sgotti
commented
4 years ago @stremovsky libkv currently hardcodes http scheme (https://github.com/docker/libkv/blob/458977154600b9f23984d9f4b82e79570b5ae12b/store/consul/consul.go#L73-L77) and we on the stolon side only support handle http/https scheme in the url (using tcp sockets as default). libkv looks like not maintained anymore so to do this two things are required:
- Find a valid and maintained libkv alternative (a solution will be to implement a new stolon consul store directly using the consuli api like already done for the etcdv3 store) supporting a way to define the use of an unix socket.
- Find a way to express an endpoint to provide to stolon in a way able to define both the socket type (unix) and the protocol (http/https) since providing only
unix:///var/run/consul/consul_http.sockonly provides one of the two information,unixdefines the socket type (unix socket instead of tcp) but not the protocol (http/https). Perhaps something likehttp+unix://%2Fvar%2Frun%2Fconsul%2F/consul_http.sockas already used in other projects (like https://github.com/httpie/httpie-unixsocket).
stremovsky
What would you like to be added:
For security reasons, I do not want to connect to consul using the domain socket.
The following is not working as I expect it to be: "stolon-sentinel --store-backend=consul --store-endpoints unix:///var/run/consul/consul_http.sock"
I am getting the next error:
2020-03-05T20:46:32.998Z FATAL cmd/sentinel.go:1985 cannot create sentinel: cannot create store: cannot create kv store: endpoints scheme must be http or https
Why is this needed:
In short for security reasons. In my project, I am running consul on the same box with the stolon on each node in cluster. Stolon is executed in container while consul as a regular process in the parent machine. I can not access consul using localhost unless I place the stolon service to "host" docker network that is not good too.