Skip to content
This repository has been archived by the owner on Feb 26, 2023. It is now read-only.

Commit

Permalink
Merge pull request #167 from jippi/tls-support
Browse files Browse the repository at this point in the history
Add TLS for nomad
  • Loading branch information
jippi authored Dec 22, 2016
2 parents 72b10f5 + 11b19cd commit 214cce5
Show file tree
Hide file tree
Showing 3 changed files with 65 additions and 16 deletions.
21 changes: 12 additions & 9 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,18 @@ both hostname and port.

hashi-ui can be controlled by both ENV or CLI flags as described below

| Environment | CLI (`--flag`) | Default | Description |
|-----------------------|-------------------------|---------------------------|--------------------------------------------------------------------------------------------------------|
| `NOMAD_ADDR` | `nomad.address` | `http://127.0.0.1:4646` | Must point to the correct location of your Nomad server. |
| `NOMAD_READ_ONLY` | `nomad.read-only` | `false` | Should hash-ui allowed to modify nomad state (stop/start jobs and so forth) |
| `NOMAD_PORT_http` | `web.listen-address` | `0.0.0.0:3000` | The IP + PORT to listen on |
| `NOMAD_PROXY_ADDRESS` | `web.proxy-address` | `<empty>` | (optional) The base URL of the UI when running behind a reverse proxy (ie: example.com/nomad/) |
| `NOMAD_LOG_LEVEL` | `log.level` | `info` | Log level to use while running the hashi-ui server - (`critical`, `error`, `warning`, `notice`, `info`, `debug`) |
| `NEWRELIC_APP_NAME` | `newrelic.app_name` | `hashi-ui` | (optional) NewRelic application name |
| `NEWRELIC_LICENSE` | `newrelic.license` | '' | (optional) NewRelic license key |
| Environment | CLI (`--flag`) | Default | Description |
|-------------------------|-------------------------|---------------------------|------------------------------------------------------------------------------------------------------------------|
| `NOMAD_ADDR` | `nomad.address` | `http://127.0.0.1:4646` | Must point to the correct location of your Nomad server. |
| `NOMAD_CACERT` | `nomad.ca_cert` | `<empty>` | (optional) path to a CA Cert file (remember to use `https://` in `NOMAD_ADDR` if you enable TLS) |
| `NOMAD_CLIENT_CERT` | `nomad.client_cert` | `<empty>` | (optional) path to a client cert file (remember to use `https://` in `NOMAD_ADDR` if you enable TLS) |
| `NOMAD_CLIENT_KEY` | `nomad.client_key` | `<empty>` | (optional) path to a client key file (remember to use `https://` in `NOMAD_ADDR` if you enable TLS) |
| `NOMAD_READ_ONLY` | `nomad.read-only` | `false` | Should hash-ui allowed to modify nomad state (stop/start jobs and so forth) |
| `NOMAD_PORT_http` | `web.listen-address` | `0.0.0.0:3000` | The IP + PORT to listen on |
| `NOMAD_PROXY_ADDRESS` | `web.proxy-address` | `<empty>` | (optional) The base URL of the UI when running behind a reverse proxy (ie: example.com/nomad/) |
| `NOMAD_LOG_LEVEL` | `log.level` | `info` | Log level to use while running the hashi-ui server - (`critical`, `error`, `warning`, `notice`, `info`, `debug`) |
| `NEWRELIC_APP_NAME` | `newrelic.app_name` | `hashi-ui` | (optional) NewRelic application name |
| `NEWRELIC_LICENSE` | `newrelic.license` | `<empty>` | (optional) NewRelic license key |

# Try

Expand Down
45 changes: 43 additions & 2 deletions backend/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ type Config struct {
LogLevel string
NewRelicAppName string
NewRelicLicense string
CACert string
ClientCert string
ClientKey string
}

// BroadcastChannels contains all the channels for resources hashi-ui automatically maintain active lists of
Expand All @@ -69,7 +72,6 @@ func DefaultConfig() *Config {
ListenAddress: "0.0.0.0:3000",
LogLevel: "info",
NewRelicAppName: "hashi-ui",
NewRelicLicense: "",
}
}

Expand All @@ -86,6 +88,15 @@ var (
flagAddress = flag.String("nomad.address", "", "The address of the Nomad server. "+
"Overrides the NOMAD_ADDR environment variable if set. "+flagDefault(defaultConfig.Address))

flagNomadCACert = flag.String("nomad.ca_cert", "", "Path to the Nomad TLS CA Cert File. "+
"Overrides the NOMAD_CACERT environment variable if set. "+flagDefault(defaultConfig.CACert))

flagNomadClientCert = flag.String("nomad.client_cert", "", "Path to the Nomad Client Cert File. "+
"Overrides the NOMAD_CLIENT_CERT environment variable if set. "+flagDefault(defaultConfig.ClientCert))

flagNomadClientKey = flag.String("nomad.client_key", "", "Path to the Nomad Client Key File. "+
"Overrides the NOMAD_CLIENT_KEY environment variable if set. "+flagDefault(defaultConfig.ClientKey))

flagListenAddress = flag.String("web.listen-address", "",
"The address on which to expose the web interface. "+flagDefault(defaultConfig.ListenAddress))

Expand Down Expand Up @@ -143,6 +154,21 @@ func (c *Config) Parse() {
c.NewRelicLicense = newRelicLicense
}

nomadCACert, ok := syscall.Getenv("NOMAD_CACERT")
if ok {
c.CACert = nomadCACert
}

nomadClientCert, ok := syscall.Getenv("NOMAD_CLIENT_CERT")
if ok {
c.ClientCert = nomadClientCert
}

nomadClientKey, ok := syscall.Getenv("NOMAD_CLIENT_KEY")
if ok {
c.ClientKey = nomadClientKey
}

// flags

if *flagReadOnly {
Expand Down Expand Up @@ -172,6 +198,18 @@ func (c *Config) Parse() {
if *flagNewRelicLicense != "" {
c.NewRelicLicense = *flagNewRelicLicense
}

if *flagNomadCACert != "" {
c.CACert = *flagNomadCACert
}

if *flagNomadClientCert != "" {
c.ClientCert = *flagNomadClientCert
}

if *flagNomadClientKey != "" {
c.ClientKey = *flagNomadClientKey
}
}

func main() {
Expand Down Expand Up @@ -204,6 +242,9 @@ func main() {
}

logger.Infof("| nomad.address : %-50s |", cfg.Address)
logger.Infof("| nomad.ca_cert : %-50s |", cfg.CACert)
logger.Infof("| nomad.client_cert : %-50s |", cfg.ClientCert)
logger.Infof("| nomad.client_key : %-50s |", cfg.ClientKey)
logger.Infof("| web.listen-address : http://%-43s |", cfg.ListenAddress)
logger.Infof("| web.proxy-address : %-50s |", cfg.ProxyAddress)
logger.Infof("| log.level : %-50s |", cfg.LogLevel)
Expand All @@ -228,7 +269,7 @@ func main() {
channels.clusterStatistics = observer.NewProperty(&Action{})

logger.Infof("Connecting to nomad ...")
nomad, err := NewNomad(cfg.Address, broadcast, channels)
nomad, err := NewNomad(cfg, broadcast, channels)
if err != nil {
logger.Fatalf("Could not create client: %s", err)
}
Expand Down
15 changes: 10 additions & 5 deletions backend/nomad.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@ package main

import (
"fmt"
"github.com/gorilla/mux"
"github.com/hashicorp/nomad/api"
"io"
"net/http"
"path/filepath"
"time"

"github.com/gorilla/mux"
"github.com/hashicorp/nomad/api"
)

const (
Expand All @@ -31,11 +32,15 @@ type Nomad struct {
}

// NewNomad configures the Nomad API client and initializes the internal state.
func NewNomad(url string, updateCh chan *Action, channels *BroadcastChannels) (*Nomad, error) {
func NewNomad(c *Config, updateCh chan *Action, channels *BroadcastChannels) (*Nomad, error) {
config := api.DefaultConfig()
config.Address = url
config.Address = c.Address
config.WaitTime = waitTime

config.TLSConfig = &api.TLSConfig{
CACert: c.CACert,
ClientCert: c.ClientCert,
ClientKey: c.ClientKey,
}
client, err := api.NewClient(config)
if err != nil {
return nil, err
Expand Down

0 comments on commit 214cce5

Please sign in to comment.