Skip to content
Snippets Groups Projects
Commit 1247f47a authored by Mergen Imeev's avatar Mergen Imeev Committed by Alexander Turenko
Browse files

config: support TLS options in iproto.listen 

This patch changes format of iproto.listen and introduces support for
TLS options in the iproto.listen config option.

Part of #8862

@TarantoolBot document
Title: new format of the `iproto.*` config options.

The config options `iproto.listen`, `iproto.advertise.peer` and
`iproto.advertise.sharding` now have a new format.

The `iproto.listen` config option now has the following format:
```
iproto:
  listen:
    - uri: <string>
      params:
        transport: <'plain' or 'ssl'>
        ssl_ca_file: <string>
        ssl_cert_file: <string>
        ssl_ciphers: <string>
        ssl_key_file: <string>
        ssl_password: <string>
        ssl_password_file: <string>
    - uri: <string>
      params:
        transport: <'plain' or 'ssl'>
        ssl_ca_file: <string>
        ssl_cert_file: <string>
        ssl_ciphers: <string>
        ssl_key_file: <string>
        ssl_password: <string>
        ssl_password_file: <string>
...
```
The `iproto.listen` config option is now an array, and its elements are
`records` that can only have a required `uri` field and an optional
`params` field.

The `uri` field is of type `string` and must be a single valid URI. The
URI cannot contain parameters, login and password.

The `params` field is a `record` with the fields `transport`,
`ssl_ca_file`, `ssl_cert_file`, `ssl_ciphers`, `ssl_key_file`,
`ssl_password`, `ssl_password_file`. The `transport` field can have one
of two values: `plain` or `ssl`, the default is `plain`. If `transport`
is set to `plain`, no additional fields are required. When `transport`
is set to `ssl`, the fields `ssl_key_file` and `ssl_cert_file` are
required, and the remaining fields are optional.

The `iproto.advertise.peer` and `iproto.advertise.sharding` now have the
following format:
```
iproto:
  advertise:
    <'peer' or 'sharding'>:
      uri: <string>
      login: <string>
      password: <string>
      params:
        transport: <'plain' or 'ssl'>
        ssl_ca_file: <string>
        ssl_cert_file: <string>
        ssl_ciphers: <string>
        ssl_key_file: <string>
        ssl_password: <string>
        ssl_password_file: <string>
```

The `iproto.advertise.peer` and `iproto.advertise.sharding` are now
`records`. All of their fields are optional, however, if the `params`
field can be set only if the `uri` field is set and the `password` field
can be set only if the `login` field is set.

The `uri` field is of type `string` and must be a single valid URI.
The URI cannot contain parameters, login and password. If the `uri` and
`params` fields are missing, the appropriate `iproto.listen` element is
selected. An element is eligible if, after parsing its `url` field using
`require('uri').parse()`, the `ipv4` result field is not equal to
`'0.0.0.0'`, the `ipv6` result field is not equal to `'::'`, and the
`service` result field is not equal to `'0'`.

The `login` and `password` fields are of type `string`.

For description of the `params` field see description of
`iproto.listen`.
parent 15d1f9f8
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 662 additions and 137 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment