// NewEtcdClient returns an *etcd.Client with a connection to named machines.
func NewEtcdClient(machines []string, cert, key, caCert string, basicAuth bool, username string, password string) (*Client, error) {
var c client.Client
var kapi client.KeysAPI
var err error
var transport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
}
tlsConfig := &tls.Config{
InsecureSkipVerify: false,
}
cfg := client.Config{
Endpoints: machines,
HeaderTimeoutPerRequest: time.Duration(3) * time.Second,
}
if basicAuth {
cfg.Username = username
cfg.Password = password
}
if caCert != "" {
certBytes, err := ioutil.ReadFile(caCert)
if err != nil {
return &Client{kapi}, err
}
caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM(certBytes)
if ok {
tlsConfig.RootCAs = caCertPool
}
}
if cert != "" && key != "" {
tlsCert, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
return &Client{kapi}, err
}
tlsConfig.Certificates = []tls.Certificate{tlsCert}
}
transport.TLSClientConfig = tlsConfig
cfg.Transport = transport
c, err = client.New(cfg)
if err != nil {
return &Client{kapi}, err
}
kapi = client.NewKeysAPI(c)
return &Client{kapi}, nil
}
// SetTLS sets the tls configuration given a tls.Config scheme
func setTLS(cfg *etcd.Config, tls *tls.Config, addrs []string) {
entries := store.CreateEndpoints(addrs, "https")
cfg.Endpoints = entries
// Set transport
t := http.Transport{
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: tls,
}
cfg.Transport = &t
}
func NewRegistry(opts ...registry.Option) registry.Registry {
config := etcd.Config{
Endpoints: []string{"http://127.0.0.1:2379"},
}
var options registry.Options
for _, o := range opts {
o(&options)
}
if options.Timeout == 0 {
options.Timeout = etcd.DefaultRequestTimeout
}
if options.Secure || options.TLSConfig != nil {
tlsConfig := options.TLSConfig
if tlsConfig == nil {
tlsConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
// for InsecureSkipVerify
t := &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: tlsConfig,
}
runtime.SetFinalizer(&t, func(tr **http.Transport) {
(*tr).CloseIdleConnections()
})
config.Transport = t
// default secure address
config.Endpoints = []string{"https://127.0.0.1:2379"}
}
var cAddrs []string
for _, addr := range options.Addrs {
if len(addr) == 0 {
continue
}
if options.Secure {
// replace http:// with https:// if its there
addr = strings.Replace(addr, "http://", "https://", 1)
// has the prefix? no... ok add it
if !strings.HasPrefix(addr, "https://") {
addr = "https://" + addr
}
}
cAddrs = append(cAddrs, addr)
}
// if we got addrs then we'll update
if len(cAddrs) > 0 {
config.Endpoints = cAddrs
}
c, _ := etcd.New(config)
e := &etcdRegistry{
client: etcd.NewKeysAPI(c),
options: options,
}
return e
}
