Add TLS support for discovery backend

This leverages recent additions to libkv enabling client authentication via TLS so the discovery back-end can be locked down with mutual TLS. Example usage: docker daemon [other args] \ --cluster-advertise 192.168.122.168:2376 \ --cluster-store etcd://192.168.122.168:2379 \ --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ --cluster-store-opt kv.certfile=/path/to/cert.pem \ --cluster-store-opt kv.keyfile=/path/to/key.pem Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-09-28 16:22:57 -07:00 · 2015-09-28 16:22:57 -07:00 · 125510e009
commit 125510e009
parent 2861b2e52f
8 changed files with 191 additions and 18 deletions
--- a/discovery/nodes/nodes_test.go
+++ b/discovery/nodes/nodes_test.go
@ -17,7 +17,7 @@ var _ = check.Suite(&DiscoverySuite{})

 func (s *DiscoverySuite) TestInitialize(c *check.C) {
 	d := &Discovery{}
-	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0)
+	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0, nil)
 	c.Assert(len(d.entries), check.Equals, 2)
 	c.Assert(d.entries[0].String(), check.Equals, "1.1.1.1:1111")
 	c.Assert(d.entries[1].String(), check.Equals, "2.2.2.2:2222")
@ -25,7 +25,7 @@ func (s *DiscoverySuite) TestInitialize(c *check.C) {

 func (s *DiscoverySuite) TestInitializeWithPattern(c *check.C) {
 	d := &Discovery{}
-	d.Initialize("1.1.1.[1:2]:1111,2.2.2.[2:4]:2222", 0, 0)
+	d.Initialize("1.1.1.[1:2]:1111,2.2.2.[2:4]:2222", 0, 0, nil)
 	c.Assert(len(d.entries), check.Equals, 5)
 	c.Assert(d.entries[0].String(), check.Equals, "1.1.1.1:1111")
 	c.Assert(d.entries[1].String(), check.Equals, "1.1.1.2:1111")
@ -36,7 +36,7 @@ func (s *DiscoverySuite) TestInitializeWithPattern(c *check.C) {

 func (s *DiscoverySuite) TestWatch(c *check.C) {
 	d := &Discovery{}
-	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0)
+	d.Initialize("1.1.1.1:1111,2.2.2.2:2222", 0, 0, nil)
 	expected := discovery.Entries{
 		&discovery.Entry{Host: "1.1.1.1", Port: "1111"},
 		&discovery.Entry{Host: "2.2.2.2", Port: "2222"},