stolon icon indicating copy to clipboard operation
stolon copied to clipboard
verified publisher icon sorintlab

stolonctl: etcd and sentinel api auth

Open sgotti opened this issue 10 years ago • 1 comments

Related to #51

stolonctl will, if enabled, like other components, use etcd auth to access the cluster hierarchy on etcd and read the needed keys.

Since the client, to do some operations also needs to communicate with the leader sentinel, we'll use etcd authentication and authorization for protecting the sentinel api instead of inventing a new authz layer.

Practically the leader sentinel will write an authentication token to an etcd key. If the client can read this key then it can use the token to communicate with the sentinel. Additionally the sentinel will change the token every n seconds.

sgotti avatar Oct 27 '15 13:10 sgotti

@sgotti Moving over to the official go client etcd-io/etcd should make adding this pretty straight forward.

Looks like Stolon is currently pinningcoreos/etcd, which is deprecated. https://github.com/sorintlab/stolon/blob/master/go.mod#L4-L5

davissp14 avatar Jul 14 '21 19:07 davissp14