集群-etcd
主要参考kubernetes高可用集群安装(二进制安装、v1.20.2版)
创建etcd角色
1.创建相关文件夹
mkdir roles/etcd/{files,handlers,tasks,templates}
2.编写task文件
vim roles/etcd/tasks/main.yaml
---
# main.yaml主要是etcd角色的入口,文件的顺序就是ansible执行的顺序
- include: user.yaml
- include: software.yaml
- include: config.yaml
- include: system_config.yaml
- include: service.yaml
#----------------------------------------------------------------------------------
vim roles/etcd/tasks/user.yaml
---
# 此文件主要是创建etcd用户和组,为了etcd服务做准备,为了系统安全尽量使用普通用户启动
# add etcd user and group
- name: add group etcd
group: name=etcd system=yes state=present
- name: add user etcd
user: name=etcd system=yes group=etcd create_home=no shell=/sbin/nologin state=present
#----------------------------------------------------------------------------------
vim roles/etcd/tasks/software.yaml
---
# 将etcd软件传到远程主机上,并在进行软连接,方便以后升级
# 创建etcd的工作目录,并赋权
# Install software
- name: copy software
unarchive:
src: /root/etcd-v3.4.15-linux-amd64.tar
dest: /usr/local/bin
- name: Creating a soft connection
file: src=/usr/local/bin/etcd-v3.4.15-linux-amd64 dest=/usr/local/bin/etcd state=link force=yes
- name: create etcd workdirectory
file: path=/var/lib/etcd/ state=directory group=etcd owner=etcd
#----------------------------------------------------------------------------------
vim roles/etcd/tasks/config.yaml
---
# 在远程主机上创建etcd的配置目录和数据目录,并赋权
# 将配置文件上传远程主机
# sotfware configuration
- name: create etcd directory
file:
path=/etc/etcd state=directory group=etcd owner=etcd recurse=yes
path=/etc/etcd/ssl state=directory group=etcd owner=etcd recurse=yes
path=/var/lib/etcd state=directory group=etcd owner=etcd recurse=yes
path=/data/etcd state=directory group=etcd owner=etcd recurse=yes
- name: copy etcd conf
template: src=etcd.conf.j2 dest=/etc/etcd/etcd.conf
- name: copy ssl
copy: src=ssl/ dest=/etc/etcd/ssl
notify: restart etcd service # 当配置文件重新上传后重启etcd服务
#----------------------------------------------------------------------------------
---
# 编写etcd的system服务文件,方便启动etcd服务
# Software system configuration
- name: system config
copy: src=etcd.service dest=/usr/lib/systemd/system/etcd.service
- name: restart system config
shell: systemctl daemon-reload
#----------------------------------------------------------------------------------
---
# 启动etcd服务
# start etcd service
- name: Start Service
service: name=etcd state=started
编写handlers文件
vim roles/etcd/handlers/main.yaml
---
# 与congfig.yaml文件中的notify组成触发器
# restart etcd service
- name: restart etcd service
service: name=etcd state=restarted
3.编写Tamplate模板
#[Member]
ETCD_NAME="{{ ansible_nodename }}" # 主机名为节点名称
ETCD_DATA_DIR="/data/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://{{ ansible_default_ipv4['address'] }}:2380"# 通过ansible的setup的模块获取IP
ETCD_LISTEN_CLIENT_URLS="https://{{ ansible_default_ipv4['address'] }}:2379,http://127.0.0.1:2379" # 同上
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://{{ ansible_default_ipv4['address'] }}:2380" # 同上
ETCD_ADVERTISE_CLIENT_URLS="https://{{ ansible_default_ipv4['address'] }}:2379" # 同上
ETCD_INITIAL_CLUSTER="test01=https://192.168.122.190:2380,test02=https://192.168.122.170:2380,"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
4.生成ssl证书
参考kubernetes高可用集群安装(二进制安装、v1.20.2版)ssl证书生成
5.编写etcd角色的文件
---
- hosts: test
remote_user: root
roles:
- etcd
# 启动etcd角色
ansible-playbook role_etcd.yaml
这是本人第一次写博客,有不足请各位大佬指点,谢谢