Ssl 如何在不提供证书的情况下使用etcdctl
大家好 也许这是一个非常愚蠢的问题,但我有一个CoreOS集群,在集群节点之间使用SSL。我已经在我的云配置中设置了舰队和etcd fleetctl工作得很好。我不必提供任何证书,但当我使用etcdctl时,我会强制提供如下证书路径:Ssl 如何在不提供证书的情况下使用etcdctl,ssl,certificate,coreos,etcd,Ssl,Certificate,Coreos,Etcd,大家好 也许这是一个非常愚蠢的问题,但我有一个CoreOS集群,在集群节点之间使用SSL。我已经在我的云配置中设置了舰队和etcd fleetctl工作得很好。我不必提供任何证书,但当我使用etcdctl时,我会强制提供如下证书路径: etcdctl --ca-file /home/core/etcd/certificates/ca.pem --cert-file /home/core/etcd/certificates/coreos.pem --key-file /home/core/etcd
etcdctl --ca-file /home/core/etcd/certificates/ca.pem --cert-file /home/core/etcd/certificates/coreos.pem --key-file /home/core/etcd/certificates/coreos-key.pem --endpoint "https://10.129.1.226:2379" get /test/key
是否有一种方法可以配置etcd2,使etcdctl每次都不需要证书路径,如:
etcdctl get /test/key
我的云配置的一部分:
write_files:
# tell etcd2 and fleet where our certificates are going to live:
- path: /run/systemd/system/etcd2.service.d/30-certificates.conf
permissions: 0644
content: |
[Service]
# client environment variables
Environment=ETCD_CA_FILE=/home/core/etcd/certificates/ca.pem
Environment=ETCD_CERT_FILE=/home/core/etcd/certificates/coreos.pem
Environment=ETCD_KEY_FILE=/home/core/etcd/certificates/coreos-key.pem
# peer environment variables
Environment=ETCD_PEER_CA_FILE=/home/core/etcd/certificates/ca.pem
Environment=ETCD_PEER_CERT_FILE=/home/core/etcd/certificates/coreos.pem
Environment=ETCD_PEER_KEY_FILE=/home/core/etcd/certificates/coreos-key.pem
根据该工具的README.md,您可以为客户端设置环境变量 您可以测试它: 1:确认它不工作
core@sylvana-coreos ~/docker $ etcdctl --endpoint "https://10.129.1.226:2379" ls /test
Error: client: etcd cluster is unavailable or misconfigured
error #0: x509: certificate signed by unknown authority
2:导出正确的环境变量
export ETCDCTL_CA_FILE=/your/path/to/ca.pem
export ETCDCTL_CERT_FILE=/your/path/to/cert.pem
export ETCDCTL_KEY_FILE=/your/path/to/key.pem
3:验证它是否正常工作
core@sylvana-coreos ~/docker $ etcdctl --endpoint "https://10.129.1.226:2379" ls /test
/test/key