• etcd 集群部署

    etcd 是coreos团队开发的分布式服务发现键值存储仓库,github地址: https://github.com/coreos/etcd

    三个etcd节点:

    • node01 172.16.65.181
    • node02 172.16.65.182
    • node03 172.16.65.183

    1、三个node节点hosts记录

    cat <<EOF > /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.65.181 node01
172.16.65.182 node02
172.16.65.183 node03
EOF

    2、在node01上配置SSH无密码访问

    ssh-keygen  #一路回车即可
ssh-copy-id  node02
ssh-copy-id  node03

    3、创建etcd证书

    3.1 设置cfssl环境 (cloud flare推出开源的PKI工具箱CFSSL)

    wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl
chmod +x cfssljson_linux-amd64
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
chmod +x cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo
export PATH=/usr/local/bin:$PATH

    3.2 创建CA配置文件

    mkdir /root/ssl
cd /root/ssl
cat >  ca-config.json <<EOF
{
"signing": {
"default": {
  "expiry": "8760h"
},
"profiles": {
  "kubernetes-Soulmate": {
    "usages": [
        "signing",
        "key encipherment",
        "server auth",
        "client auth"
    ],
    "expiry": "8760h"
  }
}
}
}
EOF

cat >  ca-csr.json <<EOF
{
"CN": "kubernetes-Soulmate",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
  "C": "CN",
  "ST": "shanghai",
  "L": "shanghai",
  "O": "k8s",
  "OU": "System"
}
]
}
EOF

cfssl gencert -initca ca-csr.json | cfssljson -bare ca

cat > etcd-csr.json <<EOF
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "172.16.65.181",
    "172.16.65.182",
    "172.16.65.183"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "shanghai",
      "L": "shanghai",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem 
  -ca-key=ca-key.pem 
  -config=ca-config.json 
  -profile=kubernetes-Soulmate etcd-csr.json | cfssljson -bare etcd

    3.3 node01分发etcd证书到node02、node03上面

    mkdir -p /etc/etcd/ssl
cp etcd.pem etcd-key.pem ca.pem /etc/etcd/ssl/
ssh -n node02 "mkdir -p /etc/etcd/ssl && exit"
ssh -n node03 "mkdir -p /etc/etcd/ssl && exit"
scp -r /etc/etcd/ssl/*.pem node02:/etc/etcd/ssl/
scp -r /etc/etcd/ssl/*.pem node03:/etc/etcd/ssl/

    4、安装etcd

    yum install etcd -y
mkdir -p /var/lib/etcd

    5、编辑etcd配置文件

    node01配置文件etcd.service

    cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd 
  --name node01 
  --cert-file=/etc/etcd/ssl/etcd.pem 
  --key-file=/etc/etcd/ssl/etcd-key.pem 
  --peer-cert-file=/etc/etcd/ssl/etcd.pem 
  --peer-key-file=/etc/etcd/ssl/etcd-key.pem 
  --trusted-ca-file=/etc/etcd/ssl/ca.pem 
  --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem 
  --initial-advertise-peer-urls https://172.16.65.181:2380 
  --listen-peer-urls https://172.16.65.181:2380 
  --listen-client-urls https://172.16.65.181:2379,http://127.0.0.1:2379 
  --advertise-client-urls https://172.16.65.181:2379 
  --initial-cluster-token etcd-cluster-0 
  --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 
  --initial-cluster-state new 
  --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

    node02配置文件etcd.service

    cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd 
  --name node02 
  --cert-file=/etc/etcd/ssl/etcd.pem 
  --key-file=/etc/etcd/ssl/etcd-key.pem 
  --peer-cert-file=/etc/etcd/ssl/etcd.pem 
  --peer-key-file=/etc/etcd/ssl/etcd-key.pem 
  --trusted-ca-file=/etc/etcd/ssl/ca.pem 
  --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem 
  --initial-advertise-peer-urls https://172.16.65.182:2380 
  --listen-peer-urls https://172.16.65.182:2380 
  --listen-client-urls https://172.16.65.182:2379,http://127.0.0.1:2379 
  --advertise-client-urls https://172.16.65.182:2379 
  --initial-cluster-token etcd-cluster-0 
  --initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 
  --initial-cluster-state new 
  --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

    node03配置文件etcd.service

    cat <<EOF >/etc/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
ExecStart=/usr/bin/etcd 
  --name node03 
  --cert-file=/etc/etcd/ssl/etcd.pem 
  --key-file=/etc/etcd/ssl/etcd-key.pem 
  --peer-cert-file=/etc/etcd/ssl/etcd.pem 
  --peer-key-file=/etc/etcd/ssl/etcd-key.pem 
  --trusted-ca-file=/etc/etcd/ssl/ca.pem 
  --peer-trusted-ca-file=/etc/etcd/ssl/ca.pem 
  --initial-advertise-peer-urls https://172.16.65.183:2380 
  --listen-peer-urls https://172.16.65.183:2380 
  --listen-client-urls https://172.16.65.183:2379,http://127.0.0.1:2379 
  --advertise-client-urls https://172.16.65.183:2379 
  --initial-cluster-token etcd-cluster-0 
--initial-cluster node01=https://172.16.65.181:2380,node02=https://172.16.65.182:2380,node03=https://172.16.65.183:2380 
  --initial-cluster-state new 
  --data-dir=/var/lib/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

    6、启动etcd集群

    etc集群最少2个节点才能启动,启动报错看/var/log/mesages日志

    在三个节点上运行

    mv /etc/systemd/system/etcd.service /usr/lib/systemd/system/

    systemctl daemon-reload

    systemctl enable etcd

    systemctl start etcd

    systemctl status etcd

    在三个节点上运行,检查etcd cluster状态

    [root@node01 ~]# etcdctl --endpoints=https://172.16.65.181:2379,https://172.16.65.182:2379,https://172.16.65.183:2379
    > --ca-file=/etc/etcd/ssl/ca.pem
    > --cert-file=/etc/etcd/ssl/etcd.pem
    > --key-file=/etc/etcd/ssl/etcd-key.pem cluster-health
    member 5a8035d253973b is healthy: got healthy result from https://172.16.65.181:2379
    member 8514f670b8a71207 is healthy: got healthy result from https://172.16.65.183:2379
    member c9b41f79b970ff94 is healthy: got healthy result from https://172.16.65.182:2379
    cluster is healthy
  • 相关阅读:
    vue 下拉框单选、多选以及默认值
    python 查询每周最后一个工作日
    微信开发
    win7 实用
    A Mixed Flash Translation Layer Structure for SLC-MLC Combined Flash Memory System
    暑假--升级攻击家庭wifi
    A New 3-bit Programming Algorithm using SLC-to-TLC Migration for 8MBs High Performance TLC NAND Flash Memory
    FTL方面综述
    Linux 脚本
    FTL-SLC&MTC&TLC
  • 原文地址:https://www.cnblogs.com/vincenshen/p/8870797.html
Copyright © 2020-2023  润新知