Commit Graph

9 Commits

Author SHA1 Message Date
Daniel Hiltgen 3661b6e63b Add TLS support for libkv
This adds TLS support into the KV store for swarm.  The manage, join,
and list commands all have a new CLI argument, matching the docker engine
discovery backend.  This required adding the tlsconfig utility
package from docker engine.

Here's an example showing re-use of the cluster certs for the KV store:

    swarm manage --tlsverify \
        --tlscacert /etc/docker/ssl/ca.pem
        --tlscert /etc/docker/ssl/cert.pem
        --tlskey /etc/docker/ssl/key.pem
        --discovery-opt kv.cacertfile=/etc/docker/ssl/ca.pem
        --discovery-opt kv.certfile=/etc/docker/ssl/cert.pem
        --discovery-opt kv.keyfile=/etc/docker/ssl/key.pem
        --advertise 192.168.122.47:3376
        etcd://192.168.122.47:2379

Signed-off-by: Daniel Hiltgen <daniel.hiltgen@docker.com>
2015-10-12 13:33:08 -07:00
Andrea Luzzardi ad6fac53db fix --addr backward compatibility
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2015-05-26 17:48:54 -07:00
Andrea Luzzardi 7394be0704 Replace --addr with --advertise
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2015-05-26 17:43:14 -07:00
Alexandre Beslic f81de46ab4 Fix Consul and etcd with latest changes, use etcd v2.0.11 for integration tests, remove call to SyncCluster for now (breaks the integration tests)
Signed-off-by: Alexandre Beslic <abronan@docker.com>
2015-05-19 10:25:31 -07:00
Andrea Luzzardi 7430fe5141 fix hb/timeout being time.Duration in a few places
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2015-05-18 13:38:14 -07:00
Andrea Luzzardi 0c72bcaf40 discovery cleanup: heartbeat is a time.Duration.
- Use a time.Duration instead of a uint64 for hb
- Flags can accept durations: --heartbeat 25s

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2015-05-18 13:38:14 -07:00
Andrea Luzzardi 3de0b5f567 join: Don't give up if registration fails, just retry.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2015-05-18 13:38:14 -07:00
Andrea Luzzardi 97984881c3 discovery: New channel based API.
- Watch() issues updates by channel rather than by callback
- Fetch() is gone
- Watch() can be stopped at any time by closing the stop channel
- Watch() is now resilient to errors and will try over and over

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2015-05-18 13:38:13 -07:00
Andrea Luzzardi eebc06aabe Cleanup: Move CLI related files to a subpackage.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
2015-04-18 20:26:55 -07:00