I'm porting Tectonic Installer to DigitalOcean, and one issue I discovered just now is that the etcd-member service fails because /etc/ssl/etcd/client.crt is unreadable due to being only readable by the root user. The reason is that the Terraform configuration only chowns peer.* and server.* in that directory to etcd. I modeled this after the AWS implementation of Tectonic Installer.
My question is, why does Tectonic Installer for AWS not chown client certificates to etcd <https://github.com/coreos/tectonic-installer/commit/34db444369fbb4eb06a25f4a155147027bb0a3d6#diff-f955cb18790baeb714b182b33f01836eR51>? I found out that for the etcd-member service to work on DigitalOcean at least, also client certificates must be readable by the etcd user. Thanks, Arve
