DM 开启 TLS 后 TiUP 状态显示异常

🌞 建议反馈 产品缺陷
1

如图所示,本来还以为是配置 TLS 异常,导致集群没起来。多次排查以后,发现是因为 TiUP 没使用TLS 导致的状态显示失败。

image
image3230×1860 450 KB

2

tiup dm display 也没有证书相关参数

tidb@dev-tidb-db-e01:~/dm-cert-files$ tiup dm display --help
Starting component dm: /home/tidb/.tiup/components/dm/v1.16.0/tiup-dm display --help
Display information of a DM cluster

Usage:
  tiup dm display <cluster-name> [flags]

Flags:
  -h, --help                  help for display
  -N, --node strings          Only display specified nodes
  -R, --role strings          Only display specified roles
      --status-timeout uint   Timeout in seconds when getting node status (default 10)
      --uptime                Display DM with uptime
      --version               Only display DM cluster version

Global Flags:
  -c, --concurrency int     max number of parallel tasks allowed (default 5)
      --format string       (EXPERIMENTAL) The format of output, available values are [default, json] (default "default")
      --ssh string          The executor type: 'builtin', 'system', 'none'
      --ssh-timeout uint    Timeout in seconds to connect host via SSH, ignored for operations that don't need an SSH connection. (default 5)
      --wait-timeout uint   Timeout in seconds to wait for an operation to complete, ignored for operations that don't fit. (default 120)
  -y, --yes                 Skip all confirmations and assumes 'yes'
3

最好是把 tiup cluster tls 也集成到 dm 上,这样配置就可以自动化了。

tidb@dev-tidb-db-e01:~/dm-cert-files$ tiup cluster tls --help
Enable/Disable TLS between TiDB components

Usage:
  tiup cluster tls <cluster-name> <enable/disable> [flags]

Flags:
      --clean-certificate    Cleanup the certificate file if it already exists when tls disable
      --force                Force enable/disable tls regardless of the current state
  -h, --help                 help for tls
      --reload-certificate   Load the certificate file whether it exists or not when tls enable

Global Flags:
  -c, --concurrency int     max number of parallel tasks allowed (default 5)
      --format string       (EXPERIMENTAL) The format of output, available values are [default, json] (default "default")
      --ssh string          (EXPERIMENTAL) The executor type: 'builtin', 'system', 'none'.
      --ssh-timeout uint    Timeout in seconds to connect host via SSH, ignored for operations that don't need an SSH connection. (default 5)
      --wait-timeout uint   Timeout in seconds to wait for an operation to complete, ignored for operations that don't fit. (default 120)
  -y, --yes                 Skip all confirmations and assumes 'yes'
tidb@dev-tidb-db-e01:~/dm-cert-files$
4

收到,建议已反馈