Contribute Custom Erlang network protocol to Apache

author: jiahuili <54631519+jiahuili430@users.noreply.github.com> 2021-06-25 16:26:53 -0500
committer: Nick Vatamaniuc <nickva@users.noreply.github.com> 2021-07-28 17:49:17 -0400
commit: 6f7b77903cddbb4b8392efe4ce80e4fea231dbc1 (patch)
tree: d1167720c9437a3b1e4e13ea4cc4a49940263ba5 /rel
parent: f31e92997ab57eae0808137c6b59a8c02e3fd912 (diff)
download: couchdb-6f7b77903cddbb4b8392efe4ce80e4fea231dbc1.tar.gz
3 files changed, 60 insertions, 10 deletions
diff --git a/rel/overlay/bin/remsh b/rel/overlay/bin/remsh
index d1fcdd95f..3f59bcb21 100755
--- a/rel/overlay/bin/remsh
+++ b/rel/overlay/bin/remsh
@@ -59,16 +59,17 @@ COOKIE="${COOKIE:-monster}"
 
 printHelpAndExit() {
   echo "Usage: ${PROGNAME} [OPTION]... [-- <additional Erlang cli options>]"
-  echo "  -c cookie     specify shared Erlang cookie (default: monster)"
-  echo "  -l HOST       specify remsh's host name (default: 127.0.0.1)"
-  echo "  -m            use output of \`hostname -f\` as remsh's host name"
-  echo "  -n NAME@HOST  specify couchdb's Erlang node name (-name in vm.args)"
-  echo "  -v            verbose; print invocation line"
-  echo "  -h            this help message"
+  echo "  -c cookie         specify shared Erlang cookie (default: monster)"
+  echo "  -l HOST           specify remsh's host name (default: 127.0.0.1)"
+  echo "  -m                use output of \`hostname -f\` as remsh's host name"
+  echo "  -n NAME@HOST      specify couchdb's Erlang node name (-name in vm.args)"
+  echo "  -v                verbose; print invocation line"
+  echo "  -t path/to/conf   enable TLS distribution (customize in vm.args)"
+  echo "  -h                this help message"
   exit
 }
 
-while getopts ":hn:c:l:mv" optionName; do
+while getopts ":hn:c:l:mvt:" optionName; do
   case "$optionName" in
     h)
       printHelpAndExit 0
@@ -88,6 +89,13 @@ while getopts ":hn:c:l:mv" optionName; do
     v)
       VERBOSE=0
       ;;
+    t)
+      TLSCONF=$OPTARG
+      if [ ! -f "$TLSCONF" ]; then
+        echo "ERROR: Could't find the file \"$TLSCONF\"." >&2
+        exit 1
+      fi
+      ;;
     \?)
       echo "Invalid option: -$OPTARG" >&2
       printHelpAndExit 0
@@ -106,6 +114,13 @@ fi
 # to avoid conflicts with the cli parameters
 ERL_FLAGS_CLEAN=$(echo "$ERL_FLAGS" | sed 's/-setcookie \([^ ][^ ]*\)//g' | sed 's/-name \([^ ][^ ]*\)//g')
 
-exec env ERL_FLAGS="$ERL_FLAGS_CLEAN" "$BINDIR/erl" -boot "$ROOTDIR/releases/$APP_VSN/start_clean" \
-    -name remsh$$@$LHOST -remsh $NODE -hidden -setcookie $COOKIE \
-    "$@"
+if [ -z "$TLSCONF" ]; then
+  exec env ERL_FLAGS="$ERL_FLAGS_CLEAN" "$BINDIR/erl" -boot "$ROOTDIR/releases/$APP_VSN/start_clean" \
+      -name remsh$$@$LHOST -remsh $NODE -hidden -setcookie $COOKIE \
+      "$@"
+else
+  exec env ERL_FLAGS="$ERL_FLAGS_CLEAN" "$BINDIR/erl" -boot "$ROOTDIR/releases/$APP_VSN/start_clean" \
+      -name remsh$$@$LHOST -remsh $NODE -hidden -setcookie $COOKIE \
+      -proto_dist inet_tls -ssl_dist_optfile $TLSCONF \
+      "$@"
+fi
diff --git a/rel/overlay/etc/vm.args b/rel/overlay/etc/vm.args
index 86b51f89e..805e9ec22 100644
--- a/rel/overlay/etc/vm.args
+++ b/rel/overlay/etc/vm.args
@@ -60,3 +60,36 @@
 
 # Set maximum SSL session lifetime to reap terminated replication readers
 -ssl session_lifetime 300
+
+## TLS Distribution
+## Use TLS for connections between Erlang cluster members.
+## http://erlang.org/doc/apps/ssl/ssl_distribution.html
+##
+## Generate Cert(PEM) File
+## This is just an example command to generate a certfile (PEM).
+## This is not an endorsement of specific expiration limits, key sizes, or algorithms.
+##    $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem
+##    $ cat key.pem cert.pem > dev/erlserver.pem && rm key.pem cert.pem
+##
+## Generate a Config File (couch_ssl_dist.conf)
+##    [{server,
+##      [{certfile, "</path/to/erlserver.pem>"},
+##       {secure_renegotiate, true}]},
+##     {client,
+##      [{secure_renegotiate, true}]}].
+##
+## CouchDB recommends the following values for no_tls flag:
+## 1. Use TCP only, set to true, such as:
+##      -couch_dist no_tls true
+## 2. Use TLS only, set to false, such as:
+##      -couch_dist no_tls false
+## 3. Specify which node to use TCP, such as:
+##      -couch_dist no_tls \"*@127.0.0.1\"
+##
+## To ensure search works, make sure to set 'no_tls' option for the clouseau node.
+## By default that would be "clouseau@127.0.0.1".
+## Don't forget to override the paths to point to your certificate(s) and key(s)!
+##
+#-proto_dist couch
+#-couch_dist no_tls \"clouseau@127.0.0.1\"
+#-ssl_dist_optfile <path/to/couch_ssl_dist.conf>
diff --git a/rel/reltool.config b/rel/reltool.config
index 010a262ac..ed7ef7801 100644
--- a/rel/reltool.config
+++ b/rel/reltool.config
@@ -40,6 +40,7 @@
         couch_stats,
         couch_event,
         couch_peruser,
+        couch_dist,
         custodian,
         ddoc_cache,
         dreyfus,
@@ -103,6 +104,7 @@
     {app, couch_stats, [{incl_cond, include}]},
     {app, couch_event, [{incl_cond, include}]},
     {app, couch_peruser, [{incl_cond, include}]},
+    {app, couch_dist ,[{incl_cond, include}]},
     {app, custodian, [{incl_cond, include}]},
     {app, ddoc_cache, [{incl_cond, include}]},
     {app, dreyfus, [{incl_cond, include}]},
author	jiahuili <54631519+jiahuili430@users.noreply.github.com>	2021-06-25 16:26:53 -0500
committer	Nick Vatamaniuc <nickva@users.noreply.github.com>	2021-07-28 17:49:17 -0400
commit	6f7b77903cddbb4b8392efe4ce80e4fea231dbc1 (patch)
tree	d1167720c9437a3b1e4e13ea4cc4a49940263ba5 /rel
parent	f31e92997ab57eae0808137c6b59a8c02e3fd912 (diff)
download	couchdb-6f7b77903cddbb4b8392efe4ce80e4fea231dbc1.tar.gz