etcd-io__etcd/etcdmain/config.go

// Copyright 2015 The etcd Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

// Every change should be reflected on help.go as well.

package etcdmain

import (
	"flag"
	"fmt"
	"io/ioutil"
	"net"
	"net/url"
	"os"
	"runtime"
	"strings"

	"github.com/coreos/etcd/etcdserver"
	"github.com/coreos/etcd/pkg/cors"
	"github.com/coreos/etcd/pkg/flags"
	"github.com/coreos/etcd/pkg/transport"
	"github.com/coreos/etcd/pkg/types"
	"github.com/coreos/etcd/version"
	"github.com/ghodss/yaml"
)

const (
	proxyFlagOff      = "off"
	proxyFlagReadonly = "readonly"
	proxyFlagOn       = "on"

	fallbackFlagExit  = "exit"
	fallbackFlagProxy = "proxy"

	clusterStateFlagNew      = "new"
	clusterStateFlagExisting = "existing"

	defaultName                     = "default"
	defaultInitialAdvertisePeerURLs = "http://localhost:2380"
	defaultAdvertiseClientURLs      = "http://localhost:2379"
	defaultListenPeerURLs           = "http://localhost:2380"
	defaultListenClientURLs         = "http://localhost:2379"

	// maxElectionMs specifies the maximum value of election timeout.
	// More details are listed in ../Documentation/tuning.md#time-parameters.
	maxElectionMs = 50000
)

var (
	ignored = []string{
		"cluster-active-size",
		"cluster-remove-delay",
		"cluster-sync-interval",
		"config",
		"force",
		"max-result-buffer",
		"max-retry-attempts",
		"peer-heartbeat-interval",
		"peer-election-timeout",
		"retry-interval",
		"snapshot",
		"v",
		"vv",
	}

	ErrConflictBootstrapFlags = fmt.Errorf("multiple discovery or bootstrap flags are set. " +
		"Choose one of \"initial-cluster\", \"discovery\" or \"discovery-srv\"")
	errUnsetAdvertiseClientURLsFlag = fmt.Errorf("--advertise-client-urls is required when --listen-client-urls is set explicitly")
)

type config struct {
	*flag.FlagSet

	// member
	corsInfo       *cors.CORSInfo
	lpurls, lcurls []url.URL
	Dir            string `json:"data-dir"`
	WalDir         string `json:"wal-dir"`
	MaxSnapFiles   uint   `json:"max-snapshots"`
	MaxWalFiles    uint   `json:"max-wals"`
	Name           string `json:"name"`
	SnapCount      uint64 `json:"snapshot-count"`
	LPUrlsCfgFile  string `json:"listen-peer-urls"`
	LCUrlsCfgFile  string `json:"listen-client-urls"`
	CorsCfgFile    string `json:"cors"`

	// TickMs is the number of milliseconds between heartbeat ticks.
	// TODO: decouple tickMs and heartbeat tick (current heartbeat tick = 1).
	// make ticks a cluster wide configuration.
	TickMs            uint  `json:"heartbeat-interval"`
	ElectionMs        uint  `json:"election-timeout"`
	QuotaBackendBytes int64 `json:"quota-backend-bytes"`

	// clustering
	apurls, acurls      []url.URL
	clusterState        *flags.StringsFlag
	DnsCluster          string `json:"discovery-srv"`
	Dproxy              string `json:"discovery-proxy"`
	Durl                string `json:"discovery"`
	fallback            *flags.StringsFlag
	InitialCluster      string `json:"initial-cluster"`
	InitialClusterToken string `json:"initial-cluster-token"`
	StrictReconfigCheck bool   `json:"strict-reconfig-check"`
	ApurlsCfgFile       string `json:"initial-advertise-peer-urls"`
	AcurlsCfgFile       string `json:"advertise-client-urls"`
	ClusterStateCfgFile string `json:"initial-cluster-state"`
	FallbackCfgFile     string `json:"discovery-fallback"`

	// proxy
	proxy                  *flags.StringsFlag
	ProxyFailureWaitMs     uint   `json:"proxy-failure-wait"`
	ProxyRefreshIntervalMs uint   `json:"proxy-refresh-interval"`
	ProxyDialTimeoutMs     uint   `json:"proxy-dial-timeout"`
	ProxyWriteTimeoutMs    uint   `json:"proxy-write-timeout"`
	ProxyReadTimeoutMs     uint   `json:"proxy-read-timeout"`
	ProxyCfgFile           string `json:"proxy"`

	// security
	clientTLSInfo, peerTLSInfo transport.TLSInfo
	ClientAutoTLS              bool
	PeerAutoTLS                bool
	ClientSecurityCfgFile      securityConfig `json:"client-transport-security"`
	PeerSecurityCfgFile        securityConfig `json:"peer-transport-security"`

	// Debug logging
	Debug        bool   `json:"debug"`
	LogPkgLevels string `json:"log-package-levels"`

	// ForceNewCluster is unsafe
	ForceNewCluster bool `json:"force-new-cluster"`

	printVersion bool

	autoCompactionRetention int

	enablePprof bool

	configFile string

	ignored []string
}

type securityConfig struct {
	CAFile        string `json:"ca-file"`
	CertFile      string `json:"cert-file"`
	KeyFile       string `json:"key-file"`
	CertAuth      bool   `json:"client-cert-auth"`
	TrustedCAFile string `json:"trusted-ca-file"`
	AutoTLS       bool   `json:"auto-tls"`
}

func NewConfig() *config {
	cfg := &config{
		corsInfo: &cors.CORSInfo{},
		clusterState: flags.NewStringsFlag(
			clusterStateFlagNew,
			clusterStateFlagExisting,
		),
		fallback: flags.NewStringsFlag(
			fallbackFlagExit,
			fallbackFlagProxy,
		),
		ignored: ignored,
		proxy: flags.NewStringsFlag(
			proxyFlagOff,
			proxyFlagReadonly,
			proxyFlagOn,
		),
	}

	cfg.FlagSet = flag.NewFlagSet("etcd", flag.ContinueOnError)
	fs := cfg.FlagSet
	fs.Usage = func() {
		fmt.Println(usageline)
	}

	fs.StringVar(&cfg.configFile, "config-file", "", "Path to the server configuration file")

	// member
	fs.Var(cfg.corsInfo, "cors", "Comma-separated white list of origins for CORS (cross-origin resource sharing).")
	fs.StringVar(&cfg.Dir, "data-dir", "", "Path to the data directory.")
	fs.StringVar(&cfg.WalDir, "wal-dir", "", "Path to the dedicated wal directory.")
	fs.Var(flags.NewURLsValue(defaultListenPeerURLs), "listen-peer-urls", "List of URLs to listen on for peer traffic.")
	fs.Var(flags.NewURLsValue(defaultListenClientURLs), "listen-client-urls", "List of URLs to listen on for client traffic.")
	fs.UintVar(&cfg.MaxSnapFiles, "max-snapshots", defaultMaxSnapshots, "Maximum number of snapshot files to retain (0 is unlimited).")
	fs.UintVar(&cfg.MaxWalFiles, "max-wals", defaultMaxWALs, "Maximum number of wal files to retain (0 is unlimited).")
	fs.StringVar(&cfg.Name, "name", defaultName, "Human-readable name for this member.")
	fs.Uint64Var(&cfg.SnapCount, "snapshot-count", etcdserver.DefaultSnapCount, "Number of committed transactions to trigger a snapshot to disk.")
	fs.UintVar(&cfg.TickMs, "heartbeat-interval", 100, "Time (in milliseconds) of a heartbeat interval.")
	fs.UintVar(&cfg.ElectionMs, "election-timeout", 1000, "Time (in milliseconds) for an election to timeout.")
	fs.Int64Var(&cfg.QuotaBackendBytes, "quota-backend-bytes", 0, "Raise alarms when backend size exceeds the given quota. 0 means use the default quota.")

	// clustering
	fs.Var(flags.NewURLsValue(defaultInitialAdvertisePeerURLs), "initial-advertise-peer-urls", "List of this member's peer URLs to advertise to the rest of the cluster.")
	fs.Var(flags.NewURLsValue(defaultAdvertiseClientURLs), "advertise-client-urls", "List of this member's client URLs to advertise to the public.")
	fs.StringVar(&cfg.Durl, "discovery", "", "Discovery URL used to bootstrap the cluster.")
	fs.Var(cfg.fallback, "discovery-fallback", fmt.Sprintf("Valid values include %s", strings.Join(cfg.fallback.Values, ", ")))
	if err := cfg.fallback.Set(fallbackFlagProxy); err != nil {
		// Should never happen.
		plog.Panicf("unexpected error setting up discovery-fallback flag: %v", err)
	}
	fs.StringVar(&cfg.Dproxy, "discovery-proxy", "", "HTTP proxy to use for traffic to discovery service.")
	fs.StringVar(&cfg.DnsCluster, "discovery-srv", "", "DNS domain used to bootstrap initial cluster.")
	fs.StringVar(&cfg.InitialCluster, "initial-cluster", initialClusterFromName(defaultName), "Initial cluster configuration for bootstrapping.")
	fs.StringVar(&cfg.InitialClusterToken, "initial-cluster-token", "etcd-cluster", "Initial cluster token for the etcd cluster during bootstrap.")
	fs.Var(cfg.clusterState, "initial-cluster-state", "Initial cluster state ('new' or 'existing').")
	if err := cfg.clusterState.Set(clusterStateFlagNew); err != nil {
		// Should never happen.
		plog.Panicf("unexpected error setting up clusterStateFlag: %v", err)
	}
	fs.BoolVar(&cfg.StrictReconfigCheck, "strict-reconfig-check", false, "Reject reconfiguration requests that would cause quorum loss.")

	// proxy
	fs.Var(cfg.proxy, "proxy", fmt.Sprintf("Valid values include %s", strings.Join(cfg.proxy.Values, ", ")))
	if err := cfg.proxy.Set(proxyFlagOff); err != nil {
		// Should never happen.
		plog.Panicf("unexpected error setting up proxyFlag: %v", err)
	}
	fs.UintVar(&cfg.ProxyFailureWaitMs, "proxy-failure-wait", 5000, "Time (in milliseconds) an endpoint will be held in a failed state.")
	fs.UintVar(&cfg.ProxyRefreshIntervalMs, "proxy-refresh-interval", 30000, "Time (in milliseconds) of the endpoints refresh interval.")
	fs.UintVar(&cfg.ProxyDialTimeoutMs, "proxy-dial-timeout", 1000, "Time (in milliseconds) for a dial to timeout.")
	fs.UintVar(&cfg.ProxyWriteTimeoutMs, "proxy-write-timeout", 5000, "Time (in milliseconds) for a write to timeout.")
	fs.UintVar(&cfg.ProxyReadTimeoutMs, "proxy-read-timeout", 0, "Time (in milliseconds) for a read to timeout.")

	// security
	fs.StringVar(&cfg.clientTLSInfo.CAFile, "ca-file", "", "DEPRECATED: Path to the client server TLS CA file.")
	fs.StringVar(&cfg.clientTLSInfo.CertFile, "cert-file", "", "Path to the client server TLS cert file.")
	fs.StringVar(&cfg.clientTLSInfo.KeyFile, "key-file", "", "Path to the client server TLS key file.")
	fs.BoolVar(&cfg.clientTLSInfo.ClientCertAuth, "client-cert-auth", false, "Enable client cert authentication.")
	fs.StringVar(&cfg.clientTLSInfo.TrustedCAFile, "trusted-ca-file", "", "Path to the client server TLS trusted CA key file.")
	fs.BoolVar(&cfg.ClientAutoTLS, "auto-tls", false, "Client TLS using generated certificates")
	fs.StringVar(&cfg.peerTLSInfo.CAFile, "peer-ca-file", "", "DEPRECATED: Path to the peer server TLS CA file.")
	fs.StringVar(&cfg.peerTLSInfo.CertFile, "peer-cert-file", "", "Path to the peer server TLS cert file.")
	fs.StringVar(&cfg.peerTLSInfo.KeyFile, "peer-key-file", "", "Path to the peer server TLS key file.")
	fs.BoolVar(&cfg.peerTLSInfo.ClientCertAuth, "peer-client-cert-auth", false, "Enable peer client cert authentication.")
	fs.StringVar(&cfg.peerTLSInfo.TrustedCAFile, "peer-trusted-ca-file", "", "Path to the peer server TLS trusted CA file.")
	fs.BoolVar(&cfg.PeerAutoTLS, "peer-auto-tls", false, "Peer TLS using generated certificates")

	// logging
	fs.BoolVar(&cfg.Debug, "debug", false, "Enable debug-level logging for etcd.")
	fs.StringVar(&cfg.LogPkgLevels, "log-package-levels", "", "Specify a particular log level for each etcd package (eg: 'etcdmain=CRITICAL,etcdserver=DEBUG').")

	// unsafe
	fs.BoolVar(&cfg.ForceNewCluster, "force-new-cluster", false, "Force to create a new one member cluster.")

	// version
	fs.BoolVar(&cfg.printVersion, "version", false, "Print the version and exit.")

	fs.IntVar(&cfg.autoCompactionRetention, "auto-compaction-retention", 0, "Auto compaction retention for mvcc key value store in hour. 0 means disable auto compaction.")

	// pprof profiler via HTTP
	fs.BoolVar(&cfg.enablePprof, "enable-pprof", false, "Enable runtime profiling data via HTTP server. Address is at client URL + \"/debug/pprof\"")

	// ignored
	for _, f := range cfg.ignored {
		fs.Var(&flags.IgnoredFlag{Name: f}, f, "")
	}
	return cfg
}

func (cfg *config) Parse(arguments []string) error {
	perr := cfg.FlagSet.Parse(arguments)
	switch perr {
	case nil:
	case flag.ErrHelp:
		fmt.Println(flagsline)
		os.Exit(0)
	default:
		os.Exit(2)
	}
	if len(cfg.FlagSet.Args()) != 0 {
		return fmt.Errorf("'%s' is not a valid flag", cfg.FlagSet.Arg(0))
	}

	if cfg.printVersion {
		fmt.Printf("etcd Version: %s\n", version.Version)
		fmt.Printf("Git SHA: %s\n", version.GitSHA)
		fmt.Printf("Go Version: %s\n", runtime.Version())
		fmt.Printf("Go OS/Arch: %s/%s\n", runtime.GOOS, runtime.GOARCH)
		os.Exit(0)
	}

	var err error
	if cfg.configFile != "" {
		plog.Infof("Loading server configuration from %q", cfg.configFile)
		err = cfg.configFromFile()
	} else {
		err = cfg.configFromCmdLine()
	}

	return err
}

func (cfg *config) configFromCmdLine() error {
	err := flags.SetFlagsFromEnv("ETCD", cfg.FlagSet)
	if err != nil {
		plog.Fatalf("%v", err)
	}

	cfg.lpurls = flags.URLsFromFlag(cfg.FlagSet, "listen-peer-urls")
	cfg.apurls = flags.URLsFromFlag(cfg.FlagSet, "initial-advertise-peer-urls")
	cfg.lcurls = flags.URLsFromFlag(cfg.FlagSet, "listen-client-urls")
	cfg.acurls = flags.URLsFromFlag(cfg.FlagSet, "advertise-client-urls")

	return cfg.validateConfig(func(field string) bool {
		return flags.IsSet(cfg.FlagSet, field)
	})
}

func (cfg *config) configFromFile() error {
	b, err := ioutil.ReadFile(cfg.configFile)
	if err != nil {
		return err
	}

	err = yaml.Unmarshal(b, cfg)
	if err != nil {
		return err
	}

	if cfg.LPUrlsCfgFile != "" {
		u, err := types.NewURLs(strings.Split(cfg.LPUrlsCfgFile, ","))
		if err != nil {
			plog.Fatalf("unexpected error setting up listen-peer-urls: %v", err)
		}
		cfg.lpurls = []url.URL(u)
	}

	if cfg.LCUrlsCfgFile != "" {
		u, err := types.NewURLs(strings.Split(cfg.LCUrlsCfgFile, ","))
		if err != nil {
			plog.Fatalf("unexpected error setting up listen-client-urls: %v", err)
		}
		cfg.lcurls = []url.URL(u)
	}

	if cfg.CorsCfgFile != "" {
		if err := cfg.corsInfo.Set(cfg.CorsCfgFile); err != nil {
			plog.Panicf("unexpected error setting up cors: %v", err)
		}
	}

	if cfg.ApurlsCfgFile != "" {
		u, err := types.NewURLs(strings.Split(cfg.ApurlsCfgFile, ","))
		if err != nil {
			plog.Fatalf("unexpected error setting up initial-advertise-peer-urls: %v", err)
		}
		cfg.apurls = []url.URL(u)
	}

	if cfg.AcurlsCfgFile != "" {
		u, err := types.NewURLs(strings.Split(cfg.AcurlsCfgFile, ","))
		if err != nil {
			plog.Fatalf("unexpected error setting up advertise-peer-urls: %v", err)
		}
		cfg.acurls = []url.URL(u)
	}

	if cfg.ClusterStateCfgFile != "" {
		if err := cfg.clusterState.Set(cfg.ClusterStateCfgFile); err != nil {
			plog.Panicf("unexpected error setting up clusterStateFlag: %v", err)
		}
	}

	if cfg.FallbackCfgFile != "" {
		if err := cfg.fallback.Set(cfg.FallbackCfgFile); err != nil {
			plog.Panicf("unexpected error setting up discovery-fallback flag: %v", err)
		}
	}

	if cfg.ProxyCfgFile != "" {
		if err := cfg.proxy.Set(cfg.ProxyCfgFile); err != nil {
			plog.Panicf("unexpected error setting up proxyFlag: %v", err)
		}
	}

	copySecurityDetails := func(tls *transport.TLSInfo, ysc *securityConfig) {
		tls.CAFile = ysc.CAFile
		tls.CertFile = ysc.CertFile
		tls.KeyFile = ysc.KeyFile
		tls.ClientCertAuth = ysc.CertAuth
		tls.TrustedCAFile = ysc.TrustedCAFile
	}
	copySecurityDetails(&cfg.clientTLSInfo, &cfg.ClientSecurityCfgFile)
	copySecurityDetails(&cfg.peerTLSInfo, &cfg.PeerSecurityCfgFile)
	cfg.ClientAutoTLS = cfg.ClientSecurityCfgFile.AutoTLS
	cfg.PeerAutoTLS = cfg.PeerSecurityCfgFile.AutoTLS

	fieldsToBeChecked := map[string]bool{
		"discovery":             (cfg.Durl != ""),
		"listen-client-urls":    (cfg.LCUrlsCfgFile != ""),
		"advertise-client-urls": (cfg.AcurlsCfgFile != ""),
		"initial-cluster":       (cfg.InitialCluster != ""),
		"discovery-srv":         (cfg.DnsCluster != ""),
	}

	return cfg.validateConfig(func(field string) bool {
		return fieldsToBeChecked[field]
	})
}

func (cfg *config) validateConfig(isSet func(field string) bool) error {
	if err := checkBindURLs(cfg.lpurls); err != nil {
		return err
	}
	if err := checkBindURLs(cfg.lcurls); err != nil {
		return err
	}

	// when etcd runs in member mode user needs to set --advertise-client-urls if --listen-client-urls is set.
	// TODO(yichengq): check this for joining through discovery service case
	mayFallbackToProxy := isSet("discovery") && cfg.fallback.String() == fallbackFlagProxy
	mayBeProxy := cfg.proxy.String() != proxyFlagOff || mayFallbackToProxy
	if !mayBeProxy {
		if isSet("listen-client-urls") && !isSet("advertise-client-urls") {
			return errUnsetAdvertiseClientURLsFlag
		}
	}

	// Check if conflicting flags are passed.
	nSet := 0
	for _, v := range []bool{isSet("discovery"), isSet("initial-cluster"), isSet("discovery-srv")} {
		if v {
			nSet += 1
		}
	}

	if nSet > 1 {
		return ErrConflictBootstrapFlags
	}

	if 5*cfg.TickMs > cfg.ElectionMs {
		return fmt.Errorf("--election-timeout[%vms] should be at least as 5 times as --heartbeat-interval[%vms]", cfg.ElectionMs, cfg.TickMs)
	}
	if cfg.ElectionMs > maxElectionMs {
		return fmt.Errorf("--election-timeout[%vms] is too long, and should be set less than %vms", cfg.ElectionMs, maxElectionMs)
	}

	return nil
}

func initialClusterFromName(name string) string {
	n := name
	if name == "" {
		n = defaultName
	}
	return fmt.Sprintf("%s=http://localhost:2380", n)
}

func (cfg config) isNewCluster() bool          { return cfg.clusterState.String() == clusterStateFlagNew }
func (cfg config) isProxy() bool               { return cfg.proxy.String() != proxyFlagOff }
func (cfg config) isReadonlyProxy() bool       { return cfg.proxy.String() == proxyFlagReadonly }
func (cfg config) shouldFallbackToProxy() bool { return cfg.fallback.String() == fallbackFlagProxy }

func (cfg config) electionTicks() int { return int(cfg.ElectionMs / cfg.TickMs) }

// checkBindURLs returns an error if any URL uses a domain name.
// TODO: return error in 3.2.0
func checkBindURLs(urls []url.URL) error {
	for _, url := range urls {
		if url.Scheme == "unix" || url.Scheme == "unixs" {
			continue
		}
		host, _, err := net.SplitHostPort(url.Host)
		if err != nil {
			return err
		}
		if host == "localhost" {
			// special case for local address
			// TODO: support /etc/hosts ?
			continue
		}
		if net.ParseIP(host) == nil {
			err := fmt.Errorf("expected IP in URL for binding (%s)", url.String())
			plog.Warning(err)
		}
	}
	return nil
}