Azure has its own etcd configuration

Other than two lines, it's identical to AWS's etcd configuration. I've also updated the instructions for configuring it.
2025-10-06 16:18:00 +08:00 · 2022-03-23 09:00:01 -07:00
parent 02fea91671
commit a1117ef370
2 changed files with 88 additions and 2 deletions
--- a/etcd/README.md
+++ b/etcd/README.md
@@ -48,10 +48,45 @@ cd /etc/etcd
 lpass login brian.cunnie@gmail.com --trust
 sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/ca.pem
 sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.pem
-sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.conf
+sudo curl -o etcd.conf -L https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd-aws.conf
 lpass show --note etcd-ca-key.pem | sudo tee ca-key.pem
 lpass show --note etcd-key.pem | sudo tee etcd-key.pem
-sudo chmod 600 *key*
+sudo chmod 400 *key*
+sudo chown etcd:etcd *key*
+```
+
+Let's fire up etcd:
+
+```shell
+sudo systemctl daemon-reload
+sudo systemctl enable etcd
+sudo systemctl stop etcd
+sudo systemctl start etcd
+sudo journalctl -xefu etcd # look for any errors on startup
+```
+
+If the messages look innocuous (ignore "serving client traffic insecurely; this
+is strongly discouraged!"), then check the cluster:
+
+```shell
+etcdctl member list # "8e9e05c52164694d, started, default, http://localhost:2380, http://localhost:2379, false"
+```
+
+#### Configure ns-azure.sslip.io
+
+Now let's set up etcd on ns-azure:
+
+```shell
+ssh ns-azure.sslip.io
+cd /etc/etcd
+lpass login brian.cunnie@gmail.com --trust
+sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/ca.pem
+sudo curl -OL https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd.pem
+sudo curl -o etcd.conf -L https://raw.githubusercontent.com/cunnie/sslip.io/main/etcd/etcd-azure.conf
+lpass show --note etcd-ca-key.pem | sudo tee ca-key.pem
+lpass show --note etcd-key.pem | sudo tee etcd-key.pem
+sudo chmod 400 *key*
+sudo chown etcd:etcd *key*
 ```

 Let's fire up etcd:
--- a/etcd/etcd-azure.conf
+++ b/etcd/etcd-azure.conf
@@ -0,0 +1,51 @@
+# [member]
+ETCD_NAME=ns-azure
+ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
+#ETCD_WAL_DIR=""
+#ETCD_SNAPSHOT_COUNT="10000"
+#ETCD_HEARTBEAT_INTERVAL="100"
+#ETCD_ELECTION_TIMEOUT="1000"
+ETCD_LISTEN_PEER_URLS="https://0.0.0.0:2380"
+ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
+#ETCD_MAX_SNAPSHOTS="5"
+#ETCD_MAX_WALS="5"
+#ETCD_CORS=""
+#
+#[cluster]
+ETCD_INITIAL_ADVERTISE_PEER_URLS="https://ns-azure.sslip.io:2380"
+# if you use different ETCD_NAME (e.g. test), set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
+ETCD_INITIAL_CLUSTER="ns-aws=https://ns-aws.sslip.io:2380,ns-azure=https://ns-azure.sslip.io:2380,ns-gce=https://ns-gce.sslip.io:2380"
+ETCD_INITIAL_CLUSTER_STATE="new"
+ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
+ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
+#ETCD_DISCOVERY=""
+#ETCD_DISCOVERY_SRV=""
+#ETCD_DISCOVERY_FALLBACK="proxy"
+#ETCD_DISCOVERY_PROXY=""
+#ETCD_STRICT_RECONFIG_CHECK="false"
+#ETCD_AUTO_COMPACTION_RETENTION="0"
+#
+#[proxy]
+#ETCD_PROXY="off"
+#ETCD_PROXY_FAILURE_WAIT="5000"
+#ETCD_PROXY_REFRESH_INTERVAL="30000"
+#ETCD_PROXY_DIAL_TIMEOUT="1000"
+#ETCD_PROXY_WRITE_TIMEOUT="5000"
+#ETCD_PROXY_READ_TIMEOUT="0"
+#
+#[security]
+ETCD_CERT_FILE="/etc/etcd/etcd.pem"
+ETCD_KEY_FILE="/etc/etcd/etcd-key.pem"
+#ETCD_CLIENT_CERT_AUTH="false"
+ETCD_TRUSTED_CA_FILE="/etc/etcd/ca.pem"
+#ETCD_AUTO_TLS="false"
+ETCD_PEER_CERT_FILE="/etc/etcd/etcd.pem"
+ETCD_PEER_KEY_FILE="/etc/etcd/etcd-key.pem"
+ETCD_PEER_CLIENT_CERT_AUTH="true"
+ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ca.pem"
+#ETCD_PEER_AUTO_TLS="false"
+#
+#[logging]
+#ETCD_DEBUG="false"
+# examples for -log-package-levels etcdserver=WARNING,security=DEBUG
+#ETCD_LOG_PACKAGE_LEVELS=""