Replies: 1 comment 10 replies
-
|
@Fissium You are using a version from the master branch ("beta") —TLS support will be included in the upcoming 2.2.0 release. Good catch, thanks! @klention We need to add TLS support for the etcd cluster deployed on dedicated servers. |
Beta Was this translation helpful? Give feedback.
-
|
Most likely we need to generate separate certificates for etcd and postgres clusters. Otherwise all Postgres clusters will use the same certificates... |
Beta Was this translation helpful? Give feedback.
-
|
Is my understanding correct that if we modify the SAN, we will need to issue a new certificate? Additionally, it seems that we will have to restart the etcd cluster. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, a new SAN is needed to generate a new certificate. I don't have an answer to this question yet, we need to check the documentation and test it. |
Beta Was this translation helpful? Give feedback.
-
|
PR: #922 |
Beta Was this translation helpful? Give feedback.
-
|
Done. Please test. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I want to use a single etcd cluster to connect multiple Patroni clusters. However, there is an issue with certificates. If I run the playbook
etcd_cluster.ymlwith the parametertls_cert_generate: true, an error occurs when copying certificates from the PostgreSQL master node (which is expected, since the cluster does not exist yet). If I deploy etcd with the parametertls_cert_generate: false, everything works fine. However, when deploying the Patroni cluster withdcs_exists: trueandtls_cert_generate: true, the certificates will not be copied to the etcd cluster nodes. Moreover, the etcd configuration will lack entries likeETCD_CERT_FILEbecause it was deployed withtls_cert_generate: false. What is the best approach in this situation when I want to deploy a separate etcd cluster but still use SSL?Beta Was this translation helpful? Give feedback.
All reactions