Add TLS support for discovery backend

This leverages recent additions to libkv enabling client authentication via TLS so the discovery back-end can be locked down with mutual TLS. Example usage: docker daemon [other args] \ --cluster-advertise 192.168.122.168:2376 \ --cluster-store etcd://192.168.122.168:2379 \ --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ --cluster-store-opt kv.certfile=/path/to/cert.pem \ --cluster-store-opt kv.keyfile=/path/to/key.pem Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-09-28 16:22:57 -07:00 · 2015-09-28 16:22:57 -07:00 · 125510e009
commit 125510e009
parent 2861b2e52f
8 changed files with 191 additions and 18 deletions
--- a/discovery/file/file.go
+++ b/discovery/file/file.go
@ -25,7 +25,7 @@ func Init() {
 }

 // Initialize is exported
-func (s *Discovery) Initialize(path string, heartbeat time.Duration, ttl time.Duration) error {
+func (s *Discovery) Initialize(path string, heartbeat time.Duration, ttl time.Duration, _ map[string]string) error {
 	s.path = path
 	s.heartbeat = heartbeat
 	return nil
--- a/discovery/file/file_test.go
+++ b/discovery/file/file_test.go
@ -19,12 +19,12 @@ var _ = check.Suite(&DiscoverySuite{})

 func (s *DiscoverySuite) TestInitialize(c *check.C) {
 	d := &Discovery{}
-	d.Initialize("/path/to/file", 1000, 0)
+	d.Initialize("/path/to/file", 1000, 0, nil)
 	c.Assert(d.path, check.Equals, "/path/to/file")
 }

 func (s *DiscoverySuite) TestNew(c *check.C) {
-	d, err := discovery.New("file:///path/to/file", 0, 0)
+	d, err := discovery.New("file:///path/to/file", 0, 0, nil)
 	c.Assert(err, check.IsNil)
 	c.Assert(d.(*Discovery).path, check.Equals, "/path/to/file")
 }
@ -81,7 +81,7 @@ func (s *DiscoverySuite) TestWatch(c *check.C) {

 	// Set up file discovery.
 	d := &Discovery{}
-	d.Initialize(tmp.Name(), 1000, 0)
+	d.Initialize(tmp.Name(), 1000, 0, nil)
 	stopCh := make(chan struct{})
 	ch, errCh := d.Watch(stopCh)