mirror of
https://github.com/etcd-io/etcd.git
synced 2024-09-27 06:25:44 +00:00
etcdmain: add --peer-auto-tls option
Lets the peer generate its own (unsigned) certs.
This commit is contained in:
parent
a69c709839
commit
e9b2bd751d
@ -111,6 +111,7 @@ type config struct {
|
|||||||
|
|
||||||
// security
|
// security
|
||||||
clientTLSInfo, peerTLSInfo transport.TLSInfo
|
clientTLSInfo, peerTLSInfo transport.TLSInfo
|
||||||
|
peerAutoTLS bool
|
||||||
|
|
||||||
// logging
|
// logging
|
||||||
debug bool
|
debug bool
|
||||||
@ -211,6 +212,7 @@ func NewConfig() *config {
|
|||||||
fs.StringVar(&cfg.peerTLSInfo.KeyFile, "peer-key-file", "", "Path to the peer server TLS key file.")
|
fs.StringVar(&cfg.peerTLSInfo.KeyFile, "peer-key-file", "", "Path to the peer server TLS key file.")
|
||||||
fs.BoolVar(&cfg.peerTLSInfo.ClientCertAuth, "peer-client-cert-auth", false, "Enable peer client cert authentication.")
|
fs.BoolVar(&cfg.peerTLSInfo.ClientCertAuth, "peer-client-cert-auth", false, "Enable peer client cert authentication.")
|
||||||
fs.StringVar(&cfg.peerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
|
fs.StringVar(&cfg.peerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
|
||||||
|
fs.BoolVar(&cfg.peerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")
|
||||||
|
|
||||||
// logging
|
// logging
|
||||||
fs.BoolVar(&cfg.debug, "debug", false, "Enable debug-level logging for etcd.")
|
fs.BoolVar(&cfg.debug, "debug", false, "Enable debug-level logging for etcd.")
|
||||||
|
@ -203,9 +203,23 @@ func startEtcd(cfg *config) (<-chan struct{}, error) {
|
|||||||
return nil, fmt.Errorf("error setting up initial cluster: %v", err)
|
return nil, fmt.Errorf("error setting up initial cluster: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if cfg.peerAutoTLS && cfg.peerTLSInfo.Empty() {
|
||||||
|
phosts := make([]string, 0)
|
||||||
|
for _, u := range cfg.lpurls {
|
||||||
|
phosts = append(phosts, u.Host)
|
||||||
|
}
|
||||||
|
cfg.peerTLSInfo, err = transport.SelfCert(cfg.dir, phosts)
|
||||||
|
if err != nil {
|
||||||
|
plog.Fatalf("could not get certs (%v)", err)
|
||||||
|
}
|
||||||
|
} else if cfg.peerAutoTLS {
|
||||||
|
plog.Warningf("ignoring peer auto TLS since certs given")
|
||||||
|
}
|
||||||
|
|
||||||
if !cfg.peerTLSInfo.Empty() {
|
if !cfg.peerTLSInfo.Empty() {
|
||||||
plog.Infof("peerTLS: %s", cfg.peerTLSInfo)
|
plog.Infof("peerTLS: %s", cfg.peerTLSInfo)
|
||||||
}
|
}
|
||||||
|
|
||||||
plns := make([]net.Listener, 0)
|
plns := make([]net.Listener, 0)
|
||||||
for _, u := range cfg.lpurls {
|
for _, u := range cfg.lpurls {
|
||||||
if u.Scheme == "http" && !cfg.peerTLSInfo.Empty() {
|
if u.Scheme == "http" && !cfg.peerTLSInfo.Empty() {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user