Version 6 - History - The ungleich etcd infrastructure - Open Infrastructure - ungleich redmine

The ungleich etcd infrastructure » History » Version 6

ll nu, 07/01/2019 01:04 PM

-ll nu
+h1. The ungleich etcd infrastructure
 Hey there fellow open/free infrastructure lover, this is a documentation of the ongoing etcd deployment.
-ll nu
+h1. ----IN PROGRESS----
 ll nu
-ll nu
+create ca.crt with openssl
 openssl genrsa -out rootCA.key 4096
 self-sign this certificate.
 openssl req -x509 -new -nodes -key rootCA.key -sha512 -days 1024 -out rootCA.pem
 create a private key for device 1
 openssl genrsa -out etcd1.key 2048
 signing request
 openssl req -new -key etcd1.key -out etcd1.csr
 signing device 1 key
 openssl x509 -req -in etcd1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd1.crt -days 1024 -sha512
 copy keys scp
-ll nu
+start test etcd server
-ll nu
+etcd --name infra0 --data-dir infra0 \
   --cert-file=/root/keys/etcd1.crt --key-file=/root/keys/etcd1.key \
   --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379
 ll nu
-ll nu
+create client key for authenticated access
 openssl req -new -key etcd-client1.key -out etcd-client1.csr
 openssl x509 -req -in etcd-client1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd-client1..crt -days 1024 -sha512
 ll nu
 ll nu
-ll nu
+etcd --name infra0 --data-dir infra0   --cert-file=/root/keys/etcd1.crt --key-file=/root/keys/etcd1.key --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --client-cert-auth --trusted-ca-file=/root/keys/rootCA.pem
 ll nu
-ll nu
+to test it: curl --cacert /root/keys/rootCA.pem  https://etcd1.llnu.ungleich.cloud:2379/v2/keys/foo -XPUT -d value=bar -v
 ll nu
 create servers key, same as 8

Project

General

Profile

Open Infrastructure

The ungleich etcd infrastructure » History » Version 6