manager

package
v0.0.0-...-be68371 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2017 License: Apache-2.0 Imports: 47 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	SecurityConfig *ca.SecurityConfig

	// RootCAPaths is the path to which new root certs should be save
	RootCAPaths ca.CertPaths

	// ExternalCAs is a list of initial CAs to which a manager node
	// will make certificate signing requests for node certificates.
	ExternalCAs []*api.ExternalCA

	// ControlAPI is an address for serving the control API.
	ControlAPI string

	// RemoteAPI is a listening address for serving the remote API, and
	// an optional advertise address.
	RemoteAPI *RemoteAddrs

	// JoinRaft is an optional address of a node in an existing raft
	// cluster to join.
	JoinRaft string

	// Top-level state directory
	StateDir string

	// ForceNewCluster defines if we have to force a new cluster
	// because we are recovering from a backup data directory.
	ForceNewCluster bool

	// ElectionTick defines the amount of ticks needed without
	// leader to trigger a new election
	ElectionTick uint32

	// HeartbeatTick defines the amount of ticks between each
	// heartbeat sent to other members for health-check purposes
	HeartbeatTick uint32

	// AutoLockManagers determines whether or not managers require an unlock key
	// when starting from a stopped state.  This configuration parameter is only
	// applicable when bootstrapping a new cluster for the first time.
	AutoLockManagers bool

	// UnlockKey is the key to unlock a node - used for decrypting manager TLS keys
	// as well as the raft data encryption key (DEK).  It is applicable when
	// bootstrapping a cluster for the first time (it's a cluster-wide setting),
	// and also when loading up any raft data on disk (as a KEK for the raft DEK).
	UnlockKey []byte

	// Availability allows a user to control the current scheduling status of a node
	Availability api.NodeSpec_Availability

	// PluginGetter provides access to docker's plugin inventory.
	PluginGetter plugingetter.PluginGetter
}

Config is used to tune the Manager.

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager is the cluster manager for Swarm. This is the high-level object holding and initializing all the manager subsystems.

func New

func New(config *Config) (*Manager, error)

New creates a Manager which has not started to accept requests yet.

func (*Manager) Addr

func (m *Manager) Addr() string

Addr returns tcp address on which remote api listens.

func (*Manager) BindControl

func (m *Manager) BindControl(addr string) error

BindControl binds a local socket for the control API.

func (*Manager) BindRemote

func (m *Manager) BindRemote(ctx context.Context, addrs RemoteAddrs) error

BindRemote binds a port for the remote API.

func (*Manager) IsStateDirty

func (m *Manager) IsStateDirty() (bool, error)

IsStateDirty returns true if any objects have been added to raft which make the state "dirty". Currently, the existence of any object other than the default cluster or the local node implies a dirty state.

func (*Manager) RemovedFromRaft

func (m *Manager) RemovedFromRaft() <-chan struct{}

RemovedFromRaft returns a channel that's closed if the manager is removed from the raft cluster. This should be used to trigger a manager shutdown.

func (*Manager) Run

func (m *Manager) Run(parent context.Context) error

Run starts all manager sub-systems and the gRPC server at the configured address. The call never returns unless an error occurs or `Stop()` is called.

func (*Manager) Stop

func (m *Manager) Stop(ctx context.Context, clearData bool)

Stop stops the manager. It immediately closes all open connections and active RPCs as well as stopping the scheduler. If clearData is set, the raft logs, snapshots, and keys will be erased.

type RaftDEKData

type RaftDEKData struct {
	raft.EncryptionKeys
	NeedsRotation bool
}

RaftDEKData contains all the data stored in TLS pem headers

func (RaftDEKData) MarshalHeaders

func (r RaftDEKData) MarshalHeaders(kekData ca.KEKData) (map[string]string, error)

MarshalHeaders returns new headers given the current KEK

func (RaftDEKData) UnmarshalHeaders

func (r RaftDEKData) UnmarshalHeaders(headers map[string]string, kekData ca.KEKData) (ca.PEMKeyHeaders, error)

UnmarshalHeaders loads the state of the DEK manager given the current TLS headers

func (RaftDEKData) UpdateKEK

func (r RaftDEKData) UpdateKEK(oldKEK, candidateKEK ca.KEKData) ca.PEMKeyHeaders

UpdateKEK optionally sets NeedRotation to true if we go from unlocked to locked

type RaftDEKManager

type RaftDEKManager struct {
	// contains filtered or unexported fields
}

RaftDEKManager manages the raft DEK keys using TLS headers

func NewRaftDEKManager

func NewRaftDEKManager(kw ca.KeyWriter) (*RaftDEKManager, error)

NewRaftDEKManager returns a RaftDEKManager that uses the current key writer and header manager

func (*RaftDEKManager) GetKeys

func (r *RaftDEKManager) GetKeys() raft.EncryptionKeys

GetKeys returns the current set of DEKs. If NeedsRotation is true, and there is no existing PendingDEK, it will try to create one. If there are any errors doing so, just return the original.

func (*RaftDEKManager) MaybeUpdateKEK

func (r *RaftDEKManager) MaybeUpdateKEK(candidateKEK ca.KEKData) (bool, bool, error)

MaybeUpdateKEK does a KEK rotation if one is required. Returns whether the kek was updated, whether it went from unlocked to locked, and any errors.

func (*RaftDEKManager) NeedsRotation

func (r *RaftDEKManager) NeedsRotation() bool

NeedsRotation returns a boolean about whether we should do a rotation

func (*RaftDEKManager) RotationNotify

func (r *RaftDEKManager) RotationNotify() chan struct{}

RotationNotify the channel used to notify subscribers as to whether there should be a rotation done

func (*RaftDEKManager) UpdateKeys

func (r *RaftDEKManager) UpdateKeys(newKeys raft.EncryptionKeys) error

UpdateKeys will set the updated encryption keys in the headers. This finishes a rotation, and is expected to set the CurrentDEK to the previous PendingDEK.

type RemoteAddrs

type RemoteAddrs struct {
	// Address to bind
	ListenAddr string

	// Address to advertise to remote nodes (optional).
	AdvertiseAddr string
}

RemoteAddrs provides a listening address and an optional advertise address for serving the remote API.

Directories

Path Synopsis
Package allocator aims to manage allocation of different cluster-wide resources on behalf of the manager.
Package allocator aims to manage allocation of different cluster-wide resources on behalf of the manager.
Package health provides some utility functions to health-check a server.
Package health provides some utility functions to health-check a server.
Package state provides interfaces to work with swarm cluster state.
Package state provides interfaces to work with swarm cluster state.
raft/transport
Package transport provides grpc transport layer for raft.
Package transport provides grpc transport layer for raft.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL