mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
embed: remove capnslog (#11592)
This commit is contained in:
Jingyi Hu
GitHub
parent
a924600700
commit
74d5ba5777
@ -15,7 +15,6 @@
|
|||||||
package embed
|
package embed
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/tls"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"net"
|
"net"
|
||||||
@ -408,19 +407,6 @@ func NewConfig() *Config {
|
|||||||
return cfg
|
return cfg
|
||||||
}
|
}
|
||||||
|
|
||||||
func logTLSHandshakeFailure(conn *tls.Conn, err error) {
|
|
||||||
state := conn.ConnectionState()
|
|
||||||
remoteAddr := conn.RemoteAddr().String()
|
|
||||||
serverName := state.ServerName
|
|
||||||
if len(state.PeerCertificates) > 0 {
|
|
||||||
cert := state.PeerCertificates[0]
|
|
||||||
ips, dns := cert.IPAddresses, cert.DNSNames
|
|
||||||
plog.Infof("rejected connection from %q (error %q, ServerName %q, IPAddresses %q, DNSNames %q)", remoteAddr, err.Error(), serverName, ips, dns)
|
|
||||||
} else {
|
|
||||||
plog.Infof("rejected connection from %q (error %q, ServerName %q)", remoteAddr, err.Error(), serverName)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
func ConfigFromFile(path string) (*Config, error) {
|
func ConfigFromFile(path string) (*Config, error) {
|
||||||
cfg := &configYAML{Config: *NewConfig()}
|
cfg := &configYAML{Config: *NewConfig()}
|
||||||
if err := cfg.configFromFile(path); err != nil {
|
if err := cfg.configFromFile(path); err != nil {
|
||||||
@ -618,19 +604,11 @@ func (cfg *Config) PeerURLsMapAndToken(which string) (urlsmap types.URLsMap, tok
|
|||||||
clusterStrs, cerr := cfg.GetDNSClusterNames()
|
clusterStrs, cerr := cfg.GetDNSClusterNames()
|
||||||
lg := cfg.logger
|
lg := cfg.logger
|
||||||
if cerr != nil {
|
if cerr != nil {
|
||||||
if lg != nil {
|
|
||||||
lg.Warn("failed to resolve during SRV discovery", zap.Error(cerr))
|
lg.Warn("failed to resolve during SRV discovery", zap.Error(cerr))
|
||||||
} else {
|
|
||||||
plog.Errorf("couldn't resolve during SRV discovery (%v)", cerr)
|
|
||||||
}
|
|
||||||
return nil, "", cerr
|
return nil, "", cerr
|
||||||
}
|
}
|
||||||
for _, s := range clusterStrs {
|
for _, s := range clusterStrs {
|
||||||
if lg != nil {
|
|
||||||
lg.Info("got bootstrap from DNS for etcd-server", zap.String("node", s))
|
lg.Info("got bootstrap from DNS for etcd-server", zap.String("node", s))
|
||||||
} else {
|
|
||||||
plog.Noticef("got bootstrap from DNS for etcd-server at %s", s)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
clusterStr := strings.Join(clusterStrs, ",")
|
clusterStr := strings.Join(clusterStrs, ",")
|
||||||
if strings.Contains(clusterStr, "https://") && cfg.PeerTLSInfo.TrustedCAFile == "" {
|
if strings.Contains(clusterStr, "https://") && cfg.PeerTLSInfo.TrustedCAFile == "" {
|
||||||
@ -671,7 +649,6 @@ func (cfg *Config) GetDNSClusterNames() ([]string, error) {
|
|||||||
if cerr != nil {
|
if cerr != nil {
|
||||||
clusterStrs = make([]string, 0)
|
clusterStrs = make([]string, 0)
|
||||||
}
|
}
|
||||||
if lg != nil {
|
|
||||||
lg.Info(
|
lg.Info(
|
||||||
"get cluster for etcd-server-ssl SRV",
|
"get cluster for etcd-server-ssl SRV",
|
||||||
zap.String("service-scheme", "https"),
|
zap.String("service-scheme", "https"),
|
||||||
@ -682,13 +659,11 @@ func (cfg *Config) GetDNSClusterNames() ([]string, error) {
|
|||||||
zap.Strings("found-cluster", clusterStrs),
|
zap.Strings("found-cluster", clusterStrs),
|
||||||
zap.Error(cerr),
|
zap.Error(cerr),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
|
|
||||||
defaultHTTPClusterStrs, httpCerr := srv.GetCluster("http", "etcd-server"+serviceNameSuffix, cfg.Name, cfg.DNSCluster, cfg.APUrls)
|
defaultHTTPClusterStrs, httpCerr := srv.GetCluster("http", "etcd-server"+serviceNameSuffix, cfg.Name, cfg.DNSCluster, cfg.APUrls)
|
||||||
if httpCerr != nil {
|
if httpCerr != nil {
|
||||||
clusterStrs = append(clusterStrs, defaultHTTPClusterStrs...)
|
clusterStrs = append(clusterStrs, defaultHTTPClusterStrs...)
|
||||||
}
|
}
|
||||||
if lg != nil {
|
|
||||||
lg.Info(
|
lg.Info(
|
||||||
"get cluster for etcd-server SRV",
|
"get cluster for etcd-server SRV",
|
||||||
zap.String("service-scheme", "http"),
|
zap.String("service-scheme", "http"),
|
||||||
@ -699,7 +674,6 @@ func (cfg *Config) GetDNSClusterNames() ([]string, error) {
|
|||||||
zap.Strings("found-cluster", clusterStrs),
|
zap.Strings("found-cluster", clusterStrs),
|
||||||
zap.Error(httpCerr),
|
zap.Error(httpCerr),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
|
|
||||||
return clusterStrs, cerr
|
return clusterStrs, cerr
|
||||||
}
|
}
|
||||||
@ -734,11 +708,7 @@ func (cfg *Config) ClientSelfCert() (err error) {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
if !cfg.ClientTLSInfo.Empty() {
|
if !cfg.ClientTLSInfo.Empty() {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn("ignoring client auto TLS since certs given")
|
cfg.logger.Warn("ignoring client auto TLS since certs given")
|
||||||
} else {
|
|
||||||
plog.Warningf("ignoring client auto TLS since certs given")
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
chosts := make([]string, len(cfg.LCUrls))
|
chosts := make([]string, len(cfg.LCUrls))
|
||||||
@ -757,11 +727,7 @@ func (cfg *Config) PeerSelfCert() (err error) {
|
|||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
if !cfg.PeerTLSInfo.Empty() {
|
if !cfg.PeerTLSInfo.Empty() {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn("ignoring peer auto TLS since certs given")
|
cfg.logger.Warn("ignoring peer auto TLS since certs given")
|
||||||
} else {
|
|
||||||
plog.Warningf("ignoring peer auto TLS since certs given")
|
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
phosts := make([]string, len(cfg.LPUrls))
|
phosts := make([]string, len(cfg.LPUrls))
|
||||||
|
|||||||
100
embed/etcd.go
100
embed/etcd.go
@ -42,7 +42,6 @@ import (
|
|||||||
"go.etcd.io/etcd/pkg/types"
|
"go.etcd.io/etcd/pkg/types"
|
||||||
"go.etcd.io/etcd/version"
|
"go.etcd.io/etcd/version"
|
||||||
|
|
||||||
"github.com/coreos/pkg/capnslog"
|
|
||||||
grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
|
grpc_prometheus "github.com/grpc-ecosystem/go-grpc-prometheus"
|
||||||
"github.com/soheilhy/cmux"
|
"github.com/soheilhy/cmux"
|
||||||
"go.uber.org/zap"
|
"go.uber.org/zap"
|
||||||
@ -50,8 +49,6 @@ import (
|
|||||||
"google.golang.org/grpc/keepalive"
|
"google.golang.org/grpc/keepalive"
|
||||||
)
|
)
|
||||||
|
|
||||||
var plog = capnslog.NewPackageLogger("go.etcd.io/etcd", "embed")
|
|
||||||
|
|
||||||
const (
|
const (
|
||||||
// internal fd usage includes disk usage and transport usage.
|
// internal fd usage includes disk usage and transport usage.
|
||||||
// To read/write snapshot, snap pkg needs 1. In normal case, wal pkg needs
|
// To read/write snapshot, snap pkg needs 1. In normal case, wal pkg needs
|
||||||
@ -113,22 +110,18 @@ func StartEtcd(inCfg *Config) (e *Etcd, err error) {
|
|||||||
e = nil
|
e = nil
|
||||||
}()
|
}()
|
||||||
|
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"configuring peer listeners",
|
"configuring peer listeners",
|
||||||
zap.Strings("listen-peer-urls", e.cfg.getLPURLs()),
|
zap.Strings("listen-peer-urls", e.cfg.getLPURLs()),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
if e.Peers, err = configurePeerListeners(cfg); err != nil {
|
if e.Peers, err = configurePeerListeners(cfg); err != nil {
|
||||||
return e, err
|
return e, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"configuring client listeners",
|
"configuring client listeners",
|
||||||
zap.Strings("listen-client-urls", e.cfg.getLCURLs()),
|
zap.Strings("listen-client-urls", e.cfg.getLCURLs()),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
if e.sctxs, err = configureClientListeners(cfg); err != nil {
|
if e.sctxs, err = configureClientListeners(cfg); err != nil {
|
||||||
return e, err
|
return e, err
|
||||||
}
|
}
|
||||||
@ -236,7 +229,6 @@ func StartEtcd(inCfg *Config) (e *Etcd, err error) {
|
|||||||
return e, err
|
return e, err
|
||||||
}
|
}
|
||||||
|
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"now serving peer/client/metrics",
|
"now serving peer/client/metrics",
|
||||||
zap.String("local-member-id", e.Server.ID().String()),
|
zap.String("local-member-id", e.Server.ID().String()),
|
||||||
@ -246,38 +238,11 @@ func StartEtcd(inCfg *Config) (e *Etcd, err error) {
|
|||||||
zap.Strings("listen-client-urls", e.cfg.getLCURLs()),
|
zap.Strings("listen-client-urls", e.cfg.getLCURLs()),
|
||||||
zap.Strings("listen-metrics-urls", e.cfg.getMetricsURLs()),
|
zap.Strings("listen-metrics-urls", e.cfg.getMetricsURLs()),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
serving = true
|
serving = true
|
||||||
return e, nil
|
return e, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func print(lg *zap.Logger, ec Config, sc etcdserver.ServerConfig, memberInitialized bool) {
|
func print(lg *zap.Logger, ec Config, sc etcdserver.ServerConfig, memberInitialized bool) {
|
||||||
// TODO: remove this after dropping "capnslog"
|
|
||||||
if lg == nil {
|
|
||||||
plog.Infof("name = %s", ec.Name)
|
|
||||||
if sc.ForceNewCluster {
|
|
||||||
plog.Infof("force new cluster")
|
|
||||||
}
|
|
||||||
plog.Infof("data dir = %s", sc.DataDir)
|
|
||||||
plog.Infof("member dir = %s", sc.MemberDir())
|
|
||||||
if sc.DedicatedWALDir != "" {
|
|
||||||
plog.Infof("dedicated WAL dir = %s", sc.DedicatedWALDir)
|
|
||||||
}
|
|
||||||
plog.Infof("heartbeat = %dms", sc.TickMs)
|
|
||||||
plog.Infof("election = %dms", sc.ElectionTicks*int(sc.TickMs))
|
|
||||||
plog.Infof("snapshot count = %d", sc.SnapshotCount)
|
|
||||||
if len(sc.DiscoveryURL) != 0 {
|
|
||||||
plog.Infof("discovery URL= %s", sc.DiscoveryURL)
|
|
||||||
if len(sc.DiscoveryProxy) != 0 {
|
|
||||||
plog.Infof("discovery proxy = %s", sc.DiscoveryProxy)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
plog.Infof("advertise client URLs = %s", sc.ClientURLs)
|
|
||||||
if memberInitialized {
|
|
||||||
plog.Infof("initial advertise peer URLs = %s", sc.PeerURLs)
|
|
||||||
plog.Infof("initial cluster = %s", sc.InitialPeerURLsMap)
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
cors := make([]string, 0, len(ec.CORS))
|
cors := make([]string, 0, len(ec.CORS))
|
||||||
for v := range ec.CORS {
|
for v := range ec.CORS {
|
||||||
cors = append(cors, v)
|
cors = append(cors, v)
|
||||||
@ -337,7 +302,6 @@ func print(lg *zap.Logger, ec Config, sc etcdserver.ServerConfig, memberInitiali
|
|||||||
zap.String("discovery-proxy", sc.DiscoveryProxy),
|
zap.String("discovery-proxy", sc.DiscoveryProxy),
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Config returns the current configuration.
|
// Config returns the current configuration.
|
||||||
func (e *Etcd) Config() Config {
|
func (e *Etcd) Config() Config {
|
||||||
@ -355,14 +319,10 @@ func (e *Etcd) Close() {
|
|||||||
zap.Strings("advertise-client-urls", e.cfg.getACURLs()),
|
zap.Strings("advertise-client-urls", e.cfg.getACURLs()),
|
||||||
}
|
}
|
||||||
lg := e.GetLogger()
|
lg := e.GetLogger()
|
||||||
if lg != nil {
|
|
||||||
lg.Info("closing etcd server", fields...)
|
lg.Info("closing etcd server", fields...)
|
||||||
}
|
|
||||||
defer func() {
|
defer func() {
|
||||||
if lg != nil {
|
|
||||||
lg.Info("closed etcd server", fields...)
|
lg.Info("closed etcd server", fields...)
|
||||||
lg.Sync()
|
lg.Sync()
|
||||||
}
|
|
||||||
}()
|
}()
|
||||||
|
|
||||||
e.closeOnce.Do(func() { close(e.stopc) })
|
e.closeOnce.Do(func() { close(e.stopc) })
|
||||||
@ -453,22 +413,14 @@ func configurePeerListeners(cfg *Config) (peers []*peerListener, err error) {
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if err = cfg.PeerSelfCert(); err != nil {
|
if err = cfg.PeerSelfCert(); err != nil {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Fatal("failed to get peer self-signed certs", zap.Error(err))
|
cfg.logger.Fatal("failed to get peer self-signed certs", zap.Error(err))
|
||||||
} else {
|
|
||||||
plog.Fatalf("could not get certs (%v)", err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if !cfg.PeerTLSInfo.Empty() {
|
if !cfg.PeerTLSInfo.Empty() {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Info(
|
cfg.logger.Info(
|
||||||
"starting with peer TLS",
|
"starting with peer TLS",
|
||||||
zap.String("tls-info", fmt.Sprintf("%+v", cfg.PeerTLSInfo)),
|
zap.String("tls-info", fmt.Sprintf("%+v", cfg.PeerTLSInfo)),
|
||||||
zap.Strings("cipher-suites", cfg.CipherSuites),
|
zap.Strings("cipher-suites", cfg.CipherSuites),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Infof("peerTLS: %s", cfg.PeerTLSInfo)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
peers = make([]*peerListener, len(cfg.LPUrls))
|
peers = make([]*peerListener, len(cfg.LPUrls))
|
||||||
@ -478,15 +430,11 @@ func configurePeerListeners(cfg *Config) (peers []*peerListener, err error) {
|
|||||||
}
|
}
|
||||||
for i := range peers {
|
for i := range peers {
|
||||||
if peers[i] != nil && peers[i].close != nil {
|
if peers[i] != nil && peers[i].close != nil {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn(
|
cfg.logger.Warn(
|
||||||
"closing peer listener",
|
"closing peer listener",
|
||||||
zap.String("address", cfg.LPUrls[i].String()),
|
zap.String("address", cfg.LPUrls[i].String()),
|
||||||
zap.Error(err),
|
zap.Error(err),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Info("stopping listening for peers on ", cfg.LPUrls[i].String())
|
|
||||||
}
|
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), time.Second)
|
ctx, cancel := context.WithTimeout(context.Background(), time.Second)
|
||||||
peers[i].close(ctx)
|
peers[i].close(ctx)
|
||||||
cancel()
|
cancel()
|
||||||
@ -497,18 +445,10 @@ func configurePeerListeners(cfg *Config) (peers []*peerListener, err error) {
|
|||||||
for i, u := range cfg.LPUrls {
|
for i, u := range cfg.LPUrls {
|
||||||
if u.Scheme == "http" {
|
if u.Scheme == "http" {
|
||||||
if !cfg.PeerTLSInfo.Empty() {
|
if !cfg.PeerTLSInfo.Empty() {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn("scheme is HTTP while key and cert files are present; ignoring key and cert files", zap.String("peer-url", u.String()))
|
cfg.logger.Warn("scheme is HTTP while key and cert files are present; ignoring key and cert files", zap.String("peer-url", u.String()))
|
||||||
} else {
|
|
||||||
plog.Warningf("The scheme of peer url %s is HTTP while peer key/cert files are presented. Ignored peer key/cert files.", u.String())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if cfg.PeerTLSInfo.ClientCertAuth {
|
if cfg.PeerTLSInfo.ClientCertAuth {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn("scheme is HTTP while --peer-client-cert-auth is enabled; ignoring client cert auth for this URL", zap.String("peer-url", u.String()))
|
cfg.logger.Warn("scheme is HTTP while --peer-client-cert-auth is enabled; ignoring client cert auth for this URL", zap.String("peer-url", u.String()))
|
||||||
} else {
|
|
||||||
plog.Warningf("The scheme of peer url %s is HTTP while client cert auth (--peer-client-cert-auth) is enabled. Ignored client cert auth for this url.", u.String())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
peers[i] = &peerListener{close: func(context.Context) error { return nil }}
|
peers[i] = &peerListener{close: func(context.Context) error { return nil }}
|
||||||
@ -550,19 +490,15 @@ func (e *Etcd) servePeers() (err error) {
|
|||||||
// gracefully shutdown http.Server
|
// gracefully shutdown http.Server
|
||||||
// close open listeners, idle connections
|
// close open listeners, idle connections
|
||||||
// until context cancel or time-out
|
// until context cancel or time-out
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"stopping serving peer traffic",
|
"stopping serving peer traffic",
|
||||||
zap.String("address", u),
|
zap.String("address", u),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
stopServers(ctx, &servers{secure: peerTLScfg != nil, grpc: gs, http: srv})
|
stopServers(ctx, &servers{secure: peerTLScfg != nil, grpc: gs, http: srv})
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"stopped serving peer traffic",
|
"stopped serving peer traffic",
|
||||||
zap.String("address", u),
|
zap.String("address", u),
|
||||||
)
|
)
|
||||||
}
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -571,14 +507,10 @@ func (e *Etcd) servePeers() (err error) {
|
|||||||
for _, pl := range e.Peers {
|
for _, pl := range e.Peers {
|
||||||
go func(l *peerListener) {
|
go func(l *peerListener) {
|
||||||
u := l.Addr().String()
|
u := l.Addr().String()
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"serving peer traffic",
|
"serving peer traffic",
|
||||||
zap.String("address", u),
|
zap.String("address", u),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Info("listening for peers on ", u)
|
|
||||||
}
|
|
||||||
e.errHandler(l.serve())
|
e.errHandler(l.serve())
|
||||||
}(pl)
|
}(pl)
|
||||||
}
|
}
|
||||||
@ -590,18 +522,10 @@ func configureClientListeners(cfg *Config) (sctxs map[string]*serveCtx, err erro
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if err = cfg.ClientSelfCert(); err != nil {
|
if err = cfg.ClientSelfCert(); err != nil {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Fatal("failed to get client self-signed certs", zap.Error(err))
|
cfg.logger.Fatal("failed to get client self-signed certs", zap.Error(err))
|
||||||
} else {
|
|
||||||
plog.Fatalf("could not get certs (%v)", err)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if cfg.EnablePprof {
|
if cfg.EnablePprof {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Info("pprof is enabled", zap.String("path", debugutil.HTTPPrefixPProf))
|
cfg.logger.Info("pprof is enabled", zap.String("path", debugutil.HTTPPrefixPProf))
|
||||||
} else {
|
|
||||||
plog.Infof("pprof is enabled under %s", debugutil.HTTPPrefixPProf)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
sctxs = make(map[string]*serveCtx)
|
sctxs = make(map[string]*serveCtx)
|
||||||
@ -609,18 +533,10 @@ func configureClientListeners(cfg *Config) (sctxs map[string]*serveCtx, err erro
|
|||||||
sctx := newServeCtx(cfg.logger)
|
sctx := newServeCtx(cfg.logger)
|
||||||
if u.Scheme == "http" || u.Scheme == "unix" {
|
if u.Scheme == "http" || u.Scheme == "unix" {
|
||||||
if !cfg.ClientTLSInfo.Empty() {
|
if !cfg.ClientTLSInfo.Empty() {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn("scheme is HTTP while key and cert files are present; ignoring key and cert files", zap.String("client-url", u.String()))
|
cfg.logger.Warn("scheme is HTTP while key and cert files are present; ignoring key and cert files", zap.String("client-url", u.String()))
|
||||||
} else {
|
|
||||||
plog.Warningf("The scheme of client url %s is HTTP while peer key/cert files are presented. Ignored key/cert files.", u.String())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
if cfg.ClientTLSInfo.ClientCertAuth {
|
if cfg.ClientTLSInfo.ClientCertAuth {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn("scheme is HTTP while --client-cert-auth is enabled; ignoring client cert auth for this URL", zap.String("client-url", u.String()))
|
cfg.logger.Warn("scheme is HTTP while --client-cert-auth is enabled; ignoring client cert auth for this URL", zap.String("client-url", u.String()))
|
||||||
} else {
|
|
||||||
plog.Warningf("The scheme of client url %s is HTTP while client cert auth (--client-cert-auth) is enabled. Ignored client cert auth for this url.", u.String())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (u.Scheme == "https" || u.Scheme == "unixs") && cfg.ClientTLSInfo.Empty() {
|
if (u.Scheme == "https" || u.Scheme == "unixs") && cfg.ClientTLSInfo.Empty() {
|
||||||
@ -652,15 +568,11 @@ func configureClientListeners(cfg *Config) (sctxs map[string]*serveCtx, err erro
|
|||||||
|
|
||||||
if fdLimit, fderr := runtimeutil.FDLimit(); fderr == nil {
|
if fdLimit, fderr := runtimeutil.FDLimit(); fderr == nil {
|
||||||
if fdLimit <= reservedInternalFDNum {
|
if fdLimit <= reservedInternalFDNum {
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Fatal(
|
cfg.logger.Fatal(
|
||||||
"file descriptor limit of etcd process is too low; please set higher",
|
"file descriptor limit of etcd process is too low; please set higher",
|
||||||
zap.Uint64("limit", fdLimit),
|
zap.Uint64("limit", fdLimit),
|
||||||
zap.Int("recommended-limit", reservedInternalFDNum),
|
zap.Int("recommended-limit", reservedInternalFDNum),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Fatalf("file descriptor limit[%d] of etcd process is too low, and should be set higher than %d to ensure internal usage", fdLimit, reservedInternalFDNum)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
sctx.l = transport.LimitListener(sctx.l, int(fdLimit-reservedInternalFDNum))
|
sctx.l = transport.LimitListener(sctx.l, int(fdLimit-reservedInternalFDNum))
|
||||||
}
|
}
|
||||||
@ -676,15 +588,11 @@ func configureClientListeners(cfg *Config) (sctxs map[string]*serveCtx, err erro
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
sctx.l.Close()
|
sctx.l.Close()
|
||||||
if cfg.logger != nil {
|
|
||||||
cfg.logger.Warn(
|
cfg.logger.Warn(
|
||||||
"closing peer listener",
|
"closing peer listener",
|
||||||
zap.String("address", u.Host),
|
zap.String("address", u.Host),
|
||||||
zap.Error(err),
|
zap.Error(err),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Info("stopping listening for client requests on ", u.Host)
|
|
||||||
}
|
|
||||||
}()
|
}()
|
||||||
for k := range cfg.UserHandlers {
|
for k := range cfg.UserHandlers {
|
||||||
sctx.userHandlers[k] = cfg.UserHandlers[k]
|
sctx.userHandlers[k] = cfg.UserHandlers[k]
|
||||||
@ -703,15 +611,11 @@ func configureClientListeners(cfg *Config) (sctxs map[string]*serveCtx, err erro
|
|||||||
|
|
||||||
func (e *Etcd) serveClients() (err error) {
|
func (e *Etcd) serveClients() (err error) {
|
||||||
if !e.cfg.ClientTLSInfo.Empty() {
|
if !e.cfg.ClientTLSInfo.Empty() {
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"starting with client TLS",
|
"starting with client TLS",
|
||||||
zap.String("tls-info", fmt.Sprintf("%+v", e.cfg.ClientTLSInfo)),
|
zap.String("tls-info", fmt.Sprintf("%+v", e.cfg.ClientTLSInfo)),
|
||||||
zap.Strings("cipher-suites", e.cfg.CipherSuites),
|
zap.Strings("cipher-suites", e.cfg.CipherSuites),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Infof("ClientTLS: %s", e.cfg.ClientTLSInfo)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Start a client server goroutine for each listen address
|
// Start a client server goroutine for each listen address
|
||||||
@ -773,14 +677,10 @@ func (e *Etcd) serveMetrics() (err error) {
|
|||||||
}
|
}
|
||||||
e.metricsListeners = append(e.metricsListeners, ml)
|
e.metricsListeners = append(e.metricsListeners, ml)
|
||||||
go func(u url.URL, ln net.Listener) {
|
go func(u url.URL, ln net.Listener) {
|
||||||
if e.cfg.logger != nil {
|
|
||||||
e.cfg.logger.Info(
|
e.cfg.logger.Info(
|
||||||
"serving metrics",
|
"serving metrics",
|
||||||
zap.String("address", u.String()),
|
zap.String("address", u.String()),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Info("listening for metrics on ", u.String())
|
|
||||||
}
|
|
||||||
e.errHandler(http.Serve(ln, metricsMux))
|
e.errHandler(http.Serve(ln, metricsMux))
|
||||||
}(murl, ml)
|
}(murl, ml)
|
||||||
}
|
}
|
||||||
|
|||||||
@ -70,6 +70,9 @@ type servers struct {
|
|||||||
|
|
||||||
func newServeCtx(lg *zap.Logger) *serveCtx {
|
func newServeCtx(lg *zap.Logger) *serveCtx {
|
||||||
ctx, cancel := context.WithCancel(context.Background())
|
ctx, cancel := context.WithCancel(context.Background())
|
||||||
|
if lg == nil {
|
||||||
|
lg = zap.NewNop()
|
||||||
|
}
|
||||||
return &serveCtx{
|
return &serveCtx{
|
||||||
lg: lg,
|
lg: lg,
|
||||||
ctx: ctx,
|
ctx: ctx,
|
||||||
@ -91,9 +94,7 @@ func (sctx *serveCtx) serve(
|
|||||||
logger := defaultLog.New(ioutil.Discard, "etcdhttp", 0)
|
logger := defaultLog.New(ioutil.Discard, "etcdhttp", 0)
|
||||||
<-s.ReadyNotify()
|
<-s.ReadyNotify()
|
||||||
|
|
||||||
if sctx.lg == nil {
|
sctx.lg.Info("ready to serve client requests")
|
||||||
plog.Info("ready to serve client requests")
|
|
||||||
}
|
|
||||||
|
|
||||||
m := cmux.New(sctx.l)
|
m := cmux.New(sctx.l)
|
||||||
v3c := v3client.New(s)
|
v3c := v3client.New(s)
|
||||||
@ -135,14 +136,10 @@ func (sctx *serveCtx) serve(
|
|||||||
go func() { errHandler(srvhttp.Serve(httpl)) }()
|
go func() { errHandler(srvhttp.Serve(httpl)) }()
|
||||||
|
|
||||||
sctx.serversC <- &servers{grpc: gs, http: srvhttp}
|
sctx.serversC <- &servers{grpc: gs, http: srvhttp}
|
||||||
if sctx.lg != nil {
|
|
||||||
sctx.lg.Info(
|
sctx.lg.Info(
|
||||||
"serving client traffic insecurely; this is strongly discouraged!",
|
"serving client traffic insecurely; this is strongly discouraged!",
|
||||||
zap.String("address", sctx.l.Addr().String()),
|
zap.String("address", sctx.l.Addr().String()),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Noticef("serving insecure client requests on %s, this is strongly discouraged!", sctx.l.Addr().String())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if sctx.secure {
|
if sctx.secure {
|
||||||
@ -187,14 +184,10 @@ func (sctx *serveCtx) serve(
|
|||||||
go func() { errHandler(srv.Serve(tlsl)) }()
|
go func() { errHandler(srv.Serve(tlsl)) }()
|
||||||
|
|
||||||
sctx.serversC <- &servers{secure: true, grpc: gs, http: srv}
|
sctx.serversC <- &servers{secure: true, grpc: gs, http: srv}
|
||||||
if sctx.lg != nil {
|
|
||||||
sctx.lg.Info(
|
sctx.lg.Info(
|
||||||
"serving client traffic securely",
|
"serving client traffic securely",
|
||||||
zap.String("address", sctx.l.Addr().String()),
|
zap.String("address", sctx.l.Addr().String()),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Infof("serving client requests on %s", sctx.l.Addr().String())
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
close(sctx.serversC)
|
close(sctx.serversC)
|
||||||
@ -253,15 +246,11 @@ func (sctx *serveCtx) registerGateway(opts []grpc.DialOption) (*gw.ServeMux, err
|
|||||||
go func() {
|
go func() {
|
||||||
<-ctx.Done()
|
<-ctx.Done()
|
||||||
if cerr := conn.Close(); cerr != nil {
|
if cerr := conn.Close(); cerr != nil {
|
||||||
if sctx.lg != nil {
|
|
||||||
sctx.lg.Warn(
|
sctx.lg.Warn(
|
||||||
"failed to close connection",
|
"failed to close connection",
|
||||||
zap.String("address", sctx.l.Addr().String()),
|
zap.String("address", sctx.l.Addr().String()),
|
||||||
zap.Error(cerr),
|
zap.Error(cerr),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Warningf("failed to close conn to %s: %v", sctx.l.Addr().String(), cerr)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}()
|
}()
|
||||||
|
|
||||||
@ -300,6 +289,9 @@ func (sctx *serveCtx) createMux(gwmux *gw.ServeMux, handler http.Handler) *http.
|
|||||||
// - check hostname whitelist
|
// - check hostname whitelist
|
||||||
// client HTTP requests goes here first
|
// client HTTP requests goes here first
|
||||||
func createAccessController(lg *zap.Logger, s *etcdserver.EtcdServer, mux *http.ServeMux) http.Handler {
|
func createAccessController(lg *zap.Logger, s *etcdserver.EtcdServer, mux *http.ServeMux) http.Handler {
|
||||||
|
if lg == nil {
|
||||||
|
lg = zap.NewNop()
|
||||||
|
}
|
||||||
return &accessController{lg: lg, s: s, mux: mux}
|
return &accessController{lg: lg, s: s, mux: mux}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -318,14 +310,10 @@ func (ac *accessController) ServeHTTP(rw http.ResponseWriter, req *http.Request)
|
|||||||
if req.TLS == nil { // check origin if client connection is not secure
|
if req.TLS == nil { // check origin if client connection is not secure
|
||||||
host := httputil.GetHostname(req)
|
host := httputil.GetHostname(req)
|
||||||
if !ac.s.AccessController.IsHostWhitelisted(host) {
|
if !ac.s.AccessController.IsHostWhitelisted(host) {
|
||||||
if ac.lg != nil {
|
|
||||||
ac.lg.Warn(
|
ac.lg.Warn(
|
||||||
"rejecting HTTP request to prevent DNS rebinding attacks",
|
"rejecting HTTP request to prevent DNS rebinding attacks",
|
||||||
zap.String("host", host),
|
zap.String("host", host),
|
||||||
)
|
)
|
||||||
} else {
|
|
||||||
plog.Warningf("rejecting HTTP request from %q to prevent DNS rebinding attacks", host)
|
|
||||||
}
|
|
||||||
// TODO: use Go's "http.StatusMisdirectedRequest" (421)
|
// TODO: use Go's "http.StatusMisdirectedRequest" (421)
|
||||||
// https://github.com/golang/go/commit/4b8a7eafef039af1834ef9bfa879257c4a72b7b5
|
// https://github.com/golang/go/commit/4b8a7eafef039af1834ef9bfa879257c4a72b7b5
|
||||||
http.Error(rw, errCVE20185702(host), 421)
|
http.Error(rw, errCVE20185702(host), 421)
|
||||||
@ -411,11 +399,7 @@ func (ch *corsHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
|
|||||||
|
|
||||||
func (sctx *serveCtx) registerUserHandler(s string, h http.Handler) {
|
func (sctx *serveCtx) registerUserHandler(s string, h http.Handler) {
|
||||||
if sctx.userHandlers[s] != nil {
|
if sctx.userHandlers[s] != nil {
|
||||||
if sctx.lg != nil {
|
|
||||||
sctx.lg.Warn("path is already registered by user handler", zap.String("path", s))
|
sctx.lg.Warn("path is already registered by user handler", zap.String("path", s))
|
||||||
} else {
|
|
||||||
plog.Warningf("path %s already registered by user handler", s)
|
|
||||||
}
|
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
sctx.userHandlers[s] = h
|
sctx.userHandlers[s] = h
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user