Home Explore Help
Register Sign In
publics
/
etcd-io__etcd
0
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

e2e/docker-dns-srv: enable peer, client TLS

Signed-off-by: Gyu-Ho Lee <gyuhox@gmail.com>
Gyu-Ho Lee 8 years ago
parent
d57159f79a
commit
5d3a5912eb
4 changed files with 13 additions and 11 deletions
Unified View Show Diff Stats
  1. 1 2
      Makefile
  2. 3 3
      e2e/docker-dns-srv/Procfile
  3. 6 6
      e2e/docker-dns-srv/etcd.zone
  4. 3 0
      e2e/docker-dns-srv/run.sh

+ 1 - 2
Makefile
View File 

@@ -143,7 +143,7 @@ docker-dns-srv-test-build:
 
 	  --rm \
 
 	  --rm \
 
 	  --dns 127.0.0.1 \
 
 	  --dns 127.0.0.1 \
 
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
 
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
 
-	  /bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig +noall +answer SRV _etcd-client._tcp.etcd.local && dig +noall +answer SRV _etcd-server._tcp.etcd.local && dig +noall +answer m1.etcd.local m2.etcd.local m3.etcd.local"
 
+	  /bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig +noall +answer SRV _etcd-client-ssl._tcp.etcd.local && dig +noall +answer SRV _etcd-server-ssl._tcp.etcd.local && dig +noall +answer m1.etcd.local m2.etcd.local m3.etcd.local"
 
 
 
 docker-dns-srv-test-push:
 
 docker-dns-srv-test-push:
 
 	gcloud docker -- push gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION)
 
 	gcloud docker -- push gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION)
 
@@ -162,5 +162,4 @@ docker-dns-srv-test-run:
 
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
 
 	  gcr.io/etcd-development/etcd-dns-srv-test:$(_GO_VERSION) \
 
 	  /bin/bash -c "cd /etcd && /run.sh && rm -rf m*.etcd"
 
 	  /bin/bash -c "cd /etcd && /run.sh && rm -rf m*.etcd"
 
 
 
-# TODO: run DNS/SRV with TLS
 
 # TODO: add DNS integration tests
 
 # TODO: add DNS integration tests

+ 3 - 3
e2e/docker-dns-srv/Procfile
View File 

@@ -1,5 +1,5 @@
 
-etcd1: ./etcd --name m1 --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
 
+etcd1: ./etcd --name m1 --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
 
 
 
-etcd2: ./etcd --name m2 --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
 
+etcd2: ./etcd --name m2 --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
 
 
 
-etcd3: ./etcd --name m3 --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new
 
+etcd3: ./etcd --name m3 --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server-wildcard.crt --peer-key-file=/certs/server-wildcard.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server-wildcard.crt --key-file=/certs/server-wildcard.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth

+ 6 - 6
e2e/docker-dns-srv/etcd.zone
View File 

@@ -8,9 +8,9 @@ etcd.local.	IN	NS	bindhostname.
 
 m1.etcd.local.	300	IN	A	127.0.0.1
 
 m1.etcd.local.	300	IN	A	127.0.0.1
 
 m2.etcd.local.	300	IN	A	127.0.0.1
 
 m2.etcd.local.	300	IN	A	127.0.0.1
 
 m3.etcd.local.	300	IN	A	127.0.0.1
 
 m3.etcd.local.	300	IN	A	127.0.0.1
 
-_etcd-client._tcp	300	IN	SRV	0 0 2379 m1.etcd.local.
 
-_etcd-client._tcp	300	IN	SRV	0 0 22379 m2.etcd.local.
 
-_etcd-client._tcp	300	IN	SRV	0 0 32379 m3.etcd.local.
 
-_etcd-server._tcp	300	IN	SRV	0 0 2380 m1.etcd.local.
 
-_etcd-server._tcp	300	IN	SRV	0 0 22380 m2.etcd.local.
 
-_etcd-server._tcp	300	IN	SRV	0 0 32380 m3.etcd.local.
 
+_etcd-client-ssl._tcp	300	IN	SRV	0 0 2379 m1.etcd.local.
 
+_etcd-client-ssl._tcp	300	IN	SRV	0 0 22379 m2.etcd.local.
 
+_etcd-client-ssl._tcp	300	IN	SRV	0 0 32379 m3.etcd.local.
 
+_etcd-server-ssl._tcp	300	IN	SRV	0 0 2380 m1.etcd.local.
 
+_etcd-server-ssl._tcp	300	IN	SRV	0 0 22380 m2.etcd.local.
 
+_etcd-server-ssl._tcp	300	IN	SRV	0 0 32380 m3.etcd.local.

+ 3 - 0
e2e/docker-dns-srv/run.sh
View File 

@@ -9,5 +9,8 @@ goreman -f /Procfile start &
 
 sleep 7s
 
 sleep 7s
 
 
 
 ETCDCTL_API=3 ./etcdctl \
 
 ETCDCTL_API=3 ./etcdctl \
 
+  --cacert=/certs/ca.crt \
 
+  --cert=/certs/server-wildcard.crt \
 
+  --key=/certs//server-wildcard.key.insecure \
 
   --discovery-srv etcd.local \
 
   --discovery-srv etcd.local \
 
   put foo bar
 
   put foo bar