Security fixes for etcd (#1778)

* Security fixes for etcd * Use certs when querying etcd
2026-02-28 09:39:12 +03:00 · 2017-10-12 13:32:54 +01:00
parent ee83e874a8
commit 4209f1cbfd
4 changed files with 17 additions and 3 deletions
--- a/roles/etcd/templates/etcd.env.j2
+++ b/roles/etcd/templates/etcd.env.j2
@@ -1,4 +1,5 @@
 ETCD_DATA_DIR={{ etcd_data_dir }}
+ETCD_WAL_DIR={{ etcd_data_dir }}/member/wal
 ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
 ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
 ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
@@ -22,3 +23,5 @@ ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
 ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
 ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
 ETCD_PEER_CLIENT_CERT_AUTH=true
+ETCD_CLIENT_CERT_AUTH=true
+