(tls) tikv start command line should add option of "advertise-status-addr"
mayjiang0203 opened this issue · 2 comments
Bug Report
What version of Kubernetes are you using?
What version of TiDB Operator are you using?
What storage classes exist in the Kubernetes cluster and what are used for PD/TiKV pods?
What's the status of the TiDB cluster pods?
What did you do?
What did you expect to see?
After enable tls between TiDB Components,show tikv config in sql should work fine.
What did you see instead?
Now tikv start as following
root 1 5.7 1.3 7635404 5492836 ? Ssl Dec11 80:03 /tikv-server --pd=https://tc-pd:2379 --advertise-addr=tc-tikv-0.tc-tikv-peer.testbed-hongmei-fips-operator-x
b9wb.svc:20160 --addr=0.0.0.0:20160 --status-addr=0.0.0.0:20180 --data-dir=/var/lib/tikv/data --capacity=1000GB --config=/etc/tikv/tikv.toml
tidb show tikv status address as IP
While if enable tls according this docs,show tikv config from sql will failed.
https://docs.pingcap.com/zh/tidb-in-kubernetes/stable/enable-tls-between-components
mysql> show config WHERE type = 'tikv';
Empty set, 5 warnings (0.27 sec)
mysql> show warnings;
+---------+------+-------------------------------------------------------------------------------------------------------------------------------------------------+
| Level | Code | Message |
+---------+------+-------------------------------------------------------------------------------------------------------------------------------------------------+
| Warning | 1105 | Get "https://10.233.94.201:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.94.201](http://10.233.94.201/) |
| Warning | 1105 | Get "https://10.233.109.82:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.109.82](http://10.233.109.82/) |
| Warning | 1105 | Get "https://10.233.102.143:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.102.143](http://10.233.102.143/) |
| Warning | 1105 | Get "https://10.233.94.176:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.94.176](http://10.233.94.176/) |
| Warning | 1105 | Get "https://10.233.85.198:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.85.198](http://10.233.85.198/) |
+---------+------+-------------------------------------------------------------------------------------------------------------------------------------------------+
5 rows in set (0.01 sec)
could you try to set .spec.enableDynamicConfiguration=true
? when this is set, TiDB Operator will append advertise-status-addr
for TiKV
It works:
mysql> select * from INFORMATION_SCHEMA.cluster_info;
+------+----------------------------------------------------------------------+----------------------------------------------------------------------+------------+------------------------------------------+----------------------+--------------------+-----------+
| TYPE | INSTANCE | STATUS_ADDRESS | VERSION | GIT_HASH | START_TIME | UPTIME | SERVER_ID |
+------+----------------------------------------------------------------------+----------------------------------------------------------------------+------------+------------------------------------------+----------------------+--------------------+-----------+
| tidb | tc-tidb-1.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:4000 | tc-tidb-1.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:10080 | 6.5.0 | bfbcedfaea959b5c875f3d6f6f9dae6bbd94f414 | 2023-12-15T03:38:02Z | 1h43m30.013905042s | 3827903 |
| tidb | tc-tidb-0.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:4000 | tc-tidb-0.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:10080 | 6.5.0 | bfbcedfaea959b5c875f3d6f6f9dae6bbd94f414 | 2023-12-15T03:38:02Z | 1h43m30.013914227s | 1291877 |
| pd | tc-pd-1.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379 | tc-pd-1.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379 | 6.5.0-fips | 8e509aa9bd4cb0a5fa5792ed5666c8df8777cc7c | 2023-12-15T03:34:09Z | 1h47m23.013917789s | 0 |
| pd | tc-pd-0.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379 | tc-pd-0.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379 | 6.5.0-fips | 8e509aa9bd4cb0a5fa5792ed5666c8df8777cc7c | 2023-12-15T03:34:17Z | 1h47m15.013921061s | 0 |
| pd | tc-pd-2.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379 | tc-pd-2.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379 | 6.5.0-fips | 8e509aa9bd4cb0a5fa5792ed5666c8df8777cc7c | 2023-12-15T03:33:39Z | 1h47m53.013926285s | 0 |
| tikv | tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20160 | tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 | 6.5.6 | afad6c2d830553841e01dc30e808b007c1ddd995 | 2023-12-15T03:35:20Z | 1h46m12.013929561s | 0 |
| tikv | tc-tikv-0.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20160 | tc-tikv-0.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 | 6.5.6 | afad6c2d830553841e01dc30e808b007c1ddd995 | 2023-12-15T03:35:20Z | 1h46m12.01393266s | 0 |
| tikv | tc-tikv-2.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20160 | tc-tikv-2.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 | 6.5.6 | afad6c2d830553841e01dc30e808b007c1ddd995 | 2023-12-15T03:35:50Z | 1h45m42.013935641s | 0 |
+------+----------------------------------------------------------------------+----------------------------------------------------------------------+------------+------------------------------------------+----------------------+--------------------+-----------+
8 rows in set (0.12 sec)
mysql> exit
[root@tc-tikv-1 /]# ps aux |more
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 2.4 0.3 2879416 1465384 ? Ssl 03:35 2:34 /tikv-server --pd=https://tc-pd:2379 --advertise-addr=tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g
5cln.svc:20160 --addr=0.0.0.0:20160 --status-addr=0.0.0.0:20180 --advertise-status-addr=tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 --data-dir=/var/
lib/tikv/data --capacity=1000GB --config=/etc/tikv/tikv.toml
root 139 0.0 0.0 4448 3596 pts/0 Ss 05:21 0:00 sh
root 145 0.0 0.0 4836 4060 pts/0 S 05:21 0:00 bash
root 179 0.0 0.0 7536 3440 pts/0 R+ 05:22 0:00 ps aux
root 180 0.0 0.0 3236 1216 pts/0 S+ 05:22 0:00 more