Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #88 from philips/readme-fixups

Browse Source 
fix(README): use fixture certs
This commit is contained in:
Xiang Li 2013-08-11 11:57:57 -07:00
commit 74fb19ad4a
1 changed files with 30 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
README.md
View File

@ -243,10 +243,12 @@ First, you need to have a CA cert `clientCA.crt` and signed key pair `client.crt
http://www.g-loaded.eu/2005/11/10/be-your-own-ca/
```
For testing you can use the certificates in the `fixtures/ca` directory.
Next, lets configure etcd to use this keypair:
```sh
./etcd -clientCert client.crt -clientKey client.key -f
./etcd -n node0 -d node0 -clientCert=./fixtures/ca/server.crt -clientKey=./fixtures/ca/server.key.insecure -f
```
`-f` forces new node configuration if existing configuration is found (WARNING: data loss!)
@ -255,7 +257,7 @@ Next, lets configure etcd to use this keypair:
You can now test the configuration using https:
```sh
curl -L https://127.0.0.1:4001/v1/keys/foo -d value=bar -v -cacert clientCA.crt
curl --cacert fixtures/ca/ca.crt https://127.0.0.1:4001/v1/keys/foo -F value=bar
```
You should be able to see the handshake succeed.
@ -277,7 +279,7 @@ And also the response from the etcd server.
We can also do authentication using CA certs. The clients will provide their cert to the server and the server will check whether the cert is signed by the CA and decide whether to serve the request.
```sh
./etcd -clientCert client.crt -clientKey client.key -clientCAFile clientCA.crt -f
./etcd -n node0 -d node0 -clientCAFile=./fixtures/ca/ca.crt -clientCert=./fixtures/ca/server.crt -clientKey=./fixtures/ca/server.key.insecure -f
```
```-clientCAFile``` is the path to the CA cert.
@ -285,7 +287,7 @@ We can also do authentication using CA certs. The clients will provide their cer
Try the same request to this server:
```sh
curl -L https://127.0.0.1:4001/v1/keys/foo -d value=bar -v -cacert clientCA.crt
curl --cacert fixtures/ca/ca.crt https://127.0.0.1:4001/v1/keys/foo -F value=bar
```
The request should be rejected by the server.
@ -447,3 +449,27 @@ If you are using SSL for server to server communication, you must use it on all
**Chef Cookbook**
- [spheromak/etcd-cookbook](https://github.com/spheromak/etcd-cookbook)
## Project Details
### Versioning
etcd uses [semantic versioning][semver].
When we release v1.0.0 of etcd we will promise not to break the "v1" REST API.
New minor versions may add additional features to the API however.
You can get the version of etcd by requesting the root path of etcd:
```sh
curl -L http://127.0.0.1:4001
```
During the v0 series of releases we may break the API as we fix bugs and get feedback.
[semver]: http://semver.org/
### License
etcd is under the Apache 2.0 license. See the [LICENSE][license] file for details.
[license]: https://github.com/coreos/etcd/blob/master/LICENSE