Merge "k8s_fedora: Explicitly set etcd authentication"

This commit is contained in:
Zuul 2018-03-30 12:25:09 +00:00 committed by Gerrit Code Review
commit 445853cff1
2 changed files with 11 additions and 0 deletions

View File

@ -69,11 +69,15 @@ if [ "$TLS_DISABLED" = "False" ]; then
cat >> /etc/etcd/etcd.conf <<EOF
ETCD_CA_FILE=$cert_dir/ca.crt
ETCD_TRUSTED_CA_FILE=$cert_dir/ca.crt
ETCD_CERT_FILE=$cert_dir/server.crt
ETCD_KEY_FILE=$cert_dir/server.key
ETCD_CLIENT_CERT_AUTH=true
ETCD_PEER_CA_FILE=$cert_dir/ca.crt
ETCD_PEER_TRUSTED_CA_FILE=$cert_dir/ca.crt
ETCD_PEER_CERT_FILE=$cert_dir/server.crt
ETCD_PEER_KEY_FILE=$cert_dir/server.key
ETCD_PEER_CLIENT_CERT_AUTH=true
EOF
fi

View File

@ -0,0 +1,7 @@
---
fixes:
- |
Fix etcd configuration in k8s_fedora_atomic driver. Explicitly enable
client and peer authentication and set trusted CA (ETCD_TRUSTED_CA_FILE,
ETCD_PEER_TRUSTED_CA_FILE, ETCD_CLIENT_CERT_AUTH,
ETCD_PEER_CLIENT_CERT_AUTH). Only new clusters will benefit from the fix.