// NewEtcdClient returns an *etcd.Client with a connection to named machines. func NewEtcdClient(machines []string, cert, key, caCert string, basicAuth bool, username string, password string) (*Client, error) { var c client.Client var kapi client.KeysAPI var err error var transport = &http.Transport{ Proxy: http.ProxyFromEnvironment, Dial: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).Dial, TLSHandshakeTimeout: 10 * time.Second, } tlsConfig := &tls.Config{ InsecureSkipVerify: false, } cfg := client.Config{ Endpoints: machines, HeaderTimeoutPerRequest: time.Duration(3) * time.Second, } if basicAuth { cfg.Username = username cfg.Password = password } if caCert != "" { certBytes, err := ioutil.ReadFile(caCert) if err != nil { return &Client{kapi}, err } caCertPool := x509.NewCertPool() ok := caCertPool.AppendCertsFromPEM(certBytes) if ok { tlsConfig.RootCAs = caCertPool } } if cert != "" && key != "" { tlsCert, err := tls.LoadX509KeyPair(cert, key) if err != nil { return &Client{kapi}, err } tlsConfig.Certificates = []tls.Certificate{tlsCert} } transport.TLSClientConfig = tlsConfig cfg.Transport = transport c, err = client.New(cfg) if err != nil { return &Client{kapi}, err } kapi = client.NewKeysAPI(c) return &Client{kapi}, nil }
// SetTLS sets the tls configuration given a tls.Config scheme func setTLS(cfg *etcd.Config, tls *tls.Config, addrs []string) { entries := store.CreateEndpoints(addrs, "https") cfg.Endpoints = entries // Set transport t := http.Transport{ Dial: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).Dial, TLSHandshakeTimeout: 10 * time.Second, TLSClientConfig: tls, } cfg.Transport = &t }
func NewRegistry(opts ...registry.Option) registry.Registry { config := etcd.Config{ Endpoints: []string{"http://127.0.0.1:2379"}, } var options registry.Options for _, o := range opts { o(&options) } if options.Timeout == 0 { options.Timeout = etcd.DefaultRequestTimeout } if options.Secure || options.TLSConfig != nil { tlsConfig := options.TLSConfig if tlsConfig == nil { tlsConfig = &tls.Config{ InsecureSkipVerify: true, } } // for InsecureSkipVerify t := &http.Transport{ Proxy: http.ProxyFromEnvironment, Dial: (&net.Dialer{ Timeout: 30 * time.Second, KeepAlive: 30 * time.Second, }).Dial, TLSHandshakeTimeout: 10 * time.Second, TLSClientConfig: tlsConfig, } runtime.SetFinalizer(&t, func(tr **http.Transport) { (*tr).CloseIdleConnections() }) config.Transport = t // default secure address config.Endpoints = []string{"https://127.0.0.1:2379"} } var cAddrs []string for _, addr := range options.Addrs { if len(addr) == 0 { continue } if options.Secure { // replace http:// with https:// if its there addr = strings.Replace(addr, "http://", "https://", 1) // has the prefix? no... ok add it if !strings.HasPrefix(addr, "https://") { addr = "https://" + addr } } cAddrs = append(cAddrs, addr) } // if we got addrs then we'll update if len(cAddrs) > 0 { config.Endpoints = cAddrs } c, _ := etcd.New(config) e := &etcdRegistry{ client: etcd.NewKeysAPI(c), options: options, } return e }