diff --git a/roles/etcd/handlers/main.yml b/roles/etcd/handlers/main.yml
index 2575c25a4900f7cb4c9895d41e50bf0713518f00..d4af7f04942bcf0c7f9f0c8fea6c97b9f4d40b68 100644
--- a/roles/etcd/handlers/main.yml
+++ b/roles/etcd/handlers/main.yml
@@ -21,6 +21,8 @@
 - name: wait for etcd up
   uri:
     url: "https://{% if is_etcd_master %}{{ etcd_address }}{% else %}127.0.0.1{% endif %}:2379/health"
+    client_cert: "{{ etcd_cert_dir}}/admin-{{ groups['etcd'][0] }}.pem"
+    client_key: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
     validate_certs: no
   register: result
   until: result.status is defined and result.status == 200
diff --git a/roles/etcd/tasks/configure.yml b/roles/etcd/tasks/configure.yml
index 5f8756e71015344914438755817dd7e58156c6f1..2764e388b794865f84a4e13d21506cb0b18878fd 100644
--- a/roles/etcd/tasks/configure.yml
+++ b/roles/etcd/tasks/configure.yml
@@ -5,12 +5,11 @@
   ignore_errors: true
   changed_when: false
   check_mode: no
-  when: is_etcd_master
   tags:
     - facts
 
 - name: Configure | Add member to the cluster if it is not there
-  when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
+  when: etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
   shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}"
 
 - name: Install etcd launch script
@@ -27,5 +26,13 @@
     src: "etcd-{{ etcd_deployment_type }}.service.j2"
     dest: /etc/systemd/system/etcd.service
     backup: yes
-  when: is_etcd_master
   notify: restart etcd
+
+- name: Confugure | Set etcd data dir permissions
+  file:
+    path: "{{ etcd_data_dir }}"
+    owner: etcd
+    group: etcd
+    mode: 0700
+    state: directory
+    recurse: yes
diff --git a/roles/etcd/templates/etcd.env.j2 b/roles/etcd/templates/etcd.env.j2
index 00ac5d8449730ebf2769482b1ff3d2eb46ca8b0f..3056ff82b3f71af5ecb5d5bae79b043a5493e7f8 100644
--- a/roles/etcd/templates/etcd.env.j2
+++ b/roles/etcd/templates/etcd.env.j2
@@ -1,4 +1,5 @@
 ETCD_DATA_DIR={{ etcd_data_dir }}
+ETCD_WAL_DIR={{ etcd_data_dir }}/member/wal
 ETCD_ADVERTISE_CLIENT_URLS={{ etcd_client_url }}
 ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
 ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
@@ -22,3 +23,5 @@ ETCD_PEER_TRUSTED_CA_FILE={{ etcd_cert_dir }}/ca.pem
 ETCD_PEER_CERT_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}.pem
 ETCD_PEER_KEY_FILE={{ etcd_cert_dir }}/member-{{ inventory_hostname }}-key.pem
 ETCD_PEER_CLIENT_CERT_AUTH=true
+ETCD_CLIENT_CERT_AUTH=true
+
diff --git a/roles/network_plugin/calico/tasks/main.yml b/roles/network_plugin/calico/tasks/main.yml
index 3889e801cd9daccddc95f1906508e5156a7628ea..873a4698b6721040ad3802d9552bf231d6974b57 100644
--- a/roles/network_plugin/calico/tasks/main.yml
+++ b/roles/network_plugin/calico/tasks/main.yml
@@ -81,6 +81,8 @@
 - name: Calico | wait for etcd
   uri:
     url: https://localhost:2379/health
+    client_cert: "{{ etcd_cert_dir}}/admin-{{ groups['etcd'][0] }}.pem"
+    client_key: "{{ etcd_cert_dir }}/admin-{{ groups['etcd'][0] }}-key.pem"
     validate_certs: no
   register: result
   until: result.status == 200 or result.status == 401