新增etcd认证配置

2026-02-03 22:45:13 +08:00 · 2025-01-08 18:11:20 +08:00
parent d4966ea129
commit 3a4350769c
3 changed files with 54 additions and 12 deletions
--- a/cluster/etcddiscovery.go
+++ b/cluster/etcddiscovery.go
@@ -13,10 +13,12 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"go.uber.org/zap"
 	"path"
 	"strings"
 	"sync/atomic"
+	"io/ioutil"
+	"crypto/x509"
+	"crypto/tls"
 )

 const originDir = "/origin"
@@ -40,11 +42,16 @@ type EtcdDiscoveryService struct {
 	mapDiscoveryNodeId map[string]map[string]struct{} //map[networkName]map[nodeId]
 }

+var  etcdDiscovery *EtcdDiscoveryService
 func getEtcdDiscovery() IServiceDiscovery {
-	etcdDiscovery := &EtcdDiscoveryService{}
+	if etcdDiscovery == nil {
+		etcdDiscovery = &EtcdDiscoveryService{}
+	}
+
 	return etcdDiscovery
 }

+
 func (ed *EtcdDiscoveryService) InitDiscovery(localNodeId string, funDelNode FunDelNode, funSetNode FunSetNode) error {
 	ed.localNodeId = localNodeId

@@ -87,15 +94,44 @@ func (ed *EtcdDiscoveryService) OnInit() error {
 	}

 	for i := 0; i < len(etcdDiscoveryCfg.EtcdList); i++ {
-		client, cerr := clientv3.New(clientv3.Config{
+		var client *clientv3.Client
+		var tlsConfig *tls.Config
+
+		if etcdDiscoveryCfg.EtcdList[i].Cert != "" {
+			// load cert
+			cert, cerr := tls.LoadX509KeyPair(etcdDiscoveryCfg.EtcdList[i].Cert, etcdDiscoveryCfg.EtcdList[i].CertKey)
+			if cerr != nil {
+				log.Error("load cert error", log.ErrorField("err", cerr))
+				return cerr
+			}
+
+			// load root ca
+			caData, cerr := ioutil.ReadFile(etcdDiscoveryCfg.EtcdList[i].Ca)
+			if cerr != nil {
+				log.Error("load root ca error", log.ErrorField("err", cerr))
+				return cerr
+			}
+			pool := x509.NewCertPool()
+			pool.AppendCertsFromPEM(caData)
+			tlsConfig = &tls.Config{
+				Certificates: []tls.Certificate{cert},
+				RootCAs:      pool,
+			}
+		}
+
+		client, err = clientv3.New(clientv3.Config{
 			Endpoints:   etcdDiscoveryCfg.EtcdList[i].Endpoints,
 			DialTimeout: etcdDiscoveryCfg.DialTimeoutMillisecond,
-			Logger:      zap.NewNop(),
+			Username: etcdDiscoveryCfg.EtcdList[i].UserName,
+			Password: etcdDiscoveryCfg.EtcdList[i].Password,
+			Logger:      log.GetLogger().Logger,
+			TLS: tlsConfig,
 		})

-		if cerr != nil {
-			log.Error("etcd discovery init fail", log.ErrorField("err", cerr))
-			return cerr
+
+		if err != nil {
+			log.Error("etcd discovery init fail", log.ErrorField("err", err))
+			return err
 		}

 		ctx, _ := context.WithTimeout(context.Background(), time.Second*3)
--- a/cluster/parsecfg.go
+++ b/cluster/parsecfg.go
@@ -15,9 +15,15 @@ import (

 var json = jsoniter.ConfigCompatibleWithStandardLibrary

+
 type EtcdList struct {
 	NetworkName []string
 	Endpoints   []string
+	UserName string
+	Password string
+	Cert string
+	CertKey string
+	Ca string
 }

 type EtcdDiscovery struct {
--- a/util/smath/smath.go
+++ b/util/smath/smath.go
@@ -32,10 +32,10 @@ func Abs[NumType typ.Signed | typ.Float](Num NumType) NumType {
 func AddSafe[NumType typ.Number](number1 NumType, number2 NumType) (NumType, bool) {
 	ret := number1 + number2
 	if number2 > 0 && ret < number1 {
-		log.Stack("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
+		log.SStackError("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
 		return ret, false
 	} else if number2 < 0 && ret > number1 {
-		log.Stack("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
+		log.SStackError("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
 		return ret, false
 	}

@@ -45,10 +45,10 @@ func AddSafe[NumType typ.Number](number1 NumType, number2 NumType) (NumType, boo
 func SubSafe[NumType typ.Number](number1 NumType, number2 NumType) (NumType, bool) {
 	ret := number1 - number2
 	if number2 > 0 && ret > number1 {
-		log.Stack("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
+		log.SStackError("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
 		return ret, false
 	} else if number2 < 0 && ret < number1 {
-		log.Stack("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
+		log.SStackError("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
 		return ret, false
 	}

@@ -65,7 +65,7 @@ func MulSafe[NumType typ.Number](number1 NumType, number2 NumType) (NumType, boo
 		return ret, true
 	}

-	log.Stack("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
+	log.SStackError("Calculation overflow", log.Any("number1", number1), log.Any("number2", number2))
 	return ret, true
 }