pool/etcd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 708040 from devel:CaaSP:Head:ControllerNode

Browse Source 
OBS-URL: https://build.opensuse.org/request/show/708040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/etcd?expand=0&rev=16
This commit is contained in:
Dominique Leuenberger 2019-06-13 21:01:44 +00:00 committed by Git OBS Bridge
commit 7d5fd0dd68
4 changed files with 24 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.security Normal file
View File

@ -0,0 +1,10 @@
By default etcd doesn't require authentication. If you configure etcd to be reachable
over the network, have untrustworthy local users on the system where etc runs or store
date in etcd that needs to be kept confidential please make sure to enable authentication.
You can do that by configuring the settings under [security] in /etc/sysconfig/etcd.
For additional guidance please red
https://coreos.com/etcd/docs/latest/v2/security.html
and
https://coreos.com/etcd/docs/latest/op-guide/authentication.html
to ensure that you enforce proper access control

7
etcd.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jun 5 13:08:46 UTC 2019 - <jsegitz@suse.com>
- Added README.security and wording in the configuration file to
ensure users are aware that they need to configure etcd to require
authentication
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Jan 30 11:58:15 UTC 2019 - Panagiotis Georgiadis pgeorgiadis@suse.com Wed Jan 30 11:58:15 UTC 2019 - Panagiotis Georgiadis pgeorgiadis@suse.com

4
etcd.conf
View File

@ -5,6 +5,10 @@ ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_SNAPSHOT_COUNT="10000" #ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100" #ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000" #ETCD_ELECTION_TIMEOUT="1000"
# Before changing this setting allowing etcd to be reachable over the network
# or if you have untrustworthy local users on the system where etc runs please
# make sure to enable authentication in the [security] section below. Please
# also read README.security for this package
#ETCD_LISTEN_PEER_URLS="http://localhost:2380" #ETCD_LISTEN_PEER_URLS="http://localhost:2380"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
#ETCD_MAX_SNAPSHOTS="5" #ETCD_MAX_SNAPSHOTS="5"

4
etcd.spec
View File

@ -33,6 +33,7 @@ Source1: %{name}.conf
Source2: %{name}.service Source2: %{name}.service
Source3: etcd_client_firewall Source3: etcd_client_firewall
Source4: etcd_server_firewall Source4: etcd_server_firewall
Source5: README.security
BuildRequires: golang-packaging BuildRequires: golang-packaging
BuildRequires: shadow BuildRequires: shadow
BuildRequires: systemd-rpm-macros BuildRequires: systemd-rpm-macros
@ -68,6 +69,7 @@ to explore an etcd cluster.
%prep %prep
%setup -q %setup -q
cp %{SOURCE5} .
%build %build
%{goprep} github.com/coreos/etcd %{goprep} github.com/coreos/etcd
@ -111,7 +113,7 @@ getent passwd %{name} >/dev/null || %{_sbindir}/useradd -r -g %{name} -d %{_loca
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%doc CONTRIBUTING.md README.md DCO NOTICE %doc CONTRIBUTING.md README.md DCO NOTICE README.security
%license LICENSE %license LICENSE
%{_sbindir}/%{name} %{_sbindir}/%{name}