1
我有一個單一的etcd服務器在Docker容器中運行,實現了一個大小爲1的etcd集羣。它通過發現服務初始化。一切都很好,當我使用不安全的連接。但是,當我切換到TLS安全通信時,here etcdctl無法正常工作。但是,cli curl命令正常工作。etcdctl與TLS失敗,捲曲成功
下面是使用TLS和自簽名證書通過etcdctl從容器訪問etcd的示例。使用OpenSSL的客戶端,我可以驗證我的TLS通訊科...
# openssl s_client -connect 172.17.42.1:2379 -cert /etc/ssl/infra/cert.pem -key /etc/ssl/infra/key.pem -CAfile /etc/ssl/infra/ca.pem -tls1
CONNECTED(00000003)
depth=1 C = GB, O = acme.net, OU = Some Services, L = London, ST = England, CN = Ecme CA
verify return:1
depth=0 O = autogenerated, OU = etcd cluster, L = the internet, CN = etcd
verify return:1
---
Certificate chain
0 s:/O=autogenerated/OU=etcd cluster/L=the internet/CN=etcd
i:/C=GB/O=acme.net/OU=Some Services/L=London/ST=England/CN=Acme CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDlzCCAoGgAwIBAgIIYf3y1uiPRu8wCwYJKoZIhvcNAQELMH0xCzAJBgNVBAYT
AkdCMRUwEwYDVQQKEwxVbmJsb2Nrci5uZXQxHjAcBgNVBAsTFUdlbyBMb2NhdGlv
....
而是試圖用etcdctl做一個成員列表
[email protected]:/# etcdctl --debug -C https://172.17.42.1:2379 --ca-file /etc/ssl/infra/ca.pem --cert-file /etc/ssl/infra/cert.pem --key-file /etc/ssl/infra/key.pem member list
start to sync cluster using endpoints(https://172.17.42.1:2379)
cURL Command: curl -X GET https://172.17.42.1:2379/v2/members
got endpoints(https://1.2.3.4:2379) after sync
Cluster-Endpoints: https://1.2.3.4:2379
cURL Command: curl -X GET https://1.2.3.4:2379/v2/members
client: etcd cluster is unavailable or misconfigured
這樣的東西是borked(雖然它似乎已經談過ETCD集羣,發現成員(只有一個),我希望
簡單curl命令作品
[email protected]:/# curl --cacert /etc/ssl/infra/ca.pem --cert /etc/ssl/infra/cert.pem --key /etc/ssl/infra/key.pem -X GET https://172.17.42.1:2379/v2/members
{"members":[{"id":"2b3b4588bc2bae1e","name":"default","peerURLs":["http://1.2.3.4:2380"],"clientURLs":["https://1.2.3.4:2379"]}]}
我不知道下一步該做什麼。 etcd和etcdctl都是v 2.0.9