etcd: Allow disabling sync for load balanced etcd
Some etcd configurations (such as that provided by compose.io) place the etcd cluster behind multiple load balancers or proxies. In this configuration, calling Sync (or AutoSync) on the etcd client will replace the load balancer addresses with the underlying etcd server address. This will cause the etcd client to bypass the load balancers, and may cause the connection to fail completely if the etcd servers are protected by a firewall. This patch provides a "sync" option for the etcd backend, which defaults to the current behavior, but which can be used to turn off of sync. This corresponds to etcdctl's --no-sync option.
This commit is contained in:
parent
ebabcd857a
commit
69434fd13e
|
@ -6,6 +6,7 @@ import (
|
|||
"net/url"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strconv"
|
||||
"strings"
|
||||
"sync"
|
||||
"time"
|
||||
|
@ -43,6 +44,7 @@ const (
|
|||
)
|
||||
|
||||
var (
|
||||
EtcdSyncConfigError = errors.New("client setup failed: unable to parse etcd sync field in config")
|
||||
EtcdSyncClusterError = errors.New("client setup failed: unable to sync etcd cluster")
|
||||
EtcdAddressError = errors.New("client setup failed: address must be valid URL (ex. 'scheme://host:port')")
|
||||
EtcdSemaphoreKeysEmptyError = errors.New("lock queue is empty")
|
||||
|
@ -143,12 +145,26 @@ func newEtcdBackend(conf map[string]string) (Backend, error) {
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// Should we sync the cluster state? There are three available options
|
||||
// for our client library: don't sync (required for some proxies), sync
|
||||
// once, or sync periodically with AutoSync. We currently support the
|
||||
// first two.
|
||||
sync := true
|
||||
if v, ok := conf["sync"]; ok {
|
||||
parsed, err := strconv.ParseBool(v)
|
||||
if err != nil {
|
||||
return nil, EtcdSyncConfigError
|
||||
}
|
||||
sync = parsed
|
||||
}
|
||||
if sync {
|
||||
ctx, cancel := context.WithTimeout(context.Background(), client.DefaultRequestTimeout)
|
||||
syncErr := c.Sync(ctx)
|
||||
cancel()
|
||||
if syncErr != nil {
|
||||
return nil, EtcdSyncClusterError
|
||||
}
|
||||
}
|
||||
|
||||
kAPI := client.NewKeysAPI(c)
|
||||
|
||||
|
|
|
@ -221,6 +221,12 @@ For etcd, the following options are supported:
|
|||
Can be comma separated list (protocol://host:port) of many etcd instances.
|
||||
Defaults to "http://localhost:2379" if not specified.
|
||||
|
||||
* `sync` (optional) - Should we synchronize the list of available etcd
|
||||
servers on startup? This will parse as a boolean value, and can be set
|
||||
to "0", "no", "false", "1", "yes", or "true". Defaults to true. Set
|
||||
to false if your etcd cluster is behind a proxy server and syncing
|
||||
causes Vault to fail.
|
||||
|
||||
* `username` (optional) - Username to use when authenticating with the etcd
|
||||
server. May also be specified via the ETCD_USERNAME environment variable.
|
||||
|
||||
|
|
Loading…
Reference in a new issue