diff --git a/etcd/README.md b/etcd/README.md index 1684ece..651d5bd 100644 --- a/etcd/README.md +++ b/etcd/README.md @@ -48,10 +48,45 @@ cd /etc/etcd lpass login brian.cunnie@gmail.com --trust sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/ca.pem sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.pem -sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.conf +sudo curl -o etcd.conf -L https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd-aws.conf lpass show --note etcd-ca-key.pem | sudo tee ca-key.pem lpass show --note etcd-key.pem | sudo tee etcd-key.pem -sudo chmod 600 *key* +sudo chmod 400 *key* +sudo chown etcd:etcd *key* +``` + +Let's fire up etcd: + +```shell +sudo systemctl daemon-reload +sudo systemctl enable etcd +sudo systemctl stop etcd +sudo systemctl start etcd +sudo journalctl -xefu etcd # look for any errors on startup +``` + +If the messages look innocuous (ignore "serving client traffic insecurely; this +is strongly discouraged!"), then check the cluster: + +```shell +etcdctl member list # "8e9e05c52164694d, started, default, http://localhost:2380, http://localhost:2379, false" +``` + +#### Configure ns-azure.sslip.io + +Now let's set up etcd on ns-azure: + +```shell +ssh ns-azure.sslip.io +cd /etc/etcd +lpass login brian.cunnie@gmail.com --trust +sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/ca.pem +sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.pem +sudo curl -o etcd.conf -L https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd-azure.conf +lpass show --note etcd-ca-key.pem | sudo tee ca-key.pem +lpass show --note etcd-key.pem | sudo tee etcd-key.pem +sudo chmod 400 *key* +sudo chown etcd:etcd *key* ``` Let's fire up etcd: diff --git a/etcd/etcd-azure.conf b/etcd/etcd-azure.conf new file mode 100644 index 0000000..b6460c4 --- /dev/null +++ b/etcd/etcd-azure.conf @@ -0,0 +1,51 @@ +# [member] +ETCD_NAME=ns-azure +ETCD_DATA_DIR="/var/lib/etcd/default.etcd" +#ETCD_WAL_DIR="" +#ETCD_SNAPSHOT_COUNT="10000" +#ETCD_HEARTBEAT_INTERVAL="100" +#ETCD_ELECTION_TIMEOUT="1000" +ETCD_LISTEN_PEER_URLS="https://0.0.0.0:2380" +ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" +#ETCD_MAX_SNAPSHOTS="5" +#ETCD_MAX_WALS="5" +#ETCD_CORS="" +# +#[cluster] +ETCD_INITIAL_ADVERTISE_PEER_URLS="https://ns-azure.sslip.io:2380" +# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..." +ETCD_INITIAL_CLUSTER="ns-aws=https://ns-aws.sslip.io:2380,ns-azure=https://ns-azure.sslip.io:2380,ns-gce=https://ns-gce.sslip.io:2380" +ETCD_INITIAL_CLUSTER_STATE="new" +ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" +ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" +#ETCD_DISCOVERY="" +#ETCD_DISCOVERY_SRV="" +#ETCD_DISCOVERY_FALLBACK="proxy" +#ETCD_DISCOVERY_PROXY="" +#ETCD_STRICT_RECONFIG_CHECK="false" +#ETCD_AUTO_COMPACTION_RETENTION="0" +# +#[proxy] +#ETCD_PROXY="off" +#ETCD_PROXY_FAILURE_WAIT="5000" +#ETCD_PROXY_REFRESH_INTERVAL="30000" +#ETCD_PROXY_DIAL_TIMEOUT="1000" +#ETCD_PROXY_WRITE_TIMEOUT="5000" +#ETCD_PROXY_READ_TIMEOUT="0" +# +#[security] +ETCD_CERT_FILE="/etc/etcd/etcd.pem" +ETCD_KEY_FILE="/etc/etcd/etcd-key.pem" +#ETCD_CLIENT_CERT_AUTH="false" +ETCD_TRUSTED_CA_FILE="/etc/etcd/ca.pem" +#ETCD_AUTO_TLS="false" +ETCD_PEER_CERT_FILE="/etc/etcd/etcd.pem" +ETCD_PEER_KEY_FILE="/etc/etcd/etcd-key.pem" +ETCD_PEER_CLIENT_CERT_AUTH="true" +ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ca.pem" +#ETCD_PEER_AUTO_TLS="false" +# +#[logging] +#ETCD_DEBUG="false" +# examples for -log-package-levels etcdserver=WARNING,security=DEBUG +#ETCD_LOG_PACKAGE_LEVELS=""