码迷,mamicode.com
首页 > 其他好文 > 详细

etcd 集群部署

时间:2018-04-18 00:55:41      阅读:221      评论:0      收藏:0      [点我收藏+]

标签:color   not   开源   amd   仓库   tis   export   https   daemon   

etcd 是coreos团队开发的分布式服务发现键值存储仓库,github地址: https://github.com/coreos/etcd

三个etcd节点:

  • node01 172.16.65.181
  • node02 172.16.65.182
  • node03 172.16.65.183

 

1、三个node节点hosts记录

cat <<EOF > /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.65.181 node01
172.16.65.182 node02
172.16.65.183 node03
EOF

2、在node01上配置SSH无密码访问

ssh-keygen  #一路回车即可
ssh-copy-id  node02
ssh-copy-id  node03

3、创建etcd证书

3.1 设置cfssl环境 (cloud flare推出开源的PKI工具箱CFSSL)

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
chmod +x cfssljson_linux-amd64
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
chmod +x cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
export PATH=/usr/local/bin:$PATH

3.2 创建CA配置文件

mkdir /root/ssl
cd /root/ssl
cat >  ca-config.json <<EOF
{
"signing": {
"default": {
  "expiry": "8760h"
},
"profiles": {
  "kubernetes-Soulmate": {
    "usages": [
        "signing",
        "key encipherment",
        "server auth",
        "client auth"
    ],
    "expiry": "8760h"
  }
}
}
}
EOF

cat >  ca-csr.json <<EOF
{
"CN": "kubernetes-Soulmate",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
  "C": "CN",
  "ST": "shanghai",
  "L": "shanghai",
  "O": "k8s",
  "OU": "System"
}
]
}
EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

cat > etcd-csr.json <<EOF
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "172.16.65.181",
    "172.16.65.182",
    "172.16.65.183"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "shanghai",
      "L": "shanghai",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=kubernetes-Soulmate etcd-csr.json | cfssljson -bare etcd

3.3 node01分发etcd证书到node02、node03上面

mkdir -p /etc/etcd/ssl
cp etcd.pem etcd-key.pem ca.pem /etc/etcd/ssl/
ssh -n node02 "mkdir -p /etc/etcd/ssl && exit"
ssh -n node03 "mkdir -p /etc/etcd/ssl && exit"
scp -r /etc/etcd/ssl/*.pem node02:/etc/etcd/ssl/
scp -r /etc/etcd/ssl/*.pem node03:/etc/etcd/ssl/

4、安装etcd

yum install etcd -y
mkdir -p /var/lib/etcd

5、编辑etcd配置文件

node01配置文件etcd.service

cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd   --name node01   --cert-file=/etc/etcd/ssl/etcd.pem   --key-file=/etc/etcd/ssl/etcd-key.pem   --peer-cert-file=/etc/etcd/ssl/etcd.pem   --peer-key-file=/etc/etcd/ssl/etcd-key.pem   --trusted-ca-file=/etc/etcd/ssl/ca.pem   --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem   --initial-advertise-peer-urls https://172.16.65.181:2380   --listen-peer-urls https://172.16.65.181:2380   --listen-client-urls https://172.16.65.181:2379,http://127.0.0.1:2379   --advertise-client-urls https://172.16.65.181:2379   --initial-cluster-token etcd-cluster-0   --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 \
  --initial-cluster-state new   --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

node02配置文件etcd.service

cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd   --name node02   --cert-file=/etc/etcd/ssl/etcd.pem   --key-file=/etc/etcd/ssl/etcd-key.pem   --peer-cert-file=/etc/etcd/ssl/etcd.pem   --peer-key-file=/etc/etcd/ssl/etcd-key.pem   --trusted-ca-file=/etc/etcd/ssl/ca.pem   --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem   --initial-advertise-peer-urls https://172.16.65.182:2380   --listen-peer-urls https://172.16.65.182:2380   --listen-client-urls https://172.16.65.182:2379,http://127.0.0.1:2379   --advertise-client-urls https://172.16.65.182:2379   --initial-cluster-token etcd-cluster-0   --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 \
  --initial-cluster-state new   --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

node03配置文件etcd.service

cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd   --name node03   --cert-file=/etc/etcd/ssl/etcd.pem   --key-file=/etc/etcd/ssl/etcd-key.pem   --peer-cert-file=/etc/etcd/ssl/etcd.pem   --peer-key-file=/etc/etcd/ssl/etcd-key.pem   --trusted-ca-file=/etc/etcd/ssl/ca.pem   --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem   --initial-advertise-peer-urls https://172.16.65.183:2380   --listen-peer-urls https://172.16.65.183:2380   --listen-client-urls https://172.16.65.183:2379,http://127.0.0.1:2379   --advertise-client-urls https://172.16.65.183:2379   --initial-cluster-token etcd-cluster-0 --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 \
  --initial-cluster-state new   --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

6、启动etcd集群

etc集群最少2个节点才能启动,启动报错看/var/log/mesages日志

在三个节点上运行

 systemctl daemon-reload
 systemctl enable etcd
 systemctl start etcd
 systemctl status etcd

在三个节点上运行,检查etcd cluster状态

[root@node01 ~]# etcdctl --endpoints=https://172.16.65.181:2379,https://172.16.65.182:2379,https://172.16.65.183:2379 \
> --ca-file=/etc/etcd/ssl/ca.pem \
> --cert-file=/etc/etcd/ssl/etcd.pem \
> --key-file=/etc/etcd/ssl/etcd-key.pem cluster-health
member 5a8035d253973b is healthy: got healthy result from https://172.16.65.181:2379
member 8514f670b8a71207 is healthy: got healthy result from https://172.16.65.183:2379
member c9b41f79b970ff94 is healthy: got healthy result from https://172.16.65.182:2379
cluster is healthy

 

etcd 集群部署

标签:color   not   开源   amd   仓库   tis   export   https   daemon   

原文地址:https://www.cnblogs.com/vincenshen/p/8870797.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!