Skip to content
This repository has been archived by the owner on Feb 26, 2023. It is now read-only.

Commit

Permalink
attempt to enable TLS for nomad client
Browse files Browse the repository at this point in the history
fixes #166
  • Loading branch information
jippi committed Dec 22, 2016
1 parent 72b10f5 commit 812f7f0
Show file tree
Hide file tree
Showing 2 changed files with 53 additions and 7 deletions.
45 changes: 43 additions & 2 deletions backend/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,9 @@ type Config struct {
LogLevel string
NewRelicAppName string
NewRelicLicense string
CACert string
ClientCert string
ClientKey string
}

// BroadcastChannels contains all the channels for resources hashi-ui automatically maintain active lists of
Expand All @@ -69,7 +72,6 @@ func DefaultConfig() *Config {
ListenAddress: "0.0.0.0:3000",
LogLevel: "info",
NewRelicAppName: "hashi-ui",
NewRelicLicense: "",
}
}

Expand All @@ -86,6 +88,15 @@ var (
flagAddress = flag.String("nomad.address", "", "The address of the Nomad server. "+
"Overrides the NOMAD_ADDR environment variable if set. "+flagDefault(defaultConfig.Address))

flagNomadCACert = flag.String("nomad.ca_cert", "", "Path to the Nomad TLS CA Cert File. "+
"Overrides the NOMAD_CACERT environment variable if set. "+flagDefault(defaultConfig.CACert))

flagNomadClientCert = flag.String("nomad.client_cert", "", "Path to the Nomad Client Cert File. "+
"Overrides the NOMAD_CLIENT_CERT environment variable if set. "+flagDefault(defaultConfig.ClientCert))

flagNomadClientKey = flag.String("nomad.client_key", "", "Path to the Nomad Client Key File. "+
"Overrides the NOMAD_CLIENT_KEY environment variable if set. "+flagDefault(defaultConfig.ClientKey))

flagListenAddress = flag.String("web.listen-address", "",
"The address on which to expose the web interface. "+flagDefault(defaultConfig.ListenAddress))

Expand Down Expand Up @@ -143,6 +154,21 @@ func (c *Config) Parse() {
c.NewRelicLicense = newRelicLicense
}

nomadCACert, ok := syscall.Getenv("NOMAD_CACERT")
if ok {
c.CACert = nomadCACert
}

nomadClientCert, ok := syscall.Getenv("NOMAD_CLIENT_CERT")
if ok {
c.ClientCert = nomadClientCert
}

nomadClientKey, ok := syscall.Getenv("NOMAD_CLIENT_KEY")
if ok {
c.ClientKey = nomadClientKey
}

// flags

if *flagReadOnly {
Expand Down Expand Up @@ -172,6 +198,18 @@ func (c *Config) Parse() {
if *flagNewRelicLicense != "" {
c.NewRelicLicense = *flagNewRelicLicense
}

if *flagNomadCACert != "" {
c.CACert = *flagNomadCACert
}

if *flagNomadClientCert != "" {
c.ClientCert = *flagNomadClientCert
}

if *flagNomadClientKey != "" {
c.ClientKey = *flagNomadClientKey
}
}

func main() {
Expand Down Expand Up @@ -204,6 +242,9 @@ func main() {
}

logger.Infof("| nomad.address : %-50s |", cfg.Address)
logger.Infof("| nomad.ca_cert : %-50s |", cfg.CACert)
logger.Infof("| nomad.client_cert : %-50s |", cfg.ClientCert)
logger.Infof("| nomad.client_key : %-50s |", cfg.ClientKey)
logger.Infof("| web.listen-address : http://%-43s |", cfg.ListenAddress)
logger.Infof("| web.proxy-address : %-50s |", cfg.ProxyAddress)
logger.Infof("| log.level : %-50s |", cfg.LogLevel)
Expand All @@ -228,7 +269,7 @@ func main() {
channels.clusterStatistics = observer.NewProperty(&Action{})

logger.Infof("Connecting to nomad ...")
nomad, err := NewNomad(cfg.Address, broadcast, channels)
nomad, err := NewNomad(cfg, broadcast, channels)
if err != nil {
logger.Fatalf("Could not create client: %s", err)
}
Expand Down
15 changes: 10 additions & 5 deletions backend/nomad.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,13 @@ package main

import (
"fmt"
"github.com/gorilla/mux"
"github.com/hashicorp/nomad/api"
"io"
"net/http"
"path/filepath"
"time"

"github.com/gorilla/mux"
"github.com/hashicorp/nomad/api"
)

const (
Expand All @@ -31,11 +32,15 @@ type Nomad struct {
}

// NewNomad configures the Nomad API client and initializes the internal state.
func NewNomad(url string, updateCh chan *Action, channels *BroadcastChannels) (*Nomad, error) {
func NewNomad(c *Config, updateCh chan *Action, channels *BroadcastChannels) (*Nomad, error) {
config := api.DefaultConfig()
config.Address = url
config.Address = c.Address
config.WaitTime = waitTime

config.TLSConfig = &api.TLSConfig{
CACert: c.CACert,
ClientCert: c.ClientCert,
ClientKey: c.ClientKey,
}
client, err := api.NewClient(config)
if err != nil {
return nil, err
Expand Down

0 comments on commit 812f7f0

Please sign in to comment.