The ungleich etcd infrastructure » History » Version 6
ll nu, 07/01/2019 01:04 PM
1 | 1 | ll nu | h1. The ungleich etcd infrastructure |
---|---|---|---|
2 | |||
3 | Hey there fellow open/free infrastructure lover, this is a documentation of the ongoing etcd deployment. |
||
4 | |||
5 | 6 | ll nu | h1. ----IN PROGRESS---- |
6 | 5 | ll nu | |
7 | |||
8 | 1 | ll nu | 1 create ca.crt with openssl |
9 | openssl genrsa -out rootCA.key 4096 |
||
10 | |||
11 | 2 self-sign this certificate. |
||
12 | openssl req -x509 -new -nodes -key rootCA.key -sha512 -days 1024 -out rootCA.pem |
||
13 | |||
14 | 3 create a private key for device 1 |
||
15 | openssl genrsa -out etcd1.key 2048 |
||
16 | |||
17 | 4 signing request |
||
18 | openssl req -new -key etcd1.key -out etcd1.csr |
||
19 | |||
20 | 5 signing device 1 key |
||
21 | openssl x509 -req -in etcd1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd1.crt -days 1024 -sha512 |
||
22 | |||
23 | 6 copy keys scp |
||
24 | |||
25 | 3 | ll nu | 7 start test etcd server |
26 | 1 | ll nu | etcd --name infra0 --data-dir infra0 \ |
27 | --cert-file=/root/keys/etcd1.crt --key-file=/root/keys/etcd1.key \ |
||
28 | --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 |
||
29 | 2 | ll nu | |
30 | 4 | ll nu | 8 create client key for authenticated access |
31 | openssl req -new -key etcd-client1.key -out etcd-client1.csr |
||
32 | openssl x509 -req -in etcd-client1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd-client1..crt -days 1024 -sha512 |
||
33 | 1 | ll nu | |
34 | 4 | ll nu | 9 |
35 | 5 | ll nu | etcd --name infra0 --data-dir infra0 --cert-file=/root/keys/etcd1.crt --key-file=/root/keys/etcd1.key --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --client-cert-auth --trusted-ca-file=/root/keys/rootCA.pem |
36 | 1 | ll nu | |
37 | 4 | ll nu | to test it: curl --cacert /root/keys/rootCA.pem https://etcd1.llnu.ungleich.cloud:2379/v2/keys/foo -XPUT -d value=bar -v |
38 | 5 | ll nu | |
39 | 10 create servers key, same as 8 |