diff --git a/command/agent/agent.go b/command/agent/agent.go index b19645f167..169db3276b 100644 --- a/command/agent/agent.go +++ b/command/agent/agent.go @@ -688,7 +688,8 @@ func (a *Agent) deletePid() error { return nil } -// loadKeyringFile will load a keyring out of a file +// loadKeyringFile will load a gossip encryption keyring out of a file. The file +// must be in JSON format and contain a list of encryption key strings. func loadKeyringFile(c *serf.Config) error { if c.KeyringFile == "" { return nil diff --git a/command/agent/command.go b/command/agent/command.go index c02b8135c6..f15cea41fa 100644 --- a/command/agent/command.go +++ b/command/agent/command.go @@ -67,6 +67,7 @@ func (c *Command) readConfig() *Config { cmdFlags.StringVar(&cmdConfig.UiDir, "ui-dir", "", "path to the web UI directory") cmdFlags.StringVar(&cmdConfig.PidFile, "pid-file", "", "path to file to store PID") cmdFlags.StringVar(&cmdConfig.EncryptKey, "encrypt", "", "gossip encryption key") + cmdFlags.BoolVar(&cmdConfig.Server, "server", false, "run agent as server") cmdFlags.BoolVar(&cmdConfig.Bootstrap, "bootstrap", false, "enable server bootstrap mode") cmdFlags.IntVar(&cmdConfig.BootstrapExpect, "bootstrap-expect", 0, "enable automatic bootstrap via expect mode") @@ -142,6 +143,13 @@ func (c *Command) readConfig() *Config { config.NodeName = hostname } + if config.EncryptKey != "" { + if _, err := config.EncryptBytes(); err != nil { + c.Ui.Error(fmt.Sprintf("Invalid encryption key: %s", err)) + return nil + } + } + // Ensure we have a data directory if config.DataDir == "" { c.Ui.Error("Must specify data directory using -data-dir") @@ -172,13 +180,6 @@ func (c *Command) readConfig() *Config { return nil } - if config.EncryptKey != "" { - if _, err := config.EncryptBytes(); err != nil { - c.Ui.Error(fmt.Sprintf("Invalid encryption key: %s", err)) - return nil - } - } - // Compile all the watches for _, params := range config.Watches { // Parse the watches, excluding the handler @@ -591,10 +592,7 @@ func (c *Command) Run(args []string) int { } // Determine if gossip is encrypted - gossipEncrypted := false - if config.EncryptKey != "" || config.keyringFileExists() { - gossipEncrypted = true - } + gossipEncrypted := config.EncryptKey != "" || config.keyringFileExists() // Let the agent know we've finished registration c.agent.StartSync() diff --git a/command/agent/config.go b/command/agent/config.go index 69097984d9..1188c7be9a 100644 --- a/command/agent/config.go +++ b/command/agent/config.go @@ -412,7 +412,8 @@ func (c *Config) ClientListenerAddr(override string, port int) (string, error) { } // keyringFileExists determines if there are encryption key files present -// in the data directory. +// in the data directory. On client nodes, this returns true if a LAN keyring +// is present. On server nodes, it returns true if either keyring file exists. func (c *Config) keyringFileExists() bool { fileLAN := filepath.Join(c.DataDir, SerfLANKeyring) fileWAN := filepath.Join(c.DataDir, SerfWANKeyring)