Azure has its own etcd configuration

Other than two lines, it's identical to AWS's etcd configuration. I've also updated the instructions for configuring it.
2025-10-07 00:23:44 +08:00 · 2022-03-23 09:00:01 -07:00
parent 02fea91671
commit a1117ef370
2 changed files with 88 additions and 2 deletions
--- a/etcd/README.md
+++ b/etcd/README.md
@@ -48,10 +48,45 @@ cd /etc/etcd
 lpass login brian.cunnie@gmail.com --trust
 sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/ca.pem
 sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.pem
-sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.conf
+sudo curl -o etcd.conf -L https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd-aws.conf
 lpass show --note etcd-ca-key.pem | sudo tee ca-key.pem
 lpass show --note etcd-key.pem | sudo tee etcd-key.pem
-sudo chmod 600 *key*
+sudo chmod 400 *key*
 sudo chown etcd:etcd *key*
 ```
 Let's fire up etcd:
 ```shell
 sudo systemctl daemon-reload
 sudo systemctl enable etcd
 sudo systemctl stop etcd
 sudo systemctl start etcd
 sudo journalctl -xefu etcd # look for any errors on startup
 ```
 If the messages look innocuous (ignore "serving client traffic insecurely; this
 is strongly discouraged!"), then check the cluster:
 ```shell
 etcdctl member list # "8e9e05c52164694d, started, default, http://localhost:2380, http://localhost:2379, false"
 ```
 #### Configure ns-azure.sslip.io
 Now let's set up etcd on ns-azure:
 ```shell
 ssh ns-azure.sslip.io
 cd /etc/etcd
 lpass login brian.cunnie@gmail.com --trust
 sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/ca.pem
 sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.pem
 sudo curl -o etcd.conf -L https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd-azure.conf
 lpass show --note etcd-ca-key.pem | sudo tee ca-key.pem
 lpass show --note etcd-key.pem | sudo tee etcd-key.pem
 sudo chmod 400 *key*
 sudo chown etcd:etcd *key*
 ```
 Let's fire up etcd:
--- a/etcd/etcd-azure.conf
+++ b/etcd/etcd-azure.conf
@@ -0,0 +1,51 @@
 # [member]
 ETCD_NAME=ns-azure
 ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
 #ETCD_WAL_DIR=""
 #ETCD_SNAPSHOT_COUNT="10000"
 #ETCD_HEARTBEAT_INTERVAL="100"
 #ETCD_ELECTION_TIMEOUT="1000"
 ETCD_LISTEN_PEER_URLS="https://0.0.0.0:2380"
 ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
 #ETCD_MAX_SNAPSHOTS="5"
 #ETCD_MAX_WALS="5"
 #ETCD_CORS=""
 #
 #[cluster]
 ETCD_INITIAL_ADVERTISE_PEER_URLS="https://ns-azure.sslip.io:2380"
 # if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
 ETCD_INITIAL_CLUSTER="ns-aws=https://ns-aws.sslip.io:2380,ns-azure=https://ns-azure.sslip.io:2380,ns-gce=https://ns-gce.sslip.io:2380"
 ETCD_INITIAL_CLUSTER_STATE="new"
 ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
 ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
 #ETCD_DISCOVERY=""
 #ETCD_DISCOVERY_SRV=""
 #ETCD_DISCOVERY_FALLBACK="proxy"
 #ETCD_DISCOVERY_PROXY=""
 #ETCD_STRICT_RECONFIG_CHECK="false"
 #ETCD_AUTO_COMPACTION_RETENTION="0"
 #
 #[proxy]
 #ETCD_PROXY="off"
 #ETCD_PROXY_FAILURE_WAIT="5000"
 #ETCD_PROXY_REFRESH_INTERVAL="30000"
 #ETCD_PROXY_DIAL_TIMEOUT="1000"
 #ETCD_PROXY_WRITE_TIMEOUT="5000"
 #ETCD_PROXY_READ_TIMEOUT="0"
 #
 #[security]
 ETCD_CERT_FILE="/etc/etcd/etcd.pem"
 ETCD_KEY_FILE="/etc/etcd/etcd-key.pem"
 #ETCD_CLIENT_CERT_AUTH="false"
 ETCD_TRUSTED_CA_FILE="/etc/etcd/ca.pem"
 #ETCD_AUTO_TLS="false"
 ETCD_PEER_CERT_FILE="/etc/etcd/etcd.pem"
 ETCD_PEER_KEY_FILE="/etc/etcd/etcd-key.pem"
 ETCD_PEER_CLIENT_CERT_AUTH="true"
 ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ca.pem"
 #ETCD_PEER_AUTO_TLS="false"
 #
 #[logging]
 #ETCD_DEBUG="false"
 # examples for -log-package-levels etcdserver=WARNING,security=DEBUG
 #ETCD_LOG_PACKAGE_LEVELS=""