forked from Quentin-M/etcd-cloud-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
misc.go
156 lines (135 loc) · 4.15 KB
/
misc.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
// Copyright 2017 Quentin Machu & eco authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package etcd
import (
"crypto/tls"
"fmt"
"net/url"
"strconv"
"strings"
"time"
"github.com/coreos/etcd/pkg/transport"
"github.com/quentin-m/etcd-cloud-operator/pkg/providers/snapshot"
)
const (
defaultClientPort = 2379
defaultPeerPort = 2380
defaultMetricsPort = 2381
defaultDialTimeout = 5 * time.Second
defaultRequestTimeout = 5 * time.Second
defaultAutoSync = 1 * time.Second
)
// EtcdConfiguration contains the configuration related to the underlying etcd
// server.
type EtcdConfiguration struct {
AdvertiseAddress string `yaml:"advertise-address"`
DataDir string `yaml:"data-dir"`
ClientTransportSecurity SecurityConfig `yaml:"client-transport-security"`
PeerTransportSecurity SecurityConfig `yaml:"peer-transport-security"`
BackendQuota int64 `yaml:"backend-quota"`
}
type SecurityConfig struct {
CAFile string `yaml:"ca-file"`
CertFile string `yaml:"cert-file"`
KeyFile string `yaml:"key-file"`
CertAuth bool `yaml:"client-cert-auth"`
TrustedCAFile string `yaml:"trusted-ca-file"`
AutoTLS bool `yaml:"auto-tls"`
}
func (sc SecurityConfig) TLSInfo() transport.TLSInfo {
return transport.TLSInfo{
CAFile: sc.CAFile,
CertFile: sc.CertFile,
KeyFile: sc.KeyFile,
ClientCertAuth: sc.CertAuth,
TrustedCAFile: sc.TrustedCAFile,
}
}
func (sc SecurityConfig) ClientConfig() (*tls.Config, error) {
// Because of the nature of the operator, that relies on auto-scaling groups,
// it is inconvenient (at best) to generate certificates that will match the
// instances. Therefore, we also use InsecureSkipVerify and make the
// assumption that the instances present in the auto-scaling group can be
// trusted.
if !sc.TLSInfo().Empty() {
tc, err := sc.TLSInfo().ClientConfig()
if err != nil {
return nil, err
}
tc.InsecureSkipVerify = true
return tc, nil
}
return &tls.Config{InsecureSkipVerify: true}, nil
}
func (sc SecurityConfig) TLSEnabled() bool {
return sc.AutoTLS || !sc.TLSInfo().Empty()
}
func ClientsURLs(addresses []string, tlsEnabled bool) (cURLs []string) {
for _, address := range addresses {
cURLs = append(cURLs, ClientURL(address, tlsEnabled))
}
return
}
func ClientURL(address string, tlsEnabled bool) string {
return fmt.Sprintf("%s://%s:%d", scheme(tlsEnabled), address, defaultClientPort)
}
func peerURL(address string, tlsEnabled bool) string {
return fmt.Sprintf("%s://%s:%d", scheme(tlsEnabled), address, defaultPeerPort)
}
func URL2Address(pURL string) string {
pURLu, _ := url.Parse(pURL)
if i := strings.Index(pURLu.Host, ":"); i > 0 {
return pURLu.Host[:i]
}
return pURLu.Host
}
func metricsURLs(address string) []url.URL {
u, _ := url.Parse(fmt.Sprintf("http://%s:%d", address, defaultMetricsPort))
return []url.URL{*u}
}
func initialCluster(pURLs map[string]string) string {
var ic []string
for name, pURL := range pURLs {
ic = append(ic, fmt.Sprintf("%s=%s", name, pURL))
}
return strings.Join(ic, ",")
}
func scheme(tlsEnabled bool) string {
if tlsEnabled {
return "https"
}
return "http"
}
func toMB(s int64) float64 {
sn := fmt.Sprintf("%.2f", float64(s)/(1024*1024))
n, _ := strconv.ParseFloat(sn, 64)
return n
}
func getSameValue(vals map[string]int64) bool {
var rv int64
for _, v := range vals {
if rv == 0 {
rv = v
}
if rv != v {
return false
}
}
return true
}
func localSnapshotProvider(dataDir string) snapshot.Provider {
lsp := snapshot.AsMap()["etcd"]
lsp.Configure(snapshot.Config{Params: map[string]interface{}{"data-dir": dataDir}})
return lsp
}