Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: handle ssl only scylla cluster setup #4114

Merged
merged 14 commits into from
Nov 22, 2024
Merged

fix: handle ssl only scylla cluster setup #4114

merged 14 commits into from
Nov 22, 2024

Conversation

VAveryanov8
Copy link
Collaborator

This fixes how SM decides which port to use when connecting to Scylla
nodes.
Also adds SSL_ENABLED flag to Makefile, so that when you run
SSL_ENABLED=true make start-dev-env the scylla cluster will be created
with ssl_only config.

Fixes #4079

Please make sure that:

  • Code is split to commits that address a single change
  • Commit messages are informative
  • Commit titles have module prefix
  • Commit titles have issue nr. suffix

@VAveryanov8 VAveryanov8 marked this pull request as ready for review November 15, 2024 12:36
@VAveryanov8
fix: adds SSL_ENABLED flag to start scylla cluster in ssl only mode
2572685 
This adds SSL_ENABLED flag to Makefile, so that when you run
SSL_ENABLED=true make start-dev-env the scylla cluster will be created
with ssl_only config.
@VAveryanov8
fix: handle ssl only scylla clusters
7b7e591 
This fixes how SM decides which port to use when connecting to Scylla
nodes.
Michal-Leszczynski
Michal-Leszczynski requested changes Nov 19, 2024
View reviewed changes
Copy link
Collaborator

@Michal-Leszczynski Michal-Leszczynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

testing/scylla/config/scylla-ssl.yaml Outdated Show resolved Hide resolved
README.md Show resolved Hide resolved
pkg/service/cluster/service.go Outdated Show resolved Hide resolved
pkg/service/cluster/service.go Outdated Show resolved Hide resolved
pkg/service/cluster/service.go Outdated Show resolved Hide resolved
@VAveryanov8
fix: CQLAddr provides ssl or non-ssl addr depending on cluster conf.
9d47e77 
This replaces CQLAddr and CQLSSLAddr with one function which returns
correct cql addr depending on cluster configuration.
Also backup worker is modified a little bit to get cluster configuration
with tls related info.
@VAveryanov8
fix(Makefile): use yq to produce scylla config with ssl enabled
735d689 
This uses yq to delete non ssl port from scylla.yaml config and
also merges it with scylla-ssl.yaml which contains requried parameters
to enable ssl in scylla cluster.
@VAveryanov8 @karol-kokoszka
fix: typo in testing/scylla/config/scylla-ssl.yaml
f821fcc 
Co-authored-by: karol-kokoszka <50329145+karol-kokoszka@users.noreply.github.com>
@VAveryanov8
fix(test): use scylla cluster with SSL for integration tests
461ef99 
This enables ssl only scylla cluster for the most of our integration tests
in ci.
This also fixes cqlping test so it supports a scylla cluster
with ssl.
@VAveryanov8
fix(cluster): simplifies SingleHostSessionOption when dealing with SSL
62eb540 
This changes the signature of SessionConfigOption so that SingleHostSession func
can be simplified when Scylla cluster uses SSL.
@VAveryanov8
fix(test): adds ssl support to cqlping integration tests
87cdcc0 
This adds ssl related configuration options to cqlping integration tests config when ssl
is enabled.
@VAveryanov8
fix(test): adds ssl support to repair integration test
a3124d8 
This adds ssl support to repair integartion test case that uses cqlping
@VAveryanov8
fix(test): adds ssl support to healthcheck integration tests
22412df
@VAveryanov8
fix(test): unifies how SSL_ENABLED is used in testconfig
6895803
@VAveryanov8
fix(ci): adds missing ssl-enabled option for a one entry in ci config
53889e0
@VAveryanov8
refactor: moves parsing of SSL_ENABLED env var to the testconfig pkg
83690f9 
This refactor some parts of the tests that are using SSL_ENABLED env var.
@VAveryanov8
fix(test): use cqlping with ssl for the restore test of old scylla ver
63edf64 
This fixes how restore integration tests handle old Scylla versions: old versions require a restart after schema restoration.
To ensure Scylla is up and running, the tests perform a CQL ping, which should be initialized correctly when SSL is enabled.
Michal-Leszczynski
Michal-Leszczynski approved these changes Nov 21, 2024
View reviewed changes
Copy link
Collaborator

@Michal-Leszczynski Michal-Leszczynski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The SSL setup (both locally and on gh actions) will be really useful, thanks!

@VAveryanov8 VAveryanov8 merged commit 75fb75c into master Nov 22, 2024
51 checks passed
@VAveryanov8 VAveryanov8 deleted the va/fix-only-ssl-cluster-setup branch November 22, 2024 08:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@karol-kokoszka karol-kokoszka karol-kokoszka left review comments

@Michal-Leszczynski Michal-Leszczynski Michal-Leszczynski approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Scylla Manager, under certain condition, is unable to use only SSL port (9142) to restore data
3 participants
@VAveryanov8 @karol-kokoszka @Michal-Leszczynski