The ungleich etcd infrastructure » History » Revision 5
Revision 4 (ll nu, 06/25/2019 03:58 PM) → Revision 5/6 (ll nu, 07/01/2019 01:03 PM)
h1. The ungleich etcd infrastructure Hey there fellow open/free infrastructure lover, this is a documentation of the ongoing etcd deployment. h1. IN PROGRESS 1 create ca.crt with openssl openssl genrsa -out rootCA.key 4096 2 self-sign this certificate. openssl req -x509 -new -nodes -key rootCA.key -sha512 -days 1024 -out rootCA.pem 3 create a private key for device 1 openssl genrsa -out etcd1.key 2048 4 signing request openssl req -new -key etcd1.key -out etcd1.csr 5 signing device 1 key openssl x509 -req -in etcd1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd1.crt -days 1024 -sha512 6 copy keys scp 7 start test etcd server etcd --name infra0 --data-dir infra0 \ --cert-file=/root/keys/etcd1.crt --key-file=/root/keys/etcd1.key \ --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 8 create client key for authenticated access openssl req -new -key etcd-client1.key -out etcd-client1.csr openssl x509 -req -in etcd-client1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd-client1..crt -days 1024 -sha512 9 etcd --name infra0 --data-dir infra0 --cert-file=/root/keys/etcd1.crt --cert-file=/root/ke ys/etcd1.crt --key-file=/root/keys/etcd1.key --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --client-cert-auth --trusted-ca-file=/root/keys/rootCA.pem to test it: curl --cacert /root/keys/rootCA.pem https://etcd1.llnu.ungleich.cloud:2379/v2/keys/foo -XPUT -d value=bar -v 10 create servers key, same as 8