diff options
author | jiahuili <54631519+jiahuili430@users.noreply.github.com> | 2021-06-25 16:26:53 -0500 |
---|---|---|
committer | Nick Vatamaniuc <nickva@users.noreply.github.com> | 2021-07-28 17:49:17 -0400 |
commit | 6f7b77903cddbb4b8392efe4ce80e4fea231dbc1 (patch) | |
tree | d1167720c9437a3b1e4e13ea4cc4a49940263ba5 /rel | |
parent | f31e92997ab57eae0808137c6b59a8c02e3fd912 (diff) | |
download | couchdb-6f7b77903cddbb4b8392efe4ce80e4fea231dbc1.tar.gz |
Contribute Custom Erlang network protocol to Apache
Diffstat (limited to 'rel')
-rwxr-xr-x | rel/overlay/bin/remsh | 35 | ||||
-rw-r--r-- | rel/overlay/etc/vm.args | 33 | ||||
-rw-r--r-- | rel/reltool.config | 2 |
3 files changed, 60 insertions, 10 deletions
diff --git a/rel/overlay/bin/remsh b/rel/overlay/bin/remsh index d1fcdd95f..3f59bcb21 100755 --- a/rel/overlay/bin/remsh +++ b/rel/overlay/bin/remsh @@ -59,16 +59,17 @@ COOKIE="${COOKIE:-monster}" printHelpAndExit() { echo "Usage: ${PROGNAME} [OPTION]... [-- <additional Erlang cli options>]" - echo " -c cookie specify shared Erlang cookie (default: monster)" - echo " -l HOST specify remsh's host name (default: 127.0.0.1)" - echo " -m use output of \`hostname -f\` as remsh's host name" - echo " -n NAME@HOST specify couchdb's Erlang node name (-name in vm.args)" - echo " -v verbose; print invocation line" - echo " -h this help message" + echo " -c cookie specify shared Erlang cookie (default: monster)" + echo " -l HOST specify remsh's host name (default: 127.0.0.1)" + echo " -m use output of \`hostname -f\` as remsh's host name" + echo " -n NAME@HOST specify couchdb's Erlang node name (-name in vm.args)" + echo " -v verbose; print invocation line" + echo " -t path/to/conf enable TLS distribution (customize in vm.args)" + echo " -h this help message" exit } -while getopts ":hn:c:l:mv" optionName; do +while getopts ":hn:c:l:mvt:" optionName; do case "$optionName" in h) printHelpAndExit 0 @@ -88,6 +89,13 @@ while getopts ":hn:c:l:mv" optionName; do v) VERBOSE=0 ;; + t) + TLSCONF=$OPTARG + if [ ! -f "$TLSCONF" ]; then + echo "ERROR: Could't find the file \"$TLSCONF\"." >&2 + exit 1 + fi + ;; \?) echo "Invalid option: -$OPTARG" >&2 printHelpAndExit 0 @@ -106,6 +114,13 @@ fi # to avoid conflicts with the cli parameters ERL_FLAGS_CLEAN=$(echo "$ERL_FLAGS" | sed 's/-setcookie \([^ ][^ ]*\)//g' | sed 's/-name \([^ ][^ ]*\)//g') -exec env ERL_FLAGS="$ERL_FLAGS_CLEAN" "$BINDIR/erl" -boot "$ROOTDIR/releases/$APP_VSN/start_clean" \ - -name remsh$$@$LHOST -remsh $NODE -hidden -setcookie $COOKIE \ - "$@" +if [ -z "$TLSCONF" ]; then + exec env ERL_FLAGS="$ERL_FLAGS_CLEAN" "$BINDIR/erl" -boot "$ROOTDIR/releases/$APP_VSN/start_clean" \ + -name remsh$$@$LHOST -remsh $NODE -hidden -setcookie $COOKIE \ + "$@" +else + exec env ERL_FLAGS="$ERL_FLAGS_CLEAN" "$BINDIR/erl" -boot "$ROOTDIR/releases/$APP_VSN/start_clean" \ + -name remsh$$@$LHOST -remsh $NODE -hidden -setcookie $COOKIE \ + -proto_dist inet_tls -ssl_dist_optfile $TLSCONF \ + "$@" +fi diff --git a/rel/overlay/etc/vm.args b/rel/overlay/etc/vm.args index 86b51f89e..805e9ec22 100644 --- a/rel/overlay/etc/vm.args +++ b/rel/overlay/etc/vm.args @@ -60,3 +60,36 @@ # Set maximum SSL session lifetime to reap terminated replication readers -ssl session_lifetime 300 + +## TLS Distribution +## Use TLS for connections between Erlang cluster members. +## http://erlang.org/doc/apps/ssl/ssl_distribution.html +## +## Generate Cert(PEM) File +## This is just an example command to generate a certfile (PEM). +## This is not an endorsement of specific expiration limits, key sizes, or algorithms. +## $ openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem +## $ cat key.pem cert.pem > dev/erlserver.pem && rm key.pem cert.pem +## +## Generate a Config File (couch_ssl_dist.conf) +## [{server, +## [{certfile, "</path/to/erlserver.pem>"}, +## {secure_renegotiate, true}]}, +## {client, +## [{secure_renegotiate, true}]}]. +## +## CouchDB recommends the following values for no_tls flag: +## 1. Use TCP only, set to true, such as: +## -couch_dist no_tls true +## 2. Use TLS only, set to false, such as: +## -couch_dist no_tls false +## 3. Specify which node to use TCP, such as: +## -couch_dist no_tls \"*@127.0.0.1\" +## +## To ensure search works, make sure to set 'no_tls' option for the clouseau node. +## By default that would be "clouseau@127.0.0.1". +## Don't forget to override the paths to point to your certificate(s) and key(s)! +## +#-proto_dist couch +#-couch_dist no_tls \"clouseau@127.0.0.1\" +#-ssl_dist_optfile <path/to/couch_ssl_dist.conf> diff --git a/rel/reltool.config b/rel/reltool.config index 010a262ac..ed7ef7801 100644 --- a/rel/reltool.config +++ b/rel/reltool.config @@ -40,6 +40,7 @@ couch_stats, couch_event, couch_peruser, + couch_dist, custodian, ddoc_cache, dreyfus, @@ -103,6 +104,7 @@ {app, couch_stats, [{incl_cond, include}]}, {app, couch_event, [{incl_cond, include}]}, {app, couch_peruser, [{incl_cond, include}]}, + {app, couch_dist ,[{incl_cond, include}]}, {app, custodian, [{incl_cond, include}]}, {app, ddoc_cache, [{incl_cond, include}]}, {app, dreyfus, [{incl_cond, include}]}, |