ETCD包
https://github.com/etcd
默认端口2379、2380
1. 监听client请求的ip & port
listen-client-urls: http://127.0.0.1:2379
2. 该节点在集群内通信的ip & port
listen-peer-urls: http://127.0.0.1:2380
即使是单节点部署,这里也需要配置集群内的通信ip & port
单点部署
# This is the configuration file for the etcd server.
# Human-readable name for this member.
name: 'etcd-single-node'
# Path to the data directory.
data-dir: data
# Path to the dedicated wal directory.
wal-dir:
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 8589934592
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://127.0.0.1:2380
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://127.0.0.1:2379
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 3
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 3
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
#cors:
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
#initial-advertise-peer-urls: http://127.0.0.1:2380
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
#advertise-client-urls: http://127.0.0.1:2379
# Discovery URL used to bootstrap the cluster.
#discovery:
# Valid values include 'exit', 'proxy'
#discovery-fallback:'proxy'
# HTTP proxy to use for traffic to discovery service.
#discovery-proxy:
# DNS domain used to bootstrap initial cluster.
#discovery-srv:
# Initial cluster configuration for bootstrapping.
#initial-cluster: new_node=http://127.0.0.1:2380
# Initial cluster token for the etcd cluster during bootstrap.
#initial-cluster-token: 'etcd-token-online'
# Initial cluster state ('new' or 'existing').
#initial-cluster-state: 'existing'
# Reject reconfiguration requests that would cause quorum loss.
#strict-reconfig-check: true
# Accept etcd V2 client requests
enable-v2: true
# Enable runtime profiling data via HTTP server
#enable-pprof: false
# Valid values include 'on', 'readonly', 'off'
#proxy:'off'
# Time (in milliseconds) an endpoint will be held in a failed state.
#proxy-failure-wait: 5000
# Time (in milliseconds) of the endpoints refresh interval.
#proxy-refresh-interval: 30000
# Time (in milliseconds) for a dial to timeout.
#proxy-dial-timeout: 1000
# Time (in milliseconds) for a write to timeout.
#proxy-write-timeout: 5000
# Time (in milliseconds) for a read to timeout.
#proxy-read-timeout: 0
#client-transport-security:
# Path to the client server TLS cert file.
#cert-file:
# Path to the client server TLS key file.
#key-file:
# Enable client cert authentication.
#client-cert-auth: false
# Path to the client server TLS trusted CA cert file.
#trusted-ca-file:
# Client TLS using generated certificates
#auto-tls: false
#peer-transport-security:
# Path to the peer server TLS cert file.
#cert-file:
# Path to the peer server TLS key file.
#key-file:
# Enable peer client cert authentication.
#client-cert-auth: false
# Path to the peer server TLS trusted CA cert file.
#trusted-ca-file:
# Peer TLS using generated certificates.
#auto-tls:false
# Enable debug-level logging for etcd.
debug: false
logger: capnslog
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-outputs: [stderr]
# Configures log level. Only supports debug, info, warn, error, panic, or fatal.
log-level: info
# Force to create a new one member cluster.
force-new-cluster: false
# Interpret 'auto-compaction-retention' one of: 'periodic', 'revision'. 'periodic' for duration based retention,
# defaulting to hours if no time unit is provided (e.g. '5m'). 'revision' for revision number based retention.
#auto-compaction-mode: periodic
# end of etcd.conf
集群部署
集群部署需要修改几个conf项
1. 集群内宣告与其他节点通信ip、port
initial-advertise-peer-urls: http://127.0.0.1:2380
2. 集群内宣告与client通信的ip、port
advertise-client-urls: http://127.0.0.1:2379
3. 集群内其他节点的地址信息
initial-cluster: new_node=http://127.0.0.1:2380
4. 集群id
initial-cluster-token: 'etcd-token-online'
5. 集群状态,如果是新建则写new,其他识具体情况填写
initial-cluster-state: 'new'
6. 只有集群不可用时,强制启动单个节点,使用该参数
force-new-cluster: false
启动
nohup ./etcd --config-conf > etcd.log 2>&1 &
验证
bin/etcdctl --endpoints=http://$ip:$port member list
bin/etcdctl --endpoints=http://$ip:$port endpoint status -w=table
添加用户
#添加root
bin/etcdctl --endpoints=http://127.0.0.1:2379 user add root
#开启鉴权
bin/etcdctl --endpoints=http://127.0.0.1:2379 auth enable
#添加普通用户
bin/etcdctl --endpoints=http://127.0.0.1:2379 name_test:password
#添加角色
bin/etcdctl --endpoints=http://127.0.0.1:2379 --user=root:123456 role add normal
#角色授权
bin/etcdctl --endpoints=http://127.0.0.1:2379 role grant-permission --prefix=true normal readwrite /v1/api
#用户绑定角色
bin/etcdctl --endpoints http://127.0.0.1:2379 --user=root:123456 user grant-role name_test normal