etcd: add (dev only) disabletls option for etcd
This commit is contained in:
parent
e0439965bb
commit
cb2b5efc6e
@ -46,6 +46,8 @@ type EtcdConfig struct {
|
||||
|
||||
Namespace string `long:"namespace" description:"The etcd namespace to use."`
|
||||
|
||||
DisableTLS bool `long:"disabletls" description:"Disable TLS for etcd connection. Caution: use for development only."`
|
||||
|
||||
CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
|
||||
|
||||
KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`
|
||||
|
@ -139,6 +139,9 @@ type BackendConfig struct {
|
||||
// Pass is the password for the etcd peer.
|
||||
Pass string
|
||||
|
||||
// DisableTLS disables the use of TLS for etcd connections.
|
||||
DisableTLS bool
|
||||
|
||||
// CertFile holds the path to the TLS certificate for etcd RPC.
|
||||
CertFile string
|
||||
|
||||
@ -168,26 +171,31 @@ func newEtcdBackend(config BackendConfig) (*db, error) {
|
||||
config.Ctx = context.Background()
|
||||
}
|
||||
|
||||
tlsInfo := transport.TLSInfo{
|
||||
CertFile: config.CertFile,
|
||||
KeyFile: config.KeyFile,
|
||||
InsecureSkipVerify: config.InsecureSkipVerify,
|
||||
}
|
||||
|
||||
tlsConfig, err := tlsInfo.ClientConfig()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
cli, err := clientv3.New(clientv3.Config{
|
||||
clientCfg := clientv3.Config{
|
||||
Context: config.Ctx,
|
||||
Endpoints: []string{config.Host},
|
||||
DialTimeout: etcdConnectionTimeout,
|
||||
Username: config.User,
|
||||
Password: config.Pass,
|
||||
TLS: tlsConfig,
|
||||
MaxCallSendMsgSize: 16384*1024 - 1,
|
||||
})
|
||||
}
|
||||
|
||||
if !config.DisableTLS {
|
||||
tlsInfo := transport.TLSInfo{
|
||||
CertFile: config.CertFile,
|
||||
KeyFile: config.KeyFile,
|
||||
InsecureSkipVerify: config.InsecureSkipVerify,
|
||||
}
|
||||
|
||||
tlsConfig, err := tlsInfo.ClientConfig()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
clientCfg.TLS = tlsConfig
|
||||
}
|
||||
|
||||
cli, err := clientv3.New(clientCfg)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -24,6 +24,7 @@ func GetEtcdBackend(ctx context.Context, prefix string,
|
||||
Host: etcdConfig.Host,
|
||||
User: etcdConfig.User,
|
||||
Pass: etcdConfig.Pass,
|
||||
DisableTLS: etcdConfig.DisableTLS,
|
||||
CertFile: etcdConfig.CertFile,
|
||||
KeyFile: etcdConfig.KeyFile,
|
||||
InsecureSkipVerify: etcdConfig.InsecureSkipVerify,
|
||||
|
@ -968,6 +968,9 @@ litecoin.node=ltcd
|
||||
; Etcd namespace to use.
|
||||
; db.etcd.namespace=lnd
|
||||
|
||||
; Whether to disable the use of TLS for etcd.
|
||||
; db.etcd.disabletls=false
|
||||
|
||||
; Path to the TLS certificate for etcd RPC.
|
||||
; db.etcd.cert_file=/key/path
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user