Skip to content

feat: reloadable tls client config #7230

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat: reloadable tls client config #7230

wants to merge 9 commits into from
+411 −118

Conversation

@shuiyisong
Copy link
Contributor

@shuiyisong shuiyisong commented Nov 14, 2025
edited
Loading

I hereby agree to the terms of the GreptimeDB CLA.

Refer to a related PR or issue link (optional)

What's changed and what's your intention?

This patch introduces the ability for channel_manager to use a re-loadable client TLS config to automatically reload the TLS files when changed.
The ReloadableTlsServerConfig is now extracted into reloadable_tls for reuse.

PR Checklist

Please convert it to a draft if some of the following conditions are not met.

  • I have written the necessary rustdoc comments.
  • I have added the necessary unit tests and integration tests.
  • This PR requires documentation updates.
  • API changes are backward compatible.
  • Schema or data changes are backward compatible.

@github-actions github-actions bot added size/M docs-not-required This change does not impact docs. labels Nov 14, 2025
@shuiyisong shuiyisong force-pushed the feat/reload_tls_in_gRPC_client branch from caf3366 to cfcf157 Compare November 17, 2025 06:58
@shuiyisong shuiyisong marked this pull request as ready for review November 17, 2025 06:58
@shuiyisong shuiyisong requested review from a team, waynexia and zhongzc as code owners November 17, 2025 06:58
@evenyag evenyag requested review from MichaelScofield and removed request for zhongzc November 18, 2025 06:49
@fengys1996 fengys1996 self-requested a review November 18, 2025 07:40
MichaelScofield
MichaelScofield reviewed Nov 19, 2025
View reviewed changes
src/servers/src/tls.rs
pub fn maybe_watch_server_tls_config(
tls_server_config: Arc<ReloadableTlsServerConfig>,
) -> Result<()> {
common_grpc::reloadable_tls::maybe_watch_tls_config(tls_server_config, || {}).map_err(|e| {
Copy link
Collaborator

@MichaelScofield MichaelScofield Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If server TLS config is changed, do we need to proactively close all connected client channels?

Copy link
Contributor Author

@shuiyisong shuiyisong Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The newly request would be served using the new TLS config in MySQL and PG, but the connected/alive connection stays unaffected. What do you think, should we actively close the connection to force refresh TLS change? @sunng87

@shuiyisong shuiyisong requested a review from discord9 as a code owner November 19, 2025 03:32
fengys1996
fengys1996 reviewed Nov 19, 2025
View reviewed changes
src/common/grpc/src/reloadable_tls.rs
info!("Spawning background task for watching TLS cert/key file changes");
std::thread::spawn(move || {
let _watcher = watcher;
while let Ok(res) = rx.recv() {
Copy link
Contributor

@fengys1996 fengys1996 Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Should we ignore the error here? Or add log

@shuiyisong shuiyisong force-pushed the feat/reload_tls_in_gRPC_client branch from bfdaeda to 1e60e34 Compare November 20, 2025 06:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MichaelScofield MichaelScofield MichaelScofield left review comments

@fengys1996 fengys1996 fengys1996 left review comments

@waynexia waynexia Awaiting requested review from waynexia waynexia is a code owner

@discord9 discord9 Awaiting requested review from discord9 discord9 is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

docs-not-required This change does not impact docs. size/M

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@shuiyisong @MichaelScofield @fengys1996