Ubuntu
python-etcd3gw package

Comment 47 for bug 1820083

Revision history for this message

Heather Lemon (hypothetical-lemon) wrote on 2021-11-10:

#47

TEST CASE:
1. Use Bionic series lxc container
2. Enable proposed repo in /etc/apt/sources.list
3. deb http://archive.ubuntu.com/ubuntu bionic-proposed main universe
4. sudo apt-get update
5. apt-get install python-etcd3gw=0.2.1-1ubuntu0.18.04.1
6. openssl req -x509 -keyout localhost.key -newkey rsa:4096 -nodes -sha256 -out localhost.crt
7. ./etcd --name infra0 --data-dir infra0 --cert-file=/root/python-etcd3gw-0.2.1/localhost.crt --key-file=/root/python-etcd3gw-0.2.1/localhost.key --advertise-client-urls=https://127.0.0.1:2379 --listen-client-urls=https://127.0.0.1:2379
8. apt-get install etcd-client
9. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key member list
10. response - 8e9e05c52164694d: name=infra0 peerURLs=http://localhost:2380 clientURLs=https://127.0.0.1:2379 isLeader=true
11. extra testing - attempt to connect without certs gives
Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: connect: connection refused
; error #1: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
12. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key set foo bar
13. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key get foo
response = bar

VERIFICATION DONE
you can connect to the etcd server with certificate infomation provided
8e9e05c52164694d: name=infra0 peerURLs=http://localhost:2380 clientURLs=https://127.0.0.1:2379 isLeader=true

Troubleshooting

1. if you have this error 140647060033984:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
# comment out the RANDFILE at the top of /etc/ssl/openssl.cnf
RANDFILE = $ENV::HOME/.rnd

2. If you have this error client: etcd cluster is unavailable or misconfigured; error #0: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
# under /etc/ssl/openssl.cnf add your IP for your cert
[ v3_ca ]
subjectAltName = IP:127.0.0.1

# also note, you can update ca-certificates
cp localhost.crt /usr/share/ca-certificates/
sudo update-ca-certificates
sudo dpkg-reconfigure ca-certificates

3. Try rebooting openssl service after making changes or container

4. make sure etcd is running
Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:2379: connect: connection refused
error #0: dial tcp 127.0.0.1:2379: connect: connection refused

TEST CASE:
1. Use Bionic series lxc container 
2. Enable proposed repo in /etc/apt/sources.list 
3. deb http://archive.ubuntu.com/ubuntu bionic-proposed main universe
4. sudo apt-get update 
5. apt-get install python-etcd3gw=0.2.1-1ubuntu0.18.04.1
6. openssl req -x509 -keyout localhost.key -newkey rsa:4096 -nodes -sha256 -out localhost.crt
7. ./etcd --name infra0 --data-dir infra0 --cert-file=/root/python-etcd3gw-0.2.1/localhost.crt --key-file=/root/python-etcd3gw-0.2.1/localhost.key --advertise-client-urls=https://127.0.0.1:2379 --listen-client-urls=https://127.0.0.1:2379
8. apt-get install etcd-client
9.  etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key member list
10. response - 8e9e05c52164694d: name=infra0 peerURLs=http://localhost:2380 clientURLs=https://127.0.0.1:2379 isLeader=true  
11. extra testing - attempt to connect without certs gives 
Error:  client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: connect: connection refused
; error #1: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
12. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key set foo bar
13. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key get foo
response = bar

VERIFICATION DONE
you can connect to the etcd server with certificate infomation provided 
8e9e05c52164694d: name=infra0 peerURLs=http://localhost:2380 clientURLs=https://127.0.0.1:2379 isLeader=true

Troubleshooting

1. if you have this error 140647060033984:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd 
# comment out the RANDFILE at the top of /etc/ssl/openssl.cnf
RANDFILE               = $ENV::HOME/.rnd

# also note, you can update ca-certificates
cp localhost.crt /usr/share/ca-certificates/
sudo update-ca-certificates
sudo dpkg-reconfigure ca-certificates

3. Try rebooting openssl service after making changes or container

4. make sure etcd is running 
Error:  client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:2379: connect: connection refused
error #0: dial tcp 127.0.0.1:2379: connect: connection refused

Ubuntupython-etcd3gw package

Comment 47 for bug 1820083

Ubuntu
python-etcd3gw package