From 2a7d73e62ccbc3af25098f7e57bd5d8ab53e2c1e Mon Sep 17 00:00:00 2001 From: William Yang Date: Tue, 24 Oct 2023 21:19:37 +0200 Subject: [PATCH 1/2] ci: fix helm chart test --- .github/workflows/run_helm_tests.yaml | 4 ++++ deploy/charts/emqx-enterprise/templates/StatefulSet.yaml | 4 ++++ deploy/charts/emqx/templates/StatefulSet.yaml | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/.github/workflows/run_helm_tests.yaml b/.github/workflows/run_helm_tests.yaml index 5fc215f02..d449ea54d 100644 --- a/.github/workflows/run_helm_tests.yaml +++ b/.github/workflows/run_helm_tests.yaml @@ -76,6 +76,8 @@ jobs: EMQX_RPC__CACERTFILE: /opt/emqx/etc/certs/cacert.pem EMQX_RPC__CIPHERS: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256 EMQX_RPC__TLS_VERSIONS: "[tlsv1.3]" + EMQX_RPC__SSL_SERVER_PRT: 5370 + EMQX_RPC__PORT_DISCOVERY: manual EOL - name: Prepare emqxConfig.EMQX_RPC using ssl1.2 working-directory: source @@ -89,6 +91,8 @@ jobs: EMQX_RPC__CACERTFILE: /opt/emqx/etc/certs/cacert.pem EMQX_RPC__CIPHERS: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256 EMQX_RPC__TLS_VERSIONS: "[tlsv1.2]" + EMQX_RPC__SSL_SERVER_PRT: 5370 + EMQX_RPC__PORT_DISCOVERY: manual EOL - name: run emqx on chart (k8s) if: matrix.discovery == 'k8s' diff --git a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml index 7f909cc79..d884015b7 100644 --- a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml +++ b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml @@ -121,6 +121,10 @@ spec: {{- end }} - name: ekka containerPort: 4370 + - name: genrpc + containerPort: 5369 + - name: genrpc-ssl + containerPort: 5370 envFrom: - configMapRef: name: {{ include "emqx.fullname" . }}-env diff --git a/deploy/charts/emqx/templates/StatefulSet.yaml b/deploy/charts/emqx/templates/StatefulSet.yaml index 430260585..d14a78092 100644 --- a/deploy/charts/emqx/templates/StatefulSet.yaml +++ b/deploy/charts/emqx/templates/StatefulSet.yaml @@ -121,6 +121,10 @@ spec: {{- end }} - name: ekka containerPort: 4370 + - name: genrpc + containerPort: 5369 + - name: genrpc-ssl + containerPort: 5370 envFrom: - configMapRef: name: {{ include "emqx.fullname" . }}-env From 6346e0d28a8163af41110312b60fcd4fed88a713 Mon Sep 17 00:00:00 2001 From: William Yang Date: Tue, 24 Oct 2023 21:40:46 +0200 Subject: [PATCH 2/2] fix(gen_rpc): ssl client port align with server port --- .github/workflows/run_helm_tests.yaml | 3 --- apps/emqx_conf/src/emqx_conf_schema.erl | 4 ++++ changes/ce/fix-11813.en.md | 4 ++++ deploy/charts/emqx-enterprise/templates/StatefulSet.yaml | 4 ++-- deploy/charts/emqx/templates/StatefulSet.yaml | 4 ++-- 5 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 changes/ce/fix-11813.en.md diff --git a/.github/workflows/run_helm_tests.yaml b/.github/workflows/run_helm_tests.yaml index d449ea54d..bc4a7245f 100644 --- a/.github/workflows/run_helm_tests.yaml +++ b/.github/workflows/run_helm_tests.yaml @@ -76,8 +76,6 @@ jobs: EMQX_RPC__CACERTFILE: /opt/emqx/etc/certs/cacert.pem EMQX_RPC__CIPHERS: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256 EMQX_RPC__TLS_VERSIONS: "[tlsv1.3]" - EMQX_RPC__SSL_SERVER_PRT: 5370 - EMQX_RPC__PORT_DISCOVERY: manual EOL - name: Prepare emqxConfig.EMQX_RPC using ssl1.2 working-directory: source @@ -91,7 +89,6 @@ jobs: EMQX_RPC__CACERTFILE: /opt/emqx/etc/certs/cacert.pem EMQX_RPC__CIPHERS: TLS_AES_256_GCM_SHA384,TLS_AES_128_GCM_SHA256 EMQX_RPC__TLS_VERSIONS: "[tlsv1.2]" - EMQX_RPC__SSL_SERVER_PRT: 5370 EMQX_RPC__PORT_DISCOVERY: manual EOL - name: run emqx on chart (k8s) diff --git a/apps/emqx_conf/src/emqx_conf_schema.erl b/apps/emqx_conf/src/emqx_conf_schema.erl index 382d25de1..e5c78c784 100644 --- a/apps/emqx_conf/src/emqx_conf_schema.erl +++ b/apps/emqx_conf/src/emqx_conf_schema.erl @@ -1151,6 +1151,7 @@ translation("emqx") -> translation("gen_rpc") -> [ {"default_client_driver", fun tr_gen_rpc_default_client_driver/1}, + {"ssl_client_port", fun tr_gen_rpc_ssl_client_port/1}, {"ssl_client_options", fun tr_gen_rpc_ssl_options/1}, {"ssl_server_options", fun tr_gen_rpc_ssl_options/1}, {"socket_ip", fun(Conf) -> @@ -1226,6 +1227,9 @@ collector_enabled(disabled, _) -> []. tr_gen_rpc_default_client_driver(Conf) -> conf_get("rpc.protocol", Conf). +tr_gen_rpc_ssl_client_port(Conf) -> + conf_get("rpc.ssl_server_port", Conf). + tr_gen_rpc_ssl_options(Conf) -> Ciphers = conf_get("rpc.ciphers", Conf), Versions = conf_get("rpc.tls_versions", Conf), diff --git a/changes/ce/fix-11813.en.md b/changes/ce/fix-11813.en.md new file mode 100644 index 000000000..f82671feb --- /dev/null +++ b/changes/ce/fix-11813.en.md @@ -0,0 +1,4 @@ +Fix schema: RPC client ssl port alighn with configured server port. +And ensure RPC ports are opened in helm chart. + + diff --git a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml index d884015b7..0e2e90fd8 100644 --- a/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml +++ b/deploy/charts/emqx-enterprise/templates/StatefulSet.yaml @@ -121,9 +121,9 @@ spec: {{- end }} - name: ekka containerPort: 4370 - - name: genrpc + - name: genrpc-manual containerPort: 5369 - - name: genrpc-ssl + - name: genrpc2-auto containerPort: 5370 envFrom: - configMapRef: diff --git a/deploy/charts/emqx/templates/StatefulSet.yaml b/deploy/charts/emqx/templates/StatefulSet.yaml index d14a78092..9ec19cbf3 100644 --- a/deploy/charts/emqx/templates/StatefulSet.yaml +++ b/deploy/charts/emqx/templates/StatefulSet.yaml @@ -121,9 +121,9 @@ spec: {{- end }} - name: ekka containerPort: 4370 - - name: genrpc + - name: genrpc-manual containerPort: 5369 - - name: genrpc-ssl + - name: genrpc2-auto containerPort: 5370 envFrom: - configMapRef: