v5.2.2: Update TLS docs #7318
v5.2.2: Update TLS docs #7318
Conversation
Liuxiaozhen12
added
type/enhancement
|
[REVIEW NOTIFICATION] This pull request has been approved by:
To complete the pull request process, please ask the reviewers in the list to review by filling The full list of commands accepted by this bot can be found here. Reviewer can indicate their review by submitting an approval review. |
ti-chi-bot
added
the
size/M
|
/cc @s3nt3 |
|
@TomShawn: GitHub didn't allow me to request PR reviews from the following users: s3nt3. Note that only pingcap members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cc @s3nt3 Please help to tech review this PR translated from pingcap/docs#6323, thanks! |
| - 在启动 TiDB 时,至少需要在配置文件中同时指定 `ssl-cert` 和 `ssl-key` 参数,才能使 TiDB 服务端接受安全连接。还可以指定 `ssl-ca` 参数进行客户端身份验证(请参见[配置启用身份验证](#配置启用身份验证)章节)。 | ||
| - 参数指定的文件都为 PEM 格式。另外目前 TiDB 尚不支持加载有密码保护的私钥,因此必须提供一个没有密码的私钥文件。若提供的证书或私钥无效,则 TiDB 服务端将照常启动,但并不支持客户端加密连接到 TiDB 服务端。 | ||
| - 若证书参数无误,则 TiDB 在启动时将会输出 `secure connection is enabled`,否则 TiDB 会输出 `secure connection is NOT ENABLED`。 |
There was a problem hiding this comment.
I refined this part because I think the above information can all be considered as "advice". @TomShawn PTAL, thanks!
|
https://github.com/pingcap/docs-cn/pull/7318/files#diff-01451625e61643362bb7b8105d9cf6bd7fb3ef6fae5febf64a5b33ef7eca9d04R10 is not updated according to the docs PR. |
|
|
||
| 若证书参数无误,则 TiDB 在启动时将会输出 `secure connection is enabled`,否则 TiDB 会输出 `secure connection is NOT ENABLED`。 | ||
| > **注意:** | ||
| > 在 v5.2.0 版本之前,你可以使用 `mysql_ssl_rsa_setup --datadir=./certs` 生成证书。`mysql_ssal_rsa_setup` 工具是 MySQL 服务器的一部分。 |
There was a problem hiding this comment.
这里好像有一个拼写错误:应当将 mysql_ssal_rsa_setup 改为 mysql_ssl_rsa_setup。
There was a problem hiding this comment.
英文版已在 pingcap/docs#6655 中改正。
Co-authored-by: TomShawn <[email protected]>
Co-authored-by: TomShawn <[email protected]> Co-authored-by: Ding Zengxian <[email protected]>
fixed in cbfb220. Sorry, I thought the meaning is similar and I chose not to modify it before. |
ti-chi-bot
added
size/L
|
@Liuxiaozhen12 Once @s3nt3 approves this PR, please merge it on your own, including its cherry-pick PR, before the v5.2.2 release. Thanks! |
|
/remove-status LGT1 |
ti-chi-bot
added
status/LGT2
|
LGTM |
|
/merge |
|
This pull request has been accepted and is ready to merge. Commit hash: a30463d
|
ti-chi-bot
added
the
status/can-merge
|
/verify |
|
In response to a cherrypick label: new pull request created: #7329. |
Update TLS docs with:
TiDB 5.2.x additions
Remove the use of mysql_ssl_rsa_setup as this is replaced with AutoTLS
Add SSL Modes available in MySQL 8.0 client
First-time contributors' checklist
What is changed, added or deleted? (Required)
Which TiDB version(s) do your changes apply to? (Required)
Tips for choosing the affected version(s):
By default, CHOOSE MASTER ONLY so your changes will be applied to the next TiDB major or minor releases. If your PR involves a product feature behavior change or a compatibility change, CHOOSE THE AFFECTED RELEASE BRANCH(ES) AND MASTER.
For details, see tips for choosing the affected versions (in Chinese).
What is the related PR or file link(s)?
Do your changes match any of the following descriptions?