fix self-signed-cert-validity parameter cannot be specified in the co…

[tangcong]

Fix issue #13235

[rafariossaa]

Hi,
Do you have any estimation on when this is going to be merged and a in which version ?.

[spzala]

lgtm Thanks @tangcong
This should be mention in the Changelog, and also backported to 3.5.0.

[tangcong]

@spzala CHANGELOG has been updated. After pr is merged, I will cherry-pick it to release-3.5 branch. thanks.

[spzala]

@spzala CHANGELOG has been updated. After pr is merged, I will cherry-pick it to release-3.5 branch. thanks.

@tangcong awesome, thank you! I just approved CI and will merge once it done running.

[spzala]

@tangcong glad you didn't forget this :) thanks!

[tangcong]

thanks. It can guide users how to set a reasonable expiration time, such as this issue. We'd better also update the document.

[spzala]

Yup, agree. For etcd.io, I will create an issue/work on clean sweep with all new flags. Thanks!

[tangcong]

Hi,
Do you have any estimation on when this is going to be merged and a in which version ?.

In etcd 3.5.0 version, you can specify parameters(etcd --self-signed-cert-validity 5) to bypass this problem.

[rafariossaa]

@tangcong Many thanks !

[rafariossaa]

Hi, @tangcong
The workaround you indicated is not working for me:

#  /opt/bitnami/etcd/bin/etcd --config-file /opt/bitnami/etcd/conf/etcd.conf.yml --self-signed-cert-validity 5
{"level":"info","ts":"2021-08-03T09:02:08.732Z","caller":"etcdmain/config.go:337","msg":"loaded server configuration, other configuration command line flags and environment variables will be ignored if provided","path":"/opt/bitnami/etcd/conf/etcd.conf.yml"}
{"level":"info","ts":"2021-08-03T09:02:08.733Z","caller":"etcdmain/etcd.go:72","msg":"Running: ","args":["/opt/bitnami/etcd/bin/etcd","--config-file","/opt/bitnami/etcd/conf/etcd.conf.yml","--self-signed-cert-validity","5"]}
{"level":"info","ts":"2021-08-03T09:02:08.733Z","caller":"etcdmain/etcd.go:93","msg":"detected default host for advertise","host":"10.10.101.183"}
{"level":"info","ts":"2021-08-03T09:02:08.733Z","caller":"etcdmain/etcd.go:115","msg":"server has been already initialized","data-dir":"/opt/bitnami/etcd/data","dir-type":"member"}
{"level":"info","ts":"2021-08-03T09:02:08.733Z","caller":"embed/etcd.go:131","msg":"configuring peer listeners","listen-peer-urls":["http://localhost:2380"]}
{"level":"warn","ts":"2021-08-03T09:02:08.733Z","caller":"transport/listener.go:189","msg":"cannot generate cert","error":"selfSignedCertValidity is invalid,it should be greater than 0"}
{"level":"fatal","ts":"2021-08-03T09:02:08.733Z","caller":"embed/etcd.go:475","msg":"failed to get peer self-signed certs","error":"selfSignedCertValidity is invalid,it should be greater than 0","stacktrace":"go.etcd.io/etcd/server/v3/embed.configurePeerListeners\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/embed/etcd.go:475\ngo.etcd.io/etcd/server/v3/embed.StartEtcd\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/embed/etcd.go:135\ngo.etcd.io/etcd/server/v3/etcdmain.startEtcd\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/etcdmain/etcd.go:227\ngo.etcd.io/etcd/server/v3/etcdmain.startEtcdOrProxyV2\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/etcdmain/etcd.go:122\ngo.etcd.io/etcd/server/v3/etcdmain.Main\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/etcdmain/main.go:40\nmain.main\n\t/tmp/etcd-release-3.5.0/etcd/release/etcd/server/main.go:32\nruntime.main\n\t/home/remote/sbatsche/.gvm/gos/go1.16.3/src/runtime/proc.go:225"}

Not sure if there is something I am missing something.

[petersutty]

for the moment (on 3.5.0) in etcd.conf you need to use selfSignedCertValidity: 1
instead of self-signed-cert-validity: 1

[rafariossaa]

Thanks, I will try and I will come back to share my result.

[rafariossaa]

Hi,
Just to let you know that this worked for me.
Thanks !!