TLS problems after 3.0 upgrade
109 views
Skip to first unread message
Jeffrey Ollie
Jul 6, 2016, 1:28:06 PM7/6/16
to etcd-dev
Upgrated a test system (different from the cluster I upgraded
previously) from 2.3.7 to 3.0.1 and am now seeing the following
errors. This cluster is a single node but is configured to use TLS.
Jul 06 12:22:13 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2379" <nil>}
Jul 06 12:22:30 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"127.0.0.1:2379" <nil>}
Jul 06 12:22:33 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"192.168.4.2:2379" <nil>}
Jul 06 12:22:37 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"192.168.241.1:2379" <nil>}
The cluster appears to be working though:
[root@svr01 ~]# etcdctl cluster-health
member 5eaa3d4c5f0f4b7e is healthy: got healthy result from
https://192.168.241.1:2379
cluster is healthy
Here's the systemd unit file that I use to start etcd:
[root@svr01 ~]# systemctl cat etcd
# /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network-online.target
Requires=network-online.target
[Service]
Type=notify
User=etcd
WorkingDirectory=/var/lib/etcd
ExecStart=/opt/etcd/3.0.1/etcd
PrivateTmp=yes
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/etcd.service.d/10-salt.conf
[Unit]
ConditionPathExists=/etc/etcd/ca.crt
ConditionPathExists=/etc/etcd/server.crt
ConditionPathExists=/etc/etcd/server.key
ConditionPathExists=/etc/etcd/peer.crt
ConditionPathExists=/etc/etcd/peer.key
[Service]
Environment=ETCD_NAME=svr01.ocjtech.us
Environment=ETCD_DATA_DIR=/var/lib/etcd/svr01.ocjtech.us
Environment=ETCD_TRUSTED_CA_FILE=/etc/etcd/ca.crt
Environment=ETCD_CERT_FILE=/etc/etcd/server.crt
Environment=ETCD_KEY_FILE=/etc/etcd/server.key
Environment=ETCD_CLIENT_CERT_AUTH=true
Environment=ETCD_PEER_TRUSTED_CA_FILE=/etc/etcd/ca.crt
Environment=ETCD_PEER_CERT_FILE=/etc/etcd/peer.crt
Environment=ETCD_PEER_KEY_FILE=/etc/etcd/peer.key
Environment=ETCD_PEER_CLIENT_CERT_AUTH=true
Environment=ETCD_INITIAL_CLUSTER=svr01.ocjtech.us=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2380,svr01.ocjtech.us=https://192.168.241.
Environment=ETCD_INITIAL_CLUSTER_TOKEN=ocjtech-etcd-cluster-1
Environment=ETCD_INITIAL_CLUSTER_STATE=new
Environment=ETCD_INITIAL_ADVERTISE_PEER_URLS=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2380,https://192.168.241.1:2380
Environment=ETCD_ADVERTISE_CLIENT_URLS=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2379,https://192.168.241.1:2379,https://192.168.4.2:2
Environment=ETCD_LISTEN_CLIENT_URLS=https://[::1]:2379,https://127.0.0.1:2379,https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2379,https://1
Environment=ETCD_LISTEN_PEER_URLS=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2380,https://192.168.241.1:2380
--
Jeff Ollie
previously) from 2.3.7 to 3.0.1 and am now seeing the following
errors. This cluster is a single node but is configured to use TLS.
Jul 06 12:22:13 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2379" <nil>}
Jul 06 12:22:30 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"127.0.0.1:2379" <nil>}
Jul 06 12:22:33 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"192.168.4.2:2379" <nil>}
Jul 06 12:22:37 svr01.ocjtech.us etcd[2713]: grpc:
addrConn.resetTransport failed to create client transport: connection
error: desc = "transport: remote error: bad certificate"; Reconnecting
to {"192.168.241.1:2379" <nil>}
The cluster appears to be working though:
[root@svr01 ~]# etcdctl cluster-health
member 5eaa3d4c5f0f4b7e is healthy: got healthy result from
https://192.168.241.1:2379
cluster is healthy
Here's the systemd unit file that I use to start etcd:
[root@svr01 ~]# systemctl cat etcd
# /etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network-online.target
Requires=network-online.target
[Service]
Type=notify
User=etcd
WorkingDirectory=/var/lib/etcd
ExecStart=/opt/etcd/3.0.1/etcd
PrivateTmp=yes
[Install]
WantedBy=multi-user.target
# /etc/systemd/system/etcd.service.d/10-salt.conf
[Unit]
ConditionPathExists=/etc/etcd/ca.crt
ConditionPathExists=/etc/etcd/server.crt
ConditionPathExists=/etc/etcd/server.key
ConditionPathExists=/etc/etcd/peer.crt
ConditionPathExists=/etc/etcd/peer.key
[Service]
Environment=ETCD_NAME=svr01.ocjtech.us
Environment=ETCD_DATA_DIR=/var/lib/etcd/svr01.ocjtech.us
Environment=ETCD_TRUSTED_CA_FILE=/etc/etcd/ca.crt
Environment=ETCD_CERT_FILE=/etc/etcd/server.crt
Environment=ETCD_KEY_FILE=/etc/etcd/server.key
Environment=ETCD_CLIENT_CERT_AUTH=true
Environment=ETCD_PEER_TRUSTED_CA_FILE=/etc/etcd/ca.crt
Environment=ETCD_PEER_CERT_FILE=/etc/etcd/peer.crt
Environment=ETCD_PEER_KEY_FILE=/etc/etcd/peer.key
Environment=ETCD_PEER_CLIENT_CERT_AUTH=true
Environment=ETCD_INITIAL_CLUSTER=svr01.ocjtech.us=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2380,svr01.ocjtech.us=https://192.168.241.
Environment=ETCD_INITIAL_CLUSTER_TOKEN=ocjtech-etcd-cluster-1
Environment=ETCD_INITIAL_CLUSTER_STATE=new
Environment=ETCD_INITIAL_ADVERTISE_PEER_URLS=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2380,https://192.168.241.1:2380
Environment=ETCD_ADVERTISE_CLIENT_URLS=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2379,https://192.168.241.1:2379,https://192.168.4.2:2
Environment=ETCD_LISTEN_CLIENT_URLS=https://[::1]:2379,https://127.0.0.1:2379,https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2379,https://1
Environment=ETCD_LISTEN_PEER_URLS=https://[fd80:56c2:e21c:7101:699:93f0:3690:33d7]:2380,https://192.168.241.1:2380
--
Jeff Ollie
Reply all
Reply to author
Forward
0 new messages