External-Mirrors/kubespray
2
0
Fork 0
mirror of https://github.com/kubernetes-sigs/kubespray.git synced 2026-02-24 14:36:04 -03:30
Code Issues Packages Projects Releases Wiki Activity

etcd: ability to enable/disable ETCD_PEER_CLIENT_CERT_AUTH

Browse Source 
Some installation are failing to authenticate with peers due to
etcd picking up/resoling the wrong node.

By setting 'etcd_peer_client_auth' to "False" you can disable peer client cert
authentication.

Signed-off-by: Sébastien Han <seb@redhat.com>
This commit is contained in:
Sébastien Han
2018-01-11 19:07:43 +01:00
parent f4fe9e3421
commit fa8a128e49
3 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
roles/etcd/templates/etcd.env.j2
View File

@@ -23,4 +23,4 @@ ETCD_CLIENT_CERT_AUTH={{ etcd_secure_client | lower}}
ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
ETCD_PEER_CLIENT_CERT_AUTH=true
ETCD_PEER_CLIENT_CERT_AUTH={{ etcd_peer_client_auth }}