func MakeNewEtcdKApi(params *EtcdConnectionParams) (client.KeysAPI, error) {
eps, err := getEndpoints(params)
if err != nil {
return nil, err
}
tr, err := getTransport(params)
if err != nil {
return nil, err
}
cfg := client.Config{
Transport: tr,
Endpoints: eps,
HeaderTimeoutPerRequest: params.RequestTimeout,
}
if params.Username != "" {
cfg.Username = params.Username
cfg.Password = params.Password
}
etcdClient, err := client.New(cfg)
if err != nil {
return nil, err
}
return client.NewKeysAPI(etcdClient), nil
}
func etcdFactory(conf map[string]string) (Client, error) {
path, ok := conf["path"]
if !ok {
return nil, fmt.Errorf("missing 'path' configuration")
}
endpoints, ok := conf["endpoints"]
if !ok || endpoints == "" {
return nil, fmt.Errorf("missing 'endpoints' configuration")
}
config := etcdapi.Config{
Endpoints: strings.Split(endpoints, " "),
}
if username, ok := conf["username"]; ok && username != "" {
config.Username = username
}
if password, ok := conf["password"]; ok && password != "" {
config.Password = password
}
client, err := etcdapi.New(config)
if err != nil {
return nil, err
}
return &EtcdClient{
Client: client,
Path: path,
}, nil
}
// NewEtcdClient returns an *etcd.Client with a connection to named machines.
func NewEtcdClient(machines []string, cert, key, caCert string, basicAuth bool, username string, password string) (*Client, error) {
var c client.Client
var kapi client.KeysAPI
var err error
var transport = &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
}
tlsConfig := &tls.Config{
InsecureSkipVerify: false,
}
cfg := client.Config{
Endpoints: machines,
HeaderTimeoutPerRequest: time.Duration(3) * time.Second,
}
if basicAuth {
cfg.Username = username
cfg.Password = password
}
if caCert != "" {
certBytes, err := ioutil.ReadFile(caCert)
if err != nil {
return &Client{kapi}, err
}
caCertPool := x509.NewCertPool()
ok := caCertPool.AppendCertsFromPEM(certBytes)
if ok {
tlsConfig.RootCAs = caCertPool
}
}
if cert != "" && key != "" {
tlsCert, err := tls.LoadX509KeyPair(cert, key)
if err != nil {
return &Client{kapi}, err
}
tlsConfig.Certificates = []tls.Certificate{tlsCert}
}
transport.TLSClientConfig = tlsConfig
cfg.Transport = transport
c, err = client.New(cfg)
if err != nil {
return &Client{kapi}, err
}
kapi = client.NewKeysAPI(c)
return &Client{kapi}, nil
}
// NewEtcdConfig creates a new service discovery backend for etcd
func NewEtcdConfig(config map[string]interface{}) Etcd {
etcd := Etcd{
Prefix: "/containerbuddy",
}
etcdConfig := client.Config{}
switch endpoints := config["endpoints"].(type) {
case string:
etcdConfig.Endpoints = []string{endpoints}
case []string:
etcdConfig.Endpoints = endpoints
default:
log.Fatal("Must provide etcd endpoints")
}
prefix, ok := config["prefix"].(string)
if ok {
etcd.Prefix = prefix
}
etcdClient, err := client.New(etcdConfig)
if err != nil {
log.Fatal(err)
}
etcd.Client = etcdClient
etcd.API = client.NewKeysAPI(etcdClient)
return etcd
}
func newClient(c *cli.Context) (client.Client, error) {
eps, err := getEndpoints(c)
if err != nil {
return nil, err
}
tr, err := getTransport(c)
if err != nil {
return nil, err
}
cfg := client.Config{
Transport: tr,
Endpoints: eps,
HeaderTimeoutPerRequest: c.GlobalDuration("timeout"),
}
uFlag := c.GlobalString("username")
if uFlag != "" {
username, password, err := getUsernamePasswordFromFlag(uFlag)
if err != nil {
return nil, err
}
cfg.Username = username
cfg.Password = password
}
return client.New(cfg)
}
func mustNewClient(c *cli.Context) client.Client {
eps, err := getEndpoints(c)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
tr, err := getTransport(c)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
cfg := client.Config{
Transport: tr,
Endpoints: eps,
HeaderTimeoutPerRequest: c.GlobalDuration("timeout"),
}
uFlag := c.GlobalString("username")
if uFlag != "" {
username, password, err := getUsernamePasswordFromFlag(uFlag)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
cfg.Username = username
cfg.Password = password
}
hc, err := client.New(cfg)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
if !c.GlobalBool("no-sync") {
ctx, cancel := context.WithTimeout(context.Background(), client.DefaultRequestTimeout)
err := hc.Sync(ctx)
cancel()
if err != nil {
handleError(ExitServerError, err)
os.Exit(1)
}
}
if c.GlobalBool("debug") {
fmt.Fprintf(os.Stderr, "Cluster-Endpoints: %s\n", strings.Join(hc.Endpoints(), ", "))
client.EnablecURLDebug()
}
return hc
}
// SetTLS sets the tls configuration given a tls.Config scheme
func setTLS(cfg *etcd.Config, tls *tls.Config, addrs []string) {
entries := store.CreateEndpoints(addrs, "https")
cfg.Endpoints = entries
// Set transport
t := http.Transport{
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: tls,
}
cfg.Transport = &t
}
func (e *Etcd) Init() error {
config := client.Config{
Endpoints: Machines(),
}
if uname != "" {
config.Username = uname
if upass != "" {
config.Password = upass
} else {
return errors.New("Etcd username provided but no password")
}
}
cl, err := client.New(config)
if err != nil {
return err
}
e.KeysAPI = client.NewKeysAPI(cl)
return nil
}
func etcdConfigFromFlags(c *cli.Context) etcdclient.Config {
eFlag := c.GlobalString("endpoint")
uFlag := c.GlobalString("username")
pFlag := c.GlobalString("password")
tFlag := c.GlobalDuration("timeout")
cfg := etcdclient.Config{
Endpoints: strings.Split(eFlag, ","),
Transport: etcdclient.DefaultTransport,
HeaderTimeoutPerRequest: tFlag,
}
if uFlag != "" && pFlag != "" {
cfg.Username = uFlag
cfg.Password = pFlag
}
return cfg
}
// NewEtcdConfig creates a new service discovery backend for etcd
func NewEtcdConfig(raw interface{}) (*Etcd, error) {
etcd := &Etcd{
Prefix: "/containerpilot",
}
var config etcdRawConfig
etcdConfig := client.Config{}
if err := utils.DecodeRaw(raw, &config); err != nil {
return nil, err
}
etcdConfig.Endpoints = parseEndpoints(config.Endpoints)
if config.Prefix != "" {
etcd.Prefix = config.Prefix
}
etcdClient, err := client.New(etcdConfig)
if err != nil {
return nil, err
}
etcd.Client = etcdClient
etcd.API = client.NewKeysAPI(etcdClient)
return etcd, nil
}
func newClient(e Etcdtool) client.Client {
cfg := client.Config{
Transport: newTransport(e),
Endpoints: strings.Split(e.Peers, ","),
HeaderTimeoutPerRequest: e.Timeout,
}
if e.User != "" {
cfg.Username = e.User
var err error
cfg.Password, err = speakeasy.Ask("Password: ")
if err != nil {
fatal(err.Error())
}
}
cl, err := client.New(cfg)
if err != nil {
fatal(err.Error())
}
return cl
}
func mustNewClient(c *cli.Context) client.Client {
eps, err := getEndpoints(c)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
tr, err := getTransport(c)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
cfg := client.Config{
Transport: tr,
Endpoints: eps,
}
uFlag := c.GlobalString("username")
if uFlag != "" {
username, password, err := getUsernamePasswordFromFlag(uFlag)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
cfg.Username = username
cfg.Password = password
}
hc, err := client.New(cfg)
if err != nil {
fmt.Fprintln(os.Stderr, err.Error())
os.Exit(1)
}
return hc
}
// newEtcdBackend constructs a etcd backend using a given machine address.
func newEtcdBackend(conf map[string]string) (Backend, error) {
// Get the etcd path form the configuration.
path, ok := conf["path"]
if !ok {
path = "/vault"
}
// Ensure path is prefixed.
if !strings.HasPrefix(path, "/") {
path = "/" + path
}
// Set a default machines list and check for an overriding address value.
machines := "http://128.0.0.1:2379"
if address, ok := conf["address"]; ok {
machines = address
}
machinesParsed := strings.Split(machines, EtcdMachineDelimiter)
// Verify that the machines are valid URLs
for _, machine := range machinesParsed {
u, urlErr := url.Parse(machine)
if urlErr != nil || u.Scheme == "" {
return nil, EtcdAddressError
}
}
// Create a new client from the supplied address and attempt to sync with the
// cluster.
var cTransport client.CancelableTransport
cert, hasCert := conf["tls_cert_file"]
key, hasKey := conf["tls_key_file"]
ca, hasCa := conf["tls_ca_file"]
if (hasCert && hasKey) || hasCa {
var transportErr error
tls := transport.TLSInfo{
CAFile: ca,
CertFile: cert,
KeyFile: key,
}
cTransport, transportErr = transport.NewTransport(tls, 30*time.Second)
if transportErr != nil {
return nil, transportErr
}
} else {
cTransport = client.DefaultTransport
}
cfg := client.Config{
Endpoints: machinesParsed,
Transport: cTransport,
}
// Set credentials.
username := os.Getenv("ETCD_USERNAME")
if username == "" {
username, _ = conf["username"]
}
password := os.Getenv("ETCD_PASSWORD")
if password == "" {
password, _ = conf["password"]
}
if username != "" && password != "" {
cfg.Username = username
cfg.Password = password
}
c, err := client.New(cfg)
if err != nil {
return nil, err
}
// Should we sync the cluster state? There are three available options
// for our client library: don't sync (required for some proxies), sync
// once, or sync periodically with AutoSync. We currently support the
// first two.
sync, ok := conf["sync"]
if !ok {
sync = "yes"
}
switch sync {
case "yes", "true", "y", "1":
ctx, cancel := context.WithTimeout(context.Background(), client.DefaultRequestTimeout)
syncErr := c.Sync(ctx)
cancel()
if syncErr != nil {
return nil, fmt.Errorf("%s: %s", EtcdSyncClusterError, syncErr)
}
case "no", "false", "n", "0":
default:
return nil, fmt.Errorf("value of 'sync' could not be understood")
}
kAPI := client.NewKeysAPI(c)
// Setup the backend.
return &EtcdBackend{
path: path,
kAPI: kAPI,
permitPool: NewPermitPool(DefaultParallelOperations),
}, nil
}
func NewRegistry(opts ...registry.Option) registry.Registry {
config := etcd.Config{
Endpoints: []string{"http://127.0.0.1:2379"},
}
var options registry.Options
for _, o := range opts {
o(&options)
}
if options.Timeout == 0 {
options.Timeout = etcd.DefaultRequestTimeout
}
if options.Secure || options.TLSConfig != nil {
tlsConfig := options.TLSConfig
if tlsConfig == nil {
tlsConfig = &tls.Config{
InsecureSkipVerify: true,
}
}
// for InsecureSkipVerify
t := &http.Transport{
Proxy: http.ProxyFromEnvironment,
Dial: (&net.Dialer{
Timeout: 30 * time.Second,
KeepAlive: 30 * time.Second,
}).Dial,
TLSHandshakeTimeout: 10 * time.Second,
TLSClientConfig: tlsConfig,
}
runtime.SetFinalizer(&t, func(tr **http.Transport) {
(*tr).CloseIdleConnections()
})
config.Transport = t
// default secure address
config.Endpoints = []string{"https://127.0.0.1:2379"}
}
var cAddrs []string
for _, addr := range options.Addrs {
if len(addr) == 0 {
continue
}
if options.Secure {
// replace http:// with https:// if its there
addr = strings.Replace(addr, "http://", "https://", 1)
// has the prefix? no... ok add it
if !strings.HasPrefix(addr, "https://") {
addr = "https://" + addr
}
}
cAddrs = append(cAddrs, addr)
}
// if we got addrs then we'll update
if len(cAddrs) > 0 {
config.Endpoints = cAddrs
}
c, _ := etcd.New(config)
e := &etcdRegistry{
client: etcd.NewKeysAPI(c),
options: options,
}
return e
}
// setTimeout sets the timeout used for connecting to the store
func setTimeout(cfg *etcd.Config, time time.Duration) {
cfg.HeaderTimeoutPerRequest = time
}
// setCredentials sets the username/password credentials for connecting to Etcd
func setCredentials(cfg *etcd.Config, username, password string) {
cfg.Username = username
cfg.Password = password
}
// newEtcdBackend constructs a etcd backend using a given machine address.
func newEtcdBackend(conf map[string]string) (Backend, error) {
// Get the etcd path form the configuration.
path, ok := conf["path"]
if !ok {
path = "/vault"
}
// Ensure path is prefixed.
if !strings.HasPrefix(path, "/") {
path = "/" + path
}
// Set a default machines list and check for an overriding address value.
machines := "http://128.0.0.1:2379"
if address, ok := conf["address"]; ok {
machines = address
}
machinesParsed := strings.Split(machines, EtcdMachineDelimiter)
// Verify that the machines are valid URLs
for _, machine := range machinesParsed {
u, urlErr := url.Parse(machine)
if urlErr != nil || u.Scheme == "" {
return nil, EtcdAddressError
}
}
// Create a new client from the supplied address and attempt to sync with the
// cluster.
var cTransport client.CancelableTransport
cert, hasCert := conf["tls_cert_file"]
key, hasKey := conf["tls_key_file"]
ca, hasCa := conf["tls_ca_file"]
if (hasCert && hasKey) || hasCa {
var transportErr error
tls := transport.TLSInfo{
CAFile: ca,
CertFile: cert,
KeyFile: key,
}
cTransport, transportErr = transport.NewTransport(tls, 30*time.Second)
if transportErr != nil {
return nil, transportErr
}
} else {
cTransport = client.DefaultTransport
}
cfg := client.Config{
Endpoints: machinesParsed,
Transport: cTransport,
}
// Set credentials.
username := os.Getenv("ETCD_USERNAME")
if username == "" {
username, _ = conf["username"]
}
password := os.Getenv("ETCD_PASSWORD")
if password == "" {
password, _ = conf["password"]
}
if username != "" && password != "" {
cfg.Username = username
cfg.Password = password
}
c, err := client.New(cfg)
if err != nil {
return nil, err
}
ctx, cancel := context.WithTimeout(context.Background(), client.DefaultRequestTimeout)
syncErr := c.Sync(ctx)
cancel()
if syncErr != nil {
return nil, EtcdSyncClusterError
}
kAPI := client.NewKeysAPI(c)
// Setup the backend.
return &EtcdBackend{
path: path,
kAPI: kAPI,
permitPool: NewPermitPool(DefaultParallelOperations),
}, nil
}
