consul/command/agent/agent.go

799 lines
21 KiB
Go
Raw Normal View History

2013-12-20 01:14:46 +00:00
package agent
2013-12-20 23:33:13 +00:00
import (
"encoding/base64"
"encoding/json"
2013-12-20 23:33:13 +00:00
"fmt"
2013-12-21 00:39:32 +00:00
"io"
"io/ioutil"
2013-12-21 00:39:32 +00:00
"log"
2014-01-01 00:45:13 +00:00
"net"
2013-12-21 00:39:32 +00:00
"os"
"path/filepath"
2014-02-24 00:42:39 +00:00
"strconv"
2013-12-21 00:39:32 +00:00
"sync"
"github.com/hashicorp/consul/consul"
"github.com/hashicorp/consul/consul/structs"
"github.com/hashicorp/memberlist"
"github.com/hashicorp/serf/serf"
2013-12-20 23:33:13 +00:00
)
2013-12-20 01:14:46 +00:00
/*
The agent is the long running process that is run on every machine.
It exposes an RPC interface that is used by the CLI to control the
agent. The agent runs the query interfaces like HTTP, DNS, and RPC.
However, it can run in either a client, or server mode. In server
mode, it runs a full Consul server. In client-only mode, it only forwards
requests to other Consul servers.
*/
type Agent struct {
config *Config
2013-12-20 23:33:13 +00:00
2013-12-21 00:39:32 +00:00
// Used for writing our logs
logger *log.Logger
// Output sink for logs
logOutput io.Writer
2013-12-20 23:33:13 +00:00
// We have one of a client or a server, depending
// on our configuration
server *consul.Server
client *consul.Client
2013-12-21 00:39:32 +00:00
// state stores a local representation of the node,
// services and checks. Used for anti-entropy.
state localState
// checkMonitors maps the check ID to an associated monitor
// checkTTLs maps the check ID to an associated check TTL
// checkLock protects updates to either
checkMonitors map[string]*CheckMonitor
checkTTLs map[string]*CheckTTL
checkLock sync.Mutex
2014-08-27 23:49:12 +00:00
// eventCh is used to receive user events
eventCh chan serf.UserEvent
2014-08-28 00:01:10 +00:00
// eventBuf stores the most recent events in a ring buffer
// using eventIndex as the next index to insert into. This
// is guarded by eventLock. When an insert happens, the
// eventNotify group is notified.
2014-08-28 17:56:30 +00:00
eventBuf []*UserEvent
2014-08-28 00:01:10 +00:00
eventIndex int
eventLock sync.RWMutex
eventNotify consul.NotifyGroup
shutdown bool
shutdownCh chan struct{}
shutdownLock sync.Mutex
2013-12-20 01:14:46 +00:00
}
// Create is used to create a new Agent. Returns
// the agent or potentially an error.
2013-12-21 00:39:32 +00:00
func Create(config *Config, logOutput io.Writer) (*Agent, error) {
// Ensure we have a log sink
if logOutput == nil {
logOutput = os.Stderr
}
2013-12-24 00:20:51 +00:00
// Validate the config
if config.Datacenter == "" {
return nil, fmt.Errorf("Must configure a Datacenter")
}
if config.DataDir == "" {
return nil, fmt.Errorf("Must configure a DataDir")
}
2014-01-01 00:45:13 +00:00
// Try to get an advertise address
if config.AdvertiseAddr != "" {
if ip := net.ParseIP(config.AdvertiseAddr); ip == nil {
return nil, fmt.Errorf("Failed to parse advertise address: %v", config.AdvertiseAddr)
}
2014-04-11 22:46:55 +00:00
} else if config.BindAddr != "0.0.0.0" && config.BindAddr != "" {
config.AdvertiseAddr = config.BindAddr
2014-01-01 00:45:13 +00:00
} else {
ip, err := consul.GetPrivateIP()
if err != nil {
return nil, fmt.Errorf("Failed to get advertise address: %v", err)
}
config.AdvertiseAddr = ip.String()
2014-01-01 00:45:13 +00:00
}
2013-12-20 01:14:46 +00:00
agent := &Agent{
config: config,
logger: log.New(logOutput, "", log.LstdFlags),
logOutput: logOutput,
checkMonitors: make(map[string]*CheckMonitor),
checkTTLs: make(map[string]*CheckTTL),
2014-08-27 23:49:12 +00:00
eventCh: make(chan serf.UserEvent, 1024),
2014-08-28 17:56:30 +00:00
eventBuf: make([]*UserEvent, 256),
shutdownCh: make(chan struct{}),
2013-12-20 01:14:46 +00:00
}
2013-12-20 23:33:13 +00:00
// Initialize the local state
agent.state.Init(config, agent.logger)
// Setup encryption keyring files
if !config.DisableKeyring && config.EncryptKey != "" {
serfDir := filepath.Join(config.DataDir, "serf")
if err := os.MkdirAll(serfDir, 0700); err != nil {
return nil, err
}
2014-09-06 05:01:49 +00:00
keys := []string{config.EncryptKey}
keyringBytes, err := json.MarshalIndent(keys, "", " ")
if err != nil {
return nil, err
}
paths := []string{
filepath.Join(serfDir, "keyring_lan"),
filepath.Join(serfDir, "keyring_wan"),
}
for _, path := range paths {
if _, err := os.Stat(path); err == nil {
continue
}
fh, err := os.OpenFile(path, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0600)
if err != nil {
return nil, err
}
defer fh.Close()
if _, err := fh.Write(keyringBytes); err != nil {
os.Remove(path)
return nil, err
}
}
}
2013-12-20 23:33:13 +00:00
// Setup either the client or the server
var err error
if config.Server {
err = agent.setupServer()
agent.state.SetIface(agent.server)
// Automatically register the "consul" service on server nodes
consulService := structs.NodeService{
Service: consul.ConsulServiceName,
ID: consul.ConsulServiceID,
Port: agent.config.Ports.Server,
Tags: []string{},
}
agent.state.AddService(&consulService)
2013-12-20 23:33:13 +00:00
} else {
err = agent.setupClient()
agent.state.SetIface(agent.client)
2013-12-20 23:33:13 +00:00
}
if err != nil {
return nil, err
}
2014-08-27 23:49:12 +00:00
// Start handling events
go agent.handleEvents()
2014-05-06 19:43:33 +00:00
// Write out the PID file if necessary
err = agent.storePid()
if err != nil {
return nil, err
}
2014-05-06 03:29:50 +00:00
2013-12-20 01:14:46 +00:00
return agent, nil
}
2013-12-20 23:33:13 +00:00
// consulConfig is used to return a consul configuration
func (a *Agent) consulConfig() *consul.Config {
// Start with the provided config or default config
var base *consul.Config
if a.config.ConsulConfig != nil {
base = a.config.ConsulConfig
} else {
base = consul.DefaultConfig()
}
// Override with our config
if a.config.Datacenter != "" {
base.Datacenter = a.config.Datacenter
}
if a.config.DataDir != "" {
base.DataDir = a.config.DataDir
}
if a.config.EncryptKey != "" && a.config.DisableKeyring {
2013-12-21 00:39:32 +00:00
key, _ := a.config.EncryptBytes()
base.SerfLANConfig.MemberlistConfig.SecretKey = key
base.SerfWANConfig.MemberlistConfig.SecretKey = key
}
if !a.config.DisableKeyring {
lanKeyring := filepath.Join(base.DataDir, "serf", "keyring_lan")
wanKeyring := filepath.Join(base.DataDir, "serf", "keyring_wan")
base.SerfLANConfig.KeyringFile = lanKeyring
base.SerfWANConfig.KeyringFile = wanKeyring
base.SerfLANConfig.MemberlistConfig.Keyring = loadKeyringFile(lanKeyring)
base.SerfWANConfig.MemberlistConfig.Keyring = loadKeyringFile(wanKeyring)
}
2013-12-20 23:33:13 +00:00
if a.config.NodeName != "" {
base.NodeName = a.config.NodeName
}
2014-04-11 22:22:35 +00:00
if a.config.BindAddr != "" {
base.SerfLANConfig.MemberlistConfig.BindAddr = a.config.BindAddr
base.SerfWANConfig.MemberlistConfig.BindAddr = a.config.BindAddr
2013-12-20 23:33:13 +00:00
}
2014-04-11 22:22:35 +00:00
if a.config.Ports.SerfLan != 0 {
base.SerfLANConfig.MemberlistConfig.BindPort = a.config.Ports.SerfLan
base.SerfLANConfig.MemberlistConfig.AdvertisePort = a.config.Ports.SerfLan
2013-12-20 23:33:13 +00:00
}
2014-04-11 22:22:35 +00:00
if a.config.Ports.SerfWan != 0 {
base.SerfWANConfig.MemberlistConfig.BindPort = a.config.Ports.SerfWan
base.SerfWANConfig.MemberlistConfig.AdvertisePort = a.config.Ports.SerfWan
2013-12-20 23:33:13 +00:00
}
2014-04-11 22:22:35 +00:00
if a.config.BindAddr != "" {
bindAddr := &net.TCPAddr{
IP: net.ParseIP(a.config.BindAddr),
Port: a.config.Ports.Server,
}
base.RPCAddr = bindAddr
2014-01-01 00:45:13 +00:00
}
if a.config.AdvertiseAddr != "" {
base.SerfLANConfig.MemberlistConfig.AdvertiseAddr = a.config.AdvertiseAddr
base.SerfWANConfig.MemberlistConfig.AdvertiseAddr = a.config.AdvertiseAddr
base.RPCAdvertise = &net.TCPAddr{
IP: net.ParseIP(a.config.AdvertiseAddr),
Port: a.config.Ports.Server,
2014-01-01 00:45:13 +00:00
}
2013-12-20 23:33:13 +00:00
}
if a.config.Bootstrap {
base.Bootstrap = true
}
if a.config.RejoinAfterLeave {
base.RejoinAfterLeave = true
}
if a.config.BootstrapExpect != 0 {
base.BootstrapExpect = a.config.BootstrapExpect
}
if a.config.Protocol > 0 {
base.ProtocolVersion = uint8(a.config.Protocol)
}
2014-08-05 22:20:35 +00:00
if a.config.ACLToken != "" {
base.ACLToken = a.config.ACLToken
}
2014-08-05 22:36:08 +00:00
if a.config.ACLMasterToken != "" {
base.ACLMasterToken = a.config.ACLMasterToken
}
2014-08-05 22:20:35 +00:00
if a.config.ACLDatacenter != "" {
base.ACLDatacenter = a.config.ACLDatacenter
}
if a.config.ACLTTLRaw != "" {
base.ACLTTL = a.config.ACLTTL
}
if a.config.ACLDefaultPolicy != "" {
base.ACLDefaultPolicy = a.config.ACLDefaultPolicy
}
if a.config.ACLDownPolicy != "" {
base.ACLDownPolicy = a.config.ACLDownPolicy
}
2013-12-20 23:33:13 +00:00
2014-06-06 22:36:40 +00:00
// Format the build string
revision := a.config.Revision
if len(revision) > 8 {
revision = revision[:8]
}
base.Build = fmt.Sprintf("%s%s:%s",
a.config.Version, a.config.VersionPrerelease, revision)
// Copy the TLS configuration
base.VerifyIncoming = a.config.VerifyIncoming
base.VerifyOutgoing = a.config.VerifyOutgoing
base.CAFile = a.config.CAFile
base.CertFile = a.config.CertFile
base.KeyFile = a.config.KeyFile
2014-06-13 18:27:44 +00:00
base.ServerName = a.config.ServerName
// Setup the ServerUp callback
base.ServerUp = a.state.ConsulServerUp
2014-08-27 23:49:12 +00:00
// Setup the user event callback
base.UserEventHandler = func(e serf.UserEvent) {
select {
case a.eventCh <- e:
case <-a.shutdownCh:
}
}
// Setup gossip keyring configuration
base.DisableKeyring = a.config.DisableKeyring
2013-12-21 00:39:32 +00:00
// Setup the loggers
base.LogOutput = a.logOutput
2013-12-20 23:33:13 +00:00
return base
}
// setupServer is used to initialize the Consul server
func (a *Agent) setupServer() error {
server, err := consul.NewServer(a.consulConfig())
if err != nil {
return fmt.Errorf("Failed to start Consul server: %v", err)
}
a.server = server
return nil
}
// setupClient is used to initialize the Consul client
func (a *Agent) setupClient() error {
client, err := consul.NewClient(a.consulConfig())
if err != nil {
return fmt.Errorf("Failed to start Consul client: %v", err)
}
a.client = client
return nil
}
// RPC is used to make an RPC call to the Consul servers
// This allows the agent to implement the Consul.Interface
func (a *Agent) RPC(method string, args interface{}, reply interface{}) error {
if a.server != nil {
return a.server.RPC(method, args, reply)
}
return a.client.RPC(method, args, reply)
}
// Leave is used to prepare the agent for a graceful shutdown
2013-12-20 01:14:46 +00:00
func (a *Agent) Leave() error {
2013-12-20 23:33:13 +00:00
if a.server != nil {
return a.server.Leave()
} else {
return a.client.Leave()
}
2013-12-20 01:14:46 +00:00
}
// Shutdown is used to hard stop the agent. Should be
// preceeded by a call to Leave to do it gracefully.
2013-12-20 01:14:46 +00:00
func (a *Agent) Shutdown() error {
2013-12-21 00:39:32 +00:00
a.shutdownLock.Lock()
defer a.shutdownLock.Unlock()
if a.shutdown {
return nil
}
// Stop all the checks
a.checkLock.Lock()
defer a.checkLock.Unlock()
for _, chk := range a.checkMonitors {
chk.Stop()
}
for _, chk := range a.checkTTLs {
chk.Stop()
}
2013-12-21 00:39:32 +00:00
a.logger.Println("[INFO] agent: requesting shutdown")
var err error
2013-12-20 23:33:13 +00:00
if a.server != nil {
2013-12-21 00:39:32 +00:00
err = a.server.Shutdown()
2013-12-20 23:33:13 +00:00
} else {
2013-12-21 00:39:32 +00:00
err = a.client.Shutdown()
2013-12-20 23:33:13 +00:00
}
2013-12-21 00:39:32 +00:00
pidErr := a.deletePid()
if pidErr != nil {
a.logger.Println("[WARN] agent: could not delete pid file ", pidErr)
}
2014-05-06 03:29:50 +00:00
2013-12-21 00:39:32 +00:00
a.logger.Println("[INFO] agent: shutdown complete")
a.shutdown = true
close(a.shutdownCh)
return err
}
// ShutdownCh is used to return a channel that can be
// selected to wait for the agent to perform a shutdown.
2013-12-21 00:39:32 +00:00
func (a *Agent) ShutdownCh() <-chan struct{} {
return a.shutdownCh
2013-12-20 01:14:46 +00:00
}
2013-12-30 22:42:41 +00:00
// JoinLAN is used to have the agent join a LAN cluster
func (a *Agent) JoinLAN(addrs []string) (n int, err error) {
a.logger.Printf("[INFO] agent: (LAN) joining: %v", addrs)
if a.server != nil {
n, err = a.server.JoinLAN(addrs)
} else {
n, err = a.client.JoinLAN(addrs)
}
a.logger.Printf("[INFO] agent: (LAN) joined: %d Err: %v", n, err)
return
}
// JoinWAN is used to have the agent join a WAN cluster
func (a *Agent) JoinWAN(addrs []string) (n int, err error) {
a.logger.Printf("[INFO] agent: (WAN) joining: %v", addrs)
if a.server != nil {
n, err = a.server.JoinWAN(addrs)
} else {
err = fmt.Errorf("Must be a server to join WAN cluster")
}
a.logger.Printf("[INFO] agent: (WAN) joined: %d Err: %v", n, err)
return
}
// ForceLeave is used to remove a failed node from the cluster
func (a *Agent) ForceLeave(node string) (err error) {
a.logger.Printf("[INFO] Force leaving node: %v", node)
if a.server != nil {
err = a.server.RemoveFailedNode(node)
} else {
err = a.client.RemoveFailedNode(node)
}
if err != nil {
a.logger.Printf("[WARN] Failed to remove node: %v", err)
}
return err
}
// LocalMember is used to return the local node
func (a *Agent) LocalMember() serf.Member {
if a.server != nil {
return a.server.LocalMember()
} else {
return a.client.LocalMember()
}
}
// LANMembers is used to retrieve the LAN members
2013-12-30 22:42:41 +00:00
func (a *Agent) LANMembers() []serf.Member {
if a.server != nil {
return a.server.LANMembers()
} else {
return a.client.LANMembers()
}
}
// WANMembers is used to retrieve the WAN members
2013-12-30 22:42:41 +00:00
func (a *Agent) WANMembers() []serf.Member {
if a.server != nil {
return a.server.WANMembers()
} else {
return nil
}
}
2014-01-21 19:52:25 +00:00
// StartSync is called once Services and Checks are registered.
// This is called to prevent a race between clients and the anti-entropy routines
func (a *Agent) StartSync() {
// Start the anti entropy routine
go a.state.antiEntropy(a.shutdownCh)
}
// PauseSync is used to pause anti-entropy while bulk changes are make
func (a *Agent) PauseSync() {
a.state.Pause()
}
// ResumeSync is used to unpause anti-entropy after bulk changes are make
func (a *Agent) ResumeSync() {
a.state.Resume()
}
// AddService is used to add a service entry.
// This entry is persistent and the agent will make a best effort to
// ensure it is registered
func (a *Agent) AddService(service *structs.NodeService, chkType *CheckType) error {
if service.Service == "" {
return fmt.Errorf("Service name missing")
}
if service.ID == "" && service.Service != "" {
service.ID = service.Service
}
if chkType != nil && !chkType.Valid() {
return fmt.Errorf("Check type is not valid")
}
// Add the service
a.state.AddService(service)
// Create an associated health check
if chkType != nil {
check := &structs.HealthCheck{
Node: a.config.NodeName,
CheckID: fmt.Sprintf("service:%s", service.ID),
Name: fmt.Sprintf("Service '%s' check", service.Service),
Status: structs.HealthCritical,
Notes: chkType.Notes,
ServiceID: service.ID,
ServiceName: service.Service,
}
if err := a.AddCheck(check, chkType); err != nil {
return err
}
}
return nil
}
// RemoveService is used to remove a service entry.
// The agent will make a best effort to ensure it is deregistered
func (a *Agent) RemoveService(serviceID string) error {
// Protect "consul" service from deletion by a user
if a.server != nil && serviceID == consul.ConsulServiceID {
return fmt.Errorf(
2014-10-15 21:56:15 +00:00
"Deregistering the %s service is not allowed",
consul.ConsulServiceID)
}
// Remove service immeidately
a.state.RemoveService(serviceID)
// Deregister any associated health checks
checkID := fmt.Sprintf("service:%s", serviceID)
return a.RemoveCheck(checkID)
}
// AddCheck is used to add a health check to the agent.
// This entry is persistent and the agent will make a best effort to
// ensure it is registered. The Check may include a CheckType which
// is used to automatically update the check status
func (a *Agent) AddCheck(check *structs.HealthCheck, chkType *CheckType) error {
if check.CheckID == "" {
return fmt.Errorf("CheckID missing")
}
if chkType != nil && !chkType.Valid() {
return fmt.Errorf("Check type is not valid")
}
a.checkLock.Lock()
defer a.checkLock.Unlock()
// Check if already registered
if chkType != nil {
if chkType.IsTTL() {
if existing, ok := a.checkTTLs[check.CheckID]; ok {
existing.Stop()
}
ttl := &CheckTTL{
Notify: &a.state,
CheckID: check.CheckID,
TTL: chkType.TTL,
Logger: a.logger,
}
ttl.Start()
a.checkTTLs[check.CheckID] = ttl
} else {
if existing, ok := a.checkMonitors[check.CheckID]; ok {
existing.Stop()
}
if chkType.Interval < MinInterval {
a.logger.Println(fmt.Sprintf("[WARN] agent: check '%s' has interval below minimum of %v",
check.CheckID, MinInterval))
chkType.Interval = MinInterval
}
monitor := &CheckMonitor{
Notify: &a.state,
CheckID: check.CheckID,
Script: chkType.Script,
Interval: chkType.Interval,
Logger: a.logger,
}
monitor.Start()
a.checkMonitors[check.CheckID] = monitor
}
}
// Add to the local state for anti-entropy
a.state.AddCheck(check)
return nil
}
// RemoveCheck is used to remove a health check.
// The agent will make a best effort to ensure it is deregistered
func (a *Agent) RemoveCheck(checkID string) error {
// Add to the local state for anti-entropy
a.state.RemoveCheck(checkID)
a.checkLock.Lock()
defer a.checkLock.Unlock()
// Stop any monitors
if check, ok := a.checkMonitors[checkID]; ok {
check.Stop()
delete(a.checkMonitors, checkID)
}
if check, ok := a.checkTTLs[checkID]; ok {
check.Stop()
delete(a.checkTTLs, checkID)
}
return nil
}
// UpdateCheck is used to update the status of a check.
// This can only be used with checks of the TTL type.
func (a *Agent) UpdateCheck(checkID, status, output string) error {
a.checkLock.Lock()
defer a.checkLock.Unlock()
check, ok := a.checkTTLs[checkID]
if !ok {
return fmt.Errorf("CheckID does not have associated TTL")
}
// Set the status through CheckTTL to reset the TTL
check.SetStatus(status, output)
return nil
}
2014-02-24 00:42:39 +00:00
// Stats is used to get various debugging state from the sub-systems
func (a *Agent) Stats() map[string]map[string]string {
toString := func(v uint64) string {
return strconv.FormatUint(v, 10)
}
var stats map[string]map[string]string
if a.server != nil {
stats = a.server.Stats()
} else {
stats = a.client.Stats()
}
stats["agent"] = map[string]string{
"check_monitors": toString(uint64(len(a.checkMonitors))),
"check_ttls": toString(uint64(len(a.checkTTLs))),
"checks": toString(uint64(len(a.state.checks))),
"services": toString(uint64(len(a.state.services))),
}
2014-06-06 21:40:22 +00:00
revision := a.config.Revision
if len(revision) > 8 {
revision = revision[:8]
}
stats["build"] = map[string]string{
"revision": revision,
"version": a.config.Version,
"prerelease": a.config.VersionPrerelease,
}
2014-02-24 00:42:39 +00:00
return stats
}
2014-05-06 03:29:50 +00:00
2014-05-06 19:43:33 +00:00
// storePid is used to write out our PID to a file if necessary
func (a *Agent) storePid() error {
2014-05-06 19:43:33 +00:00
// Quit fast if no pidfile
2014-05-06 03:29:50 +00:00
pidPath := a.config.PidFile
2014-05-06 19:43:33 +00:00
if pidPath == "" {
return nil
}
2014-05-06 03:29:50 +00:00
2014-05-06 19:43:33 +00:00
// Open the PID file
pidFile, err := os.OpenFile(pidPath, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
if err != nil {
return fmt.Errorf("Could not open pid file: %v", err)
2014-05-06 03:29:50 +00:00
}
2014-05-06 19:43:33 +00:00
defer pidFile.Close()
2014-05-06 19:43:33 +00:00
// Write out the PID
pid := os.Getpid()
_, err = pidFile.WriteString(fmt.Sprintf("%d", pid))
if err != nil {
return fmt.Errorf("Could not write to pid file: %s", err)
}
return nil
2014-05-06 03:29:50 +00:00
}
2014-05-06 19:43:33 +00:00
// deletePid is used to delete our PID on exit
func (a *Agent) deletePid() error {
2014-05-06 19:43:33 +00:00
// Quit fast if no pidfile
2014-05-06 03:29:50 +00:00
pidPath := a.config.PidFile
2014-05-06 19:43:33 +00:00
if pidPath == "" {
return nil
}
2014-05-06 03:29:50 +00:00
2014-05-06 19:43:33 +00:00
stat, err := os.Stat(pidPath)
if err != nil {
return fmt.Errorf("Could not remove pid file: %s", err)
}
2014-05-06 03:29:50 +00:00
2014-05-06 19:43:33 +00:00
if stat.IsDir() {
return fmt.Errorf("Specified pid file path is directory")
2014-05-06 03:29:50 +00:00
}
2014-05-06 19:43:33 +00:00
err = os.Remove(pidPath)
if err != nil {
return fmt.Errorf("Could not remove pid file: %s", err)
}
return nil
2014-05-06 03:29:50 +00:00
}
// loadKeyringFile will load a keyring out of a file
func loadKeyringFile(keyringFile string) *memberlist.Keyring {
if _, err := os.Stat(keyringFile); err != nil {
return nil
}
// Read in the keyring file data
keyringData, err := ioutil.ReadFile(keyringFile)
if err != nil {
return nil
}
// Decode keyring JSON
keys := make([]string, 0)
if err := json.Unmarshal(keyringData, &keys); err != nil {
return nil
}
// Decode base64 values
keysDecoded := make([][]byte, len(keys))
for i, key := range keys {
keyBytes, err := base64.StdEncoding.DecodeString(key)
if err != nil {
return nil
}
keysDecoded[i] = keyBytes
}
// Create the keyring
keyring, err := memberlist.NewKeyring(keysDecoded, keysDecoded[0])
if err != nil {
return nil
}
// Success!
return keyring
}
// ListKeysLAN returns the keys installed on the LAN gossip pool
func (a *Agent) ListKeysLAN() (*serf.KeyResponse, error) {
if a.server != nil {
km := a.server.KeyManagerLAN()
return km.ListKeys()
}
km := a.client.KeyManagerLAN()
return km.ListKeys()
}
// ListKeysWAN returns the keys installed on the WAN gossip pool
func (a *Agent) ListKeysWAN() (*serf.KeyResponse, error) {
if a.server != nil {
km := a.server.KeyManagerWAN()
return km.ListKeys()
}
2014-09-09 06:25:38 +00:00
return nil, fmt.Errorf("WAN keyring not available on client node")
}
// InstallKeyWAN installs a new WAN gossip encryption key on server nodes
func (a *Agent) InstallKeyWAN(key string) (*serf.KeyResponse, error) {
if a.server != nil {
km := a.server.KeyManagerWAN()
return km.InstallKey(key)
}
return nil, fmt.Errorf("WAN keyring not available on client node")
}
// InstallKeyLAN installs a new LAN gossip encryption key on all nodes
func (a *Agent) InstallKeyLAN(key string) (*serf.KeyResponse, error) {
if a.server != nil {
km := a.server.KeyManagerLAN()
return km.InstallKey(key)
}
km := a.client.KeyManagerLAN()
return km.InstallKey(key)
}
// UseKeyWAN changes the primary WAN gossip encryption key on server nodes
func (a *Agent) UseKeyWAN(key string) (*serf.KeyResponse, error) {
if a.server != nil {
km := a.server.KeyManagerWAN()
return km.UseKey(key)
}
return nil, fmt.Errorf("WAN keyring not available on client node")
}
// UseKeyLAN changes the primary LAN gossip encryption key on all nodes
func (a *Agent) UseKeyLAN(key string) (*serf.KeyResponse, error) {
if a.server != nil {
km := a.server.KeyManagerLAN()
return km.UseKey(key)
}
km := a.client.KeyManagerLAN()
return km.UseKey(key)
}