[!TIP]
Alma部署etcd集群并开启ssl认证转载请注明出处:https://janrs.com
Alma版本为8.6
Etcd版本为3.5.5
Alma 部署 etcd 集群
[!NOTE]
采用的是方式是二进制部署方式
工作目录为:/var/lib/etcd/
数据存放目录为:/data/etcd/
配置文件位置为:/etc/etcd/etcd.conf
集群部署方式为:static。 其他部署还有etcd discovery以及DNS discovery
1.创建目录
[!NOTE]
每台服务器都要创建
mkdir /var/lib/etcd/ &&
mkdir -p /data/etcd/2.下载 etcd
[!NOTE]
每台etcd服务器都要下载安装
下载对应硬件架构的 etcd 二进制文件
cd home && \
wget https://github.com/etcd-io/etcd/releases/download/v3.5.5/etcd-v3.5.5-linux-amd64.tar.gz解压
tar etcd-v3.5.5-linux-amd64.tar.gz复制命令到 /usr/local/bin/
cp etcd etcdctl etcdutl /usr/local/bin/3.创建 etcd.conf
[!NOTE]
etcd.conf配置文件位置为/etc/etcd/etcd.conf
在每台服务器都要创建etcd.conf,把ip地址修改为对应的服务器地址
目录/etc/etcd/已经在 创建ssl证书的时候创建
3-1.在 etcd-01 服务器创建
cat > /etc/etcd/etcd.conf <<EOF
ETCD_NAME=etcd-01
ETCD_DATA_DIR="/data/etcd/"
ETCD_LISTEN_CLIENT_URLS="https://172.16.222.251:2379,https://127.0.0.1:2379"
ETCD_LISTEN_PEER_URLS="https://172.16.222.251:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.222.251:2380"
ETCD_INITIAL_CLUSTER="etcd-01=https://172.16.222.251:2380,etcd-02=https://172.16.222.252:2380,etcd-03=https://172.16.222.253:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.222.251:2379"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-server.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-server-key.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-peer.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-peer-key.pem"
EOF3-2.在 etcd-02 服务器创建
cat > /etc/etcd/etcd.conf <<EOF
ETCD_NAME=etcd-02
ETCD_DATA_DIR="/data/etcd/"
ETCD_LISTEN_CLIENT_URLS="https://172.16.222.252:2379,https://127.0.0.1:2379"
ETCD_LISTEN_PEER_URLS="https://172.16.222.252:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.222.252:2380"
ETCD_INITIAL_CLUSTER="etcd-01=https://172.16.222.251:2380,etcd-02=https://172.16.222.252:2380,etcd-03=https://172.16.222.253:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.222.252:2379"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-server.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-server-key.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-peer.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-peer-key.pem"
EOF3-3.在 etcd-03 服务器创建
cat > /etc/etcd/etcd.conf <<EOF
ETCD_NAME=etcd-03
ETCD_DATA_DIR="/data/etcd/"
ETCD_LISTEN_CLIENT_URLS="https://172.16.222.253:2379,https://127.0.0.1:2379"
ETCD_LISTEN_PEER_URLS="https://172.16.222.253:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.222.253:2380"
ETCD_INITIAL_CLUSTER="etcd-01=https://172.16.222.251:2380,etcd-02=https://172.16.222.252:2380,etcd-03=https://172.16.222.253:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.222.253:2379"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-server.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-server-key.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-peer.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-peer-key.pem"
EOF4.创建启动服务
[!NOTE]
在每台服务器都创建
cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
[Service]
Type=simple
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/etc/etcd/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/local/bin/etcd"
Type=notify
[Install]
WantedBy=multi-user.target
EOF5.启动服务
[!NOTE]
在每台服务器执行
由于是部署集群而不是单节点部署,所以要打开三个ssh标签都连接到服务器并且尽可能同时执行启动
因为每个服务都会在一定时间内监听其他服务的状态把集群节点加入进来
systemctl start etcd && \
systemctl enable etcd6.检查状态
检查健康状态
etcdctl --cacert=/etc/etcd/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd-peer.pem \
--key=/etc/etcd/ssl/etcd-peer-key.pem \
--endpoints="https://172.16.222.251:2379,https://172.16.222.252:2379,https://172.16.222.253:2379" \
endpoint health --write-out="table"显示。可以看到 HEALTH 状态为 true
+-----------------------------+--------+--------------+-------+
| ENDPOINT | HEALTH | TOOK | ERROR |
+-----------------------------+--------+--------------+-------+
| https://172.16.222.251:2379 | true | 87.487725ms | |
| https://172.16.222.253:2379 | true | 94.307218ms | |
| https://172.16.222.252:2379 | true | 101.805089ms | |
+-----------------------------+--------+--------------+-------+查看成员列表
etcdctl --cacert=/etc/etcd/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd-peer.pem \
--key=/etc/etcd/ssl/etcd-peer-key.pem \
--endpoints="https://172.16.222.251:2379,https://172.16.222.252:2379,https://172.16.222.253:2379" \
member list --write-out="table"显示
+------------------+---------+---------+-----------------------------+-----------------------------+------------+
| ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER |
+------------------+---------+---------+-----------------------------+-----------------------------+------------+
| 8933da549f2df9c1 | started | etcd-03 | https://172.16.222.253:2380 | https://172.16.222.253:2379 | false |
| e183d05eac83e8f9 | started | etcd-02 | https://172.16.222.252:2380 | https://172.16.222.252:2379 | false |
| e50946ec693869c1 | started | etcd-01 | https://172.16.222.251:2380 | https://172.16.222.251:2379 | false |
+------------------+---------+---------+-----------------------------+-----------------------------+------------+7.其他操作
停止服务
systemctl stop etcd && \
systemctl disable etcd && \
systemctl daemon-reload如果重启报错需要删除旧的数据
rm -rvf /data/etcd/* && rm -rvf /var/lib/etcd/*删除 ssl 证书
rm -rvf /etc/etcd/ssl/*删除配置文件
rm -rvf /etc/etcd/etcd.conf
发表回复