New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: update codis fe / proxy with tls; topom updated #2383
base: unstable
Are you sure you want to change the base?
Conversation
@AlexStocks please look into it. |
codis/cert.pem
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's better not to provide the public key file. Instead, you can add a generation command in the readme.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@machinly the public key file is definitely a dummy one.
you put "filesystem" as default, surely a dummy version is fine right? ... maybe you can modify with error message generated when there's no cert / key files present after you merge this and delete them. will that do fine?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not modify the default configuration
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you only pull what is needed?
codis/key.pem
Outdated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's better not to provide the private key file. Instead, you can add a generation command in the readme.
codis/pkg/proxy/config.go
Outdated
jodis_name = "" | ||
jodis_addr = "" | ||
jodis_name = "etcd" | ||
jodis_addr = "127.0.0.1:2379" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not modify the default parameter values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you only pull what is needed?
codis/pkg/topom/config.go
Outdated
@@ -25,8 +25,10 @@ const DefaultConfig = ` | |||
# Set Coordinator, only accept "zookeeper" & "etcd" & "filesystem". | |||
# for zookeeper/etcd, coorinator_auth accept "user:password" | |||
# Quick Start | |||
coordinator_name = "filesystem" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not modify the default parameter values
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you only pull what is needed?
codis/config/proxy.toml
Outdated
# slow command list e.g. hgetall, mset | ||
slow_cmd_list = "" | ||
# quick command list | ||
quick_cmd_list = "get,set" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do not modify the default configuration
CODIS_FE_ADDR="0.0.0.0:9090" | ||
CODIS_FE_TLS=1 | ||
CODIS_FE_TLS_KEY="/usr/local/src/pika/codis/key.pem" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Comment this code
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you help add the rest?
noted. will revert. |
@machinly pls check again, i've done all. sorry for the issues. |
Judging from your code, you want to add the TLS protocol to the redis protocol port of the proxy layer. If so, can dashboard and fe not add TLS? Because they interact through the http protocol, the proxy's redis protocol port is only responsible for the user's redis client connection. |
@luky116 sorry was busy playing with lru benchmark tests update here so a bit lagged behind on pika (but it's on my radar daily). back to your question...
good? |
you need to use redis-cli with secure tls to connect put pls remember it will only use tls for proxy if it's set to true. so accordingly, we will need to put tls-something for everything else etc where we want tls to have. so maybe tls-pika = true in future when pika has tls? but proxy shld definitely have tls. |
codis fe / proxy tls + topom update