Documentation ¶
Index ¶
- type Config
- type Manager
- func (m *Manager) Addr() string
- func (m *Manager) BindControl(addr string) error
- func (m *Manager) BindRemote(ctx context.Context, addrs RemoteAddrs) error
- func (m *Manager) IsStateDirty() (bool, error)
- func (m *Manager) RemovedFromRaft() <-chan struct{}
- func (m *Manager) Run(parent context.Context) error
- func (m *Manager) Stop(ctx context.Context, clearData bool)
- type RaftDEKData
- type RaftDEKManager
- func (r *RaftDEKManager) GetKeys() raft.EncryptionKeys
- func (r *RaftDEKManager) MaybeUpdateKEK(candidateKEK ca.KEKData) (bool, bool, error)
- func (r *RaftDEKManager) NeedsRotation() bool
- func (r *RaftDEKManager) RotationNotify() chan struct{}
- func (r *RaftDEKManager) UpdateKeys(newKeys raft.EncryptionKeys) error
- type RemoteAddrs
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { SecurityConfig *ca.SecurityConfig // RootCAPaths is the path to which new root certs should be save RootCAPaths ca.CertPaths // ExternalCAs is a list of initial CAs to which a manager node // will make certificate signing requests for node certificates. ExternalCAs []*api.ExternalCA // ControlAPI is an address for serving the control API. ControlAPI string // RemoteAPI is a listening address for serving the remote API, and // an optional advertise address. RemoteAPI *RemoteAddrs // JoinRaft is an optional address of a node in an existing raft // cluster to join. JoinRaft string // Top-level state directory StateDir string // ForceNewCluster defines if we have to force a new cluster // because we are recovering from a backup data directory. ForceNewCluster bool // ElectionTick defines the amount of ticks needed without // leader to trigger a new election ElectionTick uint32 // HeartbeatTick defines the amount of ticks between each // heartbeat sent to other members for health-check purposes HeartbeatTick uint32 // AutoLockManagers determines whether or not managers require an unlock key // when starting from a stopped state. This configuration parameter is only // applicable when bootstrapping a new cluster for the first time. AutoLockManagers bool // UnlockKey is the key to unlock a node - used for decrypting manager TLS keys // as well as the raft data encryption key (DEK). It is applicable when // bootstrapping a cluster for the first time (it's a cluster-wide setting), // and also when loading up any raft data on disk (as a KEK for the raft DEK). UnlockKey []byte // Availability allows a user to control the current scheduling status of a node Availability api.NodeSpec_Availability // PluginGetter provides access to docker's plugin inventory. PluginGetter plugingetter.PluginGetter }
Config is used to tune the Manager.
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is the cluster manager for Swarm. This is the high-level object holding and initializing all the manager subsystems.
func (*Manager) BindControl ¶
BindControl binds a local socket for the control API.
func (*Manager) BindRemote ¶
func (m *Manager) BindRemote(ctx context.Context, addrs RemoteAddrs) error
BindRemote binds a port for the remote API.
func (*Manager) IsStateDirty ¶
IsStateDirty returns true if any objects have been added to raft which make the state "dirty". Currently, the existence of any object other than the default cluster or the local node implies a dirty state.
func (*Manager) RemovedFromRaft ¶
func (m *Manager) RemovedFromRaft() <-chan struct{}
RemovedFromRaft returns a channel that's closed if the manager is removed from the raft cluster. This should be used to trigger a manager shutdown.
type RaftDEKData ¶
type RaftDEKData struct { raft.EncryptionKeys NeedsRotation bool }
RaftDEKData contains all the data stored in TLS pem headers
func (RaftDEKData) MarshalHeaders ¶
MarshalHeaders returns new headers given the current KEK
func (RaftDEKData) UnmarshalHeaders ¶
func (r RaftDEKData) UnmarshalHeaders(headers map[string]string, kekData ca.KEKData) (ca.PEMKeyHeaders, error)
UnmarshalHeaders loads the state of the DEK manager given the current TLS headers
func (RaftDEKData) UpdateKEK ¶
func (r RaftDEKData) UpdateKEK(oldKEK, candidateKEK ca.KEKData) ca.PEMKeyHeaders
UpdateKEK optionally sets NeedRotation to true if we go from unlocked to locked
type RaftDEKManager ¶
type RaftDEKManager struct {
// contains filtered or unexported fields
}
RaftDEKManager manages the raft DEK keys using TLS headers
func NewRaftDEKManager ¶
func NewRaftDEKManager(kw ca.KeyWriter) (*RaftDEKManager, error)
NewRaftDEKManager returns a RaftDEKManager that uses the current key writer and header manager
func (*RaftDEKManager) GetKeys ¶
func (r *RaftDEKManager) GetKeys() raft.EncryptionKeys
GetKeys returns the current set of DEKs. If NeedsRotation is true, and there is no existing PendingDEK, it will try to create one. If there are any errors doing so, just return the original.
func (*RaftDEKManager) MaybeUpdateKEK ¶
MaybeUpdateKEK does a KEK rotation if one is required. Returns whether the kek was updated, whether it went from unlocked to locked, and any errors.
func (*RaftDEKManager) NeedsRotation ¶
func (r *RaftDEKManager) NeedsRotation() bool
NeedsRotation returns a boolean about whether we should do a rotation
func (*RaftDEKManager) RotationNotify ¶
func (r *RaftDEKManager) RotationNotify() chan struct{}
RotationNotify the channel used to notify subscribers as to whether there should be a rotation done
func (*RaftDEKManager) UpdateKeys ¶
func (r *RaftDEKManager) UpdateKeys(newKeys raft.EncryptionKeys) error
UpdateKeys will set the updated encryption keys in the headers. This finishes a rotation, and is expected to set the CurrentDEK to the previous PendingDEK.
type RemoteAddrs ¶
type RemoteAddrs struct { // Address to bind ListenAddr string // Address to advertise to remote nodes (optional). AdvertiseAddr string }
RemoteAddrs provides a listening address and an optional advertise address for serving the remote API.
Directories ¶
Path | Synopsis |
---|---|
Package allocator aims to manage allocation of different cluster-wide resources on behalf of the manager.
|
Package allocator aims to manage allocation of different cluster-wide resources on behalf of the manager. |
Package health provides some utility functions to health-check a server.
|
Package health provides some utility functions to health-check a server. |
Package state provides interfaces to work with swarm cluster state.
|
Package state provides interfaces to work with swarm cluster state. |
raft/transport
Package transport provides grpc transport layer for raft.
|
Package transport provides grpc transport layer for raft. |