diff options
Diffstat (limited to 'weed/command')
| -rw-r--r-- | weed/command/master.go | 43 | ||||
| -rw-r--r-- | weed/command/scaffold/security.toml | 6 | ||||
| -rw-r--r-- | weed/command/volume.go | 14 |
3 files changed, 54 insertions, 9 deletions
diff --git a/weed/command/master.go b/weed/command/master.go index 1d236d532..a9109bdb8 100644 --- a/weed/command/master.go +++ b/weed/command/master.go @@ -1,23 +1,25 @@ package command import ( - "github.com/chrislusf/raft/protobuf" - stats_collect "github.com/chrislusf/seaweedfs/weed/stats" - "github.com/gorilla/mux" - "google.golang.org/grpc/reflection" "net/http" "os" "sort" "strings" "time" + "github.com/chrislusf/raft/protobuf" + stats_collect "github.com/chrislusf/seaweedfs/weed/stats" + "github.com/gorilla/mux" + "github.com/spf13/viper" + "google.golang.org/grpc/reflection" + "github.com/chrislusf/seaweedfs/weed/util/grace" "github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/pb" "github.com/chrislusf/seaweedfs/weed/pb/master_pb" "github.com/chrislusf/seaweedfs/weed/security" - "github.com/chrislusf/seaweedfs/weed/server" + weed_server "github.com/chrislusf/seaweedfs/weed/server" "github.com/chrislusf/seaweedfs/weed/storage/backend" "github.com/chrislusf/seaweedfs/weed/util" ) @@ -138,6 +140,7 @@ func startMaster(masterOption MasterOptions, masterWhiteList []string) { if e != nil { glog.Fatalf("Master startup error: %v", e) } + // start raftServer raftServerOption := &weed_server.RaftServerOption{ GrpcDialOption: security.LoadClientTLS(util.GetViper(), "grpc.master"), @@ -183,11 +186,39 @@ func startMaster(masterOption MasterOptions, masterWhiteList []string) { go ms.MasterClient.KeepConnectedToMaster() // start http server + var ( + clientCertFile, + certFile, + keyFile string + ) + useTLS := false + useMTLS := false + + if viper.GetString("https.master.key") != "" { + useTLS = true + certFile = viper.GetString("https.master.cert") + keyFile = viper.GetString("https.master.key") + } + + if viper.GetString("https.master.ca") != "" { + useMTLS = true + clientCertFile = viper.GetString("https.master.ca") + } + httpS := &http.Server{Handler: r} if masterLocalListner != nil { go httpS.Serve(masterLocalListner) } - go httpS.Serve(masterListener) + + if useMTLS { + httpS.TLSConfig = security.LoadClientTLSHTTP(clientCertFile) + } + + if useTLS { + go httpS.ServeTLS(masterListener, certFile, keyFile) + } else { + go httpS.Serve(masterListener) + } select {} } diff --git a/weed/command/scaffold/security.toml b/weed/command/scaffold/security.toml index 090f4f664..38a803dd6 100644 --- a/weed/command/scaffold/security.toml +++ b/weed/command/scaffold/security.toml @@ -83,7 +83,13 @@ key = "" # this does not work with other clients, e.g., "weed filer|mount" etc, yet. [https.client] enabled = true + [https.volume] cert = "" key = "" +ca = "" +[https.master] +cert = "" +key = "" +ca = "" diff --git a/weed/command/volume.go b/weed/command/volume.go index f3b36fcda..645c698b1 100644 --- a/weed/command/volume.go +++ b/weed/command/volume.go @@ -2,7 +2,6 @@ package command import ( "fmt" - "github.com/chrislusf/seaweedfs/weed/storage/types" "net/http" httppprof "net/http/pprof" "os" @@ -11,6 +10,8 @@ import ( "strings" "time" + "github.com/chrislusf/seaweedfs/weed/storage/types" + "github.com/spf13/viper" "google.golang.org/grpc" @@ -24,7 +25,7 @@ import ( "github.com/chrislusf/seaweedfs/weed/glog" "github.com/chrislusf/seaweedfs/weed/pb/volume_server_pb" - "github.com/chrislusf/seaweedfs/weed/server" + weed_server "github.com/chrislusf/seaweedfs/weed/server" stats_collect "github.com/chrislusf/seaweedfs/weed/stats" "github.com/chrislusf/seaweedfs/weed/storage" "github.com/chrislusf/seaweedfs/weed/util" @@ -371,7 +372,14 @@ func (v VolumeServerOptions) startClusterHttpService(handler http.Handler) httpd StopTimeout: 30 * time.Second, CertFile: certFile, KeyFile: keyFile} - clusterHttpServer := httpDown.Serve(&http.Server{Handler: handler}, listener) + httpS := &http.Server{Handler: handler} + + if viper.GetString("https.volume.ca") != "" { + clientCertFile := viper.GetString("https.volume.ca") + httpS.TLSConfig = security.LoadClientTLSHTTP(clientCertFile) + } + + clusterHttpServer := httpDown.Serve(httpS, listener) go func() { if e := clusterHttpServer.Wait(); e != nil { glog.Fatalf("Volume server fail to serve: %v", e) |