[CP] sql nio support ssl and open by default on master

src/observer/mysql/obsm_conn_callback.cpp

@@ -92,14 +92,15 @@ static int sm_conn_build_handshake(ObSMConnection& conn, obmysql::OMPKHandshake&
   int ret = OB_SUCCESS;
   RLOCAL(common::ObMysqlRandom, thread_scramble_rand);
   hsp.set_thread_id(conn.sessid_);
-  hsp.set_ssl_cap(false);
+  const bool support_ssl = GCONF.ssl_client_authentication;
+  hsp.set_ssl_cap(support_ssl);
   const int64_t BUF_LEN = sizeof(conn.scramble_buf_);
   if (OB_FAIL(create_scramble_string(conn.scramble_buf_, BUF_LEN, thread_scramble_rand))) {
     LOG_WARN("create scramble string failed", K(ret));
   } else if (OB_FAIL(hsp.set_scramble(conn.scramble_buf_, BUF_LEN))) {
     LOG_WARN("set scramble failed", K(ret));
   } else {
-    LOG_INFO("new mysql sessid created", K(conn.sessid_));
+    LOG_INFO("new mysql sessid created", K(conn.sessid_), K(support_ssl));
   }
   return ret;
 }

src/observer/ob_srv_network_frame.cpp

@@ -21,6 +21,7 @@
 #include "observer/ob_server_struct.h"
 #include "observer/ob_rpc_intrusion_detect.h"
 #include "storage/ob_locality_manager.h"
+#include "lib/ssl/ob_ssl_config.h"
 #include <sys/types.h>
 #include <sys/stat.h>
 #include "storage/ob_locality_manager.h"
@@ -366,6 +367,16 @@ int ObSrvNetworkFrame::reload_ssl_config()
           last_ssl_info_hash_ = new_hash_value;
           LOG_INFO("finish reload_ssl_config", K(use_bkmi), K(use_bkmi), K(use_sm),
                    "ssl_key_expired_time", GCTX.ssl_key_expired_time_, K(new_hash_value));
+          if (OB_SUCC(ret)) {
+            if (enable_new_sql_nio()) {
+              common::ObSSLConfig ssl_config(!use_bkmi, use_sm, ca_cert, public_cert, private_key, NULL, NULL);
+              if (OB_FAIL(ob_ssl_load_config(OB_SSL_CTX_ID_SQL_NIO, ssl_config))) {
+                LOG_WARN("create ssl ctx failed!", K(ret));
+              } else {
+                LOG_INFO("create ssl ctx success!", K(use_bkmi), K(use_sm));
+              }
+            }
+          }
         }
       }
     }

src/share/parameter/ob_parameter_seed.ipp

@@ -1253,7 +1253,7 @@ DEF_TIME(ob_query_switch_leader_retry_timeout, OB_TENANT_PARAMETER, "0ms", "[0ms
 DEF_BOOL(default_enable_extended_rowid, OB_TENANT_PARAMETER, "false",
          "specifies whether to create table as extended rowid mode or not",
          ObParameterAttr(Section::OBSERVER, Source::DEFAULT, EditLevel::DYNAMIC_EFFECTIVE));
-DEF_BOOL(_enable_new_sql_nio, OB_CLUSTER_PARAMETER, "false",
+DEF_BOOL(_enable_new_sql_nio, OB_CLUSTER_PARAMETER, "true",
 "specifies whether SQL serial network is turned on. Turned on to support mysql_send_long_data"
 "The default value is FALSE. Value: TRUE: turned on FALSE: turned off",
 ObParameterAttr(Section::OBSERVER, Source::DEFAULT, EditLevel::STATIC_EFFECTIVE));

src/sql/engine/cmd/ob_alter_system_executor.cpp

@@ -37,6 +37,7 @@
 #include "observer/omt/ob_tenant.h" //ObTenant
 #include "rootserver/freeze/ob_major_freeze_helper.h" //ObMajorFreezeHelper
 #include "share/ob_primary_standby_service.h" // ObPrimaryStandbyService
+#include "rpc/obmysql/ob_sql_sock_session.h"
 namespace oceanbase
 {
 using namespace common;
@@ -1573,13 +1574,8 @@ int ObChangeTenantExecutor::execute(ObExecContext &ctx, ObChangeTenantStmt &stmt
   } else {
     // switch connection
     if (OB_SUCC(ret)) {
-      rpc::ObSqlSockDesc& sock_desc = session_info->get_sock_desc();
-      easy_connection_t* easy_conn = nullptr;
       observer::ObSMConnection* conn = nullptr;
-      if (OB_ISNULL((easy_conn = static_cast<easy_connection_t*>(sock_desc.sock_desc_)))) {
-        ret = OB_ERR_UNEXPECTED;
-        LOG_WARN("sock_desc is null", KR(ret), KPC(session_info));
-      } else if (OB_ISNULL(conn = static_cast<observer::ObSMConnection*>(easy_conn->user_data))) {
+      if (OB_ISNULL(conn = session_info->get_sm_connection())) {
         ret = OB_ERR_UNEXPECTED;
         LOG_WARN("connection is null", KR(ret), KPC(session_info));
       } else {

src/sql/session/ob_basic_session_info.cpp

@@ -36,6 +36,7 @@
 #include "share/rc/ob_tenant_base.h"
 #include "pl/sys_package/ob_dbms_sql.h"
 #include "pl/ob_pl_package_state.h"
+#include "rpc/obmysql/ob_sql_sock_session.h"
 
 using namespace oceanbase::common;
 using namespace oceanbase::share;
@@ -5816,5 +5817,29 @@ void ObBasicSessionInfo::on_revert_session()
                                 K(sessid_), "backtrace", lbt());
 }
 
+observer::ObSMConnection *ObBasicSessionInfo::get_sm_connection()
+{
+  observer::ObSMConnection *conn = nullptr;
+  rpc::ObSqlSockDesc &sock_desc = thread_data_.sock_desc_;
+  if (rpc::ObRequest::TRANSPORT_PROTO_EASY == sock_desc.type_) {
+    easy_connection_t* easy_conn = nullptr;
+    if (OB_ISNULL((easy_conn = static_cast<easy_connection_t *>(sock_desc.sock_desc_)))) {
+      LOG_ERROR("easy sock_desc is null");
+    } else {
+      conn = static_cast<observer::ObSMConnection*>(easy_conn->user_data);
+    }
+  } else if (rpc::ObRequest::TRANSPORT_PROTO_POC == sock_desc.type_) {
+    obmysql::ObSqlSockSession *sess = nullptr;
+    if (OB_ISNULL(sess = static_cast<obmysql::ObSqlSockSession *>(sock_desc.sock_desc_))) {
+      LOG_ERROR("sql nio sock_desc is null");
+    } else {
+      conn = &sess->conn_;
+    }
+  }
+    else {
+    LOG_ERROR("invalid sock_desc type", K(sock_desc.type_));
+  }
+  return conn;
+}
 }//end of namespace sql
 }//end of namespace oceanbase

src/sql/session/ob_basic_session_info.h

@@ -47,6 +47,9 @@
 
 namespace oceanbase
 {
+namespace observer {
+class ObSMConnection;
+}
 using sql::FLTControlInfo;
 namespace sql
 {
@@ -683,7 +686,7 @@ public:
   const common::ObString &get_user_at_host() const { return thread_data_.user_at_host_name_;}
   const common::ObString &get_user_at_client_ip() const { return thread_data_.user_at_client_ip_;}
   rpc::ObSqlSockDesc& get_sock_desc() { return thread_data_.sock_desc_;}
-
+  observer::ObSMConnection *get_sm_connection();
   void set_peer_addr(common::ObAddr peer_addr)
   {
     LockGuard lock_guard(thread_data_mutex_);