Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

api: add tls opts for listen field #28

Merged
merged 3 commits into from
Dec 27, 2024
Merged

api: add tls opts for listen field #28

merged 3 commits into from
Dec 27, 2024

Conversation

themilchenko
Copy link
Contributor

Since metrics-export-role support listen parameter, it is neccessary to add tls opts for it. After the patch the following options ssl_* were added. See an example as well:

roles: [roles.metrics-export]
roles_cfg:
  roles.metrics-export:
    http:
    - listen: 8081
      ssl_key_file: "ssl_data/server.enc.key"
      ssl_cert_file: "ssl_data/server.crt"
      ssl_ca_file: "ssl_data/ca.crt"
      ssl_ciphers: "ECDHE-RSA-AES256-GCM-SHA384"
      ssl_password_file: "ssl_data/passwords"
      endpoints:
      - path: /metrics/json
        format: json
      - path: /metrics/prometheus/
        format: prometheus

Closes #26

@themilchenko
rockspec: bump http to 1.7.0
ca7e4f8 
Since `http` module support tls, we need to update its dependency here.

Part of #26
@themilchenko themilchenko force-pushed the themilchenko/gh-26-add-tls-support branch 2 times, most recently from 9f829f1 to cb0de5d Compare December 26, 2024 08:14
@themilchenko themilchenko marked this pull request as ready for review December 26, 2024 08:58
oleg-jukovec
oleg-jukovec reviewed Dec 26, 2024
View reviewed changes
.github/workflows/testing.yaml Show resolved Hide resolved
test/unit/validate_test.lua Show resolved Hide resolved
test/integration/role_test.lua Outdated Show resolved Hide resolved
@themilchenko themilchenko force-pushed the themilchenko/gh-26-add-tls-support branch 2 times, most recently from b73f56b to 94aaf7f Compare December 26, 2024 17:42
oleg-jukovec
oleg-jukovec reviewed Dec 26, 2024
View reviewed changes
Copy link
Contributor

@oleg-jukovec oleg-jukovec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, add a test here too:

https://github.com/tarantool/metrics-export-role/blob/master/test/unit/http_test.lua

@themilchenko themilchenko force-pushed the themilchenko/gh-26-add-tls-support branch from 94aaf7f to ecc7883 Compare December 26, 2024 18:49
@themilchenko
Copy link
Contributor Author

Please, add a test here too:

https://github.com/tarantool/metrics-export-role/blob/master/test/unit/http_test.lua

Added.

@themilchenko themilchenko force-pushed the themilchenko/gh-26-add-tls-support branch from ecc7883 to 61aa51a Compare December 26, 2024 18:53
oleg-jukovec
oleg-jukovec reviewed Dec 27, 2024
View reviewed changes
roles/metrics-export.lua Outdated Show resolved Hide resolved
test/unit/http_test.lua Outdated Show resolved Hide resolved
test/unit/http_test.lua Outdated Show resolved Hide resolved
test/unit/http_test.lua Outdated Show resolved Hide resolved
test/unit/http_test.lua Outdated Show resolved Hide resolved
@themilchenko themilchenko force-pushed the themilchenko/gh-26-add-tls-support branch from 61aa51a to ea2932c Compare December 27, 2024 10:31
@themilchenko
api: add tls opts for listen field
642aa0a 
Since `metrics-export-role` support `listen` parameter, it is neccessary
to add tls opts for it. After the patch the following options `ssl_*`
were added. See an example as well:

```yaml
roles: [roles.metrics-export]
roles_cfg:
  roles.metrics-export:
    http:
    - listen: 8081
      ssl_key_file: "ssl_data/server.enc.key"
      ssl_cert_file: "ssl_data/server.crt"
      ssl_ca_file: "ssl_data/ca.crt"
      ssl_ciphers: "ECDHE-RSA-AES256-GCM-SHA384"
      ssl_password_file: "ssl_data/passwords"
      endpoints:
      - path: /metrics/json
        format: json
      - path: /metrics/prometheus/
        format: prometheus
```

Closes #26
@themilchenko
ci: build tarantool dynamically
a1e6fea 
TLS doesn't work without tarantool built dynamically. After the patch
build was changed in ci.
@themilchenko themilchenko force-pushed the themilchenko/gh-26-add-tls-support branch from ea2932c to a1e6fea Compare December 27, 2024 10:32
@themilchenko themilchenko merged commit 4f7b890 into master Dec 27, 2024
5 checks passed
@themilchenko themilchenko deleted the themilchenko/gh-26-add-tls-support branch December 27, 2024 11:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DerekBum DerekBum DerekBum approved these changes

@oleg-jukovec oleg-jukovec oleg-jukovec approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

roles: add TLS support
3 participants
@themilchenko @oleg-jukovec @DerekBum