forked from poseidon/typhoon
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Configure etcd on Digital Ocean to listen on private IPv4 address only
This is supposed to slightly improve security. Since we do not yet know the IP address of the machine when rendering the template in Terraform, we use Container Linux Config's support for CoreOS Metadata to resolve it during installation. This requires that we use the Container Linux Config `etcd` structure instead of manipulating the `etcd-member.service` directly, because the Container Linux Config transpiler will only interpolate `{}` statements in that section, but not in `systemd` units. Since the Container Linux Config transpiler currently provides no way to set the `ETCD_SSL_DIR` which `/usr/lib/coreos/etcd-wrapper` will mount into the container, we still need to override this environment variable in `etcd-member.service` ourselves. See-also: coreos/bugs#2565 Signed-off-by: Dennis Schridde <devurandom@gmx.net>
- Loading branch information
1 parent
4201eb1
commit 1005914
Showing
2 changed files
with
19 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters