(tls) tikv start command line should add option of "advertise-status-addr"

Question

(tls) tikv start command line should add option of "advertise-status-addr"

mayjiang0203 opened this issue 10 months ago · 2 comments

mayjiang0203 commented 10 months ago

Bug Report

What version of Kubernetes are you using?

What version of TiDB Operator are you using?

What storage classes exist in the Kubernetes cluster and what are used for PD/TiKV pods?

What's the status of the TiDB cluster pods?

What did you do?

What did you expect to see?
After enable tls between TiDB Components，show tikv config in sql should work fine.

What did you see instead?
Now tikv start as following

root         1  5.7  1.3 7635404 5492836 ?     Ssl  Dec11  80:03 /tikv-server --pd=https://tc-pd:2379 --advertise-addr=tc-tikv-0.tc-tikv-peer.testbed-hongmei-fips-operator-x
b9wb.svc:20160 --addr=0.0.0.0:20160 --status-addr=0.0.0.0:20180 --data-dir=/var/lib/tikv/data --capacity=1000GB --config=/etc/tikv/tikv.toml

tidb show tikv status address as IP

While if enable tls according this docs，show tikv config from sql will failed.
https://docs.pingcap.com/zh/tidb-in-kubernetes/stable/enable-tls-between-components

mysql> show config WHERE type = 'tikv';
Empty set, 5 warnings (0.27 sec)

mysql> show warnings;
+---------+------+-------------------------------------------------------------------------------------------------------------------------------------------------+
| Level   | Code | Message                                                                                                                                         |
+---------+------+-------------------------------------------------------------------------------------------------------------------------------------------------+
| Warning | 1105 | Get "https://10.233.94.201:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.94.201](http://10.233.94.201/)   |
| Warning | 1105 | Get "https://10.233.109.82:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.109.82](http://10.233.109.82/)   |
| Warning | 1105 | Get "https://10.233.102.143:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.102.143](http://10.233.102.143/) |
| Warning | 1105 | Get "https://10.233.94.176:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.94.176](http://10.233.94.176/)   |
| Warning | 1105 | Get "https://10.233.85.198:20180/config": tls: failed to verify certificate: x509: certificate is valid for [127.0.0.1](http://127.0.0.1/), ::1, not [10.233.85.198](http://10.233.85.198/)   |
+---------+------+-------------------------------------------------------------------------------------------------------------------------------------------------+
5 rows in set (0.01 sec)

Answer 1 · 2023-12-14T03:45:29.000Z

could you try to set .spec.enableDynamicConfiguration=true? when this is set, TiDB Operator will append advertise-status-addr for TiKV

Answer 2 · 2023-12-15T05:23:48.000Z

It works:

mysql> select * from INFORMATION_SCHEMA.cluster_info;
+------+----------------------------------------------------------------------+----------------------------------------------------------------------+------------+------------------------------------------+----------------------+--------------------+-----------+
| TYPE | INSTANCE                                                             | STATUS_ADDRESS                                                       | VERSION    | GIT_HASH                                 | START_TIME           | UPTIME             | SERVER_ID |
+------+----------------------------------------------------------------------+----------------------------------------------------------------------+------------+------------------------------------------+----------------------+--------------------+-----------+
| tidb | tc-tidb-1.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:4000  | tc-tidb-1.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:10080 | 6.5.0      | bfbcedfaea959b5c875f3d6f6f9dae6bbd94f414 | 2023-12-15T03:38:02Z | 1h43m30.013905042s |   3827903 |
| tidb | tc-tidb-0.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:4000  | tc-tidb-0.tc-tidb-peer.testbed-hongmei-fips-operator-g5cln.svc:10080 | 6.5.0      | bfbcedfaea959b5c875f3d6f6f9dae6bbd94f414 | 2023-12-15T03:38:02Z | 1h43m30.013914227s |   1291877 |
| pd   | tc-pd-1.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379      | tc-pd-1.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379      | 6.5.0-fips | 8e509aa9bd4cb0a5fa5792ed5666c8df8777cc7c | 2023-12-15T03:34:09Z | 1h47m23.013917789s |         0 |
| pd   | tc-pd-0.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379      | tc-pd-0.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379      | 6.5.0-fips | 8e509aa9bd4cb0a5fa5792ed5666c8df8777cc7c | 2023-12-15T03:34:17Z | 1h47m15.013921061s |         0 |
| pd   | tc-pd-2.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379      | tc-pd-2.tc-pd-peer.testbed-hongmei-fips-operator-g5cln.svc:2379      | 6.5.0-fips | 8e509aa9bd4cb0a5fa5792ed5666c8df8777cc7c | 2023-12-15T03:33:39Z | 1h47m53.013926285s |         0 |
| tikv | tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20160 | tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 | 6.5.6      | afad6c2d830553841e01dc30e808b007c1ddd995 | 2023-12-15T03:35:20Z | 1h46m12.013929561s |         0 |
| tikv | tc-tikv-0.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20160 | tc-tikv-0.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 | 6.5.6      | afad6c2d830553841e01dc30e808b007c1ddd995 | 2023-12-15T03:35:20Z | 1h46m12.01393266s  |         0 |
| tikv | tc-tikv-2.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20160 | tc-tikv-2.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 | 6.5.6      | afad6c2d830553841e01dc30e808b007c1ddd995 | 2023-12-15T03:35:50Z | 1h45m42.013935641s |         0 |
+------+----------------------------------------------------------------------+----------------------------------------------------------------------+------------+------------------------------------------+----------------------+--------------------+-----------+
8 rows in set (0.12 sec)

mysql> exit

[root@tc-tikv-1 /]# ps aux |more
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 2.4 0.3 2879416 1465384 ? Ssl 03:35 2:34 /tikv-server --pd=https://tc-pd:2379 --advertise-addr=tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g
5cln.svc:20160 --addr=0.0.0.0:20160 --status-addr=0.0.0.0:20180 --advertise-status-addr=tc-tikv-1.tc-tikv-peer.testbed-hongmei-fips-operator-g5cln.svc:20180 --data-dir=/var/
lib/tikv/data --capacity=1000GB --config=/etc/tikv/tikv.toml
root 139 0.0 0.0 4448 3596 pts/0 Ss 05:21 0:00 sh
root 145 0.0 0.0 4836 4060 pts/0 S 05:21 0:00 bash
root 179 0.0 0.0 7536 3440 pts/0 R+ 05:22 0:00 ps aux
root 180 0.0 0.0 3236 1216 pts/0 S+ 05:22 0:00 more