Merge pull request #4878 from bhandras/etcd_doc_fix

etcd: `disabletls` option for etcd
This commit is contained in:
Olaoluwa Osuntokun 2021-05-03 18:56:42 -07:00 committed by GitHub
commit 99fe0ab150
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 37 additions and 20 deletions

@ -50,6 +50,8 @@ type EtcdConfig struct {
Namespace string `long:"namespace" description:"The etcd namespace to use."`
DisableTLS bool `long:"disabletls" description:"Disable TLS for etcd connection. Caution: use for development only."`
CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`

@ -139,6 +139,9 @@ type BackendConfig struct {
// Pass is the password for the etcd peer.
Pass string
// DisableTLS disables the use of TLS for etcd connections.
DisableTLS bool
// CertFile holds the path to the TLS certificate for etcd RPC.
CertFile string
@ -168,26 +171,31 @@ func newEtcdBackend(config BackendConfig) (*db, error) {
config.Ctx = context.Background()
}
tlsInfo := transport.TLSInfo{
CertFile: config.CertFile,
KeyFile: config.KeyFile,
InsecureSkipVerify: config.InsecureSkipVerify,
}
tlsConfig, err := tlsInfo.ClientConfig()
if err != nil {
return nil, err
}
cli, err := clientv3.New(clientv3.Config{
clientCfg := clientv3.Config{
Context: config.Ctx,
Endpoints: []string{config.Host},
DialTimeout: etcdConnectionTimeout,
Username: config.User,
Password: config.Pass,
TLS: tlsConfig,
MaxCallSendMsgSize: 16384*1024 - 1,
})
}
if !config.DisableTLS {
tlsInfo := transport.TLSInfo{
CertFile: config.CertFile,
KeyFile: config.KeyFile,
InsecureSkipVerify: config.InsecureSkipVerify,
}
tlsConfig, err := tlsInfo.ClientConfig()
if err != nil {
return nil, err
}
clientCfg.TLS = tlsConfig
}
cli, err := clientv3.New(clientCfg)
if err != nil {
return nil, err
}

@ -24,6 +24,7 @@ func GetEtcdBackend(ctx context.Context, prefix string,
Host: etcdConfig.Host,
User: etcdConfig.User,
Pass: etcdConfig.Pass,
DisableTLS: etcdConfig.DisableTLS,
CertFile: etcdConfig.CertFile,
KeyFile: etcdConfig.KeyFile,
InsecureSkipVerify: etcdConfig.InsecureSkipVerify,

@ -64,15 +64,18 @@ Sample `lnd.conf` (with other setting omitted):
```text
[db]
backend=etcd
etcd.host=127.0.0.1:2379
etcd.cerfile=/home/user/etcd/bin/default.etcd/fixtures/client/cert.pem
etcd.keyfile=/home/user/etcd/bin/default.etcd/fixtures/client/key.pem
etcd.insecure_skip_verify=true
db.backend=etcd
db.etcd.host=127.0.0.1:2379
db.etcd.cerfile=/home/user/etcd/bin/default.etcd/fixtures/client/cert.pem
db.etcd.keyfile=/home/user/etcd/bin/default.etcd/fixtures/client/key.pem
db.etcd.insecure_skip_verify=true
```
Optionally users can specifiy `db.etcd.user` and `db.etcd.pass` for db user
authentication.
authentication. If the database is shared, it is possible to separate our data
from other users by setting `db.etcd.namespace` to an (already existing) etcd
namespace. In order to test without TLS, users are able to set `db.etcd.disabletls`
flag to `true`.
## Migrating existing channel.db to etcd

@ -1041,6 +1041,9 @@ litecoin.node=ltcd
; Etcd namespace to use.
; db.etcd.namespace=lnd
; Whether to disable the use of TLS for etcd.
; db.etcd.disabletls=false
; Path to the TLS certificate for etcd RPC.
; db.etcd.cert_file=/key/path