vbatts/pkg
1
0
Fork 0
Code Pull requests Releases Activity

Add TLS support for discovery backend

Browse source 
This leverages recent additions to libkv enabling client
authentication via TLS so the discovery back-end can be locked
down with mutual TLS.  Example usage:

    docker daemon [other args] \
        --cluster-advertise 192.168.122.168:2376 \
        --cluster-store etcd://192.168.122.168:2379 \
        --cluster-store-opt kv.cacertfile=/path/to/ca.pem \
        --cluster-store-opt kv.certfile=/path/to/cert.pem \
        --cluster-store-opt kv.keyfile=/path/to/key.pem

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
This commit is contained in:
Daniel Hiltgen 2015-09-28 16:22:57 -07:00
parent 2861b2e52f
commit 125510e009
8 changed files with 191 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

4
discovery/backends.go
View file

@ -41,11 +41,11 @@ func parse(rawurl string) (string, string) {
// New returns a new Discovery given a URL, heartbeat and ttl settings.
// Returns an error if the URL scheme is not supported.
func New(rawurl string, heartbeat time.Duration, ttl time.Duration) (Backend, error) {
func New(rawurl string, heartbeat time.Duration, ttl time.Duration, clusterOpts map[string]string) (Backend, error) {
scheme, uri := parse(rawurl)
if backend, exists := backends[scheme]; exists {
log.WithFields(log.Fields{"name": scheme, "uri": uri}).Debug("Initializing discovery service")
err := backend.Initialize(uri, heartbeat, ttl)
err := backend.Initialize(uri, heartbeat, ttl, clusterOpts)
return backend, err
}