Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
15,914 Commits 15 Branches 491 Tags
d8f7cfe28d291346bebb5b56182de4e05ce8ee12
Commit Graph

425 Commits

Author SHA1 Message Date
James Blair
d8f7cfe28d Backport tls 1.3 support. 
Signed-off-by: James Blair <mail@jamesblair.net>
 2023-03-16 21:46:17 +13:00
Allen Ray
9254f8f05b Release-3.4: server/etcdmain: add configurable cipher list to gRPC proxy listener 
Signed-off-by: Allen Ray <alray@redhat.com>
 2022-10-19 16:02:13 -04:00
Marek Siarkowicz
8f4735dfd4 server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL 
To avoid inconsistant behavior during cluster upgrade we are feature
gating persistance behind cluster version. This should ensure that
all cluster members are upgraded to v3.6 before changing behavior.

To allow backporting this fix to v3.5 we are also introducing flag
--experimental-enable-lease-checkpoint-persist that will allow for
smooth upgrade in v3.5 clusters with this feature enabled.

Signed-off-by: Marek Siarkowicz <siarkowicz@google.com>
 2022-07-22 10:28:29 +02:00
Benjamin Wang
6071b1c523 Support configuring MaxConcurrentStreams for http2 
Backport https://github.com/etcd-io/etcd/pull/14219 to 3.4

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-07-21 14:25:29 +08:00
Benjamin Wang
1c9fa07cd7 Fix deadlock in 'go test -tags cluster_proxy -v ./integration/... ./clientv3/...' 
Cherry pick https://github.com/etcd-io/etcd/pull/12319 to 3.4.

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-06-28 13:44:47 +08:00
Sam Batschelet
501d8f01ea [release-3.4]: ClientV3: Ordering: Fix TestEndpointSwitchResolvesViolation test 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-06-23 21:26:55 -04:00
Sam Batschelet
9aeabe447d server: Added config parameter experimental-warning-apply-duration 
Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2021-03-03 12:14:30 -05:00
jingyih
c60dabf2f3 *: add experimental flag for watch notify interval 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2020-08-15 10:24:25 -07:00
Sahdev P. Zala
319331192e pkg: consider umask when use MkdirAll 
os.MkdirAll creates directory before umask so make sure that a desired
permission is set after creating a directory with MkdirAll. Use the
existing TouchDirAll function which checks for permission if dir is already
exist and when create a new dir.
 2020-07-07 11:46:31 -04:00
Gyuho Lee
32583af167 Merge pull request #12101 from tangcong/automated-cherry-pick-of-#12100-origin-release-3.4 
Automated cherry pick of #12100
 2020-07-06 11:47:24 -07:00
Hitoshi Mitake
7dec4c412c etcdmain: let grpc proxy warn about insecure-skip-tls-verify 2020-07-01 18:25:29 -04:00
tangcong
a4667f596a etcdmain: fix shadow error 2020-07-01 13:36:48 +08:00
cfc4n
4488595e05 auth: Customize simpleTokenTTL settings. 
see https://github.com/etcd-io/etcd/issues/11978 for more detail.
 2020-06-25 19:58:26 +08:00
Gyuho Lee
1a1281005c Merge pull request #12070 from spzala/automated-cherry-pick-of-#12060-upstream-release-3.4 
Automated cherry pick of #12060
 2020-06-24 20:39:33 -07:00
Gyuho Lee
a4f42948e8 Merge pull request #12072 from tangcong/automated-cherry-pick-of-#12066-origin-release-3.4 
Automated cherry pick of #12066
 2020-06-24 20:39:15 -07:00
Gyuho Lee
2212a84adb Merge pull request #12034 from spzala/automated-cherry-pick-of-#11798-upstream-release-3.4 
Automated cherry pick of #11798
 2020-06-24 20:38:46 -07:00
tangcong
e42d7b5248 etcdmain: fix shadow error 2020-06-25 06:40:33 +08:00
Xiang Li
b86bb615ff doc: add TLS related warnings 2020-06-24 16:39:35 -04:00
Gyuho Lee
368ff75a10 Merge pull request #12039 from spzala/automated-cherry-pick-of-#11845-upstream-release-3.4 
Automated cherry pick of #11845
 2020-06-21 19:20:04 -07:00
Hitoshi Mitake
c69efda350 etcdctl, etcdmain: warn about --insecure-skip-tls-verify options 2020-06-21 19:23:06 -04:00
Xiang Li
47001f28bd etcdmain: best effort detection of self pointing in tcp proxy 2020-06-21 18:12:24 -04:00
Sahdev P. Zala
434f7e83f0 pkg: check file stats 
modify file util.
 2020-06-20 16:29:47 -04:00
David Crawshaw
78f67988aa etcdserver, et al: add --unsafe-no-fsync flag 
This makes it possible to run an etcd node for testing and development
without placing lots of load on the file system.

Fixes #11930.

Signed-off-by: David Crawshaw <crawshaw@tailscale.com>
 2020-06-04 20:19:28 -07:00
Jingyi Hu
0ecc0d0542 etcdmain: update help message 
Add experimental-peer-skip-client-san-verification flag description to
help message. Add default values.
 2019-08-16 16:07:06 -07:00
Joe Betz
1e213b7ab6 *: Add experimental-compaction-batch-limit flag 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2019-08-15 13:31:39 -07:00
Martin Weindel
149e5dc291 etcdserver: mark flag as experimental, add to changelog and configuration 2019-07-30 16:57:57 -04:00
Martin Weindel
03fd396610 pkg/transport: Improved description of flag peer-skip-client-san-verification 2019-07-30 16:57:57 -04:00
Martin Weindel
1b048c91ec etcdserver: Added configuration flag --peer-skip-client-verify=true 2019-07-30 16:57:57 -04:00
Gyuho Lee
a37f3441f5 etcdmain: add "--log-level" flag 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2019-07-29 15:43:19 -07:00
John Millikin
5824421f8b etcdman, pkg: Rename new flags to 'hostname' 2019-07-10 09:30:02 +09:00
John Millikin
9a53601a18 etcdmain, pkg: Support peer and client TLS auth based on SAN fields. 
Etcd currently supports validating peers based on their TLS certificate's
CN field. The current best practice for creation and validation of TLS
certs is to use the Subject Alternative Name (SAN) fields instead, so that
a certificate might be issued with a unique CN and its logical
identities in the SANs.

This commit extends the peer validation logic to use Go's
`(*"crypto/x509".Certificate).ValidateHostname` function for name
validation, which allows SANs to be used for peer access control.

In addition, it allows name validation to be enabled on clients as well.
This is used when running Etcd behind an authenticating proxy, or as
an internal component in a larger system (like a Kubernetes master).
 2019-07-10 09:30:02 +09:00
Xiang Li
ea70731f53 Merge pull request #10762 from FrozenAndrey/fix#10747 
etcdmain: fix ignoring of ETCD_CONFIG_FILE env variable
 2019-06-07 21:32:35 -07:00
Jingyi Hu
e67b9829b6 *: enable lease checkpoint via experimental flag 
Primary lessor persist lease remainingTTL only if experimental flag
"--experimental-enable-lease-checkpoint" is set.
 2019-06-05 15:30:03 -07:00
Gyuho Lee
bdcecd1fc4 Merge pull request #10764 from jingyih/clarify_config_file_setting 
*: more clarification on when server config file is provided
 2019-05-28 16:23:19 -07:00
Gyuho Lee
34bd797e67 *: revert module import paths 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2019-05-28 15:39:35 -07:00
Jingyi Hu
5e9c424f1f *: more clarification on server config file 
Be more explicit in document and command line usage message that if a
config file is provided, other command line flags and environment
variables will be ignored.
 2019-05-27 22:54:14 -07:00
Andrey Abramov
14c5eaa7e1 etcdmain: improve readability 
Improve readability of ETCD_CONFIG_FILE env variable parsing part
by adding comments and using flags.FlagToEnv function.

Signed-off-by: Andrey Abramov <st5pub@yandex.ru>
 2019-05-26 09:54:26 +03:00
Andrey Abramov
6955331901 etcdmain: fix ignoring of ETCD_CONFIG_FILE env variable 
Fixes #10747

Signed-off-by: Andrey Abramov <st5pub@yandex.ru>
 2019-05-25 23:54:19 +03:00
rohitsardesai83
42a7ea6d33 etcd: Replace ghodss/yaml with sigs.k8s.io/yaml 
To remove the dependency on ghodss/yaml. Replaced this dependency with sigs.k8s.io/yaml.
This wil help to remove the ghodss/yaml dependency from main kubernetes repository.

xref: https://github.com/kubernetes/kubernetes/issues/77024
 2019-05-02 12:34:36 +05:30
shivaramr
9150bf52d6 go modules: Fix module path version to include version number 2019-04-26 15:29:50 -07:00
Sam Batschelet
9915d02022 *: Change gRPC proxy to expose etcd server endpoint /metrics 
This PR resolves an issue where the `/metrics` endpoints exposed by the proxy were not returning metrics of the etcd members servers but of the proxy itself.

Signed-off-by: Sam Batschelet <sbatsche@redhat.com>
 2019-04-10 16:09:32 -04:00
johncming
11272ed320 etcdmain: use same error. 2019-03-26 11:21:47 +08:00
Sergey Shatunov
fbf732d3dc etcdmain: fix sd_notify for restricted environments 
Remove call to dumb IsRunningSystemd() as it doesn't check anything
 2019-03-02 23:44:39 +07:00
Gyuho Lee
8d1a62e7ef *: use default log configuration for server 
Signed-off-by: Gyuho Lee <leegyuho@amazon.com>
 2019-02-21 10:57:26 -08:00
WizardCXY
e6c6d8492e *: add flag to let etcd use the new boltdb freelistType feature 2019-02-14 11:07:08 +08:00
Hitoshi Mitake
65887ae1b4 pkg, clientv3, etcdmain: let grpcproxy rise an error when its cert has non empty CN 
Fix https://github.com/etcd-io/etcd/issues/9521
 2019-01-25 00:43:57 +09:00
Hitoshi Mitake
72dd4a18c5 *: add a new option --enable-grpc-gateway for enabling/disabling grpc gateway 2019-01-23 03:26:34 +09:00
Mark McLoughlin
fcc29894c2 config: multiple logging fixes 
First, don't panic with invalid --log-outputs. For example:

  $> ./bin/etcd --log-outputs foo
  2018-12-20 15:05:47.988652 C | embed: unknown log-output "foo" (only supports "default", "stderr", "stdout")
  panic: unknown log-output "foo" (only supports "default", "stderr", "stdout")

  goroutine 1 [running]:
  go.etcd.io/etcd/vendor/github.com/coreos/pkg/capnslog.(*PackageLogger).Panicf(0xc000294b00, 0x10fe067, 0x30, 0xc0001fa398, 0x4, 0x4)
        go.etcd.io/etcd/vendor/github.com/coreos/pkg/capnslog/pkg_logger.go:75 +0x161
  go.etcd.io/etcd/embed.(*Config).setupLogging(0xc000291400, 0xc0002a85b0, 0x1)
        go.etcd.io/etcd/embed/config_logging.go:120 +0x1939
  ...

Or:

 $> ./bin/etcd --log-outputs foo,default --logger zap
 panic: multi logoutput for "default" is not supported yet

 goroutine 1 [running]:
 go.etcd.io/etcd/embed.(*Config).setupLogging(0xc000314500, 0xc0001b2f70, 0x1)
        go.etcd.io/etcd/embed/config_logging.go:129 +0x2437
 go.etcd.io/etcd/embed.(*Config).Validate(0xc000314500, 0xc000268a98, 0x127e440)
        go.etcd.io/etcd/embed/config.go:543 +0x43

Second, don't exit in embed.setupLogging(). Before:

  $> ./bin/etcd --log-outputs foo,bar
  --logger=capnslog supports only 1 value in '--log-outputs', got ["bar" "foo"]

and after:

  $> ./bin/etcd --log-outputs foo,bar
  2018-12-20 15:10:24.317982 E | etcdmain: error verifying flags, --logger=capnslog supports only 1 value in '--log-outputs', got ["bar" "foo"]. See 'etcd --help'.

Third, remove duplicated unique strings code. UniqueStringsFromFlag()
is already available to return a sorted slice of values, so just use
that.

Lastly, fix a tiny logging typo in config.
 2019-01-17 15:09:26 -05:00
lsytj0413
23862b5d64 refactor(*): remove duplicate GetLogger 2018-12-10 17:58:47 +08:00
Xiang Li
3faed211e5 *: add flags to setup backend related config 2018-11-26 15:50:26 -08:00