*: move "scripts/docker-*" to "tests"

Signed-off-by: Gyuho Lee <gyuhox@gmail.com>

scripts/docker-dns-srv/Dockerfile

@@ -1,44 +0,0 @@
-FROM ubuntu:17.10
-
-RUN rm /bin/sh && ln -s /bin/bash /bin/sh
-RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
-
-RUN apt-get -y update \
-  && apt-get -y install \
-  build-essential \
-  gcc \
-  apt-utils \
-  pkg-config \
-  software-properties-common \
-  apt-transport-https \
-  libssl-dev \
-  sudo \
-  bash \
-  curl \
-  tar \
-  git \
-  netcat \
-  bind9 \
-  dnsutils \
-  && apt-get -y update \
-  && apt-get -y upgrade \
-  && apt-get -y autoremove \
-  && apt-get -y autoclean
-
-ENV GOROOT /usr/local/go
-ENV GOPATH /go
-ENV PATH ${GOPATH}/bin:${GOROOT}/bin:${PATH}
-ENV GO_VERSION REPLACE_ME_GO_VERSION
-ENV GO_DOWNLOAD_URL https://storage.googleapis.com/golang
-RUN rm -rf ${GOROOT} \
-  && curl -s ${GO_DOWNLOAD_URL}/go${GO_VERSION}.linux-amd64.tar.gz | tar -v -C /usr/local/ -xz \
-  && mkdir -p ${GOPATH}/src ${GOPATH}/bin \
-  && go version \
-  && go get -v -u github.com/mattn/goreman
-
-RUN mkdir -p /var/bind /etc/bind
-RUN chown root:bind /var/bind /etc/bind
-
-ADD named.conf etcd.zone rdns.zone /etc/bind/
-RUN chown root:bind /etc/bind/named.conf /etc/bind/etcd.zone /etc/bind/rdns.zone
-ADD resolv.conf /etc/resolv.conf

scripts/docker-dns-srv/certs-gateway/Procfile

@@ -1,7 +0,0 @@
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs-gateway/server.crt --peer-key-file=/certs-gateway/server.key.insecure --peer-trusted-ca-file=/certs-gateway/ca.crt --peer-client-cert-auth --cert-file=/certs-gateway/server.crt --key-file=/certs-gateway/server.key.insecure --trusted-ca-file=/certs-gateway/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs-gateway/server.crt --peer-key-file=/certs-gateway/server.key.insecure --peer-trusted-ca-file=/certs-gateway/ca.crt --peer-client-cert-auth --cert-file=/certs-gateway/server.crt --key-file=/certs-gateway/server.key.insecure --trusted-ca-file=/certs-gateway/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs-gateway/server.crt --peer-key-file=/certs-gateway/server.key.insecure --peer-trusted-ca-file=/certs-gateway/ca.crt --peer-client-cert-auth --cert-file=/certs-gateway/server.crt --key-file=/certs-gateway/server.key.insecure --trusted-ca-file=/certs-gateway/ca.crt --client-cert-auth
-
-gateway: ./etcd gateway start --discovery-srv etcd.local --trusted-ca-file /certs-gateway/ca.crt --listen-addr 127.0.0.1:23790

scripts/docker-dns-srv/certs-gateway/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns-srv/certs-gateway/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUbQA3lX1hcR1W8D5wmmAwaLp4AWQwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDExOTI5MDBaFw0yNzExMjkxOTI5
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDdZjG+dJixdUuZLIlPVE/qvqNqbgIQy3Hrgq9OlPevLu3FAKIgTHoSKugq
-jOuBjzAtmbGTky3PPmkjWrOUWKEUYMuJJzXA1fO2NALXle47NVyVVfuwCmDnaAAL
-Sw4QTZKREoe3EwswbeYguQinCqazRwbXMzzfypIfaHAyGrqFCq12IvarrjfDcamm
-egtPkxNNdj1QHbkeYXcp76LOSBRjD2B3bzZvyVv/wPORaGTFXQ0feGz/93/Y/E0z
-BL5TdZ84qmgKxW04hxkhhuuxsL5zDNpbXcGm//Zw9qzO/AvtEux6ag9t0JziiEtj
-zLz5M7yXivfG4oxEeLKTieS/1ZkbAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBR7XtZP3fc6ElgHl6hdSHLmrFWj
-MzANBgkqhkiG9w0BAQsFAAOCAQEAPy3ol3CPyFxuWD0IGKde26p1mT8cdoaeRbOa
-2Z3GMuRrY2ojaKMfXuroOi+5ZbR9RSvVXhVX5tEMOSy81tb5OGPZP24Eroh4CUfK
-bw7dOeBNCm9tcmHkV+5frJwOgjN2ja8W8jBlV1flLx+Jpyk2PSGun5tQPsDlqzor
-E8QQ2FzCzxoGiEpB53t5gKeX+mH6gS1c5igJ5WfsEGXBC4xJm/u8/sg30uCGP6kT
-tCoQ8gnvGen2OqYJEfCIEk28/AZJvJ90TJFS3ExXJpyfImK9j5VcTohW+KvcX5xF
-W7M6KCGVBQtophobt3v/Zs4f11lWck9xVFCPGn9+LI1dbJUIIQ==
------END CERTIFICATE-----

scripts/docker-dns-srv/certs-gateway/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns-srv/certs-gateway/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: *.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns-srv/certs-gateway/run.sh

@@ -1,47 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs-gateway/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --discovery-srv etcd.local \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --discovery-srv etcd.local \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --discovery-srv etcd.local \
-  get abc
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --endpoints=127.0.0.1:23790 \
-  put ghi jkl
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --endpoints=127.0.0.1:23790 \
-  get ghi

scripts/docker-dns-srv/certs-gateway/server-ca-csr.json

@@ -1,23 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "hosts": [
-    "m1.etcd.local",
-    "m2.etcd.local",
-    "m3.etcd.local",
-    "etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns-srv/certs-gateway/server.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIENTCCAx2gAwIBAgIUcviGEkA57QgUUFUIuB23kO/jHWIwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDExOTI5MDBaFw0yNzExMjkxOTI5
-MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL6rB1Kh08Fo
-FieWqzB4WvKxSFjLWlNfAXbSC1IEPEc/2JOSTF/VfsEX7Xf4eDlTUIZ/TpMS4nUE
-Jn0rOIxDJWieQgF99a88CKCwVeqyiQ1iGlI/Ls78P7712QJ1QvcYPBRCvAFo2VLg
-TSNhq4taRtAnP690TJVKMSxHg7qtMIpiBLc8ryNbtNUkQHl7/puiBZVVFwHQZm6d
-ZRkfMqXWs4+VKLTx0pqJaM0oWVISQlLWQV83buVsuDVyLAZu2MjRYZwBj9gQwZDO
-15VGvacjMU+l1+nLRuODrpGeGlxwfT57jqipbUtTsoZFsGxPdIWn14M6Pzw/mML4
-guYLKv3UqkkCAwEAAaOB1TCB0jAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFKYKYVPu
-XPnZ2j0NORiNPUJpBnhkMB8GA1UdIwQYMBaAFHte1k/d9zoSWAeXqF1IcuasVaMz
-MFMGA1UdEQRMMEqCDW0xLmV0Y2QubG9jYWyCDW0yLmV0Y2QubG9jYWyCDW0zLmV0
-Y2QubG9jYWyCCmV0Y2QubG9jYWyCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0B
-AQsFAAOCAQEAK40lD6Nx/V6CaShL95fQal7mFp/LXiyrlFTqCqrCruVnntwpukSx
-I864bNMxVSTStEA3NM5V4mGuYjRvdjS65LBhaS1MQDPb4ofPj0vnxDOx6fryRIsB
-wYKDuT4LSQ7pV/hBfL/bPb+itvb24G4/ECbduOprrywxmZskeEm/m0WqUb1A08Hv
-6vDleyt382Wnxahq8txhMU+gNLTGVne60hhfLR+ePK7MJ4oyk3yeUxsmsnBkYaOu
-gYOak5nWzRa09dLq6/vHQLt6n0AB0VurMAjshzO2rsbdOkD233sdkvKiYpayAyEf
-Iu7S5vNjP9jiUgmws6G95wgJOd2xv54D4Q==
------END CERTIFICATE-----

scripts/docker-dns-srv/certs-gateway/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvqsHUqHTwWgWJ5arMHha8rFIWMtaU18BdtILUgQ8Rz/Yk5JM
-X9V+wRftd/h4OVNQhn9OkxLidQQmfSs4jEMlaJ5CAX31rzwIoLBV6rKJDWIaUj8u
-zvw/vvXZAnVC9xg8FEK8AWjZUuBNI2Gri1pG0Cc/r3RMlUoxLEeDuq0wimIEtzyv
-I1u01SRAeXv+m6IFlVUXAdBmbp1lGR8ypdazj5UotPHSmolozShZUhJCUtZBXzdu
-5Wy4NXIsBm7YyNFhnAGP2BDBkM7XlUa9pyMxT6XX6ctG44OukZ4aXHB9PnuOqKlt
-S1OyhkWwbE90hafXgzo/PD+YwviC5gsq/dSqSQIDAQABAoIBAEAOsb0fRUdbMuZG
-BmmYZeXXjdjXKReNea5zzv3VEnNVjeu2YRZpYdZ5tXxy6+FGjm1BZCKhW5e4tz2i
-QbNN88l8MezSZrJi1vs1gwgAx27JoNI1DALaWIhNjIT45HCjobuk2AkZMrpXRVM3
-wyxkPho8tXa6+efGL1MTC7yx5vb2dbhnEsjrPdUO0GLVP56bgrz7vRk+hE772uq2
-QDenZg+PcH+hOhptbY1h9CYotGWYXCpi0+yoHhsh5PTcEpyPmLWSkACsHovm3MIn
-a5oU0uh28nVBfYE0Sk6I9XBERHVO/OrCvz4Y3ZbVyGpCdLcaMB5wI1P4a5ULV52+
-VPrALQkCgYEA+w85KYuL+eUjHeMqa8V8A9xgcl1+dvB8SXgfRRm5QTqxgetzurD9
-G7vgMex42nqgoW1XUx6i9roRk3Qn3D2NKvBJcpMohYcY3HcGkCsBwtNUCyOWKasS
-Oj2q9LzPjVqTFII0zzarQ85XuuZyTRieFAMoYmsS8O/GcapKqYhPIDMCgYEAwmuR
-ctnCNgoEj1NaLBSAcq7njONvYUFvbXO8BCyd1WeLZyz/krgXxuhQh9oXIccWAKX2
-uxIDaoWV8F5c8bNOkeebHzVHfaLpwl4IlLa/i5WTIc+IZmpBR0aiS021k/M3KkDg
-KnQXAer6jEymT3lUL0AqZd+GX6DjFw61zPOFH5MCgYAnCiv6YN/IYTA/woZjMddi
-Bk/dGNrEhgrdpdc++IwNL6JQsJtTaZhCSsnHGZ2FY9I8p/MPUtFGipKXGlXkcpHU
-Hn9dWLLRaLud9MhJfNaORCxqewMrwZVZByPhYMbplS8P3lt16WtiZODRiGo3wN87
-/221OC8+1hpGrJNln3OmbwKBgDV8voEoY4PWcba0qcQix8vFTrK2B3hsNimYg4tq
-cum5GOMDwDQvLWttkmotl9uVF/qJrj19ES+HHN8KNuvP9rexTj3hvI9V+JWepSG0
-vTG7rsTIgbAbX2Yqio/JC0Fu0ihvvLwxP/spGFDs7XxD1uNA9ekc+6znaFJ5m46N
-GHy9AoGBAJmGEv5+rM3cucRyYYhE7vumXeCLXyAxxaf0f7+1mqRVO6uNGNGbNY6U
-Heq6De4yc1VeAXUpkGQi/afPJNMU+fy8paCjFyzID1yLvdtFOG38KDbgMmj4t+cH
-xTp2RT3MkcCWPq2+kXZeQjPdesPkzdB+nA8ckaSursV908n6AHcM
------END RSA PRIVATE KEY-----

scripts/docker-dns-srv/certs-wildcard/Procfile

@@ -1,5 +0,0 @@
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs-wildcard/server.crt --peer-key-file=/certs-wildcard/server.key.insecure --peer-trusted-ca-file=/certs-wildcard/ca.crt --peer-client-cert-auth --cert-file=/certs-wildcard/server.crt --key-file=/certs-wildcard/server.key.insecure --trusted-ca-file=/certs-wildcard/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs-wildcard/server.crt --peer-key-file=/certs-wildcard/server.key.insecure --peer-trusted-ca-file=/certs-wildcard/ca.crt --peer-client-cert-auth --cert-file=/certs-wildcard/server.crt --key-file=/certs-wildcard/server.key.insecure --trusted-ca-file=/certs-wildcard/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs-wildcard/server.crt --peer-key-file=/certs-wildcard/server.key.insecure --peer-trusted-ca-file=/certs-wildcard/ca.crt --peer-client-cert-auth --cert-file=/certs-wildcard/server.crt --key-file=/certs-wildcard/server.key.insecure --trusted-ca-file=/certs-wildcard/ca.crt --client-cert-auth

scripts/docker-dns-srv/certs-wildcard/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns-srv/certs-wildcard/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUWzsBehxAkgLLYBUZEUpSjHkIaMowDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTUxODAyMDBaFw0yNzExMTMxODAy
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCxjHVNtcCSCz1w9AiN7zAql0ZsPN6MNQWJ2j3iPCvmy9oi0wqSfYXTs+xw
-Y4Q+j0dfA54+PcyIOSBQCZBeLLIwCaXN+gLkMxYEWCCVgWYUa6UY+NzPKRCfkbwG
-oE2Ilv3R1FWIpMqDVE2rLmTb3YxSiw460Ruv4l16kodEzfs4BRcqrEiobBwaIMLd
-0rDJju7Q2TcioNji+HFoXV2aLN58LDgKO9AqszXxW88IKwUspfGBcsA4Zti/OHr+
-W+i/VxsxnQSJiAoKYbv9SkS8fUWw2hQ9SBBCKqE3jLzI71HzKgjS5TiQVZJaD6oK
-cw8FjexOELZd4r1+/p+nQdKqwnb5AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRLfPxmhlZix1eTdBMAzMVlAnOV
-gTANBgkqhkiG9w0BAQsFAAOCAQEAeT2NfOt3WsBLUVcnyGMeVRQ0gXazxJXD/Z+3
-2RF3KClqBLuGmPUZVl0FU841J6hLlwNjS33mye7k2OHrjJcouElbV3Olxsgh/EV0
-J7b7Wf4zWYHFNZz/VxwGHunsEZ+SCXUzU8OiMrEcHkOVzhtbC2veVPJzrESqd88z
-m1MseGW636VIcrg4fYRS9EebRPFvlwfymMd+bqLky9KsUbjNupYd/TlhpAudrIzA
-wO9ZUDb/0P44iOo+xURCoodxDTM0vvfZ8eJ6VZ/17HIf/a71kvk1oMqEhf060nmF
-IxnbK6iUqqhV8DLE1869vpFvgbDdOxP7BeabN5FXEnZFDTLDqg==
------END CERTIFICATE-----

scripts/docker-dns-srv/certs-wildcard/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns-srv/certs-wildcard/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: *.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns-srv/certs-wildcard/run.sh

@@ -1,33 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs-wildcard/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-wildcard/ca.crt \
-  --cert=/certs-wildcard/server.crt \
-  --key=/certs-wildcard/server.key.insecure \
-  --discovery-srv etcd.local \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-wildcard/ca.crt \
-  --cert=/certs-wildcard/server.crt \
-  --key=/certs-wildcard/server.key.insecure \
-  --discovery-srv etcd.local \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-wildcard/ca.crt \
-  --cert=/certs-wildcard/server.crt \
-  --key=/certs-wildcard/server.key.insecure \
-  --discovery-srv etcd.local \
-  get abc

scripts/docker-dns-srv/certs-wildcard/server-ca-csr.json

@@ -1,21 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "hosts": [
-    "*.etcd.local",
-    "etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns-srv/certs-wildcard/server.crt

@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEFjCCAv6gAwIBAgIUCIUuNuEPRjp/EeDBNHipRI/qoAcwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTUxODAyMDBaFw0yNzExMTMxODAy
-MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMzoOebyKdXF
-5QiVs0mB3cVqMRgRoRGWt9emIOsYCX89SBaRNOIAByop98Vb1GmUDNDv1qR4Oq+m
-4JlWhgZniABWpekFw8mpN8wMIT86DoNnTe64ouLkDQRZDYOBO9I2+r4EuschRxNs
-+Hh5W9JzX/eOomnOhaZfTp6EaxczRHnVmgkWuFUnacfUf7W2FE/HAYfjYpvXw5/+
-eT9AW+Jg/b9SkyU9XKEpWZT7NMqF9OXDXYdxHtRNTGxasLEqPZnG58mqR2QFU2me
-/motY24faZpHo8i9ASb03Vy6xee2/FlS6cj2POCGQx3oLZsiQdgIOva7JrQtRsCn
-e5P0Wk4qk+cCAwEAAaOBtjCBszAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCI+fP2T
-xgvJG68Xdgamg4lzGRX1MB8GA1UdIwQYMBaAFEt8/GaGVmLHV5N0EwDMxWUCc5WB
-MDQGA1UdEQQtMCuCDCouZXRjZC5sb2NhbIIKZXRjZC5sb2NhbIIJbG9jYWxob3N0
-hwR/AAABMA0GCSqGSIb3DQEBCwUAA4IBAQASub3+YZAXJ8x8b55Hl7FkkIt+rML1
-LdgPHsolNntNXeSqVJ4oi4KvuaM0ueFf/+AlTusTAbXWbi/qiG5Tw24xyzY6NGgV
-/vCs56YqNlFyr3bNp1QJlnV3JQ4d3KqosulJ5jk+InhjAKJKomMH01pYhhStRAKg
-1fNwSyD34oyZpSQL0Z7X7wdaMGdOmzxwE99EG6jmYl/P7MiP6rC0WP1elIF4sCGM
-jY6oewvIMj0zWloBf/NlzrcY7VKpPqvBnV65Tllyo5n4y1sc8y2uzgJO/QnVKqhp
-Sdd/74mU8dSh3ALSOqkbmIBhqig21jP7GBgNCNdmsaR2LvPI97n1PYE7
------END CERTIFICATE-----

scripts/docker-dns-srv/certs-wildcard/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAzOg55vIp1cXlCJWzSYHdxWoxGBGhEZa316Yg6xgJfz1IFpE0
-4gAHKin3xVvUaZQM0O/WpHg6r6bgmVaGBmeIAFal6QXDyak3zAwhPzoOg2dN7rii
-4uQNBFkNg4E70jb6vgS6xyFHE2z4eHlb0nNf946iac6Fpl9OnoRrFzNEedWaCRa4
-VSdpx9R/tbYUT8cBh+Nim9fDn/55P0Bb4mD9v1KTJT1coSlZlPs0yoX05cNdh3Ee
-1E1MbFqwsSo9mcbnyapHZAVTaZ7+ai1jbh9pmkejyL0BJvTdXLrF57b8WVLpyPY8
-4IZDHegtmyJB2Ag69rsmtC1GwKd7k/RaTiqT5wIDAQABAoIBAF0nTfuCKCa5WtA2
-TlWippGzHzKUASef32A4dEqsmNSxpW4tAV+lJ5yxi6S7hKui1Ni/0FLhHbzxHrZX
-MYMD2j5dJfvz1Ph+55DqCstVt3dhpXpbkiGYD5rkaVJZlDqTKBbuy4LvzAI2zhbn
-BSl9rik7PPbhHr1uIq3KAW2Arya7dlpPZiEX04Dg9xqZvxZkxt9IM25E+uzTWKSR
-v5BRmijWiGJ6atujgmP7KcYtgBC5EDR9yZf2uK+hnsKEcH94TUkTnJriTcOCKVbb
-isAuzsxStLpmyibfiLXD55aYjzr7KRVzQpoVXGJ4vJfs7lTxqxXBjUIsBJMPBcck
-ATabIcECgYEA8C8JeKPmcA4KaGFSusF5OsXt4SM9jz5Kr7larA+ozuuR/z0m4pnx
-AdjwQiGlhXaMtyziZ7Uwx+tmfnJDijpE/hUnkcAIKheDLXB/r1VpJdj/mqXtK49Y
-mnOxV66TcWAmXav31TgmLVSj0SYLGEnvV4MPbgJroMg3VO7LnNbNL7cCgYEA2maB
-Edbn4pJqUjVCZG68m0wQHmFZFOaoYZLeR3FgH+PQYIzUj96TP9XFpOwBmYAl2jiM
-kQZ3Q6VQY37rwu0M+2BVFkQFnFbelH5jXbHDLdoeFDGCRnJkH2VG1kE/rPfzVsiz
-NFDJD+17kPw3tTdHwDYGHwxyNuEoBQw3q6hfXVECgYBEUfzttiGMalIHkveHbBVh
-5H9f9ThDkMKJ7b2fB+1KvrOO2QRAnO1zSxQ8m3mL10b7q+bS/TVdCNbkzPftT9nk
-NHxG90rbPkjwGfoYE8GPJITApsYqB+J6PMKLYHtMWr9PEeWzXv9tEZBvo9SwGgfc
-6sjuz/1xhMJIhIyilm9TTQKBgHRsYDGaVlK5qmPYcGQJhBFlItKPImW579jT6ho7
-nfph/xr49/cZt3U4B/w6sz+YyJTjwEsvHzS4U3o2lod6xojaeYE9EaCdzllqZp3z
-vRAcThyFp+TV5fm2i2R7s+4I33dL1fv1dLlA57YKPcgkh+M26Vxzzg7jR+oo8SRY
-xT2BAoGBAKNR60zpSQZ2SuqEoWcj1Nf+KloZv2tZcnsHhqhiugbYhZOQVyTCNipa
-Ib3/BGERCyI7oWMk0yTTQK4wg3+0EsxQX10hYJ5+rd4btWac7G/tjo2+BSaTnWSW
-0vWM/nu33Pq0JHYIo0q0Jee0evTgizqH9UJ3wI5LG29LKwurXxPW
------END RSA PRIVATE KEY-----

scripts/docker-dns-srv/certs/Procfile

@@ -1,5 +0,0 @@
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --discovery-srv=etcd.local --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth

scripts/docker-dns-srv/certs/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns-srv/certs/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUfPEaJnrBzeHM8echLjsPOsV1IzUwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMjIxNzMzMDBaFw0yNzExMjAxNzMz
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDDU14WMuV1AC+6wDWRF6itx71EljW7Prw2drhuxOC3bE+QQx4LGcY2OP9N
-9MC9u9M0s8waGDAbZvdLmCMfAAJoJ05rLcO7F2XEr7Ww7jUWl7+B/sW8ENQiqtUY
-1JqLVjwducxmfHspAmSkhEpDBTiTFsya/i1Ic+ctfxDLtsNGgQuA9mCiBvuUhbWG
-CkB0JpuL4s6LMuDukQHpZZCDnq0Y26M9sZnjmowbdRoQlhVId6Tl5b5b4Y3qLLbe
-r1E+VChcPpOYrKhXBOW/dT5ph/fIQDuVKN6E5Z54AMm3fKsP3MLGBCMfFqIVg1+s
-BZA5/Jau+US8Ll4bn8sy/HK1xoy/AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSZZ+PEsPywCRKo/fxY2eSnI0wQ
-IDANBgkqhkiG9w0BAQsFAAOCAQEAFU4QXMGx8zr8rKAp/IyGipDp/aQ49qYXPjIt
-c92rzbYo11sJmBEXiYIOGuZdBBeawIzYsM8dW59LFO8ZcMq/gISBcS5ilqllw6SG
-20UrFEKNzcPoRwXp3GSbSGr5PxTgWYWpwJaDa0j2qiM4PB9/IuTBqr6Vu1Olhx06
-mXztYl4UL0HPkuB4Td+BIhjc+ZpxCfBOOBpiwAyeh4SpJ3cpZrbyz7JAsCTtywzy
-lVO4lfcmxTWwruRyYAnexHdBvnqa8GZw1gufZoSbMTsN4Zz/j3j9T2LG1Q0Agi7o
-MhqPqhG/9ISjA0G3bu2B/jHbmWMVbb+ueEYtAz5JHFik2snRtA==
------END CERTIFICATE-----

scripts/docker-dns-srv/certs/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns-srv/certs/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: *.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns-srv/certs/run.sh

@@ -1,33 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs/ca.crt \
-  --cert=/certs/server.crt \
-  --key=/certs/server.key.insecure \
-  --discovery-srv etcd.local \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs/ca.crt \
-  --cert=/certs/server.crt \
-  --key=/certs/server.key.insecure \
-  --discovery-srv etcd.local \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs/ca.crt \
-  --cert=/certs/server.crt \
-  --key=/certs/server.key.insecure \
-  --discovery-srv etcd.local \
-  get abc

scripts/docker-dns-srv/certs/server-ca-csr.json

@@ -1,23 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "hosts": [
-    "m1.etcd.local",
-    "m2.etcd.local",
-    "m3.etcd.local",
-    "etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns-srv/certs/server.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIENTCCAx2gAwIBAgIUPr4J62m04v7Sr5rFop1P0+VbN+8wDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMjIxNzMzMDBaFw0yNzExMjAxNzMz
-MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOZuU1wqUMoI
-/Vkxo5ep8vGxgCg38c0PdxAJX4ViEBRIsKxnjMUmgMWEes9bJ14wrqQ2G3l0tSSr
-nOtRPRGeSBAsiFKU41sRdHZQgZKhWXKvOqLlll9tgTmAypXeYt1zrtV8zPan3AWn
-OYz+FdO41BESmg00SctcIVoP57keSkr/binJuwy+e1w6Z8Prnoc+OqsFvjp6RPNH
-ZJYKsBziYVldg3RN0K/1MQBP587AhF0Dh+iTqnMWhJwbAGw82j7b7jgJnatMvj0L
-e/nunxB9BgWaRl4Xq0WueFBfVSLIYUspTogpaz2bUsIAxV3xbRRbpiFY/eqT6nSK
-grR6Qc8oOVsCAwEAAaOB1TCB0jAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFE4dpGTp
-+hE0TR9Ku1wf1/GQ9zVjMB8GA1UdIwQYMBaAFJln48Sw/LAJEqj9/FjZ5KcjTBAg
-MFMGA1UdEQRMMEqCDW0xLmV0Y2QubG9jYWyCDW0yLmV0Y2QubG9jYWyCDW0zLmV0
-Y2QubG9jYWyCCmV0Y2QubG9jYWyCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0B
-AQsFAAOCAQEADDh4aThZsXaXkAluZP1yC+gc+z+gJT88SeBgIX11++3SqzERCcWv
-71boMeYGDa/TuvDtAXQcZAtfNdjcZCxPGPoDuOYMksEMk/+oekb8JR1Nfd9jgRr+
-0MD2Hh6ElM9F/FXO+NHavAbtbTjbEGXGXCciGqL/fPw4AF0bAIQjiIE69wiZgCfM
-1/+wR2+paZ+CxE3QZZKUhgoDRPY91J8KCiDPHvZRafQEulzb8w4G7h8TUy1xjZPw
-UQfHsquLQHIfCHVHSn2yubMrlMbdJPhnJT35APBa7Uj0TYwb1tuFQ/xbO2GKoq3f
-T7Rad1T50qRTqsRZzPdG4lZjAgnybjJUIQ==
------END CERTIFICATE-----

scripts/docker-dns-srv/certs/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA5m5TXCpQygj9WTGjl6ny8bGAKDfxzQ93EAlfhWIQFEiwrGeM
-xSaAxYR6z1snXjCupDYbeXS1JKuc61E9EZ5IECyIUpTjWxF0dlCBkqFZcq86ouWW
-X22BOYDKld5i3XOu1XzM9qfcBac5jP4V07jUERKaDTRJy1whWg/nuR5KSv9uKcm7
-DL57XDpnw+uehz46qwW+OnpE80dklgqwHOJhWV2DdE3Qr/UxAE/nzsCEXQOH6JOq
-cxaEnBsAbDzaPtvuOAmdq0y+PQt7+e6fEH0GBZpGXherRa54UF9VIshhSylOiClr
-PZtSwgDFXfFtFFumIVj96pPqdIqCtHpBzyg5WwIDAQABAoIBAQDBdpk4RTLFHV0P
-uLRfzkjxkRRHMAksIDLXXPc8tkNHtGvYo6u1jokIzByL4T0hQIAv0Fmq1EiNfCPo
-EbHTC+/23Fyr8OMdf38nIppW8G538hSp1VY10mtvSulLgIXC5bBA/2HaKL56ZJbW
-ADF1K7Woi9SZB3B5c2VxBu+HJZ48bbZLFoKMw+48998K/S0Msh4NeZ3Lq75i2LmZ
-GhPmeR2d922UAO72hgP8h771Cejz3bd0mdFGtbwSS+1vpseFsZHu8yQjBAbP13o2
-e6+SpZf7Yndeg1Wv/WALiKFFTIfqnpVtVhMqD+nx/0DweW1b1vdDVz+LmPPUyvxR
-owhQV9b5AoGBAPNPSgMxlMvsaoTo08AU6YjZgfqMAxJNgVU/KsyK9qhq/O9Q9O8d
-OKt/kehdeYQOkkM77mLTtcDlFfbg6NmNnN7iBMY9v5iZP8U14avjmvjDKrwigsK+
-HWuFlA7RpmecIwHH17ya32PydnoM7MMH46N28fSnAR7bIgZC3USmUfYtAoGBAPJz
-E8Gcf9eVox5o5hhhocLtjFQcXxjcL3Bxz1qFPNvQ440s/7ubGORPoDzOf1lPyxI9
-HewZTJ/aP8lyhPwGC0+O3mH6Gwr2YflaoLdZxBAX0gliPKI0OWsH73RGkBxUte46
-ugTgKXpwtvM9R7pENJbP8lOFKdg5EoA6ZjIKCmqnAoGBAMMXT4wyBFJi9aIuoiNB
-YWQmq47/FzNkzBBTfvjVcCPo7Xji3BKixp7UwmSkFtxpZqPceS/q+7B4v9zdyDcw
-0pjwd82RE4DDWJvDsXjHHqraqviBX4HROPvO9sHPHvOzAWrbF8QWFosojhEdLfbP
-65pVtHpsMnzQTn7gvFTgW5XdAoGAepDYfPlL28Wm99mZ8NtydmO2nFLXdG7jgJnY
-dG+E6683SghkpAftVoY2gGb4FEN1apwBA3lqtikUNBezyOCZWTfljmxsvWb+8prx
-Qp+bsXMJWHsUIf/6wvP5BrQhaGEes/d2UL6t2Vsf8emZ2D1gxJkNbVGVbNy1UKO1
-RDi1OWMCgYB+DZ/CvJ8i6VwzOm/SXtycuDJZ96NGwjpK4A71HoocrVi1phGMlOp+
-c48XR0Xr2/AEfFsmcTIilI2ShsjN4u9YDXJK8Efek2EX77pP6MsUXuSZ6i1OS9wP
-5WPYypGxNXsZU99D78UBV9PohWqp4LkBSP/55sFBcd3iyLbdHlthLA==
------END RSA PRIVATE KEY-----

scripts/docker-dns-srv/etcd.zone

@@ -1,21 +0,0 @@
-$TTL    86400
-@   IN  SOA  etcdns.local. root.etcdns.local. (
-             100500     ; Serial
-             604800     ; Refresh
-              86400     ; Retry
-            2419200     ; Expire
-              86400 )   ; Negative Cache TTL
-    IN  NS  ns.etcdns.local.
-    IN  A   127.0.0.1
-
-ns IN A 127.0.0.1
-m1 IN A 127.0.0.1
-m2 IN A 127.0.0.1
-m3 IN A 127.0.0.1
-
-_etcd-client-ssl._tcp IN SRV 0 0 2379 m1.etcd.local.
-_etcd-server-ssl._tcp IN SRV 0 0 2380 m1.etcd.local.
-_etcd-client-ssl._tcp IN SRV 0 0 22379 m2.etcd.local.
-_etcd-server-ssl._tcp IN SRV 0 0 22380 m2.etcd.local.
-_etcd-client-ssl._tcp IN SRV 0 0 32379 m3.etcd.local.
-_etcd-server-ssl._tcp IN SRV 0 0 32380 m3.etcd.local.

scripts/docker-dns-srv/named.conf

@@ -1,23 +0,0 @@
-options {
-        directory "/var/bind";
-        listen-on { 127.0.0.1; };
-        listen-on-v6 { none; };
-        allow-transfer {
-                none;
-        };
-        // If you have problems and are behind a firewall:
-        query-source address * port 53;
-        pid-file "/var/run/named/named.pid";
-        allow-recursion { none; };
-        recursion no;
-};
-
-zone "etcd.local" IN {
-      type master;
-      file "/etc/bind/etcd.zone";
-};
-
-zone "0.0.127.in-addr.arpa" {
-      type master;
-      file "/etc/bind/rdns.zone";
-};

scripts/docker-dns-srv/rdns.zone

@@ -1,13 +0,0 @@
-$TTL    86400
-@   IN  SOA  etcdns.local. root.etcdns.local. (
-             100500     ; Serial
-             604800     ; Refresh
-              86400     ; Retry
-            2419200     ; Expire
-              86400 )   ; Negative Cache TTL
-    IN  NS  ns.etcdns.local.
-    IN  A   127.0.0.1
-
-1 IN PTR m1.etcd.local.
-1 IN PTR m2.etcd.local.
-1 IN PTR m3.etcd.local.

scripts/docker-dns-srv/resolv.conf

@@ -1 +0,0 @@
-nameserver 127.0.0.1

scripts/docker-dns/Dockerfile

@@ -1,44 +0,0 @@
-FROM ubuntu:17.10
-
-RUN rm /bin/sh && ln -s /bin/bash /bin/sh
-RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
-
-RUN apt-get -y update \
-  && apt-get -y install \
-  build-essential \
-  gcc \
-  apt-utils \
-  pkg-config \
-  software-properties-common \
-  apt-transport-https \
-  libssl-dev \
-  sudo \
-  bash \
-  curl \
-  tar \
-  git \
-  netcat \
-  bind9 \
-  dnsutils \
-  && apt-get -y update \
-  && apt-get -y upgrade \
-  && apt-get -y autoremove \
-  && apt-get -y autoclean
-
-ENV GOROOT /usr/local/go
-ENV GOPATH /go
-ENV PATH ${GOPATH}/bin:${GOROOT}/bin:${PATH}
-ENV GO_VERSION REPLACE_ME_GO_VERSION
-ENV GO_DOWNLOAD_URL https://storage.googleapis.com/golang
-RUN rm -rf ${GOROOT} \
-  && curl -s ${GO_DOWNLOAD_URL}/go${GO_VERSION}.linux-amd64.tar.gz | tar -v -C /usr/local/ -xz \
-  && mkdir -p ${GOPATH}/src ${GOPATH}/bin \
-  && go version \
-  && go get -v -u github.com/mattn/goreman
-
-RUN mkdir -p /var/bind /etc/bind
-RUN chown root:bind /var/bind /etc/bind
-
-ADD named.conf etcd.zone rdns.zone /etc/bind/
-RUN chown root:bind /etc/bind/named.conf /etc/bind/etcd.zone /etc/bind/rdns.zone
-ADD resolv.conf /etc/resolv.conf

scripts/docker-dns/certs-common-name-auth/Procfile

@@ -1,6 +0,0 @@
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-auth/server.crt --peer-key-file=/certs-common-name-auth/server.key.insecure --peer-trusted-ca-file=/certs-common-name-auth/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name-auth/server.crt --key-file=/certs-common-name-auth/server.key.insecure --trusted-ca-file=/certs-common-name-auth/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-auth/server.crt --peer-key-file=/certs-common-name-auth/server.key.insecure --peer-trusted-ca-file=/certs-common-name-auth/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name-auth/server.crt --key-file=/certs-common-name-auth/server.key.insecure --trusted-ca-file=/certs-common-name-auth/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-auth/server.crt --peer-key-file=/certs-common-name-auth/server.key.insecure --peer-trusted-ca-file=/certs-common-name-auth/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name-auth/server.crt --key-file=/certs-common-name-auth/server.key.insecure --trusted-ca-file=/certs-common-name-auth/ca.crt --client-cert-auth

scripts/docker-dns/certs-common-name-auth/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns/certs-common-name-auth/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUdASu5zT1US/6LPyKmczbC3NgdY4wDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTQwNjIzMDBaFw0yNzExMTIwNjIz
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDBbE44RP/Tk9l7KShzxQAypatoqDJQL32hyw8plZIfni5XFIlG2GwyjNvX
-wiP6u0YcsApZKc58ytqcHQqMyk68OTTxcM+HVWvKHMKOBPBYgXeeVnD+7Ixuinq/
-X6RK3n2jEipFgE9FiAXDNICF3ZQz+HVNBSbzwCjBtIcYkinWHX+kgnQkFT1NnmuZ
-uloz6Uh7/Ngn/XPNSsoMyLrh4TwDsx/fQEpVcrXMbxWux1xEHmfDzRKvE7VhSo39
-/mcpKBOwTg4jwh9tDjxWX4Yat+/cX0cGxQ7JSrdy14ESV5AGBmesGHd2SoWhZK9l
-tWm1Eq0JYWD+Cd5yNrODTUxWRNs9AgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSZMjlLnc7Vv2mxRMebo5ezJ7gt
-pzANBgkqhkiG9w0BAQsFAAOCAQEAA2d2nV4CXjp7xpTQrh8sHzSBDYUNr9DY5hej
-52X6q8WV0N3QC7Utvv2Soz6Ol72/xoGajIJvqorsIBB5Ms3dgCzPMy3R01Eb3MzI
-7KG/4AGVEiAKUBkNSD8PWD7bREnnv1g9tUftE7jWsgMaPIpi6KhzhyJsClT4UsKQ
-6Lp+Be80S293LrlmUSdZ/v7FAvMzDGOLd2iTlTr1fXK6YJJEXpk3+HIi8nbUPvYQ
-6O8iOtf5QoCm1yMLJQMFvNr51Z1EeF935HRj8U2MJP5jXPW4/UY2TAUBcWEhlNsK
-6od+f1B8xGe/6KHvF0C8bg23kj8QphM/E7HCZiVgdm6FNf54AQ==
------END CERTIFICATE-----

scripts/docker-dns/certs-common-name-auth/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns/certs-common-name-auth/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: m1/m2/m3.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns/certs-common-name-auth/run.sh

@@ -1,255 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs-common-name-auth/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379 \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  get abc
-
-sleep 1s && printf "\n"
-echo "Step 1. creating root role"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  role add root
-
-sleep 1s && printf "\n"
-echo "Step 2. granting readwrite 'foo' permission to role 'root'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  role grant-permission root readwrite foo
-
-sleep 1s && printf "\n"
-echo "Step 3. getting role 'root'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  role get root
-
-sleep 1s && printf "\n"
-echo "Step 4. creating user 'root'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --interactive=false \
-  user add root:123
-
-sleep 1s && printf "\n"
-echo "Step 5. granting role 'root' to user 'root'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  user grant-role root root
-
-sleep 1s && printf "\n"
-echo "Step 6. getting user 'root'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  user get root
-
-sleep 1s && printf "\n"
-echo "Step 7. enabling auth"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  auth enable
-
-sleep 1s && printf "\n"
-echo "Step 8. writing 'foo' with 'root:123'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  put foo bar
-
-sleep 1s && printf "\n"
-echo "Step 9. writing 'aaa' with 'root:123'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  put aaa bbb
-
-sleep 1s && printf "\n"
-echo "Step 10. writing 'foo' without 'root:123'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  put foo bar
-
-sleep 1s && printf "\n"
-echo "Step 11. reading 'foo' with 'root:123'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  get foo
-
-sleep 1s && printf "\n"
-echo "Step 12. reading 'aaa' with 'root:123'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  get aaa
-
-sleep 1s && printf "\n"
-echo "Step 13. creating a new user 'test-common-name:test-pass'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  --interactive=false \
-  user add test-common-name:test-pass
-
-sleep 1s && printf "\n"
-echo "Step 14. creating a role 'test-role'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  role add test-role
-
-sleep 1s && printf "\n"
-echo "Step 15. granting readwrite 'aaa' --prefix permission to role 'test-role'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  role grant-permission test-role readwrite aaa --prefix
-
-sleep 1s && printf "\n"
-echo "Step 16. getting role 'test-role'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  role get test-role
-
-sleep 1s && printf "\n"
-echo "Step 17. granting role 'test-role' to user 'test-common-name'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=root:123 \
-  user grant-role test-common-name test-role
-
-sleep 1s && printf "\n"
-echo "Step 18. writing 'aaa' with 'test-common-name:test-pass'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=test-common-name:test-pass \
-  put aaa bbb
-
-sleep 1s && printf "\n"
-echo "Step 19. writing 'bbb' with 'test-common-name:test-pass'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=test-common-name:test-pass \
-  put bbb bbb
-
-sleep 1s && printf "\n"
-echo "Step 20. reading 'aaa' with 'test-common-name:test-pass'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=test-common-name:test-pass \
-  get aaa
-
-sleep 1s && printf "\n"
-echo "Step 21. reading 'bbb' with 'test-common-name:test-pass'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  --user=test-common-name:test-pass \
-  get bbb
-
-sleep 1s && printf "\n"
-echo "Step 22. writing 'aaa' with CommonName 'test-common-name'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  put aaa ccc
-
-sleep 1s && printf "\n"
-echo "Step 23. reading 'aaa' with CommonName 'test-common-name'"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-auth/ca.crt \
-  --cert=/certs-common-name-auth/server.crt \
-  --key=/certs-common-name-auth/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  get aaa

scripts/docker-dns/certs-common-name-auth/server-ca-csr.json

@@ -1,23 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "test-common-name",
-  "hosts": [
-    "m1.etcd.local",
-    "m2.etcd.local",
-    "m3.etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns/certs-common-name-auth/server.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIERDCCAyygAwIBAgIUO500NxhwBHJsodbGKbo5NsW9/p8wDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTQwNjIzMDBaFw0yNzExMTIwNjIz
-MDBaMH0xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTEZMBcGA1UEAxMQdGVzdC1jb21tb24tbmFtZTCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAMRvVMj3+5jAhRng4izVm4zrvMBnHNMh2MOFVTp7
-wdhEF2en7pFsKzWgczewil6v4d6QzJpgB9yQzPT2q0SOvetpbqP950y6MdPHAF9D
-qZd0+wC+RLdSmK5oQKzgZER/vH3eSbTa1UdwaLBHlT6PiTzGm+gEYL43gr3kle+A
-9c7aT9pkJWQFTCSdqwcQopyHEwgrfPHC8Bdn804soG4HtR9Gg/R4xtlu7ir6LTHn
-vpPBScaMZDUQ5UNrEMh8TM8/sXG6oxqo86r5wpVQt6vscnTMrTTUqq+Mo/OJnDAf
-plaqkWX5NfIJ9tmE2V06hq1/ptQkl714Wb+ske+aJ2Poc/UCAwEAAaOByTCBxjAO
-BgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwG
-A1UdEwEB/wQCMAAwHQYDVR0OBBYEFEG2hXyVTpxLXTse3fXe0U/g0F8kMB8GA1Ud
-IwQYMBaAFJkyOUudztW/abFEx5ujl7MnuC2nMEcGA1UdEQRAMD6CDW0xLmV0Y2Qu
-bG9jYWyCDW0yLmV0Y2QubG9jYWyCDW0zLmV0Y2QubG9jYWyCCWxvY2FsaG9zdIcE
-fwAAATANBgkqhkiG9w0BAQsFAAOCAQEADtH0NZBrWfXTUvTa3WDsa/JPBhiPu/kH
-+gRxOD5UNeDX9+QAx/gxGHrCh4j51OUx55KylUe0qAPHHZ4vhgD2lCRBqFLYx69m
-xRIzVnt5NCruriskxId1aFTZ5pln5KK5tTVkAp04MBHZOgv8giXdRWn+7TtMyJxj
-wVGf8R7/bwJGPPJFrLNtN4EWwXv/a2/SEoZd8fkTxzw12TeJ8w1PnkH4Zer+nzNb
-dH5f+OIBGGZ2fIWANX5g9JEJvvsxBBL8uoCrFE/YdnD0fLyhoplSOVEIvncQLHd8
-3QoIVQ5GXnreMF9vuuEU5LlSsqd/Zv5mAQNrbEAfAL+QZQsnHY12qQ==
------END CERTIFICATE-----

scripts/docker-dns/certs-common-name-auth/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxG9UyPf7mMCFGeDiLNWbjOu8wGcc0yHYw4VVOnvB2EQXZ6fu
-kWwrNaBzN7CKXq/h3pDMmmAH3JDM9ParRI6962luo/3nTLox08cAX0Opl3T7AL5E
-t1KYrmhArOBkRH+8fd5JtNrVR3BosEeVPo+JPMab6ARgvjeCveSV74D1ztpP2mQl
-ZAVMJJ2rBxCinIcTCCt88cLwF2fzTiygbge1H0aD9HjG2W7uKvotMee+k8FJxoxk
-NRDlQ2sQyHxMzz+xcbqjGqjzqvnClVC3q+xydMytNNSqr4yj84mcMB+mVqqRZfk1
-8gn22YTZXTqGrX+m1CSXvXhZv6yR75onY+hz9QIDAQABAoIBABiq+nS6X4gRNSXI
-zd5ffMc3m152FHKXH4d+KPPNMsyb0Gyd9CGi+dIkMhPeQaIeaDjw6iDAynvyWyqw
-B1X2rvbvKIvDiNZj03oK1YshDh0M/bBcNHjpEG9mfCi5jR3lBKCx14O0r2/nN95b
-Puy6TbuqHU4HrrZ0diCuof2Prk6pd0EhQC+C3bZCcoWXOaRTqrMBTT6DdSMQrVKD
-eGTXYqCzs/AlGKkOiErKtKWouNpkPpPiba1qp7YWXUasrXqPgPi4d97TmOShGIfc
-zXNJT+e2rDX4OEVAJtOt6U2l9QG+PIhpH4P/ZYsvindm4VZBs+Vysrj4xkLgGBBP
-ygOfBIECgYEA0IfP9Z9mzvCXiGrkrx2tN/k31cX674P/KwxPgSWM/AdXenYYzsmj
-rVcoFx2eCFnBFdPz4BAqEfH70gtsG7OoTmoJSwN6wurIdGcFQwItrghgt9Qp46Dq
-AIT9RXSpcB9AjM6p2reCjWcNeBVMrrHU3eaQitCxZbzuxvMMhMs/zzECgYEA8Sak
-UhXFtNjxBW6EMNmTpjhShIZmxtPNzTJ5DtmARr8F+SMELp3JGJj/9Bm4TsvqJmGs
-j9g/MVvSTjJlOuYPGJ5DBl3egZ5ZlRJx3I2qA4lFFCb71OJzuoR8YdHRlHnhJOu9
-2Jyrki1wrAefby8Fe/+5vswxq2u+Qurjya716AUCgYB+E06ZGzmmLfH/6Vi/wzqC
-F+w5FAzGGNECbtv2ogReL/YktRgElgaee45ig2aTd+h0UQQmWL+Gv/3XHU7MZM+C
-MTvTHZRwGlD9h3e37q49hRUsr1pwJE6157HU91al0k9NknlBIigNY9vR2VbWW+/u
-BUMomkpWz2ax5CqScuvuUQKBgQCE+zYqPe9kpy1iPWuQNKuDQhPfGO6cPjiDK44u
-biqa2MRGetTXkBNRCS48QeKtMS3SNJKgUDOo2GXE0W2ZaTxx6vQzEpidCeGEn0NC
-yKw0fwIk9spwvt/qvxyIJNhZ9Ev/vDBYvyyt03kKpLl66ocvtfmMCbZqPWQSKs2q
-bl0UsQKBgQDDrsPnuVQiv6l0J9VrZc0f5DYZIJmQij1Rcg/fL1Dv2mEpADrH2hkY
-HI27Q15dfgvccAGbGXbZt3xi7TCLDDm+Kl9V9bR2e2EhqA84tFryiBZ5XSDRAWPU
-UIjejblTgtzrTqUd75XUkNoKvJIGrLApmQiBJRQbcbwtmt2pWbziyQ==
------END RSA PRIVATE KEY-----

scripts/docker-dns/certs-common-name-multi/Procfile

@@ -1,6 +0,0 @@
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-multi/server-1.crt --peer-key-file=/certs-common-name-multi/server-1.key.insecure --peer-trusted-ca-file=/certs-common-name-multi/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn etcd.local --cert-file=/certs-common-name-multi/server-1.crt --key-file=/certs-common-name-multi/server-1.key.insecure --trusted-ca-file=/certs-common-name-multi/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-multi/server-2.crt --peer-key-file=/certs-common-name-multi/server-2.key.insecure --peer-trusted-ca-file=/certs-common-name-multi/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn etcd.local --cert-file=/certs-common-name-multi/server-2.crt --key-file=/certs-common-name-multi/server-2.key.insecure --trusted-ca-file=/certs-common-name-multi/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-multi/server-3.crt --peer-key-file=/certs-common-name-multi/server-3.key.insecure --peer-trusted-ca-file=/certs-common-name-multi/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn etcd.local --cert-file=/certs-common-name-multi/server-3.crt --key-file=/certs-common-name-multi/server-3.key.insecure --trusted-ca-file=/certs-common-name-multi/ca.crt --client-cert-auth

scripts/docker-dns/certs-common-name-multi/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns/certs-common-name-multi/ca.crt

@@ -1,23 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID0jCCArqgAwIBAgIUd3UZnVmZFo8x9MWWhUrYQvZHLrQwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCqgFTgSFl+ugXkZuiN5PXp84Zv05crwI5x2ePMnc2/3u1s7cQBvXQGCJcq
-OwWD7tjcy4K2PDC0DLRa4Mkd8JpwADmf6ojbMH/3a1pXY2B3BJQwmNPFnxRJbDZL
-Iti6syWKwyfLVb1KFCU08G+ZrWmGIXPWDiE+rTn/ArD/6WbQI1LYBFJm25NLpttM
-mA3HnWoErNGY4Z/AR54ROdQSPL7RSUZBa0Kn1riXeOJ40/05qosR2O/hBSAGkD+m
-5Rj+A6oek44zZqVzCSEncLsRJAKqgZIqsBrErAho72irEgTwv4OM0MyOCsY/9erf
-hNYRSoQeX+zUvEvgToalfWGt6kT3AgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRDePNja5CK4zUfO5x1vzGvdmUF
-CzAfBgNVHSMEGDAWgBRDePNja5CK4zUfO5x1vzGvdmUFCzANBgkqhkiG9w0BAQsF
-AAOCAQEAZu0a3B7Ef/z5Ct99xgzPy4z9RwglqPuxk446hBWR5TYT9fzm+voHCAwb
-MJEaQK3hvAz47qAjyR9/b+nBw4LRTMxg0WqB+UEEVwBGJxtfcOHx4mJHc3lgVJnR
-LiEWtIND7lu5Ql0eOjSehQzkJZhUb4SnXD7yk64zukQQv9zlZYZCHPDAQ9LzR2vI
-ii4yhwdWl7iiZ0lOyR4xqPB3Cx/2kjtuRiSkbpHGwWBJLng2ZqgO4K+gL3naNgqN
-TRtdOSK3j/E5WtAeFUUT68Gjsg7yXxqyjUFq+piunFfQHhPB+6sPPy56OtIogOk4
-dFCfFAygYNrFKz366KY+7CbpB+4WKA==
------END CERTIFICATE-----

scripts/docker-dns/certs-common-name-multi/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns/certs-common-name-multi/gencerts.sh

@@ -1,42 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: m1/m2/m3.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr-1.json | cfssljson --bare ./server-1
-mv server-1.pem server-1.crt
-mv server-1-key.pem server-1.key.insecure
-
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr-2.json | cfssljson --bare ./server-2
-mv server-2.pem server-2.crt
-mv server-2-key.pem server-2.key.insecure
-
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr-3.json | cfssljson --bare ./server-3
-mv server-3.pem server-3.crt
-mv server-3-key.pem server-3.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns/certs-common-name-multi/run.sh

@@ -1,33 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs-common-name-multi/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-multi/ca.crt \
-  --cert=/certs-common-name-multi/server-1.crt \
-  --key=/certs-common-name-multi/server-1.key.insecure \
-  --endpoints=https://m1.etcd.local:2379 \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-multi/ca.crt \
-  --cert=/certs-common-name-multi/server-2.crt \
-  --key=/certs-common-name-multi/server-2.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-common-name-multi/ca.crt \
-  --cert=/certs-common-name-multi/server-3.crt \
-  --key=/certs-common-name-multi/server-3.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  get abc

scripts/docker-dns/certs-common-name-multi/server-1.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIUaDLXBmJpHrElwENdnVk9hvAvlKcwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
-MDBaMHcxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTETMBEGA1UEAxMKZXRjZC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAOb5CdovL9QCdgsxnCBikTbJko6r5mrF+eA47gDLcVbWrRW5
-d8eZYV1Fyn5qe80O6LB6LKPrRftxyAGABKqIBCHR57E97UsICC4lGycBWaav6cJ+
-7Spkpf8cSSDjjgb4KC6VVPf9MCsHxBYSTfme8JEFE+6KjlG8Mqt2yv/5aIyRYITN
-WzXvV7wxS9aOgDdXLbojW9FJQCuzttOPfvINTyhtvUvCM8S61La5ymCdAdPpx1U9
-m5KC23k6ZbkAC8/jcOV+68adTUuMWLefPf9Ww3qMT8382k86gJgQjZuJDGUl3Xi5
-GXmO0GfrMh+v91yiaiqjsJCDp3uVcUSeH7qSkb0CAwEAAaOBqzCBqDAOBgNVHQ8B
-Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
-/wQCMAAwHQYDVR0OBBYEFEwLLCuIHilzynJ7DlTrikyhy2TAMB8GA1UdIwQYMBaA
-FEN482NrkIrjNR87nHW/Ma92ZQULMCkGA1UdEQQiMCCCDW0xLmV0Y2QubG9jYWyC
-CWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAkERnrIIvkZHWsyih
-mFNf/JmFHC+0/UAG9Ti9msRlr9j1fh+vBIid3FAIShX0zFXf+AtN/+Bz5SVvQHUT
-tm71AK/vER1Ue059SIty+Uz5mNAjwtXy0WaUgSuF4uju7MkYD5yUnSGv1iBfm88a
-q+q1Vd5m6PkOCfuyNQQm5RKUiJiO4OS+2F9/JOpyr0qqdQthOWr266CqXuvVhd+Z
-oZZn5TLq5GHCaTxfngSqS3TXl55QEGl65SUgYdGqpIfaQt3QKq2dqVg/syLPkTJt
-GNJVLxJuUIu0PLrfuWynUm+1mOOfwXd8NZVZITUxC7Tl5ecFbTaOzU/4a7Cyssny
-Wr3dUg==
------END CERTIFICATE-----

scripts/docker-dns/certs-common-name-multi/server-1.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA5vkJ2i8v1AJ2CzGcIGKRNsmSjqvmasX54DjuAMtxVtatFbl3
-x5lhXUXKfmp7zQ7osHoso+tF+3HIAYAEqogEIdHnsT3tSwgILiUbJwFZpq/pwn7t
-KmSl/xxJIOOOBvgoLpVU9/0wKwfEFhJN+Z7wkQUT7oqOUbwyq3bK//lojJFghM1b
-Ne9XvDFL1o6AN1ctuiNb0UlAK7O2049+8g1PKG29S8IzxLrUtrnKYJ0B0+nHVT2b
-koLbeTpluQALz+Nw5X7rxp1NS4xYt589/1bDeoxPzfzaTzqAmBCNm4kMZSXdeLkZ
-eY7QZ+syH6/3XKJqKqOwkIOne5VxRJ4fupKRvQIDAQABAoIBAQCYQsXm6kJqTbEJ
-kgutIa0+48TUfqen7Zja4kyrg3HU4DI75wb6MreHqFFj4sh4FoL4i6HP8XIx3wEN
-VBo/XOj0bo6BPiSm2MWjvdxXa0Fxa/f6uneYAb+YHEps/vWKzJ6YjuLzlBnj0/vE
-3Q5AJzHJOAK6tuY5JYp1lBsggYcVWiQSW6wGQRReU/B/GdFgglL1chqL33Dt11Uv
-Y6+oJz/PyqzPLPHcPbhqyQRMOZXnhx+8/+ooq5IojqOHfpa9JQURcHY7isBnpI/G
-ZAa8tZctgTqtL4hB1rxDhdq1fS2YC12lxkBZse4jszcm0tYzy2gWmNTH480uo/0J
-GOxX7eP1AoGBAO7O+aLhQWrspWQ//8YFbPWNhyscQub+t6WYjc0wn9j0dz8vkhMw
-rh5O8uMcZBMDQdq185BcB3aHInw9COWZEcWNIen4ZyNJa5VCN4FY0a2GtFSSGG3f
-ilKmQ7cjB950q2jl1AR3t2H7yah+i1ZChzPx+GEe+51LcJZX8mMjGvwjAoGBAPeZ
-qJ2W4O2dOyupAfnKpZZclrEBqlyg7Xj85u20eBMUqtaIEcI/u2kaotQPeuaekUH0
-b1ybr3sJBTp3qzHUaNV3iMfgrnbWEOkIV2TCReWQb1Fk93o3gilMIkhGLIhxwWpM
-UpQy3JTjGG/Y6gIOs7YnOBGVMA0o+RvouwooU6ifAoGAH6D6H0CGUYsWPLjdP3To
-gX1FMciEc+O4nw4dede+1BVM1emPB0ujRBBgywOvnXUI+9atc6k8s84iGyJaU056
-tBeFLl/gCSRoQ1SJ1W/WFY2JxMm0wpig0WGEBnV1TVlWeoY2FoFkoG2gv9hCzCHz
-lkWuB+76lFKxjrgHOmoj4NECgYB+COmbzkGQsoh8IPuwe0bu0xKh54cgv4oiHBow
-xbyZedu8eGcRyf9L8RMRfw/AdNbcC+Dj8xvQNTdEG8Y5BzaV8tLda7FjLHRPKr/R
-ulJ6GJuRgyO2Qqsu+mI5B/+DNOSPh2pBpeJCp5a42GHFylYQUsZnrNlY2ZJ0cnND
-KGPtYQKBgQDL30+BB95FtRUvFoJIWwASCp7TIqW7N7RGWgqmsXU0EZ0Mya4dquqG
-rJ1QuXQIJ+xV060ehwJR+iDUAY2xUg3/LCoDD0rwBzSdh+NEKjOmRNFRtn7WT03Q
-264E80r6VTRSN4sWQwAAbd1VF1uGO5tkzZdJGWGhQhvTUZ498dE+9Q==
------END RSA PRIVATE KEY-----

scripts/docker-dns/certs-common-name-multi/server-2.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIUHXDUS+Vry/Tquc6S6OoaeuGozrEwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
-MDBaMHcxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTETMBEGA1UEAxMKZXRjZC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAOO+FsO+6pwpv+5K+VQTYQb0lT0BjnM7Y2qSZIiTGCDp/M0P
-yHSed4oTzxBeA9hEytczH/oddAUuSZNgag5sGFVgjFNdiZli4wQqJaMQRodivuUl
-ZscqnWwtP3GYVAfg+t/4YdGB+dQRDQvHBl9BRYmUh2ixOA98OXKfNMr+u+3sh5Gy
-dwx5ZEBRvgBcRrgCaIMsvVeIzHQBMHrNySAD1bGgm3xGdLeVPhAp24yUKZ5IbN6/
-+5hyCRARtGwLH/1Q/h10Sr5jxQi00eEXH+CNOvcerH6b2II/BxHIcqKd0u36pUfG
-0KsY+ia0fvYi510V6Q0FAn45luEjHEk5ITN/LnMCAwEAAaOBqzCBqDAOBgNVHQ8B
-Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
-/wQCMAAwHQYDVR0OBBYEFE69SZun6mXZe6cd3Cb2HWrK281MMB8GA1UdIwQYMBaA
-FEN482NrkIrjNR87nHW/Ma92ZQULMCkGA1UdEQQiMCCCDW0yLmV0Y2QubG9jYWyC
-CWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAI5nHHULV7eUJMsvv
-zk1shv826kOwXbMX10iRaf49/r7TWBq0pbPapvf5VXRsZ5wlDrDzjaNstpsaow/j
-fhZ1zpU0h1bdifxE+omFSWZjpVM8kQD/yzT34VdyA+P2HuxG8ZTa8r7wTGrooD60
-TjBBM5gFV4nGVe+KbApQ26KWr+P8biKaWe6MM/jAv6TNeXiWReHqyM5v404PZQXK
-cIN+fBb8bQfuaKaN1dkOUI3uSHmVmeYc5OGNJ2QKL9Uzm1VGbbM+1BOLhmF53QSm
-5m2B64lPKy+vpTcRLN7oW1FHZOKts+1OEaLMCyjWFKFbdcrmJI+AP2IB+V6ODECn
-RwJDtA==
------END CERTIFICATE-----

scripts/docker-dns/certs-common-name-multi/server-2.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEA474Ww77qnCm/7kr5VBNhBvSVPQGOcztjapJkiJMYIOn8zQ/I
-dJ53ihPPEF4D2ETK1zMf+h10BS5Jk2BqDmwYVWCMU12JmWLjBColoxBGh2K+5SVm
-xyqdbC0/cZhUB+D63/hh0YH51BENC8cGX0FFiZSHaLE4D3w5cp80yv677eyHkbJ3
-DHlkQFG+AFxGuAJogyy9V4jMdAEwes3JIAPVsaCbfEZ0t5U+ECnbjJQpnkhs3r/7
-mHIJEBG0bAsf/VD+HXRKvmPFCLTR4Rcf4I069x6sfpvYgj8HEchyop3S7fqlR8bQ
-qxj6JrR+9iLnXRXpDQUCfjmW4SMcSTkhM38ucwIDAQABAoIBAQCHYF6N2zYAwDyL
-/Ns65A4gIVF5Iyy3SM0u83h5St7j6dNRXhltYSlz1ZSXiRtF+paM16IhflKSJdKs
-nXpNumm4jpy7jXWWzRZfSmJ3DNyv673H3rS6nZVYUYlOEBubV1wpuK8E5/tG2R/l
-KVibVORuBPF9BSNq6RAJF6Q9KrExmvH4MmG/3Y+iYbZgn0OK1WHxzbeMzdI8OO4z
-eg4gTKuMoRFt5B4rZmC5QiXGHdnUXRWfy+yPLTH3hfTek4JT98akFNS01Q4UAi9p
-5cC3TOqDNiZdAkN83UKhW9TNAc/vJlq6d5oXW5R+yPt+d8yMvEch4KfpYo33j0oz
-qB40pdJRAoGBAP8ZXnWXxhzLhZ4o+aKefnsUUJjaiVhhSRH/kGAAg65lc4IEnt+N
-nzyNIwz/2vPv2Gq2BpStrTsTNKVSZCKgZhoBTavP60FaszDSM0bKHTWHW7zaQwc0
-bQG6YvvCiP0iwEzXw7S4BhdAl+x/5C30dUZgKMSDFzuBI187h6dQQNZpAoGBAOSL
-/MBuRYBgrHIL9V1v9JGDBeawGc3j2D5c56TeDtGGv8WGeCuE/y9tn+LcKQ+bCGyi
-qkW+hobro/iaXODwUZqSKaAVbxC7uBLBTRB716weMzrnD8zSTOiMWg/gh+FOnr/4
-ZfcBco2Pmm5qQ3ZKwVk2jsfLhz6ZKwMrjSaO1Zp7AoGBAJZsajPjRHI0XN0vgkyv
-Mxv2lbQcoYKZE1JmpcbGZt/OePdBLEHcq/ozq2h98qmHU9FQ9r5zT0QXhiK6W8vD
-U5GgFSHsH+hQyHtQZ+YlRmYLJEBPX9j+xAyR0M5uHwNNm6F0VbXaEdViRHOz0mR6
-0zClgUSnnGp9MtN0MgCqJSGJAoGAJYba3Jn+rYKyLhPKmSoN5Wq3KFbYFdeIpUzJ
-+GdB1aOjj4Jx7utqn1YHv89YqqhRLM1U2hjbrAG7LdHi2Eh9jbzcOt3qG7xHEEVP
-Kxq6ohdfYBean44UdMa+7wZ2KUeoh2r5CyLgtV/UArdOFnlV4Bk2PpYrwdqSlnWr
-Op6PcksCgYEA6HmIHLRTGyOUzS82BEcs5an2mzhQ8XCNdYS6sDaYSiDu2qlPukyZ
-jons6P4qpOxlP9Cr6DW7px2fUZrEuPUV8fRJOc+a5AtZ5TmV6N1uH/G1rKmmAMCc
-jGAmTJW87QguauTpuUto5u6IhyO2CRsYEy8K1A/1HUQKl721faZBIMA=
------END RSA PRIVATE KEY-----

scripts/docker-dns/certs-common-name-multi/server-3.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIURfpNMXGb1/oZVwEWyc0Ofn7IItQwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
-MDBaMHcxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTETMBEGA1UEAxMKZXRjZC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBALgCDkDM4qayF6CFt1ZScKR8B+/7qrn1iQ/qYnzRHQ1hlkuS
-b3TkQtt7amGAuoD42d8jLYYvHn2Pbmdhn0mtgYZpFfLFCg4O67ZbX54lBHi+yDEh
-QhneM9Ovsc42A0EVvabINYtKR6B2YRN00QRXS5R1t+QmclpshFgY0+ITsxlJeygs
-wojXthPEfjTQK04JUi5LTHP15rLVzDEd7MguCWdEWRnOu/mSfPHlyz2noUcKuy0M
-awsnSMwf+KBwQMLbJhTXtA4MG2FYsm/2en3/oAc8/0Z8sMOX05F+b0MgHl+a31aQ
-UHM5ykfDNm3hGQfzjQCx4y4hjDoFxbuXvsey6GMCAwEAAaOBqzCBqDAOBgNVHQ8B
-Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
-/wQCMAAwHQYDVR0OBBYEFDMydqyg/s43/dJTMt25zJubI/CUMB8GA1UdIwQYMBaA
-FEN482NrkIrjNR87nHW/Ma92ZQULMCkGA1UdEQQiMCCCDW0zLmV0Y2QubG9jYWyC
-CWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAVs3VQjgx9CycaWKS
-P6EvMtlqOkanJEe3zr69sI66cc2ZhfJ5xK38ox4oYpMOA131WRvwq0hjKhhZoVQ8
-aQ4yALi1XBltuIyEyrTX9GWAMeDzY95MdWKhyI8ps6/OOoXN596g9ZdOdIbZAMT4
-XAXm43WccM2W2jiKCEKcE4afIF8RiMIaFwG8YU8oHtnnNvxTVa0wrpcObtEtIzC5
-RJxzX9bkHCTHTgJog4OPChU4zffn18U/AVJ7MZ8gweVwhc4gGe0kwOJE+mLHcC5G
-uoFSuVmAhYrH/OPpZhSDOaCED4dsF5jN25CbR3NufEBFRXBH20ZHNkNvbbBnYCBU
-4+Rx5w==
------END CERTIFICATE-----

scripts/docker-dns/certs-common-name-multi/server-3.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpQIBAAKCAQEAuAIOQMziprIXoIW3VlJwpHwH7/uqufWJD+pifNEdDWGWS5Jv
-dORC23tqYYC6gPjZ3yMthi8efY9uZ2GfSa2BhmkV8sUKDg7rtltfniUEeL7IMSFC
-Gd4z06+xzjYDQRW9psg1i0pHoHZhE3TRBFdLlHW35CZyWmyEWBjT4hOzGUl7KCzC
-iNe2E8R+NNArTglSLktMc/XmstXMMR3syC4JZ0RZGc67+ZJ88eXLPaehRwq7LQxr
-CydIzB/4oHBAwtsmFNe0DgwbYViyb/Z6ff+gBzz/Rnyww5fTkX5vQyAeX5rfVpBQ
-cznKR8M2beEZB/ONALHjLiGMOgXFu5e+x7LoYwIDAQABAoIBAQCY54RmjprNAHKn
-vlXCEpFt7W8/GXcePg2ePxuGMtKcevpEZDPgA4oXDnAxA6J3Z9LMHFRJC8Cff9+z
-YqjVtatLQOmvKdMYKYfvqfBD3ujfWVHLmaJvEnkor/flrnZ30BQfkoED9T6d9aDn
-ZQwHOm8gt82OdfBSeZhkCIWReOM73622qJhmLWUUY3xEucRAFF6XffOLvJAT87Vu
-pXKtCnQxhzxkUsCYNIOeH/pTX+XoLkysFBKxnrlbTeM0cEgWpYMICt/vsUrp6DHs
-jygxR1EnT2/4ufe81aFSO4SzUZKJrz8zj4yIyDOR0Mp6FW+xMp8S0fDOywHhLlXn
-xQOevmGBAoGBAOMQaWWs2FcxWvLfX95RyWPtkQ+XvmWlL5FR427TlLhtU6EPs0xZ
-eeanMtQqSRHlDkatwc0XQk+s30/UJ+5i1iz3shLwtnZort/pbnyWrxkE9pcR0fgr
-IklujJ8e8kQHpY75gOLmEiADrUITqvfbvSMsaG3h1VydPNU3JYTUuYmjAoGBAM91
-Atnri0PH3UKonAcMPSdwQ5NexqAD1JUk6KUoX2poXBXO3zXBFLgbMeJaWthbe+dG
-Raw/zjBET/oRfDOssh+QTD8TutI9LA2+EN7TG7Kr6NFciz4Q2pioaimv9KUhJx+8
-HH2wCANYgkv69IWUFskF0uDCW9FQVvpepcctCJJBAoGAMlWxB5kJXErUnoJl/iKj
-QkOnpI0+58l2ggBlKmw8y6VwpIOWe5ZaL4dg/Sdii1T7lS9vhsdhK8hmuIuPToka
-cV13XDuANz99hKV6mKPOrP0srNCGez0UnLKk+aEik3IegVNN/v6BhhdKkRtLCybr
-BqERhUpKwf0ZPyq6ZnfBqYECgYEAsiD2YcctvPVPtnyv/B02JTbvzwoB4kNntOgM
-GkOgKe2Ro+gNIEq5T5uKKaELf9qNePeNu2jN0gPV6BI7YuNVzmRIE6ENOJfty573
-PVxm2/Nf5ORhatlt2MZC4aiDl4Xv4f/TNth/COBmgHbqngeZyOGHQBWiYQdqp2+9
-SFgSlAECgYEA1zLhxj6f+psM5Gpx56JJIEraHfyuyR1Oxii5mo7I3PLsbF/s6YDR
-q9E64GoR5PdgCQlMm09f6wfT61NVwsYrbLlLET6tAiG0eNxXe71k1hUb6aa4DpNQ
-IcS3E3hb5KREXUH5d+PKeD2qrf52mtakjn9b2aH2rQw2e2YNkIDV+XA=
------END RSA PRIVATE KEY-----

scripts/docker-dns/certs-common-name-multi/server-ca-csr-1.json

@@ -1,21 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "etcd.local",
-  "hosts": [
-    "m1.etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns/certs-common-name-multi/server-ca-csr-2.json

@@ -1,21 +0,0 @@
-{
-    "key": {
-      "algo": "rsa",
-      "size": 2048
-    },
-    "names": [
-      {
-        "O": "etcd",
-        "OU": "etcd Security",
-        "L": "San Francisco",
-        "ST": "California",
-        "C": "USA"
-      }
-    ],
-    "CN": "etcd.local",
-    "hosts": [
-      "m2.etcd.local",
-      "127.0.0.1",
-      "localhost"
-    ]
-  }

scripts/docker-dns/certs-common-name-multi/server-ca-csr-3.json

@@ -1,21 +0,0 @@
-{
-    "key": {
-      "algo": "rsa",
-      "size": 2048
-    },
-    "names": [
-      {
-        "O": "etcd",
-        "OU": "etcd Security",
-        "L": "San Francisco",
-        "ST": "California",
-        "C": "USA"
-      }
-    ],
-    "CN": "etcd.local",
-    "hosts": [
-      "m3.etcd.local",
-      "127.0.0.1",
-      "localhost"
-    ]
-  }

scripts/docker-dns/certs-gateway/Procfile

@@ -1,8 +0,0 @@
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-gateway/server.crt --peer-key-file=/certs-gateway/server.key.insecure --peer-trusted-ca-file=/certs-gateway/ca.crt --peer-client-cert-auth --cert-file=/certs-gateway/server.crt --key-file=/certs-gateway/server.key.insecure --trusted-ca-file=/certs-gateway/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-gateway/server.crt --peer-key-file=/certs-gateway/server.key.insecure --peer-trusted-ca-file=/certs-gateway/ca.crt --peer-client-cert-auth --cert-file=/certs-gateway/server.crt --key-file=/certs-gateway/server.key.insecure --trusted-ca-file=/certs-gateway/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-gateway/server.crt --peer-key-file=/certs-gateway/server.key.insecure --peer-trusted-ca-file=/certs-gateway/ca.crt --peer-client-cert-auth --cert-file=/certs-gateway/server.crt --key-file=/certs-gateway/server.key.insecure --trusted-ca-file=/certs-gateway/ca.crt --client-cert-auth
-
-gateway: ./etcd gateway start --endpoints https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 --trusted-ca-file /certs-gateway/ca.crt --listen-addr 127.0.0.1:23790

scripts/docker-dns/certs-gateway/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns/certs-gateway/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUClliB9ECLPuQpOrlqLkeI1ib7zYwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDExOTE3MDBaFw0yNzExMjkxOTE3
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCjClF0TCk2qrHUTjFgFv2jmV0yUqnP3SG/7eVCptcFKE7kcGAx+j06GfEP
-UXmCV13cgE0dYYLtz7/g29BiZzlBLlLsmpBMM+S4nfVH9BGLbKCSnwp5ba816AuS
-rc8+qmJ0fAo56snLQWoAlnZxZ1tVjAtj5ZrQP9QDK2djgyviPS4kqWQ7Ulbeqgs7
-rGz56xAsyMTWYlotgZTnnZ3Pckr1FHXhwkO1rFK5+oMZPh2HhvXL9wv0/TMAypUv
-oQqDzUfUvYeaKr6qy1ADc53SQjqeTXg0jOShmnWM2zC7MwX+VPh+6ZApk3NLXwgv
-6wT0U1tNfvctp8JvC7FqqCEny9hdAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBQWI6eUGqKWkCjOKGAYd+5K6eh5
-GTANBgkqhkiG9w0BAQsFAAOCAQEAS3nIyLoGMsioLb89T1KMq+0NDDCx7R20EguT
-qUvFUYKjzdxDA1RlZ2HzPxBJRwBc0Vf98pNtkWCkwUl5hxthndNQo7F9lLs/zNzp
-bL4agho6kadIbcb4v/3g9XPSzqJ/ysfrwxZoBd7D+0PVGJjRTIJiN83Kt68IMx2b
-8mFEBiMZiSJW+sRuKXMSJsubJE3QRn862y2ktq/lEJyYR6zC0MOeYR6BPIs/B6vU
-8/iUbyk5ULc7NzWGytC+QKC3O9RTuA8MGF1aFaNSK7wDyrAlBZdxjWi52Mz3lJCK
-ffBaVfvG55WKjwAqgNU17jK/Rxw1ev9mp4aCkXkD0KUTGLcoZw==
------END CERTIFICATE-----

scripts/docker-dns/certs-gateway/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns/certs-gateway/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: *.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns/certs-gateway/run.sh

@@ -1,47 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs-gateway/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379 \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  get abc
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --endpoints=127.0.0.1:23790 \
-  put ghi jkl
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-gateway/ca.crt \
-  --cert=/certs-gateway/server.crt \
-  --key=/certs-gateway/server.key.insecure \
-  --endpoints=127.0.0.1:23790 \
-  get ghi

scripts/docker-dns/certs-gateway/server-ca-csr.json

@@ -1,22 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "hosts": [
-    "m1.etcd.local",
-    "m2.etcd.local",
-    "m3.etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns/certs-gateway/server.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKTCCAxGgAwIBAgIUDOkW+H3KLeHEwsovqOUMKKfEuqQwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDExOTE3MDBaFw0yNzExMjkxOTE3
-MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANfu298kCxFY
-KXAmdG5BeqnFoezAJQCtgv+ZRS0+OB4hVsahnNSsztEfIJnVSvYJTr1u+TGSbzBZ
-q85ua3S92Mzo/71yoDlFjj1JfBmPdL1Ij1256LAwUYoPXgcACyiKpI1DnTlhwTvU
-G41teQBo+u4sxr9beuNpLlehVbknH9JkTNaTbF9/B5hy5hQPomGvzPzzBNAfrb2B
-EyqabnzoX4qv6cMsQSJrcOYQ8znnTPWa5WFP8rWujsvxOUjxikQn8d7lkzy+PHwq
-zx69L9VzdoWyJgQ3m73SIMTgP+HL+OsxDfmbu++Ds+2i2Dgf/vdJku/rP+Wka7vn
-yCM807xi96kCAwEAAaOByTCBxjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAH+dsuv
-L6qvUmB/w9eKl83+MGTtMB8GA1UdIwQYMBaAFBYjp5QaopaQKM4oYBh37krp6HkZ
-MEcGA1UdEQRAMD6CDW0xLmV0Y2QubG9jYWyCDW0yLmV0Y2QubG9jYWyCDW0zLmV0
-Y2QubG9jYWyCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAh049
-srxFkiH9Lp8le3fJkuY25T/MUrmfa10RdNSKgj3qcpCMnf9nQjIWtaQsjoZJ5MQc
-VIT3gWDWK8SWlpx+O2cVEQDG0ccv7gc38YGywVhMoQ5HthTAjLCbNk4TdKJOIk7D
-hmfs7BHDvjRPi38CFklLzdUQaVCcvB43TNA3Y9M75oP/UGOSe3lJz1KKXOI/t+vA
-5U3yxwXlVNJVsZgeWAbXN9F6WbCZDsz+4Obpk/LV1NLqgLd/hHXzoOOWNw977S2b
-+dOd95OJ/cq09OzKn/g26NgtHOl0xqol7wIwqJhweEEiVueyFxXD04jcsxdAFZSJ
-9H6q3inNQaLyJHSYWQ==
------END CERTIFICATE-----

scripts/docker-dns/certs-gateway/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEA1+7b3yQLEVgpcCZ0bkF6qcWh7MAlAK2C/5lFLT44HiFWxqGc
-1KzO0R8gmdVK9glOvW75MZJvMFmrzm5rdL3YzOj/vXKgOUWOPUl8GY90vUiPXbno
-sDBRig9eBwALKIqkjUOdOWHBO9QbjW15AGj67izGv1t642kuV6FVuScf0mRM1pNs
-X38HmHLmFA+iYa/M/PME0B+tvYETKppufOhfiq/pwyxBImtw5hDzOedM9ZrlYU/y
-ta6Oy/E5SPGKRCfx3uWTPL48fCrPHr0v1XN2hbImBDebvdIgxOA/4cv46zEN+Zu7
-74Oz7aLYOB/+90mS7+s/5aRru+fIIzzTvGL3qQIDAQABAoIBABO8azA79R8Ctdbg
-TOf+6B04SRKAhWFIep6t/ZqjAzINzgadot31ZXnLpIkq640NULsTt4cGYU9EAuX9
-RakH6RbhfO5t2aMiblu/qa4UZJEgXqosYc4ovGsn+GofYOW1tlCLC4XBH44+Vr5Y
-cSTOc5DtWsUGsXazmF6+Cj3AC7KI+VWegHexGezyO0not8Q5L55TuH2lCW4sx9th
-W4Q7jg2lrCvz4x8ZRIAXOGmBaDTZmMtVlEjezu+7xr8QDQsvUwj7a87HPjgXFesj
-CbbCr8kaqEdZ23AVDZuLAKS4hWQlbacRhRAxMkomZkg5U6J/PC3ikIqfOda1zu1D
-MTIOuwECgYEA8hFkISWVEzbaIZgO1BZl36wNaOLYIpX0CzlycptcEssbefLy7Nxo
-TZ+m9AjF6TBPl4fO4edo00iiJMy6ZdhItduNWLO+usJEY9UdzHex7fCUeG8usUXQ
-g4VGEvPGg88VEM45pkAgbga7kzkG2Ihfu6La5apbXeOpNpuC58DdlzkCgYEA5Fxl
-/qGzLlTwioaaE+qpEX46MfbJl38nkeSf9B7J1ISc/fnDPcBPvcHaYELqyHM+7OFa
-Gt9oBDrLgyP4ZgOTaHKHdofXjAMC97b9oa/Lrors5dMrf/fxTTe2X+Kab94E1Wbo
-39kA3qzV/CT7EZWuqbHO3Bqkv/qe6ks0Tbahc/ECgYBuB2OpAWkyc6NQ08ohsxCZ
-S55Ix5uQlPJ5y6Hu4BlI3ZNeqgSrjz/F0MTVdctnxDLZYLyzyDjImOJCseAj/NyH
-9QTZhdIzF6x4aF2EG///dHQ4Del+YIp3zbNdV/sq3Izpt6NSoyFagarvL2OiNtK0
-+kBfVkDze1Dl5mfpKaxPWQKBgQC+gXqxJxKE92VIGyxUqzHqHwTLg9b/ZJuNMU5j
-aH/1o8AYfJFtZY7gfeUA4zJckRAQq5rwyilLRgVbXNmvuRHzU4BA2OhvrF+Aag9D
-IJXqAYnJ3RXwBtcuFOk3KqKt6mjb4qMpgy4flc5aMDunmtiARo6MvklswtZqHN0A
-a/ha8QKBgQCqF/xCf5ORzVkikYYGsO910QXlzsyPdRJbhrBCRTsdhz/paT5GQQXr
-y3ToUuKEoHfjFudUeGNOstjchWw+WgT9iqMJhtwV1nU1lkPyjmCQ2ONIP+13dZ+i
-I/LDyMngtOKzvD5qpswY1Er+84+RVrtseQjXDC2NlrvDr5LnZDtGag==
------END RSA PRIVATE KEY-----

scripts/docker-dns/certs-wildcard/Procfile

@@ -1,6 +0,0 @@
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-wildcard/server.crt --peer-key-file=/certs-wildcard/server.key.insecure --peer-trusted-ca-file=/certs-wildcard/ca.crt --peer-client-cert-auth --cert-file=/certs-wildcard/server.crt --key-file=/certs-wildcard/server.key.insecure --trusted-ca-file=/certs-wildcard/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-wildcard/server.crt --peer-key-file=/certs-wildcard/server.key.insecure --peer-trusted-ca-file=/certs-wildcard/ca.crt --peer-client-cert-auth --cert-file=/certs-wildcard/server.crt --key-file=/certs-wildcard/server.key.insecure --trusted-ca-file=/certs-wildcard/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-wildcard/server.crt --peer-key-file=/certs-wildcard/server.key.insecure --peer-trusted-ca-file=/certs-wildcard/ca.crt --peer-client-cert-auth --cert-file=/certs-wildcard/server.crt --key-file=/certs-wildcard/server.key.insecure --trusted-ca-file=/certs-wildcard/ca.crt --client-cert-auth

scripts/docker-dns/certs-wildcard/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns/certs-wildcard/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUanA77pXfEz2idrPSlIoPrSo6MmcwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTMwNDA5MDBaFw0yNzExMTEwNDA5
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDqtw5G6XZ4N2uuc7TAoiXI+IXA/H+IJIbHrVFQ3LIzLDaS6AmVWw4yT4o2
-X/1IbR5TU6dCnGxuHPutnfnG87is5Oxk1HfIy5cfpf75St3uQycJRcr3Bui/fEZ0
-IZaoRyklcYGI8Y+VfaSADl++EP7UU0X7cc263rZulJXkqp4HihDTPixBgVDruNWf
-Yfa2K/Zhiq+zj3hE6s/cBn2pIdY6SMlQ1P0uT/Y5oBTTJFBxeqw+Sz/NXgKgErQg
-Za/gNHQWzyRoYHiOGQylvsiXr6tgdk29f0Z6gTQy8FQpwOXYERJr45zh8KvE+FJK
-MaWUhGW7hkv85JDZSsmDZ6lVYIfhAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBS+p7B3RLjI8HOOPvVhqtBQNRmH
-ZTANBgkqhkiG9w0BAQsFAAOCAQEAFWHLvzzTRQJYjVDxBuXrNZkhFsGAoCYoXhAK
-1nXmqLb9/dPMxjkB4ptkQNuP8cMCMPMlapoLkHxEihN1sWZwJRfWShRTK2cQ2kd6
-IKH/M3/ido1PqN/CxhfqvMj3ap3ZkV81nvwn3XhciCGca1CyLzij9RroO0Ee+R3h
-mK5A38I1YeRMNOnNAJAW+5scaVtPe6famG2p/OcswobF+ojeZIQJcuk7/FP5iXGA
-UfG5WaW3bVfSr5aUGtf/RYZvYu3kWZlAzGaey5iLutRc7f63Ma4jjEEauiGLqQ+6
-F17Feafs2ibRr1wes11O0B/9Ivx9qM/CFgEYhJfp/nBgY/UZXw==
------END CERTIFICATE-----

scripts/docker-dns/certs-wildcard/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns/certs-wildcard/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: *.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns/certs-wildcard/run.sh

@@ -1,33 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs-wildcard/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-wildcard/ca.crt \
-  --cert=/certs-wildcard/server.crt \
-  --key=/certs-wildcard/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379 \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-wildcard/ca.crt \
-  --cert=/certs-wildcard/server.crt \
-  --key=/certs-wildcard/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-wildcard/ca.crt \
-  --cert=/certs-wildcard/server.crt \
-  --key=/certs-wildcard/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  get abc

scripts/docker-dns/certs-wildcard/server-ca-csr.json

@@ -1,20 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "hosts": [
-    "*.etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns/certs-wildcard/server.crt

@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECjCCAvKgAwIBAgIUQ0AgAKntDzHW4JxYheDkVMow5ykwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTMwNDA5MDBaFw0yNzExMTEwNDA5
-MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANMqNEozhdLm
-K5ATSkgIOyQmBmoUCgiWB+P52YWzfmwaWwQP2FFs3qih2c3DHHH7s2zdceXKT2ZN
-lvSO8yj08slLPYSC4LQ3su8njGJlasJ28JMjRqshnH3umxFXf9+aPcZ5yYkoXE9V
-fzsnBMJz8hI6K2j4Q6sJe+v/0pdz8MpbdIPnmL9qfVpuD6JqmDCZiQOJ8lpMuqqD
-60uLjtLv/JKjgdqe5C4psERVm09fg3vOZckv9CC6a4MupeXo2il6femZnPrxC8LX
-u2KT3njEjoyzEu2NSdy+BUJDVLgKSh8s2TC8ViNfiFONQo6L1y78ZAyCDrRbTgN9
-Nu1Ou/yzqHkCAwEAAaOBqjCBpzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFC83cRfE
-/EKcz7GJKmgDLUBi3kRSMB8GA1UdIwQYMBaAFL6nsHdEuMjwc44+9WGq0FA1GYdl
-MCgGA1UdEQQhMB+CDCouZXRjZC5sb2NhbIIJbG9jYWxob3N0hwR/AAABMA0GCSqG
-SIb3DQEBCwUAA4IBAQCI7estG86E9IEGREfYul1ej8hltpiAxucmsI0i0lyRHOGa
-dss3CKs6TWe5LWXThCIJ2WldI/VgPe63Ezz7WuP3EJxt9QclYArIklS/WN+Bjbn7
-6b8KAtGQkFh7hhjoyilBixpGjECcc7lbriXoEpmUZj9DYQymXWtjKeUJCfQjseNS
-V/fmsPph8QveN+pGCypdQ9EA4LGXErg4DQMIo40maYf9/uGBMIrddi930llB0wAh
-lsGNUDkrKKJVs2PiVsy8p8sF1h7zAQ+gSqk3ZuWjrTqIIMHtRfIaNICimc7wEy1t
-u5fbySMusy1PRAwHVdl5yPxx++KlHyBNowh/9OJh
------END CERTIFICATE-----

scripts/docker-dns/certs-wildcard/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA0yo0SjOF0uYrkBNKSAg7JCYGahQKCJYH4/nZhbN+bBpbBA/Y
-UWzeqKHZzcMccfuzbN1x5cpPZk2W9I7zKPTyyUs9hILgtDey7yeMYmVqwnbwkyNG
-qyGcfe6bEVd/35o9xnnJiShcT1V/OycEwnPyEjoraPhDqwl76//Sl3Pwylt0g+eY
-v2p9Wm4PomqYMJmJA4nyWky6qoPrS4uO0u/8kqOB2p7kLimwRFWbT1+De85lyS/0
-ILprgy6l5ejaKXp96Zmc+vELwte7YpPeeMSOjLMS7Y1J3L4FQkNUuApKHyzZMLxW
-I1+IU41CjovXLvxkDIIOtFtOA3027U67/LOoeQIDAQABAoIBAH/sM104NTv8QCu5
-4+gbRGizuHMOzL1C1mjfdU0v3chzduvRBYTeZUzXL/Ec3+CVUK8Ev/krREp/epGQ
-//Gx4lrbf9sExkem7nk/Biadtb00/KzGVAtcA0evArXQwiCdegsAwHycvL861ibp
-jlKWlvE/2AhxTd0Rk8b2ZYdmr1qGTesIy7S4ilj1B8aYWnZglhSyyU7TqLhYmsWo
-3B1ufNpkPCzo97bJmc1/bqXCIQXi/HkkDxJRFa/vESebiy2wdgkWflybW37vLaN0
-mox44uXpVYtZuuGyxdKjX6T2EOglZztXlC8gdxrnFS5leyBEu+7ABS5OvHgnlOX5
-80MyUpkCgYEA/4xpEBltbeJPH52Lla8VrcW3nGWPnfY8xUSnjKBspswTQPu389EO
-ayM3DewcpIfxFu/BlMzKz0lm77QQZIu3gIJoEu8IXzUa3fJ2IavRKPSvbNFj5Icl
-kVX+mE4BtF+tnAjDWiX9qaNXZcU7b0/q0yXzL35WB4H7Op4axqBir/sCgYEA04m3
-4LtRKWgObQXqNaw+8yEvznWdqVlJngyKoJkSVnqwWRuin9eZDfc84genxxT0rGI9
-/3Fw8enfBVIYGLR5V5aYmGfYyRCkN4aeRc0zDlInm0x2UcZShT8D0LktufwRYZh8
-Ui6+iiIBELwxyyWfuybH5hhstbdFazfu1yNA+xsCgYB47tORYNceVyimh4HU9iRG
-NfjsNEvArxSXLiQ0Mn74eD7sU7L72QT/wox9NC1h10tKVW/AoSGg8tWZvha73jqa
-wBvMSf4mQBVUzzcEPDEhNpoF3xlsvmAS5SU0okXAPD8GRkdcU/o02y2y5aF4zdMM
-1Tq+UQUZTHO9i7CUKrZJHQKBgQC+FueRn0ITv1oXRlVs3dfDi3L2SGLhJ0csK4D3
-SBZed+m4aUj98jOrhRzE0LRIBeDId4/W2A3ylYK/uUHGEYdo2f9OFSONqtKmwuW/
-O+JBYDoPJ+q7GUhWTIYVLhKVKppD5U7yWucGIgBrFXJ5Ztnex76iWhh2Qray3pRV
-52whOQKBgHVBI4F7pkn6id9W4sx2LqrVjpjw6vTDepIRK0SXBIQp34WnCL5CERDJ
-pks203i42Ww7IadufepkGQOfwuik9wVRNWrNp4oKle6oNK9oK3ihuyb+5DtyKwDm
-5sQUYUXc5E3qDQhHCGDzbT7wP+bCDnWKgvV6smshuQSW8M+tFIOQ
------END RSA PRIVATE KEY-----

scripts/docker-dns/certs/Procfile

@@ -1,6 +0,0 @@
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth

scripts/docker-dns/certs/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-dns/certs/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUCeu/ww6+XbCM3m8m6fp17t8bjOcwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTMwNDA2MDBaFw0yNzExMTEwNDA2
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCgH8KMvldAoQjWA5YQoEOQgRyjZ3hkKdTQcFBj3OR8OyhiNJ+4oEJ/AqyJ
-b41G9NGd+88hRSrcCeUBrUY3nWVhqzclCe7mQ1IyordmuKxekmPD/uvzcbySzpJT
-qGEwNEiiBcr4mSQiGA5yMgBLKLpKw27t0ncVn/Qt0rKtqwLUYYWGEfADLw7+6iDK
-xzCxLeXV/cB1VtFZa62j3KRJR4XQ/QosqwZw2dRGF/jUZgmsRYYK8noOvqY/uRPV
-sqwGAKq0B0zOMp185dFrzJVD+LHZgSS9GLGmvRgttwayDuYSOny7WXugQ28fCaRX
-p+53s1eBb5cHCGSko48f2329cnlFAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBSgglhjDWaAJm9ju5x1YMArtH7c
-yjANBgkqhkiG9w0BAQsFAAOCAQEAK6IGimbnP9oFSvwNGmXjEtn/vE82dDhQJv8k
-oiAsx0JurXBYybvu/MLaBJVQ6bF77hW/fzvhMOzLNEMGY1ql80TmfaTqyPpTN85I
-6YhXOViZEQJvH17lVA8d57aSve0WPZqBqS3xI0dGpn/Ji6JPrjKCrgjeukXXHR+L
-MScK1lpxaCjD45SMJCzANsMnIKTiKN8RnIcSmnrr/gGl7bC6Y7P84xUGgYu2hvNG
-1DZBcelmzbZYk2DtbrR0Ed6IFD1Tz4RAEuKJfInjgAP2da41j4smoecXOsJMGVl5
-5RX7ba3Hohys6la8jSS3opCPKkwEN9mQaB++iN1qoZFY4qB9gg==
------END CERTIFICATE-----

scripts/docker-dns/certs/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-dns/certs/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: *.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-dns/certs/run.sh

@@ -1,82 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /certs/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs/ca.crt \
-  --cert=/certs/server.crt \
-  --key=/certs/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379 \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs/ca.crt \
-  --cert=/certs/server.crt \
-  --key=/certs/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs/ca.crt \
-  --cert=/certs/server.crt \
-  --key=/certs/server.key.insecure \
-  --endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
-  get abc
-
-printf "\nWriting v2 key...\n"
-curl -L https://127.0.0.1:2379/v2/keys/queue \
-  --cacert /certs/ca.crt \
-  --cert /certs/server.crt \
-  --key /certs/server.key.insecure \
-  -X POST \
-  -d value=data
-
-printf "\nWriting v2 key...\n"
-curl -L https://m1.etcd.local:2379/v2/keys/queue \
-  --cacert /certs/ca.crt \
-  --cert /certs/server.crt \
-  --key /certs/server.key.insecure \
-  -X POST \
-  -d value=data
-
-printf "\nWriting v3 key...\n"
-curl -L https://127.0.0.1:2379/v3/kv/put \
-  --cacert /certs/ca.crt \
-  --cert /certs/server.crt \
-  --key /certs/server.key.insecure \
-  -X POST \
-  -d '{"key": "Zm9v", "value": "YmFy"}'
-
-printf "\n\nWriting v3 key...\n"
-curl -L https://m1.etcd.local:2379/v3/kv/put \
-  --cacert /certs/ca.crt \
-  --cert /certs/server.crt \
-  --key /certs/server.key.insecure \
-	-X POST \
-  -d '{"key": "Zm9v", "value": "YmFy"}'
-
-printf "\n\nReading v3 key...\n"
-curl -L https://m1.etcd.local:2379/v3/kv/range \
-  --cacert /certs/ca.crt \
-  --cert /certs/server.crt \
-  --key /certs/server.key.insecure \
-	-X POST \
-  -d '{"key": "Zm9v"}'
-
-printf "\n\nFetching 'curl https://m1.etcd.local:2379/metrics'...\n"
-curl \
-  --cacert /certs/ca.crt \
-  --cert /certs/server.crt \
-  --key /certs/server.key.insecure \
-  -L https://m1.etcd.local:2379/metrics | grep Put | tail -3
-
-printf "\n\nDone!!!\n\n"

scripts/docker-dns/certs/server-ca-csr.json

@@ -1,22 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "hosts": [
-    "m1.etcd.local",
-    "m2.etcd.local",
-    "m3.etcd.local",
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-dns/certs/server.crt

@@ -1,25 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEKTCCAxGgAwIBAgIUUwtQlOqMccWY8MOaSaWutEjlMrgwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzExMTMwNDA2MDBaFw0yNzExMTEwNDA2
-MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALyYH7bL79If
-75AezzSpkuTOPAGBzPlGFLM5QS4jrt6fJBpElAUV2VmZm+isVsTs2X63md1t4s3Y
-44soYK02HONUxUXxbeW7S8yJYSplG5hCJpFiSVP0GyVojQ04OLO1yI5m82fWJNi6
-9PgTmb3+/YD08TKbjjJ4FB0kqoFJE4qoUNNpbkpQxHW4cx9iyWbE9gwyGoC76ftr
-DC4J5HavmZ/y51rq1VWrO/d9rmCEUN++M8FcGt6D4WVQ54sWafl4Q1HafBq3FAT5
-swpqi6aDDFKYYTdvjFEmJ2uWacak8NO+vjTt8fTfSFBUYcxweVWIDm6xU8kR8Lwy
-aNxD26jQ9GMCAwEAAaOByTCBxjAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFELi+Ig+
-uxXrOvjoacXjcCjtfHcsMB8GA1UdIwQYMBaAFKCCWGMNZoAmb2O7nHVgwCu0ftzK
-MEcGA1UdEQRAMD6CDW0xLmV0Y2QubG9jYWyCDW0yLmV0Y2QubG9jYWyCDW0zLmV0
-Y2QubG9jYWyCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAn6e8
-LPd53xQGiicDHN8+WkUS7crr+A+bIfY0nbWUf1H7zwNxpHHnKgVRHc4MKpRY4f+E
-M2bEYdNJZDrjFYIWWlFDteVKZevH2dB3weiCAYWPYuiR9dGH6NvVbPcEMwarPBW4
-mLsm9Nl/r7YBxXx73rhfxyBbhTuDwKtY/BAMi+ZO4msnuWiiSiQEUrEmzm9PWhAD
-CgNjxCL3xoGyIJGj1xev0PYo+iFrAd9Pkfg2+FaSYXtNPbZX229yHmxU7GbOJumx
-5vGQMRtzByq7wqw1dZpITlgbDPJc5jdIRKGnusQ96GXLORSQcP+tfG4NhreYYpI1
-69Y78gNCTl0uGmI21g==
------END CERTIFICATE-----

scripts/docker-dns/certs/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAvJgftsvv0h/vkB7PNKmS5M48AYHM+UYUszlBLiOu3p8kGkSU
-BRXZWZmb6KxWxOzZfreZ3W3izdjjiyhgrTYc41TFRfFt5btLzIlhKmUbmEImkWJJ
-U/QbJWiNDTg4s7XIjmbzZ9Yk2Lr0+BOZvf79gPTxMpuOMngUHSSqgUkTiqhQ02lu
-SlDEdbhzH2LJZsT2DDIagLvp+2sMLgnkdq+Zn/LnWurVVas7932uYIRQ374zwVwa
-3oPhZVDnixZp+XhDUdp8GrcUBPmzCmqLpoMMUphhN2+MUSYna5ZpxqTw076+NO3x
-9N9IUFRhzHB5VYgObrFTyRHwvDJo3EPbqND0YwIDAQABAoIBAQC0YCbM9YZ9CRBe
-Xik9rAYTknBv3I6Hx5BaziLaF0TUJY8pFHgh2QDVooYsZlBi7kki2kVuNAAdcxhG
-ayrz33KHtvcq6zt54sYfbTGik6tt1679k+ygQDOKdtGZWDFbKD0Wfb7FjFoXc9CC
-SHTd9DjPkvXxujepa5GJQh1Vo+ftz2I+8e6LeoiBZJM1IosfrpxKg02UnWrLia7o
-i8eoXIyMAJHuNUGpGl33WnckyMGDsVKMc2DVG2exfVBZ37lAemYOLRKmd4AwUk2l
-ztd71sXQodLk++1BqaS9cc9yvsNiBjGL3Ehm7uUcLH1k3VHd4ArcGhiqffKzQuSE
-Dhm8GXNZAoGBAMrXOAdnfLlxYKCqOaj0JwN0RusWBP3cC7jluS5UmeTROPnBa0Fb
-219YtiXkDrWtoiwLvvPXobem0/juPkiGnprGcOsPUGa6pV3TPJ40BiIfh9/vt7fr
-Bko2SqEA9U0FxredcOFoCPxX9k9EDWxhF/nD20amvRHKK/wv995iXKxHAoGBAO4F
-GILNxBHlH5F++dbSSSTcZUTXvuBr7JQkbMK+luSikEtaSW9IO2bf65LtqjaWp4Ds
-rENCQAB3PmI111Rjwrk7925W0JCHw/+UArlVoM3K2q1zhYUWAn9L3v+qUTN2TLu1
-Tso3OkCrQ5aa812tffW3hZHOWJ+aZp2nnBnruDEFAoGAGJDCD1uAJnFNs4eKHiUb
-iHaPlC8BgcEhhk4EBFFopeaU0OKU28CFK+HxhVs+UNBrgIwXny5xPm2s5EvuLRho
-ovP/fuhG43odRuSrRbmlOIK7EOrWRCbphxlWJnOYQbC+ZURjBFl2JSF+ChGC0qpb
-nfsTVlYhNcNXWl5w1XTyJkcCgYEAp07XquJeh0GqTgiWL8XC+nEdkiWhG3lhY8Sy
-2rVDtdT7XqxJYDrC3o5Ztf7vnc2KUpqKgACqomkvZbN49+3j63bWdy35Dw8P27A7
-tfEVxnJoAnJokWMmQDqhts8OowDt8SgCCSyG+vwn10518QxJtRXaguIr84yBwyIV
-HTdPUs0CgYBIAxoPD9/6R2swClvln15sjaIXDp5rYLbm6mWU8fBURU2fdUw3VBlJ
-7YVgQ4GnKiCI7NueBBNRhjXA3KDkFyZw0/oKe2uc/4Gdyx1/L40WbYOaxJD2vIAf
-FZ4pK9Yq5Rp3XiCNm0eURBlNM+fwXOQin2XdzDRoEq1B5JalQO87lA==
------END RSA PRIVATE KEY-----

scripts/docker-dns/etcd.zone

@@ -1,14 +0,0 @@
-$TTL    86400
-@   IN  SOA  etcdns.local. root.etcdns.local. (
-             100500     ; Serial
-             604800     ; Refresh
-              86400     ; Retry
-            2419200     ; Expire
-              86400 )   ; Negative Cache TTL
-    IN  NS  ns.etcdns.local.
-    IN  A   127.0.0.1
-
-ns IN A 127.0.0.1
-m1 IN A 127.0.0.1
-m2 IN A 127.0.0.1
-m3 IN A 127.0.0.1

scripts/docker-dns/insecure/Procfile

@@ -1,6 +0,0 @@
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"

scripts/docker-dns/insecure/run.sh

@@ -1,89 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
-
-/etc/init.d/bind9 start
-
-# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
-cat /dev/null >/etc/hosts
-
-goreman -f /insecure/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --endpoints=http://m1.etcd.local:2379 \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --endpoints=http://m1.etcd.local:2379,http://m2.etcd.local:22379,http://m3.etcd.local:32379 \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --endpoints=http://m1.etcd.local:2379,http://m2.etcd.local:22379,http://m3.etcd.local:32379 \
-  get abc
-
-printf "\nWriting v2 key...\n"
-curl \
-  -L http://127.0.0.1:2379/v2/keys/queue \
-  -X POST \
-  -d value=data
-
-printf "\nWriting v2 key...\n"
-curl \
-  -L http://m1.etcd.local:2379/v2/keys/queue \
-  -X POST \
-  -d value=data
-
-printf "\nWriting v3 key...\n"
-curl \
-  -L http://127.0.0.1:2379/v3/kv/put \
-  -X POST \
-  -d '{"key": "Zm9v", "value": "YmFy"}'
-
-printf "\n\nWriting v3 key...\n"
-curl \
-  -L http://m1.etcd.local:2379/v3/kv/put \
-  -X POST \
-  -d '{"key": "Zm9v", "value": "YmFy"}'
-
-printf "\n\nReading v3 key...\n"
-curl \
-  -L http://m1.etcd.local:2379/v3/kv/range \
-  -X POST \
-  -d '{"key": "Zm9v"}'
-
-printf "\n\nFetching 'curl http://m1.etcd.local:2379/metrics'...\n"
-curl \
-  -L http://m1.etcd.local:2379/metrics | grep Put | tail -3
-
-name1=$(base64 <<< "/election-prefix")
-val1=$(base64 <<< "v1")
-data1="{\"name\":\"${name1}\", \"value\":\"${val1}\"}"
-
-printf "\n\nCampaign: ${data1}\n"
-result1=$(curl -L http://m1.etcd.local:2379/v3/election/campaign -X POST -d "${data1}")
-echo ${result1}
-
-# should not panic servers
-val2=$(base64 <<< "v2")
-data2="{\"value\": \"${val2}\"}"
-printf "\n\nProclaim (wrong-format): ${data2}\n"
-curl \
-  -L http://m1.etcd.local:2379/v3/election/proclaim \
-  -X POST \
-  -d "${data2}"
-
-printf "\n\nProclaim (wrong-format)...\n"
-curl \
-  -L http://m1.etcd.local:2379/v3/election/proclaim \
-  -X POST \
-  -d '}'
-
-printf "\n\nProclaim (wrong-format)...\n"
-curl \
-  -L http://m1.etcd.local:2379/v3/election/proclaim \
-  -X POST \
-  -d '{"value": "Zm9v"}'
-
-printf "\n\nDone!!!\n\n"

scripts/docker-dns/named.conf

@@ -1,23 +0,0 @@
-options {
-        directory "/var/bind";
-        listen-on { 127.0.0.1; };
-        listen-on-v6 { none; };
-        allow-transfer {
-                none;
-        };
-        // If you have problems and are behind a firewall:
-        query-source address * port 53;
-        pid-file "/var/run/named/named.pid";
-        allow-recursion { none; };
-        recursion no;
-};
-
-zone "etcd.local" IN {
-      type master;
-      file "/etc/bind/etcd.zone";
-};
-
-zone "0.0.127.in-addr.arpa" {
-      type master;
-      file "/etc/bind/rdns.zone";
-};

scripts/docker-dns/rdns.zone

@@ -1,13 +0,0 @@
-$TTL    86400
-@   IN  SOA  etcdns.local. root.etcdns.local. (
-             100500     ; Serial
-             604800     ; Refresh
-              86400     ; Retry
-            2419200     ; Expire
-              86400 )   ; Negative Cache TTL
-    IN  NS  ns.etcdns.local.
-    IN  A   127.0.0.1
-
-1 IN PTR m1.etcd.local.
-1 IN PTR m2.etcd.local.
-1 IN PTR m3.etcd.local.

scripts/docker-dns/resolv.conf

@@ -1 +0,0 @@
-nameserver 127.0.0.1

scripts/docker-static-ip/Dockerfile

@@ -1,37 +0,0 @@
-FROM ubuntu:17.10
-
-RUN rm /bin/sh && ln -s /bin/bash /bin/sh
-RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
-
-RUN apt-get -y update \
-  && apt-get -y install \
-  build-essential \
-  gcc \
-  apt-utils \
-  pkg-config \
-  software-properties-common \
-  apt-transport-https \
-  libssl-dev \
-  sudo \
-  bash \
-  curl \
-  tar \
-  git \
-  netcat \
-  bind9 \
-  dnsutils \
-  && apt-get -y update \
-  && apt-get -y upgrade \
-  && apt-get -y autoremove \
-  && apt-get -y autoclean
-
-ENV GOROOT /usr/local/go
-ENV GOPATH /go
-ENV PATH ${GOPATH}/bin:${GOROOT}/bin:${PATH}
-ENV GO_VERSION REPLACE_ME_GO_VERSION
-ENV GO_DOWNLOAD_URL https://storage.googleapis.com/golang
-RUN rm -rf ${GOROOT} \
-  && curl -s ${GO_DOWNLOAD_URL}/go${GO_VERSION}.linux-amd64.tar.gz | tar -v -C /usr/local/ -xz \
-  && mkdir -p ${GOPATH}/src ${GOPATH}/bin \
-  && go version \
-  && go get -v -u github.com/mattn/goreman

scripts/docker-static-ip/certs-metrics-proxy/Procfile

@@ -1,8 +0,0 @@
-# Use goreman to run `go get github.com/mattn/goreman`
-etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://localhost:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://localhost:2380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs-metrics-proxy/server.crt --peer-key-file=/certs-metrics-proxy/server.key.insecure --peer-trusted-ca-file=/certs-metrics-proxy/ca.crt --peer-client-cert-auth --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --client-cert-auth --listen-metrics-urls=https://localhost:2378,http://localhost:9379
-
-etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://localhost:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://localhost:22380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs-metrics-proxy/server.crt --peer-key-file=/certs-metrics-proxy/server.key.insecure --peer-trusted-ca-file=/certs-metrics-proxy/ca.crt --peer-client-cert-auth --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --client-cert-auth --listen-metrics-urls=https://localhost:22378,http://localhost:29379
-
-etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://localhost:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://localhost:32380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs-metrics-proxy/server.crt --peer-key-file=/certs-metrics-proxy/server.key.insecure --peer-trusted-ca-file=/certs-metrics-proxy/ca.crt --peer-client-cert-auth --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --client-cert-auth --listen-metrics-urls=https://localhost:32378,http://localhost:39379
-
-proxy: ./etcd grpc-proxy start --advertise-client-url=localhost:23790 --listen-addr=localhost:23790 --endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 --data-dir=/tmp/proxy.data --cacert=/certs-metrics-proxy/ca.crt --cert=/certs-metrics-proxy/server.crt --key=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --metrics-addr=http://localhost:9378

scripts/docker-static-ip/certs-metrics-proxy/ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "CN": "ca",
-  "ca": {
-    "expiry": "87600h"
-  }
-}

scripts/docker-static-ip/certs-metrics-proxy/ca.crt

@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDsTCCApmgAwIBAgIUYWIIesEznr7VfYawvmttxxmOfeUwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDYyMTUzMDBaFw0yNzEyMDQyMTUz
-MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQDDN/cW7rl/qz59gF3csnDhp5BAxVY7n0+inzZO+MZIdkCFuus6Klc6mWMY
-/ZGvpWxVDgQvYBs310eq4BrM2BjwWNfgqIn6bHVwwGfngojcDEHlZHw1e9sdBlO5
-e/rNONpNtMUjUeukhzFwPOdsUfweAGsqj4VYJV+kkS3uGmCGIj+3wIF411FliiQP
-WiyLG16BwR1Vem2qOotCRgCawKSb4/wKfF8dvv00IjP5Jcy+aXLQ4ULW1fvj3cRR
-JLdZmZ/PF0Cqm75qw2IqzIhRB5b1e8HyRPeNtEZ7frNLZyFhLgHJbRFF5WooFX79
-q9py8dERBXOxCKrSdqEOre0OU/4pAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
-BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBS+CaA8UIkIJT9xhXff4p143UuW
-7TANBgkqhkiG9w0BAQsFAAOCAQEAK7lScAUi+R68oxxmgZ/pdEr9wsMj4xtss+GO
-UDgzxudpT1nYQ2iBudC3LIuTiaUHUSseVleXEKeNbKhKhVhlIwhmPxiOgbbFu9hr
-e2Z87SjtdlbE/KcYFw0W/ukWYxYrq08BB19w2Mqd8J5CnLcj4/0iiH1uARo1swFy
-GUYAJ2I147sHIDbbmLKuxbdf4dcrkf3D4inBOLcRhS/MzaXfdMFntzJDQAo5YwFI
-zZ4TRGOhj8IcU1Cn5SVufryWy3qJ+sKHDYsGQQ/ArBXwQnO3NAFCpEN9rDDuQVmH
-+ATHDFBQZcGfN4GDh74FGnliRjip2sO4oWTfImmgJGGAn+P2CA==
------END CERTIFICATE-----

scripts/docker-static-ip/certs-metrics-proxy/gencert.json

@@ -1,13 +0,0 @@
-{
-  "signing": {
-    "default": {
-        "usages": [
-          "signing",
-          "key encipherment",
-          "server auth",
-          "client auth"
-        ],
-        "expiry": "87600h"
-    }
-  }
-}

scripts/docker-static-ip/certs-metrics-proxy/gencerts.sh

@@ -1,26 +0,0 @@
-#!/bin/bash
-
-if ! [[ "$0" =~ "./gencerts.sh" ]]; then
-	echo "must be run from 'fixtures'"
-	exit 255
-fi
-
-if ! which cfssl; then
-	echo "cfssl is not installed"
-	exit 255
-fi
-
-cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
-mv ca.pem ca.crt
-openssl x509 -in ca.crt -noout -text
-
-# generate wildcard certificates DNS: *.etcd.local
-cfssl gencert \
-    --ca ./ca.crt \
-    --ca-key ./ca-key.pem \
-    --config ./gencert.json \
-    ./server-ca-csr.json | cfssljson --bare ./server
-mv server.pem server.crt
-mv server-key.pem server.key.insecure
-
-rm -f *.csr *.pem *.stderr *.txt

scripts/docker-static-ip/certs-metrics-proxy/run.sh

@@ -1,119 +0,0 @@
-#!/bin/sh
-rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data /tmp/proxy.data
-
-goreman -f /certs-metrics-proxy/Procfile start &
-
-# TODO: remove random sleeps
-sleep 7s
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-metrics-proxy/ca.crt \
-  --cert=/certs-metrics-proxy/server.crt \
-  --key=/certs-metrics-proxy/server.key.insecure \
-  --endpoints=https://localhost:2379 \
-  endpoint health --cluster
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-metrics-proxy/ca.crt \
-  --cert=/certs-metrics-proxy/server.crt \
-  --key=/certs-metrics-proxy/server.key.insecure \
-  --endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 \
-  put abc def
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert=/certs-metrics-proxy/ca.crt \
-  --cert=/certs-metrics-proxy/server.crt \
-  --key=/certs-metrics-proxy/server.key.insecure \
-  --endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 \
-  get abc
-
-#################
-sleep 3s && printf "\n\n" && echo "curl https://localhost:2378/metrics"
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:2378/metrics | grep Put | tail -3
-
-sleep 3s && printf "\n" && echo "curl https://localhost:2379/metrics"
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:2379/metrics | grep Put | tail -3
-
-sleep 3s && printf "\n" && echo "curl http://localhost:9379/metrics"
-curl -L http://localhost:9379/metrics | grep Put | tail -3
-#################
-
-#################
-sleep 3s && printf "\n\n" && echo "curl https://localhost:22378/metrics"
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:22378/metrics | grep Put | tail -3
-
-sleep 3s && printf "\n" && echo "curl https://localhost:22379/metrics"
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:22379/metrics | grep Put | tail -3
-
-sleep 3s && printf "\n" && echo "curl http://localhost:29379/metrics"
-curl -L http://localhost:29379/metrics | grep Put | tail -3
-#################
-
-#################
-sleep 3s && printf "\n\n" && echo "curl https://localhost:32378/metrics"
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:32378/metrics | grep Put | tail -3
-
-sleep 3s && printf "\n" && echo "curl https://localhost:32379/metrics"
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:32379/metrics | grep Put | tail -3
-
-sleep 3s && printf "\n" && echo "curl http://localhost:39379/metrics"
-curl -L http://localhost:39379/metrics | grep Put | tail -3
-#################
-
-#################
-sleep 3s && printf "\n\n" && echo "Requests to gRPC proxy localhost:23790"
-ETCDCTL_API=3 ./etcdctl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  --endpoints=localhost:23790 \
-  put ghi jkl
-
-ETCDCTL_API=3 ./etcdctl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  --endpoints=localhost:23790 \
-  get ghi
-
-sleep 3s && printf "\n" && echo "Requests to gRPC proxy https://localhost:23790/metrics"
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:23790/metrics | grep Put | tail -3
-
-sleep 3s && printf "\n" && echo "Requests to gRPC proxy http://localhost:9378/metrics"
-curl -L http://localhost:9378/metrics | grep Put | tail -3
-<<COMMENT
-curl \
-  --cacert /certs-metrics-proxy/ca.crt \
-  --cert /certs-metrics-proxy/server.crt \
-  --key /certs-metrics-proxy/server.key.insecure \
-  -L https://localhost:9378/metrics | grep Put | tail -3
-COMMENT
-#################

scripts/docker-static-ip/certs-metrics-proxy/server-ca-csr.json

@@ -1,19 +0,0 @@
-{
-  "key": {
-    "algo": "rsa",
-    "size": 2048
-  },
-  "names": [
-    {
-      "O": "etcd",
-      "OU": "etcd Security",
-      "L": "San Francisco",
-      "ST": "California",
-      "C": "USA"
-    }
-  ],
-  "hosts": [
-    "127.0.0.1",
-    "localhost"
-  ]
-}

scripts/docker-static-ip/certs-metrics-proxy/server.crt

@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID/DCCAuSgAwIBAgIUSB2TVFR5v0lf79bffoZGdiRNB3YwDQYJKoZIhvcNAQEL
-BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
-Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
-Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDYyMTUzMDBaFw0yNzEyMDQyMTUz
-MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
-BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
-ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRv9k58Emso
-T4is8s2Vf8hxO3eVJxMd5IUSzmAPsFBcZEKpXo3AbK1CeZVn8aOJWd12cwnziTU9
-31baCKvT6Tm2kRoBXW/wHuxcuazL8xqg15xRQy+//skUEAR3rODyy5hl9dSBE7hl
-QHhpMZx66nF+AEZzgEHo7C1MV8BDDT28nDE1SLgHlzugYeLoWvGiN4KrCGbUizby
-90O6WFZVasHYk5l0TcNiX2EUVOkKeBdZo6bBa2qTf++Q0SX8KUOdsg+avZjjs+qu
-C8mIYhtwFLdhs/0jthgg4/mD73PZBLuK2CuYqvLZtWvDdnn99cZK86rLUwOD4jL2
-lr6BTuwsp48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
-KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCOx2DWC
-ooWTJHTR/Gf4litdPu4nMB8GA1UdIwQYMBaAFL4JoDxQiQglP3GFd9/inXjdS5bt
-MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
-RkRCpvtmCd+l6yHXGeL43rqseIEBT2ujGctRWkjwfe3INgiUHrIsTayoNk9fqmuV
-YBOW5z5vtfAOT/obFevfyqjEaHpl8qkGIty1e8s0xtT4n8tgtO5zhVAyt5bZ52UN
-1P7uUJ+j7dVuqV9+AUHlGeWAassmVWbqd3gVA/nhemIgOtqxbCcZ5277t3k7ALLe
-JUMDyFAYHz8ZcOk92wFT1mMrbt60zsWIb9vWkgdYHdC+DODhQDWNdvm6yW6cBm8m
-iUwTpNQ4W0UdjaQV4u7GU4kJUwCHnR4m/AoC/6/pUhjlBv5oU5TVKPqKr05q/FBZ
-VKLrBSYLChjrTPx0C4BqLA==
------END CERTIFICATE-----

scripts/docker-static-ip/certs-metrics-proxy/server.key.insecure

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAtG/2TnwSayhPiKzyzZV/yHE7d5UnEx3khRLOYA+wUFxkQqle
-jcBsrUJ5lWfxo4lZ3XZzCfOJNT3fVtoIq9PpObaRGgFdb/Ae7Fy5rMvzGqDXnFFD
-L7/+yRQQBHes4PLLmGX11IETuGVAeGkxnHrqcX4ARnOAQejsLUxXwEMNPbycMTVI
-uAeXO6Bh4uha8aI3gqsIZtSLNvL3Q7pYVlVqwdiTmXRNw2JfYRRU6Qp4F1mjpsFr
-apN/75DRJfwpQ52yD5q9mOOz6q4LyYhiG3AUt2Gz/SO2GCDj+YPvc9kEu4rYK5iq
-8tm1a8N2ef31xkrzqstTA4PiMvaWvoFO7CynjwIDAQABAoIBAAr+W1py0sh2n0nr
-h6ug9TUoOQBTNRtEEf1NpQdTTWHID0/Ec/9c/wIbb777o0xcfP4yTlYH4Y894tKu
-3CJj+ezLQ9H6zU+ZqLir+aAemQRBUoGyrc5F+2cS8tri08Ss5ly1saGt756nhKMR
-fbVUA97AV5HzTZg2cdVctmf/bdoZ/ou7v52thPnEfHPtvGFHKEm7ztJq+2RLNZqC
-kGbToGPF19KWh+cLL5IhGraqKnXXuUjMi1RvxLmA4vztfGCkz9145hrAuSEFEs1y
-Fq7IAAHtzzhEcaHpqg+FqqmXQEVrH6+p62/PzfTJdlkzWzroQMdJIib++iX3tN+c
-CR+loMkCgYEAy40Q+4Z+zQ6c2vp8DXal7dLF2FkQ4Ltee6H7J/vJ91w19ThXnCgr
-EkNerYrnLSpQDS4gkXxl7/+m08R5nziopdTSPwtWJjHJoESMhsjLuyXY03IXV/C8
-7xY4L1Uwqp7b6ueqAX3x6HGgBdgty921Lvf7t+kvRkwvcj8Xh7oPJQUCgYEA4u48
-k+HFJDwtw0ZmQZ5ntB7Nn3deoygA1tE+Q9GZadGV0nmUjViZCG6DA+V8h2IYMnyd
-QLQWBdJyhGnAANWajYaUNLfQXbf7Ucb2VbiqMpfD6jgb00OUrv5eZTExDE0QDNJ6
-nMeYQJj7TAuuab9UdUsE2uLderHlB29DQ4eXvoMCgYACdCLeRVLF+gUeBqL0Lpf1
-c/L6lqhDbT7IUr2KT9ixaKUl3ZYAxeMvByze/qumubnZTtMJrew0pmpGZznoF3DA
-/v3B0MsrDrKVgf4Hqef6y4v/kIKDht1gLG5k86vwgpW4ES7VccU2vhfluiNjL7r9
-Y/Pe1arCOCziPax08GM6WQKBgQDAJ8c32acbZbHCdqxDyCQ8CxFGhMeoFEmRnSDC
-QItNZWEeFkFJ5sm+sAVUmU/3O4MNzSNDFLrJN0gtA3bHvhfe2yRH95YCpbWzq2wP
-bg0ARi5o+BXnsIQIIfBAc4T6y45ZrSiR9RjhKikwXXvUo2Sa5Wk5B31PVa9/uiEU
-344IjQKBgCpjpncuUe4ioAI6kmSlaF9FpRKBQbA4NmMD6/scc1r4N1rBO+w4a8oi
-8N+6tmFds4Vl5A9M0OpJ2zwOVOp62EWuYo0zAdcigg6zI2kxZKMG7GeUC9yga3Zr
-FE5npYNx2ypha2FM3DTXm7jUB4Lb0cMGD3Fa0pRTmp+wjaInEu4b
------END RSA PRIVATE KEY-----