store

package
v0.0.21 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 27, 2023 License: Apache-2.0 Imports: 51 Imported by: 0

Documentation

Overview

Package store provides raft consensus and data storage for webmesh nodes.

Package store provides raft consensus and data storage for webmesh nodes.

Index

Constants

View Source 
const (
	AuthBasicEnabledEnvVar  = "AUTH_BASIC_ENABLED"
	AuthBasicUsernameEnvVar = "AUTH_BASIC_USERNAME"
	AuthBasicPasswordEnvVar = "AUTH_BASIC_PASSWORD"
	MTLSEnabledEnvVar       = "AUTH_MTLS_ENABLED"
	MTLSKeyFileEnvVar       = "AUTH_MTLS_KEY_FILE"
	MTLSCertFileEnvVar      = "AUTH_MTLS_CERT_FILE"
)
View Source 
const (
	BootstrapEnabledEnvVar              = "BOOTSTRAP_ENABLED"
	AdvertiseAddressEnvVar              = "BOOTSTRAP_ADVERTISE_ADDRESS"
	BootstrapServersEnvVar              = "BOOTSTRAP_SERVERS"
	BootstrapServersGRPCPortsEnvVar     = "BOOTSTRAP_SERVERS_GRPC_PORTS"
	BootstrapIPv4NetworkEnvVar          = "BOOTSTRAP_IPV4_NETWORK"
	BootstrapMeshDomainEnvVar           = "BOOTSTRAP_MESH_DOMAIN"
	BootstrapAdminEnvVar                = "BOOTSTRAP_ADMIN"
	BootstrapVotersEnvVar               = "BOOTSTRAP_VOTERS"
	BootstrapDefaultNetworkPolicyEnvVar = "BOOTSTRAP_DEFAULT_NETWORK_POLICY"
	BootstrapRestoreSnapshotEnvVar      = "BOOTSTRAP_RESTORE_SNAPSHOT"
	ForceBootstrapClusterEnvVar         = "BOOTSTRAP_FORCE"
)
View Source 
const (
	DefaultIPv4Network   = "172.16.0.0/12"
	DefaultMeshDomain    = "webmesh.internal."
	DefaultAdminUser     = "admin"
	DefaultNetworkPolicy = NetworkPolicyDeny
)
View Source 
const (
	NodeIDEnvVar                 = "MESH_NODE_ID"
	ZoneAwarenessIDEnvVar        = "MESH_ZONE_AWARENESS_ID"
	JoinAddressEnvVar            = "MESH_JOIN_ADDRESS"
	PeerDiscoveryAddressesEnvVar = "MESH_PEER_DISCOVERY_ADDRESSES"
	JoinAsVoterEnvVar            = "MESH_JOIN_AS_VOTER"
	MaxJoinRetriesEnvVar         = "MESH_MAX_JOIN_RETRIES"
	JoinTimeoutEnvVar            = "MESH_JOIN_TIMEOUT"
	GRPCAdvertisePortEnvVar      = "MESH_GRPC_PORT"
	PrimaryEndpointEnvVar        = "MESH_PRIMARY_ENDPOINT"
	NodeRoutesEnvVar             = "MESH_ROUTES"
	NodeDirectPeersEnvVar        = "MESH_DIRECT_PEERS"
	NoIPv4EnvVar                 = "MESH_NO_IPV4"
	NoIPv6EnvVar                 = "MESH_NO_IPV6"
)
View Source 
const (
	RaftListenAddressEnvVar   = "RAFT_LISTEN_ADDRESS"
	DataDirEnvVar             = "RAFT_DATA_DIR"
	InMemoryEnvVar            = "RAFT_IN_MEMORY"
	ConnectionPoolCountEnvVar = "RAFT_CONNECTION_POOL_COUNT"
	ConnectionTimeoutEnvVar   = "RAFT_CONNECTION_TIMEOUT"
	HeartbeatTimeoutEnvVar    = "RAFT_HEARTBEAT_TIMEOUT"
	ElectionTimeoutEnvVar     = "RAFT_ELECTION_TIMEOUT"
	ApplyTimeoutEnvVar        = "RAFT_APPLY_TIMEOUT"
	CommitTimeoutEnvVar       = "RAFT_COMMIT_TIMEOUT"
	MaxAppendEntriesEnvVar    = "RAFT_MAX_APPEND_ENTRIES"
	LeaderLeaseTimeoutEnvVar  = "RAFT_LEADER_LEASE_TIMEOUT"
	SnapshotIntervalEnvVar    = "RAFT_SNAPSHOT_INTERVAL"
	SnapshotThresholdEnvVar   = "RAFT_SNAPSHOT_THRESHOLD"
	SnapshotRetentionEnvVar   = "RAFT_SNAPSHOT_RETENTION"
	ObserverChanBufferEnvVar  = "RAFT_OBSERVER_CHAN_BUFFER"
	RaftLogLevelEnvVar        = "RAFT_LOG_LEVEL"
	RaftPreferIPv6EnvVar      = "RAFT_PREFER_IPV6"
	LeaveOnShutdownEnvVar     = "RAFT_LEAVE_ON_SHUTDOWN"
	StartupTimeoutEnvVar      = "RAFT_STARTUP_TIMEOUT"
	ShutdownTimeoutEnvVar     = "RAFT_SHUTDOWN_TIMEOUT"

	// RaftStorePath is the raft stable and log store directory.
	RaftStorePath = "raft-badger"
	// DataStoragePath is the raft data storage directory.
	DataStoragePath = "raft-data"
)
View Source 
const (
	CAFileEnvVar             = "TLS_CA_FILE"
	VerifyChainOnlyEnvVar    = "TLS_VERIFY_CHAIN_ONLY"
	InsecureSkipVerifyEnvVar = "TLS_INSECURE_SKIP_VERIFY"
	InsecureEnvVar           = "TLS_INSECURE"
)
View Source 
const (
	WireguardListenPortEnvVar            = "WIREGUARD_LISTEN_PORT"
	WireguardNameEnvVar                  = "WIREGUARD_INTERFACE_NAME"
	WireguardForceNameEnvVar             = "WIREGUARD_FORCE_INTERFACE_NAME"
	WireguardForceTUNEnvVar              = "WIREGUARD_FORCE_TUN"
	WireguardModprobeEnvVar              = "WIREGUARD_MODPROBE"
	WireguardMasqueradeEnvVar            = "WIREGUARD_MASQUERADE"
	WireguardAllowedIPsEnvVar            = "WIREGUARD_ALLOWED_IPS"
	WireguardPersistentKeepaliveEnvVar   = "WIREGUARD_PERSISTENT_KEEPALIVE"
	WireguardMTUEnvVar                   = "WIREGUARD_MTU"
	WireGuardEndpointsEnvVar             = "WIREGUARD_ENDPOINTS"
	WireGuardKeyFileEnvVar               = "WIREGUARD_KEY_FILE"
	WireGuardKeyRotationIntervalEnvVar   = "WIREGUARD_KEY_ROTATION_INTERVAL"
	WireGuardRecordMetricsEnvVar         = "WIREGUARD_RECORD_METRICS"
	WireGuardRecordMetricsIntervalEnvVar = "WIREGUARD_RECORD_METRICS_INTERVAL"
)

Variables

View Source 
var (
	// ErrNotLeader is returned when a Raft request is made to a
	// non-leader node.
	ErrNotLeader = fmt.Errorf("not leader")
	// ErrNotOpen is returned when a Raft request is made to a
	// non-open store.
	ErrNotOpen = fmt.Errorf("not open")
	// ErrOpen is returned when a store is already open.
	ErrOpen = fmt.Errorf("already open")
	// ErrNotReady is returned when a store is not ready.
	ErrNotReady = fmt.Errorf("not ready")
)

Functions

This section is empty.

Types

type AuthOptions 

type AuthOptions struct {
	// Basic are options for basic authentication.
	Basic *BasicAuthOptions `json:"basic,omitempty" yaml:"basic,omitempty" toml:"basic,omitempty"`
	// MTLS are options for mutual TLS.
	MTLS *MTLSOptions `json:"mtls,omitempty" yaml:"mtls,omitempty" toml:"mtls,omitempty"`
	// LDAP are options for LDAP authentication.
	LDAP *LDAPAuthOptions `json:"ldap,omitempty" yaml:"ldap,omitempty" toml:"ldap,omitempty"`
}

AuthOptions are options for authentication.

func NewAuthOptions 

func NewAuthOptions() *AuthOptions

NewAuthOptions creates a new AuthOptions.

func (*AuthOptions) BindFlags 

func (o *AuthOptions) BindFlags(fl *flag.FlagSet)

BindFlags binds the flags to the options.

func (*AuthOptions) Validate 

func (o *AuthOptions) Validate() error

type BasicAuthOptions 

type BasicAuthOptions struct {
	// Username is the username.
	Username string `json:"username,omitempty" yaml:"username,omitempty" toml:"username,omitempty"`
	// Password is the password.
	Password string `json:"password,omitempty" yaml:"password,omitempty" toml:"password,omitempty"`
}

BasicAuthOptions are options for basic authentication.

type BootstrapOptions 

type BootstrapOptions struct {
	// Enabled is the flag to attempt bootstrapping. If true, the node will only bootstrap a new cluster
	// if no data is found. To force a bootstrap, set Force to true.
	Enabled bool `json:"enabled,omitempty" yaml:"enabled,omitempty" toml:"enabled,omitempty"`
	// AdvertiseAddress is the initial address to advertise for raft consensus.
	AdvertiseAddress string `json:"advertise-address,omitempty" yaml:"advertise-address,omitempty" toml:"advertise-address,omitempty"`
	// Servers is a comma separated list of servers to bootstrap with. If not empty, all
	// nodes in the list should be started with the same list and BootstrapIPv4Network. If the
	// BootstrapIPv4Network is not the same, the first node to become leader will pick it. Servers
	// should be in the form of <node-id>=<address> where address is the advertise address.
	Servers string `json:"servers,omitempty" yaml:"servers,omitempty" toml:"servers,omitempty"`
	// ServersGRPCPorts is a comma separated list of gRPC ports to bootstrap with. If empty, the node will
	// use the advertise address and local gRPC port for every node in BootstrapServers. Ports should be
	// in the form of <node-id>=<port>.
	ServersGRPCPorts string `json:"servers-grpc-ports,omitempty" yaml:"servers-grpc-ports,omitempty" toml:"servers-grpc-ports,omitempty"`
	// IPv4Network is the IPv4 network of the mesh to write to the database when bootstraping a new cluster.
	IPv4Network string `json:"ipv4-network,omitempty" yaml:"ipv4-network,omitempty" toml:"ipv4-network,omitempty"`
	// MeshDomain is the domain of the mesh to write to the database when bootstraping a new cluster.
	MeshDomain string `json:"mesh-domain,omitempty" yaml:"mesh-domain,omitempty" toml:"mesh-domain,omitempty"`
	// Admin is the user and/or node name to assign administrator privileges to when bootstraping a new cluster.
	Admin string `json:"admin,omitempty" yaml:"admin,omitempty" toml:"admin,omitempty"`
	// Voters is a comma separated list of node IDs to assign voting privileges to when bootstraping a new cluster.
	// BootstrapServers are automatically added to this list.
	Voters string `json:"voters,omitempty" yaml:"voters,omitempty" toml:"voters,omitempty"`
	// DefaultNetworkPolicy is the default network policy to apply to the mesh when bootstraping a new cluster.
	DefaultNetworkPolicy string `json:"default-network-policy,omitempty" yaml:"default-network-policy,omitempty" toml:"default-network-policy,omitempty"`
	// RestoreSnapshot is the path to a snapshot to restore from when bootstrapping a new cluster.
	RestoreSnapshot string `json:"restore-snapshot,omitempty" yaml:"restore-snapshot,omitempty" toml:"restore-snapshot,omitempty"`
	// Force is the force new bootstrap flag.
	Force bool `json:"force,omitempty" yaml:"force,omitempty" toml:"force,omitempty"`
}

BootstrapOptions are the bootstrap options.

func NewBootstrapOptions 

func NewBootstrapOptions() *BootstrapOptions

NewBootstrapOptions creates a new BootstrapOptions.

func (*BootstrapOptions) BindFlags 

func (o *BootstrapOptions) BindFlags(fl *flag.FlagSet)

BindFlags binds the bootstrap options to the flag set.

func (*BootstrapOptions) Validate 

func (o *BootstrapOptions) Validate() error

Validate validates the bootstrap options.

type LDAPAuthOptions 

type LDAPAuthOptions struct {
	// Username is the username.
	Username string `json:"username,omitempty" yaml:"username,omitempty" toml:"username,omitempty"`
	// Password is the password.
	Password string `json:"password,omitempty" yaml:"password,omitempty" toml:"password,omitempty"`
}

LDAPAuthOptions are options for LDAP authentication.

type LogStoreCloser 

type LogStoreCloser interface {
	io.Closer
	raft.LogStore
}

LogStoreCloser is a LogStore that can be closed.

type MTLSOptions 

type MTLSOptions struct {
	// CertFile is the path to a TLS certificate file to present when joining. Either this
	// or CertData must be set.
	CertFile string `yaml:"cert-file,omitempty" json:"cert-file,omitempty" toml:"cert-file,omitempty"`
	// CertData is the base64 encoded TLS certificate data to present when joining. Either this
	// or CertFile must be set.
	CertData string `yaml:"cert-data,omitempty" json:"cert-data,omitempty" toml:"cert-data,omitempty"`
	// KeyFile is the path to a TLS key file for the certificate. Either this or KeyData must be set.
	KeyFile string `yaml:"key-file,omitempty" json:"key-file,omitempty" toml:"tls-file,omitempty"`
	// KeyData is the base64 encoded TLS key data for the certificate. Either this or KeyFile must be set.
	KeyData string `yaml:"key-data,omitempty" json:"key-data,omitempty" toml:"tls-data,omitempty"`
}

MTLSOptions are options for mutual TLS.

type MeshOptions 

type MeshOptions struct {
	// NodeID is the node ID.
	NodeID string `json:"node-id,omitempty" yaml:"node-id,omitempty" toml:"node-id,omitempty"`
	// ZoneAwarenessID is the zone awareness ID.
	ZoneAwarenessID string `json:"zone-awareness-id,omitempty" yaml:"zone-awareness-id,omitempty" toml:"zone-awareness-id,omitempty"`
	// JoinAddress is the address of a node to join.
	JoinAddress string `json:"join-address,omitempty" yaml:"join-address,omitempty" toml:"join-address,omitempty"`
	// PeerDiscoveryAddresses are the addresses to use for peer discovery.
	PeerDiscoveryAddresses []string `json:"peer-discovery-addresses,omitempty" yaml:"peer-discovery-addresses,omitempty" toml:"peer-discovery-addresses,omitempty"`
	// MaxJoinRetries is the maximum number of join retries.
	MaxJoinRetries int `json:"max-join-retries,omitempty" yaml:"max-join-retries,omitempty" toml:"max-join-retries,omitempty"`
	// Voter is true if the node should be a voter.
	JoinAsVoter bool `json:"voter,omitempty" yaml:"voter,omitempty" toml:"voter,omitempty"`
	// PrimaryEndpoint is the primary endpoint to advertise when joining.
	PrimaryEndpoint string `json:"primary-endpoint,omitempty" yaml:"primary-endpoint,omitempty" toml:"primary-endpoint,omitempty"`
	// Routes are additional routes to advertise to the mesh. These routes are advertised to all peers.
	// If the node is not allowed to put routes in the mesh, the node will be unable to join.
	Routes []string `json:"routes,omitempty" yaml:"routes,omitempty" toml:"routes,omitempty"`
	// DirectPeers are peers to request direct edges to. If the node is not allowed to create edges
	// and data channels, the node will be unable to join.
	DirectPeers []string `json:"direct-peers,omitempty" yaml:"direct-peers,omitempty" toml:"direct-peers,omitempty"`
	// GRPCPort is the port to advertise for gRPC.
	GRPCPort int `json:"grpc-port,omitempty" yaml:"grpc-port,omitempty" toml:"grpc-port,omitempty"`
	// NoIPv4 disables IPv4 usage.
	NoIPv4 bool `json:"no-ipv4,omitempty" yaml:"no-ipv4,omitempty" toml:"no-ipv4,omitempty"`
	// NoIPv6 disables IPv6 usage.
	NoIPv6 bool `json:"no-ipv6,omitempty" yaml:"no-ipv6,omitempty" toml:"no-ipv6,omitempty"`
}

MeshOptions are the options for participating in a mesh.

func NewMeshOptions 

func NewMeshOptions() *MeshOptions

NewMeshOptions creates a new MeshOptions with default values.

func (*MeshOptions) BindFlags 

func (o *MeshOptions) BindFlags(fl *flag.FlagSet)

BindFlags binds the MeshOptions to a flag set.

func (*MeshOptions) Validate 

func (o *MeshOptions) Validate() error

Validate validates the MeshOptions.

type NetworkPolicy 

type NetworkPolicy string

NetworkPolicy is a type of network policy. 

const (
	// NetworkPolicyAccept is the accept network policy.
	NetworkPolicyAccept NetworkPolicy = "accept"
	// NetworkPolicyDeny is the deny network policy.
	NetworkPolicyDeny NetworkPolicy = "deny"
)

func (NetworkPolicy) IsValid 

func (n NetworkPolicy) IsValid() bool

IsValid returns if the network policy is valid.

type Options 

type Options struct {
	// Auth are options for authentication to the mesh.
	Auth *AuthOptions `json:"auth,omitempty" yaml:"auth,omitempty" toml:"auth,omitempty"`
	// Mesh are options for participating in an existing mesh.
	Mesh *MeshOptions `json:"mesh,omitempty" yaml:"mesh,omitempty" toml:"mesh,omitempty"`
	// Bootstrap are options for bootstrapping the store.
	Bootstrap *BootstrapOptions `json:"bootstrap,omitempty" yaml:"bootstrap,omitempty" toml:"bootstrap,omitempty"`
	// Raft are options for the raft store.
	Raft *RaftOptions `json:"raft,omitempty" yaml:"raft,omitempty" toml:"raft,omitempty"`
	// TLS are options for TLS.
	TLS *TLSOptions `json:"tls,omitempty" yaml:"tls,omitempty" toml:"tls,omitempty"`
	// WireGuard are options for WireGuard.
	WireGuard *WireGuardOptions `json:"wireguard,omitempty" yaml:"wireguard,omitempty" toml:"wireguard,omitempty"`
	// Plugins are options for plugins.
	Plugins *plugins.Options `yaml:"plugins,omitempty" json:"plugins,omitempty" toml:"plugins,omitempty"`
}

Options are the options for the store.

func NewOptions 

func NewOptions() *Options

NewOptions returns new options with sensible defaults.

func (*Options) BindFlags 

func (o *Options) BindFlags(fl *flag.FlagSet)

BindFlags binds the options to the flags.

func (*Options) TLSConfig 

func (o *Options) TLSConfig() (*tls.Config, error)

TLSConfig returns the TLS configuration.

func (*Options) Validate 

func (o *Options) Validate() error

Validate validates the options.

type RaftOptions 

type RaftOptions struct {
	// ListenAddress is the address to listen on for raft.
	ListenAddress string `json:"listen-address,omitempty" yaml:"listen-address,omitempty" toml:"listen-address,omitempty"`
	// DataDir is the directory to store data in.
	DataDir string `json:"data-dir,omitempty" yaml:"data-dir,omitempty" toml:"data-dir,omitempty"`
	// InMemory is if the store should be in memory. This should only be used for testing and ephemeral nodes.
	InMemory bool `json:"in-memory,omitempty" yaml:"in-memory,omitempty" toml:"in-memory,omitempty"`
	// ConnectionPoolCount is the number of connections to pool. If 0, no connection pooling is used.
	ConnectionPoolCount int `json:"connection-pool-count,omitempty" yaml:"connection-pool-count,omitempty" toml:"connection-pool-count,omitempty"`
	// ConnectionTimeout is the timeout for connections.
	ConnectionTimeout time.Duration `json:"connection-timeout,omitempty" yaml:"connection-timeout,omitempty" toml:"connection-timeout,omitempty"`
	// HeartbeatTimeout is the timeout for heartbeats.
	HeartbeatTimeout time.Duration `json:"heartbeat-timeout,omitempty" yaml:"heartbeat-timeout,omitempty" toml:"heartbeat-timeout,omitempty"`
	// ElectionTimeout is the timeout for elections.
	ElectionTimeout time.Duration `json:"election-timeout,omitempty" yaml:"election-timeout,omitempty" toml:"election-timeout,omitempty"`
	// ApplyTimeout is the timeout for applying.
	ApplyTimeout time.Duration `json:"apply-timeout,omitempty" yaml:"apply-timeout,omitempty" toml:"apply-timeout,omitempty"`
	// CommitTimeout is the timeout for committing.
	CommitTimeout time.Duration `json:"commit-timeout,omitempty" yaml:"commit-timeout,omitempty" toml:"commit-timeout,omitempty"`
	// MaxAppendEntries is the maximum number of append entries.
	MaxAppendEntries int `json:"max-append-entries,omitempty" yaml:"max-append-entries,omitempty" toml:"max-append-entries,omitempty"`
	// LeaderLeaseTimeout is the timeout for leader leases.
	LeaderLeaseTimeout time.Duration `json:"leader-lease-timeout,omitempty" yaml:"leader-lease-timeout,omitempty" toml:"leader-lease-timeout,omitempty"`
	// SnapshotInterval is the interval to take snapshots.
	SnapshotInterval time.Duration `json:"snapshot-interval,omitempty" yaml:"snapshot-interval,omitempty" toml:"snapshot-interval,omitempty"`
	// SnapshotThreshold is the threshold to take snapshots.
	SnapshotThreshold uint64 `json:"snapshot-threshold,omitempty" yaml:"snapshot-threshold,omitempty" toml:"snapshot-threshold,omitempty"`
	// SnapshotRetention is the number of snapshots to retain.
	SnapshotRetention uint64 `json:"snapshot-retention,omitempty" yaml:"snapshot-retention,omitempty" toml:"snapshot-retention,omitempty"`
	// ObserverChanBuffer is the buffer size for the observer channel.
	ObserverChanBuffer int `json:"observer-chan-buffer,omitempty" yaml:"observer-chan-buffer,omitempty" toml:"observer-chan-buffer,omitempty"`
	// LogLevel is the log level for the raft backend.
	LogLevel string `json:"log-level,omitempty" yaml:"log-level,omitempty" toml:"log-level,omitempty"`
	// PreferIPv6 is the prefer IPv6 flag.
	PreferIPv6 bool `json:"prefer-ipv6,omitempty" yaml:"prefer-ipv6,omitempty" toml:"prefer-ipv6,omitempty"`
	// LeaveOnShutdown is the leave on shutdown flag.
	LeaveOnShutdown bool `json:"leave-on-shutdown,omitempty" yaml:"leave-on-shutdown,omitempty" toml:"leave-on-shutdown,omitempty"`
	// ShutdownTimeout is the timeout for shutting down.
	ShutdownTimeout time.Duration `json:"shutdown-timeout,omitempty" yaml:"shutdown-timeout,omitempty" toml:"shutdown-timeout,omitempty"`
}

RaftOptions are the raft options.

func NewRaftOptions 

func NewRaftOptions() *RaftOptions

NewRaftOptions returns new raft options with the default values.

func (*RaftOptions) BindFlags 

func (o *RaftOptions) BindFlags(fl *flag.FlagSet)

BindFlags binds the flags to the options.

func (*RaftOptions) DataStoragePath 

func (o *RaftOptions) DataStoragePath() string

DataStoragePath returns the data directory.

func (*RaftOptions) Logger 

func (o *RaftOptions) Logger(name string) hclog.Logger

Logger returns a new logger.

func (*RaftOptions) RaftConfig 

func (o *RaftOptions) RaftConfig(nodeID string) *raft.Config

RaftConfig builds a raft config.

func (*RaftOptions) StorePath 

func (o *RaftOptions) StorePath() string

StorePath returns the stable store path.

func (*RaftOptions) Validate 

func (o *RaftOptions) Validate() error

Validate validates the raft options.

type StableStoreCloser 

type StableStoreCloser interface {
	io.Closer
	raft.StableStore
}

StableStoreCloser is a StableStore that can be closed.

type Store 

type Store interface {
	// ID returns the node ID.
	ID() string
	// Domain returns the domain of the mesh network.
	Domain() string
	// Open opens the store. This must be called before the store can be used.
	// The Ready functions should be used to determine when the store is ready
	// to serve requests, after which the Wireguard interface will also be available.
	// The context is used to enforce timeouts on certain operations.
	Open(context.Context) error
	// IsOpen returns true if the store is open.
	IsOpen() bool
	// Close closes the store.
	Close() error
	// Ready returns true if the store is ready to serve requests.
	Ready() bool
	// ReadyNotify returns a channel that is closed when the store is ready
	// to serve requests. Ready is defined as having a leader.
	ReadyNotify(ctx context.Context) <-chan struct{}
	// ReadyError returns a channel that will receive an error if the store
	// fails to become ready. This is only applicable during an initial
	// bootstrap. If the store is already bootstrapped then this channel
	// will block until the store is ready and then return nil.
	ReadyError(ctx context.Context) <-chan error
	// State returns the current Raft state.
	State() raft.RaftState
	// IsLeader returns true if this node is the Raft leader.
	IsLeader() bool
	// Leader returns the current Raft leader ID.
	Leader() (raft.ServerID, error)
	// LeaderAddr returns the current Raft leader's raft address.
	LeaderAddr() (string, error)
	// LeaderRPCAddr returns the current Raft leader's gRPC address.
	LeaderRPCAddr(ctx context.Context) (string, error)
	// Stepdown forces this node to relinquish leadership to another node in
	// the cluster. If wait is true then this method will block until the
	// leadership transfer is complete and return any error that occurred.
	Stepdown(wait bool) error
	// AddNonVoter adds a non-voting node to the cluster with timeout enforced by the context.
	AddNonVoter(ctx context.Context, id string, addr string) error
	// AddVoter adds a voting node to the cluster with timeout enforced by the context.
	AddVoter(ctx context.Context, id string, addr string) error
	// DemoteVoter demotes a voting node to a non-voting node with timeout enforced by the context.
	DemoteVoter(ctx context.Context, id string) error
	// RemoveServer removes a peer from the cluster with timeout enforced by the context.
	RemoveServer(ctx context.Context, id string, wait bool) error
	// Storage returns a storage interface for use by the application.
	Storage() storage.Storage
	// Raft returns the Raft interface. Note that the returned value
	// may be nil if the store is not open.
	Raft() *raft.Raft
	// WireGuard returns the WireGuard interface. Note that the returned value
	// may be nil if the store is not open.
	WireGuard() wireguard.Interface
	// Plugins returns the plugin manager. Note that the returned value
	// may be nil if the store is not open.
	Plugins() plugins.Manager
}

Store is the store interface. It contains the state of the mesh and manages the WireGuard interface.

func New 

func New(opts *Options) (Store, error)

New creates a new store. You must call Open() on the returned store before it can become ready to use.

func NewTestCluster 

func NewTestCluster(ctx context.Context, numNodes int, startPort int) ([]Store, error)

NewTestCluster creates a new test cluster and waits for it to be ready. The context is used to enforce startup timeouts. Clusters cannot be created in parallel without specifying unique raft ports. If startPort is 0, a default port will be used. The number of nodes must be greater than 0.

func NewTestStore 

func NewTestStore(ctx context.Context) (Store, error)

NewTestStore creates a new test store and waits for it to be ready. The context is used to enforce startup timeouts.

type TLSOptions 

type TLSOptions struct {
	// CAFile is the path to a TLS CA file for verification. If this and CAData are empty, the system CA pool is used.
	CAFile string `yaml:"tls-ca-file,omitempty" json:"tls-ca-file,omitempty" toml:"tls-ca-file,omitempty"`
	// CAData is the base64 encoded TLS CA data for verification. If this and CAFile are empty, the system CA pool is used.
	CAData string `yaml:"tls-ca-data,omitempty" json:"tls-ca-data,omitempty" toml:"tls-ca-data,omitempty"`
	// VerifyChainOnly is true if only the certificate chain should be verified.
	VerifyChainOnly bool `yaml:"verify-chain-only,omitempty" json:"verify-chain-only,omitempty" toml:"verify-chain-only,omitempty"`
	// InsecureSkipVerify is true if the server TLS cert should not be verified.
	InsecureSkipVerify bool `yaml:"insecure-skip-verify,omitempty" json:"insecure-skip-verify,omitempty" toml:"insecure-skip-verify,omitempty"`
	// Insecure is true if the gRPC connection should be insecure.
	Insecure bool `yaml:"insecure,omitempty" json:"insecure,omitempty" toml:"insecure,omitempty"`
}

TLSOptions are options for TLS communication when joining a mesh.

func NewTLSOptions 

func NewTLSOptions() *TLSOptions

NewTLSOptions creates a new TLSOptions with default values.

func (*TLSOptions) BindFlags 

func (o *TLSOptions) BindFlags(fl *flag.FlagSet)

BindFlags binds the TLS options to the flag set.

type WireGuardOptions 

type WireGuardOptions struct {
	// ListenPort is the port to listen on.
	ListenPort int `yaml:"listen-port,omitempty" json:"listen-port,omitempty" toml:"listen-port,omitempty"`
	// InterfaceName is the name of the interface.
	InterfaceName string `yaml:"interface-name,omitempty" json:"interface-name,omitempty" toml:"interface-name,omitempty"`
	// ForceInterfaceName forces the use of the given name by deleting
	// any pre-existing interface with the same name.
	ForceInterfaceName bool `yaml:"force-interface-name,omitempty" json:"force-interface-name,omitempty" toml:"force-interface-name,omitempty"`
	// ForceTUN forces the use of a TUN interface.
	ForceTUN bool `yaml:"force-tun,omitempty" json:"force-tun,omitempty" toml:"force-tun,omitempty"`
	// Modprobe attempts to probe the wireguard module.
	Modprobe bool `yaml:"modprobe,omitempty" json:"modprobe,omitempty" toml:"modprobe,omitempty"`
	// Masquerade enables masquerading of traffic from the wireguard interface.
	Masquerade bool `yaml:"masquerade,omitempty" json:"masquerade,omitempty" toml:"masquerade,omitempty"`
	// PersistentKeepAlive is the interval at which to send keepalive packets
	// to peers. If unset, keepalive packets will automatically be sent to publicly
	// accessible peers when this instance is behind a NAT. Otherwise, no keep-alive
	// packets are sent.
	PersistentKeepAlive time.Duration `yaml:"persistent-keepalive,omitempty" json:"persistent-keepalive,omitempty" toml:"persistent-keepalive,omitempty"`
	// MTU is the MTU to use for the interface.
	MTU int `yaml:"mtu,omitempty" json:"mtu,omitempty" toml:"mtu,omitempty"`
	// Endpoints are additional WireGuard endpoints to broadcast when joining.
	Endpoints []string `json:"endpoints,omitempty" yaml:"endpoints,omitempty" toml:"endpoints,omitempty"`
	// KeyFile is the path to the WireGuard private key. If it does not exist it will be created.
	KeyFile string `json:"key-file,omitempty" yaml:"key-file,omitempty" toml:"key-file,omitempty"`
	// KeyRotationInterval is the interval to rotate wireguard keys.
	// Set this to 0 to disable key rotation.
	KeyRotationInterval time.Duration `json:"key-rotation-interval,omitempty" yaml:"key-rotation-interval,omitempty" toml:"key-rotation-interval,omitempty"`
	// RecordMetrics enables recording of WireGuard metrics. These are only exposed if the
	// metrics server is enabled.
	RecordMetrics bool `json:"record-metrics,omitempty" yaml:"record-metrics,omitempty" toml:"record-metrics,omitempty"`
	// RecordMetricsInterval is the interval at which to update WireGuard metrics.
	RecordMetricsInterval time.Duration `json:"record-metrics-interval,omitempty" yaml:"record-metrics-interval,omitempty" toml:"record-metrics-interval,omitempty"`
}

WireGuardOptions are options for configuring the WireGuard interface.

func NewWireGuardOptions 

func NewWireGuardOptions() *WireGuardOptions

WireGuardOptions returns a new WireGuardOptions with sensible defaults.

func (*WireGuardOptions) BindFlags 

func (o *WireGuardOptions) BindFlags(fl *flag.FlagSet)

BindFlags binds the options to the given flag set.

func (*WireGuardOptions) Validate 

func (o *WireGuardOptions) Validate() error

Validate validates the options.

Source Files

View all Source files

Directories

Path Synopsis
Package streamlayer contains the Raft stream layer implementation.
 Package streamlayer contains the Raft stream layer implementation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.