This PR allows to configure the discovery path using the
--discovery-opt flag (with "kv.path=path/to/nodes"). We
can point to "docker/nodes" and use the docker discovery.
If docker instances are advertising to the cluster using
the `--cluster-advertise` flag, the swarm join command
becomes unnecessary.
Signed-off-by: Alexandre Beslic <abronan@docker.com>
This adds TLS support into the KV store for swarm. The manage, join,
and list commands all have a new CLI argument, matching the docker engine
discovery backend. This required adding the tlsconfig utility
package from docker engine.
Here's an example showing re-use of the cluster certs for the KV store:
swarm manage --tlsverify \
--tlscacert /etc/docker/ssl/ca.pem
--tlscert /etc/docker/ssl/cert.pem
--tlskey /etc/docker/ssl/key.pem
--discovery-opt kv.cacertfile=/etc/docker/ssl/ca.pem
--discovery-opt kv.certfile=/etc/docker/ssl/cert.pem
--discovery-opt kv.keyfile=/etc/docker/ssl/key.pem
--advertise 192.168.122.47:3376
etcd://192.168.122.47:2379
Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
Before that change, etcd and zookeeper would fail to instantiate
the discovery without the key being already there in the store or
created beforehand and implicitely by a 'swarm join'.
Signed-off-by: Alexandre Beslic <abronan@docker.com>
"consul://addr1" will store discovery entries into "docker/swarm/nodes"
"consul://addr2/foo" will store entries in "foo/docker/swarm/nodes"
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Since Swarm discovery is used by libnetwork without the swarm main(), it
is forced to use annonymous import in order to force-trigger the
unexported init() methods. Using annonymous import is highly discouraged
in a Non-Main and Non-Test packages.
Introducing exported Init() methods on these files so that libnetwork
can use Discovery as a library without having a main package.
Signed-off-by: Madhu Venugopal <madhu@docker.com>
- Watch() issues updates by channel rather than by callback
- Fetch() is gone
- Watch() can be stopped at any time by closing the stop channel
- Watch() is now resilient to errors and will try over and over
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
- KV is now Backend
- name (string) is now backend (Backend)
- initializers are now a static var rather than generated by init()
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Alexandre Beslic