最好是把 tiup cluster tls 也集成到 dm 上,这样配置就可以自动化了。
tidb@dev-tidb-db-e01:~/dm-cert-files$ tiup cluster tls --help
Enable/Disable TLS between TiDB components
Usage:
tiup cluster tls <cluster-name> <enable/disable> [flags]
Flags:
--clean-certificate Cleanup the certificate file if it already exists when tls disable
--force Force enable/disable tls regardless of the current state
-h, --help help for tls
--reload-certificate Load the certificate file whether it exists or not when tls enable
Global Flags:
-c, --concurrency int max number of parallel tasks allowed (default 5)
--format string (EXPERIMENTAL) The format of output, available values are [default, json] (default "default")
--ssh string (EXPERIMENTAL) The executor type: 'builtin', 'system', 'none'.
--ssh-timeout uint Timeout in seconds to connect host via SSH, ignored for operations that don't need an SSH connection. (default 5)
--wait-timeout uint Timeout in seconds to wait for an operation to complete, ignored for operations that don't fit. (default 120)
-y, --yes Skip all confirmations and assumes 'yes'
tidb@dev-tidb-db-e01:~/dm-cert-files$