diff options
Diffstat (limited to 'weed/command')
| -rw-r--r-- | weed/command/iam.go | 9 | ||||
| -rw-r--r-- | weed/command/s3.go | 3 | ||||
| -rw-r--r-- | weed/command/scaffold.go | 11 | ||||
| -rw-r--r-- | weed/command/scaffold/credential.toml | 55 | ||||
| -rw-r--r-- | weed/command/scaffold/example.go | 3 |
5 files changed, 75 insertions, 6 deletions
diff --git a/weed/command/iam.go b/weed/command/iam.go index b0b0fc52a..f67173389 100644 --- a/weed/command/iam.go +++ b/weed/command/iam.go @@ -3,9 +3,10 @@ package command import ( "context" "fmt" - "github.com/seaweedfs/seaweedfs/weed/util/version" "net/http" + "github.com/seaweedfs/seaweedfs/weed/util/version" + "time" "github.com/gorilla/mux" @@ -15,6 +16,12 @@ import ( "github.com/seaweedfs/seaweedfs/weed/pb/filer_pb" "github.com/seaweedfs/seaweedfs/weed/security" "github.com/seaweedfs/seaweedfs/weed/util" + + // Import credential stores to register them + _ "github.com/seaweedfs/seaweedfs/weed/credential/filer_etc" + _ "github.com/seaweedfs/seaweedfs/weed/credential/memory" + _ "github.com/seaweedfs/seaweedfs/weed/credential/postgres" + _ "github.com/seaweedfs/seaweedfs/weed/credential/sqlite" ) var ( diff --git a/weed/command/s3.go b/weed/command/s3.go index aa8798eb1..f955c4222 100644 --- a/weed/command/s3.go +++ b/weed/command/s3.go @@ -5,7 +5,6 @@ import ( "crypto/tls" "crypto/x509" "fmt" - "github.com/seaweedfs/seaweedfs/weed/util/version" "io/ioutil" "net" "net/http" @@ -14,6 +13,8 @@ import ( "strings" "time" + "github.com/seaweedfs/seaweedfs/weed/util/version" + "github.com/seaweedfs/seaweedfs/weed/s3api/s3err" "google.golang.org/grpc/credentials/tls/certprovider" "google.golang.org/grpc/credentials/tls/certprovider/pemfile" diff --git a/weed/command/scaffold.go b/weed/command/scaffold.go index 5d1ccb13f..26de2e1fd 100644 --- a/weed/command/scaffold.go +++ b/weed/command/scaffold.go @@ -2,9 +2,10 @@ package command import ( "fmt" - "github.com/seaweedfs/seaweedfs/weed/util" "path/filepath" + "github.com/seaweedfs/seaweedfs/weed/util" + "github.com/seaweedfs/seaweedfs/weed/command/scaffold" ) @@ -13,9 +14,9 @@ func init() { } var cmdScaffold = &Command{ - UsageLine: "scaffold -config=[filer|notification|replication|security|master]", + UsageLine: "scaffold -config=[filer|notification|replication|security|master|shell|credential]", Short: "generate basic configuration files", - Long: `Generate filer.toml with all possible configurations for you to customize. + Long: `Generate configuration files with all possible configurations for you to customize. The options can also be overwritten by environment variables. For example, the filer.toml mysql password can be overwritten by environment variable @@ -30,7 +31,7 @@ var cmdScaffold = &Command{ var ( outputPath = cmdScaffold.Flag.String("output", "", "if not empty, save the configuration file to this directory") - config = cmdScaffold.Flag.String("config", "filer", "[filer|notification|replication|security|master] the configuration file to generate") + config = cmdScaffold.Flag.String("config", "filer", "[filer|notification|replication|security|master|shell|credential] the configuration file to generate") ) func runScaffold(cmd *Command, args []string) bool { @@ -49,6 +50,8 @@ func runScaffold(cmd *Command, args []string) bool { content = scaffold.Master case "shell": content = scaffold.Shell + case "credential": + content = scaffold.Credential } if content == "" { println("need a valid -config option") diff --git a/weed/command/scaffold/credential.toml b/weed/command/scaffold/credential.toml new file mode 100644 index 000000000..380867800 --- /dev/null +++ b/weed/command/scaffold/credential.toml @@ -0,0 +1,55 @@ +# Put this file to one of the location, with descending priority +# ./credential.toml +# $HOME/.seaweedfs/credential.toml +# /etc/seaweedfs/credential.toml +# this file is read by S3 API and IAM API servers + +# Choose one of the credential stores below +# Only one store can be enabled at a time + +# Filer-based credential store (default, uses existing filer storage) +[credential.filer_etc] +enabled = true +# filer address and grpc_dial_option will be automatically configured by the server + +# SQLite credential store (recommended for single-node deployments) +[credential.sqlite] +enabled = false +file = "/var/lib/seaweedfs/credentials.db" +# Optional: table name prefix (default: "sw_") +table_prefix = "sw_" + +# PostgreSQL credential store (recommended for multi-node deployments) +[credential.postgres] +enabled = false +hostname = "localhost" +port = 5432 +username = "seaweedfs" +password = "your_password" +database = "seaweedfs" +schema = "public" +sslmode = "disable" +# Optional: table name prefix (default: "sw_") +table_prefix = "sw_" +# Connection pool settings +connection_max_idle = 10 +connection_max_open = 100 +connection_max_lifetime_seconds = 3600 + +# Memory credential store (for testing only, data is lost on restart) +[credential.memory] +enabled = false + +# Environment variable overrides: +# Any configuration value can be overridden by environment variables +# Rules: +# * Prefix with "WEED_CREDENTIAL_" +# * Convert to uppercase +# * Replace '.' with '_' +# +# Examples: +# export WEED_CREDENTIAL_POSTGRES_PASSWORD=secret +# export WEED_CREDENTIAL_SQLITE_FILE=/custom/path/credentials.db +# export WEED_CREDENTIAL_POSTGRES_HOSTNAME=db.example.com +# export WEED_CREDENTIAL_FILER_ETC_ENABLED=true +# export WEED_CREDENTIAL_SQLITE_ENABLED=false
\ No newline at end of file diff --git a/weed/command/scaffold/example.go b/weed/command/scaffold/example.go index 6be6804e5..26d0a306c 100644 --- a/weed/command/scaffold/example.go +++ b/weed/command/scaffold/example.go @@ -19,3 +19,6 @@ var Master string //go:embed shell.toml var Shell string + +//go:embed credential.toml +var Credential string |