tracker1/console-output

## console-output
> etcd -name="MICHAELR" --config=/etc/etcd/etcd-dev.conf
[etcd] Aug  4 17:40:59.669 CRITICAL  | TLS info error: crypto/tls: private key does not match public key

## etcd-dev.conf
#name = "test"
#addr = "127.0.0.1:4001"
bind_addr = "0.0.0.0:4001"

ca_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/ca.crt"
cert_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/server.crt"
key_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/server.key"

data_dir = "/var/lib/etcd/"

cors = []
cpu_profile_file = ""

#cc-dev-etcd-cluster -- created via https://discovery.etcd.io/new
discovery = "https://discovery.etcd.io/b1f955c3030c8b545a7d57edc15139d4"
http_read_timeout = 10.0
http_write_timeout = 10.0

peers = []
peers_file = ""
max_cluster_size = 9
max_result_buffer = 1024
max_retry_attempts = 3
name = "default-name"
snapshot = false
verbose = false
very_verbose = false

#[peer]
#addr = "127.0.0.1:7001"
#bind_addr = "127.0.0.1:7001"
#ca_file = ""
#cert_file = ""
#key_file = ""

[cluster]
active_size = 12
remove_delay = 180.0
sync_interval = 5.0

## generate-certs.sh
#!/bin/bash

#use this to generate initial etcd cert infrastructure
#bash ./generate-certs.sh "etcd.dev-classiccars.com"
#bash ./generate-certs.sh "etcd.test-classiccars.com"
#bash ./generate-certs.sh "etcd.stage-classiccars.com"
#bash ./generate-certs.sh "etcd.prod-classiccars.com"


function gencert {
  name=$1
  keypath=$2
  commonname=$3

  # Generate KEY and CSR
  openssl req \
    -new \
    -newkey rsa:4096 \
    -nodes \
    -subj "/C=US/ST=Arizona/L=Phoenix/O=ClassicCars.com/CN=${commonname}" \
    -keyout "${keypath}/${name}.key" \
    -out "${keypath}/${name}.csr"

  # Generate Signed Key (ca will be self-signed)
  openssl x509 -req -days 3655 -in "${keypath}/${name}.csr" -signkey "${keypath}/ca.key" -out "${keypath}/${name}.crt"

  # Generate public key pem file
  openssl rsa -in "${keypath}/${name}.key" -pubout -out "${keypath}/${name}.pub"

  # Cleanup signing request token
  rm "${keypath}/${name}.csr"

  # merged .pem file for webmin
  cat "${keypath}/${name}.crt" "${keypath}/${name}.key" > "${keypath}/${name}.pem"
}

function gencerts {
  #basepath for certs include check for windows bash shell buggery
  basepath=/etc/pki/tls/ccn
  [ -d /c ] && basepath=/c/etc/pki/tls/ccn

  #keypath
  keypath="${basepath}/${1}"

  #cleanup previous values
  [ -d "$keypath" ] && rm -Rf "${keypath}"
  mkdir -p "$keypath"

  #generate individual certs
  gencert "ca" "${keypath}" "${1}"
  gencert "client" "${keypath}" "${1}"
  gencert "server" "${keypath}" "${1}"

}

gencerts $1
	> etcd -name="MICHAELR" --config=/etc/etcd/etcd-dev.conf
	[etcd] Aug 4 17:40:59.669 CRITICAL \| TLS info error: crypto/tls: private key does not match public key
	#name = "test"
	#addr = "127.0.0.1:4001"
	bind_addr = "0.0.0.0:4001"

	ca_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/ca.crt"
	cert_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/server.crt"
	key_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/server.key"

	data_dir = "/var/lib/etcd/"

	cors = []
	cpu_profile_file = ""

	#cc-dev-etcd-cluster -- created via https://discovery.etcd.io/new
	discovery = "https://discovery.etcd.io/b1f955c3030c8b545a7d57edc15139d4"
	http_read_timeout = 10.0
	http_write_timeout = 10.0

	peers = []
	peers_file = ""
	max_cluster_size = 9
	max_result_buffer = 1024
	max_retry_attempts = 3
	name = "default-name"
	snapshot = false
	verbose = false
	very_verbose = false

	#[peer]
	#addr = "127.0.0.1:7001"
	#bind_addr = "127.0.0.1:7001"
	#ca_file = ""
	#cert_file = ""
	#key_file = ""

	[cluster]
	active_size = 12
	remove_delay = 180.0
	sync_interval = 5.0
	#!/bin/bash

	#use this to generate initial etcd cert infrastructure
	#bash ./generate-certs.sh "etcd.dev-classiccars.com"
	#bash ./generate-certs.sh "etcd.test-classiccars.com"
	#bash ./generate-certs.sh "etcd.stage-classiccars.com"
	#bash ./generate-certs.sh "etcd.prod-classiccars.com"


	function gencert {
	name=$1
	keypath=$2
	commonname=$3

	# Generate KEY and CSR
	openssl req \
	-new \
	-newkey rsa:4096 \
	-nodes \
	-subj "/C=US/ST=Arizona/L=Phoenix/O=ClassicCars.com/CN=${commonname}" \
	-keyout "${keypath}/${name}.key" \
	-out "${keypath}/${name}.csr"

	# Generate Signed Key (ca will be self-signed)
	openssl x509 -req -days 3655 -in "${keypath}/${name}.csr" -signkey "${keypath}/ca.key" -out "${keypath}/${name}.crt"

	# Generate public key pem file
	openssl rsa -in "${keypath}/${name}.key" -pubout -out "${keypath}/${name}.pub"

	# Cleanup signing request token
	rm "${keypath}/${name}.csr"

	# merged .pem file for webmin
	cat "${keypath}/${name}.crt" "${keypath}/${name}.key" > "${keypath}/${name}.pem"
	}

	function gencerts {
	#basepath for certs include check for windows bash shell buggery
	basepath=/etc/pki/tls/ccn
	[ -d /c ] && basepath=/c/etc/pki/tls/ccn

	#keypath
	keypath="${basepath}/${1}"

	#cleanup previous values
	[ -d "$keypath" ] && rm -Rf "${keypath}"
	mkdir -p "$keypath"

	#generate individual certs
	gencert "ca" "${keypath}" "${1}"
	gencert "client" "${keypath}" "${1}"
	gencert "server" "${keypath}" "${1}"

	}

	gencerts $1