From ebd71d3f370217ab1d54c9ff729ffca75f856186 Mon Sep 17 00:00:00 2001
From: John Morris <john@zultron.com>
Date: Tue, 26 Jun 2018 00:37:07 -0500
Subject: [PATCH] Back etcd3 version down to 3.1.5

In etcd bug 8445, they explain that certs need a domain name as well
as a hostname in the DNS SAN when using SRV records for cluster
discovery.

This would be more elegantly fixed by doing that, of course.  Should
be easy with cfssl, but unknown if FreeIPA will allow it.

https://github.com/coreos/etcd/pull/8445
---
 .../templates/container_linux_config.yaml.j2                   | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/playbooks/roles/coreos-ignition-config/templates/container_linux_config.yaml.j2 b/playbooks/roles/coreos-ignition-config/templates/container_linux_config.yaml.j2
index c8d6036..4e4ca9c 100644
--- a/playbooks/roles/coreos-ignition-config/templates/container_linux_config.yaml.j2
+++ b/playbooks/roles/coreos-ignition-config/templates/container_linux_config.yaml.j2
@@ -11,6 +11,9 @@
 etcd:
   # https://coreos.com/etcd/docs/latest/op-guide/runtime-configuration.html
   #
+  # 3.3.3 doesn't work; requirements explained here:
+  # https://github.com/coreos/etcd/pull/8651#issuecomment-342979191
+  version: 3.1.5
   # Member name
   name: {{hostname}}
   # URLs to listen on for peer and client traffic