• etcdctl命令


    官方网站

    https://github.com/etcd-io/etcd/tree/master/etcdctl
    

    etcdctl -h

    / # etcdctl --help
    NAME:
    	etcdctl - A simple command line client for etcd3.
    
    USAGE:
    	etcdctl
    
    VERSION:
    	3.2.24
    
    API VERSION:
    	3.2
    
    
    COMMANDS:
    	get			Gets the key or a range of keys
    	put			Puts the given key into the store
    	del			Removes the specified key or range of keys [key, range_end)
    	txn			Txn processes all the requests in one transaction
    	compaction		Compacts the event history in etcd
    	alarm disarm		Disarms all alarms
    	alarm list		Lists all alarms
    	defrag			Defragments the storage of the etcd members with given endpoints
    	endpoint health		Checks the healthiness of endpoints specified in `--endpoints` flag
    	endpoint status		Prints out the status of endpoints specified in `--endpoints` flag
    	watch			Watches events stream on keys or prefixes
    	version			Prints the version of etcdctl
    	lease grant		Creates leases
    	lease revoke		Revokes leases
    	lease timetolive	Get lease information
    	lease keep-alive	Keeps leases alive (renew)
    	member add		Adds a member into the cluster
    	member remove		Removes a member from the cluster
    	member update		Updates a member in the cluster
    	member list		Lists all members in the cluster
    	snapshot save		Stores an etcd node backend snapshot to a given file
    	snapshot restore	Restores an etcd member snapshot to an etcd directory
    	snapshot status		Gets backend snapshot status of a given file
    	make-mirror		Makes a mirror at the destination etcd cluster
    	migrate			Migrates keys in a v2 store to a mvcc store
    	lock			Acquires a named lock
    	elect			Observes and participates in leader election
    	auth enable		Enables authentication
    	auth disable		Disables authentication
    	user add		Adds a new user
    	user delete		Deletes a user
    	user get		Gets detailed information of a user
    	user list		Lists all users
    	user passwd		Changes password of user
    	user grant-role		Grants a role to a user
    	user revoke-role	Revokes a role from a user
    	role add		Adds a new role
    	role delete		Deletes a role
    	role get		Gets detailed information of a role
    	role list		Lists all roles
    	role grant-permission	Grants a key to a role
    	role revoke-permission	Revokes a key from a role
    	check perf		Check the performance of the etcd cluster
    	help			Help about any command
    
    OPTIONS:
          --cacert=""				verify certificates of TLS-enabled secure servers using this CA bundle
          --cert=""					identify secure client using this TLS certificate file
          --command-timeout=5s			timeout for short running command (excluding dial timeout)
          --debug[=false]				enable client-side debug logging
          --dial-timeout=2s				dial timeout for client connections
          --endpoints=[127.0.0.1:2379]		gRPC endpoints
          --hex[=false]				print byte strings as hex encoded strings
          --insecure-skip-tls-verify[=false]	skip server certificate verification
          --insecure-transport[=true]		disable transport security for client connections
          --key=""					identify secure client using this TLS key file
          --user=""					username[:password] for authentication (prompt if password is not supplied)
      -w, --write-out="simple"			set the output format (fields, json, protobuf, simple, table)
    

    集群

    查看集群状态

    export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
    etcdctl --write-out=table --endpoints=$ENDPOINTS endpoint status
    

    查看集群成员

    export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
    etcdctl --write-out=table --endpoints=$ENDPOINTS member list
    

    删除成员

    MEMBER_ID=fa6333c794b010d8
    export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
    etcdctl --endpoints=$ENDPOINTS member remove ${MEMBER_ID}
    

    添加成员(添加已经删除的需要将新节点下面data.etcd必须删除)

    export HOST_1=192.168.5.41
    export HOST_2=192.168.5.45
    export HOST_3=192.168.5.46
    export NAME_1=etcd1
    export NAME_2=etcd2
    export NAME_3=etcd3
    etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379 member add ${NAME_3} --peer-urls=http://${HOST_3}:2380
    export TOKEN=etcd-cluster-3
    export ADVERTISE_PRRE_URLS=https:$HOST_3:2380
    

    在新加节点上面,执行命令:

    export NAME=etcd3
    export CLINE_URLS="https://192.168.5.46:2379,https://192.168.5.46:4001"
    export CLUSTER=$NAME_1="https:$HOST_1:2380,https://$HOST_1:4001",$NAME_2="https:$HOST_2:2380,https://$HOST_2:4001"
    export ADVERTISE_PRRE_URLS=https:$HOST_3:2380
    
    #/usr/local/bin/etcd 
    --peer-client-cert-auth 
    --client-cert-auth 
    --data-dir=/var/lib/rancher/etcd/ 
    --advertise-client-urls=$CLINE_URLS
    --key-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46-key.pem
    --peer-cert-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46.pem
    --peer-key-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46-key.pem
    --election-timeout=5000 
    --name=$NAME 
    --listen-peer-urls=https://0.0.0.0:2380 
    --initial-cluster=$CLUSTER 
    --initial-cluster-state=existing 
    --initial-cluster-token=$TOKEN
    --listen-client-urls=https://0.0.0.0:2379
    --heartbeat-interval=500 
    --initial-advertise-peer-urls=$ADVERTISE_PRRE_URLS
    --trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem
    --peer-trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem
    --cert-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46.pem
    

    get操作

    得到所有的key

    export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
    etcdctl --endpoints=$ENDPOINTS  --prefix --keys-only=true get /
    

    得到对应key的值

    export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
    ~ # etcdctl --endpoints=$ENDPOINTS  get /testkey
    /testkey
    hello world
    

    put操作

    ~ # etcdctl --endpoints=$ENDPOINTS put /testkey_1 "test_1"
    OK
    

    del 操作

    ~ # etcdctl --endpoints=$ENDPOINTS del /testkey_1 
    1
    ~ # etcdctl --endpoints=$ENDPOINTS get /testkey_1 
    ~ # 
    

    watch 操作

    ~ # etcdctl --endpoints=$ENDPOINTS watch /testkey
    PUT
    /testkey
    1234
    

    对testkey进行put操作

    etcdctl --endpoints="https://192.168.5.46:2379,https://192.168.5.41:2379,https://192.168.5.45:2379" put /testkey "1234"
    

    defrag(磁盘碎片整理)

    # etcd is not running 
    etcdctl defrag --data-dir default.etcd
    
    # etcd is running
    etcdctl --endpoints=$ENDPOINTS defrag 
    export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
    Finished defragmenting etcd member[192.168.5.41:2379]
    Finished defragmenting etcd member[192.168.5.45:2379]
    Finished defragmenting etcd member[192.168.5.46:2379]
    

    snapshot

    保存备份当前集群etcd的信息,用于新的etcd集群

    save

    ~ # etcdctl snapshot save snapshot.db
    Snapshot saved at snapshot.db
    ~ # ls
    snapshot.db
    ~ #
    

    restore

    etcdctl snapshot save snapshot.db
    
    # restore members
    bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:12380  --name sshot1 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
    bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:22380  --name sshot2 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
    bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:32380  --name sshot3 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
    
    # launch members
    bin/etcd --name sshot1 --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://127.0.0.1:2379 --listen-peer-urls http://127.0.0.1:12380 &
    bin/etcd --name sshot2 --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://127.0.0.1:22379 --listen-peer-urls http://127.0.0.1:22380 &
    bin/etcd --name sshot3 --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://127.0.0.1:32379 --listen-peer-urls http://127.0.0.1:32380 &
    

    status

    ~ # etcdctl snapshot status snapshot.db 
    8b62e307, 3315546, 2490, 3.6 MB
    ~ # etcdctl snapshot status snapshot.db  -w table 
    +----------+----------+------------+------------+
    |   HASH   | REVISION | TOTAL KEYS | TOTAL SIZE |
    +----------+----------+------------+------------+
    | 8b62e307 |  3315546 |       2490 |     3.6 MB |
    +----------+----------+------------+------------+
    ~ # 
    

    move-leader

    查看当前endpoint的status

    ~ # etcdctl endpoint --cluster=true status  -w table 
    +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    |         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
    +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    | https://192.168.5.46:2379 | 1995057e7efbae9f |  3.3.10 |  4.9 MB |     false |     49661 |    3871036 |
    | https://192.168.5.45:2379 | 8a5c1e9f00bb66a5 |  3.3.10 |  4.9 MB |      true |     49661 |    3871053 |
    | https://192.168.5.41:2379 | d6414a7c7c550d29 |  3.3.10 |  4.9 MB |     false |     49661 |    3871074 |
    +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    

    move-leader

    ~ # etcdctl --endpoints 192.168.5.45:2379  move-leader d6414a7c7c550d29
    Leadership transferred from 8a5c1e9f00bb66a5 to d6414a7c7c550d29
    

    查看move之后的endpoint的status

    ~ # etcdctl endpoint --cluster=true status  -w table 
    +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    |         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
    +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    | https://192.168.5.46:2379 | 1995057e7efbae9f |  3.3.10 |  5.3 MB |     false |     49662 |    3871620 |
    | https://192.168.5.45:2379 | 8a5c1e9f00bb66a5 |  3.3.10 |  5.3 MB |     false |     49662 |    3871641 |
    | https://192.168.5.41:2379 | d6414a7c7c550d29 |  3.3.10 |  5.3 MB |      true |     49662 |    3871657 |
    +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    ~ # 
    

    访问控制相关

    添加root用户

    etcdctl user add root
    

    添加非root用户

    etcdctl user add zhangjx
    

    添加role

    etcdctl role add role1
    

    将用户zhangjx加入角色role1中

    etcdctl user grant-role zhangjx role1
    

    给角色role1复制权限

    etcdctl role grant-permission role1 read /testkey
    

    开启用户认证

    etcdctl --endpoints=$ENDPOINTS auth enable
    

    验证权限(可以读,但是不能写)

    #etcdctl  put /testkey "1111"  --user="zhangjx:111111" 
    Error: etcdserver: permission denied
    # etcdctl  get /testkey  --user="zhangjx:111111" 
    /testkey
    111111 
    
  • 相关阅读:
    JavaScript 中document.write() 详细用法介绍
    教你怎么用JavaScript检测当前浏览器是无头浏览器
    JavaScript网页截屏方法,你get到了嘛?
    新手小白该怎么学习前端?附学习路线和资料
    实现微前端需要了解的 Vue Genesis 渲染器
    前端新人关注的Web前端饱和性分析?前端面试必知必会的十点!
    这个前端竟然用动态规划写瀑布流布局?给我打死他!
    Kubernetes之Ingress+Traefik
    MySQL语法大全
    PPTP服务器
  • 原文地址:https://www.cnblogs.com/zhangjxblog/p/12168339.html
Copyright © 2020-2023  润新知