You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
Maybe I this is not a real issue and I am missing something. I read the docs but I could not find if I am missing something on this.
When I enabled peer-transport-security.auto-tls in the sample config file I got this message: "selfSignedCertValidity is invalid,it should be greater than 0" but this doesn't happen when doing the same in 3.4.16.
$ cd etcd-v3.4.16-linux-amd64
$ wget https://raw.githubusercontent.com/etcd-io/etcd/release-3.4/etcd.conf.yml.sample -O etcd.conf.yml.sample_34
$ cp etcd.conf.yml.sample_34 etcd.conf.yml
... edited the file etcd.conf.yaml to enable auto-tls ...
$ diff etcd.conf.yml etcd.conf.yml.sample_34
126c126
< auto-tls: true
---
> auto-tls: false
$ ./etcd --version
etcd Version: 3.4.16
Git SHA: d19fbe541
Go Version: go1.12.17
Go OS/Arch: linux/amd64
$ ./etcd --config-file etcd.conf.yml
{"level":"info","ts":"2021-07-22T12:00:25.125+0200","caller":"etcdmain/config.go:308","msg":"loaded server configuration, other configuration command line flags and environment variables will be ignored if provided","path":"etcd.conf.yml"}
{"level":"warn","ts":"2021-07-22T12:00:25.126+0200","caller":"etcdmain/etcd.go:119","msg":"'data-dir' was empty; using default","data-dir":"default.etcd"}
{"level":"info","ts":"2021-07-22T12:00:25.126+0200","caller":"embed/etcd.go:117","msg":"configuring peer listeners","listen-peer-urls":["http://localhost:2380"]}
{"level":"info","ts":"2021-07-22T12:00:25.161+0200","caller":"transport/listener.go:207","msg":"created cert file","path":"default.etcd/fixtures/peer/cert.pem"}
{"level":"info","ts":"2021-07-22T12:00:25.161+0200","caller":"transport/listener.go:228","msg":"created key file","path":"default.etcd/fixtures/peer/key.pem"}
{"level":"info","ts":"2021-07-22T12:00:25.161+0200","caller":"embed/etcd.go:469","msg":"starting with peer TLS","tls-info":"cert = default.etcd/fixtures/peer/cert.pem, key = default.etcd/fixtures/peer/key.pem, trusted-ca = , client-cert-auth = false, crl-file = ","cipher-suites":[]}
{"level":"warn","ts":"2021-07-22T12:00:25.161+0200","caller":"embed/etcd.go:506","msg":"scheme is HTTP while key and cert files are present; ignoring key and cert files","peer-url":"http://localhost:2380"}
{"level":"info","ts":"2021-07-22T12:00:25.161+0200","caller":"embed/etcd.go:127","msg":"configuring client listeners","listen-client-urls":["http://localhost:2379"]}
{"level":"info","ts":"2021-07-22T12:00:25.161+0200","caller":"embed/etcd.go:606","msg":"pprof is enabled","path":"/debug/pprof"}
{"level":"info","ts":"2021-07-22T12:00:25.162+0200","caller":"embed/etcd.go:303","msg":"starting an etcd server","etcd-version":"3.4.16","git-sha":"d19fbe541","go-version":"go1.12.17","go-os":"linux","go-arch":"amd64","max-cpu-set":12,"max-cpu-available":12,"member-initialized":false,"name":"default","data-dir":"default.etcd","wal-dir":"","wal-dir-dedicated":"","member-dir":"default.etcd/member","force-new-cluster":false,"heartbeat-interval":"100ms","election-timeout":"1s","initial-election-tick-advance":true,"snapshot-count":10000,"snapshot-catchup-entries":5000,"initial-advertise-peer-urls":["http://localhost:2380"],"listen-peer-urls":["http://localhost:2380"],"advertise-client-urls":["http://localhost:2379"],"listen-client-urls":["http://localhost:2379"],"listen-metrics-urls":[],"cors":["*"],"host-whitelist":["*"],"initial-cluster":"default=http://localhost:2380","initial-cluster-state":"new","initial-cluster-token":"etcd-cluster","quota-size-bytes":2147483648,"pre-vote":false,"initial-corrupt-check":false,"corrupt-check-time-interval":"0s","auto-compaction-mode":"periodic","auto-compaction-retention":"1h0m0s","auto-compaction-interval":"1h0m0s","discovery-url":"","discovery-proxy":""}
{"level":"info","ts":"2021-07-22T12:00:25.168+0200","caller":"etcdserver/backend.go:80","msg":"opened backend db","path":"default.etcd/member/snap/db","took":"5.92221ms"}
{"level":"info","ts":"2021-07-22T12:00:25.191+0200","caller":"etcdserver/raft.go:486","msg":"starting local member","local-member-id":"8e9e05c52164694d","cluster-id":"cdf818194e3a8c32"}
{"level":"info","ts":"2021-07-22T12:00:25.191+0200","caller":"raft/raft.go:1530","msg":"8e9e05c52164694d switched to configuration voters=()"}
{"level":"info","ts":"2021-07-22T12:00:25.191+0200","caller":"raft/raft.go:700","msg":"8e9e05c52164694d became follower at term 0"}
{"level":"info","ts":"2021-07-22T12:00:25.191+0200","caller":"raft/raft.go:383","msg":"newRaft 8e9e05c52164694d [peers: [], term: 0, commit: 0, applied: 0, lastindex: 0, lastterm: 0]"}
{"level":"info","ts":"2021-07-22T12:00:25.191+0200","caller":"raft/raft.go:700","msg":"8e9e05c52164694d became follower at term 1"}
{"level":"info","ts":"2021-07-22T12:00:25.191+0200","caller":"raft/raft.go:1530","msg":"8e9e05c52164694d switched to configuration voters=(10276657743932975437)"}
{"level":"warn","ts":"2021-07-22T12:00:25.198+0200","caller":"auth/store.go:1366","msg":"simple token is not cryptographically signed"}
{"level":"info","ts":"2021-07-22T12:00:25.208+0200","caller":"etcdserver/quota.go:98","msg":"enabled backend quota with default value","quota-name":"v3-applier","quota-size-bytes":2147483648,"quota-size":"2.1 GB"}
{"level":"info","ts":"2021-07-22T12:00:25.264+0200","caller":"etcdserver/server.go:803","msg":"starting etcd server","local-member-id":"8e9e05c52164694d","local-server-version":"3.4.16","cluster-version":"to_be_decided"}
{"level":"info","ts":"2021-07-22T12:00:25.265+0200","caller":"etcdserver/server.go:669","msg":"started as single-node; fast-forwarding election ticks","local-member-id":"8e9e05c52164694d","forward-ticks":9,"forward-duration":"900ms","election-ticks":10,"election-timeout":"1s"}
{"level":"info","ts":"2021-07-22T12:00:25.266+0200","caller":"raft/raft.go:1530","msg":"8e9e05c52164694d switched to configuration voters=(10276657743932975437)"}
{"level":"info","ts":"2021-07-22T12:00:25.266+0200","caller":"membership/cluster.go:392","msg":"added member","cluster-id":"cdf818194e3a8c32","local-member-id":"8e9e05c52164694d","added-peer-id":"8e9e05c52164694d","added-peer-peer-urls":["http://localhost:2380"]}
{"level":"info","ts":"2021-07-22T12:00:25.282+0200","caller":"embed/etcd.go:580","msg":"serving peer traffic","address":"127.0.0.1:2380"}
{"level":"info","ts":"2021-07-22T12:00:25.282+0200","caller":"embed/etcd.go:245","msg":"now serving peer/client/metrics","local-member-id":"8e9e05c52164694d","initial-advertise-peer-urls":["http://localhost:2380"],"listen-peer-urls":["http://localhost:2380"],"advertise-client-urls":["http://localhost:2379"],"listen-client-urls":["http://localhost:2379"],"listen-metrics-urls":[]}
{"level":"info","ts":"2021-07-22T12:00:25.391+0200","caller":"raft/raft.go:923","msg":"8e9e05c52164694d is starting a new election at term 1"}
{"level":"info","ts":"2021-07-22T12:00:25.391+0200","caller":"raft/raft.go:713","msg":"8e9e05c52164694d became candidate at term 2"}
{"level":"info","ts":"2021-07-22T12:00:25.392+0200","caller":"raft/raft.go:824","msg":"8e9e05c52164694d received MsgVoteResp from 8e9e05c52164694d at term 2"}
{"level":"info","ts":"2021-07-22T12:00:25.392+0200","caller":"raft/raft.go:765","msg":"8e9e05c52164694d became leader at term 2"}
{"level":"info","ts":"2021-07-22T12:00:25.392+0200","caller":"raft/node.go:325","msg":"raft.node: 8e9e05c52164694d elected leader 8e9e05c52164694d at term 2"}
{"level":"info","ts":"2021-07-22T12:00:25.392+0200","caller":"etcdserver/server.go:2528","msg":"setting up initial cluster version","cluster-version":"3.4"}
{"level":"info","ts":"2021-07-22T12:00:25.395+0200","caller":"membership/cluster.go:558","msg":"set initial cluster version","cluster-id":"cdf818194e3a8c32","local-member-id":"8e9e05c52164694d","cluster-version":"3.4"}
{"level":"info","ts":"2021-07-22T12:00:25.395+0200","caller":"api/capability.go:76","msg":"enabled capabilities for version","cluster-version":"3.4"}
{"level":"info","ts":"2021-07-22T12:00:25.395+0200","caller":"etcdserver/server.go:2037","msg":"published local member to cluster through raft","local-member-id":"8e9e05c52164694d","local-member-attributes":"{Name:default ClientURLs:[http://localhost:2379]}","request-path":"/0/members/8e9e05c52164694d/attributes","cluster-id":"cdf818194e3a8c32","publish-timeout":"7s"}
{"level":"info","ts":"2021-07-22T12:00:25.395+0200","caller":"etcdserver/server.go:2560","msg":"cluster version is updated","cluster-version":"3.4"}
{"level":"info","ts":"2021-07-22T12:00:25.397+0200","caller":"embed/serve.go:139","msg":"serving client traffic insecurely; this is strongly discouraged!","address":"127.0.0.1:2379"}
I got the server up and running without issues.
Stopped it.
Run etcd 3.5.0:
$ cd etcd-v3.5.0-linux-amd64
$ wget https://raw.githubusercontent.com/etcd-io/etcd/release-3.5/etcd.conf.yml.sample -O etcd.conf.yml.sample_35
$ cp etcd.conf.yml.sample_35 etcd.conf.yml
... edited the file etcd.conf.yaml to enable auto-tls ...
$ diff etcd.conf.yml etcd.conf.yml.sample_35
126c126
< auto-tls: true
---
> auto-tls: false
$ ./etcd --version
etcd Version: 3.5.0
Git SHA: 946a5a6f2
Go Version: go1.16.3
Go OS/Arch: linux/amd64
$ ./etcd --config-file etcd.conf.yml
{"level":"info","ts":"2021-07-22T12:03:56.862+0200","caller":"etcdmain/config.go:337","msg":"loaded server configuration, other configuration command line flags and environment variables will be ignored if provided","path":"etcd.conf.yml"}
{"level":"info","ts":"2021-07-22T12:03:56.863+0200","caller":"etcdmain/etcd.go:72","msg":"Running: ","args":["./etcd","--config-file","etcd.conf.yml"]}
{"level":"warn","ts":"2021-07-22T12:03:56.863+0200","caller":"etcdmain/etcd.go:104","msg":"'data-dir' was empty; using default","data-dir":"default.etcd"}
{"level":"info","ts":"2021-07-22T12:03:56.863+0200","caller":"embed/etcd.go:131","msg":"configuring peer listeners","listen-peer-urls":["http://localhost:2380"]}
{"level":"warn","ts":"2021-07-22T12:03:56.864+0200","caller":"transport/listener.go:189","msg":"cannot generate cert","error":"selfSignedCertValidity is invalid,it should be greater than 0"}
{"level":"fatal","ts":"2021-07-22T12:03:56.865+0200","caller":"embed/etcd.go:475","msg":"failed to get peer self-signed certs","error":"selfSignedCertValidity is invalid,it should be greater than 0","stacktrace":"go.etcd.io/etcd/server/v3/embed.configurePeerListeners\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/embed/etcd.go:475\ngo.etcd.io/etcd/server/v3/embed.StartEtcd\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/embed/etcd.go:135\ngo.etcd.io/etcd/server/v3/etcdmain.startEtcd\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/etcdmain/etcd.go:227\ngo.etcd.io/etcd/server/v3/etcdmain.startEtcdOrProxyV2\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/etcdmain/etcd.go:134\ngo.etcd.io/etcd/server/v3/etcdmain.Main\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/etcdmain/main.go:40\nmain.main\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/main.go:32\nruntime.main\n\t/home/remote/sbatsche/.gvm/gos/go1.16.3/src/runtime/proc.go:225"}
The text was updated successfully, but these errors were encountered:
@rafariossaa thanks for reporting. Closing this issue per the discussion in the PR. You can continue going by setting the flag in the conf file. We will be backporting it. @tangcong thanks for the quick fix!
Hi,
Maybe I this is not a real issue and I am missing something. I read the docs but I could not find if I am missing something on this.
When I enabled
peer-transport-security.auto-tls
in the sample config file I got this message:"selfSignedCertValidity is invalid,it should be greater than 0"
but this doesn't happen when doing the same in 3.4.16.This is what I did:
I got the server up and running without issues.
Stopped it.
The text was updated successfully, but these errors were encountered: