cli, etcd, lib: Add an etcd client over ssh world backend
This provides a new kind of "world" backend, one that runs etcd over an SSH connection. This is useful for situations where you want to run an etcd cluster somewhere for clients across the net, but where you don't want to expose the ports publicly. If SSH authentication is setup correctly (using public keys) this will tunnel over SSH for etcd to connect. This patch does not yet support deploys over SSH, but that should be fixed in the future as the world code gets cleaned up more.
This commit is contained in:
James Shubin
@@ -40,6 +40,7 @@ import (
|
||||
"github.com/purpleidea/mgmt/etcd"
|
||||
"github.com/purpleidea/mgmt/etcd/client"
|
||||
etcdfs "github.com/purpleidea/mgmt/etcd/fs"
|
||||
etcdSSH "github.com/purpleidea/mgmt/etcd/ssh"
|
||||
"github.com/purpleidea/mgmt/gapi"
|
||||
"github.com/purpleidea/mgmt/lib"
|
||||
"github.com/purpleidea/mgmt/util"
|
||||
@@ -53,6 +54,15 @@ import (
|
||||
// particular one contains all the common flags for the `deploy` subcommand
|
||||
// which all frontends can use.
|
||||
type DeployArgs struct {
|
||||
// SshUrl can be specified if we want to transport the SSH client
|
||||
// connection over SSH. If this is specified, the second hop is made
|
||||
// with the Seeds values, but they connect from this destination. You
|
||||
// can specify this in the standard james@server:22 format. This will
|
||||
// use your ~/.ssh/ directory for public key authentication and
|
||||
// verifying the host key in the known_hosts file. This must already be
|
||||
// setup for things to work.
|
||||
SshUrl string `arg:"--ssh-url" help:"transport the etcd client connection over SSH to this server"`
|
||||
|
||||
Seeds []string `arg:"--seeds,env:MGMT_SEEDS" help:"default etcd client endpoints"`
|
||||
Noop bool `arg:"--noop" help:"globally force all resources into no-op mode"`
|
||||
Sema int `arg:"--sema" default:"-1" help:"globally add a semaphore to all resources with this lock count"`
|
||||
@@ -197,6 +207,22 @@ func (obj *DeployArgs) Run(ctx context.Context, data *cliUtil.Data) (bool, error
|
||||
//GetURI: func() string {
|
||||
//},
|
||||
}
|
||||
if obj.SshUrl != "" { // alternate world implementation over SSH
|
||||
world = &etcdSSH.World{
|
||||
URL: obj.SshUrl,
|
||||
//Hostname: hostname,
|
||||
//Client: client,
|
||||
NS: lib.NS,
|
||||
//MetadataPrefix: lib.MetadataPrefix,
|
||||
//StoragePrefix: lib.StoragePrefix,
|
||||
//StandaloneFs: ???.DeployFs, // used for static deploys
|
||||
//GetURI: func() string {
|
||||
//},
|
||||
}
|
||||
// XXX: We need to first get rid of the standalone etcd client,
|
||||
// and then pull the etcdfs stuff in so it uses that client.
|
||||
return false, fmt.Errorf("--ssh-url is not implemented yet")
|
||||
}
|
||||
worldInit := &engine.WorldInit{
|
||||
Debug: data.Flags.Debug,
|
||||
Logf: func(format string, v ...interface{}) {
|
||||
|
||||
Reference in New Issue
Block a user