func (f *Factory) New(uri *url.URL) bridge.RegistryAdapter {
urls := make([]string, 0)
if len(uri.Path) < 2 {
log.Fatal("skydns2: dns domain required e.g.: skydns2://<host>/<domain>")
}
tlskey := os.Getenv("ETCD_TLSKEY")
tlspem := os.Getenv("ETCD_TLSPEM")
cacert := os.Getenv("ETCD_CACERT")
var client *etcd.Client
// Assuming https
if cacert != "" {
urls = append(urls, "https://"+uri.Host)
// Assuming Client authentication if tlskey and tlspem is set
if tlskey != "" && tlspem != "" {
var err error
if client, err = etcd.NewTLSClient(urls, tlspem, tlskey, cacert); err != nil {
log.Fatalf("skydns2: failure to connect: %s", err)
}
} else {
client = etcd.NewClient(urls)
ca, err := ioutil.ReadFile(cacert)
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(ca)
tr := &http.Transport{
TLSClientConfig: &tls.Config{RootCAs: caCertPool},
DisableCompression: true,
}
client.SetTransport(tr)
}
} else {
urls = append(urls, "http://"+uri.Host)
client = etcd.NewClient(urls)
}
return &Skydns2Adapter{client: client, path: domainPath(uri.Path[1:])}
}
func initializeEtcdStoreClient(logger lager.Logger, etcdOptions *etcddb.ETCDOptions) etcddb.StoreClient {
var etcdClient *etcdclient.Client
var tr *http.Transport
if etcdOptions.IsSSL {
if etcdOptions.CertFile == "" || etcdOptions.KeyFile == "" {
logger.Fatal("failed-to-construct-etcd-tls-client", errors.New("Require both cert and key path"))
}
var err error
etcdClient, err = etcdclient.NewTLSClient(etcdOptions.ClusterUrls, etcdOptions.CertFile, etcdOptions.KeyFile, etcdOptions.CAFile)
if err != nil {
logger.Fatal("failed-to-construct-etcd-tls-client", err)
}
tlsCert, err := tls.LoadX509KeyPair(etcdOptions.CertFile, etcdOptions.KeyFile)
if err != nil {
logger.Fatal("failed-to-construct-etcd-tls-client", err)
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{tlsCert},
InsecureSkipVerify: true,
ClientSessionCache: tls.NewLRUClientSessionCache(etcdOptions.ClientSessionCacheSize),
}
tr = &http.Transport{
TLSClientConfig: tlsConfig,
Dial: etcdClient.DefaultDial,
MaxIdleConnsPerHost: etcdOptions.MaxIdleConnsPerHost,
}
etcdClient.SetTransport(tr)
etcdClient.AddRootCA(etcdOptions.CAFile)
} else {
etcdClient = etcdclient.NewClient(etcdOptions.ClusterUrls)
}
etcdClient.SetConsistency(etcdclient.STRONG_CONSISTENCY)
return etcddb.NewStoreClient(etcdClient)
}
func initializeEtcdClient(etcdOptions *ETCDOptions) *etcd.Client {
var etcdClient *etcd.Client
var tr *http.Transport
if etcdOptions.IsSSL {
if etcdOptions.CertFile == "" || etcdOptions.KeyFile == "" {
panic(errors.New("Require both cert and key path"))
}
var err error
etcdClient, err = etcd.NewTLSClient(etcdOptions.ClusterUrls, etcdOptions.CertFile, etcdOptions.KeyFile, etcdOptions.CAFile)
if err != nil {
panic(err)
}
tlsCert, err := tls.LoadX509KeyPair(etcdOptions.CertFile, etcdOptions.KeyFile)
if err != nil {
panic(err)
}
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{tlsCert},
InsecureSkipVerify: true,
ClientSessionCache: tls.NewLRUClientSessionCache(etcdOptions.ClientSessionCacheSize),
}
tr = &http.Transport{
TLSClientConfig: tlsConfig,
Dial: etcdClient.DefaultDial,
MaxIdleConnsPerHost: etcdOptions.MaxIdleConnsPerHost,
}
etcdClient.SetTransport(tr)
} else {
etcdClient = etcd.NewClient(etcdOptions.ClusterUrls)
}
etcdClient.SetConsistency(etcd.STRONG_CONSISTENCY)
return etcdClient
}