TLS support for etcd
This commit also introduces local etcd.tls.enabled switch, which is True by default. Change-Id: I4934f733228d6f7704e74e4fbf03029c39ffba30
This commit is contained in:
Aleksandr Mogylchenko
parent
e2e6dc2b50
commit
177375e02c
@ -12,5 +12,26 @@ service:
|
||||
- name: etcd
|
||||
image: etcd
|
||||
daemon:
|
||||
command: etcd --listen-client-urls http://0.0.0.0:{{ etcd.client_port.cont }}
|
||||
--advertise-client-urls {{ address("etcd", etcd.client_port, with_scheme=True) }}
|
||||
command: /opt/ccp/bin/entrypoint.sh
|
||||
files:
|
||||
- entrypoint
|
||||
# {% if security.tls.enabled %}
|
||||
- server_certificate
|
||||
- server_key
|
||||
# {% endif %}
|
||||
|
||||
files:
|
||||
entrypoint:
|
||||
path: /opt/ccp/bin/entrypoint.sh
|
||||
content: entrypoint.sh.j2
|
||||
perm: "0755"
|
||||
# {% if security.tls.enabled %}
|
||||
server_certificate:
|
||||
path: /opt/ccp/etc/tls/etcd_server_certificate.pem
|
||||
content: server.pem.j2
|
||||
perm: "0644"
|
||||
server_key:
|
||||
path: /opt/ccp/etc/tls/etcd_server_key.pem
|
||||
content: server-key.pem.j2
|
||||
perm: "0644"
|
||||
# {% endif %}
|
||||
|
||||
@ -6,6 +6,8 @@ configs:
|
||||
cont: 2379
|
||||
server_port:
|
||||
cont: 2380
|
||||
tls:
|
||||
enabled: true
|
||||
|
||||
versions:
|
||||
etcd_version: v3.0.12
|
||||
|
||||
12
service/files/entrypoint.sh.j2
Normal file
12
service/files/entrypoint.sh.j2
Normal file
@ -0,0 +1,12 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
{% if security.tls.enabled and etcd.tls.enabled %}
|
||||
etcd --listen-client-urls=https://{{ network_topology["private"]["address"] }}:{{ etcd.client_port.cont }},http://127.0.0.1:{{ etcd.client_port.cont }}\
|
||||
--advertise-client-urls=https://{{ address("etcd", etcd.client_port, with_scheme=False) }}\
|
||||
--peer-auto-tls\
|
||||
--cert-file=/opt/ccp/etc/tls/etcd_server_certificate.pem\
|
||||
--key-file=/opt/ccp/etc/tls/etcd_server_key.pem\
|
||||
{% else %}
|
||||
etcd --listen-client-urls http://0.0.0.0:{{ etcd.client_port.cont }}\
|
||||
--advertise-client-urls {{ address("etcd", etcd.client_port, with_scheme=True) }}
|
||||
{% endif %}
|
||||
1
service/files/server-key.pem.j2
Normal file
1
service/files/server-key.pem.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ security.tls.server_key }}
|
||||
1
service/files/server.pem.j2
Normal file
1
service/files/server.pem.j2
Normal file
@ -0,0 +1 @@
|
||||
{{ security.tls.server_cert }}
|
||||
Loading…
x
Reference in New Issue
Block a user