TEST CASE:
1. Use Bionic series lxc container
2. Enable proposed repo in /etc/apt/sources.list
3. deb http://archive.ubuntu.com/ubuntu bionic-proposed main universe
4. sudo apt-get update
5. apt-get install python-etcd3gw=0.2.1-1ubuntu0.18.04.1
6. openssl req -x509 -keyout localhost.key -newkey rsa:4096 -nodes -sha256 -out localhost.crt
7. ./etcd --name infra0 --data-dir infra0 --cert-file=/root/python-etcd3gw-0.2.1/localhost.crt --key-file=/root/python-etcd3gw-0.2.1/localhost.key --advertise-client-urls=https://127.0.0.1:2379 --listen-client-urls=https://127.0.0.1:2379
8. apt-get install etcd-client
9. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key member list
10. response - 8e9e05c52164694d: name=infra0 peerURLs=http://localhost:2380 clientURLs=https://127.0.0.1:2379 isLeader=true
11. extra testing - attempt to connect without certs gives
Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: connect: connection refused
; error #1: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
12. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key set foo bar
13. etcdctl --endpoints https://127.0.0.1:2379 --ca-file=localhost.crt --cert-file=localhost.crt --key-file=localhost.key get foo
response = bar
VERIFICATION DONE
you can connect to the etcd server with certificate infomation provided
8e9e05c52164694d: name=infra0 peerURLs=http://localhost:2380 clientURLs=https://127.0.0.1:2379 isLeader=true
Troubleshooting
1. if you have this error 140647060033984:error:2406F079:random number generator:RAND_load_file:Cannot open file:../crypto/rand/randfile.c:88:Filename=/root/.rnd
# comment out the RANDFILE at the top of /etc/ssl/openssl.cnf
RANDFILE = $ENV::HOME/.rnd
2. If you have this error client: etcd cluster is unavailable or misconfigured; error #0: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
# under /etc/ssl/openssl.cnf add your IP for your cert
[ v3_ca ]
subjectAltName = IP:127.0.0.1
# also note, you can update ca-certificates
cp localhost.crt /usr/share/ca-certificates/
sudo update-ca-certificates
sudo dpkg-reconfigure ca-certificates
3. Try rebooting openssl service after making changes or container
4. make sure etcd is running
Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:2379: connect: connection refused
error #0: dial tcp 127.0.0.1:2379: connect: connection refused
TEST CASE: sources. list archive. ubuntu. com/ubuntu bionic-proposed main universe etcd3gw= 0.2.1-1ubuntu0. 18.04.1 file=/root/ python- etcd3gw- 0.2.1/localhost .crt --key-file= /root/python- etcd3gw- 0.2.1/localhost .key --advertise- client- urls=https:/ /127.0. 0.1:2379 --listen- client- urls=https:/ /127.0. 0.1:2379 /127.0. 0.1:2379 --ca-file= localhost. crt --cert- file=localhost. crt --key-file= localhost. key member list localhost: 2380 clientURLs=https:/ /127.0. 0.1:2379 isLeader=true x01\x00\ x02\x02" /127.0. 0.1:2379 --ca-file= localhost. crt --cert- file=localhost. crt --key-file= localhost. key set foo bar /127.0. 0.1:2379 --ca-file= localhost. crt --cert- file=localhost. crt --key-file= localhost. key get foo
1. Use Bionic series lxc container
2. Enable proposed repo in /etc/apt/
3. deb http://
4. sudo apt-get update
5. apt-get install python-
6. openssl req -x509 -keyout localhost.key -newkey rsa:4096 -nodes -sha256 -out localhost.crt
7. ./etcd --name infra0 --data-dir infra0 --cert-
8. apt-get install etcd-client
9. etcdctl --endpoints https:/
10. response - 8e9e05c52164694d: name=infra0 peerURLs=http://
11. extra testing - attempt to connect without certs gives
Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: connect: connection refused
; error #1: net/http: HTTP/1.x transport connection broken: malformed HTTP response "\x15\x03\
12. etcdctl --endpoints https:/
13. etcdctl --endpoints https:/
response = bar
VERIFICATION DONE localhost: 2380 clientURLs=https:/ /127.0. 0.1:2379 isLeader=true
you can connect to the etcd server with certificate infomation provided
8e9e05c52164694d: name=infra0 peerURLs=http://
Troubleshooting
1. if you have this error 140647060033984 :error: 2406F079: random number generator: RAND_load_ file:Cannot open file:.. /crypto/ rand/randfile. c:88:Filename= /root/. rnd openssl. cnf
# comment out the RANDFILE at the top of /etc/ssl/
RANDFILE = $ENV::HOME/.rnd
2. If you have this error client: etcd cluster is unavailable or misconfigured; error #0: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs openssl. cnf add your IP for your cert
# under /etc/ssl/
[ v3_ca ]
subjectAltName = IP:127.0.0.1
# also note, you can update ca-certificates ca-certificates / ca-certificates
cp localhost.crt /usr/share/
sudo update-
sudo dpkg-reconfigure ca-certificates
3. Try rebooting openssl service after making changes or container
4. make sure etcd is running
Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:2379: connect: connection refused
error #0: dial tcp 127.0.0.1:2379: connect: connection refused