Implement mTLS support in both the mysql backend and probes. #139
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…robe and mysqlInventory
shlomi-noach
reviewed
Feb 7, 2021
There was a problem hiding this comment.
@miguelff neither of us own this repo anymore yet here we are again 😂. Left some comments inline. Let me know what you think!
shlomi-noach
approved these changes
Feb 8, 2021
| if err != nil { | ||
| return nil, err | ||
| } | ||
|
|
||
| db.SetMaxOpenConns(maxConnections) | ||
| db.SetMaxIdleConns(maxConnections) | ||
| log.Debugf("created db at: %s", uri) | ||
| log.Debugf("created db at: %s", url.Redacted()) |
|
Closing as stale |
Closed
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implements the enhancement described in #112
The following docs describe how to use the new feature:
Changes include a small refactoring to remove some unused code and to have a single source of truth for creating DB connection strings, and I pulled most of the TLS setup from gh-ost
This has been tested successfully using the following configuration against docker
mysql:5.7{ "ListenPort": 9777, "BackendMySQLHost": "0.0.0.0", "BackendMySQLPort": 3306, "BackendMySQLSchema": "freno_backend", "BackendMySQLUser": "root", "BackendMySQLPassword": "passw0rd", "BackendMySQLTlsCaCertPath": "▩▩▩▩▩▩▩▩▩▩▩▩▩/ca.pem", "BackendMySQLTlsClientCertPath": "▩▩▩▩▩▩▩▩▩▩▩▩▩/client-cert.pem", "BackendMySQLTlsClientKeyPath": "▩▩▩▩▩▩▩▩▩▩▩▩▩/client-key.pem", "Domain": "us-east-1/production", "ShareDomain": "production", "Stores": { "MySQL": { "User": "root", "Password": "passw0rd", "TlsCaCertPath": "▩▩▩▩▩▩▩▩▩▩▩▩▩/ca.pem", "TlsClientCertPath": "▩▩▩▩▩▩▩▩▩▩▩▩▩/client-cert.pem", "TlsClientKeyPath": "▩▩▩▩▩▩▩▩▩▩▩▩▩/client-key.pem", "MetricQuery": "select unix_timestamp(now(6)) - unix_timestamp(ts) as lag_check from meta.heartbeat order by ts desc limit 1", "ThrottleThreshold": 1.0, "Clusters": { "local": { "User": "root", "Password": "passw0rd", "StaticHostsSettings" : { "Hosts": [ "localhost:3306" ] } } } } } }cc @shlomi-noach