码迷,mamicode.com
首页 > 其他好文 > 详细

etcd 集群部署

时间:2018-04-18 00:55:41      阅读:221      评论:0      收藏:0      [点我收藏+]

标签:color   not   开源   amd   仓库   tis   export   https   daemon   

etcd 是coreos团队开发的分布式服务发现键值存储仓库,github地址: https://github.com/coreos/etcd

三个etcd节点:

  • node01 172.16.65.181
  • node02 172.16.65.182
  • node03 172.16.65.183

 

1、三个node节点hosts记录

cat <<EOF > /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.65.181 node01
172.16.65.182 node02
172.16.65.183 node03
EOF

2、在node01上配置SSH无密码访问

ssh-keygen  #一路回车即可
ssh-copy-id  node02
ssh-copy-id  node03

3、创建etcd证书

3.1 设置cfssl环境 (cloud flare推出开源的PKI工具箱CFSSL)

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
chmod +x cfssljson_linux-amd64
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
chmod +x cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
export PATH=/usr/local/bin:$PATH

3.2 创建CA配置文件

mkdir /root/ssl
cd /root/ssl
cat >  ca-config.json <<EOF
{
"signing": {
"default": {
  "expiry": "8760h"
},
"profiles": {
  "kubernetes-Soulmate": {
    "usages": [
        "signing",
        "key encipherment",
        "server auth",
        "client auth"
    ],
    "expiry": "8760h"
  }
}
}
}
EOF

cat >  ca-csr.json <<EOF
{
"CN": "kubernetes-Soulmate",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
  "C": "CN",
  "ST": "shanghai",
  "L": "shanghai",
  "O": "k8s",
  "OU": "System"
}
]
}
EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

cat > etcd-csr.json <<EOF
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "172.16.65.181",
    "172.16.65.182",
    "172.16.65.183"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "shanghai",
      "L": "shanghai",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem   -ca-key=ca-key.pem   -config=ca-config.json   -profile=kubernetes-Soulmate etcd-csr.json | cfssljson -bare etcd

3.3 node01分发etcd证书到node02、node03上面

mkdir -p /etc/etcd/ssl
cp etcd.pem etcd-key.pem ca.pem /etc/etcd/ssl/
ssh -n node02 "mkdir -p /etc/etcd/ssl && exit"
ssh -n node03 "mkdir -p /etc/etcd/ssl && exit"
scp -r /etc/etcd/ssl/*.pem node02:/etc/etcd/ssl/
scp -r /etc/etcd/ssl/*.pem node03:/etc/etcd/ssl/

4、安装etcd

yum install etcd -y
mkdir -p /var/lib/etcd

5、编辑etcd配置文件

node01配置文件etcd.service

cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd   --name node01   --cert-file=/etc/etcd/ssl/etcd.pem   --key-file=/etc/etcd/ssl/etcd-key.pem   --peer-cert-file=/etc/etcd/ssl/etcd.pem   --peer-key-file=/etc/etcd/ssl/etcd-key.pem   --trusted-ca-file=/etc/etcd/ssl/ca.pem   --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem   --initial-advertise-peer-urls https://172.16.65.181:2380   --listen-peer-urls https://172.16.65.181:2380   --listen-client-urls https://172.16.65.181:2379,http://127.0.0.1:2379   --advertise-client-urls https://172.16.65.181:2379   --initial-cluster-token etcd-cluster-0   --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 \
  --initial-cluster-state new   --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

node02配置文件etcd.service

cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd   --name node02   --cert-file=/etc/etcd/ssl/etcd.pem   --key-file=/etc/etcd/ssl/etcd-key.pem   --peer-cert-file=/etc/etcd/ssl/etcd.pem   --peer-key-file=/etc/etcd/ssl/etcd-key.pem   --trusted-ca-file=/etc/etcd/ssl/ca.pem   --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem   --initial-advertise-peer-urls https://172.16.65.182:2380   --listen-peer-urls https://172.16.65.182:2380   --listen-client-urls https://172.16.65.182:2379,http://127.0.0.1:2379   --advertise-client-urls https://172.16.65.182:2379   --initial-cluster-token etcd-cluster-0   --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 \
  --initial-cluster-state new   --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

node03配置文件etcd.service

cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd   --name node03   --cert-file=/etc/etcd/ssl/etcd.pem   --key-file=/etc/etcd/ssl/etcd-key.pem   --peer-cert-file=/etc/etcd/ssl/etcd.pem   --peer-key-file=/etc/etcd/ssl/etcd-key.pem   --trusted-ca-file=/etc/etcd/ssl/ca.pem   --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem   --initial-advertise-peer-urls https://172.16.65.183:2380   --listen-peer-urls https://172.16.65.183:2380   --listen-client-urls https://172.16.65.183:2379,http://127.0.0.1:2379   --advertise-client-urls https://172.16.65.183:2379   --initial-cluster-token etcd-cluster-0 --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 \
  --initial-cluster-state new   --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

6、启动etcd集群

etc集群最少2个节点才能启动,启动报错看/var/log/mesages日志

在三个节点上运行

 systemctl daemon-reload
 systemctl enable etcd
 systemctl start etcd
 systemctl status etcd

在三个节点上运行,检查etcd cluster状态

[root@node01 ~]# etcdctl --endpoints=https://172.16.65.181:2379,https://172.16.65.182:2379,https://172.16.65.183:2379 \
> --ca-file=/etc/etcd/ssl/ca.pem \
> --cert-file=/etc/etcd/ssl/etcd.pem \
> --key-file=/etc/etcd/ssl/etcd-key.pem cluster-health
member 5a8035d253973b is healthy: got healthy result from https://172.16.65.181:2379
member 8514f670b8a71207 is healthy: got healthy result from https://172.16.65.183:2379
member c9b41f79b970ff94 is healthy: got healthy result from https://172.16.65.182:2379
cluster is healthy

 

etcd 集群部署

标签:color   not   开源   amd   仓库   tis   export   https   daemon   

原文地址:https://www.cnblogs.com/vincenshen/p/8870797.html
(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
分享档案
更多>
2021年07月29日 (22)
2021年07月28日 (40)
2021年07月27日 (32)
2021年07月26日 (79)
2021年07月23日 (29)
2021年07月22日 (30)
2021年07月21日 (42)
2021年07月20日 (16)
2021年07月19日 (90)
2021年07月16日 (35)
周排行
mamicode.com排行更多图片
更多
友情链接
兰亭集智   国之画   百度统计   站长统计   阿里云   chrome插件   新版天听网
关于我们 - 联系我们 - 留言反馈
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!