Project

General

Profile

The ungleich etcd infrastructure » History » Version 6

ll nu, 07/01/2019 01:04 PM

1 1 ll nu
h1. The ungleich etcd infrastructure
2
3
Hey there fellow open/free infrastructure lover, this is a documentation of the ongoing etcd deployment. 
4
5 6 ll nu
h1. ----IN PROGRESS----
6 5 ll nu
7
8 1 ll nu
1 create ca.crt with openssl
9
openssl genrsa -out rootCA.key 4096
10
11
2 self-sign this certificate.
12
openssl req -x509 -new -nodes -key rootCA.key -sha512 -days 1024 -out rootCA.pem
13
14
3 create a private key for device 1
15
openssl genrsa -out etcd1.key 2048
16
17
4 signing request 
18
openssl req -new -key etcd1.key -out etcd1.csr
19
20
5 signing device 1 key
21
openssl x509 -req -in etcd1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd1.crt -days 1024 -sha512
22
23
6 copy keys scp
24
25 3 ll nu
7 start test etcd server 
26 1 ll nu
etcd --name infra0 --data-dir infra0 \
27
  --cert-file=/root/keys/etcd1.crt --key-file=/root/keys/etcd1.key \
28
  --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379
29 2 ll nu
30 4 ll nu
8 create client key for authenticated access
31
openssl req -new -key etcd-client1.key -out etcd-client1.csr
32
openssl x509 -req -in etcd-client1.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out etcd-client1..crt -days 1024 -sha512
33 1 ll nu
34 4 ll nu
9
35 5 ll nu
etcd --name infra0 --data-dir infra0   --cert-file=/root/keys/etcd1.crt --key-file=/root/keys/etcd1.key --advertise-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --listen-client-urls=https://[2a0a:e5c0:0:2:0:b3ff:fe39:798b]:2379 --client-cert-auth --trusted-ca-file=/root/keys/rootCA.pem
36 1 ll nu
37 4 ll nu
to test it: curl --cacert /root/keys/rootCA.pem  https://etcd1.llnu.ungleich.cloud:2379/v2/keys/foo -XPUT -d value=bar -v
38 5 ll nu
39
10 create servers key, same as 8