + Scheme: utils.Ternary(enableTLS, "https", "http").(string), IP: ip, Port: 8262, DeployDir: deployDir, diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 62a22092e7..65b29d1ace 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -62,3 +62,11 @@ func Base62Tag() string { } return string(b) } + +// Ternary operator +func Ternary(condition bool, a, b interface{}) interface{} { + if condition { + return a + } + return b +} From db7c873a69c3d3ff6b44ace7e8df3fbc3d73b342 Mon Sep 17 00:00:00 2001 From: nexustar Date: Tue, 8 Feb 2022 15:28:50 +0800 Subject: [PATCH 3/6] fix schema --- components/dm/spec/logic.go | 1 - embed/templates/scripts/run_dm-master.sh.tpl | 6 +++--- embed/templates/scripts/run_dm-master_scale.sh.tpl | 2 +- embed/templates/scripts/run_dm-worker.sh.tpl | 2 +- pkg/cluster/template/scripts/dm_worker.go | 5 +---- 5 files changed, 6 insertions(+), 10 deletions(-) diff --git a/components/dm/spec/logic.go b/components/dm/spec/logic.go index 72075a0dd9..0566d3003f 100644 --- a/components/dm/spec/logic.go +++ b/components/dm/spec/logic.go @@ -305,7 +305,6 @@ func (i *WorkerInstance) InitConfig( i.GetHost(), paths.Deploy, paths.Log, - enableTLS, ).WithPort(spec.Port).WithNumaNode(spec.NumaNode).AppendEndpoints(i.topo.Endpoints(deployUser)...) fp := filepath.Join(paths.Cache, fmt.Sprintf("run_dm-worker_%s_%d.sh", i.GetHost(), i.GetPort())) if err := cfg.ConfigToFile(fp); err != nil { diff --git a/embed/templates/scripts/run_dm-master.sh.tpl b/embed/templates/scripts/run_dm-master.sh.tpl index c7e04180fa..246e2097ad 100644 --- a/embed/templates/scripts/run_dm-master.sh.tpl +++ b/embed/templates/scripts/run_dm-master.sh.tpl @@ -26,9 +26,9 @@ exec bin/dm-master/dm-master \ {{- end}} --name="{{.Name}}" \ --master-addr="{{.IP}}:{{.Port}}" \ - --advertise-addr="{{.Scheme}}://{{.IP}}:{{.Port}}" \ - --peer-urls="{{.IP}}:{{.PeerPort}}" \ - --advertise-peer-urls="{{.IP}}:{{.PeerPort}}" \ + --advertise-addr="{{.IP}}:{{.Port}}" \ + --peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ + --advertise-peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ --log-file="{{.LogDir}}/dm-master.log" \ --data-dir="{{.DataDir}}" \ --initial-cluster="{{template "MasterList" .Endpoints}}" \ diff --git a/embed/templates/scripts/run_dm-master_scale.sh.tpl b/embed/templates/scripts/run_dm-master_scale.sh.tpl index 3d53345d0e..90572b0241 100644 --- a/embed/templates/scripts/run_dm-master_scale.sh.tpl +++ b/embed/templates/scripts/run_dm-master_scale.sh.tpl @@ -23,7 +23,7 @@ exec bin/dm-master/dm-master \ {{- end}} --name="{{.Name}}" \ --master-addr="{{.IP}}:{{.Port}}" \ - --advertise-addr="{{.Scheme}}://{{.IP}}:{{.Port}}" \ + --advertise-addr="{{.IP}}:{{.Port}}" \ --peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ --advertise-peer-urls="{{.Scheme}}://{{.IP}}:{{.PeerPort}}" \ --log-file="{{.LogDir}}/dm-master.log" \ diff --git a/embed/templates/scripts/run_dm-worker.sh.tpl b/embed/templates/scripts/run_dm-worker.sh.tpl index 2113291cdc..df11e96e20 100644 --- a/embed/templates/scripts/run_dm-worker.sh.tpl +++ b/embed/templates/scripts/run_dm-worker.sh.tpl @@ -24,7 +24,7 @@ exec bin/dm-worker/dm-worker \ {{- end}} --name="{{.Name}}" \ --worker-addr="{{.IP}}:{{.Port}}" \ - --advertise-addr="{{.Scheme}}://{{.IP}}:{{.Port}}" \ + --advertise-addr="{{.IP}}:{{.Port}}" \ --log-file="{{.LogDir}}/dm-worker.log" \ --join="{{template "MasterList" .Endpoints}}" \ --config=conf/dm-worker.toml >> "{{.LogDir}}/dm-worker_stdout.log" 2>> "{{.LogDir}}/dm-worker_stderr.log" diff --git a/pkg/cluster/template/scripts/dm_worker.go b/pkg/cluster/template/scripts/dm_worker.go index 535620a398..1bdd1f6536 100644 --- a/pkg/cluster/template/scripts/dm_worker.go +++ b/pkg/cluster/template/scripts/dm_worker.go @@ -20,13 +20,11 @@ import ( "text/template" "github.com/pingcap/tiup/embed" - "github.com/pingcap/tiup/pkg/utils" ) // DMWorkerScript represent the data to generate TiDB config type DMWorkerScript struct { Name string - Scheme string IP string Port int DeployDir string @@ -36,10 +34,9 @@ type DMWorkerScript struct { } // NewDMWorkerScript returns a DMWorkerScript with given arguments -func NewDMWorkerScript(name, ip, deployDir, logDir string, enableTLS bool) *DMWorkerScript { +func NewDMWorkerScript(name, ip, deployDir, logDir string) *DMWorkerScript { return &DMWorkerScript{ Name: name, - Scheme: utils.Ternary(enableTLS, "https", "http").(string), IP: ip, Port: 8262, DeployDir: deployDir, From b31a5635208771b95ee99056efbd654d9adae8d1 Mon Sep 17 00:00:00 2001 From: nexustar Date: Tue, 8 Feb 2022 16:02:35 +0800 Subject: [PATCH 4/6] fix scale-in when enable TLS --- components/dm/command/scale_in.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/dm/command/scale_in.go b/components/dm/command/scale_in.go index 985f777aca..40f165fca2 100644 --- a/components/dm/command/scale_in.go +++ b/components/dm/command/scale_in.go @@ -46,7 +46,7 @@ func newScaleInCmd() *cobra.Command { b.Func( fmt.Sprintf("ScaleInCluster: options=%+v", gOpt), func(ctx context.Context) error { - return ScaleInDMCluster(ctx, metadata.Topology, gOpt) + return ScaleInDMCluster(ctx, metadata.Topology, gOpt, tlsCfg) }, ).Serial(dmtask.NewUpdateDMMeta(clusterName, metadata, gOpt.Nodes)) } @@ -68,6 +68,7 @@ func ScaleInDMCluster( ctx context.Context, topo *dm.Specification, options operator.Options, + tlsCfg *tls.Config, ) error { // instances by uuid instances := map[string]dm.Instance{} @@ -125,7 +126,7 @@ func ScaleInDMCluster( return errors.New("cannot find available dm-master instance") } - dmMasterClient = api.NewDMMasterClient(dmMasterEndpoint, 10*time.Second, nil) + dmMasterClient = api.NewDMMasterClient(dmMasterEndpoint, 10*time.Second, tlsCfg) noAgentHosts := set.NewStringSet() topo.IterInstance(func(inst dm.Instance) { From 23adcde08f6b3e040664311969012ae1e9e48741 Mon Sep 17 00:00:00 2001 From: nexustar Date: Tue, 8 Feb 2022 17:29:55 +0800 Subject: [PATCH 5/6] add tls for prometheus config --- embed/templates/config/prometheus.yml.tpl | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/embed/templates/config/prometheus.yml.tpl b/embed/templates/config/prometheus.yml.tpl index 6e780f4cc5..68e31bfdfc 100644 --- a/embed/templates/config/prometheus.yml.tpl +++ b/embed/templates/config/prometheus.yml.tpl @@ -373,6 +373,14 @@ scrape_configs: {{- if .DMMasterAddrs}} - job_name: "dm_master" honor_labels: true # don't overwrite job & instance labels +{{- if .TLSEnabled}} + scheme: https + tls_config: + insecure_skip_verify: false + ca_file: ../tls/ca.crt + cert_file: ../tls/prometheus.crt + key_file: ../tls/prometheus.pem +{{- end}} static_configs: - targets: {{- range .DMMasterAddrs}} @@ -383,6 +391,14 @@ scrape_configs: {{- if .DMWorkerAddrs}} - job_name: "dm_worker" honor_labels: true # don't overwrite job & instance labels +{{- if .TLSEnabled}} + scheme: https + tls_config: + insecure_skip_verify: false + ca_file: ../tls/ca.crt + cert_file: ../tls/prometheus.crt + key_file: ../tls/prometheus.pem +{{- end}} static_configs: - targets: {{- range .DMWorkerAddrs}} From 7a1bd5f0e1dbaa78178aadb401bf1dd3415df53c Mon Sep 17 00:00:00 2001 From: nexustar Date: Tue, 8 Feb 2022 17:43:23 +0800 Subject: [PATCH 6/6] fix prune fail when TLS enabled --- components/dm/command/prune.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/components/dm/command/prune.go b/components/dm/command/prune.go index 96db6e8762..659ef246cd 100644 --- a/components/dm/command/prune.go +++ b/components/dm/command/prune.go @@ -20,6 +20,7 @@ import ( "github.com/pingcap/tiup/components/dm/spec" "github.com/pingcap/tiup/pkg/cluster/api" operator "github.com/pingcap/tiup/pkg/cluster/operation" + tidbspec "github.com/pingcap/tiup/pkg/cluster/spec" "github.com/spf13/cobra" "go.uber.org/zap" ) @@ -63,7 +64,11 @@ func clearOutDatedEtcdInfo(clusterName string, metadata *spec.Metadata, opt oper existedWorkers[workerSpec.Name] = struct{}{} } - dmMasterClient := api.NewDMMasterClient(topo.GetMasterList(), 10*time.Second, nil) + tlsCfg, err := topo.TLSConfig(dmspec.Path(clusterName, tidbspec.TLSCertKeyDir)) + if err != nil { + return err + } + dmMasterClient := api.NewDMMasterClient(topo.GetMasterList(), 10*time.Second, tlsCfg) registeredMasters, registeredWorkers, err := dmMasterClient.GetRegisteredMembers() if err != nil { return err