dm tiup dm and ssl

Before asking a question, make sure you have

[X] Searched existing Stack Overflow questions
[X] Googled your question
[X] Searched open and closed GitHub issues
[X] Read the documentation - Detailed documentation - 简体中文文档

What is your question?

I have issue that once I started to use ssl "tiup dm display" is not working. Do I miss something or is it a bug?
dmctl CLI has ssl options to connect to endpoint, while dm is missing any such options.
I generated separate key pairs for master, worker and client as it stated in documentation. Other options like dm options like start, stop, deploy, destroy work fine.

Versions:

[root@dm-test-mst01 log]# tiup dmctl -V
Starting component `dmctl`: /root/.tiup/components/dmctl/v2.0.7/dmctl/dmctl -V
Release Version: v2.0.7
Git Commit Hash: cd46eee3f1d00d6c78888e4a38daf80f29c69266
Git Branch: heads/refs/tags/v2.0.7
UTC Build Time: 2021-09-29 07:40:02
Go Version: go version go1.16.4 linux/amd64

[root@dm-test-mst01 log]# tiup dm -v
Starting component `dm`: /root/.tiup/components/dm/v1.6.0/tiup-dm -v
tiup version 1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@dm-test-mst01 log]#

Cluster creation goes fine:

tiup dm deploy test v2.0.7 /root/.tiup/topology.yaml -y
tiup dm start  test --ssh=system"
tiup dmctl --master-addr="10.3.2.3:8261" operate-source create /root/.tiup/source-source1.yaml --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem    --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem  --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
tiup dmctl --master-addr="10.3.2.3:8261" start-task /root/.tiup/task-task1.yaml --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem    --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem  --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem

But once I query dm status it shows down:

[root@dm-test-mst01 ~]# tiup dm display    test --ssh=system
Starting component `dm`: /root/.tiup/components/dm/v1.6.0/tiup-dm display test --ssh=system
Cluster type:       dm
Cluster name:       test
Cluster version:    v2.0.7
Deploy user:        root
SSH type:           builtin
ID             Role       Host      Ports      OS/Arch       Status  Data Dir                               Deploy Dir
--             ----       ----      -----      -------       ------  --------                               ----------
10.3.2.3:8261  dm-master  10.3.2.3  8261/8291  linux/x86_64  Down    /opt/tidb/dm/data-test/dm-master-8261  /opt/tidb/dm/deploy-test/dm-master-8261
10.3.2.2:8262  dm-worker  10.3.2.2  8262       linux/x86_64  N/A     /opt/tidb/dm/data-test/dm-worker-8262  /opt/tidb/dm/deploy-test/dm-worker-8262
Total nodes: 2
[root@dm-test-mst01 ~]#

dm-master.log show tha tdm does not like not https query:

[2021/10/18 06:36:10.728 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53700] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[2021/10/18 06:36:12.105 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53704] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[2021/10/18 06:36:12.428 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53706] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[2021/10/18 06:36:20.183 +00:00] [INFO] [server.go:2206] [payload="op:Skip task:\"test\" "] [request=HandleError]
[2021/10/18 06:36:20.183 +00:00] [INFO] [server.go:2088] ["sources: [source1]"]
[2021/10/18 06:36:25.609 +00:00] [INFO] [server.go:2206] [payload="name:\"test\" "] [request=QueryStatus]
[2021/10/18 06:36:59.785 +00:00] [WARN] [config_logging.go:279] ["rejected connection"] [component="embed etcd"] [remote-addr=10.3.2.3:53726] [server-name=] [error="tls: first record does not look like a TLS handshake"]
[root@dm-test-mst01 log]#

Although dmctl with ssl goes fine:

[root@dm-test-mst01 ~]# tiup dmctl --master-addr=10.3.2.3:8261 operate-source show  --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem    --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem  --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem 
Starting component `dmctl`: /root/.tiup/components/dmctl/v2.0.7/dmctl/dmctl --master-addr=10.3.2.3:8261 operate-source show --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
{
    "result": true,
    "msg": "",
    "sources": [
        {
            "result": true,
            "msg": "",
            "source": "source1",
            "worker": "dm-10.3.2.2-8262"
        }
    ]
}



[root@dm-test-mst01 ~]# tiup dmctl --master-addr=10.3.2.3:8261 query-status test  --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
Starting component `dmctl`: /root/.tiup/components/dmctl/v2.0.7/dmctl/dmctl --master-addr=10.3.2.3:8261 query-status test --ssl-ca /opt/tidb/dm/deploy-test/conf/tidb-dm-ca.pem --ssl-cert /opt/tidb/dm/deploy-test/conf/client-cert.pem --ssl-key /opt/tidb/dm/deploy-test/conf/client-key.pem
{
    "result": true,
    "msg": "",
    "sources": [
        {
            "result": true,
            "msg": "",
            "sourceStatus": {
                "source": "source1",
                "worker": "dm-10.3.2.2-8262",
                "result": null,
                "relayStatus": null
            },
            "subTaskStatus": [
                {
                    "name": "test",
                    "stage": "Running",
                    "unit": "Sync",
                    "result": null,
                    "unresolvedDDLLockID": "",
                    "sync": {
                        "totalEvents": "0",
                        "totalTps": "0",
                        "recentTps": "0",
                        "masterBinlog": "(mariadb-bin.000006, 24348)",
                        "masterBinlogGtid": "0-1097617723-355",
                        "syncerBinlog": "(, 0)",
                        "syncerBinlogGtid": "0-1097617723-349",
                        "blockingDDLs": [
                        ],
                        "unresolvedGroups": [
                        ],
                        "synced": false,
                        "binlogType": "remote",
                        "secondsBehindMaster": "0"
                    }
                }
            ]
        }
    ]
}

Oct 18 '21 07:10 kzinas-adv

Hi, what's your version of TiUP and tiup dm?

also @lucklove PTAL

Oct 18 '21 07:10 lance6716

Tiup version

[root@dm-test-mst01 ~]# tiup -v
1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@adv-dev-dm-test-mst01 ~]#

Dm version, you can also find the in initial post.

[root@adv-dev-dm-test-mst01 ~]# tiup -v
1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@dm-test-mst01 ~]# tiup dm -v
Starting component `dm`: /root/.tiup/components/dm/v1.6.0/tiup-dm -v
tiup version 1.6.0 tiup
Go Version: go1.17.1
Git Ref: v1.6.0
GitHash: 0295c073463edc68696542f4ec9c9f5b4c07c5c1
[root@adv-dev-dm-test-mst01 ~]#

Oct 18 '21 08:10 kzinas-adv

currently tiup-dm doesn’t support SSL. welcome to file a feature request in pingcap/tiup

Oct 18 '21 08:10 lance6716

dm dm copied to clipboard

tiup dm and ssl

Before asking a question, make sure you have

What is your question?

dm
dm copied to clipboard