PR #268: Add support for TLSSkipVerify for https consul fabio check

This patch adds support for disabling the TLS certificate validation for the fabio health check in consul.
fabiolb · Apr 22, 2017 · 8e74533 · 8e74533
1 parent 993e448
commit 8e74533
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 16 deletions.
diff --git a/config/config.go b/config/config.go
@@ -106,17 +106,18 @@ type File struct {
 }
 
 type Consul struct {
-	Addr          string
-	Scheme        string
-	Token         string
-	KVPath        string
-	TagPrefix     string
-	Register      bool
-	ServiceAddr   string
-	ServiceName   string
-	ServiceTags   []string
-	ServiceStatus []string
-	CheckInterval time.Duration
-	CheckTimeout  time.Duration
-	CheckScheme   string
+	Addr               string
+	Scheme             string
+	Token              string
+	KVPath             string
+	TagPrefix          string
+	Register           bool
+	ServiceAddr        string
+	ServiceName        string
+	ServiceTags        []string
+	ServiceStatus      []string
+	CheckInterval      time.Duration
+	CheckTimeout       time.Duration
+	CheckScheme        string
+	CheckTLSSkipVerify bool
 }
diff --git a/config/load.go b/config/load.go
@@ -162,6 +162,7 @@ func load(cmdline, environ, envprefix []string, props *properties.Properties) (c
 	f.StringSliceVar(&cfg.Registry.Consul.ServiceStatus, "registry.consul.service.status", defaultConfig.Registry.Consul.ServiceStatus, "valid service status values")
 	f.DurationVar(&cfg.Registry.Consul.CheckInterval, "registry.consul.register.checkInterval", defaultConfig.Registry.Consul.CheckInterval, "service check interval")
 	f.DurationVar(&cfg.Registry.Consul.CheckTimeout, "registry.consul.register.checkTimeout", defaultConfig.Registry.Consul.CheckTimeout, "service check timeout")
+	f.BoolVar(&cfg.Registry.Consul.CheckTLSSkipVerify, "registry.consul.register.checkTLSSkipVerify", defaultConfig.Registry.Consul.CheckTLSSkipVerify, "service check TLS verifcation")
 	f.IntVar(&cfg.Runtime.GOGC, "runtime.gogc", defaultConfig.Runtime.GOGC, "sets runtime.GOGC")
 	f.IntVar(&cfg.Runtime.GOMAXPROCS, "runtime.gomaxprocs", defaultConfig.Runtime.GOMAXPROCS, "sets runtime.GOMAXPROCS")
 	f.StringVar(&uiListenerValue, "ui.addr", defaultValues.UIListenerValue, "Address the UI/API is listening on")

diff --git a/config/load_test.go b/config/load_test.go
@@ -425,6 +425,13 @@ func TestLoad(t *testing.T) {
 				return cfg
 			},
 		},
+		{
+			args: []string{"-registry.consul.register.checkTLSSkipVerify=true"},
+			cfg: func(cfg *Config) *Config {
+				cfg.Registry.Consul.CheckTLSSkipVerify = true
+				return cfg
+			},
+		},
 		{
 			args: []string{"-registry.consul.register.tags", "a, b, c, "},
 			cfg: func(cfg *Config) *Config {

diff --git a/fabio.properties b/fabio.properties
@@ -593,6 +593,17 @@
 # registry.consul.register.checkTimeout = 3s
 
 
+# registry.consul.register.checkTLSSkipVerify configures TLS verification for the health check.
+#
+# Fabio registers an http health check on http(s)://${ui.addr}/health
+# and this value tells consul to skip TLS certificate validation for 
+# https checks.
+#
+# The default is
+#
+# registry.consul.register.checkTLSSkipVerify = false
+
+
 # metrics.target configures the backend the metrics values are
 # sent to.
 #

diff --git a/registry/consul/register.go b/registry/consul/register.go
@@ -115,9 +115,10 @@ func serviceRegistration(cfg *config.Consul) (*api.AgentServiceRegistration, err
 		Port:    port,
 		Tags:    cfg.ServiceTags,
 		Check: &api.AgentServiceCheck{
-			HTTP:     checkURL,
-			Interval: cfg.CheckInterval.String(),
-			Timeout:  cfg.CheckTimeout.String(),
+			HTTP:          checkURL,
+			Interval:      cfg.CheckInterval.String(),
+			Timeout:       cfg.CheckTimeout.String(),
+			TLSSkipVerify: cfg.CheckTLSSkipVerify,
 		},
 	}