etcd集群安装

最新推荐文章于 2024-03-24 15:37:35 发布
最新推荐文章于 2024-03-24 15:37:35 发布
阅读量395 收藏 2
点赞数
文章标签: etcd linux
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_41499882/article/details/125876123
版权
  • 环境信息
ipIS LEADER
10.240.13.187true
10.240.13.137false
10.240.13.66false
  • 安装证书工具
curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl_1.5.0_linux_amd64 -o cfssl
curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssljson_1.5.0_linux_amd64 -o cfssljson
curl -L https://github.com/cloudflare/cfssl/releases/download/v1.5.0/cfssl-certinfo_1.5.0_linux_amd64 -o cfssl-certinfo
chmod +x cfssl-certinfo cfssl cfssljson
mv cfssl-certinfo cfssl cfssljson /usr/local/bin
  • 创建证书目录
mkdir /usr/local/src/ssl -p
cd /usr/local/src/ssl
  • 配置ca
cat << EOF | tee ca-config.json
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "etcd": {
         "expiry": "876000h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF
  • ca证书
cat << EOF | tee ca-csr.json
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {	
            "O": "etcd",
            "OU": "etcd Security",
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF
  • 生成ca证书
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
  • etcd证书配置
cat << EOF | tee server-csr.json
{
    "CN": "etcd",
    "hosts": [
	"127.0.0.1",
    "10.240.13.187",
    "10.240.13.66",
	"10.240.13.137"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "O": "etcd",
            "OU": "etcd Security",
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF
  • 生成etcd证书
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare server
  • 证书如下
总用量 36
-rw-r----- 1 etcd etcd  290 630 09:48 ca-config.json
-rw-r----- 1 etcd etcd 1009 630 09:48 ca.csr
-rw-r----- 1 etcd etcd  269 630 09:48 ca-csr.json
-rw------- 1 etcd etcd 1679 630 09:48 ca-key.pem
-rw-r----- 1 etcd etcd 1371 630 09:48 ca.pem
-rw-r----- 1 etcd etcd 1074 630 09:48 server.csr
-rw-r----- 1 etcd etcd  358 630 09:48 server-csr.json
-rw------- 1 etcd etcd 1679 630 09:48 server-key.pem
-rw-r----- 1 etcd etcd 1456 630 09:48 server.pem
  • 下载etcd安装包
https://github.com/etcd-io/etcd/releases/
  • 上传etcd-v3.5.4-linux-amd64.tar.gz到/usr/local/src下
  • 解压安装包
cd /usr/local/src
tar -zxvf etcd-v3.5.4-linux-amd64.tar.gz
mv etcd-v3.5.4-linux-amd64 /usr/local/etcd
  • 将etcd证书拷贝到etcd目录下
mv /usr/local/src/ssl /usr/local/etcd
  • etcd01配置文件
[root@10-240-13-187 etcd]# cat conf.yml 
name: etcd01 #节点名称 10.240.13.187是当前内网ip
data-dir: /usr/local/etcd/data
initial-advertise-peer-urls: https://10.240.13.187:2380
listen-peer-urls: https://10.240.13.187:2380
listen-client-urls: https://10.240.13.187:2379,https://127.0.0.1:2379
advertise-client-urls: https://10.240.13.187:2379
initial-cluster-token: shiajun-etcd-cluster
initial-cluster: etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd03=https://10.240.13.66:2380 #集群节点地址
client-transport-security:
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem  
  cert-file: /usr/local/etcd/ssl/server.pem 
  key-file: /usr/local/etcd/ssl/server-key.pem 
  client-cert-auth: true
  auto-tls: false
peer-transport-security:
  cert-file: /usr/local/etcd/ssl/server.pem  
  key-file: /usr/local/etcd/ssl/server-key.pem
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem 
  client-cert-auth: true
  auto-tls: false
  • etcd02配置文件
name: etcd02 #节点名称 10.240.13.137是当前内网ip
data-dir: /usr/local/etcd/data
initial-advertise-peer-urls: https://10.240.13.137:2380
listen-peer-urls: https://10.240.13.137:2380
listen-client-urls: https://10.240.13.137:2379,https://127.0.0.1:2379
advertise-client-urls: https://10.240.13.137:2379
initial-cluster-token: shiajun-etcd-cluster
initial-cluster: etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd03=https://10.240.13.66:2380 #集群节点地址
initial-cluster-state: new
client-transport-security:
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem
  cert-file: /usr/local/etcd/ssl/server.pem
  key-file: /usr/local/etcd/ssl/server-key.pem
  client-cert-auth: true
  auto-tls: false
peer-transport-security:
  cert-file: /usr/local/etcd/ssl/server.pem
  key-file: /usr/local/etcd/ssl/server-key.pem
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem
  client-cert-auth: true
  auto-tls: false
  • etcd03配置文件
[root@10-240-13-66 etcd]# cat conf.yml 
name: etcd03 #节点名称 10.240.13.66是当前内网ip
data-dir: /usr/local/etcd/data
initial-advertise-peer-urls: https://10.240.13.66:2380
listen-peer-urls: https://10.240.13.66:2380
listen-client-urls: https://10.240.13.66:2379,https://127.0.0.1:2379
advertise-client-urls: https://10.240.13.66:2379
initial-cluster-token: shiajun-etcd-cluster
initial-cluster: etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd03=https://10.240.13.66:2380 #集群节点地址
initial-cluster-state: existing
client-transport-security:
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem
  cert-file: /usr/local/etcd/ssl/server.pem
  key-file: /usr/local/etcd/ssl/server-key.pem
  client-cert-auth: true
  auto-tls: false
peer-transport-security:
  cert-file: /usr/local/etcd/ssl/server.pem
  key-file: /usr/local/etcd/ssl/server-key.pem
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem
  client-cert-auth: true
  auto-tls: false
  • 配置etcd启动项
[Unit]
Description=etcd
After=network.target

[Service]
Type=notify
User=root
Group=root
WorkingDirectory=/usr/local/etcd/
EnvironmentFile=/usr/local/etcd/conf.yml
ExecStart=/usr/local/etcd/etcd --config-file=/usr/local/etcd/conf.yml
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
  • 创建etcd用户并授权
groupadd etcd
useradd etcd -g etcd -d /usr/local/etcd -s /sbin/nologin
  • 三节点同时启动etcd
systemctl start etcd
systemctl status etcd
systemctl enable etcd
  • 集群命令
#查看集群状态
./etcdctl  -w table  --endpoints="http://10.240.13.137:2380,http://10.240.13.187:2380" endpoint status --cluster
#查看集群状态带证书
./etcdctl  -w table --cacert=./ssl/ca.pem --cert=./ssl/server.pem --key=./ssl/server-key.pem endpoint status --cluster
#查看成员状态
./etcdctl  -w table -cacert=./ssl/ca.pem --cert=./ssl/server.pem --key=./ssl/server-key.pem --endpoints="https://10.240.13.137:2380,https://10.240.13.187:2380,https://10.240.13.66:2380" member list
#查看节点状态
./etcdctl  -w table -cacert=./ssl/ca.pem --cert=./ssl/server.pem --key=./ssl/server-key.pem --endpoints="https://10.240.13.137:2380,https://10.240.13.187:2380,https://10.240.13.66:2380" endpoint health
  • 数据备份
#备份etcd数据
./etcdctl snapshot save ./etcd-snapshot-`date +%Y%m%d.db`
  • 数据恢复
恢复ectd01数据
./etcdctl  snapshot  restore etcd-snapshot-20220629.db \
--name=etcd01 \
--initial-cluster=etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd02=https://10.240.13.66:2380 \
--initial-cluster-token=shiajun-etcd-cluster \
--initial-advertise-peer-urls=https://10.240.13.187:2380 \
--data-dir=/usr/local/etcd/data

恢复ectd02数据
./etcdctl  snapshot  restore etcd-snapshot-20220629.db \
--name=etcd02 \
--initial-cluster=etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd02=https://10.240.13.66:2380 \
--initial-cluster-token=shiajun-etcd-cluster \
--initial-advertise-peer-urls=https://10.240.13.137:2380 \
--data-dir=/usr/local/etcd/data

恢复ectd03数据
./etcdctl  snapshot  restore etcd-snapshot-20220629.db \
--name=etcd03 \
--initial-cluster=etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd02=https://10.240.13.66:2380 \
--initial-cluster-token=shiajun-etcd-cluster \
--initial-advertise-peer-urls=https://10.240.13.66:2380 \
--data-dir=/usr/local/etcd/data
  • etcd新增节点
#主节点执行
./etcdctl -cacert=./ssl/ca.pem --cert=./ssl/server.pem --key=./ssl/server-key.pem  member add etcd04 --peer-urls="https://10.240.13.67:2380"
#新增节点
name: etcd04 #节点名称 10.240.13.67是当前内网ip
  • etcd04配置
[root@10-240-13-67 etcd]# cat conf.yml 
name: etcd04 #节点名称 10.240.13.67是当前内网ip
data-dir: /usr/local/etcd/data
initial-advertise-peer-urls: https://10.240.13.67:2380
listen-peer-urls: https://10.240.13.67:2380
listen-client-urls: https://10.240.13.67:2379,https://127.0.0.1:2379
advertise-client-urls: https://10.240.13.67:2379
initial-cluster-token: shiajun-etcd-cluster
initial-cluster: etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd03=https://10.240.13.66:2380,etcd04=https://10.240.13.67:2380 #集群节点地址
initial-cluster-state: existing
client-transport-security:
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem
  cert-file: /usr/local/etcd/ssl/server.pem
  key-file: /usr/local/etcd/ssl/server-key.pem
  client-cert-auth: true
  auto-tls: false
peer-transport-security:
  cert-file: /usr/local/etcd/ssl/server.pem
  key-file: /usr/local/etcd/ssl/server-key.pem
  trusted-ca-file: /usr/local/etcd/ssl/ca.pem
  client-cert-auth: true
  auto-tls: false
  • 启动etcd04
systemctl start etcd
systemctl status etcd
systemctl enable etcd
  • 其他三节点加入etcd04节点
initial-cluster: etcd01=https://10.240.13.187:2380,etcd02=https://10.240.13.137:2380,etcd03=https://10.240.13.66:2380,etcd04=https://10.240.13.67:2380 #集群节点地址
  • 其他三节点重启etcd
systemctl restart etcd
mrhan5199
关注
  • 0
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
ansible-role-etcd安装etcd集群的角色
01-31
ansible-role-etcd安装etcd集群的角色
Docker搭建etcd集群
02-25
1.主机安装2.集群搭建3.API操作4.API说明和etcdctl命令说明etcd是CoreOS团队发起的一个开源项目(Go语言,其实很多这类项目都是Go语言实现的,只能说很强大),实现了分布式键值存储和服务发现,etcd和ZooKeeper/Consul非常相似,都提供了类似的功能,以及RESTAPI的访问操作,具有以下特点:1.简单:安装和使用简单,提供了RESTAPI进行操作交互2.安全:支持HTTPSSSL证书3.快速:支持并发10k/s的读写操作4.可靠:采用raft算法,实现分布式系统数据的可用性和一致性etcd可以单个实例使用,也可以进行集群配置,因为很多项目都是以etcd作为
LinuxETCD安装、配置、命令
最新发布
qq_50512645的博客
03-24 2222
介绍etcd的概念。linux实操安装etcd以及一些常用命令
etcd 集群安装
liu22985342的专栏
11-17 427
etcd集群搭建 下载二进制软件包 https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz 解压 tar -zxvf etcd-v3.3.10-linux-amd64.tar.gz 将两个执行文件复制到/usr/bin/ etcdetcdctl文件复制到/usr/b...
etcd-01.etcd集群安装
我是菜鸟
06-27 486
简介 etcd作为一个分布式的key-value存储仓库,在分布式集群的机器中提供了一个可靠的途径来访问仓库中的数据。它是开源的并且可以在github上获取到。ETCD优雅地处理网络分区中的leader选举,并容忍机器故障,包括leader。 你的应用程序可以对etcd中的数据读写。一个简单的例子就是可以将数据库链接作为key-value的存储形式存储在etcd中。这些值可以被监听,允许你的应...
etcd集群部署安装
qq_42048263的博客
03-18 929
在每个节点上创建etcd的system unit文件/usr/lib/systemd/system/etcd.service,注意替换ETCD_NAME和INTERNAL_IP变量的值。注意上面配置 hosts 字段中制定授权使用该证书的 IP 和域名列表,因为现在要生成的证书需要被 etcd 集群各个节点使用,所以这里指定了各个节点的 IP 和 hostname。signing表示此CA证书可以用于签名其他证书,ca.pem中的CA=TRUE。利用cfssl生成etcd所需的相关证书。
k8s二进制安装文档--etcd集群配置.txt
07-27
k8s二进制安装文档--etcd集群配置.txt
etcd:安装ETCD集群的角色
05-28
角色名称 ... 要求 Ansible本身或角色未涵盖的任何前提条件都应在此处提及。 例如,如果角色使用EC2模块,则在本节中提到需要boto软件包可能是个好主意。 角色变量 此角色的可设置变量的描述应在此处,包括defaults / ...
k8s etcd 集群配置安装
weixin_30781433的博客
05-18 1309
还是接着上面的博客 继续写   里面使用到的证书签发方法在https://www.cnblogs.com/S--S/p/10885952.html直接找 etcd签发证书那部分既可以完成以下的操作   准备三台主机如下:   192.168.1.71   192.168.1.72   192.168.1.73   3台主机分别执行下面的命令 step1:   yum insta...
ETCD集群安装详细步骤
会哭的雨@的博客
10-18 2066
安装注意事项声明: 1.注意事项--环境变量指定了,启动文件的就不要指定了,会报错 2.etcd启动参数部分不支持域名,否则必须用外部DNS动态解析 3.对等证书 https://blog.csdn.net/xiaozhiit/article/details/108304488 4.动态发现,解决问题 https://www.cnblogs.com/winstom/p/11811373.html#%E9%9D%99%E6%80%81%E9%9B%86%E7%BE%A4 5.集群k8
ETCD-01_etcd集群安装配置
潇洒哥的运维之道
11-03 1406
一、目标 在centos7.6上安装配置etcd集群 二、架构 ETCD集群3个节点的架构 ip hostname os & module Cluster Name 10.1.1.5 etcd5 centos 7.6 etcd-v3.3.2-linux-amd64 etcd-1 10.1.1.6 etcd6 centos 7.6 etcd-v3.3.2-linux-amd64 etcd-2 10.1.1.7 etcd..
K8S安装过程六:etcd 集群安装
架构师实战感悟
11-28 1046
kubernetes。etcd 集群安装部署
Kubernetes集群部署教程-ETCD集群部署
guting18893110463的博客
04-10 1041
Etcd 是一个分布式键值存储系统,Kubernetes使用Etcd进行数据存储,所以先准备一个Etcd数据库,为解决Etcd单点故障,应采用集群方式部署
etcd集群安装配置文档
zhangdd的博客
03-31 295
ETC集群配置 yum install etcd 安装   etcd每台安装步骤都一样,所以etcd2、etcd3都以etcd1步骤一样   安装只需一条命令即可:   yum -y install etcd 修改配置文件 ETCD_DATA_DIR="/var/lib/etcd/etcd01" ETCD_LISTEN_PEER_URLS="http://192.168.15...
Kubernetes后台数据库etcd安装部署etcd集群,数据备份与恢复
Vic的博客
10-28 908
etcd 是兼顾一致性与高可用性的键值对数据库,可以作为保存 Kubernetes 所有集群数据的后台数据库。保持 etcd 集群的稳定对 Kubernetes 集群的稳定性至关重要。etcd是使用Go语言开发的一个开源的、高可用的分布式key-value存储系统,可以用于配置共享和服务的注册和发现。类似项目有zookeeper和consul。完全复制:集群中的每个节点都可以使用完整的存档高可用性:Etcd可用于避免硬件的单点故障或网络问题一致性:每次读取都会返回跨多主机的最新写入。
etcd集群搭建部署
08-17
在搭建etcd集群之前,可以通过已有的etcd集群来辅助搭建新的集群,其中一种方法是利用已有的etcd集群作为数据交互点,并使用服务发现机制来实现新集群的扩展。一个常见的方式是使用官方提供的discovery.etcd.io或DNS动态发现来实现服务发现。<span class="em">1</span><span class="em">2</span><span class="em">3</span> #### 引用[.reference_title] - *1* *2* *3* [微服务自动化之etcd集群搭建](https://blog.csdn.net/m0_53151031/article/details/123210711)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v92^chatsearchT3_1"}}] [.reference_item style="max-width: 100%"] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值