ETCD集群初始化及开启身份验证

etcd集群初始化及开启身份验证

各节点信息

主机名	ip	角色
etcd-1	172.17.43.1	etcd-1
etcd-2	172.17.43.2	etcd-2
etcd-3	172.17.43.3	etcd-3

• 安装etcd（各节点执行）
  官网下载链接

ETCD_VER=v3.5.7

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version

• 初始化集群

有两种方式可以启动集群，一种是通过yml文件启动，一种是通过命令行启动

1. yml方式启动
etcd-1

name: etcd-cluster-1
listen-peer-urls: http://172.17.43.1:2380
listen-client-urls: http://172.17.43.1:2379,http://127.0.0.1:2379
advertise-client-urls: http://etcd-1:2379
initial-advertise-peer-urls: http://etcd-cluster-1:2380
initial-cluster: etcd-1=http://172.17.43.1:2380,etcd-2=http://172.17.43.2:2380,etcd-3=http://172.17.43.3:2380
initial-cluster-state: new
initial-cluster-token: etcd-cluster

etcd-2

name: etcd-cluster-2
listen-peer-urls: http://172.17.43.2:2380
listen-client-urls: http://172.17.43.2:2379,http://127.0.0.1:2379
advertise-client-urls: http://etcd-2:2379
initial-advertise-peer-urls: http://etcd-cluster-2:2380
initial-cluster: etcd-1=http://172.17.43.1:2380,etcd-2=http://172.17.43.2:2380,etcd-3=http://172.17.43.3:2380
initial-cluster-state: new
initial-cluster-token: etcd-cluster

etcd-3

name: etcd-cluster-3
listen-peer-urls: http://172.17.43.3:2380
listen-client-urls: http://172.17.43.3:2379,http://127.0.0.1:2379
advertise-client-urls: http://etcd-3:2379
initial-advertise-peer-urls: http://etcd-cluster-3:2380
initial-cluster: etcd-1=http://172.17.43.1:2380,etcd-2=http://172.17.43.2:2380,etcd-3=http://172.17.43.3:2380
initial-cluster-state: new
initial-cluster-token: etcd-cluster

编辑好配置文件后用下面的命令再各个主机依次启动

nohup etcd --config-file=etcd-1.yml &
nohup etcd --config-file=etcd-2.yml &
nohup etcd --config-file=etcd-3.yml &

2. 命令行方式启动
请参考官方例子，这里不再赘述
https://etcd.io/docs/v3.5/op-guide/clustering/#static

• 开启身份验证

root用户自带所有权限，因此只需创建该用户，开启认证即有所有权限。

创建root用户

etcdctl --endpoints http://172.17.43.1:2379,http://172.17.43.2:2379,http://172.17.43.3:2379 user add root

随后根据提示设置密码即可
开启身份验证

etcdctl --endpoints http://172.17.43.1:2379,http://172.17.43.2:2379,http://172.17.43.3:2379 auth enable

测试（使用用户）

# 设置
etcdctl  --user='root' --password='root' put name "jinyangh"
# 获取
etcdctl  --user='root' --password='root' get name
name
jinyangh

大功告成！