Skip to content
This repository has been archived by the owner on Mar 28, 2020. It is now read-only.

tls failure in cluster set up, v0.5.1, etcd 3.2 #1384

Closed
raoofm opened this issue Sep 8, 2017 · 16 comments
Closed

tls failure in cluster set up, v0.5.1, etcd 3.2 #1384

raoofm opened this issue Sep 8, 2017 · 16 comments
Labels
dependency/external

Comments

@raoofm
Copy link

raoofm commented Sep 8, 2017

Used below to generate self signed certs and create k8s secrets
https://coreos.com/os/docs/latest/generate-self-signed-certificates.html
https://github.com/coreos/etcd-operator/blob/master/doc/user/cluster_tls.md

Logs from etcd-operator
time="2017-09-08T16:18:05Z" level=info msg="etcd-operator Version: 0.5.1"
time="2017-09-08T16:18:05Z" level=info msg="Git SHA: cf7d8d5"
time="2017-09-08T16:18:05Z" level=info msg="Go Version: go1.8.3"
time="2017-09-08T16:18:05Z" level=info msg="Go OS/Arch: linux/amd64"
time="2017-09-08T16:18:23Z" level=info msg="Event(v1.ObjectReference{Kind:"Endpoints", Namespace:"etcd-operator", Name:"etcd-operator", UID:"073b648c-8da3-11e7-8ce6-0637473fabae", APIVersion:"v1", ResourceVersion:"32276337", FieldPath:""}): type: 'Normal' reason: 'LeaderElection' etcd-operator-3603461089-jd754 became leader"
time="2017-09-08T16:18:23Z" level=info msg="finding existing clusters..." pkg=controller
time="2017-09-08T16:18:23Z" level=error msg="cluster failed to setup: tls: failed to find any PEM data in certificate input" cluster-name=etcd-dev-cluster pkg=cluster
time="2017-09-08T16:18:23Z" level=info msg="starts running from watch version: 32276337" pkg=controller
time="2017-09-08T16:18:23Z" level=info msg="start watching at 32276337" pkg=controller
time="2017-09-08T16:18:23Z" level=warning msg="fail to handle event: ignore failed cluster (etcd-dev-cluster). Please delete its CR" pkg=controller
time="2017-09-08T16:20:00Z" level=info msg="apiserver closed watch stream, retrying after 5s..." pkg=controller
time="2017-09-08T16:20:05Z" level=info msg="start watching at 32276338" pkg=controller

ca-config.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"server": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"peer": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}

ca-csr.json
{
"CN": "Company CA for etcd-operator",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Some City",
"ST": "Some State",
"O": "Some Company",
"OU": "Security",
"OU": "Development"
}
]
}

server.json
{
"CN": "etcdServer",
"hosts": [
"*.etcd-dev-cluster.etcd-operator.svc",
"etcd-dev-cluster-client.etcd-operator.svc",
"localhost"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Some City",
"ST": "Some State",
"O": "Some Company",
"OU": "Security",
"OU": "Development"
}
]
}

peer.json
{
"CN": "etcdPeer",
"hosts": [
"*.etcd-dev-cluster.etcd-operator.svc"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Some City",
"ST": "Some State",
"O": "Some Company",
"OU": "Security",
"OU": "Development"
}
]
}

client.json
{
"CN": "client",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Some City",
"ST": "Some State",
"O": "Some Company",
"OU": "Security",
"OU": "Development"
}
]
}

Commands used
kubectl create secret generic etcd-peer-tls --from-file=ca.pem --from-file=peer.pem --from-file=peer-key.pem
kubectl create secret generic etcd-server-tls --from-file=ca.pem --from-file=server.pem --from-file=server-key.pem
kubectl create secret generic etcd-client-tls --from-file=ca.pem --from-file=client.pem --from-file=client-key.pem

The only difference that I could see is cfssl spits out pem encoded and the example in etcd-operator cluster_tls setup have .crt and .key file extension (it shouldn't matter as the doc says they should be pem-encoded)
@raoofm raoofm mentioned this issue Sep 8, 2017
Open
@hongchaodeng
Copy link
Member

The only difference that I could see is cfssl spits out pem encoded and the example in etcd-operator cluster_tls setup have .crt and .key file extension

The extension doesn't affect the file's nature. But it is a key in the secret:

Kind: secret
metadata:
  name: etcd-peer-tls
Data:
  peer-ca.crt: ...
  peer.crt: ...
  ...

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017
edited
Loading

@hongchaodeng so the name also matters? For me the ca was same for peer, server and client, so I used ca.pem for all
image

@hongchaodeng
Copy link
Member

hongchaodeng commented Sep 8, 2017
edited
Loading

@raoofm Just copy it to different names. We did the same in bootkube. Just by design we shouldn't couple them.

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017

@hongchaodeng the etcd pods fail and continously restart.

image

logs from etcd-dev-cluster-0000
2017-09-08 18:47:56.782644 I | rafthttp: started HTTP pipelining with peer b943898098165b37
2017-09-08 18:47:56.786072 I | rafthttp: started peer b943898098165b37
2017-09-08 18:47:56.797124 I | rafthttp: added peer b943898098165b37
2017-09-08 18:47:56.797655 I | rafthttp: started streaming with peer b943898098165b37 (writer)
2017-09-08 18:47:56.797713 I | rafthttp: started streaming with peer b943898098165b37 (writer)
2017-09-08 18:47:56.797742 I | rafthttp: started streaming with peer b943898098165b37 (stream MsgApp v2 reader)
2017-09-08 18:47:56.798318 I | rafthttp: started streaming with peer b943898098165b37 (stream Message reader)
2017-09-08 18:47:57.963182 I | etcdmain: rejected connection from "10.36.249.230:59778" (tls: "10.36.249.230" does not match any of DNSNames ["*.etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 18:47:58.541618 W | raft: 243d51b88927a056 stepped down to follower since quorum is not active
2017-09-08 18:47:58.541724 I | raft: 243d51b88927a056 became follower at term 2
2017-09-08 18:47:58.541773 I | raft: raft.node: 243d51b88927a056 lost leader 243d51b88927a056 at term 2
2017-09-08 18:47:59.295236 I | raft: 243d51b88927a056 no leader at term 2; dropping index reading msg
2017-09-08 18:47:59.944240 I | raft: 243d51b88927a056 is starting a new election at term 2
2017-09-08 18:47:59.944325 I | raft: 243d51b88927a056 became candidate at term 3
2017-09-08 18:47:59.944353 I | raft: 243d51b88927a056 received MsgVoteResp from 243d51b88927a056 at term 3
2017-09-08 18:47:59.944378 I | raft: 243d51b88927a056 [logterm: 2, index: 5] sent MsgVote request to b943898098165b37 at term 3
2017-09-08 18:48:01.341663 I | raft: 243d51b88927a056 is starting a new election at term 3
2017-09-08 18:48:01.341697 I | raft: 243d51b88927a056 became candidate at term 4
2017-09-08 18:48:01.341707 I | raft: 243d51b88927a056 received MsgVoteResp from 243d51b88927a056 at term 4
2017-09-08 18:48:01.341716 I | raft: 243d51b88927a056 [logterm: 2, index: 5] sent MsgVote request to b943898098165b37 at term 4
2017-09-08 18:48:01.798388 W | rafthttp: health check for peer b943898098165b37 could not connect:
2017-09-08 18:48:03.141567 I | raft: 243d51b88927a056 is starting a new election at term 4
2017-09-08 18:48:03.141593 I | raft: 243d51b88927a056 became candidate at term 5
2017-09-08 18:48:03.141602 I | raft: 243d51b88927a056 received MsgVoteResp from 243d51b88927a056 at term 5
2017-09-08 18:48:03.141610 I | raft: 243d51b88927a056 [logterm: 2, index: 5] sent MsgVote request to b943898098165b37 at term 5
2017-09-08 18:48:04.441615 I | raft: 243d51b88927a056 is starting a new election at term 5
2017-09-08 18:48:04.441719 I | raft: 243d51b88927a056 became candidate at term 6
2017-09-08 18:48:04.441771 I | raft: 243d51b88927a056 received MsgVoteResp from 243d51b88927a056 at term 6
2017-09-08 18:48:04.441801 I | raft: 243d51b88927a056 [logterm: 2, index: 5] sent MsgVote request to b943898098165b37 at term 6
2017-09-08 18:48:06.141659 I | raft: 243d51b88927a056 is starting a new election at term 6
2017-09-08 18:48:06.141796 I | raft: 243d51b88927a056 became candidate at term 7
2017-09-08 18:48:06.141826 I | raft: 243d51b88927a056 received MsgVoteResp from 243d51b88927a056 at term 7
2017-09-08 18:48:06.141855 I | raft: 243d51b88927a056 [logterm: 2, index: 5] sent MsgVote request to b943898098165b37 at term 7
2017-09-08 18:48:06.295419 W | etcdserver: timed out waiting for read index response
2017-09-08 18:48:06.798676 W | rafthttp: health check for peer b943898098165b37 could not connect: dial tcp: lookup etcd-dev-cluster-0001.etcd-dev-cluster.etcd-operator.svc on 100.64.0.10:53: no such host
2017-09-08 18:48:07.541674 I | raft: 243d51b88927a056 is starting a new election at term 7
2017-09-08 18:48:07.541810 I | raft: 243d51b88927a056 became candidate at term 8
2017-09-08 18:48:07.541839 I | raft: 243d51b88927a056 received MsgVoteResp from 243d51b88927a056 at term 8
2017-09-08 18:48:07.541865 I | raft: 243d51b88927a056 [logterm: 2, index: 5] sent MsgVote request to b943898098165b37 at term 8
2017-09-08 18:48:08.641641 I | raft: 243d51b88927a056 is starting a new election at term 8
2017-09-08 18:48:08.641776 I | raft: 243d51b88927a056 became candidate at term 9
2017-09-08 18:48:08.641805 I | raft: 243d51b88927a056 received MsgVoteResp from 243d51b88927a056 at term 9
2017-09-08 18:48:08.641833 I | raft: 243d51b88927a056 [logterm: 2, index: 5] sent MsgVote request to b943898098165b37 at term 9

logs from etcd-dev-cluster-0001
2017-09-08 18:48:47.209207 I | etcdserver: data dir = /var/etcd/data
2017-09-08 18:48:47.209229 I | etcdserver: member dir = /var/etcd/data/member
2017-09-08 18:48:47.209248 I | etcdserver: heartbeat = 100ms
2017-09-08 18:48:47.209265 I | etcdserver: election = 1000ms
2017-09-08 18:48:47.209304 I | etcdserver: snapshot count = 100000
2017-09-08 18:48:47.209331 I | etcdserver: advertise client URLs = https://etcd-dev-cluster-0002.etcd-dev-cluster.etcd-operator.svc:2379
2017-09-08 18:48:47.210032 I | etcdserver: restarting member 382312863c9b8f70 in cluster 525b6468a9ee3365 at commit index 1
2017-09-08 18:48:47.210335 I | raft: 382312863c9b8f70 became follower at term 1
2017-09-08 18:48:47.210521 I | raft: newRaft 382312863c9b8f70 [peers: [382312863c9b8f70], term: 1, commit: 1, applied: 1, lastindex: 1, lastterm: 1]
2017-09-08 18:48:47.210899 I | etcdserver/membership: added member 382312863c9b8f70 [https://etcd-dev-cluster-0002.etcd-dev-cluster.etcd-operator.svc:2380] to cluster 525b6468a9ee3365 from store
2017-09-08 18:48:47.255633 W | auth: simple token is not cryptographically signed
2017-09-08 18:48:47.259715 I | etcdserver: starting server... [version: 3.2.5, cluster version: to_be_decided]
2017-09-08 18:48:47.259771 I | embed: ClientTLS: cert = /etc/etcdtls/member/server-tls/server.crt, key = /etc/etcdtls/member/server-tls/server.key, ca = , trusted-ca = /etc/etcdtls/member/server-tls/server-ca.crt, client-cert-auth = true
2017-09-08 18:48:47.611230 I | raft: 382312863c9b8f70 is starting a new election at term 1
2017-09-08 18:48:47.611260 I | raft: 382312863c9b8f70 became candidate at term 2
2017-09-08 18:48:47.611284 I | raft: 382312863c9b8f70 received MsgVoteResp from 382312863c9b8f70 at term 2
2017-09-08 18:48:47.611298 I | raft: 382312863c9b8f70 became leader at term 2
2017-09-08 18:48:47.611326 I | raft: raft.node: 382312863c9b8f70 elected leader 382312863c9b8f70 at term 2
2017-09-08 18:48:47.611707 I | etcdserver: setting up the initial cluster version to 3.2
2017-09-08 18:48:47.612714 N | etcdserver/membership: set the initial cluster version to 3.2
2017-09-08 18:48:47.612757 I | etcdserver/api: enabled capabilities for version 3.2
2017-09-08 18:48:47.612781 I | etcdserver: published {Name:etcd-dev-cluster-0002 ClientURLs:[https://etcd-dev-cluster-0002.etcd-dev-cluster.etcd-operator.svc:2379]} to cluster 525b6468a9ee3365
2017-09-08 18:48:47.612858 I | embed: ready to serve client requests
2017-09-08 18:48:47.613918 I | embed: serving client requests on [::]:2379
2017-09-08 18:48:47.625837 I | etcdserver/api/v3rpc: Failed to dial 0.0.0.0:2379: connection error: desc = "transport: remote error: tls: bad certificate"; please retry.
2017-09-08 18:48:52.379070 I | etcdserver/membership: added member c5dc584678a7b45e [https://etcd-dev-cluster-0003.etcd-dev-cluster.etcd-operator.svc:2380] to cluster 525b6468a9ee3365
2017-09-08 18:48:52.379172 I | rafthttp: starting peer c5dc584678a7b45e...
2017-09-08 18:48:52.379221 I | rafthttp: started HTTP pipelining with peer c5dc584678a7b45e
2017-09-08 18:48:52.383355 I | rafthttp: started peer c5dc584678a7b45e
2017-09-08 18:48:52.383419 I | rafthttp: added peer c5dc584678a7b45e
2017-09-08 18:48:52.386881 I | rafthttp: started streaming with peer c5dc584678a7b45e (writer)
2017-09-08 18:48:52.386947 I | rafthttp: started streaming with peer c5dc584678a7b45e (writer)
2017-09-08 18:48:52.386998 I | rafthttp: started streaming with peer c5dc584678a7b45e (stream MsgApp v2 reader)
2017-09-08 18:48:52.387501 I | rafthttp: started streaming with peer c5dc584678a7b45e (stream Message reader)
2017-09-08 18:48:53.614256 W | raft: 382312863c9b8f70 stepped down to follower since quorum is not active
2017-09-08 18:48:53.614283 I | raft: 382312863c9b8f70 became follower at term 2
2017-09-08 18:48:53.614290 I | raft: raft.node: 382312863c9b8f70 lost leader 382312863c9b8f70 at term 2
2017-09-08 18:48:53.851039 I | etcdmain: rejected connection from "10.39.167.136:44976" (tls: "10.39.167.136" does not match any of DNSNames ["*.etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 18:48:55.111175 I | raft: 382312863c9b8f70 is starting a new election at term 2
2017-09-08 18:48:55.111283 I | raft: 382312863c9b8f70 became candidate at term 3
2017-09-08 18:48:55.111311 I | raft: 382312863c9b8f70 received MsgVoteResp from 382312863c9b8f70 at term 3
2017-09-08 18:48:55.111339 I | raft: 382312863c9b8f70 [logterm: 2, index: 5] sent MsgVote request to c5dc584678a7b45e at term 3
2017-09-08 18:48:56.611167 I | raft: 382312863c9b8f70 is starting a new election at term 3
2017-09-08 18:48:56.611267 I | raft: 382312863c9b8f70 became candidate at term 4
2017-09-08 18:48:56.611305 I | raft: 382312863c9b8f70 received MsgVoteResp from 382312863c9b8f70 at term 4
2017-09-08 18:48:56.611352 I | raft: 382312863c9b8f70 [logterm: 2, index: 5] sent MsgVote request to c5dc584678a7b45e at term 4

logs from etcd-dev-cluster-0036
2017-09-08 18:57:31.091870 I | raft: 75f80e302a7affee became candidate at term 4
2017-09-08 18:57:31.091898 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 4
2017-09-08 18:57:31.091949 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 4
2017-09-08 18:57:31.795685 W | rafthttp: health check for peer 15b0f9573d086878 could not connect:
2017-09-08 18:57:32.691798 I | raft: 75f80e302a7affee is starting a new election at term 4
2017-09-08 18:57:32.691907 I | raft: 75f80e302a7affee became candidate at term 5
2017-09-08 18:57:32.691959 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 5
2017-09-08 18:57:32.691989 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 5
2017-09-08 18:57:34.194199 I | raft: 75f80e302a7affee is starting a new election at term 5
2017-09-08 18:57:34.194276 I | raft: 75f80e302a7affee became candidate at term 6
2017-09-08 18:57:34.194302 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 6
2017-09-08 18:57:34.194351 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 6
2017-09-08 18:57:35.992586 I | raft: 75f80e302a7affee is starting a new election at term 6
2017-09-08 18:57:35.992688 I | raft: 75f80e302a7affee became candidate at term 7
2017-09-08 18:57:35.992742 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 7
2017-09-08 18:57:35.992775 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 7
2017-09-08 18:57:36.795800 W | rafthttp: health check for peer 15b0f9573d086878 could not connect: dial tcp 10.36.249.230:2380: i/o timeout
2017-09-08 18:57:36.991812 I | raft: 75f80e302a7affee is starting a new election at term 7
2017-09-08 18:57:36.991913 I | raft: 75f80e302a7affee became candidate at term 8
2017-09-08 18:57:36.991963 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 8
2017-09-08 18:57:36.991993 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 8
2017-09-08 18:57:38.091794 I | raft: 75f80e302a7affee is starting a new election at term 8
2017-09-08 18:57:38.091897 I | raft: 75f80e302a7affee became candidate at term 9
2017-09-08 18:57:38.091947 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 9
2017-09-08 18:57:38.091976 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 9
2017-09-08 18:57:39.391788 I | raft: 75f80e302a7affee is starting a new election at term 9
2017-09-08 18:57:39.391895 I | raft: 75f80e302a7affee became candidate at term 10
2017-09-08 18:57:39.391948 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 10
2017-09-08 18:57:39.391977 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 10
2017-09-08 18:57:41.191813 I | raft: 75f80e302a7affee is starting a new election at term 10
2017-09-08 18:57:41.191924 I | raft: 75f80e302a7affee became candidate at term 11
2017-09-08 18:57:41.192050 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 11
2017-09-08 18:57:41.192077 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 11
2017-09-08 18:57:41.687217 W | etcdserver: timed out waiting for read index response
2017-09-08 18:57:41.796044 W | rafthttp: health check for peer 15b0f9573d086878 could not connect: dial tcp 10.36.249.230:2380: i/o timeout
2017-09-08 18:57:42.800404 I | raft: 75f80e302a7affee is starting a new election at term 11
2017-09-08 18:57:42.800506 I | raft: 75f80e302a7affee became candidate at term 12
2017-09-08 18:57:42.800558 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 12
2017-09-08 18:57:42.800588 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 12
2017-09-08 18:57:43.791862 I | raft: 75f80e302a7affee is starting a new election at term 12
2017-09-08 18:57:43.791939 I | raft: 75f80e302a7affee became candidate at term 13
2017-09-08 18:57:43.791966 I | raft: 75f80e302a7affee received MsgVoteResp from 75f80e302a7affee at term 13
2017-09-08 18:57:43.792017 I | raft: 75f80e302a7affee [logterm: 2, index: 5] sent MsgVote request to 15b0f9573d086878 at term 13

logs from etcd-dev-cluster-0037
2017-09-08 18:57:28.296663 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_PROTO=tcp
2017-09-08 18:57:28.296748 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_PORT=2379
2017-09-08 18:57:28.296775 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT=tcp://100.70.97.84:2379
2017-09-08 18:57:28.296794 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_PORT=2379
2017-09-08 18:57:28.296838 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP=tcp://100.64.30.123:19999
2017-09-08 18:57:28.296858 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_PROTO=tcp
2017-09-08 18:57:28.296875 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT=tcp://100.64.30.123:19999
2017-09-08 18:57:28.296895 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_PORT=19999
2017-09-08 18:57:28.296916 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP=tcp://100.64.239.217:2379
2017-09-08 18:57:28.296933 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP=tcp://100.70.97.84:2379
2017-09-08 18:57:28.296951 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_ADDR=100.64.30.123
2017-09-08 18:57:28.296989 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_HOST=100.64.239.217
2017-09-08 18:57:28.297010 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_PORT_BACKUP_SERVICE=19999
2017-09-08 18:57:28.297026 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_PORT=19999
2017-09-08 18:57:28.297043 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_PORT_CLIENT=2379
2017-09-08 18:57:28.297064 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_HOST=100.70.97.84
2017-09-08 18:57:28.297081 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_PROTO=tcp
2017-09-08 18:57:28.297097 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_ADDR=100.64.239.217
2017-09-08 18:57:28.297113 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_PORT_CLIENT=2379
2017-09-08 18:57:28.297129 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT=tcp://100.64.239.217:2379
2017-09-08 18:57:28.297169 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_PORT=2379
2017-09-08 18:57:28.297185 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_HOST=100.64.30.123
2017-09-08 18:57:28.297201 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_PORT=2379
2017-09-08 18:57:28.297217 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_ADDR=100.70.97.84
2017-09-08 18:57:28.297248 I | etcdmain: etcd Version: 3.2.5
2017-09-08 18:57:28.297266 I | etcdmain: Git SHA: d0d1a87
2017-09-08 18:57:28.297281 I | etcdmain: Go Version: go1.8.3
2017-09-08 18:57:28.297317 I | etcdmain: Go OS/Arch: linux/amd64
2017-09-08 18:57:28.297335 I | etcdmain: setting maximum number of CPUs to 1, total number of available CPUs is 1
2017-09-08 18:57:28.297379 I | embed: peerTLS: cert = /etc/etcdtls/member/peer-tls/peer.crt, key = /etc/etcdtls/member/peer-tls/peer.key, ca = , trusted-ca = /etc/etcdtls/member/peer-tls/peer-ca.crt, client-cert-auth = true
2017-09-08 18:57:28.298393 I | embed: listening for peers on https://0.0.0.0:2380
2017-09-08 18:57:28.311792 I | embed: listening for client requests on 0.0.0.0:2379
2017-09-08 18:57:28.353979 W | etcdserver: could not get cluster response from https://etcd-dev-cluster-0036.etcd-dev-cluster.etcd-operator.svc:2380: Get https://etcd-dev-cluster-0036.etcd-dev-cluster.etcd-operator.svc:2380/members: EOF
2017-09-08 18:57:28.359493 C | etcdmain: cannot fetch cluster info from peer urls: could not retrieve cluster information from the given urls

image

image

image

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017

copying complete logs

etcd-dev-cluster-0088
2017-09-08 19:08:48.435269 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_PROTO=tcp
2017-09-08 19:08:48.435389 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT=tcp://100.70.97.84:2379
2017-09-08 19:08:48.435440 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_PORT=2379
2017-09-08 19:08:48.435461 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP=tcp://100.64.30.123:19999
2017-09-08 19:08:48.435479 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_PORT=2379
2017-09-08 19:08:48.435496 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_PROTO=tcp
2017-09-08 19:08:48.435514 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT=tcp://100.64.30.123:19999
2017-09-08 19:08:48.435534 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_PORT=19999
2017-09-08 19:08:48.435554 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP=tcp://100.64.239.217:2379
2017-09-08 19:08:48.435594 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP=tcp://100.70.97.84:2379
2017-09-08 19:08:48.435614 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_ADDR=100.64.30.123
2017-09-08 19:08:48.435631 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_HOST=100.64.239.217
2017-09-08 19:08:48.435648 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_PORT=19999
2017-09-08 19:08:48.435665 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_PORT_BACKUP_SERVICE=19999
2017-09-08 19:08:48.435682 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_HOST=100.70.97.84
2017-09-08 19:08:48.435700 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_PROTO=tcp
2017-09-08 19:08:48.435717 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_PORT_CLIENT=2379
2017-09-08 19:08:48.435755 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_ADDR=100.64.239.217
2017-09-08 19:08:48.435774 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_PORT_CLIENT=2379
2017-09-08 19:08:48.435791 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT=tcp://100.64.239.217:2379
2017-09-08 19:08:48.435808 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_PORT=2379
2017-09-08 19:08:48.435824 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_HOST=100.64.30.123
2017-09-08 19:08:48.435841 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_PORT=2379
2017-09-08 19:08:48.435858 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_ADDR=100.70.97.84
2017-09-08 19:08:48.435917 I | etcdmain: etcd Version: 3.2.5
2017-09-08 19:08:48.435937 I | etcdmain: Git SHA: d0d1a87
2017-09-08 19:08:48.435953 I | etcdmain: Go Version: go1.8.3
2017-09-08 19:08:48.435968 I | etcdmain: Go OS/Arch: linux/amd64
2017-09-08 19:08:48.435984 I | etcdmain: setting maximum number of CPUs to 1, total number of available CPUs is 1
2017-09-08 19:08:48.436047 N | etcdmain: the server is already initialized as member before, starting as etcd member...
2017-09-08 19:08:48.436111 I | embed: peerTLS: cert = /etc/etcdtls/member/peer-tls/peer.crt, key = /etc/etcdtls/member/peer-tls/peer.key, ca = , trusted-ca = /etc/etcdtls/member/peer-tls/peer-ca.crt, client-cert-auth = true
2017-09-08 19:08:48.437773 I | embed: listening for peers on https://0.0.0.0:2380
2017-09-08 19:08:48.437850 I | embed: listening for client requests on 0.0.0.0:2379
2017-09-08 19:08:48.439474 I | etcdserver: recovered store from snapshot at index 1
2017-09-08 19:08:48.482457 I | etcdserver: name = etcd-dev-cluster-0088
2017-09-08 19:08:48.482544 I | etcdserver: data dir = /var/etcd/data
2017-09-08 19:08:48.482569 I | etcdserver: member dir = /var/etcd/data/member
2017-09-08 19:08:48.482588 I | etcdserver: heartbeat = 100ms
2017-09-08 19:08:48.482604 I | etcdserver: election = 1000ms
2017-09-08 19:08:48.482620 I | etcdserver: snapshot count = 100000
2017-09-08 19:08:48.482648 I | etcdserver: advertise client URLs = https://etcd-dev-cluster-0088.etcd-dev-cluster.etcd-operator.svc:2379
2017-09-08 19:08:48.483447 I | etcdserver: restarting member c2cb8f551d2cafa2 in cluster f11ac404be59e37a at commit index 1
2017-09-08 19:08:48.483516 I | raft: c2cb8f551d2cafa2 became follower at term 1
2017-09-08 19:08:48.483615 I | raft: newRaft c2cb8f551d2cafa2 [peers: [c2cb8f551d2cafa2], term: 1, commit: 1, applied: 1, lastindex: 1, lastterm: 1]
2017-09-08 19:08:48.483812 I | etcdserver/membership: added member c2cb8f551d2cafa2 [https://etcd-dev-cluster-0088.etcd-dev-cluster.etcd-operator.svc:2380] to cluster f11ac404be59e37a from store
2017-09-08 19:08:48.498695 W | auth: simple token is not cryptographically signed
2017-09-08 19:08:48.502743 I | etcdserver: starting server... [version: 3.2.5, cluster version: to_be_decided]
2017-09-08 19:08:48.502815 I | embed: ClientTLS: cert = /etc/etcdtls/member/server-tls/server.crt, key = /etc/etcdtls/member/server-tls/server.key, ca = , trusted-ca = /etc/etcdtls/member/server-tls/server-ca.crt, client-cert-auth = true
2017-09-08 19:08:48.618970 I | etcdmain: rejected connection from "10.38.202.130:45086" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:48.620147 I | etcdmain: rejected connection from "10.38.202.130:45088" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:48.695788 I | raft: c2cb8f551d2cafa2 is starting a new election at term 1
2017-09-08 19:08:48.695900 I | raft: c2cb8f551d2cafa2 became candidate at term 2
2017-09-08 19:08:48.695937 I | raft: c2cb8f551d2cafa2 received MsgVoteResp from c2cb8f551d2cafa2 at term 2
2017-09-08 19:08:48.695973 I | raft: c2cb8f551d2cafa2 became leader at term 2
2017-09-08 19:08:48.695996 I | raft: raft.node: c2cb8f551d2cafa2 elected leader c2cb8f551d2cafa2 at term 2
2017-09-08 19:08:48.696662 I | etcdserver: setting up the initial cluster version to 3.2
2017-09-08 19:08:48.696760 I | etcdserver: published {Name:etcd-dev-cluster-0088 ClientURLs:[https://etcd-dev-cluster-0088.etcd-dev-cluster.etcd-operator.svc:2379]} to cluster f11ac404be59e37a
2017-09-08 19:08:48.696887 I | embed: ready to serve client requests
2017-09-08 19:08:48.697378 I | embed: serving client requests on [::]:2379
2017-09-08 19:08:48.698112 N | etcdserver/membership: set the initial cluster version to 3.2
2017-09-08 19:08:48.698188 I | etcdserver/api: enabled capabilities for version 3.2
2017-09-08 19:08:48.721613 I | etcdserver/api/v3rpc: Failed to dial 0.0.0.0:2379: connection error: desc = "transport: remote error: tls: bad certificate"; please retry.
2017-09-08 19:08:48.785634 I | etcdmain: rejected connection from "10.38.202.130:45092" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:48.791277 I | etcdmain: rejected connection from "10.38.202.130:45090" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:48.955197 I | etcdmain: rejected connection from "10.38.202.130:45094" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:48.960639 I | etcdmain: rejected connection from "10.38.202.130:45096" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.150530 I | etcdmain: rejected connection from "10.38.202.130:45108" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.179815 I | etcdmain: rejected connection from "10.38.202.130:45106" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.236412 I | etcdmain: rejected connection from "10.38.202.130:45110" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.267527 I | etcdmain: rejected connection from "10.38.202.130:45112" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.297783 I | etcdmain: rejected connection from "10.38.202.130:45114" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.386350 I | etcdmain: rejected connection from "10.38.202.130:45116" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.427004 I | etcdmain: rejected connection from "10.38.202.130:45118" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.517519 I | etcdmain: rejected connection from "10.38.202.130:45120" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.544701 I | etcdmain: rejected connection from "10.38.202.130:45122" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.647416 I | etcdmain: rejected connection from "10.38.202.130:45124" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.662862 I | etcdmain: rejected connection from "10.38.202.130:45126" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.763761 I | etcdmain: rejected connection from "10.38.202.130:45128" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.789094 I | etcdmain: rejected connection from "10.38.202.130:45130" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.887999 I | etcdmain: rejected connection from "10.38.202.130:45132" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:49.953746 I | etcdmain: rejected connection from "10.38.202.130:45134" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.010928 I | etcdmain: rejected connection from "10.38.202.130:45136" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.079638 I | etcdmain: rejected connection from "10.38.202.130:45138" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.130931 I | etcdmain: rejected connection from "10.38.202.130:45140" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.201869 I | etcdmain: rejected connection from "10.38.202.130:45142" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.255044 I | etcdmain: rejected connection from "10.38.202.130:45144" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.319155 I | etcdmain: rejected connection from "10.38.202.130:45146" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.372649 I | etcdmain: rejected connection from "10.38.202.130:45148" (tls: "10.38.202.130" does not match any of DNSNames [".etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:08:50.432763 I | etcdmain: rejected connection from "10.38.202.130:45150" (read tcp 10.39.167.136:2380->10.38.202.130:45150: read: connection reset by peer)
2017-09-08 19:08:58.765231 I | etcdserver/membership: added member 8ff5541e7188af2f [https://etcd-dev-cluster-0089.etcd-dev-cluster.etcd-operator.svc:2380] to cluster f11ac404be59e37a
2017-09-08 19:08:58.765334 I | rafthttp: starting peer 8ff5541e7188af2f...
2017-09-08 19:08:58.765380 I | rafthttp: started HTTP pipelining with peer 8ff5541e7188af2f
2017-09-08 19:08:58.769618 I | rafthttp: started peer 8ff5541e7188af2f
2017-09-08 19:08:58.769683 I | rafthttp: added peer 8ff5541e7188af2f
2017-09-08 19:08:58.773311 I | rafthttp: started streaming with peer 8ff5541e7188af2f (writer)
2017-09-08 19:08:58.773363 I | rafthttp: started streaming with peer 8ff5541e7188af2f (writer)
2017-09-08 19:08:58.773417 I | rafthttp: started streaming with peer 8ff5541e7188af2f (stream MsgApp v2 reader)
2017-09-08 19:08:58.773825 I | rafthttp: started streaming with peer 8ff5541e7188af2f (stream Message reader)
2017-09-08 19:08:59.762705 I | etcdmain: rejected connection from "10.38.202.130:45194" (tls: "10.38.202.130" does not match any of DNSNames ["*.etcd-dev-cluster.etcd-operator.svc"])
2017-09-08 19:09:00.692213 W | raft: c2cb8f551d2cafa2 stepped down to follower since quorum is not active

etcd-dev-cluster-0087
2017-09-08 19:08:33.145221 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_PROTO=tcp
2017-09-08 19:08:33.145344 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT=tcp://100.70.97.84:2379
2017-09-08 19:08:33.145367 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_PORT=2379
2017-09-08 19:08:33.145384 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP=tcp://100.64.30.123:19999
2017-09-08 19:08:33.145402 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_PORT=2379
2017-09-08 19:08:33.149158 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_PROTO=tcp
2017-09-08 19:08:33.149200 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_PORT=19999
2017-09-08 19:08:33.149258 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT=tcp://100.64.30.123:19999
2017-09-08 19:08:33.149281 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP=tcp://100.64.239.217:2379
2017-09-08 19:08:33.149299 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP=tcp://100.70.97.84:2379
2017-09-08 19:08:33.149317 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_ADDR=100.64.30.123
2017-09-08 19:08:33.149334 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_HOST=100.64.239.217
2017-09-08 19:08:33.149350 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_PORT_BACKUP_SERVICE=19999
2017-09-08 19:08:33.149369 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_PORT=19999
2017-09-08 19:08:33.149386 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_PORT_19999_TCP_PROTO=tcp
2017-09-08 19:08:33.149427 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_HOST=100.70.97.84
2017-09-08 19:08:33.149445 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_PORT_CLIENT=2379
2017-09-08 19:08:33.149461 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_ADDR=100.64.239.217
2017-09-08 19:08:33.149477 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_SERVICE_PORT_CLIENT=2379
2017-09-08 19:08:33.149493 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT=tcp://100.64.239.217:2379
2017-09-08 19:08:33.149552 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_PORT=2379
2017-09-08 19:08:33.149595 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_BACKUP_SIDECAR_SERVICE_HOST=100.64.30.123
2017-09-08 19:08:33.149613 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_SERVICE_LB_PORT_2379_TCP_ADDR=100.70.97.84
2017-09-08 19:08:33.149629 W | pkg/flags: unrecognized environment variable ETCD_DEV_CLUSTER_CLIENT_PORT_2379_TCP_PORT=2379
2017-09-08 19:08:33.149665 I | etcdmain: etcd Version: 3.2.5
2017-09-08 19:08:33.149683 I | etcdmain: Git SHA: d0d1a87
2017-09-08 19:08:33.149698 I | etcdmain: Go Version: go1.8.3
2017-09-08 19:08:33.149737 I | etcdmain: Go OS/Arch: linux/amd64
2017-09-08 19:08:33.149757 I | etcdmain: setting maximum number of CPUs to 1, total number of available CPUs is 1
2017-09-08 19:08:33.149812 I | embed: peerTLS: cert = /etc/etcdtls/member/peer-tls/peer.crt, key = /etc/etcdtls/member/peer-tls/peer.key, ca = , trusted-ca = /etc/etcdtls/member/peer-tls/peer-ca.crt, client-cert-auth = true
2017-09-08 19:08:33.160184 I | embed: listening for peers on https://0.0.0.0:2380
2017-09-08 19:08:33.160224 I | embed: listening for client requests on 0.0.0.0:2379
2017-09-08 19:08:33.242711 W | etcdserver: could not get cluster response from https://etcd-dev-cluster-0086.etcd-dev-cluster.etcd-operator.svc:2380: Get https://etcd-dev-cluster-0086.etcd-dev-cluster.etcd-operator.svc:2380/members: EOF
2017-09-08 19:08:33.260245 C | etcdmain: cannot fetch cluster info from peer urls: could not retrieve cluster information from the given urls

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017

@xiang90 @hongchaodeng any suggestions ?

@hongchaodeng
Copy link
Member

tls: bad certificate

Seems like TLS cert problem.

2017-09-08 19:08:33.149665 I | etcdmain: etcd Version: 3.2.5

Can you provide reproduce steps? Actually can you try with 3.1 first? We haven't tested 3.2 yet...

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017

@hongchaodeng @xiang90 works with 3.1.8 but not with 3.2.5

I would like to use latest 3.2.6, can your team spend some time to see what is the breaking change in tls and what the end user need to change in cert generation.

@hongchaodeng
Copy link
Member

hongchaodeng commented Sep 8, 2017
edited
Loading

@raoofm Have you tried your configuration and see if it works with 3.1 first?

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017

yes that is what I confirmed

works with 3.1.8 but not with 3.2.5

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017

yes I tried and it works with 3.1.8

@hongchaodeng
Copy link
Member

hongchaodeng commented Sep 8, 2017
edited
Loading

Confirmed the same issue with etcd "3.2.5".

2017-09-08 18:47:57.963182 I | etcdmain: rejected connection from "10.36.249.230:59778" (tls: "10.36.249.230" does not match any of DNSNames ["*.etcd-dev-cluster.etcd-operator.svc"])

This looks suspicious.

@hongchaodeng
Copy link
Member

hongchaodeng commented Sep 8, 2017
edited
Loading

@raoofm
This is etcd 3.2 regression.
Are you gonna create an issue in etcd to track it? Or we can do it too.

@raoofm
Copy link
Author

raoofm commented Sep 8, 2017

ok will do

@raoofm raoofm mentioned this issue Sep 8, 2017
Closed
@hongchaodeng hongchaodeng changed the title tls failure in cluster set up, v0.5.1 tls failure in cluster set up, v0.5.1, etcd 3.2 Sep 12, 2017
@hongchaodeng hongchaodeng mentioned this issue Sep 12, 2017
Closed
@raoofm
Copy link
Author

raoofm commented Oct 2, 2017
edited
Loading

@hongchaodeng any update on making etcd-operator compatible with v3.2 etcd

@hongchaodeng
Copy link
Member

fixed in 0.7.0+

@tkellen tkellen mentioned this issue May 21, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
dependency/external
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hongchaodeng @raoofm