Skip to content

Commit 0c6077f

Browse files
enggnrenggnr
committed
Support TLS
1 parent fa3b21e commit 0c6077f

File tree

11 files changed

+141
-0
lines changed

11 files changed

+141
-0
lines changed

home/.chezmoiscripts/universal/run_onchange_before_11-join-etcd-cluster.tmpl

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,13 +11,21 @@
1111
# This is the only input needed to be able to add the host as a member of the cluster. The format of this field
1212
# is available in the [inputs file](https://github.com/megabyte-labs/install.doctor/blob/master/home/.chezmoi.yaml.tmpl).
1313
#
14+
# Certificates should be stored in `home/.chezmoitemplates/files/etcd` folder. These files are to be encrypted following
15+
# our Secrets documentation.
16+
#
1417
# ## Configuration Variables
1518
#
1619
# The following chart details the input variable(s) that are used to join the host to `etcd` cluster:
1720
#
1821
# | Variable | Description |
1922
# |------------------------------|------------------------------------------------------------|
2023
# | `etcd.initial_cluster_urls` | Appropriately formatted initial cluster configuration |
24+
#
25+
# ## Links
26+
#
27+
# * [Default Endlessh configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/endlessh/config.tmpl)
28+
# * [Secrets / Environment variables documentation](https://install.doctor/docs/customization/secrets)
2129

2230
{{ includeTemplate "universal/profile-before" }}
2331
{{ includeTemplate "universal/logg-before" }}
@@ -31,6 +39,14 @@ if command -v etcd > /dev/null; then
3139
--advertise-client-urls http://$(hostname -i):2379 --listen-client-urls http://$(hostname -i):2379 \
3240
--initial-cluster "{{ .etcd.initial_cluster_urls }}" \
3341
--initial-cluster-state existing
42+
--client-cert-auth \
43+
--trusted-ca-file "${XDG_DATA_HOME:-$HOME/.local/share}/etcd/ca-etcd-chain-cert.pem" \
44+
--cert-file "${XDG_DATA_HOME:-$HOME/.local/share}/etcd/server-cert.pem" \
45+
--key-file "${XDG_DATA_HOME:-$HOME/.local/share}/etcd/server-key.pem" \
46+
--peer-client-cert-auth \
47+
--peer-trusted-ca-file "${XDG_DATA_HOME:-$HOME/.local/share}/etcd/ca-etcd-chain-cert.pem" \
48+
--peer-cert-file "${XDG_DATA_HOME:-$HOME/.local/share}/etcd/peer-cert.pem" \
49+
--peer-key-file "${XDG_DATA_HOME:-$HOME/.local/share}/etcd/peer-key.pem"
3450
{{ end }}
3551
else
3652
logg info 'etcd is not installed or it is not available in the PATH'

home/.chezmoitemplates/files/etcd/ca-etcd-chain-cert

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN AGE ENCRYPTED FILE-----
2+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSW5pM0hBakJvZnMrSlpx
3+
QXNoY1JpTWpwN3crVWhLc2JPbWhYNG8wZ1NZCm9vcW1JTzBwN0JQQUprMFNnS3Y3
4+
eUlOUjdHNk5EMi94cGVJREVsaDlhdFEKLS0tIGVld1lHZGNZcUlHRGFMeUJCbngz
5+
Y3dRNWpyc0ZITWd6OE5QWFRKN0YwRjQKHgIeYMwyX/OW+7GXycR6ZqVgz/Ydft5Y
6+
nigtcc6uMvP/qt49g6HH3KRcBtS9YELA5PggkV2+6aeTL/w1yamTvZxABLaA3LYV
7+
e/OB4gjseGy9tH9rJqGK/MVg4sV5ylknZ8Wl8x5NIaBNsIRn0DI4k9wONCnrsSJH
8+
ADmqcr2VxyGtxnpPn6kwR0DZNlVNDQtfQKzVP/gFtVTL73P6x7LMoKB1bkw+/got
9+
3JyZnPcDPej34sQSsC8NmeZHh1RPhCSAWgf2kpgr9enxspTuCXdtQjQKwkGeW5Te
10+
7NG+5/XH9SE5GDdLhe+xvJKEjhMAHkD8zByoEBfmtWPfgW39F2pwFqQg7nINdIWo
11+
zcUMXEVzyAgD68aue5iDyOV2SbcPbitA83TsLCQb26FS7ATl3G5B8LAVZ2fs/oPX
12+
z5jYbyJ66dnY9Aq8DjceiMJx1wt2jDPsDfh+BcNSeJH42OMxlUTgVcjJ3JA48syc
13+
GPCl+u7tCDDkM0X7Ydhyv71CADAmdnMK0idE/Wc689sHsiuqJ4qLWOkzWftCZw6G
14+
G+B1DJ7ls47n4xo0qOJif00/K4XAqOsabw335wwvpWr6JHCcwkfdD51SGX1p19l0
15+
oskw5TjSGLnZ2FUb/UjTDBJZrpMgo8lNnWB4RLjprmVqYJDoWXwFPBSozpCWPsp4
16+
45L00xSw2C5as2ntX9gxMU/4z0dmsOO4Y5isI9Y1WCVCeXJD3hA7hDkWcUZsxare
17+
ejDy4q/gSUcTLne3ITcx9u9bjwHFxNQienRowRH6WE+DD/9Xp/aqQN7E5avDiiMd
18+
GF+0/hVZwpsSp209miEWOJLiXTQ7a3QnP60gyd6lDGT4n1GUtKwDns6+1bddNmun
19+
K1MfpFNpK6WwBR0VSmPEnfUc6cT94yuwHapdPm8/xNV1FAdvvdjwLNNq/OAH5cXP
20+
DTRKVPZpRN7cf+apMUu2rhbAzn6hsky1EGTwvPndW2QOHIghbc57TW+p3GO83/+Q
21+
11J+Zrb+FNTm3nJXak6CB5eytB54zNr6GVEsOYNBfbNjZQwE21kH
22+
-----END AGE ENCRYPTED FILE-----

home/.chezmoitemplates/files/etcd/peer-cert

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN AGE ENCRYPTED FILE-----
2+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSW5pM0hBakJvZnMrSlpx
3+
QXNoY1JpTWpwN3crVWhLc2JPbWhYNG8wZ1NZCm9vcW1JTzBwN0JQQUprMFNnS3Y3
4+
eUlOUjdHNk5EMi94cGVJREVsaDlhdFEKLS0tIGVld1lHZGNZcUlHRGFMeUJCbngz
5+
Y3dRNWpyc0ZITWd6OE5QWFRKN0YwRjQKHgIeYMwyX/OW+7GXycR6ZqVgz/Ydft5Y
6+
nigtcc6uMvP/qt49g6HH3KRcBtS9YELA5PggkV2+6aeTL/w1yamTvZxABLaA3LYV
7+
e/OB4gjseGy9tH9rJqGK/MVg4sV5ylknZ8Wl8x5NIaBNsIRn0DI4k9wONCnrsSJH
8+
ADmqcr2VxyGtxnpPn6kwR0DZNlVNDQtfQKzVP/gFtVTL73P6x7LMoKB1bkw+/got
9+
3JyZnPcDPej34sQSsC8NmeZHh1RPhCSAWgf2kpgr9enxspTuCXdtQjQKwkGeW5Te
10+
7NG+5/XH9SE5GDdLhe+xvJKEjhMAHkD8zByoEBfmtWPfgW39F2pwFqQg7nINdIWo
11+
zcUMXEVzyAgD68aue5iDyOV2SbcPbitA83TsLCQb26FS7ATl3G5B8LAVZ2fs/oPX
12+
z5jYbyJ66dnY9Aq8DjceiMJx1wt2jDPsDfh+BcNSeJH42OMxlUTgVcjJ3JA48syc
13+
GPCl+u7tCDDkM0X7Ydhyv71CADAmdnMK0idE/Wc689sHsiuqJ4qLWOkzWftCZw6G
14+
G+B1DJ7ls47n4xo0qOJif00/K4XAqOsabw335wwvpWr6JHCcwkfdD51SGX1p19l0
15+
oskw5TjSGLnZ2FUb/UjTDBJZrpMgo8lNnWB4RLjprmVqYJDoWXwFPBSozpCWPsp4
16+
45L00xSw2C5as2ntX9gxMU/4z0dmsOO4Y5isI9Y1WCVCeXJD3hA7hDkWcUZsxare
17+
ejDy4q/gSUcTLne3ITcx9u9bjwHFxNQienRowRH6WE+DD/9Xp/aqQN7E5avDiiMd
18+
GF+0/hVZwpsSp209miEWOJLiXTQ7a3QnP60gyd6lDGT4n1GUtKwDns6+1bddNmun
19+
K1MfpFNpK6WwBR0VSmPEnfUc6cT94yuwHapdPm8/xNV1FAdvvdjwLNNq/OAH5cXP
20+
DTRKVPZpRN7cf+apMUu2rhbAzn6hsky1EGTwvPndW2QOHIghbc57TW+p3GO83/+Q
21+
11J+Zrb+FNTm3nJXak6CB5eytB54zNr6GVEsOYNBfbNjZQwE21kH
22+
-----END AGE ENCRYPTED FILE-----

home/.chezmoitemplates/files/etcd/peer-key

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN AGE ENCRYPTED FILE-----
2+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSW5pM0hBakJvZnMrSlpx
3+
QXNoY1JpTWpwN3crVWhLc2JPbWhYNG8wZ1NZCm9vcW1JTzBwN0JQQUprMFNnS3Y3
4+
eUlOUjdHNk5EMi94cGVJREVsaDlhdFEKLS0tIGVld1lHZGNZcUlHRGFMeUJCbngz
5+
Y3dRNWpyc0ZITWd6OE5QWFRKN0YwRjQKHgIeYMwyX/OW+7GXycR6ZqVgz/Ydft5Y
6+
nigtcc6uMvP/qt49g6HH3KRcBtS9YELA5PggkV2+6aeTL/w1yamTvZxABLaA3LYV
7+
e/OB4gjseGy9tH9rJqGK/MVg4sV5ylknZ8Wl8x5NIaBNsIRn0DI4k9wONCnrsSJH
8+
ADmqcr2VxyGtxnpPn6kwR0DZNlVNDQtfQKzVP/gFtVTL73P6x7LMoKB1bkw+/got
9+
3JyZnPcDPej34sQSsC8NmeZHh1RPhCSAWgf2kpgr9enxspTuCXdtQjQKwkGeW5Te
10+
7NG+5/XH9SE5GDdLhe+xvJKEjhMAHkD8zByoEBfmtWPfgW39F2pwFqQg7nINdIWo
11+
zcUMXEVzyAgD68aue5iDyOV2SbcPbitA83TsLCQb26FS7ATl3G5B8LAVZ2fs/oPX
12+
z5jYbyJ66dnY9Aq8DjceiMJx1wt2jDPsDfh+BcNSeJH42OMxlUTgVcjJ3JA48syc
13+
GPCl+u7tCDDkM0X7Ydhyv71CADAmdnMK0idE/Wc689sHsiuqJ4qLWOkzWftCZw6G
14+
G+B1DJ7ls47n4xo0qOJif00/K4XAqOsabw335wwvpWr6JHCcwkfdD51SGX1p19l0
15+
oskw5TjSGLnZ2FUb/UjTDBJZrpMgo8lNnWB4RLjprmVqYJDoWXwFPBSozpCWPsp4
16+
45L00xSw2C5as2ntX9gxMU/4z0dmsOO4Y5isI9Y1WCVCeXJD3hA7hDkWcUZsxare
17+
ejDy4q/gSUcTLne3ITcx9u9bjwHFxNQienRowRH6WE+DD/9Xp/aqQN7E5avDiiMd
18+
GF+0/hVZwpsSp209miEWOJLiXTQ7a3QnP60gyd6lDGT4n1GUtKwDns6+1bddNmun
19+
K1MfpFNpK6WwBR0VSmPEnfUc6cT94yuwHapdPm8/xNV1FAdvvdjwLNNq/OAH5cXP
20+
DTRKVPZpRN7cf+apMUu2rhbAzn6hsky1EGTwvPndW2QOHIghbc57TW+p3GO83/+Q
21+
11J+Zrb+FNTm3nJXak6CB5eytB54zNr6GVEsOYNBfbNjZQwE21kH
22+
-----END AGE ENCRYPTED FILE-----

home/.chezmoitemplates/files/etcd/server-cert

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN AGE ENCRYPTED FILE-----
2+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSW5pM0hBakJvZnMrSlpx
3+
QXNoY1JpTWpwN3crVWhLc2JPbWhYNG8wZ1NZCm9vcW1JTzBwN0JQQUprMFNnS3Y3
4+
eUlOUjdHNk5EMi94cGVJREVsaDlhdFEKLS0tIGVld1lHZGNZcUlHRGFMeUJCbngz
5+
Y3dRNWpyc0ZITWd6OE5QWFRKN0YwRjQKHgIeYMwyX/OW+7GXycR6ZqVgz/Ydft5Y
6+
nigtcc6uMvP/qt49g6HH3KRcBtS9YELA5PggkV2+6aeTL/w1yamTvZxABLaA3LYV
7+
e/OB4gjseGy9tH9rJqGK/MVg4sV5ylknZ8Wl8x5NIaBNsIRn0DI4k9wONCnrsSJH
8+
ADmqcr2VxyGtxnpPn6kwR0DZNlVNDQtfQKzVP/gFtVTL73P6x7LMoKB1bkw+/got
9+
3JyZnPcDPej34sQSsC8NmeZHh1RPhCSAWgf2kpgr9enxspTuCXdtQjQKwkGeW5Te
10+
7NG+5/XH9SE5GDdLhe+xvJKEjhMAHkD8zByoEBfmtWPfgW39F2pwFqQg7nINdIWo
11+
zcUMXEVzyAgD68aue5iDyOV2SbcPbitA83TsLCQb26FS7ATl3G5B8LAVZ2fs/oPX
12+
z5jYbyJ66dnY9Aq8DjceiMJx1wt2jDPsDfh+BcNSeJH42OMxlUTgVcjJ3JA48syc
13+
GPCl+u7tCDDkM0X7Ydhyv71CADAmdnMK0idE/Wc689sHsiuqJ4qLWOkzWftCZw6G
14+
G+B1DJ7ls47n4xo0qOJif00/K4XAqOsabw335wwvpWr6JHCcwkfdD51SGX1p19l0
15+
oskw5TjSGLnZ2FUb/UjTDBJZrpMgo8lNnWB4RLjprmVqYJDoWXwFPBSozpCWPsp4
16+
45L00xSw2C5as2ntX9gxMU/4z0dmsOO4Y5isI9Y1WCVCeXJD3hA7hDkWcUZsxare
17+
ejDy4q/gSUcTLne3ITcx9u9bjwHFxNQienRowRH6WE+DD/9Xp/aqQN7E5avDiiMd
18+
GF+0/hVZwpsSp209miEWOJLiXTQ7a3QnP60gyd6lDGT4n1GUtKwDns6+1bddNmun
19+
K1MfpFNpK6WwBR0VSmPEnfUc6cT94yuwHapdPm8/xNV1FAdvvdjwLNNq/OAH5cXP
20+
DTRKVPZpRN7cf+apMUu2rhbAzn6hsky1EGTwvPndW2QOHIghbc57TW+p3GO83/+Q
21+
11J+Zrb+FNTm3nJXak6CB5eytB54zNr6GVEsOYNBfbNjZQwE21kH
22+
-----END AGE ENCRYPTED FILE-----

home/.chezmoitemplates/files/etcd/server-key

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
-----BEGIN AGE ENCRYPTED FILE-----
2+
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSW5pM0hBakJvZnMrSlpx
3+
QXNoY1JpTWpwN3crVWhLc2JPbWhYNG8wZ1NZCm9vcW1JTzBwN0JQQUprMFNnS3Y3
4+
eUlOUjdHNk5EMi94cGVJREVsaDlhdFEKLS0tIGVld1lHZGNZcUlHRGFMeUJCbngz
5+
Y3dRNWpyc0ZITWd6OE5QWFRKN0YwRjQKHgIeYMwyX/OW+7GXycR6ZqVgz/Ydft5Y
6+
nigtcc6uMvP/qt49g6HH3KRcBtS9YELA5PggkV2+6aeTL/w1yamTvZxABLaA3LYV
7+
e/OB4gjseGy9tH9rJqGK/MVg4sV5ylknZ8Wl8x5NIaBNsIRn0DI4k9wONCnrsSJH
8+
ADmqcr2VxyGtxnpPn6kwR0DZNlVNDQtfQKzVP/gFtVTL73P6x7LMoKB1bkw+/got
9+
3JyZnPcDPej34sQSsC8NmeZHh1RPhCSAWgf2kpgr9enxspTuCXdtQjQKwkGeW5Te
10+
7NG+5/XH9SE5GDdLhe+xvJKEjhMAHkD8zByoEBfmtWPfgW39F2pwFqQg7nINdIWo
11+
zcUMXEVzyAgD68aue5iDyOV2SbcPbitA83TsLCQb26FS7ATl3G5B8LAVZ2fs/oPX
12+
z5jYbyJ66dnY9Aq8DjceiMJx1wt2jDPsDfh+BcNSeJH42OMxlUTgVcjJ3JA48syc
13+
GPCl+u7tCDDkM0X7Ydhyv71CADAmdnMK0idE/Wc689sHsiuqJ4qLWOkzWftCZw6G
14+
G+B1DJ7ls47n4xo0qOJif00/K4XAqOsabw335wwvpWr6JHCcwkfdD51SGX1p19l0
15+
oskw5TjSGLnZ2FUb/UjTDBJZrpMgo8lNnWB4RLjprmVqYJDoWXwFPBSozpCWPsp4
16+
45L00xSw2C5as2ntX9gxMU/4z0dmsOO4Y5isI9Y1WCVCeXJD3hA7hDkWcUZsxare
17+
ejDy4q/gSUcTLne3ITcx9u9bjwHFxNQienRowRH6WE+DD/9Xp/aqQN7E5avDiiMd
18+
GF+0/hVZwpsSp209miEWOJLiXTQ7a3QnP60gyd6lDGT4n1GUtKwDns6+1bddNmun
19+
K1MfpFNpK6WwBR0VSmPEnfUc6cT94yuwHapdPm8/xNV1FAdvvdjwLNNq/OAH5cXP
20+
DTRKVPZpRN7cf+apMUu2rhbAzn6hsky1EGTwvPndW2QOHIghbc57TW+p3GO83/+Q
21+
11J+Zrb+FNTm3nJXak6CB5eytB54zNr6GVEsOYNBfbNjZQwE21kH
22+
-----END AGE ENCRYPTED FILE-----

home/dot_local/share/etcd/ca-etcd-chain-cert.pem.tmpl

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "files" "etcd" "ca-etcd-chain-cert")) -}}
2+
{{ includeTemplate "files/etcd/ca-etcd-chain-cert" | decrypt -}}
3+
{{ end -}}

home/dot_local/share/etcd/peer-cert.pem.tmpl

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "files" "etcd" "peer-cert")) -}}
2+
{{ includeTemplate "files/etcd/peer-cert" | decrypt -}}
3+
{{ end -}}

home/dot_local/share/etcd/peer-key.pem.tmpl

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "files" "etcd" "peer-key")) -}}
2+
{{ includeTemplate "files/etcd/peer-key" | decrypt -}}
3+
{{ end -}}

home/dot_local/share/etcd/server-cert.pem.tmpl

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
{{- if and (stat (joinPath .host.home ".config" "age" "chezmoi.txt")) (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "files" "etcd" "server-cert")) -}}
2+
{{ includeTemplate "files/etcd/server-cert" | decrypt -}}
3+
{{ end -}}

0 commit comments

Comments
 (0)