-
Notifications
You must be signed in to change notification settings - Fork 926
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Include TLS information into INFO command output #3292
Comments
@moredure is this on Redis/Valkey as well ? |
I do not think so that Valkey displays this. @moredure can you provide more details on how you want to use this feature? |
Yeap, just for manual inspection, to check that TLS is up to date or have expected common name, etc without using openssl or any advanced tools |
I've not seen it there |
@romange @kostasrim |
@moredure what does it mean to have a proper common name? |
I've meant to be able to see certificate CN/SAN, etc |
@Lakshyadevelops the SSL context is initialized inside CreateSslServerCntx (dragonfly_listener.cc) but I do not know how to fetch the certificate details from it - some learnings are required to complete the task. |
So I looked into it. Using openssl I can easily get all the info. My plan is to get the certificate location using I tried first to generate a tls key and certificate for the server but I got Is there any guide to generating tls keys correctly? I could only find this https://www.dragonflydb.io/docs/managing-dragonfly/using-tls |
@Lakshyadevelops I don't like first approach because of we might fetch not currently used certificates (no tls reload issued yet, but files/symlink was updated) To generate cert/key you can search for |
I would also like to understand what does not work in https://www.dragonflydb.io/docs/managing-dragonfly/using-tls and fix it. Can you please provide exact sequence of how you create certificates and how you run dragonfly (what arguments)? |
actually this doc is not very good for local development. so yeah, better use locally generated certificates.
|
Thanks for this insight @moredure. Agreed we should choose the second approach btw it was an example of what not to do and we are choosing it 😂. btw how do we issue TLS reload ? I could not find any relevant command in dragonflydb docs. Also I am not familiar with how clusters in K8 manage certificates. Ik they are using dragonfly-operator but how it exactly updates certificates is still unclear. And would this approach work here I am not sure. |
|
Describe the solution you'd like
Include server TLS certificate information such as name, expiration date, issue date into server section of INFO output
The text was updated successfully, but these errors were encountered: