summaryrefslogtreecommitdiff
path: root/global
diff options
context:
space:
mode:
authorLeif Johansson <leifj@sunet.se>2015-04-14 13:18:39 +0200
committerLeif Johansson <leifj@sunet.se>2015-04-14 13:18:39 +0200
commit60b460b309d92c854e681a8178e04476866de330 (patch)
tree3a1320dbce10be995ca480e5d81f0e2f76fbfa26 /global
parent16aa4925923841cecc37d7efa14e63d421569ce9 (diff)
infra ca & etc tls config
Diffstat (limited to 'global')
-rw-r--r--global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp3
-rw-r--r--global/overlay/etc/ssl/certs/infra.crt34
2 files changed, 36 insertions, 1 deletions
diff --git a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
index 3d17691..3509114 100644
--- a/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
+++ b/global/overlay/etc/puppet/modules/sunet/manifests/etcd_node.pp
@@ -7,7 +7,8 @@ define sunet::etcd_node(
sunet::docker_run { "etcd_${name}":
image => 'quay.io/coreos/etcd',
imagetag => $etcd_version,
- command => "-initial-advertise-peer-urls http://${::ipaddress_eth1}:2380 -listen-peer-urls http://${::ipaddress_eth1}:2380 -discovery ${disco_url} -name ${::hostname} -data-dir /data/${name}/${::hostname}",
+ volumes => ["/data/${name}/${::hostname}:/var/lib/etcd","/etc/ssl:/etc/ssl"]
+ command => "--initial-advertise-peer-urls http://0.0.0.0:2380 --listen-peer-urls http://0.0.0.0:2380 --discovery ${disco_url} --name ${::hostname} --data-dir /var/lib/etcd --key-file /etc/ssl/private/${::fqdn}_infra.key --peer-key-file /etc/ssl/private/${::fqdn}_infra.key --ca-file /etc/ssl/certs/infra.crt --peer-ca-file /etc/ssl/certs/infra.crt --cert-file /etc/ssl/certs/${::fqdn}_infra.crt --peer-cert-file /etc/ssl/certs/${::fqdn}_infra.crt",
ports => ["${::ipaddress_eth1}:2380:2380"]
}
}
diff --git a/global/overlay/etc/ssl/certs/infra.crt b/global/overlay/etc/ssl/certs/infra.crt
new file mode 100644
index 0000000..a34ba57
--- /dev/null
+++ b/global/overlay/etc/ssl/certs/infra.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF8zCCA9ugAwIBAgIBADANBgkqhkiG9w0BAQsFADA/MSAwHgYDVQQDExdTVU5F
+VCBJbmZyYXN0cnVjdHVyZSBDQTEOMAwGA1UEChMFU1VORVQxCzAJBgNVBAYTAlNF
+MB4XDTE1MDMyNDIyMDA0M1oXDTI1MDMyMTIyMDA0M1owPzEgMB4GA1UEAxMXU1VO
+RVQgSW5mcmFzdHJ1Y3R1cmUgQ0ExDjAMBgNVBAoTBVNVTkVUMQswCQYDVQQGEwJT
+RTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANX8E3tAkO2lm7aU18ND
+hJtMARHObom9b+SpwrfgEI6dsnIqsrjzrZ1X+bv3AhlmWMS7aPr0BuvtsKxwcRaD
+TRdfM7ik7L40vXAkBwVWvXJvjdF5d+AZI750S5G1jSh/v8Nz+zHsai1mtdnx7FT6
+Pg1BJbwf0IyIHZClcnO/OmwElNnGVB5uNp3e/67KCqI4IhjAt+4G30mRfIpZ1KoU
+vexZsz++cZErCXEe0eWnhlnCjfobMKmEHhvX6RzvTbB80AL/tfrqnOEwD6y7iUOp
+N9FSTiHvHxRiD80WglLrh2qHzSn3it91RA1OvfY0HoIgdz1F/l07Nlm8a6WrrbRZ
+Pg+HzlZ31iy0/sqduj2fPrDuDDQn87Bu3ohsZPg1t700ZW+YMUWtmh9PHK04a2fI
+f9ET7llJPYzyOQ1apoiAgPRf4pnxOSOgjUhVDBY20ppTKxFJ7WY9JSKRPj92A6Ht
+2/uAfUapKPOPSaASIruVz7sZ7DqiWvq67uvRtwr5yytRoZ82HG1Z36DxSNUcJ2X8
+MmELT/ONQHolu8hiZCLDCienYWZUPBnaI9jblCqvmBrdlJzKdrWzb1zKEQNsducs
+Klwgh5hZ6tJLca3v/sDx7odUK4MF+vuhEyRZyXUQBZ3+m7iII+2mHLyZ2EUpfBjZ
+hlOERIttFErkPP5CsPkf8uvDAgMBAAGjgfkwgfYwHQYDVR0OBBYEFOcsnlEasB0B
+HeZCtCcaNZNwwG3XMB8GA1UdIwQYMBaAFOcsnlEasB0BHeZCtCcaNZNwwG3XMDsG
+CCsGAQUFBwEBBC8wLTArBggrBgEFBQcwAoYfaHR0cDovL2NhLnN1bmV0LnNlL2lu
+ZnJhL2NhLmNydDAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY2Euc3VuZXQuc2Uv
+aW5mcmEvY3JsLnBlbTAjBgNVHRIEHDAahhhodHRwOi8vY2Euc3VuZXQuc2UvaW5m
+cmEwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEL
+BQADggIBAHUlygRL3d5DEBKWVvsuWhWNq5O7QHqWYyRSEMbncHSsZJhryJvmI/4Z
+KI0UpBC6KBJDRGnKWnTfNUsNa6ZC/hPb+9RTdVV7ODq5T1xCp9bueVmf2x/CQEIK
+Rexwlv6+nMdUmFioxtTdKOCSkXu4L+dmIpzsbkUrl0wNSIeTga0StGyJZcbFq/cp
+qur89YaiDSZ490C7UrQSaMRmBYTqmISmtlLzpGEPR3e6xoJbxws3zKeUYfF4Fzzi
+t424jpgd+FHh7eEyNNqNqKP+kr/G4/BnJBzyr1uP+1/LSzJRHj/hNJV7R/8zr9KY
+hZxjP7YKLmRxfEaRIFcjDJOKEYzpN3MNWOWVKMduUEbk65sbTFIlY1wCDzV9rHeY
+81G82FQVmOMYc5RQI5ZcEqEUhOTv85bMF3rVpGR+tA8gfQWs0w8sa9wcEo/HfjXa
+wgu67cJe2grg9iaoh40cOUIbVFaHbkvOG3ZMJPOkye+nBuOJncWhpuxGRxgEvW/O
+gj5WnDwZ4J8hfGchaBSi5ZVEvUWpmx+NPzIp5YhHBRA5zadmd2fGIui/22fmJuDq
+syNaWN5Ncka6Ud5NSnuYJDZauC/3ftdwe5awkuQFon3qg0fiVprM+DOUNgakVGyF
+5G6c17lavZgC3xqdXYbnNkBTeaTgYYUdOxcT7WXARVw9ak5OhSw0
+-----END CERTIFICATE-----