github.com/maier/nomad@v0.4.1-0.20161110003312-a9e3d0b8549d/nomad/structs/config/consul.go (about) 1 package config 2 3 import ( 4 "crypto/tls" 5 "fmt" 6 "net/http" 7 "strings" 8 "time" 9 10 consul "github.com/hashicorp/consul/api" 11 ) 12 13 // ConsulConfig contains the configuration information necessary to 14 // communicate with a Consul Agent in order to: 15 // 16 // - Register services and their checks with Consul 17 // 18 // - Bootstrap this Nomad Client with the list of Nomad Servers registered 19 // with Consul 20 // 21 // Both the Agent and the executor need to be able to import ConsulConfig. 22 type ConsulConfig struct { 23 // ServerServiceName is the name of the service that Nomad uses to register 24 // servers with Consul 25 ServerServiceName string `mapstructure:"server_service_name"` 26 27 // ClientServiceName is the name of the service that Nomad uses to register 28 // clients with Consul 29 ClientServiceName string `mapstructure:"client_service_name"` 30 31 // AutoAdvertise determines if this Nomad Agent will advertise its 32 // services via Consul. When true, Nomad Agent will register 33 // services with Consul. 34 AutoAdvertise bool `mapstructure:"auto_advertise"` 35 36 // ChecksUseAdvertise specifies that Consul checks should use advertise 37 // address instead of bind address 38 ChecksUseAdvertise bool `mapstructure:"checks_use_advertise"` 39 40 // Addr is the address of the local Consul agent 41 Addr string `mapstructure:"address"` 42 43 // Timeout is used by Consul HTTP Client 44 Timeout time.Duration `mapstructure:"timeout"` 45 46 // Token is used to provide a per-request ACL token. This options overrides 47 // the agent's default token 48 Token string `mapstructure:"token"` 49 50 // Auth is the information to use for http access to Consul agent 51 Auth string `mapstructure:"auth"` 52 53 // EnableSSL sets the transport scheme to talk to the Consul agent as https 54 EnableSSL bool `mapstructure:"ssl"` 55 56 // VerifySSL enables or disables SSL verification when the transport scheme 57 // for the consul api client is https 58 VerifySSL bool `mapstructure:"verify_ssl"` 59 60 // CAFile is the path to the ca certificate used for Consul communication 61 CAFile string `mapstructure:"ca_file"` 62 63 // CertFile is the path to the certificate for Consul communication 64 CertFile string `mapstructure:"cert_file"` 65 66 // KeyFile is the path to the private key for Consul communication 67 KeyFile string `mapstructure:"key_file"` 68 69 // ServerAutoJoin enables Nomad servers to find peers by querying Consul and 70 // joining them 71 ServerAutoJoin bool `mapstructure:"server_auto_join"` 72 73 // ClientAutoJoin enables Nomad servers to find addresses of Nomad servers 74 // and register with them 75 ClientAutoJoin bool `mapstructure:"client_auto_join"` 76 } 77 78 // DefaultConsulConfig() returns the canonical defaults for the Nomad 79 // `consul` configuration. 80 func DefaultConsulConfig() *ConsulConfig { 81 return &ConsulConfig{ 82 ServerServiceName: "nomad", 83 ClientServiceName: "nomad-client", 84 AutoAdvertise: true, 85 ServerAutoJoin: true, 86 ClientAutoJoin: true, 87 Timeout: 5 * time.Second, 88 } 89 } 90 91 // Merge merges two Consul Configurations together. 92 func (a *ConsulConfig) Merge(b *ConsulConfig) *ConsulConfig { 93 result := *a 94 95 if b.ServerServiceName != "" { 96 result.ServerServiceName = b.ServerServiceName 97 } 98 if b.ClientServiceName != "" { 99 result.ClientServiceName = b.ClientServiceName 100 } 101 if b.AutoAdvertise { 102 result.AutoAdvertise = true 103 } 104 if b.Addr != "" { 105 result.Addr = b.Addr 106 } 107 if b.Timeout != 0 { 108 result.Timeout = b.Timeout 109 } 110 if b.Token != "" { 111 result.Token = b.Token 112 } 113 if b.Auth != "" { 114 result.Auth = b.Auth 115 } 116 if b.EnableSSL { 117 result.EnableSSL = true 118 } 119 if b.VerifySSL { 120 result.VerifySSL = true 121 } 122 if b.CAFile != "" { 123 result.CAFile = b.CAFile 124 } 125 if b.CertFile != "" { 126 result.CertFile = b.CertFile 127 } 128 if b.KeyFile != "" { 129 result.KeyFile = b.KeyFile 130 } 131 if b.ServerAutoJoin { 132 result.ServerAutoJoin = true 133 } 134 if b.ClientAutoJoin { 135 result.ClientAutoJoin = true 136 } 137 return &result 138 } 139 140 // ApiConfig() returns a usable Consul config that can be passed directly to 141 // hashicorp/consul/api. NOTE: datacenter is not set 142 func (c *ConsulConfig) ApiConfig() (*consul.Config, error) { 143 config := consul.DefaultConfig() 144 if c.Addr != "" { 145 config.Address = c.Addr 146 } 147 if c.Token != "" { 148 config.Token = c.Token 149 } 150 if c.Timeout != 0 { 151 config.HttpClient.Timeout = c.Timeout 152 } 153 if c.Auth != "" { 154 var username, password string 155 if strings.Contains(c.Auth, ":") { 156 split := strings.SplitN(c.Auth, ":", 2) 157 username = split[0] 158 password = split[1] 159 } else { 160 username = c.Auth 161 } 162 163 config.HttpAuth = &consul.HttpBasicAuth{ 164 Username: username, 165 Password: password, 166 } 167 } 168 if c.EnableSSL { 169 config.Scheme = "https" 170 tlsConfig := consul.TLSConfig{ 171 Address: config.Address, 172 CAFile: c.CAFile, 173 CertFile: c.CertFile, 174 KeyFile: c.KeyFile, 175 InsecureSkipVerify: !c.VerifySSL, 176 } 177 tlsClientCfg, err := consul.SetupTLSConfig(&tlsConfig) 178 if err != nil { 179 return nil, fmt.Errorf("error creating tls client config for consul: %v", err) 180 } 181 config.HttpClient.Transport = &http.Transport{ 182 TLSClientConfig: tlsClientCfg, 183 } 184 } 185 if c.EnableSSL && !c.VerifySSL { 186 config.HttpClient.Transport = &http.Transport{ 187 TLSClientConfig: &tls.Config{ 188 InsecureSkipVerify: true, 189 }, 190 } 191 } 192 193 return config, nil 194 } 195 196 // Copy returns a copy of this Consul config. 197 func (c *ConsulConfig) Copy() *ConsulConfig { 198 if c == nil { 199 return nil 200 } 201 202 nc := new(ConsulConfig) 203 *nc = *c 204 return nc 205 }