-
-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Secure clickhouse connections #6575
Conversation
…too" This reverts commit bbc3962.
@patsevanton still failing: https://github.com/getsentry/snuba/actions/runs/12053427269/job/33609672900?pr=6575#step:5:2161 ignore the CI failures on your PR |
@untitaker secure-clickhouse-connections-2 is not my branch. Can i change code in secure-clickhouse-connections-2 ? |
@patsevanton I am manually forwarding your commits to your branch, because we have an issue with CI that prevents third-party contributions from ever passing the testsuite. The test failure you linked is not because your code is wrong, it's because the CI runs on your branch lack a permission that we are not able to grant right now. It will take us a lot of time to fix this, so right now I'm working around it manually by maintaining that other PR. The test failure I linked occurs on both branches though. I suggest setting up the devenlopment environment locally, or trying to deploy your own |
@untitaker the command and the command
how do I run the merge request check locally? |
after building the image, you have to run it. I assume you have a snuba installation already where that is possible? right now it definitely crashes on first start, see https://github.com/getsentry/snuba/actions/runs/12053427269/job/33609672900?pr=6575#step:5:2161 |
@untitaker try commit 53a73be |
❌ 1 Tests Failed:
View the top 1 failed tests by shortest run time
To view more test analytics, go to the Test Analytics Dashboard |
@patsevanton that commit was already included, the test failure is from a different line. |
All checks have passed! |
@patsevanton can you please ensure that the resulting docker image works for your usecase (and test it) before we merge? i'll get this reviewed this week |
I need time. can you add a description to the pull request? I will write how I will test:
Modify this section docker-compose.yml
Modify this section .env
Run sentry
@untitaker Please change code:
to
|
I don't think this is a good idea. Then |
@untitaker if use |
What is the error message? |
@untitaker i don`t remember. I try reproduce later. |
@untitaker error with tested by image antonpatsev/secure-clickhouse-connections-2:1 |
@patsevanton then you're not setting the variable correctly. the code you want me to change to simply enables secure mode unconditionally, with no way to turn it off. |
@untitaker I think the code |
The return value of |
if you want to support CLICKHOUSE_SECURE=True and CLICKHOUSE_SECURE=1
|
@patsevanton you should now be able to iterate on your own PR #6459, as CI has been fixed to work for third-party contributions. Thanks for your patience. |
this pr is a mirror of #6459 due to issues with CI
Description
This pull request introduces SSL/TLS support for ClickHouse connections in the Snuba project. The changes include new CLI options for enabling secure connections, updates to the ClickhousePool and HTTPBatchWriter classes, and corresponding configuration options in settings and tests.
Changes Overview
CLI Options:
--clickhouse-secure
: If true, an encrypted connection will be used.--clickhouse-ca-certs
: An optional path to certificates directory.--clickhouse-verify
: Verify ClickHouse SSL cert.Class Updates:
ClickhousePool
,HTTPBatchWriter
, and other relevant classes to support SSL/TLS connections.Configuration:
Testing:
Detailed Changes
HTTPBatchWriter
to support SSL/TLS connections.ClickhousePool
to handle SSL/TLS parameters.ClickhouseCluster
to include SSL/TLS configuration.FakeClickhouseCluster
to include SSL/TLS parameters.Related Issues
Related Pull Requests:
Additional Notes
FYI @konstantin-popov
Thank you for reviewing this pull request!
Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. and is gonna need some rights from me in order to utilize my contributions in this here PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.