Bug Report
Please answer these questions before submitting your issue. Thanks!
1. What did you do?
The cluster had TLS enabled. After the cluster was deployed, the cluster name was renamed from tidb-prod-bak to tidb-bi. During a subsequent cluster upgrade, TiDB instances were shown as down.
Upon investigation, we found that after renaming the cluster, the TLS certificate files under the TiUP management directory were inconsistent with the TLS certificate files on the TiDB nodes, causing TLS handshake authentication failures between TiUP and TiDB instances.
The issue was resolved by manually replacing the TiUP TLS files with the TLS files from the TiDB nodes. After that, TiDB instance status returned to normal and the cluster upgrade completed successfully.
Steps to reproduce:
- Deploy a TiDB cluster with TLS enabled (cluster name:
tidb-prod-bak)
- Run
tiup cluster rename tidb-prod-bak tidb-bi to rename the cluster
- Run
tiup cluster upgrade tidb-bi <new-version> to upgrade the cluster
- Observe TiDB instance status during the upgrade
2. What did you expect to see?
After renaming the cluster, the TLS certificate files under the TiUP management directory should remain consistent with the TLS certificate files on the TiDB nodes. The cluster upgrade should proceed normally, and TiDB instances should show as healthy.
3. What did you see instead?
- TiDB instances were shown as
down during the upgrade process
- TLS handshake authentication failed due to certificate mismatch between TiUP and TiDB nodes
- Manual replacement of TiUP TLS files with TiDB node TLS files was required to restore normal operation
Open questions:
- What is the root cause of TLS certificate inconsistency after renaming a cluster?
- What is the correct procedure for renaming a TLS-enabled cluster? Is there any officially recommended workflow or documentation?
4. What version of TiUP are you using (tiup --version)?
Bug Report
Please answer these questions before submitting your issue. Thanks!
1. What did you do?
The cluster had TLS enabled. After the cluster was deployed, the cluster name was renamed from
tidb-prod-baktotidb-bi. During a subsequent cluster upgrade, TiDB instances were shown asdown.Upon investigation, we found that after renaming the cluster, the TLS certificate files under the TiUP management directory were inconsistent with the TLS certificate files on the TiDB nodes, causing TLS handshake authentication failures between TiUP and TiDB instances.
The issue was resolved by manually replacing the TiUP TLS files with the TLS files from the TiDB nodes. After that, TiDB instance status returned to normal and the cluster upgrade completed successfully.
Steps to reproduce:
tidb-prod-bak)tiup cluster rename tidb-prod-bak tidb-bito rename the clustertiup cluster upgrade tidb-bi <new-version>to upgrade the cluster2. What did you expect to see?
After renaming the cluster, the TLS certificate files under the TiUP management directory should remain consistent with the TLS certificate files on the TiDB nodes. The cluster upgrade should proceed normally, and TiDB instances should show as healthy.
3. What did you see instead?
downduring the upgrade processOpen questions:
4. What version of TiUP are you using (
tiup --version)?