官方网站
https://github.com/etcd-io/etcd/tree/master/etcdctl
etcdctl -h
/ # etcdctl --help
NAME:
etcdctl - A simple command line client for etcd3.
USAGE:
etcdctl
VERSION:
3.2.24
API VERSION:
3.2
COMMANDS:
get Gets the key or a range of keys
put Puts the given key into the store
del Removes the specified key or range of keys [key, range_end)
txn Txn processes all the requests in one transaction
compaction Compacts the event history in etcd
alarm disarm Disarms all alarms
alarm list Lists all alarms
defrag Defragments the storage of the etcd members with given endpoints
endpoint health Checks the healthiness of endpoints specified in `--endpoints` flag
endpoint status Prints out the status of endpoints specified in `--endpoints` flag
watch Watches events stream on keys or prefixes
version Prints the version of etcdctl
lease grant Creates leases
lease revoke Revokes leases
lease timetolive Get lease information
lease keep-alive Keeps leases alive (renew)
member add Adds a member into the cluster
member remove Removes a member from the cluster
member update Updates a member in the cluster
member list Lists all members in the cluster
snapshot save Stores an etcd node backend snapshot to a given file
snapshot restore Restores an etcd member snapshot to an etcd directory
snapshot status Gets backend snapshot status of a given file
make-mirror Makes a mirror at the destination etcd cluster
migrate Migrates keys in a v2 store to a mvcc store
lock Acquires a named lock
elect Observes and participates in leader election
auth enable Enables authentication
auth disable Disables authentication
user add Adds a new user
user delete Deletes a user
user get Gets detailed information of a user
user list Lists all users
user passwd Changes password of user
user grant-role Grants a role to a user
user revoke-role Revokes a role from a user
role add Adds a new role
role delete Deletes a role
role get Gets detailed information of a role
role list Lists all roles
role grant-permission Grants a key to a role
role revoke-permission Revokes a key from a role
check perf Check the performance of the etcd cluster
help Help about any command
OPTIONS:
--cacert="" verify certificates of TLS-enabled secure servers using this CA bundle
--cert="" identify secure client using this TLS certificate file
--command-timeout=5s timeout for short running command (excluding dial timeout)
--debug[=false] enable client-side debug logging
--dial-timeout=2s dial timeout for client connections
--endpoints=[127.0.0.1:2379] gRPC endpoints
--hex[=false] print byte strings as hex encoded strings
--insecure-skip-tls-verify[=false] skip server certificate verification
--insecure-transport[=true] disable transport security for client connections
--key="" identify secure client using this TLS key file
--user="" username[:password] for authentication (prompt if password is not supplied)
-w, --write-out="simple" set the output format (fields, json, protobuf, simple, table)
集群
查看集群状态
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --write-out=table --endpoints=$ENDPOINTS endpoint status
查看集群成员
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --write-out=table --endpoints=$ENDPOINTS member list
删除成员
MEMBER_ID=fa6333c794b010d8
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --endpoints=$ENDPOINTS member remove ${MEMBER_ID}
添加成员(添加已经删除的需要将新节点下面data.etcd必须删除)
export HOST_1=192.168.5.41
export HOST_2=192.168.5.45
export HOST_3=192.168.5.46
export NAME_1=etcd1
export NAME_2=etcd2
export NAME_3=etcd3
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379 member add ${NAME_3} --peer-urls=http://${HOST_3}:2380
export TOKEN=etcd-cluster-3
export ADVERTISE_PRRE_URLS=https:$HOST_3:2380
在新加节点上面,执行命令:
export NAME=etcd3
export CLINE_URLS="https://192.168.5.46:2379,https://192.168.5.46:4001"
export CLUSTER=$NAME_1="https:$HOST_1:2380,https://$HOST_1:4001",$NAME_2="https:$HOST_2:2380,https://$HOST_2:4001"
export ADVERTISE_PRRE_URLS=https:$HOST_3:2380
#/usr/local/bin/etcd
--peer-client-cert-auth
--client-cert-auth
--data-dir=/var/lib/rancher/etcd/
--advertise-client-urls=$CLINE_URLS
--key-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46-key.pem
--peer-cert-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46.pem
--peer-key-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46-key.pem
--election-timeout=5000
--name=$NAME
--listen-peer-urls=https://0.0.0.0:2380
--initial-cluster=$CLUSTER
--initial-cluster-state=existing
--initial-cluster-token=$TOKEN
--listen-client-urls=https://0.0.0.0:2379
--heartbeat-interval=500
--initial-advertise-peer-urls=$ADVERTISE_PRRE_URLS
--trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem
--peer-trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem
--cert-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46.pem
get操作
得到所有的key
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --endpoints=$ENDPOINTS --prefix --keys-only=true get /
得到对应key的值
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
~ # etcdctl --endpoints=$ENDPOINTS get /testkey
/testkey
hello world
put操作
~ # etcdctl --endpoints=$ENDPOINTS put /testkey_1 "test_1"
OK
del 操作
~ # etcdctl --endpoints=$ENDPOINTS del /testkey_1
1
~ # etcdctl --endpoints=$ENDPOINTS get /testkey_1
~ #
watch 操作
~ # etcdctl --endpoints=$ENDPOINTS watch /testkey
PUT
/testkey
1234
对testkey进行put操作
etcdctl --endpoints="https://192.168.5.46:2379,https://192.168.5.41:2379,https://192.168.5.45:2379" put /testkey "1234"
defrag(磁盘碎片整理)
# etcd is not running
etcdctl defrag --data-dir default.etcd
# etcd is running
etcdctl --endpoints=$ENDPOINTS defrag
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
Finished defragmenting etcd member[192.168.5.41:2379]
Finished defragmenting etcd member[192.168.5.45:2379]
Finished defragmenting etcd member[192.168.5.46:2379]
snapshot
保存备份当前集群etcd的信息,用于新的etcd集群
save
~ # etcdctl snapshot save snapshot.db
Snapshot saved at snapshot.db
~ # ls
snapshot.db
~ #
restore
etcdctl snapshot save snapshot.db
# restore members
bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:12380 --name sshot1 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:22380 --name sshot2 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:32380 --name sshot3 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
# launch members
bin/etcd --name sshot1 --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://127.0.0.1:2379 --listen-peer-urls http://127.0.0.1:12380 &
bin/etcd --name sshot2 --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://127.0.0.1:22379 --listen-peer-urls http://127.0.0.1:22380 &
bin/etcd --name sshot3 --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://127.0.0.1:32379 --listen-peer-urls http://127.0.0.1:32380 &
status
~ # etcdctl snapshot status snapshot.db
8b62e307, 3315546, 2490, 3.6 MB
~ # etcdctl snapshot status snapshot.db -w table
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| 8b62e307 | 3315546 | 2490 | 3.6 MB |
+----------+----------+------------+------------+
~ #
move-leader
查看当前endpoint的status
~ # etcdctl endpoint --cluster=true status -w table
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://192.168.5.46:2379 | 1995057e7efbae9f | 3.3.10 | 4.9 MB | false | 49661 | 3871036 |
| https://192.168.5.45:2379 | 8a5c1e9f00bb66a5 | 3.3.10 | 4.9 MB | true | 49661 | 3871053 |
| https://192.168.5.41:2379 | d6414a7c7c550d29 | 3.3.10 | 4.9 MB | false | 49661 | 3871074 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
move-leader
~ # etcdctl --endpoints 192.168.5.45:2379 move-leader d6414a7c7c550d29
Leadership transferred from 8a5c1e9f00bb66a5 to d6414a7c7c550d29
查看move之后的endpoint的status
~ # etcdctl endpoint --cluster=true status -w table
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://192.168.5.46:2379 | 1995057e7efbae9f | 3.3.10 | 5.3 MB | false | 49662 | 3871620 |
| https://192.168.5.45:2379 | 8a5c1e9f00bb66a5 | 3.3.10 | 5.3 MB | false | 49662 | 3871641 |
| https://192.168.5.41:2379 | d6414a7c7c550d29 | 3.3.10 | 5.3 MB | true | 49662 | 3871657 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
~ #
访问控制相关
添加root用户
etcdctl user add root
添加非root用户
etcdctl user add zhangjx
添加role
etcdctl role add role1
将用户zhangjx加入角色role1中
etcdctl user grant-role zhangjx role1
给角色role1复制权限
etcdctl role grant-permission role1 read /testkey
开启用户认证
etcdctl --endpoints=$ENDPOINTS auth enable
验证权限(可以读,但是不能写)
#etcdctl put /testkey "1111" --user="zhangjx:111111"
Error: etcdserver: permission denied
# etcdctl get /testkey --user="zhangjx:111111"
/testkey
111111