akovalenko/lnd.xprv
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

etcd: add (dev only) disabletls option for etcd

Browse Source
This commit is contained in:
Andras Banki-Horvath 2020-12-21 16:18:13 +01:00
parent e0439965bb
commit cb2b5efc6e
No known key found for this signature in database
GPG Key ID: 80E5375C094198D8
4 changed files with 28 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
channeldb/kvdb/config.go
View File

@ -46,6 +46,8 @@ type EtcdConfig struct {
Namespace string `long:"namespace" description:"The etcd namespace to use."` Namespace string `long:"namespace" description:"The etcd namespace to use."`
DisableTLS bool `long:"disabletls" description:"Disable TLS for etcd connection. Caution: use for development only."`
CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."` CertFile string `long:"cert_file" description:"Path to the TLS certificate for etcd RPC."`
KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."` KeyFile string `long:"key_file" description:"Path to the TLS private key for etcd RPC."`

36
channeldb/kvdb/etcd/db.go
View File

@ -139,6 +139,9 @@ type BackendConfig struct {
// Pass is the password for the etcd peer. // Pass is the password for the etcd peer.
Pass string Pass string
// DisableTLS disables the use of TLS for etcd connections.
DisableTLS bool
// CertFile holds the path to the TLS certificate for etcd RPC. // CertFile holds the path to the TLS certificate for etcd RPC.
CertFile string CertFile string
@ -168,26 +171,31 @@ func newEtcdBackend(config BackendConfig) (*db, error) {
config.Ctx = context.Background() config.Ctx = context.Background()
} }
tlsInfo := transport.TLSInfo{ clientCfg := clientv3.Config{
CertFile: config.CertFile,
KeyFile: config.KeyFile,
InsecureSkipVerify: config.InsecureSkipVerify,
}
tlsConfig, err := tlsInfo.ClientConfig()
if err != nil {
return nil, err
}
cli, err := clientv3.New(clientv3.Config{
Context: config.Ctx, Context: config.Ctx,
Endpoints: []string{config.Host}, Endpoints: []string{config.Host},
DialTimeout: etcdConnectionTimeout, DialTimeout: etcdConnectionTimeout,
Username: config.User, Username: config.User,
Password: config.Pass, Password: config.Pass,
TLS: tlsConfig,
MaxCallSendMsgSize: 16384*1024 - 1, MaxCallSendMsgSize: 16384*1024 - 1,
}) }
if !config.DisableTLS {
tlsInfo := transport.TLSInfo{
CertFile: config.CertFile,
KeyFile: config.KeyFile,
InsecureSkipVerify: config.InsecureSkipVerify,
}
tlsConfig, err := tlsInfo.ClientConfig()
if err != nil {
return nil, err
}
clientCfg.TLS = tlsConfig
}
cli, err := clientv3.New(clientCfg)
if err != nil { if err != nil {
return nil, err return nil, err
} }

1
channeldb/kvdb/kvdb_etcd.go
View File

@ -24,6 +24,7 @@ func GetEtcdBackend(ctx context.Context, prefix string,
Host: etcdConfig.Host, Host: etcdConfig.Host,
User: etcdConfig.User, User: etcdConfig.User,
Pass: etcdConfig.Pass, Pass: etcdConfig.Pass,
DisableTLS: etcdConfig.DisableTLS,
CertFile: etcdConfig.CertFile, CertFile: etcdConfig.CertFile,
KeyFile: etcdConfig.KeyFile, KeyFile: etcdConfig.KeyFile,
InsecureSkipVerify: etcdConfig.InsecureSkipVerify, InsecureSkipVerify: etcdConfig.InsecureSkipVerify,

3
sample-lnd.conf
View File

@ -968,6 +968,9 @@ litecoin.node=ltcd
; Etcd namespace to use. ; Etcd namespace to use.
; db.etcd.namespace=lnd ; db.etcd.namespace=lnd
; Whether to disable the use of TLS for etcd.
; db.etcd.disabletls=false
; Path to the TLS certificate for etcd RPC. ; Path to the TLS certificate for etcd RPC.
; db.etcd.cert_file=/key/path ; db.etcd.cert_file=/key/path