akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

lncfg+etcd: add TLS config

Browse Source 
This commit extends lncfg with etcd TLS config and passes these
parameters to the etcd client upon construction.
This commit is contained in:
Andras Banki-Horvath 2020-05-08 18:38:46 +02:00
parent b54f8a1b97
commit 3ef331e016
3 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
channeldb/kvdb/etcd/db.go
View File

@ -10,6 +10,7 @@ import (
"github.com/btcsuite/btcwallet/walletdb" "github.com/btcsuite/btcwallet/walletdb"
"github.com/coreos/etcd/clientv3" "github.com/coreos/etcd/clientv3"
"github.com/coreos/etcd/pkg/transport"
) )
const ( const (
@ -130,6 +131,16 @@ type BackendConfig struct {
// Pass is the password for the etcd peer. // Pass is the password for the etcd peer.
Pass string Pass string
// CertFile holds the path to the TLS certificate for etcd RPC.
CertFile string
// KeyFile holds the path to the TLS private key for etcd RPC.
KeyFile string
// InsecureSkipVerify should be set to true if we intend to
// skip TLS verification.
InsecureSkipVerify bool
// CollectCommitStats indicates wheter to commit commit stats. // CollectCommitStats indicates wheter to commit commit stats.
CollectCommitStats bool CollectCommitStats bool
} }
@ -137,12 +148,25 @@ type BackendConfig struct {
// newEtcdBackend returns a db object initialized with the passed backend // newEtcdBackend returns a db object initialized with the passed backend
// config. If etcd connection cannot be estabished, then returns error. // config. If etcd connection cannot be estabished, then returns error.
func newEtcdBackend(config BackendConfig) (*db, error) { func newEtcdBackend(config BackendConfig) (*db, error) {
tlsInfo := transport.TLSInfo{
CertFile: config.CertFile,
KeyFile: config.KeyFile,
InsecureSkipVerify: config.InsecureSkipVerify,
}
tlsConfig, err := tlsInfo.ClientConfig()
if err != nil {
return nil, err
}
cli, err := clientv3.New(clientv3.Config{ cli, err := clientv3.New(clientv3.Config{
Endpoints: []string{config.Host}, Endpoints: []string{config.Host},
DialTimeout: etcdConnectionTimeout, DialTimeout: etcdConnectionTimeout,
Username: config.User, Username: config.User,
Password: config.Pass, Password: config.Pass,
TLS: tlsConfig,
}) })
if err != nil { if err != nil {
return nil, err return nil, err
} }

7
channeldb/kvdb/etcd/embed.go
View File

@ -61,9 +61,10 @@ func NewEmbeddedEtcdInstance(path string) (*BackendConfig, func(), error) {
} }
connConfig := &BackendConfig{ connConfig := &BackendConfig{
Host: "http://" + peerURL, Host: "http://" + peerURL,
User: "user", User: "user",
Pass: "pass", Pass: "pass",
InsecureSkipVerify: true,
} }
return connConfig, func() { return connConfig, func() {

9
lncfg/db.go
View File

@ -26,6 +26,12 @@ type EtcdDB struct {
Pass string `long:"pass" description:"Password for the database user."` Pass string `long:"pass" description:"Password for the database user."`
CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
InsecureSkipVerify bool `long:"insecure_skip_verify" description:"Whether we intend to skip TLS verification"`
CollectStats bool `long:"collect_stats" description:"Wheter to collect etcd commit stats."` CollectStats bool `long:"collect_stats" description:"Wheter to collect etcd commit stats."`
} }
@ -73,6 +79,9 @@ func (db *DB) GetBackend(path string) (kvdb.Backend, error) {
Host: db.Etcd.Host, Host: db.Etcd.Host,
User: db.Etcd.User, User: db.Etcd.User,
Pass: db.Etcd.Pass, Pass: db.Etcd.Pass,
CertFile: db.Etcd.CertFile,
KeyFile: db.Etcd.KeyFile,
InsecureSkipVerify: db.Etcd.InsecureSkipVerify,
CollectCommitStats: db.Etcd.CollectStats, CollectCommitStats: db.Etcd.CollectStats,
} }
return kvdb.Open(kvdb.EtcdBackendName, backendConfig) return kvdb.Open(kvdb.EtcdBackendName, backendConfig)