-
Notifications
You must be signed in to change notification settings - Fork 261
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: enable configuration of the tls parameter for the mysql connection. i.e. tls=preferred #1300
Conversation
For communication from manager to mysql server, use `tls=preferred` parameter to enable TLS whenever possible. Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
Can tls be changed to manager configuration? https://github.com/dragonflyoss/Dragonfly2/blob/main/manager/config/config.go#L71 |
@gaius-qi Yes I like that better, I will make the change. |
Thx |
Allow the user to specify the tls setting for the mysql connection. An example would be setting tls to "preferred", or "true". This is separate to the tlsConfig config parameter, which is used to set up a custom tls config, where tls key/certs are specified. See the tls parameter section in the below link: https://pkg.go.dev/github.com/go-sql-driver/mysql#section-readme Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@gaius-qi I have updated the PR to add it to the configuration, and created a PR to update the docs here: dragonflyoss/d7y.io#79 |
You can refer to harbor, TLSConfig is used to set the SSL mode, do not rename the TLS configuration. When ssl mode is preferred and skip-verify set InsecureSkipVerify to true. https://github.com/goharbor/harbor/blob/main/src/vendor/github.com/go-sql-driver/mysql/dsn.go#L48 |
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
Please fix unit tests. @embroede
|
Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
@gaius-qi Sorry about that, fixed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
…ion. i.e. tls=preferred (#1300) * Default to tls=preferred for mysql connection For communication from manager to mysql server, use `tls=preferred` parameter to enable TLS whenever possible. Signed-off-by: Edward Broeder <eddie.broeder@intel.com> * Make mysql tls parameter configurable Allow the user to specify the tls setting for the mysql connection. An example would be setting tls to "preferred", or "true". This is separate to the tlsConfig config parameter, which is used to set up a custom tls config, where tls key/certs are specified. See the tls parameter section in the below link: https://pkg.go.dev/github.com/go-sql-driver/mysql#section-readme Signed-off-by: Edward Broeder <eddie.broeder@intel.com>
Description
Enable configuration of the tls parameter for the mysql connection. An example would be setting tls to "preferred", or "true". This is separate from the tlsConfig (renamed from tls) parameter in manager.yaml, which is used to setup a custom tls config, where tls key/certs are specified. This will fix the case where the manager cannot connect to a server that requires TLS.
See the tls parameter section in the below link:
https://pkg.go.dev/github.com/go-sql-driver/mysql#section-readme
Related Issue
#1299
Motivation and Context
Currently Manager cannot connect to a MySQL database that requires TLS, without fully configuring certs/keys (functionality added in #1015). By making this configurable, TLS can be used (even with only password authentication).
Types of changes
Checklist