Merge pull request #2172 from leseb/etcd-auth

etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH
This commit is contained in:
Antoine Legrand 2018-02-07 11:25:56 +01:00 committed by GitHub
commit fe57c13b51
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 8 additions and 1 deletions

View file

@ -20,6 +20,10 @@ bin_dir: /usr/local/bin
## This may be the case if clients support and loadbalance multiple etcd servers natively. ## This may be the case if clients support and loadbalance multiple etcd servers natively.
#etcd_multiaccess: true #etcd_multiaccess: true
### ETCD: disable peer client cert authentication.
# This affects ETCD_PEER_CLIENT_CERT_AUTH variable
#etcd_peer_client_auth: true
## External LB example config ## External LB example config
## apiserver_loadbalancer_domain_name: "elb.some.domain" ## apiserver_loadbalancer_domain_name: "elb.some.domain"
#loadbalancer_apiserver: #loadbalancer_apiserver:

View file

@ -40,3 +40,6 @@ etcd_vault_mount_path: etcd
# Force clients like etcdctl to use TLS certs (different than peer security) # Force clients like etcdctl to use TLS certs (different than peer security)
etcd_secure_client: true etcd_secure_client: true
# Enable peer client cert authentication
etcd_peer_client_auth: true

View file

@ -23,4 +23,4 @@ ETCD_CLIENT_CERT_AUTH={{ etcd_secure_client | lower}}
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
ETCD_PEER_CLIENT_CERT_AUTH=true ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}