9ac3cab1b7
* Make CoreDNS a server type plugin for Caddy Remove code we don't need and port all middleware over. Fix all tests and rework the documentation. Also make `go generate` build a caddy binary which we then copy into our directory. This means `go build`-builds remain working as-is. And new etc instances in each etcd test for better isolation. Fix more tests and rework test.Server with the newer support Caddy offers. Fix Makefile to support new mode of operation.
207 lines
4.8 KiB
Go
207 lines
4.8 KiB
Go
package etcd
|
|
|
|
import (
|
|
"crypto/tls"
|
|
"crypto/x509"
|
|
"io/ioutil"
|
|
"net"
|
|
"net/http"
|
|
"time"
|
|
|
|
"github.com/miekg/coredns/core/dnsserver"
|
|
"github.com/miekg/coredns/middleware"
|
|
"github.com/miekg/coredns/middleware/proxy"
|
|
"github.com/miekg/coredns/singleflight"
|
|
|
|
etcdc "github.com/coreos/etcd/client"
|
|
"github.com/mholt/caddy"
|
|
"golang.org/x/net/context"
|
|
)
|
|
|
|
func init() {
|
|
caddy.RegisterPlugin("etcd", caddy.Plugin{
|
|
ServerType: "dns",
|
|
Action: setup,
|
|
})
|
|
}
|
|
|
|
func setup(c *caddy.Controller) error {
|
|
e, stubzones, err := etcdParse(c)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
if stubzones {
|
|
c.OnStartup(func() error {
|
|
e.UpdateStubZones()
|
|
return nil
|
|
})
|
|
}
|
|
|
|
dnsserver.GetConfig(c).AddMiddleware(func(next dnsserver.Handler) dnsserver.Handler {
|
|
e.Next = next
|
|
return e
|
|
})
|
|
|
|
return nil
|
|
}
|
|
|
|
func etcdParse(c *caddy.Controller) (*Etcd, bool, error) {
|
|
stub := make(map[string]proxy.Proxy)
|
|
etc := Etcd{
|
|
Proxy: proxy.New([]string{"8.8.8.8:53", "8.8.4.4:53"}),
|
|
PathPrefix: "skydns",
|
|
Ctx: context.Background(),
|
|
Inflight: &singleflight.Group{},
|
|
Stubmap: &stub,
|
|
}
|
|
var (
|
|
client etcdc.KeysAPI
|
|
tlsCertFile = ""
|
|
tlsKeyFile = ""
|
|
tlsCAcertFile = ""
|
|
endpoints = []string{defaultEndpoint}
|
|
stubzones = false
|
|
)
|
|
for c.Next() {
|
|
if c.Val() == "etcd" {
|
|
etc.Client = client
|
|
etc.Zones = c.RemainingArgs()
|
|
if len(etc.Zones) == 0 {
|
|
etc.Zones = make([]string, len(c.ServerBlockKeys))
|
|
copy(etc.Zones, c.ServerBlockKeys)
|
|
}
|
|
middleware.Zones(etc.Zones).FullyQualify()
|
|
if c.NextBlock() {
|
|
// TODO(miek): 2 switches?
|
|
switch c.Val() {
|
|
case "stubzones":
|
|
stubzones = true
|
|
case "debug":
|
|
etc.Debug = true
|
|
case "path":
|
|
if !c.NextArg() {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
etc.PathPrefix = c.Val()
|
|
case "endpoint":
|
|
args := c.RemainingArgs()
|
|
if len(args) == 0 {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
endpoints = args
|
|
case "upstream":
|
|
args := c.RemainingArgs()
|
|
if len(args) == 0 {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
for i := 0; i < len(args); i++ {
|
|
h, p, e := net.SplitHostPort(args[i])
|
|
if e != nil && p == "" {
|
|
args[i] = h + ":53"
|
|
}
|
|
}
|
|
endpoints = args
|
|
etc.Proxy = proxy.New(args)
|
|
case "tls": // cert key cacertfile
|
|
args := c.RemainingArgs()
|
|
if len(args) != 3 {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]
|
|
}
|
|
for c.Next() {
|
|
switch c.Val() {
|
|
case "stubzones":
|
|
stubzones = true
|
|
case "debug":
|
|
etc.Debug = true
|
|
case "path":
|
|
if !c.NextArg() {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
etc.PathPrefix = c.Val()
|
|
case "endpoint":
|
|
args := c.RemainingArgs()
|
|
if len(args) == 0 {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
endpoints = args
|
|
case "upstream":
|
|
args := c.RemainingArgs()
|
|
if len(args) == 0 {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
for i := 0; i < len(args); i++ {
|
|
h, p, e := net.SplitHostPort(args[i])
|
|
if e != nil && p == "" {
|
|
args[i] = h + ":53"
|
|
}
|
|
}
|
|
etc.Proxy = proxy.New(args)
|
|
case "tls": // cert key cacertfile
|
|
args := c.RemainingArgs()
|
|
if len(args) != 3 {
|
|
return &Etcd{}, false, c.ArgErr()
|
|
}
|
|
tlsCertFile, tlsKeyFile, tlsCAcertFile = args[0], args[1], args[2]
|
|
}
|
|
}
|
|
}
|
|
client, err := newEtcdClient(endpoints, tlsCertFile, tlsKeyFile, tlsCAcertFile)
|
|
if err != nil {
|
|
return &Etcd{}, false, err
|
|
}
|
|
etc.Client = client
|
|
return &etc, stubzones, nil
|
|
}
|
|
}
|
|
return &Etcd{}, false, nil
|
|
}
|
|
|
|
func newEtcdClient(endpoints []string, tlsCert, tlsKey, tlsCACert string) (etcdc.KeysAPI, error) {
|
|
etcdCfg := etcdc.Config{
|
|
Endpoints: endpoints,
|
|
Transport: newHTTPSTransport(tlsCert, tlsKey, tlsCACert),
|
|
}
|
|
cli, err := etcdc.New(etcdCfg)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return etcdc.NewKeysAPI(cli), nil
|
|
}
|
|
|
|
func newHTTPSTransport(tlsCertFile, tlsKeyFile, tlsCACertFile string) etcdc.CancelableTransport {
|
|
var cc *tls.Config = nil
|
|
|
|
if tlsCertFile != "" && tlsKeyFile != "" {
|
|
var rpool *x509.CertPool
|
|
if tlsCACertFile != "" {
|
|
if pemBytes, err := ioutil.ReadFile(tlsCACertFile); err == nil {
|
|
rpool = x509.NewCertPool()
|
|
rpool.AppendCertsFromPEM(pemBytes)
|
|
}
|
|
}
|
|
|
|
if tlsCert, err := tls.LoadX509KeyPair(tlsCertFile, tlsKeyFile); err == nil {
|
|
cc = &tls.Config{
|
|
RootCAs: rpool,
|
|
Certificates: []tls.Certificate{tlsCert},
|
|
InsecureSkipVerify: true,
|
|
}
|
|
}
|
|
}
|
|
|
|
tr := &http.Transport{
|
|
Proxy: http.ProxyFromEnvironment,
|
|
Dial: (&net.Dialer{
|
|
Timeout: 30 * time.Second,
|
|
KeepAlive: 30 * time.Second,
|
|
}).Dial,
|
|
TLSHandshakeTimeout: 10 * time.Second,
|
|
TLSClientConfig: cc,
|
|
}
|
|
|
|
return tr
|
|
}
|
|
|
|
const defaultEndpoint = "http://localhost:2379"
|