125510e009
This leverages recent additions to libkv enabling client authentication via TLS so the discovery back-end can be locked down with mutual TLS. Example usage: docker daemon [other args] \ --cluster-advertise 192.168.122.168:2376 \ --cluster-store etcd://192.168.122.168:2379 \ --cluster-store-opt kv.cacertfile=/path/to/ca.pem \ --cluster-store-opt kv.certfile=/path/to/cert.pem \ --cluster-store-opt kv.keyfile=/path/to/key.pem Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
54 lines
1.1 KiB
Go
54 lines
1.1 KiB
Go
package nodes
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/docker/docker/pkg/discovery"
|
|
)
|
|
|
|
// Discovery is exported
|
|
type Discovery struct {
|
|
entries discovery.Entries
|
|
}
|
|
|
|
func init() {
|
|
Init()
|
|
}
|
|
|
|
// Init is exported
|
|
func Init() {
|
|
discovery.Register("nodes", &Discovery{})
|
|
}
|
|
|
|
// Initialize is exported
|
|
func (s *Discovery) Initialize(uris string, _ time.Duration, _ time.Duration, _ map[string]string) error {
|
|
for _, input := range strings.Split(uris, ",") {
|
|
for _, ip := range discovery.Generate(input) {
|
|
entry, err := discovery.NewEntry(ip)
|
|
if err != nil {
|
|
return fmt.Errorf("%s, please check you are using the correct discovery (missing token:// ?)", err.Error())
|
|
}
|
|
s.entries = append(s.entries, entry)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Watch is exported
|
|
func (s *Discovery) Watch(stopCh <-chan struct{}) (<-chan discovery.Entries, <-chan error) {
|
|
ch := make(chan discovery.Entries)
|
|
go func() {
|
|
defer close(ch)
|
|
ch <- s.entries
|
|
<-stopCh
|
|
}()
|
|
return ch, nil
|
|
}
|
|
|
|
// Register is exported
|
|
func (s *Discovery) Register(addr string) error {
|
|
return discovery.ErrNotImplemented
|
|
}
|