iconara
No HTTPS support
etcd supports HTTPS for both transport security and for client authentication with client certificates: https://github.com/coreos/etcd#transport-security-with-https
Do you have any plans or interest in supporting this within etcd-rb? This looks like the most mature etcd ruby client at present, in particular with the handling of the clustering.
It looks like HTTPClient has some SSL support: https://github.com/nahi/httpclient/blob/master/sample/ssl/ssl_client.rb
It's on my rough list of things to do, and I'll leave this issue open until I fix it. Thanks for suggesting it. I'll accept a pull request too, if you want to take it on.
Thanks, if I get chance to have a look I'll let you know. I'm hoping to use in https://github.com/garethr/hiera-etcd for reference.
I've been experimenting with how to enable SSL support and got it working, but not very elegantly.
The user needs to specify when the launch the initial Etcd::Client.connect() a few things:
- An optional CA cert file (to handle self-signed server certificates)
- An optional client certificate and key (signed by a certificate recognised by the etcd service)
- And optionally whether to perform SSL verification
In the codebase, there's several places where httpclient is called. The challenge I found is ensuring that each time httpclient is called, httpclient.ssl_config is configured correctly. In my hacky version, there didn't seem one obvious place to store the ca_cert_file, client_cert_file and client_key_file variables that could be consistently accessed between httpclient calls in requestable.rb, cluster.rb and node.rb. Maybe someone smarter than me will think of an obvious place to stash it.
Example gist of the minimum http_client.ssl_config setup required here: https://gist.github.com/ncb/7253559
That's interesting, I will take a look at this soonish... Thanks a lot!
