kaezarrex · June 13, 2018 18:40
diff --git a/README.md b/README.md
diff --git a/etcd_node_patch_sh.sh b/etcd_node_patch_sh.sh
 #! /bin/bash

 ssh -T -i $1 core@$2 <<EOF
 echo -e "\\e[32m#### CHECKING NON-CLIENT-TLS CONNECTION (SHOULD SUCCEED) ####\\e[39m"
 sudo ETCDCTL_API=3 etcdctl --cacert /etc/ssl/etcd/ca.crt --endpoints=https://127.0.0.1:2379 get /registry/namespaces/kube-system --prefix --keys-only
 echo -e "\\e[32m#### SERVICE CONFIG BEFORE ####\\e[39m"
 sudo cat /etc/systemd/system/etcd-member.service.d/40-etcd-cluster.conf
 echo -e "\\e[32m#### UPDATING SERVICE CONFIG ####\\e[39m"
 sudo sed -i '$ s,$, \\\\\\n  --trusted-ca-file=/etc/ssl/etcd/ca.crt \\\\\\n  --client-cert-auth=true,' /etc/systemd/system/etcd-member.service.d/40-etcd-cluster.conf
 echo -e "\\e[32m#### SERVICE CONFIG AFTER ####\\e[39m"
 sudo cat /etc/systemd/system/etcd-member.service.d/40-etcd-cluster.conf
 echo -e "\\e[32m#### RESTARTING ETCD-MEMBER SERVICE ####\\e[39m"
 sudo systemctl daemon-reload
 sudo systemctl restart etcd-member
 echo -e "\\e[32m#### WAIT 5 SECONDS ####\\e[39m"
 sleep 5
 echo -e "\\e[32m#### CHECKING NON-CLIENT-TLS CONNECTION (SHOULD FAIL) ####\\e[39m"
 sudo ETCDCTL_API=3 etcdctl --cacert /etc/ssl/etcd/ca.crt --endpoints=https://127.0.0.1:2379 get /registry/namespaces/kube-system --prefix --keys-only
 sleep 1 # prevent output race condition
 echo -e "\\e[32m#### CHECKING CLUSTER HEALTH ####\\e[39m"
 sudo ETCDCTL_API=3 etcdctl --key="/etc/ssl/etcd/client.key" --cert="/etc/ssl/etcd/client.crt" --cacert="/etc/ssl/etcd/ca.crt" member list -w json | jq '.members[].clientURLs[0]' -r | xargs -i sudo ETCDCTL_API=3 etcdctl --key="/etc/ssl/etcd/client.key" --cert="/etc/ssl/etcd/client.crt" --cacert="/etc/ssl/etcd/ca.crt" --endpoints="{}" endpoint health
 EOF
	#! /bin/bash

	ssh -T -i $1 core@$2 <<EOF
	echo -e "\\e[32m#### CHECKING NON-CLIENT-TLS CONNECTION (SHOULD SUCCEED) ####\\e[39m"
	sudo ETCDCTL_API=3 etcdctl --cacert /etc/ssl/etcd/ca.crt --endpoints=https://127.0.0.1:2379 get /registry/namespaces/kube-system --prefix --keys-only
	echo -e "\\e[32m#### SERVICE CONFIG BEFORE ####\\e[39m"
	sudo cat /etc/systemd/system/etcd-member.service.d/40-etcd-cluster.conf
	echo -e "\\e[32m#### UPDATING SERVICE CONFIG ####\\e[39m"
	sudo sed -i '$ s,$, \\\\\\n --trusted-ca-file=/etc/ssl/etcd/ca.crt \\\\\\n --client-cert-auth=true,' /etc/systemd/system/etcd-member.service.d/40-etcd-cluster.conf
	echo -e "\\e[32m#### SERVICE CONFIG AFTER ####\\e[39m"
	sudo cat /etc/systemd/system/etcd-member.service.d/40-etcd-cluster.conf
	echo -e "\\e[32m#### RESTARTING ETCD-MEMBER SERVICE ####\\e[39m"
	sudo systemctl daemon-reload
	sudo systemctl restart etcd-member
	echo -e "\\e[32m#### WAIT 5 SECONDS ####\\e[39m"
	sleep 5
	echo -e "\\e[32m#### CHECKING NON-CLIENT-TLS CONNECTION (SHOULD FAIL) ####\\e[39m"
	sudo ETCDCTL_API=3 etcdctl --cacert /etc/ssl/etcd/ca.crt --endpoints=https://127.0.0.1:2379 get /registry/namespaces/kube-system --prefix --keys-only
	sleep 1 # prevent output race condition
	echo -e "\\e[32m#### CHECKING CLUSTER HEALTH ####\\e[39m"
	sudo ETCDCTL_API=3 etcdctl --key="/etc/ssl/etcd/client.key" --cert="/etc/ssl/etcd/client.crt" --cacert="/etc/ssl/etcd/ca.crt" member list -w json \| jq '.members[].clientURLs[0]' -r \| xargs -i sudo ETCDCTL_API=3 etcdctl --key="/etc/ssl/etcd/client.key" --cert="/etc/ssl/etcd/client.crt" --cacert="/etc/ssl/etcd/ca.crt" --endpoints="{}" endpoint health
	EOF