• ETCD集群部署

    此文档需要完善,谨慎参考

       172.18.1.229   172.18.1.231   172.18.1.233

1.部署etcd
(1)安装文件
tar zxf etcd-v3.3.10-linux-amd64.tar.gz
cd etcd-v3.3.10-linux-amd64
useradd etcd
mkdir -p /opt/etcd/{bin,data,log,ssl}
cp etcd etcdctl /opt/etcd/bin/
chown -R etcd:etcd /opt/etcd

(2)生成etcd证书
#生成ca证书配置文件
cat > ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "etcd": {
        "usages": [
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ],
        "expiry": "87600h"
      }
    }
  }
}
EOF

#创建用来生成 CA 证书签名请求(CSR)的 JSON 配置文件
cat > ca-csr.json <<EOF
{
  "CN": "etcd",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names":[{
    "C": "CN",
    "ST": "Beijing",
    "L": "Beijing"
  }]
}
EOF

#生成etcd根证书
cfssl gencert -initca ca-csr.json | cfssljson -bare etcd-ca

#生成etcd-server证书请求文件
cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "172.18.1.229",
    "172.18.1.231",
    "172.18.1.233"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing"
        }
    ]
}
EOF

#
cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare etcd-server

2.生成etcd启动文件
cat >/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
LimitNOFILE=65536

Type=notify
WorkingDirectory=/opt/etcd

ExecStart=/opt/etcd/bin/etcd 
  --advertise-client-urls=https://172.18.1.229:2379 \
  --cert-file=/opt/etcd/ssl/etcd-server.pem \
  --client-cert-auth=true \
  --data-dir=/opt/etcd/data \
  --initial-advertise-peer-urls=https://172.18.1.229:2380 \
  --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \
  --key-file=/opt/etcd/ssl/etcd-server-key.pem \
  --listen-client-urls=https://172.18.1.229:2379,http://127.0.0.1:2379 \
  --listen-peer-urls=https://172.18.1.229:2380 \
  --name=etcd-01 \
  --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \
  --peer-client-cert-auth=true \
  --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \
  --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
  --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
  --snapshot-count=10000 \
  --initial-cluster-token=etcd-cluster-0 \
  --initial-cluster-state=new

RestartSec=5
Restart=on-failure

[Install]
WantedBy=multi-user.targe
EOF
---------------------------------------------------
cat >/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
LimitNOFILE=65536

Type=notify
WorkingDirectory=/opt/etcd

ExecStart=/opt/etcd/bin/etcd 
  --advertise-client-urls=https://172.18.1.231:2379 \
  --cert-file=/opt/etcd/ssl/etcd-server.pem \
  --client-cert-auth=true \
  --data-dir=/opt/etcd/data \
  --initial-advertise-peer-urls=https://172.18.1.231:2380 \
  --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \
  --key-file=/opt/etcd/ssl/etcd-server-key.pem \
  --listen-client-urls=https://172.18.1.231:2379,http://127.0.0.1:2379 \
  --listen-peer-urls=https://172.18.1.231:2380 \
  --name=etcd-02 \
  --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \
  --peer-client-cert-auth=true \
  --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \
  --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
  --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
  --snapshot-count=10000 \
  --initial-cluster-token=etcd-cluster-0 \
  --initial-cluster-state=new

RestartSec=5
Restart=on-failure

[Install]
WantedBy=multi-user.targe
EOF
-----------------------------------------------------------

cat >/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
LimitNOFILE=65536

Type=notify
WorkingDirectory=/opt/etcd

ExecStart=/opt/etcd/bin/etcd 
  --advertise-client-urls=https://172.18.1.233:2379 \
  --cert-file=/opt/etcd/ssl/etcd-server.pem \
  --client-cert-auth=true \
  --data-dir=/opt/etcd/data \
  --initial-advertise-peer-urls=https://172.18.1.233:2380 \
  --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \
  --key-file=/opt/etcd/ssl/etcd-server-key.pem \
  --listen-client-urls=https://172.18.1.233:2379,http://127.0.0.1:2379 \
  --listen-peer-urls=https://172.18.1.233:2380 \
  --name=etcd-03 \
  --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \
  --peer-client-cert-auth=true \
  --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \
  --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
  --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
  --snapshot-count=10000 \
  --initial-cluster-token=etcd-cluster-0 \
  --initial-cluster-state=new

RestartSec=5
Restart=on-failure

[Install]
WantedBy=multi-user.targe
EOF

----------------



etcdctl --ca-file=/opt/etcd/ssl/etcd-ca.pem --cert-file=/opt/etcd/ssl/etcd-server.pem   --key-file=/opt/kubernetes/ssl/etcd-server-key.pem --endpoints=https://172.18.1.229:2379 cluster-health
  • 相关阅读:
    JAVA设计模式-设计原则
    java 8 stream特性
    使用跟踪标记查看过滤统计信息是否被使用
    找到SQL Server的序列号
    使用SSIS进行数据清洗
    找到SQL Server数据库历史增长信息
    如何查看某个查询用了多少TempDB空间
    SQL Server 2014云特性:无缝集成公有云
    SQL Server 2014新特性-原生备份加密
    强制SQL Server执行计划使用并行提升在复杂查询语句下的性能
  • 原文地址:https://www.cnblogs.com/dingkailinux/p/10239749.html
Copyright © 2020-2023  润新知