Janrs.com | 杨建勇
Janrs.com | 杨建勇

Alma8.6 部署ETCD集群教程02 - 部署etcd集群

[!TIP]
Alma 部署 etcd 集群并开启 ssl 认证

转载请注明出处:https://janrs.com


Alma版本为8.6
Etcd版本为3.5.5

Alma 部署 etcd 集群

[!NOTE]
采用的是方式是二进制部署方式
工作目录为:/var/lib/etcd/
数据存放目录为:/data/etcd/
配置文件位置为:/etc/etcd/etcd.conf
集群部署方式为: static。 其他部署还有 etcd discovery 以及 DNS discovery

1.创建目录

[!NOTE]
每台服务器都要创建

mkdir /var/lib/etcd/ &&
mkdir -p /data/etcd/

2.下载 etcd

[!NOTE]
每台 etcd 服务器都要下载安装

下载对应硬件架构的 etcd 二进制文件


cd home && \
wget https://github.com/etcd-io/etcd/releases/download/v3.5.5/etcd-v3.5.5-linux-amd64.tar.gz

解压

tar etcd-v3.5.5-linux-amd64.tar.gz

复制命令到 /usr/local/bin/

cp etcd etcdctl etcdutl /usr/local/bin/

3.创建 etcd.conf

[!NOTE]
etcd.conf 配置文件位置为 /etc/etcd/etcd.conf
在每台服务器都要创建 etcd.conf,把 ip 地址修改为对应的服务器地址
目录 /etc/etcd/ 已经在 创建 ssl 证书的时候创建

3-1.在 etcd-01 服务器创建

cat > /etc/etcd/etcd.conf <<EOF
ETCD_NAME=etcd-01
ETCD_DATA_DIR="/data/etcd/"

ETCD_LISTEN_CLIENT_URLS="https://172.16.222.251:2379,https://127.0.0.1:2379"
ETCD_LISTEN_PEER_URLS="https://172.16.222.251:2380"

ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.222.251:2380"
ETCD_INITIAL_CLUSTER="etcd-01=https://172.16.222.251:2380,etcd-02=https://172.16.222.252:2380,etcd-03=https://172.16.222.253:2380"

ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.222.251:2379"

ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-server.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-server-key.pem"

ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-peer.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-peer-key.pem"
EOF

3-2.在 etcd-02 服务器创建

cat > /etc/etcd/etcd.conf <<EOF
ETCD_NAME=etcd-02
ETCD_DATA_DIR="/data/etcd/"

ETCD_LISTEN_CLIENT_URLS="https://172.16.222.252:2379,https://127.0.0.1:2379"
ETCD_LISTEN_PEER_URLS="https://172.16.222.252:2380"

ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.222.252:2380"
ETCD_INITIAL_CLUSTER="etcd-01=https://172.16.222.251:2380,etcd-02=https://172.16.222.252:2380,etcd-03=https://172.16.222.253:2380"

ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.222.252:2379"

ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-server.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-server-key.pem"

ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-peer.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-peer-key.pem"
EOF

3-3.在 etcd-03 服务器创建

cat > /etc/etcd/etcd.conf <<EOF
ETCD_NAME=etcd-03
ETCD_DATA_DIR="/data/etcd/"

ETCD_LISTEN_CLIENT_URLS="https://172.16.222.253:2379,https://127.0.0.1:2379"
ETCD_LISTEN_PEER_URLS="https://172.16.222.253:2380"

ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.16.222.253:2380"
ETCD_INITIAL_CLUSTER="etcd-01=https://172.16.222.251:2380,etcd-02=https://172.16.222.252:2380,etcd-03=https://172.16.222.253:2380"

ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.16.222.253:2379"

ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_CERT_FILE="/etc/etcd/ssl/etcd-server.pem"
ETCD_KEY_FILE="/etc/etcd/ssl/etcd-server-key.pem"

ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/etcd/ssl/etcd-peer.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/ssl/etcd-peer-key.pem"
EOF

4.创建启动服务

[!NOTE]
在每台服务器都创建

cat > /usr/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=simple
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/etc/etcd/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/local/bin/etcd"
Type=notify

[Install]
WantedBy=multi-user.target
EOF

5.启动服务

[!NOTE]
在每台服务器执行
由于是部署集群而不是单节点部署,所以要打开三个 ssh 标签都连接到服务器并且尽可能同时执行启动
因为每个服务都会在一定时间内监听其他服务的状态把集群节点加入进来

systemctl start etcd && \
systemctl enable etcd

6.检查状态

检查健康状态

etcdctl --cacert=/etc/etcd/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd-peer.pem \
--key=/etc/etcd/ssl/etcd-peer-key.pem \
--endpoints="https://172.16.222.251:2379,https://172.16.222.252:2379,https://172.16.222.253:2379" \
endpoint health --write-out="table"

显示。可以看到 HEALTH 状态为 true

+-----------------------------+--------+--------------+-------+
|          ENDPOINT           | HEALTH |     TOOK     | ERROR |
+-----------------------------+--------+--------------+-------+
| https://172.16.222.251:2379 |   true |  87.487725ms |       |
| https://172.16.222.253:2379 |   true |  94.307218ms |       |
| https://172.16.222.252:2379 |   true | 101.805089ms |       |
+-----------------------------+--------+--------------+-------+

查看成员列表

etcdctl --cacert=/etc/etcd/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd-peer.pem \
--key=/etc/etcd/ssl/etcd-peer-key.pem \
--endpoints="https://172.16.222.251:2379,https://172.16.222.252:2379,https://172.16.222.253:2379" \
member list --write-out="table"

显示

+------------------+---------+---------+-----------------------------+-----------------------------+------------+
|        ID        | STATUS  |  NAME   |         PEER ADDRS          |        CLIENT ADDRS         | IS LEARNER |
+------------------+---------+---------+-----------------------------+-----------------------------+------------+
| 8933da549f2df9c1 | started | etcd-03 | https://172.16.222.253:2380 | https://172.16.222.253:2379 |      false |
| e183d05eac83e8f9 | started | etcd-02 | https://172.16.222.252:2380 | https://172.16.222.252:2379 |      false |
| e50946ec693869c1 | started | etcd-01 | https://172.16.222.251:2380 | https://172.16.222.251:2379 |      false |
+------------------+---------+---------+-----------------------------+-----------------------------+------------+

7.其他操作

停止服务

systemctl stop etcd && \
systemctl disable etcd && \
systemctl daemon-reload

如果重启报错需要删除旧的数据

rm -rvf /data/etcd/* && rm -rvf /var/lib/etcd/*

删除 ssl 证书

rm -rvf /etc/etcd/ssl/*

删除配置文件

rm -rvf /etc/etcd/etcd.conf

至此。etcd 集群部署完成。

如果你有任何问题,欢迎在底部留言。或者点击加入微信技术交流群 | 我的GitHub

码仔

文章作者

Janrs.com

发表回复

textsms
account_circle
email

Janrs.com | 杨建勇

Alma8.6 部署ETCD集群教程02 - 部署etcd集群
[!TIP] Alma 部署 etcd 集群并开启 ssl 认证 转载请注明出处:https://janrs.com Alma版本为8.6 Etcd版本为3.5.5 Alma 部署 etcd 集群 [!NOTE] 采用的是方式是二进制部署方式 工作目录…
扫描二维码继续阅读
2022-08-19