mirror of
https://github.com/gogrlx/nats-server.git
synced 2026-04-02 11:48:43 -07:00
d98d51c8cc
When changing something in the cluster, such as Timeout and doing a config reload, the route could be closed with an `Authorization Error` report. Moreover, the route would not try to reconnect, even if specified as an explicit route. There were 2 issues: - When checking if a solicited route is still valid, we need to check the Routes' URL against the URL that we try to connect to but not compare the pointers, but either do a reflect deep equal, or compare their String representation (this is what I do in the PR). - We should check route authorization only if this is an accepted route, not an explicit one. The reason is that we a server explicitly connect to another server, it does not get the remote server's username and password. So the check would always fail. Note: It is possible that a config reload even without any change in the cluster triggers the code checking if routes are properly authorized, and that happens if there is TLS specified. When the reload code checks if config has changed, the TLSConfig between the old and new seem to indicate a change, eventhough there is apparently none. Another reload does not detect a change. I suspect some internal state in TLSConfig that causes the reflect.DeepEqual() to report a difference. Note2: This commit also contains fixes to regex that staticcheck would otherwise complain about (they did not have any special character), and I have removed printing the usage on startup when getting an error. The usage is still correctly printed if passing a parameter that is unknown. Resolves #719 Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
103 lines
3.6 KiB
Go
103 lines
3.6 KiB
Go
// Copyright 2012-2018 The NATS Authors
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
package main
|
|
|
|
import (
|
|
"flag"
|
|
"fmt"
|
|
"os"
|
|
|
|
"github.com/nats-io/gnatsd/server"
|
|
)
|
|
|
|
var usageStr = `
|
|
Usage: gnatsd [options]
|
|
|
|
Server Options:
|
|
-a, --addr <host> Bind to host address (default: 0.0.0.0)
|
|
-p, --port <port> Use port for clients (default: 4222)
|
|
-P, --pid <file> File to store PID
|
|
-m, --http_port <port> Use port for http monitoring
|
|
-ms,--https_port <port> Use port for https monitoring
|
|
-c, --config <file> Configuration file
|
|
-sl,--signal <signal>[=<pid>] Send signal to gnatsd process (stop, quit, reopen, reload)
|
|
--client_advertise <string> Client URL to advertise to other servers
|
|
|
|
Logging Options:
|
|
-l, --log <file> File to redirect log output
|
|
-T, --logtime Timestamp log entries (default: true)
|
|
-s, --syslog Log to syslog or windows event log
|
|
-r, --remote_syslog <addr> Syslog server addr (udp://localhost:514)
|
|
-D, --debug Enable debugging output
|
|
-V, --trace Trace the raw protocol
|
|
-DV Debug and trace
|
|
|
|
Authorization Options:
|
|
--user <user> User required for connections
|
|
--pass <password> Password required for connections
|
|
--auth <token> Authorization token required for connections
|
|
|
|
TLS Options:
|
|
--tls Enable TLS, do not verify clients (default: false)
|
|
--tlscert <file> Server certificate file
|
|
--tlskey <file> Private key for server certificate
|
|
--tlsverify Enable TLS, verify client certificates
|
|
--tlscacert <file> Client certificate CA for verification
|
|
|
|
Cluster Options:
|
|
--routes <rurl-1, rurl-2> Routes to solicit and connect
|
|
--cluster <cluster-url> Cluster URL for solicited routes
|
|
--no_advertise <bool> Advertise known cluster IPs to clients
|
|
--cluster_advertise <string> Cluster URL to advertise to other servers
|
|
--connect_retries <number> For implicit routes, number of connect retries
|
|
|
|
|
|
Common Options:
|
|
-h, --help Show this message
|
|
-v, --version Show version
|
|
--help_tls TLS help
|
|
`
|
|
|
|
// usage will print out the flag options for the server.
|
|
func usage() {
|
|
fmt.Printf("%s\n", usageStr)
|
|
os.Exit(0)
|
|
}
|
|
|
|
func main() {
|
|
// Create a FlagSet and sets the usage
|
|
fs := flag.NewFlagSet("nats-server", flag.ExitOnError)
|
|
fs.Usage = usage
|
|
|
|
// Configure the options from the flags/config file
|
|
opts, err := server.ConfigureOptions(fs, os.Args[1:],
|
|
server.PrintServerAndExit,
|
|
fs.Usage,
|
|
server.PrintTLSHelpAndDie)
|
|
if err != nil {
|
|
server.PrintAndDie(err.Error())
|
|
}
|
|
|
|
// Create the server with appropriate options.
|
|
s := server.New(opts)
|
|
|
|
// Configure the logger based on the flags
|
|
s.ConfigureLogger()
|
|
|
|
// Start things up. Block here until done.
|
|
if err := server.Run(s); err != nil {
|
|
server.PrintAndDie(err.Error())
|
|
}
|
|
}
|