Merge pull request #4878 from bhandras/etcd_doc_fix
etcd: `disabletls` option for etcd
This commit is contained in:
commit
99fe0ab150
@ -50,6 +50,8 @@ type EtcdConfig struct {
|
|||||||
|
|
||||||
Namespace string `long:"namespace" description:"The etcd namespace to use."`
|
Namespace string `long:"namespace" description:"The etcd namespace to use."`
|
||||||
|
|
||||||
|
DisableTLS bool `long:"disabletls" description:"Disable TLS for etcd connection. Caution: use for development only."`
|
||||||
|
|
||||||
CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
|
CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
|
||||||
|
|
||||||
KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
|
KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
|
||||||
|
@ -139,6 +139,9 @@ type BackendConfig struct {
|
|||||||
// Pass is the password for the etcd peer.
|
// Pass is the password for the etcd peer.
|
||||||
Pass string
|
Pass string
|
||||||
|
|
||||||
|
// DisableTLS disables the use of TLS for etcd connections.
|
||||||
|
DisableTLS bool
|
||||||
|
|
||||||
// CertFile holds the path to the TLS certificate for etcd RPC.
|
// CertFile holds the path to the TLS certificate for etcd RPC.
|
||||||
CertFile string
|
CertFile string
|
||||||
|
|
||||||
@ -168,26 +171,31 @@ func newEtcdBackend(config BackendConfig) (*db, error) {
|
|||||||
config.Ctx = context.Background()
|
config.Ctx = context.Background()
|
||||||
}
|
}
|
||||||
|
|
||||||
tlsInfo := transport.TLSInfo{
|
clientCfg := clientv3.Config{
|
||||||
CertFile: config.CertFile,
|
|
||||||
KeyFile: config.KeyFile,
|
|
||||||
InsecureSkipVerify: config.InsecureSkipVerify,
|
|
||||||
}
|
|
||||||
|
|
||||||
tlsConfig, err := tlsInfo.ClientConfig()
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
|
|
||||||
cli, err := clientv3.New(clientv3.Config{
|
|
||||||
Context: config.Ctx,
|
Context: config.Ctx,
|
||||||
Endpoints: []string{config.Host},
|
Endpoints: []string{config.Host},
|
||||||
DialTimeout: etcdConnectionTimeout,
|
DialTimeout: etcdConnectionTimeout,
|
||||||
Username: config.User,
|
Username: config.User,
|
||||||
Password: config.Pass,
|
Password: config.Pass,
|
||||||
TLS: tlsConfig,
|
|
||||||
MaxCallSendMsgSize: 16384*1024 - 1,
|
MaxCallSendMsgSize: 16384*1024 - 1,
|
||||||
})
|
}
|
||||||
|
|
||||||
|
if !config.DisableTLS {
|
||||||
|
tlsInfo := transport.TLSInfo{
|
||||||
|
CertFile: config.CertFile,
|
||||||
|
KeyFile: config.KeyFile,
|
||||||
|
InsecureSkipVerify: config.InsecureSkipVerify,
|
||||||
|
}
|
||||||
|
|
||||||
|
tlsConfig, err := tlsInfo.ClientConfig()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
|
||||||
|
clientCfg.TLS = tlsConfig
|
||||||
|
}
|
||||||
|
|
||||||
|
cli, err := clientv3.New(clientCfg)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
@ -24,6 +24,7 @@ func GetEtcdBackend(ctx context.Context, prefix string,
|
|||||||
Host: etcdConfig.Host,
|
Host: etcdConfig.Host,
|
||||||
User: etcdConfig.User,
|
User: etcdConfig.User,
|
||||||
Pass: etcdConfig.Pass,
|
Pass: etcdConfig.Pass,
|
||||||
|
DisableTLS: etcdConfig.DisableTLS,
|
||||||
CertFile: etcdConfig.CertFile,
|
CertFile: etcdConfig.CertFile,
|
||||||
KeyFile: etcdConfig.KeyFile,
|
KeyFile: etcdConfig.KeyFile,
|
||||||
InsecureSkipVerify: etcdConfig.InsecureSkipVerify,
|
InsecureSkipVerify: etcdConfig.InsecureSkipVerify,
|
||||||
|
15
docs/etcd.md
15
docs/etcd.md
@ -64,15 +64,18 @@ Sample `lnd.conf` (with other setting omitted):
|
|||||||
|
|
||||||
```text
|
```text
|
||||||
[db]
|
[db]
|
||||||
backend=etcd
|
db.backend=etcd
|
||||||
etcd.host=127.0.0.1:2379
|
db.etcd.host=127.0.0.1:2379
|
||||||
etcd.cerfile=/home/user/etcd/bin/default.etcd/fixtures/client/cert.pem
|
db.etcd.cerfile=/home/user/etcd/bin/default.etcd/fixtures/client/cert.pem
|
||||||
etcd.keyfile=/home/user/etcd/bin/default.etcd/fixtures/client/key.pem
|
db.etcd.keyfile=/home/user/etcd/bin/default.etcd/fixtures/client/key.pem
|
||||||
etcd.insecure_skip_verify=true
|
db.etcd.insecure_skip_verify=true
|
||||||
```
|
```
|
||||||
|
|
||||||
Optionally users can specifiy `db.etcd.user` and `db.etcd.pass` for db user
|
Optionally users can specifiy `db.etcd.user` and `db.etcd.pass` for db user
|
||||||
authentication.
|
authentication. If the database is shared, it is possible to separate our data
|
||||||
|
from other users by setting `db.etcd.namespace` to an (already existing) etcd
|
||||||
|
namespace. In order to test without TLS, users are able to set `db.etcd.disabletls`
|
||||||
|
flag to `true`.
|
||||||
|
|
||||||
## Migrating existing channel.db to etcd
|
## Migrating existing channel.db to etcd
|
||||||
|
|
||||||
|
@ -1041,6 +1041,9 @@ litecoin.node=ltcd
|
|||||||
; Etcd namespace to use.
|
; Etcd namespace to use.
|
||||||
; db.etcd.namespace=lnd
|
; db.etcd.namespace=lnd
|
||||||
|
|
||||||
|
; Whether to disable the use of TLS for etcd.
|
||||||
|
; db.etcd.disabletls=false
|
||||||
|
|
||||||
; Path to the TLS certificate for etcd RPC.
|
; Path to the TLS certificate for etcd RPC.
|
||||||
; db.etcd.cert_file=/key/path
|
; db.etcd.cert_file=/key/path
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user