Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

server: support tls for the status server #5393

Merged
merged 3 commits into from
Mar 17, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
66 changes: 66 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,8 @@ futures-util = { version = "0.3.1", default-features = false, features = ["io",
grpcio = { version = "0.5", default-features = false, features = ["openssl-vendored"] }
hex = "0.3"
itertools = "0.8"
openssl = "0.10"
tokio-openssl = "0.2"
hyper = { version = "0.12", default-features = false, features = ["runtime"] }
keys = { path = "components/keys" }
kvproto = { git = "https://github.com/pingcap/kvproto.git", default-features = false }
Expand Down Expand Up @@ -120,6 +122,7 @@ tikv_util = { path = "components/tikv_util" }
time = "0.1"
tipb = { git = "https://github.com/pingcap/tipb.git", default-features = false }
tokio = { version = "0.2", features = ["sync"] }
tokio-tcp = "0.1"
tokio-core = "0.1"
tokio-fs = "0.1.6"
tokio-io = "0.1.12"
Expand All @@ -144,8 +147,10 @@ git = "https://github.com/tikv/yatp.git"
[dev-dependencies]
panic_hook = { path = "components/panic_hook" }
test_sst_importer = { path = "components/test_sst_importer" }
test_util = { path = "components/test_util" }
tokio = { version = "0.2", features = ["macros", "rt-threaded", "time"] }
zipf = "5.0.1"
hyper-openssl = "0.7"

[patch.crates-io]
# TODO: remove this when new raft-rs is published.
Expand Down
5 changes: 4 additions & 1 deletion cmd/src/server.rs
Original file line number Diff line number Diff line change
Expand Up @@ -755,7 +755,10 @@ impl TiKVServer {
server.pd_sender.clone(),
));
// Start the status server.
if let Err(e) = status_server.start(self.config.server.status_addr.clone()) {
if let Err(e) = status_server.start(
self.config.server.status_addr.clone(),
&self.config.security,
) {
error!(
"failed to bind addr for status service";
"err" => %e
Expand Down
20 changes: 0 additions & 20 deletions components/test_util/data/ca.crt

This file was deleted.

22 changes: 22 additions & 0 deletions components/test_util/data/ca.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDojCCAoqgAwIBAgIUdZFW8VQoZZzek8cA+5GGu6ZInjowDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl
aWppbmcxEDAOBgNVBAoTB1BpbmdDQVAxEjAQBgNVBAMTCU15IG93biBDQTAeFw0x
OTA5MDIwNjEyMDBaFw0yNDA4MzEwNjEyMDBaMFcxCzAJBgNVBAYTAkNOMRAwDgYD
VQQIEwdCZWlqaW5nMRAwDgYDVQQHEwdCZWlqaW5nMRAwDgYDVQQKEwdQaW5nQ0FQ
MRIwEAYDVQQDEwlNeSBvd24gQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDcDtQ7UX+xlVY0vpklp1uUmPoFsN0U6fqRzHU+LvYS5AM5RPJMVLiKBiSi
zGsB+XPmXZ8H7rZZ+osZsEmDIF3HdyiSNpPNzRJKxsz4KVRzfoKZXL9D41TpuE27
+7tN6qGytYrnAy8cHMA0S1TnQ0biOFTcXZrwh5lvlIcx7ceUamGuEl94tblxSSJl
2SkpHkKIDv0kcgoGmmh4y8SzAtmnwcCjkCSoITvvwKklp5830pFKOnpN9uZJzkXa
tuUSpSji/JG79nQfH91LtL7xMprORVtg9YAa3aJm0Uf33WFvaCTSrt//7CVK8nqK
xayS3u7dNH3GV9b81OGtlR76leFlAgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjAS
BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBS3hxTaN9B7eF8xr0DKLZ3b5vFn
rDAfBgNVHSMEGDAWgBS3hxTaN9B7eF8xr0DKLZ3b5vFnrDANBgkqhkiG9w0BAQsF
AAOCAQEAi9WiEvTQQjmb7ekXHf1tKwdLNu5akQXIwTKeZSWRSeMgqVQcoyTZMPBX
ythl6K3175RUIMtCwO4uZTOpRU1mTl0pIjoEcJGHYX91zyA5BjWahXZttvt7/hyX
UwJN9clBXLfZTCp1ysLCtarLcip4WxWNsxEwXFUisE2gbu3F9ELHAbRSVUe/CwC6
8BkY+G+fovazjGoTV4NadJVFRzTR/zsWkBNllBOBTrop8FH23ePVh3hXafzJlcip
bDbRxNqSzNtLr88mwswklgiIHXF6PY2TkyscsXVkHPAswZnrv4lLov7M3VjL8ITA
uYm4Me5Tmj+6pb+Foky15+ehmicQbA==
-----END CERTIFICATE-----
27 changes: 27 additions & 0 deletions components/test_util/data/key.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAsRpq/E/VC82YxsC5LlKFvI9HJuchMtKskn53anW4rNE3sfN0
WDS6qCyxNumUVBqO98J18xxbz/XkV7aP6TcXZrNgEqw07PZWTDoyZVi+n9HXyWwl
BeiE2WWrCESqsar+cXV5UE3oE7Y4CT56tMN+awKqnf1zLyRl9DlqSg1/GabheVzz
fGhdqddqdpAZcaOHH8UMEWdnZ4qTFaaGNRlrRy3W0VjzgIocQorpvvtZkQM5iCxx
z9wuF9/6gGdopTA0J2SvZKa+oI/867NLpN5Hx+cn/ThHhCTh1N34Ulloa0aiou72
mGgyMIdQxYAsRnG62EHn+9aPtegIjQd13Be9/wIDAQABAoIBAHJ8v3iIKxNMP10M
rSlS032HqdluRLnUExdIhe3eWBnvze9NkIKM47Vf3te+u9J6sL1dil40kO2o6YoC
TJnYsVoEzzCC/lvJCxSP8pAthF1QjAx7yps9KtRWsu/PZAEipwW1iUzub/5+J09i
gnRkhE6tFJq5g0KQZxAwJZPlkaqEcZIOObfh9zD9hutvCPmXBtB600EbQU4XzyjP
KaU08LtNZVm4mhKMuhXuFt8LBkjjfuw6zNcjsvgMkyflFTLc/SgWWIpq1ALHQCsq
OiFfTPyuLy+8tGTbawvRIqiHHRd23XttPcfkdfWbNVTSBfodTOhXGFaVYbJ6EVA4
OzVzftECgYEAz/D99wpWbjU8vye5cjKjZCY/+QnY0t76YsUmfD9+fQNBDSQnKCKj
6nO6oYFQ9RI/vPMfrNX0sqo5hKfufNBCr/MILDXR6vtcEuaqd84DgaPVPRjHef6v
paYUi0Enb3gF3LXYggTN1mz9leEW8BablTN/DLP5AAvMfM/XSkVzlIsCgYEA2gjc
mcUDL1smAvriFVmpD4IrPzaZ9kINOfFNqkp/+y7S0BZGeS5ESSodrs0CIojttp3o
9GL7QLhZ9DehJWfh2qfA5mvzKGzUeM2oapR2Ts/m3voS4ErPTm+cTBOjRe3gGSSN
4sAJ5LA071RfNjEZBSktow//WX/oWrhIyovnxt0CgYBxyge/4xlO77URSdSySEGf
MUs6pYfQRRKxb/9SaJB4KoqzfUAsN2CJkNDlRlWd9mGIrWZ89wwTpREapabdCD4l
+JFVWBJKS0ikUzOfoc3LaHLtHx0xhgxqUkrVtU62MfDLSXt0Etrs5vGRzf32Xfi/
mdGBiw7MVqiM+FNwojbQZwKBgDly5E1P78rmhVl7qV5exYDkl2iMhnywYrPFtOUN
xDL2320csWz0l+F/S1rngYx/78KSUPMzsWgYKvuCPN+SQ5xNXzJXdzZLlqBN7/ZF
L/cMKJTP53FZxM2x8sjI09h1GPsG+quoVfL/yrLU1FF/FkyZ0QCKEooOfbaJoARe
YK+xAoGAfT0P200WsLKRl73XYJZNYQl5+h5s7Sk9J8QuPwFWqm/mGwYKTLI042jg
lsAym4krAR0c1CHTW3aHRimYpYbi7/kztZU1zUQgcGL+79afer3ZuFF7mGzR+I/r
yOQ2dEfmVASfl/fMh1qyExpcCaMuejaODWyILlxOwvnywHWMSCU=
-----END RSA PRIVATE KEY-----
19 changes: 0 additions & 19 deletions components/test_util/data/server.crt

This file was deleted.

49 changes: 22 additions & 27 deletions components/test_util/data/server.pem
Original file line number Diff line number Diff line change
@@ -1,27 +1,22 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2i5r+HQVIEbKr7wHemWCmbkkmbS0NSogGf9VgZuw033Qo3gc
gqL6NvYx7nIk+615UnFHUftQhnuWFjLIXHTtg0VgIg4uGU6gAw7DUygspQ+clGuD
66796ThF2UuDKDzWmgRzi8xzWiF3L9RhCv5dT+07b6+0QdLFUsjDKFqtfZ+YuE41
wVTZpmgxemayd1D0zrisAn0CMpUKZOY2btpW38K6oI5nq2PzZRU8GtEfCKLgKoFN
zR/RtGYz2mnnBvs4WufPSPILblNqB1k1zXJYzqLxy3rxhbAWxaXG2hYZxkwhSRIg
8yMH6Hkvehzm3fu2rgWOra+sR/D1ujMZNZWh4QIDAQABAoIBAEfb/EGzcfXUexNQ
OaJNZqtcuDpLswLDohkN6MqsTZwKlzoP6Ev6g7Cwe5eOTrH527iUiKnuvQHeGHut
NCKHfGa85cGxq+s34ym+pgRweevPbYHQu31XgFdc6lx8K3GIQCIwDyJfLyrjVM8T
AvdM+czGVMofM55uXgE7EFPtMbDq0JKHj/A0uAd8+3WKTWebshVxi2h7ejGQK5fO
xi3WzeeAYu65lX7rrqDT9bFZFXuyxd5mhZFJYxG9KxYgI3rRhYLuLDMZHLT0N0wn
M2mcf4lRgoXQr+stzyT5P43fu1QM+FaNZ8uhBUGJm6nRi3cw8QIqWfTzvb22PLvk
NPhznLECgYEA/sbfqqAfm7GH8WGWfAKJLTd4tdoAHn17udTAZWn5Kegy0q+81YMj
BIiETrnpGQRxIZnCJw+aHU/lic5dbkD0ZwvDR5+CNzQjxs4y/hTpjNEsaCKyArSm
jWvuy6mYWcwM1Lp5yuUpL7VQk9x7maXD+7a97xYL2/9t3/CyYS/+zqUCgYEA2zqS
Rbor7dbVkKgDzgRtt8GGC2k+yz1U1rBnHke/OSfUSUBbrdUr7ybsAa3qon02LGA7
+qidDY4j+s+PQfTr4SMTCOXlV1DpMpJd5+qh5yPXe+XThu+FWh1CXdcWI0XT+/9B
0AwLgWzAuRU/m1JIBhMZakEBasRzQiqB1deWvY0CgYBmM/0xgz5qxJLWH+GwKYxB
2UjRGnyFvqzNZS0xAYv0ZbNNlTXZKNv5S5JXynhZktCXPAkIhle6fnyEBYaxXdkt
JSjXKIOiBYZ8j+cgyd7OoHKB67khILrXbH7EsGnvS82x4IRPAhK9kqyaRA5JGpg9
95bFvEBRpmu7M+E633gGCQKBgQCSjYYpDLq/JUXhjR/2AinilIFqcXHj5d0oJAbb
TDU+HS0hxt9CxuW22vscaEoZU8D6S17tQviyjhnpWgW3nuZsu8jGwwDcrR8niocy
OT0ASoqLrekJJGeuBS9PkjCfZde/dzVkwhiS7cOsNtMtnwS84tmzmT88Q5WVXtsq
vBNuJQKBgQDgf4GyhMwooWWJy7dkgrLdd5/WIrBIgXi3l731GytEDaQZyWGgNpXN
jiW67honEyX/TX59Fw5nU3eFodvjsPZFDHvhFb6QPUikgnY4TEuR03wxiiTzQO5a
zcG3Oyw62OSzUuI7Yu7nDkV5Pr1BYvHoL3mM7NqqrQOpD9zMuLv1Gg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIDlTCCAn2gAwIBAgIUGKdjy/Uqp64ZiwqMwpTMGP5tKT0wDQYJKoZIhvcNAQEL
BQAwVzELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl
aWppbmcxEDAOBgNVBAoTB1BpbmdDQVAxEjAQBgNVBAMTCU15IG93biBDQTAgFw0x
OTA5MDIwNjEzMDBaGA8yMTE5MDgwOTA2MTMwMFowFjEUMBIGA1UEAxMLdGlrdi1z
ZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCxGmr8T9ULzZjG
wLkuUoW8j0cm5yEy0qySfndqdbis0Tex83RYNLqoLLE26ZRUGo73wnXzHFvP9eRX
to/pNxdms2ASrDTs9lZMOjJlWL6f0dfJbCUF6ITZZasIRKqxqv5xdXlQTegTtjgJ
Pnq0w35rAqqd/XMvJGX0OWpKDX8ZpuF5XPN8aF2p12p2kBlxo4cfxQwRZ2dnipMV
poY1GWtHLdbRWPOAihxCium++1mRAzmILHHP3C4X3/qAZ2ilMDQnZK9kpr6gj/zr
s0uk3kfH5yf9OEeEJOHU3fhSWWhrRqKi7vaYaDIwh1DFgCxGcbrYQef71o+16AiN
B3XcF73/AgMBAAGjgZcwgZQwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsG
AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBTw7yUYqbAv
BJw3zZctLUfUi0vyqzAfBgNVHSMEGDAWgBS3hxTaN9B7eF8xr0DKLZ3b5vFnrDAV
BgNVHREEDjAMhwSsEAUohwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQCBljfge2fC
5X+tt1v7AkWoH5xpymEVvuIWWJmT/6FNTn1rdnIaxWCQzJbBCXjZS/75lKnwfrTB
ZK7iMv1GQaBevT/qm+7GcApsr5nFrI/MvzrvY+XRqvU8gsRhUjHYI+JPLGWxhzZD
pQdJTAGvsDLHu1VVdHR2KsE4M8ceGq58f7zPSq/suf+8SYEOFP8zfuXX1HfUrFVe
69ZQw8PZh4EYL0PYtE5BYfe9iJyFNNtZiejiribMQz/NtNkKM3M+Hm40ULGuwHXq
bKDjDq1PvmpVb/kKO/xADTIAbqproXETZ4W2keI3hwm6NxysvEbYV9+puQBXQqwT
KOt9Lo4ofSAF
-----END CERTIFICATE-----
8 changes: 4 additions & 4 deletions components/test_util/src/security.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@ use tikv_util::security::SecurityConfig;
pub fn new_security_cfg() -> SecurityConfig {
let p = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
SecurityConfig {
ca_path: format!("{}", p.join("data/ca.crt").display()),
cert_path: format!("{}", p.join("data/server.crt").display()),
key_path: format!("{}", p.join("data/server.pem").display()),
override_ssl_target: "example.com".to_owned(),
ca_path: format!("{}", p.join("data/ca.pem").display()),
cert_path: format!("{}", p.join("data/server.pem").display()),
key_path: format!("{}", p.join("data/key.pem").display()),
override_ssl_target: "".to_owned(),
cipher_file: "".to_owned(),
}
}
7 changes: 7 additions & 0 deletions src/server/errors.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ use std::result;

use grpcio::Error as GrpcError;
use hyper::Error as HttpError;
use openssl::error::ErrorStack as OpenSSLError;
use protobuf::ProtobufError;
use tokio_sync::oneshot::error::RecvError;

Expand Down Expand Up @@ -106,6 +107,12 @@ quick_error! {
display("{:?}", err)
description(err.description())
}
OpenSSL(err: OpenSSLError) {
from()
cause(err)
display("{:?}", err)
description(err.description())
}
}
}

Expand Down
Loading