Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

hack/scripts-dev: sync with master

Browse Source 
Signed-off-by: Gyuho Lee <gyuhox@gmail.com>
This commit is contained in:
Gyuho Lee 2018-03-07 14:22:18 -08:00
parent e48a18256f
commit 660f7fd8a0
52 changed files with 1404 additions and 203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hack/benchmark/bench.sh Normal file → Executable file
View File

@ -1,8 +1,8 @@
#!/bin/bash -e
leader=http://10.240.201.15:2379
leader=http://localhost:2379
# assume three servers
servers=( http://10.240.201.15:2379 http://10.240.212.209:2379 http://10.240.95.3:2379 )
servers=( http://localhost:2379 http://localhost:22379 http://localhost:32379 )
keyarray=( 64 256 )

425
hack/scripts-dev/Makefile
View File

@ -1,8 +1,13 @@
# run from repository root
#
# Example:
# make clean -f ./hack/scripts-dev/Makefile
# make build -f ./hack/scripts-dev/Makefile
# make clean -f ./hack/scripts-dev/Makefile
# make clean-docker -f ./hack/scripts-dev/Makefile
# make restart-docker -f ./hack/scripts-dev/Makefile
# make delete-docker-images -f ./hack/scripts-dev/Makefile
.PHONY: build
build:
@ -23,45 +28,85 @@ clean:
rm -f ./clientv3/integration/127.0.0.1:* ./clientv3/integration/localhost:*
rm -f ./clientv3/ordering/127.0.0.1:* ./clientv3/ordering/localhost:*
_GO_VERSION = 1.9.2
ifdef GO_VERSION
_GO_VERSION = $(GO_VERSION)
clean-docker:
docker images
docker image prune --force
restart-docker:
service docker restart
delete-docker-images:
docker rm --force $(docker ps -a -q) || true
docker rmi --force $(docker images -q) || true
GO_VERSION ?= 1.10
ETCD_VERSION ?= $(shell git rev-parse --short HEAD || echo "GitNotFound")
TEST_SUFFIX = $(shell date +%s | base64 | head -c 15)
TEST_OPTS ?= PASSES='unit'
TMP_DIR_MOUNT_FLAG = --mount type=tmpfs,destination=/tmp
ifdef HOST_TMP_DIR
TMP_DIR_MOUNT_FLAG = --mount type=bind,source=$(HOST_TMP_DIR),destination=/tmp
endif
# Example:
# GO_VERSION=1.8.5 make build-docker-test -f ./hack/scripts-dev/Makefile
# GO_VERSION=1.8.7 make build-docker-test -f ./hack/scripts-dev/Makefile
# make build-docker-test -f ./hack/scripts-dev/Makefile
# gcloud docker -- login -u _json_key -p "$(cat /etc/gcp-key-etcd-development.json)" https://gcr.io
# GO_VERSION=1.8.5 make push-docker-test -f ./hack/scripts-dev/Makefile
# GO_VERSION=1.8.7 make push-docker-test -f ./hack/scripts-dev/Makefile
# make push-docker-test -f ./hack/scripts-dev/Makefile
# gsutil -m acl ch -u allUsers:R -r gs://artifacts.etcd-development.appspot.com
# GO_VERSION=1.8.5 make pull-docker-test -f ./hack/scripts-dev/Makefile
# GO_VERSION=1.8.7 make pull-docker-test -f ./hack/scripts-dev/Makefile
# make pull-docker-test -f ./hack/scripts-dev/Makefile
build-docker-test:
$(info GO_VERSION: $(_GO_VERSION))
@cat ./Dockerfile-test | sed s/REPLACE_ME_GO_VERSION/$(_GO_VERSION)/ \
> ./.Dockerfile-test
$(info GO_VERSION: $(GO_VERSION))
@sed -i.bak 's|REPLACE_ME_GO_VERSION|$(GO_VERSION)|g' ./Dockerfile-test
docker build \
--tag gcr.io/etcd-development/etcd-test:go$(_GO_VERSION) \
--file ./.Dockerfile-test .
--tag gcr.io/etcd-development/etcd-test:go$(GO_VERSION) \
--file ./Dockerfile-test .
@mv ./Dockerfile-test.bak ./Dockerfile-test
push-docker-test:
$(info GO_VERSION: $(_GO_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-test:go$(_GO_VERSION)
$(info GO_VERSION: $(GO_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-test:go$(GO_VERSION)
pull-docker-test:
$(info GO_VERSION: $(_GO_VERSION))
docker pull gcr.io/etcd-development/etcd-test:go$(_GO_VERSION)
$(info GO_VERSION: $(GO_VERSION))
docker pull gcr.io/etcd-development/etcd-test:go$(GO_VERSION)
# Example:
# make build-docker-test -f ./hack/scripts-dev/Makefile
# make compile-with-docker-test -f ./hack/scripts-dev/Makefile
# make compile-setup-gopath-with-docker-test -f ./hack/scripts-dev/Makefile
compile-with-docker-test:
$(info GO_VERSION: $(_GO_VERSION))
$(info GO_VERSION: $(GO_VERSION))
docker run \
--rm \
--volume=`pwd`/:/etcd \
gcr.io/etcd-development/etcd-test:go$(_GO_VERSION) \
/bin/bash -c "cd /etcd && GO_BUILD_FLAGS=-v ./build && ./bin/etcd --version"
--mount type=bind,source=`pwd`,destination=/go/src/github.com/coreos/etcd \
gcr.io/etcd-development/etcd-test:go$(GO_VERSION) \
/bin/bash -c "GO_BUILD_FLAGS=-v ./build && ./bin/etcd --version"
compile-setup-gopath-with-docker-test:
$(info GO_VERSION: $(GO_VERSION))
docker run \
--rm \
--mount type=bind,source=`pwd`,destination=/etcd \
gcr.io/etcd-development/etcd-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && ETCD_SETUP_GOPATH=1 GO_BUILD_FLAGS=-v ./build && ./bin/etcd --version && rm -rf ./gopath"
# Example:
#
# Local machine:
# TEST_OPTS="PASSES='fmt'" make test -f ./hack/scripts-dev/Makefile
# TEST_OPTS="PASSES='fmt bom dep compile build unit'" make test -f ./hack/scripts-dev/Makefile
@ -78,76 +123,132 @@ compile-with-docker-test:
#
# Semaphore CI (test with docker):
# TEST_OPTS="RELEASE_TEST=y INTEGRATION=y PASSES='build unit release integration_e2e functional'" make docker-test -f ./hack/scripts-dev/Makefile
# HOST_TMP_DIR=/tmp TEST_OPTS="RELEASE_TEST=y INTEGRATION=y PASSES='build unit release integration_e2e functional'" make docker-test -f ./hack/scripts-dev/Makefile
# TEST_OPTS="GOARCH=386 PASSES='build unit integration_e2e'" make docker-test -f ./hack/scripts-dev/Makefile
#
# grpc-proxy tests (test with docker):
# TEST_OPTS="PASSES='build grpcproxy'" make docker-test -f ./hack/scripts-dev/Makefile
TEST_SUFFIX = $(shell date +%s | base64 | head -c 15)
_TEST_OPTS = "PASSES='unit'"
ifdef TEST_OPTS
_TEST_OPTS = $(TEST_OPTS)
endif
# HOST_TMP_DIR=/tmp TEST_OPTS="PASSES='build grpcproxy'" make docker-test -f ./hack/scripts-dev/Makefile
.PHONY: test
test:
$(info TEST_OPTS: $(_TEST_OPTS))
$(info TEST_OPTS: $(TEST_OPTS))
$(info log-file: test-$(TEST_SUFFIX).log)
$(_TEST_OPTS) ./test 2>&1 | tee test-$(TEST_SUFFIX).log
! egrep "(--- FAIL:|panic: test timed out|appears to have leaked|Too many goroutines)" -B50 -A10 test-$(TEST_SUFFIX).log
$(TEST_OPTS) ./test 2>&1 | tee test-$(TEST_SUFFIX).log
! egrep "(--- FAIL:|panic: test timed out|appears to have leaked)" -B50 -A10 test-$(TEST_SUFFIX).log
docker-test:
$(info GO_VERSION: $(_GO_VERSION))
$(info TEST_OPTS: $(_TEST_OPTS))
$(info GO_VERSION: $(GO_VERSION))
$(info ETCD_VERSION: $(ETCD_VERSION))
$(info TEST_OPTS: $(TEST_OPTS))
$(info log-file: test-$(TEST_SUFFIX).log)
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--volume=/tmp:/tmp \
--volume=`pwd`:/go/src/github.com/coreos/etcd \
gcr.io/etcd-development/etcd-test:go$(_GO_VERSION) \
/bin/bash -c "$(_TEST_OPTS) ./test 2>&1 | tee test-$(TEST_SUFFIX).log"
! egrep "(--- FAIL:|panic: test timed out|appears to have leaked|Too many goroutines)" -B50 -A10 test-$(TEST_SUFFIX).log
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`,destination=/go/src/github.com/coreos/etcd \
gcr.io/etcd-development/etcd-test:go$(GO_VERSION) \
/bin/bash -c "$(TEST_OPTS) ./test 2>&1 | tee test-$(TEST_SUFFIX).log"
! egrep "(--- FAIL:|panic: test timed out|appears to have leaked)" -B50 -A10 test-$(TEST_SUFFIX).log
docker-test-coverage:
$(info GO_VERSION: $(_GO_VERSION))
$(info GO_VERSION: $(GO_VERSION))
$(info ETCD_VERSION: $(ETCD_VERSION))
$(info log-file: docker-test-coverage-$(TEST_SUFFIX).log)
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--volume=/tmp:/tmp \
--volume=`pwd`:/go/src/github.com/coreos/etcd \
gcr.io/etcd-development/etcd-test:go$(_GO_VERSION) \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`,destination=/go/src/github.com/coreos/etcd \
gcr.io/etcd-development/etcd-test:go$(GO_VERSION) \
/bin/bash -c "COVERDIR=covdir PASSES='build build_cov cov' ./test 2>&1 | tee docker-test-coverage-$(TEST_SUFFIX).log && /codecov -t 6040de41-c073-4d6f-bbf8-d89256ef31e1"
! egrep "(--- FAIL:|panic: test timed out|appears to have leaked|Too many goroutines)" -B50 -A10 docker-test-coverage-$(TEST_SUFFIX).log
! egrep "(--- FAIL:|panic: test timed out|appears to have leaked)" -B50 -A10 docker-test-coverage-$(TEST_SUFFIX).log
# build release container image with Linux
_ETCD_VERSION ?= $(shell git rev-parse --short HEAD || echo "GitNotFound")
ifdef ETCD_VERSION
_ETCD_VERSION = $(ETCD_VERSION)
endif
# Example:
# ETCD_VERSION=v3.3.0-test.0 make build-docker-release-master -f ./hack/scripts-dev/Makefile
# ETCD_VERSION=v3.3.0-test.0 make push-docker-release-master -f ./hack/scripts-dev/Makefile
# make compile-with-docker-test -f ./hack/scripts-dev/Makefile
# ETCD_VERSION=v3-test make build-docker-release-master -f ./hack/scripts-dev/Makefile
# ETCD_VERSION=v3-test make push-docker-release-master -f ./hack/scripts-dev/Makefile
# gsutil -m acl ch -u allUsers:R -r gs://artifacts.etcd-development.appspot.com
build-docker-release-master: compile-with-docker-test
$(info ETCD_VERSION: $(_ETCD_VERSION))
build-docker-release-master:
$(info ETCD_VERSION: $(ETCD_VERSION))
cp ./Dockerfile-release ./bin/Dockerfile-release
docker build \
--tag gcr.io/etcd-development/etcd:$(_ETCD_VERSION) \
--tag gcr.io/etcd-development/etcd:$(ETCD_VERSION) \
--file ./bin/Dockerfile-release \
./bin
rm -f ./bin/Dockerfile-release
docker run \
--rm \
gcr.io/etcd-development/etcd:$(_ETCD_VERSION) \
gcr.io/etcd-development/etcd:$(ETCD_VERSION) \
/bin/sh -c "/usr/local/bin/etcd --version && ETCDCTL_API=3 /usr/local/bin/etcdctl version"
push-docker-release-master:
$(info ETCD_VERSION: $(_ETCD_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd:$(_ETCD_VERSION)
$(info ETCD_VERSION: $(ETCD_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd:$(ETCD_VERSION)
# Example:
# make build-docker-test -f ./hack/scripts-dev/Makefile
# make compile-with-docker-test -f ./hack/scripts-dev/Makefile
# make build-docker-static-ip-test -f ./hack/scripts-dev/Makefile
# gcloud docker -- login -u _json_key -p "$(cat /etc/gcp-key-etcd-development.json)" https://gcr.io
# make push-docker-static-ip-test -f ./hack/scripts-dev/Makefile
# gsutil -m acl ch -u allUsers:R -r gs://artifacts.etcd-development.appspot.com
# make pull-docker-static-ip-test -f ./hack/scripts-dev/Makefile
# make docker-static-ip-test-certs-run -f ./hack/scripts-dev/Makefile
# make docker-static-ip-test-certs-metrics-proxy-run -f ./hack/scripts-dev/Makefile
build-docker-static-ip-test:
$(info GO_VERSION: $(GO_VERSION))
@sed -i.bak 's|REPLACE_ME_GO_VERSION|$(GO_VERSION)|g' ./hack/scripts-dev/docker-static-ip/Dockerfile
docker build \
--tag gcr.io/etcd-development/etcd-static-ip-test:go$(GO_VERSION) \
--file ./hack/scripts-dev/docker-static-ip/Dockerfile \
./hack/scripts-dev/docker-static-ip
@mv ./hack/scripts-dev/docker-static-ip/Dockerfile.bak ./hack/scripts-dev/docker-static-ip/Dockerfile
push-docker-static-ip-test:
$(info GO_VERSION: $(GO_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-static-ip-test:go$(GO_VERSION)
pull-docker-static-ip-test:
$(info GO_VERSION: $(GO_VERSION))
docker pull gcr.io/etcd-development/etcd-static-ip-test:go$(GO_VERSION)
docker-static-ip-test-certs-run:
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-static-ip/certs,destination=/certs \
gcr.io/etcd-development/etcd-static-ip-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs/run.sh && rm -rf m*.etcd"
docker-static-ip-test-certs-metrics-proxy-run:
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-static-ip/certs-metrics-proxy,destination=/certs-metrics-proxy \
gcr.io/etcd-development/etcd-static-ip-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-metrics-proxy/run.sh && rm -rf m*.etcd"
# Example:
# make build-docker-test -f ./hack/scripts-dev/Makefile
@ -157,70 +258,122 @@ push-docker-release-master:
# make push-docker-dns-test -f ./hack/scripts-dev/Makefile
# gsutil -m acl ch -u allUsers:R -r gs://artifacts.etcd-development.appspot.com
# make pull-docker-dns-test -f ./hack/scripts-dev/Makefile
# make docker-dns-test-insecure-run -f ./hack/scripts-dev/Makefile
# make docker-dns-test-certs-run -f ./hack/scripts-dev/Makefile
# make docker-dns-test-certs-gateway-run -f ./hack/scripts-dev/Makefile
# make docker-dns-test-certs-wildcard-run -f ./hack/scripts-dev/Makefile
# make docker-dns-test-certs-common-name-auth-run -f ./hack/scripts-dev/Makefile
# make docker-dns-test-certs-common-name-multi-run -f ./hack/scripts-dev/Makefile
build-docker-dns-test:
$(info GO_VERSION: $(_GO_VERSION))
@cat ./hack/scripts-dev/docker-dns/Dockerfile | sed s/REPLACE_ME_GO_VERSION/$(_GO_VERSION)/ \
> ./hack/scripts-dev/docker-dns/.Dockerfile
$(info GO_VERSION: $(GO_VERSION))
@sed -i.bak 's|REPLACE_ME_GO_VERSION|$(GO_VERSION)|g' ./hack/scripts-dev/docker-dns/Dockerfile
docker build \
--tag gcr.io/etcd-development/etcd-dns-test:go$(_GO_VERSION) \
--file ./hack/scripts-dev/docker-dns/.Dockerfile \
--tag gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
--file ./hack/scripts-dev/docker-dns/Dockerfile \
./hack/scripts-dev/docker-dns
@mv ./hack/scripts-dev/docker-dns/Dockerfile.bak ./hack/scripts-dev/docker-dns/Dockerfile
docker run \
--rm \
--dns 127.0.0.1 \
gcr.io/etcd-development/etcd-dns-test:go$(_GO_VERSION) \
gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
/bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig etcd.local"
push-docker-dns-test:
$(info GO_VERSION: $(_GO_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-dns-test:go$(_GO_VERSION)
$(info GO_VERSION: $(GO_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION)
pull-docker-dns-test:
$(info GO_VERSION: $(_GO_VERSION))
docker pull gcr.io/etcd-development/etcd-dns-test:go$(_GO_VERSION)
$(info GO_VERSION: $(GO_VERSION))
docker pull gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION)
docker-dns-test-certs-run:
$(info GO_VERSION: $(_GO_VERSION))
docker-dns-test-insecure-run:
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
--volume=/tmp:/tmp \
--volume=`pwd`/bin:/etcd \
--volume=`pwd`/hack/scripts-dev/docker-dns/certs:/certs \
gcr.io/etcd-development/etcd-dns-test:go$(_GO_VERSION) \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns/insecure,destination=/insecure \
gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /insecure/run.sh && rm -rf m*.etcd"
docker-dns-test-certs-run:
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns/certs,destination=/certs \
gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs/run.sh && rm -rf m*.etcd"
docker-dns-test-certs-gateway-run:
$(info GO_VERSION: $(_GO_VERSION))
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
--volume=/tmp:/tmp \
--volume=`pwd`/bin:/etcd \
--volume=`pwd`/hack/scripts-dev/docker-dns/certs-gateway:/certs-gateway \
gcr.io/etcd-development/etcd-dns-test:go$(_GO_VERSION) \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns/certs-gateway,destination=/certs-gateway \
gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-gateway/run.sh && rm -rf m*.etcd"
docker-dns-test-certs-wildcard-run:
$(info GO_VERSION: $(_GO_VERSION))
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
--volume=/tmp:/tmp \
--volume=`pwd`/bin:/etcd \
--volume=`pwd`/hack/scripts-dev/docker-dns/certs-wildcard:/certs-wildcard \
gcr.io/etcd-development/etcd-dns-test:go$(_GO_VERSION) \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns/certs-wildcard,destination=/certs-wildcard \
gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-wildcard/run.sh && rm -rf m*.etcd"
docker-dns-test-certs-common-name-auth-run:
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns/certs-common-name-auth,destination=/certs-common-name-auth \
gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-common-name-auth/run.sh && rm -rf m*.etcd"
docker-dns-test-certs-common-name-multi-run:
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns/certs-common-name-multi,destination=/certs-common-name-multi \
gcr.io/etcd-development/etcd-dns-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-common-name-multi/run.sh && rm -rf m*.etcd"
# Example:
# make build-docker-test -f ./hack/scripts-dev/Makefile
# make compile-with-docker-test -f ./hack/scripts-dev/Makefile
@ -234,61 +387,113 @@ docker-dns-test-certs-wildcard-run:
# make docker-dns-srv-test-certs-wildcard-run -f ./hack/scripts-dev/Makefile
build-docker-dns-srv-test:
$(info GO_VERSION: $(_GO_VERSION))
@cat ./hack/scripts-dev/docker-dns-srv/Dockerfile | sed s/REPLACE_ME_GO_VERSION/$(_GO_VERSION)/ \
> ./hack/scripts-dev/docker-dns-srv/.Dockerfile
$(info GO_VERSION: $(GO_VERSION))
@sed -i.bak 's|REPLACE_ME_GO_VERSION|$(GO_VERSION)|g' ./hack/scripts-dev/docker-dns-srv/Dockerfile
docker build \
--tag gcr.io/etcd-development/etcd-dns-srv-test:go$(_GO_VERSION) \
--file ./hack/scripts-dev/docker-dns-srv/.Dockerfile \
--tag gcr.io/etcd-development/etcd-dns-srv-test:go$(GO_VERSION) \
--file ./hack/scripts-dev/docker-dns-srv/Dockerfile \
./hack/scripts-dev/docker-dns-srv
@mv ./hack/scripts-dev/docker-dns-srv/Dockerfile.bak ./hack/scripts-dev/docker-dns-srv/Dockerfile
docker run \
--rm \
--dns 127.0.0.1 \
gcr.io/etcd-development/etcd-dns-srv-test:go$(_GO_VERSION) \
gcr.io/etcd-development/etcd-dns-srv-test:go$(GO_VERSION) \
/bin/bash -c "/etc/init.d/bind9 start && cat /dev/null >/etc/hosts && dig +noall +answer SRV _etcd-client-ssl._tcp.etcd.local && dig +noall +answer SRV _etcd-server-ssl._tcp.etcd.local && dig +noall +answer m1.etcd.local m2.etcd.local m3.etcd.local"
push-docker-dns-srv-test:
$(info GO_VERSION: $(_GO_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-dns-srv-test:go$(_GO_VERSION)
$(info GO_VERSION: $(GO_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-dns-srv-test:go$(GO_VERSION)
pull-docker-dns-srv-test:
$(info GO_VERSION: $(_GO_VERSION))
docker pull gcr.io/etcd-development/etcd-dns-srv-test:go$(_GO_VERSION)
$(info GO_VERSION: $(GO_VERSION))
docker pull gcr.io/etcd-development/etcd-dns-srv-test:go$(GO_VERSION)
docker-dns-srv-test-certs-run:
$(info GO_VERSION: $(_GO_VERSION))
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
--volume=/tmp:/tmp \
--volume=`pwd`/bin:/etcd \
--volume=`pwd`/hack/scripts-dev/docker-dns-srv/certs:/certs \
gcr.io/etcd-development/etcd-dns-srv-test:go$(_GO_VERSION) \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns-srv/certs,destination=/certs \
gcr.io/etcd-development/etcd-dns-srv-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs/run.sh && rm -rf m*.etcd"
docker-dns-srv-test-certs-gateway-run:
$(info GO_VERSION: $(_GO_VERSION))
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
--volume=/tmp:/tmp \
--volume=`pwd`/bin:/etcd \
--volume=`pwd`/hack/scripts-dev/docker-dns-srv/certs-gateway:/certs-gateway \
gcr.io/etcd-development/etcd-dns-srv-test:go$(_GO_VERSION) \
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns-srv/certs-gateway,destination=/certs-gateway \
gcr.io/etcd-development/etcd-dns-srv-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-gateway/run.sh && rm -rf m*.etcd"
docker-dns-srv-test-certs-wildcard-run:
$(info GO_VERSION: $(_GO_VERSION))
$(info GO_VERSION: $(GO_VERSION))
$(info HOST_TMP_DIR: $(HOST_TMP_DIR))
$(info TMP_DIR_MOUNT_FLAG: $(TMP_DIR_MOUNT_FLAG))
docker run \
--rm \
--tty \
--dns 127.0.0.1 \
--volume=/tmp:/tmp \
--volume=`pwd`/bin:/etcd \
--volume=`pwd`/hack/scripts-dev/docker-dns-srv/certs-wildcard:/certs-wildcard \
gcr.io/etcd-development/etcd-dns-srv-test:go$(_GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-wildcard/run.sh && rm -rf m*.etcd"
$(TMP_DIR_MOUNT_FLAG) \
--mount type=bind,source=`pwd`/bin,destination=/etcd \
--mount type=bind,source=`pwd`/hack/scripts-dev/docker-dns-srv/certs-wildcard,destination=/certs-wildcard \
gcr.io/etcd-development/etcd-dns-srv-test:go$(GO_VERSION) \
/bin/bash -c "cd /etcd && /certs-wildcard/run.sh && rm -rf m*.etcd"
# Example:
# make build-etcd-test-proxy -f ./hack/scripts-dev/Makefile
build-etcd-test-proxy:
go build -v -o ./bin/etcd-test-proxy ./tools/etcd-test-proxy
# Example:
# make build-docker-functional-tester -f ./hack/scripts-dev/Makefile
# make push-docker-functional-tester -f ./hack/scripts-dev/Makefile
# make pull-docker-functional-tester -f ./hack/scripts-dev/Makefile
build-docker-functional-tester:
$(info GO_VERSION: $(GO_VERSION))
$(info ETCD_VERSION: $(ETCD_VERSION))
@sed -i.bak 's|REPLACE_ME_GO_VERSION|$(GO_VERSION)|g' ./Dockerfile-functional-tester
docker build \
--tag gcr.io/etcd-development/etcd-functional-tester:go$(GO_VERSION) \
--file ./Dockerfile-functional-tester \
.
@mv ./Dockerfile-functional-tester.bak ./Dockerfile-functional-tester
docker run \
--rm \
gcr.io/etcd-development/etcd-functional-tester:go$(GO_VERSION) \
/bin/bash -c "/etcd --version && \
/etcd-failpoints --version && \
ETCDCTL_API=3 /etcdctl version && \
/etcd-agent -help || true && \
/etcd-tester -help || true && \
/etcd-runner --help || true && \
/benchmark --help || true && \
/etcd-test-proxy -help || true"
push-docker-functional-tester:
$(info GO_VERSION: $(GO_VERSION))
$(info ETCD_VERSION: $(ETCD_VERSION))
gcloud docker -- push gcr.io/etcd-development/etcd-functional-tester:go$(GO_VERSION)
pull-docker-functional-tester:
$(info GO_VERSION: $(GO_VERSION))
$(info ETCD_VERSION: $(ETCD_VERSION))
docker pull gcr.io/etcd-development/etcd-functional-tester:go$(GO_VERSION)

3
hack/scripts-dev/README
View File

@ -1,2 +1 @@
scripts for etcd development
scripts for etcd development

2
hack/scripts-dev/docker-dns-srv/Dockerfile
View File

@ -1,4 +1,4 @@
FROM ubuntu:16.10
FROM ubuntu:17.10
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections

2
hack/scripts-dev/docker-dns/Dockerfile
View File

@ -1,4 +1,4 @@
FROM ubuntu:16.10
FROM ubuntu:17.10
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections

6
hack/scripts-dev/docker-dns/certs-common-name-auth/Procfile Normal file
View File

@ -0,0 +1,6 @@
# Use goreman to run `go get github.com/mattn/goreman`
etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-auth/server.crt --peer-key-file=/certs-common-name-auth/server.key.insecure --peer-trusted-ca-file=/certs-common-name-auth/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name-auth/server.crt --key-file=/certs-common-name-auth/server.key.insecure --trusted-ca-file=/certs-common-name-auth/ca.crt --client-cert-auth
etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-auth/server.crt --peer-key-file=/certs-common-name-auth/server.key.insecure --peer-trusted-ca-file=/certs-common-name-auth/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name-auth/server.crt --key-file=/certs-common-name-auth/server.key.insecure --trusted-ca-file=/certs-common-name-auth/ca.crt --client-cert-auth
etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-auth/server.crt --peer-key-file=/certs-common-name-auth/server.key.insecure --peer-trusted-ca-file=/certs-common-name-auth/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name-auth/server.crt --key-file=/certs-common-name-auth/server.key.insecure --trusted-ca-file=/certs-common-name-auth/ca.crt --client-cert-auth

0
hack/scripts-dev/docker-dns/certs-common-name/ca-csr.json → hack/scripts-dev/docker-dns/certs-common-name-auth/ca-csr.json
View File

0
hack/scripts-dev/docker-dns/certs-common-name/ca.crt → hack/scripts-dev/docker-dns/certs-common-name-auth/ca.crt
View File

0
hack/scripts-dev/docker-dns/certs-common-name/gencert.json → hack/scripts-dev/docker-dns/certs-common-name-auth/gencert.json
View File

26
hack/scripts-dev/docker-dns/certs-common-name-auth/gencerts.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
echo "must be run from 'fixtures'"
exit 255
fi
if ! which cfssl; then
echo "cfssl is not installed"
exit 255
fi
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
mv ca.pem ca.crt
openssl x509 -in ca.crt -noout -text
# generate wildcard certificates DNS: m1/m2/m3.etcd.local
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json | cfssljson --bare ./server
mv server.pem server.crt
mv server-key.pem server.key.insecure
rm -f *.csr *.pem *.stderr *.txt

162
hack/scripts-dev/docker-dns/certs-common-name/run.sh → hack/scripts-dev/docker-dns/certs-common-name-auth/run.sh
View File

@ -6,65 +6,65 @@ rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
cat /dev/null >/etc/hosts
goreman -f /certs-common-name/Procfile start &
goreman -f /certs-common-name-auth/Procfile start &
# TODO: remove random sleeps
sleep 7s
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379 \
endpoint health --cluster
sleep 2s
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
put abc def
sleep 2s
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
get abc
sleep 1s && printf "\n"
echo "Step 1. creating root role"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
role add root
sleep 1s && printf "\n"
echo "Step 2. granting readwrite 'foo' permission to role 'root'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
role grant-permission root readwrite foo
sleep 1s && printf "\n"
echo "Step 3. getting role 'root'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
role get root
sleep 1s && printf "\n"
echo "Step 4. creating user 'root'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--interactive=false \
user add root:123
@ -72,36 +72,36 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 5. granting role 'root' to user 'root'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
user grant-role root root
sleep 1s && printf "\n"
echo "Step 6. getting user 'root'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
user get root
sleep 1s && printf "\n"
echo "Step 7. enabling auth"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
auth enable
sleep 1s && printf "\n"
echo "Step 8. writing 'foo' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
put foo bar
@ -109,9 +109,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 9. writing 'aaa' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
put aaa bbb
@ -119,18 +119,18 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 10. writing 'foo' without 'root:123'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
put foo bar
sleep 1s && printf "\n"
echo "Step 11. reading 'foo' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
get foo
@ -138,9 +138,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 12. reading 'aaa' with 'root:123'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
get aaa
@ -148,9 +148,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 13. creating a new user 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
--interactive=false \
@ -159,9 +159,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 14. creating a role 'test-role'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
role add test-role
@ -169,9 +169,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 15. granting readwrite 'aaa' --prefix permission to role 'test-role'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
role grant-permission test-role readwrite aaa --prefix
@ -179,9 +179,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 16. getting role 'test-role'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
role get test-role
@ -189,9 +189,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 17. granting role 'test-role' to user 'test-common-name'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=root:123 \
user grant-role test-common-name test-role
@ -199,9 +199,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 18. writing 'aaa' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=test-common-name:test-pass \
put aaa bbb
@ -209,9 +209,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 19. writing 'bbb' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=test-common-name:test-pass \
put bbb bbb
@ -219,9 +219,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 20. reading 'aaa' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=test-common-name:test-pass \
get aaa
@ -229,9 +229,9 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 21. reading 'bbb' with 'test-common-name:test-pass'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
--user=test-common-name:test-pass \
get bbb
@ -239,17 +239,17 @@ ETCDCTL_API=3 ./etcdctl \
sleep 1s && printf "\n"
echo "Step 22. writing 'aaa' with CommonName 'test-common-name'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
put aaa ccc
sleep 1s && printf "\n"
echo "Step 23. reading 'aaa' with CommonName 'test-common-name'"
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name/ca.crt \
--cert=/certs-common-name/server.crt \
--key=/certs-common-name/server.key.insecure \
--cacert=/certs-common-name-auth/ca.crt \
--cert=/certs-common-name-auth/server.crt \
--key=/certs-common-name-auth/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
get aaa

0
hack/scripts-dev/docker-dns/certs-common-name/server-ca-csr.json → hack/scripts-dev/docker-dns/certs-common-name-auth/server-ca-csr.json
View File

0
hack/scripts-dev/docker-dns/certs-common-name/server.crt → hack/scripts-dev/docker-dns/certs-common-name-auth/server.crt
View File

0
hack/scripts-dev/docker-dns/certs-common-name/server.key.insecure → hack/scripts-dev/docker-dns/certs-common-name-auth/server.key.insecure
View File

6
hack/scripts-dev/docker-dns/certs-common-name-multi/Procfile Normal file
View File

@ -0,0 +1,6 @@
# Use goreman to run `go get github.com/mattn/goreman`
etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-multi/server-1.crt --peer-key-file=/certs-common-name-multi/server-1.key.insecure --peer-trusted-ca-file=/certs-common-name-multi/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn etcd.local --cert-file=/certs-common-name-multi/server-1.crt --key-file=/certs-common-name-multi/server-1.key.insecure --trusted-ca-file=/certs-common-name-multi/ca.crt --client-cert-auth
etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-multi/server-2.crt --peer-key-file=/certs-common-name-multi/server-2.key.insecure --peer-trusted-ca-file=/certs-common-name-multi/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn etcd.local --cert-file=/certs-common-name-multi/server-2.crt --key-file=/certs-common-name-multi/server-2.key.insecure --trusted-ca-file=/certs-common-name-multi/ca.crt --client-cert-auth
etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name-multi/server-3.crt --peer-key-file=/certs-common-name-multi/server-3.key.insecure --peer-trusted-ca-file=/certs-common-name-multi/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn etcd.local --cert-file=/certs-common-name-multi/server-3.crt --key-file=/certs-common-name-multi/server-3.key.insecure --trusted-ca-file=/certs-common-name-multi/ca.crt --client-cert-auth

19
hack/scripts-dev/docker-dns/certs-common-name-multi/ca-csr.json Normal file
View File

@ -0,0 +1,19 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "ca",
"ca": {
"expiry": "87600h"
}
}

23
hack/scripts-dev/docker-dns/certs-common-name-multi/ca.crt Normal file
View File

@ -0,0 +1,23 @@
-----BEGIN CERTIFICATE-----
MIID0jCCArqgAwIBAgIUd3UZnVmZFo8x9MWWhUrYQvZHLrQwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCqgFTgSFl+ugXkZuiN5PXp84Zv05crwI5x2ePMnc2/3u1s7cQBvXQGCJcq
OwWD7tjcy4K2PDC0DLRa4Mkd8JpwADmf6ojbMH/3a1pXY2B3BJQwmNPFnxRJbDZL
Iti6syWKwyfLVb1KFCU08G+ZrWmGIXPWDiE+rTn/ArD/6WbQI1LYBFJm25NLpttM
mA3HnWoErNGY4Z/AR54ROdQSPL7RSUZBa0Kn1riXeOJ40/05qosR2O/hBSAGkD+m
5Rj+A6oek44zZqVzCSEncLsRJAKqgZIqsBrErAho72irEgTwv4OM0MyOCsY/9erf
hNYRSoQeX+zUvEvgToalfWGt6kT3AgMBAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjAS
BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBRDePNja5CK4zUfO5x1vzGvdmUF
CzAfBgNVHSMEGDAWgBRDePNja5CK4zUfO5x1vzGvdmUFCzANBgkqhkiG9w0BAQsF
AAOCAQEAZu0a3B7Ef/z5Ct99xgzPy4z9RwglqPuxk446hBWR5TYT9fzm+voHCAwb
MJEaQK3hvAz47qAjyR9/b+nBw4LRTMxg0WqB+UEEVwBGJxtfcOHx4mJHc3lgVJnR
LiEWtIND7lu5Ql0eOjSehQzkJZhUb4SnXD7yk64zukQQv9zlZYZCHPDAQ9LzR2vI
ii4yhwdWl7iiZ0lOyR4xqPB3Cx/2kjtuRiSkbpHGwWBJLng2ZqgO4K+gL3naNgqN
TRtdOSK3j/E5WtAeFUUT68Gjsg7yXxqyjUFq+piunFfQHhPB+6sPPy56OtIogOk4
dFCfFAygYNrFKz366KY+7CbpB+4WKA==
-----END CERTIFICATE-----

13
hack/scripts-dev/docker-dns/certs-common-name-multi/gencert.json Normal file
View File

@ -0,0 +1,13 @@
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}

42
hack/scripts-dev/docker-dns/certs-common-name-multi/gencerts.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
echo "must be run from 'fixtures'"
exit 255
fi
if ! which cfssl; then
echo "cfssl is not installed"
exit 255
fi
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
mv ca.pem ca.crt
openssl x509 -in ca.crt -noout -text
# generate wildcard certificates DNS: m1/m2/m3.etcd.local
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr-1.json | cfssljson --bare ./server-1
mv server-1.pem server-1.crt
mv server-1-key.pem server-1.key.insecure
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr-2.json | cfssljson --bare ./server-2
mv server-2.pem server-2.crt
mv server-2-key.pem server-2.key.insecure
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr-3.json | cfssljson --bare ./server-3
mv server-3.pem server-3.crt
mv server-3-key.pem server-3.key.insecure
rm -f *.csr *.pem *.stderr *.txt

33
hack/scripts-dev/docker-dns/certs-common-name-multi/run.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/sh
rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
/etc/init.d/bind9 start
# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
cat /dev/null >/etc/hosts
goreman -f /certs-common-name-multi/Procfile start &
# TODO: remove random sleeps
sleep 7s
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name-multi/ca.crt \
--cert=/certs-common-name-multi/server-1.crt \
--key=/certs-common-name-multi/server-1.key.insecure \
--endpoints=https://m1.etcd.local:2379 \
endpoint health --cluster
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name-multi/ca.crt \
--cert=/certs-common-name-multi/server-2.crt \
--key=/certs-common-name-multi/server-2.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
put abc def
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-common-name-multi/ca.crt \
--cert=/certs-common-name-multi/server-3.crt \
--key=/certs-common-name-multi/server-3.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
get abc

25
hack/scripts-dev/docker-dns/certs-common-name-multi/server-1.crt Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIUaDLXBmJpHrElwENdnVk9hvAvlKcwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
MDBaMHcxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTETMBEGA1UEAxMKZXRjZC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOb5CdovL9QCdgsxnCBikTbJko6r5mrF+eA47gDLcVbWrRW5
d8eZYV1Fyn5qe80O6LB6LKPrRftxyAGABKqIBCHR57E97UsICC4lGycBWaav6cJ+
7Spkpf8cSSDjjgb4KC6VVPf9MCsHxBYSTfme8JEFE+6KjlG8Mqt2yv/5aIyRYITN
WzXvV7wxS9aOgDdXLbojW9FJQCuzttOPfvINTyhtvUvCM8S61La5ymCdAdPpx1U9
m5KC23k6ZbkAC8/jcOV+68adTUuMWLefPf9Ww3qMT8382k86gJgQjZuJDGUl3Xi5
GXmO0GfrMh+v91yiaiqjsJCDp3uVcUSeH7qSkb0CAwEAAaOBqzCBqDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFEwLLCuIHilzynJ7DlTrikyhy2TAMB8GA1UdIwQYMBaA
FEN482NrkIrjNR87nHW/Ma92ZQULMCkGA1UdEQQiMCCCDW0xLmV0Y2QubG9jYWyC
CWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAkERnrIIvkZHWsyih
mFNf/JmFHC+0/UAG9Ti9msRlr9j1fh+vBIid3FAIShX0zFXf+AtN/+Bz5SVvQHUT
tm71AK/vER1Ue059SIty+Uz5mNAjwtXy0WaUgSuF4uju7MkYD5yUnSGv1iBfm88a
q+q1Vd5m6PkOCfuyNQQm5RKUiJiO4OS+2F9/JOpyr0qqdQthOWr266CqXuvVhd+Z
oZZn5TLq5GHCaTxfngSqS3TXl55QEGl65SUgYdGqpIfaQt3QKq2dqVg/syLPkTJt
GNJVLxJuUIu0PLrfuWynUm+1mOOfwXd8NZVZITUxC7Tl5ecFbTaOzU/4a7Cyssny
Wr3dUg==
-----END CERTIFICATE-----

27
hack/scripts-dev/docker-dns/certs-common-name-multi/server-1.key.insecure Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA5vkJ2i8v1AJ2CzGcIGKRNsmSjqvmasX54DjuAMtxVtatFbl3
x5lhXUXKfmp7zQ7osHoso+tF+3HIAYAEqogEIdHnsT3tSwgILiUbJwFZpq/pwn7t
KmSl/xxJIOOOBvgoLpVU9/0wKwfEFhJN+Z7wkQUT7oqOUbwyq3bK//lojJFghM1b
Ne9XvDFL1o6AN1ctuiNb0UlAK7O2049+8g1PKG29S8IzxLrUtrnKYJ0B0+nHVT2b
koLbeTpluQALz+Nw5X7rxp1NS4xYt589/1bDeoxPzfzaTzqAmBCNm4kMZSXdeLkZ
eY7QZ+syH6/3XKJqKqOwkIOne5VxRJ4fupKRvQIDAQABAoIBAQCYQsXm6kJqTbEJ
kgutIa0+48TUfqen7Zja4kyrg3HU4DI75wb6MreHqFFj4sh4FoL4i6HP8XIx3wEN
VBo/XOj0bo6BPiSm2MWjvdxXa0Fxa/f6uneYAb+YHEps/vWKzJ6YjuLzlBnj0/vE
3Q5AJzHJOAK6tuY5JYp1lBsggYcVWiQSW6wGQRReU/B/GdFgglL1chqL33Dt11Uv
Y6+oJz/PyqzPLPHcPbhqyQRMOZXnhx+8/+ooq5IojqOHfpa9JQURcHY7isBnpI/G
ZAa8tZctgTqtL4hB1rxDhdq1fS2YC12lxkBZse4jszcm0tYzy2gWmNTH480uo/0J
GOxX7eP1AoGBAO7O+aLhQWrspWQ//8YFbPWNhyscQub+t6WYjc0wn9j0dz8vkhMw
rh5O8uMcZBMDQdq185BcB3aHInw9COWZEcWNIen4ZyNJa5VCN4FY0a2GtFSSGG3f
ilKmQ7cjB950q2jl1AR3t2H7yah+i1ZChzPx+GEe+51LcJZX8mMjGvwjAoGBAPeZ
qJ2W4O2dOyupAfnKpZZclrEBqlyg7Xj85u20eBMUqtaIEcI/u2kaotQPeuaekUH0
b1ybr3sJBTp3qzHUaNV3iMfgrnbWEOkIV2TCReWQb1Fk93o3gilMIkhGLIhxwWpM
UpQy3JTjGG/Y6gIOs7YnOBGVMA0o+RvouwooU6ifAoGAH6D6H0CGUYsWPLjdP3To
gX1FMciEc+O4nw4dede+1BVM1emPB0ujRBBgywOvnXUI+9atc6k8s84iGyJaU056
tBeFLl/gCSRoQ1SJ1W/WFY2JxMm0wpig0WGEBnV1TVlWeoY2FoFkoG2gv9hCzCHz
lkWuB+76lFKxjrgHOmoj4NECgYB+COmbzkGQsoh8IPuwe0bu0xKh54cgv4oiHBow
xbyZedu8eGcRyf9L8RMRfw/AdNbcC+Dj8xvQNTdEG8Y5BzaV8tLda7FjLHRPKr/R
ulJ6GJuRgyO2Qqsu+mI5B/+DNOSPh2pBpeJCp5a42GHFylYQUsZnrNlY2ZJ0cnND
KGPtYQKBgQDL30+BB95FtRUvFoJIWwASCp7TIqW7N7RGWgqmsXU0EZ0Mya4dquqG
rJ1QuXQIJ+xV060ehwJR+iDUAY2xUg3/LCoDD0rwBzSdh+NEKjOmRNFRtn7WT03Q
264E80r6VTRSN4sWQwAAbd1VF1uGO5tkzZdJGWGhQhvTUZ498dE+9Q==
-----END RSA PRIVATE KEY-----

25
hack/scripts-dev/docker-dns/certs-common-name-multi/server-2.crt Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIUHXDUS+Vry/Tquc6S6OoaeuGozrEwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
MDBaMHcxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTETMBEGA1UEAxMKZXRjZC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOO+FsO+6pwpv+5K+VQTYQb0lT0BjnM7Y2qSZIiTGCDp/M0P
yHSed4oTzxBeA9hEytczH/oddAUuSZNgag5sGFVgjFNdiZli4wQqJaMQRodivuUl
ZscqnWwtP3GYVAfg+t/4YdGB+dQRDQvHBl9BRYmUh2ixOA98OXKfNMr+u+3sh5Gy
dwx5ZEBRvgBcRrgCaIMsvVeIzHQBMHrNySAD1bGgm3xGdLeVPhAp24yUKZ5IbN6/
+5hyCRARtGwLH/1Q/h10Sr5jxQi00eEXH+CNOvcerH6b2II/BxHIcqKd0u36pUfG
0KsY+ia0fvYi510V6Q0FAn45luEjHEk5ITN/LnMCAwEAAaOBqzCBqDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFE69SZun6mXZe6cd3Cb2HWrK281MMB8GA1UdIwQYMBaA
FEN482NrkIrjNR87nHW/Ma92ZQULMCkGA1UdEQQiMCCCDW0yLmV0Y2QubG9jYWyC
CWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAI5nHHULV7eUJMsvv
zk1shv826kOwXbMX10iRaf49/r7TWBq0pbPapvf5VXRsZ5wlDrDzjaNstpsaow/j
fhZ1zpU0h1bdifxE+omFSWZjpVM8kQD/yzT34VdyA+P2HuxG8ZTa8r7wTGrooD60
TjBBM5gFV4nGVe+KbApQ26KWr+P8biKaWe6MM/jAv6TNeXiWReHqyM5v404PZQXK
cIN+fBb8bQfuaKaN1dkOUI3uSHmVmeYc5OGNJ2QKL9Uzm1VGbbM+1BOLhmF53QSm
5m2B64lPKy+vpTcRLN7oW1FHZOKts+1OEaLMCyjWFKFbdcrmJI+AP2IB+V6ODECn
RwJDtA==
-----END CERTIFICATE-----

27
hack/scripts-dev/docker-dns/certs-common-name-multi/server-2.key.insecure Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA474Ww77qnCm/7kr5VBNhBvSVPQGOcztjapJkiJMYIOn8zQ/I
dJ53ihPPEF4D2ETK1zMf+h10BS5Jk2BqDmwYVWCMU12JmWLjBColoxBGh2K+5SVm
xyqdbC0/cZhUB+D63/hh0YH51BENC8cGX0FFiZSHaLE4D3w5cp80yv677eyHkbJ3
DHlkQFG+AFxGuAJogyy9V4jMdAEwes3JIAPVsaCbfEZ0t5U+ECnbjJQpnkhs3r/7
mHIJEBG0bAsf/VD+HXRKvmPFCLTR4Rcf4I069x6sfpvYgj8HEchyop3S7fqlR8bQ
qxj6JrR+9iLnXRXpDQUCfjmW4SMcSTkhM38ucwIDAQABAoIBAQCHYF6N2zYAwDyL
/Ns65A4gIVF5Iyy3SM0u83h5St7j6dNRXhltYSlz1ZSXiRtF+paM16IhflKSJdKs
nXpNumm4jpy7jXWWzRZfSmJ3DNyv673H3rS6nZVYUYlOEBubV1wpuK8E5/tG2R/l
KVibVORuBPF9BSNq6RAJF6Q9KrExmvH4MmG/3Y+iYbZgn0OK1WHxzbeMzdI8OO4z
eg4gTKuMoRFt5B4rZmC5QiXGHdnUXRWfy+yPLTH3hfTek4JT98akFNS01Q4UAi9p
5cC3TOqDNiZdAkN83UKhW9TNAc/vJlq6d5oXW5R+yPt+d8yMvEch4KfpYo33j0oz
qB40pdJRAoGBAP8ZXnWXxhzLhZ4o+aKefnsUUJjaiVhhSRH/kGAAg65lc4IEnt+N
nzyNIwz/2vPv2Gq2BpStrTsTNKVSZCKgZhoBTavP60FaszDSM0bKHTWHW7zaQwc0
bQG6YvvCiP0iwEzXw7S4BhdAl+x/5C30dUZgKMSDFzuBI187h6dQQNZpAoGBAOSL
/MBuRYBgrHIL9V1v9JGDBeawGc3j2D5c56TeDtGGv8WGeCuE/y9tn+LcKQ+bCGyi
qkW+hobro/iaXODwUZqSKaAVbxC7uBLBTRB716weMzrnD8zSTOiMWg/gh+FOnr/4
ZfcBco2Pmm5qQ3ZKwVk2jsfLhz6ZKwMrjSaO1Zp7AoGBAJZsajPjRHI0XN0vgkyv
Mxv2lbQcoYKZE1JmpcbGZt/OePdBLEHcq/ozq2h98qmHU9FQ9r5zT0QXhiK6W8vD
U5GgFSHsH+hQyHtQZ+YlRmYLJEBPX9j+xAyR0M5uHwNNm6F0VbXaEdViRHOz0mR6
0zClgUSnnGp9MtN0MgCqJSGJAoGAJYba3Jn+rYKyLhPKmSoN5Wq3KFbYFdeIpUzJ
+GdB1aOjj4Jx7utqn1YHv89YqqhRLM1U2hjbrAG7LdHi2Eh9jbzcOt3qG7xHEEVP
Kxq6ohdfYBean44UdMa+7wZ2KUeoh2r5CyLgtV/UArdOFnlV4Bk2PpYrwdqSlnWr
Op6PcksCgYEA6HmIHLRTGyOUzS82BEcs5an2mzhQ8XCNdYS6sDaYSiDu2qlPukyZ
jons6P4qpOxlP9Cr6DW7px2fUZrEuPUV8fRJOc+a5AtZ5TmV6N1uH/G1rKmmAMCc
jGAmTJW87QguauTpuUto5u6IhyO2CRsYEy8K1A/1HUQKl721faZBIMA=
-----END RSA PRIVATE KEY-----

25
hack/scripts-dev/docker-dns/certs-common-name-multi/server-3.crt Normal file
View File

@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIEIDCCAwigAwIBAgIURfpNMXGb1/oZVwEWyc0Ofn7IItQwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xODAxMjAwNjAwMDBaFw0yODAxMTgwNjAw
MDBaMHcxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTETMBEGA1UEAxMKZXRjZC5sb2NhbDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALgCDkDM4qayF6CFt1ZScKR8B+/7qrn1iQ/qYnzRHQ1hlkuS
b3TkQtt7amGAuoD42d8jLYYvHn2Pbmdhn0mtgYZpFfLFCg4O67ZbX54lBHi+yDEh
QhneM9Ovsc42A0EVvabINYtKR6B2YRN00QRXS5R1t+QmclpshFgY0+ITsxlJeygs
wojXthPEfjTQK04JUi5LTHP15rLVzDEd7MguCWdEWRnOu/mSfPHlyz2noUcKuy0M
awsnSMwf+KBwQMLbJhTXtA4MG2FYsm/2en3/oAc8/0Z8sMOX05F+b0MgHl+a31aQ
UHM5ykfDNm3hGQfzjQCx4y4hjDoFxbuXvsey6GMCAwEAAaOBqzCBqDAOBgNVHQ8B
Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB
/wQCMAAwHQYDVR0OBBYEFDMydqyg/s43/dJTMt25zJubI/CUMB8GA1UdIwQYMBaA
FEN482NrkIrjNR87nHW/Ma92ZQULMCkGA1UdEQQiMCCCDW0zLmV0Y2QubG9jYWyC
CWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEAVs3VQjgx9CycaWKS
P6EvMtlqOkanJEe3zr69sI66cc2ZhfJ5xK38ox4oYpMOA131WRvwq0hjKhhZoVQ8
aQ4yALi1XBltuIyEyrTX9GWAMeDzY95MdWKhyI8ps6/OOoXN596g9ZdOdIbZAMT4
XAXm43WccM2W2jiKCEKcE4afIF8RiMIaFwG8YU8oHtnnNvxTVa0wrpcObtEtIzC5
RJxzX9bkHCTHTgJog4OPChU4zffn18U/AVJ7MZ8gweVwhc4gGe0kwOJE+mLHcC5G
uoFSuVmAhYrH/OPpZhSDOaCED4dsF5jN25CbR3NufEBFRXBH20ZHNkNvbbBnYCBU
4+Rx5w==
-----END CERTIFICATE-----

27
hack/scripts-dev/docker-dns/certs-common-name-multi/server-3.key.insecure Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAuAIOQMziprIXoIW3VlJwpHwH7/uqufWJD+pifNEdDWGWS5Jv
dORC23tqYYC6gPjZ3yMthi8efY9uZ2GfSa2BhmkV8sUKDg7rtltfniUEeL7IMSFC
Gd4z06+xzjYDQRW9psg1i0pHoHZhE3TRBFdLlHW35CZyWmyEWBjT4hOzGUl7KCzC
iNe2E8R+NNArTglSLktMc/XmstXMMR3syC4JZ0RZGc67+ZJ88eXLPaehRwq7LQxr
CydIzB/4oHBAwtsmFNe0DgwbYViyb/Z6ff+gBzz/Rnyww5fTkX5vQyAeX5rfVpBQ
cznKR8M2beEZB/ONALHjLiGMOgXFu5e+x7LoYwIDAQABAoIBAQCY54RmjprNAHKn
vlXCEpFt7W8/GXcePg2ePxuGMtKcevpEZDPgA4oXDnAxA6J3Z9LMHFRJC8Cff9+z
YqjVtatLQOmvKdMYKYfvqfBD3ujfWVHLmaJvEnkor/flrnZ30BQfkoED9T6d9aDn
ZQwHOm8gt82OdfBSeZhkCIWReOM73622qJhmLWUUY3xEucRAFF6XffOLvJAT87Vu
pXKtCnQxhzxkUsCYNIOeH/pTX+XoLkysFBKxnrlbTeM0cEgWpYMICt/vsUrp6DHs
jygxR1EnT2/4ufe81aFSO4SzUZKJrz8zj4yIyDOR0Mp6FW+xMp8S0fDOywHhLlXn
xQOevmGBAoGBAOMQaWWs2FcxWvLfX95RyWPtkQ+XvmWlL5FR427TlLhtU6EPs0xZ
eeanMtQqSRHlDkatwc0XQk+s30/UJ+5i1iz3shLwtnZort/pbnyWrxkE9pcR0fgr
IklujJ8e8kQHpY75gOLmEiADrUITqvfbvSMsaG3h1VydPNU3JYTUuYmjAoGBAM91
Atnri0PH3UKonAcMPSdwQ5NexqAD1JUk6KUoX2poXBXO3zXBFLgbMeJaWthbe+dG
Raw/zjBET/oRfDOssh+QTD8TutI9LA2+EN7TG7Kr6NFciz4Q2pioaimv9KUhJx+8
HH2wCANYgkv69IWUFskF0uDCW9FQVvpepcctCJJBAoGAMlWxB5kJXErUnoJl/iKj
QkOnpI0+58l2ggBlKmw8y6VwpIOWe5ZaL4dg/Sdii1T7lS9vhsdhK8hmuIuPToka
cV13XDuANz99hKV6mKPOrP0srNCGez0UnLKk+aEik3IegVNN/v6BhhdKkRtLCybr
BqERhUpKwf0ZPyq6ZnfBqYECgYEAsiD2YcctvPVPtnyv/B02JTbvzwoB4kNntOgM
GkOgKe2Ro+gNIEq5T5uKKaELf9qNePeNu2jN0gPV6BI7YuNVzmRIE6ENOJfty573
PVxm2/Nf5ORhatlt2MZC4aiDl4Xv4f/TNth/COBmgHbqngeZyOGHQBWiYQdqp2+9
SFgSlAECgYEA1zLhxj6f+psM5Gpx56JJIEraHfyuyR1Oxii5mo7I3PLsbF/s6YDR
q9E64GoR5PdgCQlMm09f6wfT61NVwsYrbLlLET6tAiG0eNxXe71k1hUb6aa4DpNQ
IcS3E3hb5KREXUH5d+PKeD2qrf52mtakjn9b2aH2rQw2e2YNkIDV+XA=
-----END RSA PRIVATE KEY-----

21
hack/scripts-dev/docker-dns/certs-common-name-multi/server-ca-csr-1.json Normal file
View File

@ -0,0 +1,21 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "etcd.local",
"hosts": [
"m1.etcd.local",
"127.0.0.1",
"localhost"
]
}

21
hack/scripts-dev/docker-dns/certs-common-name-multi/server-ca-csr-2.json Normal file
View File

@ -0,0 +1,21 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "etcd.local",
"hosts": [
"m2.etcd.local",
"127.0.0.1",
"localhost"
]
}

21
hack/scripts-dev/docker-dns/certs-common-name-multi/server-ca-csr-3.json Normal file
View File

@ -0,0 +1,21 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "etcd.local",
"hosts": [
"m3.etcd.local",
"127.0.0.1",
"localhost"
]
}

6
hack/scripts-dev/docker-dns/certs-common-name/Procfile
View File

@ -1,6 +0,0 @@
# Use goreman to run `go get github.com/mattn/goreman`
etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://m1.etcd.local:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name/server.crt --peer-key-file=/certs-common-name/server.key.insecure --peer-trusted-ca-file=/certs-common-name/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name/server.crt --key-file=/certs-common-name/server.key.insecure --trusted-ca-file=/certs-common-name/ca.crt --client-cert-auth
etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://m2.etcd.local:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name/server.crt --peer-key-file=/certs-common-name/server.key.insecure --peer-trusted-ca-file=/certs-common-name/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name/server.crt --key-file=/certs-common-name/server.key.insecure --trusted-ca-file=/certs-common-name/ca.crt --client-cert-auth
etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://m3.etcd.local:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=https://m1.etcd.local:2380,m2=https://m2.etcd.local:22380,m3=https://m3.etcd.local:32380 --initial-cluster-state new --peer-cert-file=/certs-common-name/server.crt --peer-key-file=/certs-common-name/server.key.insecure --peer-trusted-ca-file=/certs-common-name/ca.crt --peer-client-cert-auth --peer-cert-allowed-cn test-common-name --cert-file=/certs-common-name/server.crt --key-file=/certs-common-name/server.key.insecure --trusted-ca-file=/certs-common-name/ca.crt --client-cert-auth

49
hack/scripts-dev/docker-dns/certs/run.sh
View File

@ -31,3 +31,52 @@ ETCDCTL_API=3 ./etcdctl \
--key=/certs/server.key.insecure \
--endpoints=https://m1.etcd.local:2379,https://m2.etcd.local:22379,https://m3.etcd.local:32379 \
get abc
printf "\nWriting v2 key...\n"
curl -L https://127.0.0.1:2379/v2/keys/queue \
--cacert /certs/ca.crt \
--cert /certs/server.crt \
--key /certs/server.key.insecure \
-X POST \
-d value=data
printf "\nWriting v2 key...\n"
curl -L https://m1.etcd.local:2379/v2/keys/queue \
--cacert /certs/ca.crt \
--cert /certs/server.crt \
--key /certs/server.key.insecure \
-X POST \
-d value=data
printf "\nWriting v3 key...\n"
curl -L https://127.0.0.1:2379/v3/kv/put \
--cacert /certs/ca.crt \
--cert /certs/server.crt \
--key /certs/server.key.insecure \
-X POST \
-d '{"key": "Zm9v", "value": "YmFy"}'
printf "\n\nWriting v3 key...\n"
curl -L https://m1.etcd.local:2379/v3/kv/put \
--cacert /certs/ca.crt \
--cert /certs/server.crt \
--key /certs/server.key.insecure \
-X POST \
-d '{"key": "Zm9v", "value": "YmFy"}'
printf "\n\nReading v3 key...\n"
curl -L https://m1.etcd.local:2379/v3/kv/range \
--cacert /certs/ca.crt \
--cert /certs/server.crt \
--key /certs/server.key.insecure \
-X POST \
-d '{"key": "Zm9v"}'
printf "\n\nFetching 'curl https://m1.etcd.local:2379/metrics'...\n"
curl \
--cacert /certs/ca.crt \
--cert /certs/server.crt \
--key /certs/server.key.insecure \
-L https://m1.etcd.local:2379/metrics | grep Put | tail -3
printf "\n\nDone!!!\n\n"

6
hack/scripts-dev/docker-dns/insecure/Procfile Normal file
View File

@ -0,0 +1,6 @@
# Use goreman to run `go get github.com/mattn/goreman`
etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://m1.etcd.local:2379 --listen-peer-urls http://127.0.0.1:2380 --initial-advertise-peer-urls=http://m1.etcd.local:2380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"
etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://m2.etcd.local:22379 --listen-peer-urls http://127.0.0.1:22380 --initial-advertise-peer-urls=http://m2.etcd.local:22380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"
etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://m3.etcd.local:32379 --listen-peer-urls http://127.0.0.1:32380 --initial-advertise-peer-urls=http://m3.etcd.local:32380 --initial-cluster-token tkn --initial-cluster=m1=http://m1.etcd.local:2380,m2=http://m2.etcd.local:22380,m3=http://m3.etcd.local:32380 --host-whitelist "localhost,127.0.0.1,m1.etcd.local"

89
hack/scripts-dev/docker-dns/insecure/run.sh Executable file
View File

@ -0,0 +1,89 @@
#!/bin/sh
rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
/etc/init.d/bind9 start
# get rid of hosts so go lookup won't resolve 127.0.0.1 to localhost
cat /dev/null >/etc/hosts
goreman -f /insecure/Procfile start &
# TODO: remove random sleeps
sleep 7s
ETCDCTL_API=3 ./etcdctl \
--endpoints=http://m1.etcd.local:2379 \
endpoint health --cluster
ETCDCTL_API=3 ./etcdctl \
--endpoints=http://m1.etcd.local:2379,http://m2.etcd.local:22379,http://m3.etcd.local:32379 \
put abc def
ETCDCTL_API=3 ./etcdctl \
--endpoints=http://m1.etcd.local:2379,http://m2.etcd.local:22379,http://m3.etcd.local:32379 \
get abc
printf "\nWriting v2 key...\n"
curl \
-L http://127.0.0.1:2379/v2/keys/queue \
-X POST \
-d value=data
printf "\nWriting v2 key...\n"
curl \
-L http://m1.etcd.local:2379/v2/keys/queue \
-X POST \
-d value=data
printf "\nWriting v3 key...\n"
curl \
-L http://127.0.0.1:2379/v3/kv/put \
-X POST \
-d '{"key": "Zm9v", "value": "YmFy"}'
printf "\n\nWriting v3 key...\n"
curl \
-L http://m1.etcd.local:2379/v3/kv/put \
-X POST \
-d '{"key": "Zm9v", "value": "YmFy"}'
printf "\n\nReading v3 key...\n"
curl \
-L http://m1.etcd.local:2379/v3/kv/range \
-X POST \
-d '{"key": "Zm9v"}'
printf "\n\nFetching 'curl http://m1.etcd.local:2379/metrics'...\n"
curl \
-L http://m1.etcd.local:2379/metrics | grep Put | tail -3
name1=$(base64 <<< "/election-prefix")
val1=$(base64 <<< "v1")
data1="{\"name\":\"${name1}\", \"value\":\"${val1}\"}"
printf "\n\nCampaign: ${data1}\n"
result1=$(curl -L http://m1.etcd.local:2379/v3/election/campaign -X POST -d "${data1}")
echo ${result1}
# should not panic servers
val2=$(base64 <<< "v2")
data2="{\"value\": \"${val2}\"}"
printf "\n\nProclaim (wrong-format): ${data2}\n"
curl \
-L http://m1.etcd.local:2379/v3/election/proclaim \
-X POST \
-d "${data2}"
printf "\n\nProclaim (wrong-format)...\n"
curl \
-L http://m1.etcd.local:2379/v3/election/proclaim \
-X POST \
-d '}'
printf "\n\nProclaim (wrong-format)...\n"
curl \
-L http://m1.etcd.local:2379/v3/election/proclaim \
-X POST \
-d '{"value": "Zm9v"}'
printf "\n\nDone!!!\n\n"

37
hack/scripts-dev/docker-static-ip/Dockerfile Normal file
View File

@ -0,0 +1,37 @@
FROM ubuntu:17.10
RUN rm /bin/sh && ln -s /bin/bash /bin/sh
RUN echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections
RUN apt-get -y update \
&& apt-get -y install \
build-essential \
gcc \
apt-utils \
pkg-config \
software-properties-common \
apt-transport-https \
libssl-dev \
sudo \
bash \
curl \
tar \
git \
netcat \
bind9 \
dnsutils \
&& apt-get -y update \
&& apt-get -y upgrade \
&& apt-get -y autoremove \
&& apt-get -y autoclean
ENV GOROOT /usr/local/go
ENV GOPATH /go
ENV PATH ${GOPATH}/bin:${GOROOT}/bin:${PATH}
ENV GO_VERSION REPLACE_ME_GO_VERSION
ENV GO_DOWNLOAD_URL https://storage.googleapis.com/golang
RUN rm -rf ${GOROOT} \
&& curl -s ${GO_DOWNLOAD_URL}/go${GO_VERSION}.linux-amd64.tar.gz | tar -v -C /usr/local/ -xz \
&& mkdir -p ${GOPATH}/src ${GOPATH}/bin \
&& go version \
&& go get -v -u github.com/mattn/goreman

8
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/Procfile Normal file
View File

@ -0,0 +1,8 @@
# Use goreman to run `go get github.com/mattn/goreman`
etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://localhost:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://localhost:2380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs-metrics-proxy/server.crt --peer-key-file=/certs-metrics-proxy/server.key.insecure --peer-trusted-ca-file=/certs-metrics-proxy/ca.crt --peer-client-cert-auth --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --client-cert-auth --listen-metrics-urls=https://localhost:2378,http://localhost:9379
etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://localhost:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://localhost:22380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs-metrics-proxy/server.crt --peer-key-file=/certs-metrics-proxy/server.key.insecure --peer-trusted-ca-file=/certs-metrics-proxy/ca.crt --peer-client-cert-auth --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --client-cert-auth --listen-metrics-urls=https://localhost:22378,http://localhost:29379
etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://localhost:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://localhost:32380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs-metrics-proxy/server.crt --peer-key-file=/certs-metrics-proxy/server.key.insecure --peer-trusted-ca-file=/certs-metrics-proxy/ca.crt --peer-client-cert-auth --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --client-cert-auth --listen-metrics-urls=https://localhost:32378,http://localhost:39379
proxy: ./etcd grpc-proxy start --advertise-client-url=localhost:23790 --listen-addr=localhost:23790 --endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 --data-dir=/tmp/proxy.data --cacert=/certs-metrics-proxy/ca.crt --cert=/certs-metrics-proxy/server.crt --key=/certs-metrics-proxy/server.key.insecure --trusted-ca-file=/certs-metrics-proxy/ca.crt --cert-file=/certs-metrics-proxy/server.crt --key-file=/certs-metrics-proxy/server.key.insecure --metrics-addr=http://localhost:9378

19
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/ca-csr.json Normal file
View File

@ -0,0 +1,19 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "ca",
"ca": {
"expiry": "87600h"
}
}

22
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/ca.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDsTCCApmgAwIBAgIUYWIIesEznr7VfYawvmttxxmOfeUwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDYyMTUzMDBaFw0yNzEyMDQyMTUz
MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDDN/cW7rl/qz59gF3csnDhp5BAxVY7n0+inzZO+MZIdkCFuus6Klc6mWMY
/ZGvpWxVDgQvYBs310eq4BrM2BjwWNfgqIn6bHVwwGfngojcDEHlZHw1e9sdBlO5
e/rNONpNtMUjUeukhzFwPOdsUfweAGsqj4VYJV+kkS3uGmCGIj+3wIF411FliiQP
WiyLG16BwR1Vem2qOotCRgCawKSb4/wKfF8dvv00IjP5Jcy+aXLQ4ULW1fvj3cRR
JLdZmZ/PF0Cqm75qw2IqzIhRB5b1e8HyRPeNtEZ7frNLZyFhLgHJbRFF5WooFX79
q9py8dERBXOxCKrSdqEOre0OU/4pAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBS+CaA8UIkIJT9xhXff4p143UuW
7TANBgkqhkiG9w0BAQsFAAOCAQEAK7lScAUi+R68oxxmgZ/pdEr9wsMj4xtss+GO
UDgzxudpT1nYQ2iBudC3LIuTiaUHUSseVleXEKeNbKhKhVhlIwhmPxiOgbbFu9hr
e2Z87SjtdlbE/KcYFw0W/ukWYxYrq08BB19w2Mqd8J5CnLcj4/0iiH1uARo1swFy
GUYAJ2I147sHIDbbmLKuxbdf4dcrkf3D4inBOLcRhS/MzaXfdMFntzJDQAo5YwFI
zZ4TRGOhj8IcU1Cn5SVufryWy3qJ+sKHDYsGQQ/ArBXwQnO3NAFCpEN9rDDuQVmH
+ATHDFBQZcGfN4GDh74FGnliRjip2sO4oWTfImmgJGGAn+P2CA==
-----END CERTIFICATE-----

13
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/gencert.json Normal file
View File

@ -0,0 +1,13 @@
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}

0
hack/scripts-dev/docker-dns/certs-common-name/gencerts.sh → hack/scripts-dev/docker-static-ip/certs-metrics-proxy/gencerts.sh
View File

119
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/run.sh Executable file
View File

@ -0,0 +1,119 @@
#!/bin/sh
rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data /tmp/proxy.data
goreman -f /certs-metrics-proxy/Procfile start &
# TODO: remove random sleeps
sleep 7s
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-metrics-proxy/ca.crt \
--cert=/certs-metrics-proxy/server.crt \
--key=/certs-metrics-proxy/server.key.insecure \
--endpoints=https://localhost:2379 \
endpoint health --cluster
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-metrics-proxy/ca.crt \
--cert=/certs-metrics-proxy/server.crt \
--key=/certs-metrics-proxy/server.key.insecure \
--endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 \
put abc def
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs-metrics-proxy/ca.crt \
--cert=/certs-metrics-proxy/server.crt \
--key=/certs-metrics-proxy/server.key.insecure \
--endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 \
get abc
#################
sleep 3s && printf "\n\n" && echo "curl https://localhost:2378/metrics"
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:2378/metrics | grep Put | tail -3
sleep 3s && printf "\n" && echo "curl https://localhost:2379/metrics"
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:2379/metrics | grep Put | tail -3
sleep 3s && printf "\n" && echo "curl http://localhost:9379/metrics"
curl -L http://localhost:9379/metrics | grep Put | tail -3
#################
#################
sleep 3s && printf "\n\n" && echo "curl https://localhost:22378/metrics"
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:22378/metrics | grep Put | tail -3
sleep 3s && printf "\n" && echo "curl https://localhost:22379/metrics"
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:22379/metrics | grep Put | tail -3
sleep 3s && printf "\n" && echo "curl http://localhost:29379/metrics"
curl -L http://localhost:29379/metrics | grep Put | tail -3
#################
#################
sleep 3s && printf "\n\n" && echo "curl https://localhost:32378/metrics"
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:32378/metrics | grep Put | tail -3
sleep 3s && printf "\n" && echo "curl https://localhost:32379/metrics"
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:32379/metrics | grep Put | tail -3
sleep 3s && printf "\n" && echo "curl http://localhost:39379/metrics"
curl -L http://localhost:39379/metrics | grep Put | tail -3
#################
#################
sleep 3s && printf "\n\n" && echo "Requests to gRPC proxy localhost:23790"
ETCDCTL_API=3 ./etcdctl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
--endpoints=localhost:23790 \
put ghi jkl
ETCDCTL_API=3 ./etcdctl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
--endpoints=localhost:23790 \
get ghi
sleep 3s && printf "\n" && echo "Requests to gRPC proxy https://localhost:23790/metrics"
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:23790/metrics | grep Put | tail -3
sleep 3s && printf "\n" && echo "Requests to gRPC proxy http://localhost:9378/metrics"
curl -L http://localhost:9378/metrics | grep Put | tail -3
<<COMMENT
curl \
--cacert /certs-metrics-proxy/ca.crt \
--cert /certs-metrics-proxy/server.crt \
--key /certs-metrics-proxy/server.key.insecure \
-L https://localhost:9378/metrics | grep Put | tail -3
COMMENT
#################

19
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/server-ca-csr.json Normal file
View File

@ -0,0 +1,19 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"hosts": [
"127.0.0.1",
"localhost"
]
}

24
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/server.crt Normal file
View File

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIID/DCCAuSgAwIBAgIUSB2TVFR5v0lf79bffoZGdiRNB3YwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDYyMTUzMDBaFw0yNzEyMDQyMTUz
MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALRv9k58Emso
T4is8s2Vf8hxO3eVJxMd5IUSzmAPsFBcZEKpXo3AbK1CeZVn8aOJWd12cwnziTU9
31baCKvT6Tm2kRoBXW/wHuxcuazL8xqg15xRQy+//skUEAR3rODyy5hl9dSBE7hl
QHhpMZx66nF+AEZzgEHo7C1MV8BDDT28nDE1SLgHlzugYeLoWvGiN4KrCGbUizby
90O6WFZVasHYk5l0TcNiX2EUVOkKeBdZo6bBa2qTf++Q0SX8KUOdsg+avZjjs+qu
C8mIYhtwFLdhs/0jthgg4/mD73PZBLuK2CuYqvLZtWvDdnn99cZK86rLUwOD4jL2
lr6BTuwsp48CAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFCOx2DWC
ooWTJHTR/Gf4litdPu4nMB8GA1UdIwQYMBaAFL4JoDxQiQglP3GFd9/inXjdS5bt
MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
RkRCpvtmCd+l6yHXGeL43rqseIEBT2ujGctRWkjwfe3INgiUHrIsTayoNk9fqmuV
YBOW5z5vtfAOT/obFevfyqjEaHpl8qkGIty1e8s0xtT4n8tgtO5zhVAyt5bZ52UN
1P7uUJ+j7dVuqV9+AUHlGeWAassmVWbqd3gVA/nhemIgOtqxbCcZ5277t3k7ALLe
JUMDyFAYHz8ZcOk92wFT1mMrbt60zsWIb9vWkgdYHdC+DODhQDWNdvm6yW6cBm8m
iUwTpNQ4W0UdjaQV4u7GU4kJUwCHnR4m/AoC/6/pUhjlBv5oU5TVKPqKr05q/FBZ
VKLrBSYLChjrTPx0C4BqLA==
-----END CERTIFICATE-----

27
hack/scripts-dev/docker-static-ip/certs-metrics-proxy/server.key.insecure Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAtG/2TnwSayhPiKzyzZV/yHE7d5UnEx3khRLOYA+wUFxkQqle
jcBsrUJ5lWfxo4lZ3XZzCfOJNT3fVtoIq9PpObaRGgFdb/Ae7Fy5rMvzGqDXnFFD
L7/+yRQQBHes4PLLmGX11IETuGVAeGkxnHrqcX4ARnOAQejsLUxXwEMNPbycMTVI
uAeXO6Bh4uha8aI3gqsIZtSLNvL3Q7pYVlVqwdiTmXRNw2JfYRRU6Qp4F1mjpsFr
apN/75DRJfwpQ52yD5q9mOOz6q4LyYhiG3AUt2Gz/SO2GCDj+YPvc9kEu4rYK5iq
8tm1a8N2ef31xkrzqstTA4PiMvaWvoFO7CynjwIDAQABAoIBAAr+W1py0sh2n0nr
h6ug9TUoOQBTNRtEEf1NpQdTTWHID0/Ec/9c/wIbb777o0xcfP4yTlYH4Y894tKu
3CJj+ezLQ9H6zU+ZqLir+aAemQRBUoGyrc5F+2cS8tri08Ss5ly1saGt756nhKMR
fbVUA97AV5HzTZg2cdVctmf/bdoZ/ou7v52thPnEfHPtvGFHKEm7ztJq+2RLNZqC
kGbToGPF19KWh+cLL5IhGraqKnXXuUjMi1RvxLmA4vztfGCkz9145hrAuSEFEs1y
Fq7IAAHtzzhEcaHpqg+FqqmXQEVrH6+p62/PzfTJdlkzWzroQMdJIib++iX3tN+c
CR+loMkCgYEAy40Q+4Z+zQ6c2vp8DXal7dLF2FkQ4Ltee6H7J/vJ91w19ThXnCgr
EkNerYrnLSpQDS4gkXxl7/+m08R5nziopdTSPwtWJjHJoESMhsjLuyXY03IXV/C8
7xY4L1Uwqp7b6ueqAX3x6HGgBdgty921Lvf7t+kvRkwvcj8Xh7oPJQUCgYEA4u48
k+HFJDwtw0ZmQZ5ntB7Nn3deoygA1tE+Q9GZadGV0nmUjViZCG6DA+V8h2IYMnyd
QLQWBdJyhGnAANWajYaUNLfQXbf7Ucb2VbiqMpfD6jgb00OUrv5eZTExDE0QDNJ6
nMeYQJj7TAuuab9UdUsE2uLderHlB29DQ4eXvoMCgYACdCLeRVLF+gUeBqL0Lpf1
c/L6lqhDbT7IUr2KT9ixaKUl3ZYAxeMvByze/qumubnZTtMJrew0pmpGZznoF3DA
/v3B0MsrDrKVgf4Hqef6y4v/kIKDht1gLG5k86vwgpW4ES7VccU2vhfluiNjL7r9
Y/Pe1arCOCziPax08GM6WQKBgQDAJ8c32acbZbHCdqxDyCQ8CxFGhMeoFEmRnSDC
QItNZWEeFkFJ5sm+sAVUmU/3O4MNzSNDFLrJN0gtA3bHvhfe2yRH95YCpbWzq2wP
bg0ARi5o+BXnsIQIIfBAc4T6y45ZrSiR9RjhKikwXXvUo2Sa5Wk5B31PVa9/uiEU
344IjQKBgCpjpncuUe4ioAI6kmSlaF9FpRKBQbA4NmMD6/scc1r4N1rBO+w4a8oi
8N+6tmFds4Vl5A9M0OpJ2zwOVOp62EWuYo0zAdcigg6zI2kxZKMG7GeUC9yga3Zr
FE5npYNx2ypha2FM3DTXm7jUB4Lb0cMGD3Fa0pRTmp+wjaInEu4b
-----END RSA PRIVATE KEY-----

6
hack/scripts-dev/docker-static-ip/certs/Procfile Normal file
View File

@ -0,0 +1,6 @@
# Use goreman to run `go get github.com/mattn/goreman`
etcd1: ./etcd --name m1 --data-dir /tmp/m1.data --listen-client-urls https://127.0.0.1:2379 --advertise-client-urls https://localhost:2379 --listen-peer-urls https://127.0.0.1:2380 --initial-advertise-peer-urls=https://localhost:2380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
etcd2: ./etcd --name m2 --data-dir /tmp/m2.data --listen-client-urls https://127.0.0.1:22379 --advertise-client-urls https://localhost:22379 --listen-peer-urls https://127.0.0.1:22380 --initial-advertise-peer-urls=https://localhost:22380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth
etcd3: ./etcd --name m3 --data-dir /tmp/m3.data --listen-client-urls https://127.0.0.1:32379 --advertise-client-urls https://localhost:32379 --listen-peer-urls https://127.0.0.1:32380 --initial-advertise-peer-urls=https://localhost:32380 --initial-cluster-token tkn --initial-cluster=m1=https://localhost:2380,m2=https://localhost:22380,m3=https://localhost:32380 --initial-cluster-state new --peer-cert-file=/certs/server.crt --peer-key-file=/certs/server.key.insecure --peer-trusted-ca-file=/certs/ca.crt --peer-client-cert-auth --cert-file=/certs/server.crt --key-file=/certs/server.key.insecure --trusted-ca-file=/certs/ca.crt --client-cert-auth

19
hack/scripts-dev/docker-static-ip/certs/ca-csr.json Normal file
View File

@ -0,0 +1,19 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"CN": "ca",
"ca": {
"expiry": "87600h"
}
}

22
hack/scripts-dev/docker-static-ip/certs/ca.crt Normal file
View File

@ -0,0 +1,22 @@
-----BEGIN CERTIFICATE-----
MIIDsTCCApmgAwIBAgIUPGAgz9+DjeuPzrVKqSTcklFhOZMwDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDYyMTUzMDBaFw0yNzEyMDQyMTUz
MDBaMG8xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTELMAkGA1UEAxMCY2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDHLx2A7Qs+qnL/CQUSU4mT0u4FXC2FUIIsq7rSEjZrVNTALgFWFPVh/NU4
5LNf4Ef1V2vFCgqoa5OTjvIGx3SYLddC1Hne45vLZwjqo4WxNExUykYhkUeqirxV
HL3jrobbBk6AWTy8/4etsCXNMrmcQgTuV6Yff0IIhHi1N5GyTFWQIx0VQEYGR0Iy
pvpwNb7NvSN8qJJPlaNzQweWxbxtfq/Lz6THvH4amrlUqDBJleB0BPlztiAinh6e
n94rcJhTK79pkRk7rDNTwzOl2GCUsRu3hZPsMqr4GhVcvsHOFYqHNrUtqMbVHYDI
AKkLbQoUpKlQHgWqvTaDKp9z9jkxAgMBAAGjRTBDMA4GA1UdDwEB/wQEAwIBBjAS
BgNVHRMBAf8ECDAGAQH/AgECMB0GA1UdDgQWBBTAR9YYHDMfW5gTDi2ER6HBrxl8
1jANBgkqhkiG9w0BAQsFAAOCAQEAKiZ/j7ybugOMUf9RNl40cKh/J/AbTUklUxc9
gvYpAf6nIruhrllYXxY8f1jmB6wPTCIHfsUuo6CxjdB8DRYGZay3+fCOSuYmoQZG
04nRnyD4sCAeOj8I7ugRTOb76Fo/CusS+g4d8peJE23W6qd0jth3EgVFjbNbTB7u
eZUuL6S0TyXaxLprLty3fSd+ykWlRphYTZQa5NLnD8fcWEr9W8uWZT6kY2bOuoJk
6m27hH89ux+hjurTDzzOhxK65am4qf3RWKknQ2ujAEfGU69mAaFgS1UQ8uNJ8lRi
62atiGpca1anYv6HmoRWnQmsI62BATgYOdjuFMMywj/TUpmWXg==
-----END CERTIFICATE-----

13
hack/scripts-dev/docker-static-ip/certs/gencert.json Normal file
View File

@ -0,0 +1,13 @@
{
"signing": {
"default": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "87600h"
}
}
}

26
hack/scripts-dev/docker-static-ip/certs/gencerts.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/bash
if ! [[ "$0" =~ "./gencerts.sh" ]]; then
echo "must be run from 'fixtures'"
exit 255
fi
if ! which cfssl; then
echo "cfssl is not installed"
exit 255
fi
cfssl gencert --initca=true ./ca-csr.json | cfssljson --bare ./ca
mv ca.pem ca.crt
openssl x509 -in ca.crt -noout -text
# generate wildcard certificates DNS: *.etcd.local
cfssl gencert \
--ca ./ca.crt \
--ca-key ./ca-key.pem \
--config ./gencert.json \
./server-ca-csr.json | cfssljson --bare ./server
mv server.pem server.crt
mv server-key.pem server.key.insecure
rm -f *.csr *.pem *.stderr *.txt

28
hack/scripts-dev/docker-static-ip/certs/run.sh Executable file
View File

@ -0,0 +1,28 @@
#!/bin/sh
rm -rf /tmp/m1.data /tmp/m2.data /tmp/m3.data
goreman -f /certs/Procfile start &
# TODO: remove random sleeps
sleep 7s
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs/ca.crt \
--cert=/certs/server.crt \
--key=/certs/server.key.insecure \
--endpoints=https://localhost:2379 \
endpoint health --cluster
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs/ca.crt \
--cert=/certs/server.crt \
--key=/certs/server.key.insecure \
--endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 \
put abc def
ETCDCTL_API=3 ./etcdctl \
--cacert=/certs/ca.crt \
--cert=/certs/server.crt \
--key=/certs/server.key.insecure \
--endpoints=https://localhost:2379,https://localhost:22379,https://localhost:32379 \
get abc

19
hack/scripts-dev/docker-static-ip/certs/server-ca-csr.json Normal file
View File

@ -0,0 +1,19 @@
{
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "etcd",
"OU": "etcd Security",
"L": "San Francisco",
"ST": "California",
"C": "USA"
}
],
"hosts": [
"127.0.0.1",
"localhost"
]
}

24
hack/scripts-dev/docker-static-ip/certs/server.crt Normal file
View File

@ -0,0 +1,24 @@
-----BEGIN CERTIFICATE-----
MIID/DCCAuSgAwIBAgIUUE16LbRYR6ClYnxxrCPCzjfJdJ4wDQYJKoZIhvcNAQEL
BQAwbzEMMAoGA1UEBhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQH
Ew1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKEwRldGNkMRYwFAYDVQQLEw1ldGNkIFNl
Y3VyaXR5MQswCQYDVQQDEwJjYTAeFw0xNzEyMDYyMTUzMDBaFw0yNzEyMDQyMTUz
MDBaMGIxDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UE
BxMNU2FuIEZyYW5jaXNjbzENMAsGA1UEChMEZXRjZDEWMBQGA1UECxMNZXRjZCBT
ZWN1cml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANtWJZind1Sh
JaS06CgUW2B0JOoLxFW5q6hkoTjum/J4cVanwy20dlSrbceIU2xqxYgtPtpN+Oon
lWHddmU2K5qs0eL+3uIpLdev7i0TARozZK/ZeKr0iLSfil9RG+hupHu5dXXa5eiS
YWQg0QrRHfbFQGnDa10qNNj1hHG6d8Kt9pqXoR+5H9dGZFapCvev7XidzmBt5WH6
ZwlDgAWwc1HDtFKNsWZs+ZZSXOpOJqjPI+ae9uKTGpsqB8ilzQi7KeBJ90wslP2l
cFdOt6vJsUY8MZAfPzGawwS7tRERvGgXGK+wS2osS2BsvEVIKbG8zoPUL3dpZrNv
kpaor63A6DUCAwEAAaOBnDCBmTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLgi8Ltb
cO92qVvvuPjXpouAber8MB8GA1UdIwQYMBaAFMBH1hgcMx9bmBMOLYRHocGvGXzW
MBoGA1UdEQQTMBGCCWxvY2FsaG9zdIcEfwAAATANBgkqhkiG9w0BAQsFAAOCAQEA
jfsERigblBrRAXviH8MpjHFuv0TPUSe8h1CfFWeEhWCKmMuzM7FxAgMn4KRI3ZhJ
upkQHjABXRlCpAb63SnIvOOenwvzLEWVYDvDTcsq1Tql3onsUpn1+RQ8jzpH/0AD
DbNY/dzAujz2TD0Y2CswAsscwRkMbShfcTXkMXzY7waCrQl2eri+r7u5iJHKyhIP
LaQ3kLtdhjTztLxPOLKEIALA0sEnAiWw6P/rzXLA+fNAVYPKtkBPZNvfwgQDqgOf
U327K/2fbtsdhaxUZTEhZpsJi5jSJK44O6vB7GnfCB7EBKQkBi/TEOT+EYim2Kam
1VbLtlqkJL1pTrCIe0p8WQ==
-----END CERTIFICATE-----

27
hack/scripts-dev/docker-static-ip/certs/server.key.insecure Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA21YlmKd3VKElpLToKBRbYHQk6gvEVbmrqGShOO6b8nhxVqfD
LbR2VKttx4hTbGrFiC0+2k346ieVYd12ZTYrmqzR4v7e4ikt16/uLRMBGjNkr9l4
qvSItJ+KX1Eb6G6ke7l1ddrl6JJhZCDRCtEd9sVAacNrXSo02PWEcbp3wq32mpeh
H7kf10ZkVqkK96/teJ3OYG3lYfpnCUOABbBzUcO0Uo2xZmz5llJc6k4mqM8j5p72
4pMamyoHyKXNCLsp4En3TCyU/aVwV063q8mxRjwxkB8/MZrDBLu1ERG8aBcYr7BL
aixLYGy8RUgpsbzOg9Qvd2lms2+SlqivrcDoNQIDAQABAoIBAQDTHetYMTEqE2Yx
UDP5iAagI4r4gFT9kpaIojuQmhMe4xFssFOspXwUaWFkYnKx81+ogKxz4gNKFsmx
hkIUj3yPB/OKQ3pzQ+GtLtjZJ+ayum8a1/9Oxcrj2ICO2Ho9Umod8Nf/lbAgGO2H
PBMaD0iBI0Gpy4CHDz4I6uENusbVaWW9K8LmyKTEYB570mhU5doRLbMplTPzud8A
aCDXDC+Jpj9fxBDfSfbKLSHTvQHDTN0PKLV2lRVzcL/Gjf/mKFhcsXcOiCNXSshY
xveaWgyAKyi81V8SjDB8LLvgBe8zHbnXFUMGWNF7yrdA5plDtio+6NbY1g7Grr3/
/VsQfRptAoGBAP04vVEAgt6dU6T9+F8nOsCYWHHFJZUCJyLOU3oSZqPoDEDnULF1
6uLNs+NHuUakX++10iRHnu9wbZQzvsDAggBgIhUwiDfTTMWH7nQEoYNSkcuei9Ir
g6HFQnBneJ12TUHvVis5OF03UPaegQz0DaMd9QGsuSFpmFPh6egVFcPXAoGBAN2+
OrBGxhomL1WAubZdU+nwUoaAx8xlPV39s6a/H4da2yfMBbQEDrppp966Kz1+jrgO
WKXiz7mlkjhfzx1PXF2Tg7PkcdW6FPG3z/qZQj8TrLMbkxPGSPxTBHiLYYimcFJW
uhhqysF48jP3DRFxA3r33SJuDgW9sLRt9qM147LTAoGAPTXT/ZqkB+/74ixKN6Yh
+6BX8Nh5JzXoA+/gGegMy54yKBZCWUNpzf1veIdD8CGX1zgaXg66CqMguexwNePT
CQgz9O9QXj5DlpQvPfhImpgBCjl/DwTZwucOEmHQtC9+qWuTZstkJpRSi+rwwxLT
oRSCvy7jaYI/Ajff9Ovz4O0CgYEAmSEnUlhtsd0wzvEoTsHAk0s9ElmYoJRBfskW
6U4PLeAWfDMutRQgP6d7IBqchckCMiTmHxi0rtWiVoADfZAyjwSx7OcTna71i7+O
RtbTos+pcb7XIM7L1ERYUA6g+kdGRfZSaU5GWrl1OWGgiqzq5F6LPZ2W3WwTvWY6
7pbmebUCgYBZcKX7CFOPXPn2ijlnUDi5QD9PzEONBCrPVwvaT2Jj+BCAOO1m+eSb
YGvhyYmtL78xthw1vzBP0s1oyP9FHmlX9bgX09rnZJD5l9vHAG3l8W2Y8VElc9et
7brrx7VPynFZ1kR+ktiBQhLQgxxFsad1SXjsenkp/18sssoONaQaYw==
-----END RSA PRIVATE KEY-----