etcdctl: set ServerName for TLS when using --discovery-srv
parent
cd781bf30c
commit
e218834b58
|
@ -85,13 +85,7 @@ func getPeersFlagValue(c *cli.Context) []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func getDomainDiscoveryFlagValue(c *cli.Context) ([]string, error) {
|
func getDomainDiscoveryFlagValue(c *cli.Context) ([]string, error) {
|
||||||
domainstr := c.GlobalString("discovery-srv")
|
domainstr, insecure := getDiscoveryDomain(c)
|
||||||
|
|
||||||
// Use an environment variable if nothing was supplied on the
|
|
||||||
// command line
|
|
||||||
if domainstr == "" {
|
|
||||||
domainstr = os.Getenv("ETCDCTL_DISCOVERY_SRV")
|
|
||||||
}
|
|
||||||
|
|
||||||
// If we still don't have domain discovery, return nothing
|
// If we still don't have domain discovery, return nothing
|
||||||
if domainstr == "" {
|
if domainstr == "" {
|
||||||
|
@ -103,8 +97,30 @@ func getDomainDiscoveryFlagValue(c *cli.Context) ([]string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
if insecure {
|
||||||
return eps, err
|
return eps, err
|
||||||
|
}
|
||||||
|
// strip insecure connections
|
||||||
|
ret := []string{}
|
||||||
|
for _, ep := range eps {
|
||||||
|
if strings.HasPrefix("http://", ep) {
|
||||||
|
fmt.Fprintf(os.Stderr, "ignoring discovered insecure endpoint %q\n", ep)
|
||||||
|
continue
|
||||||
|
}
|
||||||
|
ret = append(ret, ep)
|
||||||
|
}
|
||||||
|
return ret, err
|
||||||
|
}
|
||||||
|
|
||||||
|
func getDiscoveryDomain(c *cli.Context) (domainstr string, insecure bool) {
|
||||||
|
domainstr = c.GlobalString("discovery-srv")
|
||||||
|
// Use an environment variable if nothing was supplied on the
|
||||||
|
// command line
|
||||||
|
if domainstr == "" {
|
||||||
|
domainstr = os.Getenv("ETCDCTL_DISCOVERY_SRV")
|
||||||
|
}
|
||||||
|
insecure = c.GlobalBool("insecure-discovery") || (os.Getenv("ETCDCTL_INSECURE_DISCOVERY") != "")
|
||||||
|
return domainstr, insecure
|
||||||
}
|
}
|
||||||
|
|
||||||
func getEndpoints(c *cli.Context) ([]string, error) {
|
func getEndpoints(c *cli.Context) ([]string, error) {
|
||||||
|
@ -151,10 +167,15 @@ func getTransport(c *cli.Context) (*http.Transport, error) {
|
||||||
keyfile = os.Getenv("ETCDCTL_KEY_FILE")
|
keyfile = os.Getenv("ETCDCTL_KEY_FILE")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
discoveryDomain, insecure := getDiscoveryDomain(c)
|
||||||
|
if insecure {
|
||||||
|
discoveryDomain = ""
|
||||||
|
}
|
||||||
tls := transport.TLSInfo{
|
tls := transport.TLSInfo{
|
||||||
CAFile: cafile,
|
CAFile: cafile,
|
||||||
CertFile: certfile,
|
CertFile: certfile,
|
||||||
KeyFile: keyfile,
|
KeyFile: keyfile,
|
||||||
|
ServerName: discoveryDomain,
|
||||||
}
|
}
|
||||||
|
|
||||||
dialTimeout := defaultDialTimeout
|
dialTimeout := defaultDialTimeout
|
||||||
|
|
|
@ -39,6 +39,7 @@ func Start() {
|
||||||
cli.BoolFlag{Name: "no-sync", Usage: "don't synchronize cluster information before sending request"},
|
cli.BoolFlag{Name: "no-sync", Usage: "don't synchronize cluster information before sending request"},
|
||||||
cli.StringFlag{Name: "output, o", Value: "simple", Usage: "output response in the given format (`simple`, `extended` or `json`)"},
|
cli.StringFlag{Name: "output, o", Value: "simple", Usage: "output response in the given format (`simple`, `extended` or `json`)"},
|
||||||
cli.StringFlag{Name: "discovery-srv, D", Usage: "domain name to query for SRV records describing cluster endpoints"},
|
cli.StringFlag{Name: "discovery-srv, D", Usage: "domain name to query for SRV records describing cluster endpoints"},
|
||||||
|
cli.BoolFlag{Name: "insecure-discovery", Usage: "accept insecure SRV records describing cluster endpoints"},
|
||||||
cli.StringFlag{Name: "peers, C", Value: "", Usage: "DEPRECATED - \"--endpoints\" should be used instead"},
|
cli.StringFlag{Name: "peers, C", Value: "", Usage: "DEPRECATED - \"--endpoints\" should be used instead"},
|
||||||
cli.StringFlag{Name: "endpoint", Value: "", Usage: "DEPRECATED - \"--endpoints\" should be used instead"},
|
cli.StringFlag{Name: "endpoint", Value: "", Usage: "DEPRECATED - \"--endpoints\" should be used instead"},
|
||||||
cli.StringFlag{Name: "endpoints", Value: "", Usage: "a comma-delimited list of machine addresses in the cluster (default: \"http://127.0.0.1:2379,http://127.0.0.1:4001\")"},
|
cli.StringFlag{Name: "endpoints", Value: "", Usage: "a comma-delimited list of machine addresses in the cluster (default: \"http://127.0.0.1:2379,http://127.0.0.1:4001\")"},
|
||||||
|
|
Loading…
Reference in New Issue