From 402ce991c8323b00ac0f2e7ad0f3cdfeea6f9995 Mon Sep 17 00:00:00 2001 From: Riley Shott Date: Fri, 21 Apr 2017 15:22:53 -0700 Subject: [PATCH] Added -registry.consul.register.tlsskipverify flag When serving the UI/API over HTTPS, the fabio consul health check fails as it's trying to connect to the page over its IP. Most certificates don't include IP SANs. This flag allows users to toggle whether or not to skip TLS verification of this particular check. --- config/config.go | 27 ++++++++++++++------------- config/default.go | 23 ++++++++++++----------- config/load.go | 1 + config/load_test.go | 7 +++++++ registry/consul/register.go | 7 ++++--- 5 files changed, 38 insertions(+), 27 deletions(-) diff --git a/config/config.go b/config/config.go index addd2c489..e36f733de 100644 --- a/config/config.go +++ b/config/config.go @@ -106,17 +106,18 @@ type File struct { } type Consul struct { - Addr string - Scheme string - Token string - KVPath string - TagPrefix string - Register bool - ServiceAddr string - ServiceName string - ServiceTags []string - ServiceStatus []string - CheckInterval time.Duration - CheckTimeout time.Duration - CheckScheme string + Addr string + Scheme string + Token string + KVPath string + TagPrefix string + Register bool + ServiceAddr string + ServiceName string + ServiceTLSSkipVerify bool + ServiceTags []string + ServiceStatus []string + CheckInterval time.Duration + CheckTimeout time.Duration + CheckScheme string } diff --git a/config/default.go b/config/default.go index 3e187d53a..d9282fab3 100644 --- a/config/default.go +++ b/config/default.go @@ -43,17 +43,18 @@ var defaultConfig = &Config{ Registry: Registry{ Backend: "consul", Consul: Consul{ - Addr: "localhost:8500", - Scheme: "http", - KVPath: "/fabio/config", - TagPrefix: "urlprefix-", - Register: true, - ServiceAddr: ":9998", - ServiceName: "fabio", - ServiceStatus: []string{"passing"}, - CheckInterval: time.Second, - CheckTimeout: 3 * time.Second, - CheckScheme: "http", + Addr: "localhost:8500", + Scheme: "http", + KVPath: "/fabio/config", + TagPrefix: "urlprefix-", + Register: true, + ServiceAddr: ":9998", + ServiceName: "fabio", + ServiceTLSSkipVerify: false, + ServiceStatus: []string{"passing"}, + CheckInterval: time.Second, + CheckTimeout: 3 * time.Second, + CheckScheme: "http", }, Timeout: 10 * time.Second, Retry: 500 * time.Millisecond, diff --git a/config/load.go b/config/load.go index d91b8fdb9..94a0ada42 100644 --- a/config/load.go +++ b/config/load.go @@ -158,6 +158,7 @@ func load(cmdline, environ, envprefix []string, props *properties.Properties) (c f.BoolVar(&cfg.Registry.Consul.Register, "registry.consul.register.enabled", defaultConfig.Registry.Consul.Register, "register fabio in consul") f.StringVar(&cfg.Registry.Consul.ServiceAddr, "registry.consul.register.addr", defaultConfig.Registry.Consul.ServiceAddr, "service registration address") f.StringVar(&cfg.Registry.Consul.ServiceName, "registry.consul.register.name", defaultConfig.Registry.Consul.ServiceName, "service registration name") + f.BoolVar(&cfg.Registry.Consul.ServiceTLSSkipVerify, "registry.consul.register.tlsskipverify", defaultConfig.Registry.Consul.ServiceTLSSkipVerify, "service tls verification") f.StringSliceVar(&cfg.Registry.Consul.ServiceTags, "registry.consul.register.tags", defaultConfig.Registry.Consul.ServiceTags, "service registration tags") f.StringSliceVar(&cfg.Registry.Consul.ServiceStatus, "registry.consul.service.status", defaultConfig.Registry.Consul.ServiceStatus, "valid service status values") f.DurationVar(&cfg.Registry.Consul.CheckInterval, "registry.consul.register.checkInterval", defaultConfig.Registry.Consul.CheckInterval, "service check interval") diff --git a/config/load_test.go b/config/load_test.go index ed39b5b1d..b1b4fbfb3 100644 --- a/config/load_test.go +++ b/config/load_test.go @@ -425,6 +425,13 @@ func TestLoad(t *testing.T) { return cfg }, }, + { + args: []string{"-registry.consul.register.tlsskipverify=false"}, + cfg: func(cfg *Config) *Config { + cfg.Registry.Consul.ServiceTLSSkipVerify = false + return cfg + }, + }, { args: []string{"-registry.consul.register.tags", "a, b, c, "}, cfg: func(cfg *Config) *Config { diff --git a/registry/consul/register.go b/registry/consul/register.go index d184568b2..04b803065 100644 --- a/registry/consul/register.go +++ b/registry/consul/register.go @@ -115,9 +115,10 @@ func serviceRegistration(cfg *config.Consul) (*api.AgentServiceRegistration, err Port: port, Tags: cfg.ServiceTags, Check: &api.AgentServiceCheck{ - HTTP: checkURL, - Interval: cfg.CheckInterval.String(), - Timeout: cfg.CheckTimeout.String(), + HTTP: checkURL, + Interval: cfg.CheckInterval.String(), + Timeout: cfg.CheckTimeout.String(), + TLSSkipVerify: cfg.ServiceTLSSkipVerify, }, }