Merge pull request #4878 from bhandras/etcd_doc_fix

etcd: `disabletls` option for etcd
2021-05-03 18:56:42 -07:00 · 2021-05-03 18:56:42 -07:00 · 99fe0ab150
commit 99fe0ab150
parent 140dd944c0 a9ba5af9fd
5 changed files with 37 additions and 20 deletions
--- a/channeldb/kvdb/config.go
+++ b/channeldb/kvdb/config.go
@ -50,6 +50,8 @@ type EtcdConfig struct {

 	Namespace string `long:"namespace" description:"The etcd namespace to use."`

+	DisableTLS bool `long:"disabletls" description:"Disable TLS for etcd connection. Caution: use for development only."`
+
 	CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`

 	KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
--- a/channeldb/kvdb/etcd/db.go
+++ b/channeldb/kvdb/etcd/db.go
@ -139,6 +139,9 @@ type BackendConfig struct {
 	// Pass is the password for the etcd peer.
 	Pass string

+	// DisableTLS disables the use of TLS for etcd connections.
+	DisableTLS bool
+
 	// CertFile holds the path to the TLS certificate for etcd RPC.
 	CertFile string

@ -168,6 +171,16 @@ func newEtcdBackend(config BackendConfig) (*db, error) {
 		config.Ctx = context.Background()
 	}

+	clientCfg := clientv3.Config{
+		Context:            config.Ctx,
+		Endpoints:          []string{config.Host},
+		DialTimeout:        etcdConnectionTimeout,
+		Username:           config.User,
+		Password:           config.Pass,
+		MaxCallSendMsgSize: 16384*1024 - 1,
+	}
+
+	if !config.DisableTLS {
 		tlsInfo := transport.TLSInfo{
 			CertFile:           config.CertFile,
 			KeyFile:            config.KeyFile,
@ -179,15 +192,10 @@ func newEtcdBackend(config BackendConfig) (*db, error) {
 			return nil, err
 		}

-	cli, err := clientv3.New(clientv3.Config{
-		Context:            config.Ctx,
-		Endpoints:          []string{config.Host},
-		DialTimeout:        etcdConnectionTimeout,
-		Username:           config.User,
-		Password:           config.Pass,
-		TLS:                tlsConfig,
-		MaxCallSendMsgSize: 16384*1024 - 1,
-	})
+		clientCfg.TLS = tlsConfig
+	}
+
+	cli, err := clientv3.New(clientCfg)
 	if err != nil {
 		return nil, err
 	}
--- a/channeldb/kvdb/kvdb_etcd.go
+++ b/channeldb/kvdb/kvdb_etcd.go
@ -24,6 +24,7 @@ func GetEtcdBackend(ctx context.Context, prefix string,
 		Host:               etcdConfig.Host,
 		User:               etcdConfig.User,
 		Pass:               etcdConfig.Pass,
+		DisableTLS:         etcdConfig.DisableTLS,
 		CertFile:           etcdConfig.CertFile,
 		KeyFile:            etcdConfig.KeyFile,
 		InsecureSkipVerify: etcdConfig.InsecureSkipVerify,
--- a/docs/etcd.md
+++ b/docs/etcd.md
@ -64,15 +64,18 @@ Sample `lnd.conf` (with other setting omitted):

 ```text
 [db]
-backend=etcd
-etcd.host=127.0.0.1:2379
-etcd.cerfile=/home/user/etcd/bin/default.etcd/fixtures/client/cert.pem
-etcd.keyfile=/home/user/etcd/bin/default.etcd/fixtures/client/key.pem
-etcd.insecure_skip_verify=true
+db.backend=etcd
+db.etcd.host=127.0.0.1:2379
+db.etcd.cerfile=/home/user/etcd/bin/default.etcd/fixtures/client/cert.pem
+db.etcd.keyfile=/home/user/etcd/bin/default.etcd/fixtures/client/key.pem
+db.etcd.insecure_skip_verify=true
 ```

 Optionally users can specifiy `db.etcd.user` and `db.etcd.pass` for db user
-authentication.
+authentication. If the database is shared, it is possible to separate our data
+from other users by setting `db.etcd.namespace` to an (already existing) etcd
+namespace. In order to test without TLS, users are able to set `db.etcd.disabletls`
+flag to `true`.

 ## Migrating existing channel.db to etcd

--- a/sample-lnd.conf
+++ b/sample-lnd.conf
@ -1041,6 +1041,9 @@ litecoin.node=ltcd
 ; Etcd namespace to use.
 ; db.etcd.namespace=lnd

+; Whether to disable the use of TLS for etcd.
+; db.etcd.disabletls=false
+
 ; Path to the TLS certificate for etcd RPC.
 ; db.etcd.cert_file=/key/path