etcd fails if peerRequireSSL is false and requireSSL is true

[angelachin]

When deploying cf-release v270 using cf-networking-release's generate-bosh-lite-manifests, the deploy failed with the following error:

2017-08-15 23:29:52.399095 C | etcdmain: advertise URLs of "etcd-z1-0" do not match in --initial-advertise-peer-urls [https://etcd-z1-0.cf-etcd.service.cf.internal:7001] and --initial-cluster [http://etcd-z1-0.cf-etcd.service.cf.internal:7001]

This is because in etcdfab, the initial-advertise-peer-urls is set to https if either peerRequireSSL or requireSSL is set to true while initial-cluster is set to https only if peerRequireSSL is set to true. This means a deploy will fail if peerRequireSSL is set to false while requireSSL is set to true.

[cf-gitbot]

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/150281340

The labels on this github issue will be updated when the story is started.

[genevieve]

cf-release v270 uses etcd-release v104.

This has been fixed in later versions of etcd-release and may be in future versions of cf-release.