stolonctl: etcd and sentinel api auth #73

sgotti · 2015-10-27T13:03:23Z

Related to #51

stolonctl will, if enabled, like other components, use etcd auth to access the cluster hierarchy on etcd and read the needed keys.

Since the client, to do some operations also needs to communicate with the leader sentinel, we'll use etcd authentication and authorization for protecting the sentinel api instead of inventing a new authz layer.

Practically the leader sentinel will write an authentication token to an etcd key. If the client can read this key then it can use the token to communicate with the sentinel.
Additionally the sentinel will change the token every n seconds.

davissp14 · 2021-07-14T19:10:41Z

@sgotti Moving over to the official go client etcd-io/etcd should make adding this pretty straight forward.

Looks like Stolon is currently pinningcoreos/etcd, which is deprecated.
https://github.com/sorintlab/stolon/blob/master/go.mod#L4-L5

sgotti added the enhancement label Oct 27, 2015

sgotti modified the milestone: v0.4.0 Sep 28, 2016

sgotti modified the milestones: v0.4.0, v0.5.0 Oct 21, 2016

sgotti modified the milestones: v0.5.0, v0.6.0 Dec 14, 2016

sgotti removed this from the v0.6.0 milestone May 30, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

stolonctl: etcd and sentinel api auth #73

stolonctl: etcd and sentinel api auth #73

sgotti commented Oct 27, 2015

davissp14 commented Jul 14, 2021 •

edited

stolonctl: etcd and sentinel api auth #73

stolonctl: etcd and sentinel api auth #73

Comments

sgotti commented Oct 27, 2015

davissp14 commented Jul 14, 2021 • edited

davissp14 commented Jul 14, 2021 •

edited