func (f *Factory) New(uri *url.URL) bridge.RegistryAdapter { urls := make([]string, 0) if len(uri.Path) < 2 { log.Fatal("skydns2: dns domain required e.g.: skydns2://<host>/<domain>") } tlskey := os.Getenv("ETCD_TLSKEY") tlspem := os.Getenv("ETCD_TLSPEM") cacert := os.Getenv("ETCD_CACERT") var client *etcd.Client // Assuming https if cacert != "" { urls = append(urls, "https://"+uri.Host) // Assuming Client authentication if tlskey and tlspem is set if tlskey != "" && tlspem != "" { var err error if client, err = etcd.NewTLSClient(urls, tlspem, tlskey, cacert); err != nil { log.Fatalf("skydns2: failure to connect: %s", err) } } else { client = etcd.NewClient(urls) ca, err := ioutil.ReadFile(cacert) if err != nil { log.Fatal(err) } caCertPool := x509.NewCertPool() caCertPool.AppendCertsFromPEM(ca) tr := &http.Transport{ TLSClientConfig: &tls.Config{RootCAs: caCertPool}, DisableCompression: true, } client.SetTransport(tr) } } else { urls = append(urls, "http://"+uri.Host) client = etcd.NewClient(urls) } return &Skydns2Adapter{client: client, path: domainPath(uri.Path[1:])} }
func initializeEtcdStoreClient(logger lager.Logger, etcdOptions *etcddb.ETCDOptions) etcddb.StoreClient { var etcdClient *etcdclient.Client var tr *http.Transport if etcdOptions.IsSSL { if etcdOptions.CertFile == "" || etcdOptions.KeyFile == "" { logger.Fatal("failed-to-construct-etcd-tls-client", errors.New("Require both cert and key path")) } var err error etcdClient, err = etcdclient.NewTLSClient(etcdOptions.ClusterUrls, etcdOptions.CertFile, etcdOptions.KeyFile, etcdOptions.CAFile) if err != nil { logger.Fatal("failed-to-construct-etcd-tls-client", err) } tlsCert, err := tls.LoadX509KeyPair(etcdOptions.CertFile, etcdOptions.KeyFile) if err != nil { logger.Fatal("failed-to-construct-etcd-tls-client", err) } tlsConfig := &tls.Config{ Certificates: []tls.Certificate{tlsCert}, InsecureSkipVerify: true, ClientSessionCache: tls.NewLRUClientSessionCache(etcdOptions.ClientSessionCacheSize), } tr = &http.Transport{ TLSClientConfig: tlsConfig, Dial: etcdClient.DefaultDial, MaxIdleConnsPerHost: etcdOptions.MaxIdleConnsPerHost, } etcdClient.SetTransport(tr) etcdClient.AddRootCA(etcdOptions.CAFile) } else { etcdClient = etcdclient.NewClient(etcdOptions.ClusterUrls) } etcdClient.SetConsistency(etcdclient.STRONG_CONSISTENCY) return etcddb.NewStoreClient(etcdClient) }
func initializeEtcdClient(etcdOptions *ETCDOptions) *etcd.Client { var etcdClient *etcd.Client var tr *http.Transport if etcdOptions.IsSSL { if etcdOptions.CertFile == "" || etcdOptions.KeyFile == "" { panic(errors.New("Require both cert and key path")) } var err error etcdClient, err = etcd.NewTLSClient(etcdOptions.ClusterUrls, etcdOptions.CertFile, etcdOptions.KeyFile, etcdOptions.CAFile) if err != nil { panic(err) } tlsCert, err := tls.LoadX509KeyPair(etcdOptions.CertFile, etcdOptions.KeyFile) if err != nil { panic(err) } tlsConfig := &tls.Config{ Certificates: []tls.Certificate{tlsCert}, InsecureSkipVerify: true, ClientSessionCache: tls.NewLRUClientSessionCache(etcdOptions.ClientSessionCacheSize), } tr = &http.Transport{ TLSClientConfig: tlsConfig, Dial: etcdClient.DefaultDial, MaxIdleConnsPerHost: etcdOptions.MaxIdleConnsPerHost, } etcdClient.SetTransport(tr) } else { etcdClient = etcd.NewClient(etcdOptions.ClusterUrls) } etcdClient.SetConsistency(etcd.STRONG_CONSISTENCY) return etcdClient }