From cbcacee2d666e9be8246435d9db23107d6ceb804 Mon Sep 17 00:00:00 2001 From: Mathieu Tortuyaux Date: Fri, 13 Aug 2021 17:20:39 +0200 Subject: [PATCH] locksmithcl: configure client the main difference is that we don't use Transport but TLSConfig directly. We also return a `KV` client. Signed-off-by: Mathieu Tortuyaux --- locksmithctl/locksmithctl.go | 60 +++++++++--------------------------- 1 file changed, 15 insertions(+), 45 deletions(-) diff --git a/locksmithctl/locksmithctl.go b/locksmithctl/locksmithctl.go index a8b93a3..0587713 100644 --- a/locksmithctl/locksmithctl.go +++ b/locksmithctl/locksmithctl.go @@ -17,23 +17,18 @@ package main import ( "crypto/tls" "crypto/x509" - "errors" "flag" "fmt" "io/ioutil" - "net" - "net/http" "os" "path" "strings" - "syscall" "text/tabwriter" - "time" "github.com/flatcar-linux/locksmith/lock" "github.com/flatcar-linux/locksmith/version" - "go.etcd.io/etcd/client" + client "go.etcd.io/etcd/client/v3" ) const ( @@ -184,15 +179,10 @@ func main() { // getLockClient returns an initialized EtcdLockClient, using an etcd // client configured from the global etcd flags func getClient() (*lock.EtcdLockClient, error) { - // copy of github.com/coreos/etcd/client.DefaultTransport so that - // TLSClientConfig can be overridden. - transport := &http.Transport{ - Proxy: http.ProxyFromEnvironment, - Dial: (&net.Dialer{ - Timeout: 30 * time.Second, - KeepAlive: 30 * time.Second, - }).Dial, - TLSHandshakeTimeout: 10 * time.Second, + cfg := client.Config{ + Endpoints: globalFlags.Endpoints, + Username: globalFlags.EtcdUsername, + Password: globalFlags.EtcdPassword, } if globalFlags.EtcdCAFile != "" || globalFlags.EtcdCertFile != "" || globalFlags.EtcdKeyFile != "" { @@ -216,42 +206,22 @@ func getClient() (*lock.EtcdLockClient, error) { tlsconf.BuildNameToCertificate() - transport.TLSClientConfig = tlsconf + cfg.TLS = tlsconf } - // This loop is a hack to bring a kind a resilience in case of unreachable endpoint. - // It has been shown in the CI (cl.locksmith.cluster) that etcd/v2 recent upgrade has broke the resiliency - // of the endpoint. - // It can be safely removed once the `etcd` V3 upgrade done. - // More details https://github.com/kinvolk/coreos-overlay/pull/1161#issuecomment-891906580. - for _, ep := range globalFlags.Endpoints { - cfg := client.Config{ - Endpoints: []string{ep}, - Transport: transport, - Username: globalFlags.EtcdUsername, - Password: globalFlags.EtcdPassword, - } - - ec, err := client.New(cfg) - if err != nil { - return nil, fmt.Errorf("creating etcd client: %w", err) - } - - kapi := client.NewKeysAPI(ec) - - lc, err := lock.NewEtcdLockClient(kapi, globalFlags.Group) - if err != nil { - if errors.Is(err, syscall.ECONNREFUSED) { - continue - } + ec, err := client.New(cfg) + if err != nil { + return nil, fmt.Errorf("creating etcd client: %w", err) + } - return nil, fmt.Errorf("creating etcd lock client: %w", err) - } + kapi := client.NewKV(ec) - return lc, nil + lc, err := lock.NewEtcdLockClient(kapi, globalFlags.Group) + if err != nil { + return nil, fmt.Errorf("creating etcd lock client: %w", err) } - return nil, fmt.Errorf("no etcd endpoints available, tried: %s", strings.Join(globalFlags.Endpoints, ",")) + return lc, nil } // flagsFromEnv parses all registered flags in the given flagSet,