Add read/write and grant config info for external etcd in cluster guide #2218

hillaryfraley · 2020-02-25T19:22:28Z

Description

Add information about configuring read/write access and grant permission for etcd auth.

Motivation and Context

#2184

Review Instructions

This feels like it might be a little thin. Am I missing some details in my explanation?

Also, I want to make sure I added this in the best place in the docs.

content/sensu-go/5.18/guides/clustering.md

cwjohnston

Sorry this has lingered so long. I spent some time testing this myself and found a few things I think we should add.

cwjohnston · 2020-06-05T01:13:06Z

content/sensu-go/5.18/guides/clustering.md

-To start etcd for `backend-1` based on the [three-node configuration example][19]:
+To initialize a backend that uses etcd authentication, configure read and write access to the `/sensu.io/` key space for your users:
+{{< highlight shell >}}
+/opt/etcd/etcdctl role grant-permission sensu_readwrite readwrite --from-key '/sensu.io/'


Suggested change

/opt/etcd/etcdctl role grant-permission sensu_readwrite readwrite --from-key '/sensu.io/'

# Add the sensu user, you'll be prompted for the password interactively

etcdctl user add sensu

# Create a role

etcdctl role add sensu_readwrite

# Give that role permission to read and write under the /sensu.io/ keyspace

etcdctl role grant-permission sensu_readwrite readwrite --from-key '/sensu.io/'

# Grant the sensu user the role

etcdctl user grant-role sensu sensu_readwrite

I found additional steps necessary here.

This will need .initialized still too. I just built a new cluster and it failed to init without having access to that key.

@tarcinil do you mean we need to incorporate http://localhost:1313/sensu-go/5.20/installation/install-sensu/#3-initialize by reference? Or do you mean something else?

content/sensu-go/5.18/guides/clustering.md

Co-authored-by: Cameron Johnston <cameron@sensu.io>

content/sensu-go/5.18/guides/clustering.md

Co-authored-by: Cameron Johnston <cameron@sensu.io>

hillaryfraley · 2020-10-20T14:19:33Z

Closed in favor of #2792

Add initialize key grant info for external etcd in cluster guide

1885e87

hillaryfraley added the update Add to or refresh existing info label Feb 25, 2020

hillaryfraley requested a review from a team February 25, 2020 19:22

hillaryfraley self-assigned this Feb 25, 2020

cwjohnston temporarily deployed to sensu-docs-initialize-e-jgn5qq February 25, 2020 19:22 Inactive

hillaryfraley changed the title ~~Add initialize key grant info for external etcd in cluster guide~~ Add read/write and grant config info for external etcd in cluster guide Feb 25, 2020

hillaryfraley added the content review ready Needs content or first-pass review label Feb 25, 2020

tarcinil reviewed Feb 25, 2020

View reviewed changes

content/sensu-go/5.18/guides/clustering.md Outdated Show resolved Hide resolved

tarcinil reviewed Feb 25, 2020

View reviewed changes

content/sensu-go/5.18/guides/clustering.md Outdated Show resolved Hide resolved

tarcinil reviewed Feb 25, 2020

View reviewed changes

content/sensu-go/5.18/guides/clustering.md Show resolved Hide resolved

Merge branch 'master' into initialize-etcd

1f3aa86

hillaryfraley temporarily deployed to sensu-docs-initialize-e-jgn5qq February 25, 2020 21:03 Inactive

hillaryfraley commented Feb 25, 2020

View reviewed changes