Allow different key,cert,CA for client and server communication
parent
e3d556c319
commit
f67115b935
64
etcd.go
64
etcd.go
|
@ -36,9 +36,13 @@ var clientPort int
|
||||||
var serverPort int
|
var serverPort int
|
||||||
var webPort int
|
var webPort int
|
||||||
|
|
||||||
var certFile string
|
var serverCertFile string
|
||||||
var keyFile string
|
var serverKeyFile string
|
||||||
var CAFile string
|
var serverCAFile string
|
||||||
|
|
||||||
|
var clientCertFile string
|
||||||
|
var clientKeyFile string
|
||||||
|
var clientCAFile string
|
||||||
|
|
||||||
var dirPath string
|
var dirPath string
|
||||||
|
|
||||||
|
@ -53,9 +57,13 @@ func init() {
|
||||||
flag.IntVar(&serverPort, "s", 7001, "the port of server")
|
flag.IntVar(&serverPort, "s", 7001, "the port of server")
|
||||||
flag.IntVar(&webPort, "w", -1, "the port of web interface")
|
flag.IntVar(&webPort, "w", -1, "the port of web interface")
|
||||||
|
|
||||||
flag.StringVar(&CAFile, "CAFile", "", "the path of the CAFile")
|
flag.StringVar(&serverCAFile, "serverCAFile", "", "the path of the CAFile")
|
||||||
flag.StringVar(&certFile, "cert", "", "the cert file of the server")
|
flag.StringVar(&serverCertFile, "serverCert", "", "the cert file of the server")
|
||||||
flag.StringVar(&keyFile, "key", "", "the key file of the server")
|
flag.StringVar(&serverKeyFile, "serverKey", "", "the key file of the server")
|
||||||
|
|
||||||
|
flag.StringVar(&clientCAFile, "clientCAFile", "", "the path of the CAFile")
|
||||||
|
flag.StringVar(&clientCertFile, "clientCert", "", "the cert file of the client")
|
||||||
|
flag.StringVar(&clientKeyFile, "clientKey", "", "the key file of the client")
|
||||||
|
|
||||||
flag.StringVar(&dirPath, "d", "./", "the directory to store log and snapshot")
|
flag.StringVar(&dirPath, "d", "./", "the directory to store log and snapshot")
|
||||||
}
|
}
|
||||||
|
@ -67,6 +75,11 @@ const (
|
||||||
HTTPSANDVERIFY
|
HTTPSANDVERIFY
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const (
|
||||||
|
SERVER = iota
|
||||||
|
CLIENT
|
||||||
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
ELECTIONTIMTOUT = 200 * time.Millisecond
|
ELECTIONTIMTOUT = 200 * time.Millisecond
|
||||||
HEARTBEATTIMEOUT = 50 * time.Millisecond
|
HEARTBEATTIMEOUT = 50 * time.Millisecond
|
||||||
|
@ -130,7 +143,7 @@ func main() {
|
||||||
fmt.Printf("ServerName: %s\n\n", name)
|
fmt.Printf("ServerName: %s\n\n", name)
|
||||||
|
|
||||||
// secrity type
|
// secrity type
|
||||||
st := securityType()
|
st := securityType(SERVER)
|
||||||
|
|
||||||
if st == -1 {
|
if st == -1 {
|
||||||
panic("ERROR type")
|
panic("ERROR type")
|
||||||
|
@ -196,7 +209,7 @@ func main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
go startServTransport(info.ServerPort, st)
|
go startServTransport(info.ServerPort, st)
|
||||||
startClientTransport(info.ClientPort, st)
|
startClientTransport(info.ClientPort, securityType(CLIENT))
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -216,7 +229,7 @@ func createTranHandler(st int) transHandler {
|
||||||
case HTTPS:
|
case HTTPS:
|
||||||
fallthrough
|
fallthrough
|
||||||
case HTTPSANDVERIFY:
|
case HTTPSANDVERIFY:
|
||||||
tlsCert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
tlsCert, err := tls.LoadX509KeyPair(serverCertFile, serverKeyFile)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
@ -251,14 +264,14 @@ func startServTransport(port int, st int) {
|
||||||
switch st {
|
switch st {
|
||||||
|
|
||||||
case HTTP:
|
case HTTP:
|
||||||
debug("%s listen on http", server.Name())
|
debug("raft server [%s] listen on http", server.Name())
|
||||||
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil))
|
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil))
|
||||||
|
|
||||||
case HTTPS:
|
case HTTPS:
|
||||||
http.ListenAndServeTLS(fmt.Sprintf(":%d", port), certFile, keyFile, nil)
|
http.ListenAndServeTLS(fmt.Sprintf(":%d", port), serverCertFile, serverKeyFile, nil)
|
||||||
|
|
||||||
case HTTPSANDVERIFY:
|
case HTTPSANDVERIFY:
|
||||||
pemByte, _ := ioutil.ReadFile(CAFile)
|
pemByte, _ := ioutil.ReadFile(serverCAFile)
|
||||||
|
|
||||||
block, pemByte := pem.Decode(pemByte)
|
block, pemByte := pem.Decode(pemByte)
|
||||||
|
|
||||||
|
@ -279,7 +292,7 @@ func startServTransport(port int, st int) {
|
||||||
},
|
},
|
||||||
Addr: fmt.Sprintf(":%d", port),
|
Addr: fmt.Sprintf(":%d", port),
|
||||||
}
|
}
|
||||||
err = server.ListenAndServeTLS(certFile, keyFile)
|
err = server.ListenAndServeTLS(serverCertFile, serverKeyFile)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
|
@ -299,14 +312,14 @@ func startClientTransport(port int, st int) {
|
||||||
switch st {
|
switch st {
|
||||||
|
|
||||||
case HTTP:
|
case HTTP:
|
||||||
debug("%s listen on http", server.Name())
|
debug("etcd [%s] listen on http", server.Name())
|
||||||
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil))
|
log.Fatal(http.ListenAndServe(fmt.Sprintf(":%d", port), nil))
|
||||||
|
|
||||||
case HTTPS:
|
case HTTPS:
|
||||||
http.ListenAndServeTLS(fmt.Sprintf(":%d", port), certFile, keyFile, nil)
|
http.ListenAndServeTLS(fmt.Sprintf(":%d", port), clientCertFile, clientKeyFile, nil)
|
||||||
|
|
||||||
case HTTPSANDVERIFY:
|
case HTTPSANDVERIFY:
|
||||||
pemByte, _ := ioutil.ReadFile(CAFile)
|
pemByte, _ := ioutil.ReadFile(clientCAFile)
|
||||||
|
|
||||||
block, pemByte := pem.Decode(pemByte)
|
block, pemByte := pem.Decode(pemByte)
|
||||||
|
|
||||||
|
@ -327,7 +340,7 @@ func startClientTransport(port int, st int) {
|
||||||
},
|
},
|
||||||
Addr: fmt.Sprintf(":%d", port),
|
Addr: fmt.Sprintf(":%d", port),
|
||||||
}
|
}
|
||||||
err = server.ListenAndServeTLS(certFile, keyFile)
|
err = server.ListenAndServeTLS(clientCertFile, clientKeyFile)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
|
@ -340,7 +353,22 @@ func startClientTransport(port int, st int) {
|
||||||
// Config
|
// Config
|
||||||
//--------------------------------------
|
//--------------------------------------
|
||||||
|
|
||||||
func securityType() int {
|
func securityType(source int) int {
|
||||||
|
|
||||||
|
var keyFile, certFile, CAFile string
|
||||||
|
|
||||||
|
switch source {
|
||||||
|
case SERVER:
|
||||||
|
keyFile = serverKeyFile
|
||||||
|
certFile = serverCertFile
|
||||||
|
CAFile = serverCAFile
|
||||||
|
|
||||||
|
case CLIENT:
|
||||||
|
keyFile = clientKeyFile
|
||||||
|
certFile = clientCertFile
|
||||||
|
CAFile = clientCAFile
|
||||||
|
}
|
||||||
|
|
||||||
if keyFile == "" && certFile == "" && CAFile == "" {
|
if keyFile == "" && certFile == "" && CAFile == "" {
|
||||||
|
|
||||||
return HTTP
|
return HTTP
|
||||||
|
|
Loading…
Reference in New Issue