etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH

Some installation are failing to authenticate with peers due to etcd picking up/resoling the wrong node. By setting 'etcd_peer_client_auth' to "False" you can disable peer client cert authentication. Signed-off-by: Sébastien Han <seb@redhat.com>
2026-01-31 17:19:17 -03:30 · 2018-01-11 19:07:43 +01:00
parent f4fe9e3421
commit fa8a128e49
3 changed files with 8 additions and 1 deletions
--- a/roles/etcd/defaults/main.yml
+++ b/roles/etcd/defaults/main.yml
@@ -40,3 +40,6 @@ etcd_vault_mount_path: etcd

 # Force clients like etcdctl to use TLS certs (different than peer security)
 etcd_secure_client: true
+
+# Enable peer client cert authentication
+etcd_peer_client_auth: true
--- a/roles/etcd/templates/etcd.env.j2
+++ b/roles/etcd/templates/etcd.env.j2
@@ -23,4 +23,4 @@ ETCD_CLIENT_CERT_AUTH={{ etcd_secure_client | lower}}
 ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
 ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
 ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
-ETCD_PEER_CLIENT_CERT_AUTH=true
+ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}