Last active
August 29, 2015 14:04
-
-
Save tracker1/5b27eb03def18ef0a757 to your computer and use it in GitHub Desktop.
Keys for etcd cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
> etcd -name="MICHAELR" --config=/etc/etcd/etcd-dev.conf | |
[etcd] Aug 4 17:40:59.669 CRITICAL | TLS info error: crypto/tls: private key does not match public key |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#name = "test" | |
#addr = "127.0.0.1:4001" | |
bind_addr = "0.0.0.0:4001" | |
ca_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/ca.crt" | |
cert_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/server.crt" | |
key_file = "/etc/pki/tls/ccn/etcd.dev-classiccars.com/server.key" | |
data_dir = "/var/lib/etcd/" | |
cors = [] | |
cpu_profile_file = "" | |
#cc-dev-etcd-cluster -- created via https://discovery.etcd.io/new | |
discovery = "https://discovery.etcd.io/b1f955c3030c8b545a7d57edc15139d4" | |
http_read_timeout = 10.0 | |
http_write_timeout = 10.0 | |
peers = [] | |
peers_file = "" | |
max_cluster_size = 9 | |
max_result_buffer = 1024 | |
max_retry_attempts = 3 | |
name = "default-name" | |
snapshot = false | |
verbose = false | |
very_verbose = false | |
#[peer] | |
#addr = "127.0.0.1:7001" | |
#bind_addr = "127.0.0.1:7001" | |
#ca_file = "" | |
#cert_file = "" | |
#key_file = "" | |
[cluster] | |
active_size = 12 | |
remove_delay = 180.0 | |
sync_interval = 5.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#use this to generate initial etcd cert infrastructure | |
#bash ./generate-certs.sh "etcd.dev-classiccars.com" | |
#bash ./generate-certs.sh "etcd.test-classiccars.com" | |
#bash ./generate-certs.sh "etcd.stage-classiccars.com" | |
#bash ./generate-certs.sh "etcd.prod-classiccars.com" | |
function gencert { | |
name=$1 | |
keypath=$2 | |
commonname=$3 | |
# Generate KEY and CSR | |
openssl req \ | |
-new \ | |
-newkey rsa:4096 \ | |
-nodes \ | |
-subj "/C=US/ST=Arizona/L=Phoenix/O=ClassicCars.com/CN=${commonname}" \ | |
-keyout "${keypath}/${name}.key" \ | |
-out "${keypath}/${name}.csr" | |
# Generate Signed Key (ca will be self-signed) | |
openssl x509 -req -days 3655 -in "${keypath}/${name}.csr" -signkey "${keypath}/ca.key" -out "${keypath}/${name}.crt" | |
# Generate public key pem file | |
openssl rsa -in "${keypath}/${name}.key" -pubout -out "${keypath}/${name}.pub" | |
# Cleanup signing request token | |
rm "${keypath}/${name}.csr" | |
# merged .pem file for webmin | |
cat "${keypath}/${name}.crt" "${keypath}/${name}.key" > "${keypath}/${name}.pem" | |
} | |
function gencerts { | |
#basepath for certs include check for windows bash shell buggery | |
basepath=/etc/pki/tls/ccn | |
[ -d /c ] && basepath=/c/etc/pki/tls/ccn | |
#keypath | |
keypath="${basepath}/${1}" | |
#cleanup previous values | |
[ -d "$keypath" ] && rm -Rf "${keypath}" | |
mkdir -p "$keypath" | |
#generate individual certs | |
gencert "ca" "${keypath}" "${1}" | |
gencert "client" "${keypath}" "${1}" | |
gencert "server" "${keypath}" "${1}" | |
} | |
gencerts $1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment