hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Move create TLS parameters to common section

Browse Source 
The TLS parameters are now shared by both servers and listeners.
This commit is contained in:
Markus Mäkelä
2017-09-11 10:01:00 +03:00
parent dd178875a3
commit b5202a99f4
2 changed files with 39 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Documentation/Reference/MaxCtrl.md
View File

@ -309,6 +309,11 @@ Common create options:
--protocol Protocol module name [string] --protocol Protocol module name [string]
--authenticator Authenticator module name [string] --authenticator Authenticator module name [string]
--authenticator-options Option string for the authenticator [string] --authenticator-options Option string for the authenticator [string]
--tls-key Path to TLS key [string]
--tls-cert Path to TLS certificate [string]
--tls-ca-cert Path to TLS CA certificate [string]
--tls-version TLS version to use [string]
--tls-cert-verify-depth TLS certificate verification depth [string]
Create server options: Create server options:
--services Link the created server to these services [array] --services Link the created server to these services [array]
@ -320,12 +325,7 @@ Create monitor options:
--monitor-password Password for the monitor user [string] --monitor-password Password for the monitor user [string]
Create listener options: Create listener options:
--interface Interface to listen on [string] [default: "::"] --interface Interface to listen on [string] [default: "::"]
--tls-key Path to TLS key [string]
--tls-cert Path to TLS certificate [string]
--tls-ca-cert Path to TLS CA certificate [string]
--tls-version TLS version to use [string]
--tls-cert-verify-depth TLS certificate verification depth [string]
Create user options: Create user options:
--type Type of user to create --type Type of user to create
@ -359,9 +359,8 @@ The new listener will be taken into use immediately.
Usage: `maxctrl.js create user <name> <password>` Usage: `maxctrl.js create user <name> <password>`
The created user can be used with the MaxScale REST API as well as the MaxAdmin The created user can be used with the MaxScale REST API as well as the MaxAdmin
network interface. By default the created user will have administrative network interface. By default the created user will have read-only privileges.
privileges. To limit the user to read-only operations, use the `--type=basic` To make the user an administrative user, use the `--type=admin` option.
option.
## destroy ## destroy

56
maxctrl/lib/create.js
View File

@ -18,7 +18,9 @@ exports.handler = function() {}
exports.builder = function(yargs) { exports.builder = function(yargs) {
yargs yargs
// Common options // Common options
.group(['protocol', 'authenticator', 'authenticator-options'], 'Common create options:') .group(['protocol', 'authenticator', 'authenticator-options', 'tls-key',
'tls-cert', 'tls-ca-cert', 'tls-version', 'tls-cert-verify-depth'],
'Common create options:')
.option('protocol', { .option('protocol', {
describe: 'Protocol module name', describe: 'Protocol module name',
type: 'string' type: 'string'
@ -31,6 +33,26 @@ exports.builder = function(yargs) {
describe: 'Option string for the authenticator', describe: 'Option string for the authenticator',
type: 'string' type: 'string'
}) })
.option('tls-key', {
describe: 'Path to TLS key',
type: 'string'
})
.option('tls-cert', {
describe: 'Path to TLS certificate',
type: 'string'
})
.option('tls-ca-cert', {
describe: 'Path to TLS CA certificate',
type: 'string'
})
.option('tls-version', {
describe: 'TLS version to use',
type: 'string'
})
.option('tls-cert-verify-depth', {
describe: 'TLS certificate verification depth',
type: 'string'
})
// Create server // Create server
.group(['services', 'monitors'], 'Create server options:') .group(['services', 'monitors'], 'Create server options:')
@ -58,7 +80,12 @@ exports.builder = function(yargs) {
'port': argv.port, 'port': argv.port,
'protocol': argv.protocol, 'protocol': argv.protocol,
'authenticator': argv.authenticator, 'authenticator': argv.authenticator,
'authenticator_options': argv.auth_options 'authenticator_options': argv.auth_options,
'ssl_key': argv['tls-key'],
'ssl_cert': argv['tls-cert'],
'ssl_ca_cert': argv['tls-ca-cert'],
'ssl_version': argv['tls-version'],
'ssl_cert_verify_depth': argv['tls-cert-verify-depth']
} }
} }
} }
@ -128,33 +155,12 @@ exports.builder = function(yargs) {
}) })
// Create listener // Create listener
.group(['interface', 'tls-key', 'tls-cert', 'tls-ca-cert', 'tls-version', 'tls-cert-verify-depth'], 'Create listener options:') .group(['interface'], 'Create listener options:')
.option('interface', { .option('interface', {
describe: 'Interface to listen on', describe: 'Interface to listen on',
type: 'string', type: 'string',
default: '::' default: '::'
}) })
// Should these have ssl as a prefix even though SSL isn't supported?
.option('tls-key', {
describe: 'Path to TLS key',
type: 'string'
})
.option('tls-cert', {
describe: 'Path to TLS certificate',
type: 'string'
})
.option('tls-ca-cert', {
describe: 'Path to TLS CA certificate',
type: 'string'
})
.option('tls-version', {
describe: 'TLS version to use',
type: 'string'
})
.option('tls-cert-verify-depth', {
describe: 'TLS certificate verification depth',
type: 'string'
})
.command('listener <service> <name> <port>', 'Create a new listener', function(yargs) { .command('listener <service> <name> <port>', 'Create a new listener', function(yargs) {
return yargs.epilog('The new listener will be taken into use immediately.'); return yargs.epilog('The new listener will be taken into use immediately.');
}, function(argv) { }, function(argv) {
@ -174,7 +180,7 @@ exports.builder = function(yargs) {
'ssl_cert': argv['tls-cert'], 'ssl_cert': argv['tls-cert'],
'ssl_ca_cert': argv['tls-ca-cert'], 'ssl_ca_cert': argv['tls-ca-cert'],
'ssl_version': argv['tls-version'], 'ssl_version': argv['tls-version'],
'ssl_cert_verify_depth': argv['tls-cert-verify-depth'], 'ssl_cert_verify_depth': argv['tls-cert-verify-depth']
} }
} }
} }