From 98b2fbbe99375eadfd00eb3bb194a62c7169f589 Mon Sep 17 00:00:00 2001 From: aman-bansal Date: Fri, 13 Nov 2020 12:14:46 +0530 Subject: [PATCH] refactoring tls flags for alpha and zero --- dgraph/cmd/alpha/run.go | 13 ++----------- dgraph/cmd/zero/run.go | 11 ++--------- x/tls_helper.go | 13 +++++++++++++ 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/dgraph/cmd/alpha/run.go b/dgraph/cmd/alpha/run.go index b05f65507d4..154696fe4f4 100644 --- a/dgraph/cmd/alpha/run.go +++ b/dgraph/cmd/alpha/run.go @@ -187,17 +187,6 @@ they form a Raft group and provide synchronous replication. flag.Uint64("normalize_node_limit", 1e4, "Limit for the maximum number of nodes that can be returned in a query that uses the "+ "normalize directive.") - - // TLS configurations - flag.String("tls_dir", "", "Path to directory that has TLS certificates and keys.") - flag.Bool("tls_use_system_ca", true, "Include System CA into CA Certs.") - flag.String("tls_client_auth", "VERIFYIFGIVEN", "Enable TLS client authentication") - flag.Bool("tls_internal_port_enabled", false, "(optional) enable inter node TLS encryption between cluster nodes.") - flag.String("tls_cert", "", "(optional) The Cert file name in tls_dir which is needed to "+ - "connect as a client with the other nodes in the cluster.") - flag.String("tls_key", "", "(optional) The private key file name "+ - "in tls_dir needed to connect as a client with the other nodes in the cluster.") - flag.String("tls_min_version", "TLS11", "min version of tls supported. Valid values are TLS11, TLS12") //Custom plugins. flag.String("custom_tokenizers", "", "Comma separated list of tokenizer plugins") @@ -221,6 +210,8 @@ they form a Raft group and provide synchronous replication. PostingListCache,PstoreBlockCache,PstoreIndexCache,WstoreBlockCache,WstoreIndexCache). PostingListCache should be 0 and is a no-op. `) + // TLS configurations + x.RegisterServerTLSFlags(flag) } func setupCustomTokenizers() { diff --git a/dgraph/cmd/zero/run.go b/dgraph/cmd/zero/run.go index 943b771aa7e..38b53b85129 100644 --- a/dgraph/cmd/zero/run.go +++ b/dgraph/cmd/zero/run.go @@ -107,15 +107,6 @@ instances to achieve high-availability. " exporter does not support annotation logs and would discard them.") flag.Bool("ludicrous_mode", false, "Run zero in ludicrous mode") flag.String("enterprise_license", "", "Path to the enterprise license file.") - // TLS configurations - flag.String("tls_dir", "", "Path to directory that has TLS certificates and keys.") - flag.Bool("tls_use_system_ca", true, "Include System CA into CA Certs.") - flag.String("tls_client_auth", "VERIFYIFGIVEN", "Enable TLS client authentication") - flag.Bool("tls_internal_port_enabled", false, "(optional) enable inter node TLS encryption between cluster nodes.") - flag.String("tls_cert", "", "(optional) The Cert file name in tls_dir which is needed to "+ - "connect as a client with the other nodes in the cluster.") - flag.String("tls_key", "", "(optional) The private key file name "+ - "in tls_dir which is needed to connect as a client with the other nodes in the cluster.") // Cache flags flag.Int64("cache_mb", 0, "Total size of cache (in MB) to be used in zero.") flag.String("cache_percentage", "100,0", @@ -131,6 +122,8 @@ instances to achieve high-availability. "log directory. mmap consumes more RAM, but provides better performance.") flag.Int("badger.compression_level", 3, "The compression level for Badger. A higher value uses more resources.") + // TLS configurations + x.RegisterServerTLSFlags(flag) } func setupListener(addr string, port int, kind string) (listener net.Listener, err error) { diff --git a/x/tls_helper.go b/x/tls_helper.go index 443b6cfe980..019cc7cc32a 100644 --- a/x/tls_helper.go +++ b/x/tls_helper.go @@ -51,6 +51,19 @@ type TLSHelperConfig struct { MinVersion string } +// RegisterClientTLSFlags registers the required flags to set up a TLS client. +func RegisterServerTLSFlags(flag *pflag.FlagSet) { + flag.String("tls_dir", "", "Path to directory that has TLS certificates and keys.") + flag.Bool("tls_use_system_ca", true, "Include System CA into CA Certs.") + flag.String("tls_client_auth", "VERIFYIFGIVEN", "Enable TLS client authentication") + flag.Bool("tls_internal_port_enabled", false, "(optional) enable inter node TLS encryption between cluster nodes.") + flag.String("tls_cert", "", "(optional) The Cert file name in tls_dir which is needed to "+ + "connect as a client with the other nodes in the cluster.") + flag.String("tls_key", "", "(optional) The private key file name "+ + "in tls_dir needed to connect as a client with the other nodes in the cluster.") + flag.String("tls_min_version", "TLS11", "min version of tls supported. Valid values are TLS11, TLS12") +} + // RegisterClientTLSFlags registers the required flags to set up a TLS client. func RegisterClientTLSFlags(flag *pflag.FlagSet) { flag.String("tls_cacert", "",