etcd3.5ssl配置

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了etcd3.5ssl配置相关的知识,希望对你有一定的参考价值。

一、1、机器配置

IP: 192.168.2.230
IP: 192.168.2.231
IP: 192.168.2.232

2、启动角本https

#!/bin/bash 
./etcd --name etcd232 --initial-advertise-peer-urls https://192.168.2.232:2380 \\
  --listen-peer-urls https://192.168.2.232:2380 \\
  --listen-client-urls https://192.168.2.232:2379,https://127.0.0.1:2379 \\
  --advertise-client-urls https://192.168.2.232:2379 \\
  --initial-cluster-token etcd-cluster-1 \\
  --initial-cluster etcd232=https://192.168.2.232:2380,etcd231=https://192.168.2.231:2380,etcd230=https://192.168.2.230:2380 \\
  --initial-cluster-state new \\
  --client-cert-auth --trusted-ca-file=/data/application/etcd/certs/ca.pem \\
  --cert-file=/data/application/etcd/certs/etcd.pem --key-file=/data/application/etcd/certs/etcd-key.pem \\
  --peer-client-cert-auth --peer-trusted-ca-file=/data/application/etcd/certs/ca.pem \\
  --peer-cert-file=/data/application/etcd/certs/etcd.pem --peer-key-file=/data/application/etcd/certs/etcd-key.pem

ssl参数解析

--cert-file 
  Path to the client server TLS cert file.
--key-file 
  Path to the client server TLS key file.
--client-cert-auth false
  Enable client cert authentication.
--client-crl-file 
  Path to the client certificate revocation list file.
--client-cert-allowed-hostname 
  Allowed TLS hostname for client cert authentication.
--trusted-ca-file 
  Path to the client server TLS trusted CA cert file.
--auto-tls false
  Client TLS using generated certificates.
--peer-cert-file 
  Path to the peer server TLS cert file.
--peer-key-file 
  Path to the peer server TLS key file.
--peer-client-cert-auth false
  Enable peer client cert authentication.
--peer-trusted-ca-file 
  Path to the peer server TLS trusted CA file.
--peer-cert-allowed-cn 
  Required CN for client certs connecting to the peer endpoint.
--peer-cert-allowed-hostname 
  Allowed TLS hostname for inter peer authentication.
--peer-auto-tls false
  Peer TLS using self-generated certificates if --peer-key-file and --peer-cert-file are not provided.
--self-signed-cert-validity 1
  The validity period of the client and peer certificates that are automatically generated by etcd when you specify ClientAutoTLS and PeerAutoTLS, the unit is year, and the default is 1.
--peer-crl-file 
  Path to the peer certificate revocation list file.
--cipher-suites 
  Comma-separated list of supported TLS cipher suites between client/server and peers (empty will be auto-populated by Go).
--cors *
  Comma-separated whitelist of origins for CORS, or cross-origin resource sharing, (empty or * means allow all).
--host-whitelist *
  Acceptable hostnames from HTTP client requests, if server is not secure (empty or * means allow all).

命令解析

./etcdctl --cacert=./certs/ca.pem --cert=./certs/etcd-peer.pem --key=./certs/etcd-peer-key.pem -w table endpoint --cluster status
./etcdctl --cacert=./certs/ca.pem --cert=./certs/etcd-peer.pem --key=./certs/etcd-peer-key.pem endpoint status
# 127.0.0.1:2379, 8211f1d0f64f3269, 3.0.0, 25 kB, false, 2, 63


以上是关于etcd3.5ssl配置的主要内容,如果未能解决你的问题,请参考以下文章

(4.19)SQL server 2008一些常见配置之一(基本配置,权限配置远程访问配置和内存配置。)

Tomcat卷五---Web 应用配置,管理配置和JVM配置

SpringBoot:配置文件的作用配置文件的格式properties配置文件yml配置文件

IDEA的常用配置,maven配置,git配置操作

SpringCloud Nacos配置管理 -- 统一配置管理(添加配置微服务配置拉取)

Android Gradle 插件LintOptions 配置 ⑦ ( explainIssues 属性配置 | htmlOutput 属性配置 | htmlReport 属性配置 )