1. get cert

#!/bin/bash

# set your env-custom variable
export NAME1=etcd1
export ADDRESS1=127.0.0.1,10.173.32.55,$NAME1

export NAME2=etcd2
export ADDRESS2=127.0.0.1,10.173.32.54,$NAME2

export NAME3=etcd3
export ADDRESS3=127.0.0.1,10.173.32.58,$NAME3

export CLIENT=etcd-client


# download cfssl if necessary
which cfssl
if [ $? -ne 0 ];then
   curl -s -L -o /usr/local/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
   curl -s -L -o /usr/local/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
   chmod +x /usr/local/bin/{cfssl,cfssljson}
fi

# generate self-signed certificate if necessary
 if [ -f ca.key -a -f ca.crt ];then
   echo "CA is already exist, skip"
 else
   openssl req -new -x509 -days 36500 -keyout ca.key -out ca.crt -nodes -subj "/C=CN/ST=ZheJiang/L=HZ/O=testca/OU=Cloud/CN=Etcd Cluster"
 fi

# generate server side certificate
echo '{"signing":{"default":{"expiry":"43800h","usages":["signing","key encipherment","server auth","client auth"]}}}' > ca-config.json

echo '{"CN":"'$NAME1'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.crt -ca-key=ca.key -hostname="$ADDRESS1" - | cfssljson -bare $NAME1

echo '{"CN":"'$NAME2'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.crt -ca-key=ca.key -hostname="$ADDRESS2" - | cfssljson -bare $NAME2

echo '{"CN":"'$NAME3'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.crt -ca-key=ca.key -hostname="$ADDRESS3" - | cfssljson -bare $NAME3

# generate client certificate
echo '{"CN":"'$CLIENT'","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -config=ca-config.json -ca=ca.crt -ca-key=ca.key -hostname=$CLIENT  - | cfssljson -bare $CLIENT