3

大家好,

也许是一个非常愚蠢的问题,但我在集群节点之间有一个带有 SSL 的 CoreOS 集群。我已经在我的云配置中设置了舰队和 etcd。

舰队ctl 工作得很好。我不必提供任何证书,但是当我使用 etcdctl 时,我被迫提供这样的证书路径:

etcdctl --ca-file /home/core/etcd/certificates/ca.pem --cert-file /home/core/etcd/certificates/coreos.pem --key-file /home/core/etcd/certificates/coreos-key.pem --endpoint "https://10.129.1.226:2379" get /test/key

有没有一种方法可以配置 etcd2,使得 etcdctl 每次都不需要证书路径,例如:

etcdctl get /test/key

我的云配置的一部分:

write_files:
  # tell etcd2 and fleet where our certificates are going to live:
  - path: /run/systemd/system/etcd2.service.d/30-certificates.conf
    permissions: 0644
    content: |
      [Service]
      # client environment variables
      Environment=ETCD_CA_FILE=/home/core/etcd/certificates/ca.pem
      Environment=ETCD_CERT_FILE=/home/core/etcd/certificates/coreos.pem
      Environment=ETCD_KEY_FILE=/home/core/etcd/certificates/coreos-key.pem
      # peer environment variables
      Environment=ETCD_PEER_CA_FILE=/home/core/etcd/certificates/ca.pem
      Environment=ETCD_PEER_CERT_FILE=/home/core/etcd/certificates/coreos.pem
      Environment=ETCD_PEER_KEY_FILE=/home/core/etcd/certificates/coreos-key.pem
4

1 回答 1

4

根据etcdctl工具的 README.md,您可以为客户端设置环境变量。

你可以测试它:

1:验证它不工作

core@sylvana-coreos ~/docker $ etcdctl --endpoint "https://10.129.1.226:2379" ls /test
Error:  client: etcd cluster is unavailable or misconfigured
error #0: x509: certificate signed by unknown authority

2:导出正确的环境变量

export ETCDCTL_CA_FILE=/your/path/to/ca.pem
export ETCDCTL_CERT_FILE=/your/path/to/cert.pem
export ETCDCTL_KEY_FILE=/your/path/to/key.pem

3:验证它的工作

core@sylvana-coreos ~/docker $ etcdctl --endpoint "https://10.129.1.226:2379" ls /test
/test/key
于 2016-02-27T10:15:37.523 回答