-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: handle ssl only scylla cluster setup #4114
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
VAveryanov8
commented
Nov 15, 2024
VAveryanov8
force-pushed
the
va/fix-only-ssl-cluster-setup
branch
from
November 15, 2024 11:38
72dc0d5
to
378d7b8
Compare
VAveryanov8
requested review from
karol-kokoszka and
Michal-Leszczynski
as code owners
November 15, 2024 12:36
This adds SSL_ENABLED flag to Makefile, so that when you run SSL_ENABLED=true make start-dev-env the scylla cluster will be created with ssl_only config.
This fixes how SM decides which port to use when connecting to Scylla nodes.
VAveryanov8
force-pushed
the
va/fix-only-ssl-cluster-setup
branch
from
November 18, 2024 08:13
378d7b8
to
7b7e591
Compare
Michal-Leszczynski
requested changes
Nov 19, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice work!
This replaces CQLAddr and CQLSSLAddr with one function which returns correct cql addr depending on cluster configuration. Also backup worker is modified a little bit to get cluster configuration with tls related info.
This uses yq to delete non ssl port from scylla.yaml config and also merges it with scylla-ssl.yaml which contains requried parameters to enable ssl in scylla cluster.
Co-authored-by: karol-kokoszka <[email protected]>
This enables ssl only scylla cluster for the most of our integration tests in ci. This also fixes cqlping test so it supports a scylla cluster with ssl.
This changes the signature of SessionConfigOption so that SingleHostSession func can be simplified when Scylla cluster uses SSL.
This adds ssl related configuration options to cqlping integration tests config when ssl is enabled.
This adds ssl support to repair integartion test case that uses cqlping
This refactor some parts of the tests that are using SSL_ENABLED env var.
This fixes how restore integration tests handle old Scylla versions: old versions require a restart after schema restoration. To ensure Scylla is up and running, the tests perform a CQL ping, which should be initialized correctly when SSL is enabled.
Michal-Leszczynski
approved these changes
Nov 21, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The SSL setup (both locally and on gh actions) will be really useful, thanks!
Michal-Leszczynski
pushed a commit
that referenced
this pull request
Dec 10, 2024
* fix: adds SSL_ENABLED flag to start scylla cluster in ssl only mode This adds SSL_ENABLED flag to Makefile, so that when you run SSL_ENABLED=true make start-dev-env the scylla cluster will be created with ssl_only config. * fix: handle ssl only scylla clusters This fixes how SM decides which port to use when connecting to Scylla nodes. * fix: CQLAddr provides ssl or non-ssl addr depending on cluster conf. This replaces CQLAddr and CQLSSLAddr with one function which returns correct cql addr depending on cluster configuration. Also backup worker is modified a little bit to get cluster configuration with tls related info. * fix(Makefile): use yq to produce scylla config with ssl enabled This uses yq to delete non ssl port from scylla.yaml config and also merges it with scylla-ssl.yaml which contains requried parameters to enable ssl in scylla cluster. * fix: typo in testing/scylla/config/scylla-ssl.yaml Co-authored-by: karol-kokoszka <[email protected]> * fix(test): use scylla cluster with SSL for integration tests This enables ssl only scylla cluster for the most of our integration tests in ci. This also fixes cqlping test so it supports a scylla cluster with ssl. * fix(cluster): simplifies SingleHostSessionOption when dealing with SSL This changes the signature of SessionConfigOption so that SingleHostSession func can be simplified when Scylla cluster uses SSL. * fix(test): adds ssl support to cqlping integration tests This adds ssl related configuration options to cqlping integration tests config when ssl is enabled. * fix(test): adds ssl support to repair integration test This adds ssl support to repair integartion test case that uses cqlping * fix(test): adds ssl support to healthcheck integration tests * fix(test): unifies how SSL_ENABLED is used in testconfig * fix(ci): adds missing ssl-enabled option for a one entry in ci config * refactor: moves parsing of SSL_ENABLED env var to the testconfig pkg This refactor some parts of the tests that are using SSL_ENABLED env var. * fix(test): use cqlping with ssl for the restore test of old scylla ver This fixes how restore integration tests handle old Scylla versions: old versions require a restart after schema restoration. To ensure Scylla is up and running, the tests perform a CQL ping, which should be initialized correctly when SSL is enabled. --------- Co-authored-by: karol-kokoszka <[email protected]> (cherry picked from commit 75fb75c)
Michal-Leszczynski
pushed a commit
that referenced
this pull request
Dec 10, 2024
* fix: adds SSL_ENABLED flag to start scylla cluster in ssl only mode This adds SSL_ENABLED flag to Makefile, so that when you run SSL_ENABLED=true make start-dev-env the scylla cluster will be created with ssl_only config. * fix: handle ssl only scylla clusters This fixes how SM decides which port to use when connecting to Scylla nodes. * fix: CQLAddr provides ssl or non-ssl addr depending on cluster conf. This replaces CQLAddr and CQLSSLAddr with one function which returns correct cql addr depending on cluster configuration. Also backup worker is modified a little bit to get cluster configuration with tls related info. * fix(Makefile): use yq to produce scylla config with ssl enabled This uses yq to delete non ssl port from scylla.yaml config and also merges it with scylla-ssl.yaml which contains requried parameters to enable ssl in scylla cluster. * fix: typo in testing/scylla/config/scylla-ssl.yaml Co-authored-by: karol-kokoszka <[email protected]> * fix(test): use scylla cluster with SSL for integration tests This enables ssl only scylla cluster for the most of our integration tests in ci. This also fixes cqlping test so it supports a scylla cluster with ssl. * fix(cluster): simplifies SingleHostSessionOption when dealing with SSL This changes the signature of SessionConfigOption so that SingleHostSession func can be simplified when Scylla cluster uses SSL. * fix(test): adds ssl support to cqlping integration tests This adds ssl related configuration options to cqlping integration tests config when ssl is enabled. * fix(test): adds ssl support to repair integration test This adds ssl support to repair integartion test case that uses cqlping * fix(test): adds ssl support to healthcheck integration tests * fix(test): unifies how SSL_ENABLED is used in testconfig * fix(ci): adds missing ssl-enabled option for a one entry in ci config * refactor: moves parsing of SSL_ENABLED env var to the testconfig pkg This refactor some parts of the tests that are using SSL_ENABLED env var. * fix(test): use cqlping with ssl for the restore test of old scylla ver This fixes how restore integration tests handle old Scylla versions: old versions require a restart after schema restoration. To ensure Scylla is up and running, the tests perform a CQL ping, which should be initialized correctly when SSL is enabled. --------- Co-authored-by: karol-kokoszka <[email protected]> (cherry picked from commit 75fb75c)
Michal-Leszczynski
pushed a commit
that referenced
this pull request
Dec 11, 2024
* fix: adds SSL_ENABLED flag to start scylla cluster in ssl only mode This adds SSL_ENABLED flag to Makefile, so that when you run SSL_ENABLED=true make start-dev-env the scylla cluster will be created with ssl_only config. * fix: handle ssl only scylla clusters This fixes how SM decides which port to use when connecting to Scylla nodes. * fix: CQLAddr provides ssl or non-ssl addr depending on cluster conf. This replaces CQLAddr and CQLSSLAddr with one function which returns correct cql addr depending on cluster configuration. Also backup worker is modified a little bit to get cluster configuration with tls related info. * fix(Makefile): use yq to produce scylla config with ssl enabled This uses yq to delete non ssl port from scylla.yaml config and also merges it with scylla-ssl.yaml which contains requried parameters to enable ssl in scylla cluster. * fix: typo in testing/scylla/config/scylla-ssl.yaml Co-authored-by: karol-kokoszka <[email protected]> * fix(test): use scylla cluster with SSL for integration tests This enables ssl only scylla cluster for the most of our integration tests in ci. This also fixes cqlping test so it supports a scylla cluster with ssl. * fix(cluster): simplifies SingleHostSessionOption when dealing with SSL This changes the signature of SessionConfigOption so that SingleHostSession func can be simplified when Scylla cluster uses SSL. * fix(test): adds ssl support to cqlping integration tests This adds ssl related configuration options to cqlping integration tests config when ssl is enabled. * fix(test): adds ssl support to repair integration test This adds ssl support to repair integartion test case that uses cqlping * fix(test): adds ssl support to healthcheck integration tests * fix(test): unifies how SSL_ENABLED is used in testconfig * fix(ci): adds missing ssl-enabled option for a one entry in ci config * refactor: moves parsing of SSL_ENABLED env var to the testconfig pkg This refactor some parts of the tests that are using SSL_ENABLED env var. * fix(test): use cqlping with ssl for the restore test of old scylla ver This fixes how restore integration tests handle old Scylla versions: old versions require a restart after schema restoration. To ensure Scylla is up and running, the tests perform a CQL ping, which should be initialized correctly when SSL is enabled. --------- Co-authored-by: karol-kokoszka <[email protected]> (cherry picked from commit 75fb75c)
Michal-Leszczynski
pushed a commit
that referenced
this pull request
Dec 11, 2024
* fix: adds SSL_ENABLED flag to start scylla cluster in ssl only mode This adds SSL_ENABLED flag to Makefile, so that when you run SSL_ENABLED=true make start-dev-env the scylla cluster will be created with ssl_only config. * fix: handle ssl only scylla clusters This fixes how SM decides which port to use when connecting to Scylla nodes. * fix: CQLAddr provides ssl or non-ssl addr depending on cluster conf. This replaces CQLAddr and CQLSSLAddr with one function which returns correct cql addr depending on cluster configuration. Also backup worker is modified a little bit to get cluster configuration with tls related info. * fix(Makefile): use yq to produce scylla config with ssl enabled This uses yq to delete non ssl port from scylla.yaml config and also merges it with scylla-ssl.yaml which contains requried parameters to enable ssl in scylla cluster. * fix: typo in testing/scylla/config/scylla-ssl.yaml Co-authored-by: karol-kokoszka <[email protected]> * fix(test): use scylla cluster with SSL for integration tests This enables ssl only scylla cluster for the most of our integration tests in ci. This also fixes cqlping test so it supports a scylla cluster with ssl. * fix(cluster): simplifies SingleHostSessionOption when dealing with SSL This changes the signature of SessionConfigOption so that SingleHostSession func can be simplified when Scylla cluster uses SSL. * fix(test): adds ssl support to cqlping integration tests This adds ssl related configuration options to cqlping integration tests config when ssl is enabled. * fix(test): adds ssl support to repair integration test This adds ssl support to repair integartion test case that uses cqlping * fix(test): adds ssl support to healthcheck integration tests * fix(test): unifies how SSL_ENABLED is used in testconfig * fix(ci): adds missing ssl-enabled option for a one entry in ci config * refactor: moves parsing of SSL_ENABLED env var to the testconfig pkg This refactor some parts of the tests that are using SSL_ENABLED env var. * fix(test): use cqlping with ssl for the restore test of old scylla ver This fixes how restore integration tests handle old Scylla versions: old versions require a restart after schema restoration. To ensure Scylla is up and running, the tests perform a CQL ping, which should be initialized correctly when SSL is enabled. --------- Co-authored-by: karol-kokoszka <[email protected]> (cherry picked from commit 75fb75c)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes how SM decides which port to use when connecting to Scylla
nodes.
Also adds SSL_ENABLED flag to Makefile, so that when you run
SSL_ENABLED=true make start-dev-env the scylla cluster will be created
with ssl_only config.
Fixes #4079
Please make sure that: