Merge pull request #2172 from leseb/etcd-auth
etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
This commit is contained in:
commit
fe57c13b51
3 changed files with 8 additions and 1 deletions
|
@ -20,6 +20,10 @@ bin_dir: /usr/local/bin
|
||||||
## This may be the case if clients support and loadbalance multiple etcd servers natively.
|
## This may be the case if clients support and loadbalance multiple etcd servers natively.
|
||||||
#etcd_multiaccess: true
|
#etcd_multiaccess: true
|
||||||
|
|
||||||
|
### ETCD: disable peer client cert authentication.
|
||||||
|
# This affects ETCD_PEER_CLIENT_CERT_AUTH variable
|
||||||
|
#etcd_peer_client_auth: true
|
||||||
|
|
||||||
## External LB example config
|
## External LB example config
|
||||||
## apiserver_loadbalancer_domain_name: "elb.some.domain"
|
## apiserver_loadbalancer_domain_name: "elb.some.domain"
|
||||||
#loadbalancer_apiserver:
|
#loadbalancer_apiserver:
|
||||||
|
|
|
@ -40,3 +40,6 @@ etcd_vault_mount_path: etcd
|
||||||
|
|
||||||
# Force clients like etcdctl to use TLS certs (different than peer security)
|
# Force clients like etcdctl to use TLS certs (different than peer security)
|
||||||
etcd_secure_client: true
|
etcd_secure_client: true
|
||||||
|
|
||||||
|
# Enable peer client cert authentication
|
||||||
|
etcd_peer_client_auth: true
|
||||||
|
|
|
@ -23,4 +23,4 @@ ETCD_CLIENT_CERT_AUTH={{ etcd_secure_client | lower}}
|
||||||
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
|
||||||
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
|
||||||
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
|
||||||
ETCD_PEER_CLIENT_CERT_AUTH=true
|
ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}
|
||||||
|
|
Loading…
Reference in a new issue