ETCD Ubuntu 20.04 安装

下载安装包

Github 下载最新版安装包

etcd下载地址

生成ETCD 需要的证书

ca-config.json

{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "www": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}

ca-csr.json

{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}

生成CA

gencert -initca ca-csr.json | cfssljson -bare ca -

生成server.pem及server-key.pem

server-csr.json

{
    "CN": "etcd",
    "hosts": [
    "192.168.2.221",
    "192.168.2.222",
    "192.168.2.223"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing"
        }
    ]
}

注意hosts中输入为所有节点的IP

执行以下命令生成server.pem server-key.pem

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server

安装过程

创建目录

ansible k8s -m shell -a "mkdir -p /opt/etcd/bin"
ansible k8s -m shell -a "mkdir -p /opt/etcd/ssl"
ansible k8s -m shell -a "mkdir -p /opt/etcd/cfg"

复制证书

ansible k8s -m copy -a "src=server.pem dest=/opt/etcd/ssl/"
ansible k8s -m copy -a "src=server-key.pem dest=/opt/etcd/ssl/"
ansible k8s -m copy -a "src=ca.pem dest=/opt/etcd/ssl/"
ansible k8s -m copy -a "src=ca-key.pem dest=/opt/etcd/ssl/"

复制文件

mv etcd-v3.5.0-linux-amd64.tar.gz ~/works/k8s/
tar -xvf etcd-v3.5.0-linux-amd64.tar.gz
cd etcd-v3.5.0-linux-amd64

# 拷贝这ETCD服务及cli命令到所有服务器
ansible k8s -m copy -a "src=etcd dest=/opt/etcd/bin/"
ansible k8s -m copy -a "src=etcdctl dest=/opt/etcd/bin/"

# 设置可执行权限
ansible k8s -m shell -a "chmod -R 777 /opt/etcd/bin/*"

创建配置文件-

etcd.conf

#[Member]
ETCD_NAME="etcd-1"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.2.221:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.2.221:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.2.221:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.2.221:2379"
ETCD_INITIAL_CLUSTER="etcd-1=https://192.168.2.221:2380,etcd-2=https://192.168.2.222:2380,etcd-3=https://192.168.2.223:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

拷贝到所有机器上

ansible k8s -m copy -a "src=etcd.conf dest=/opt/etcd/cfg/"

修改配置

说明

Etcd_name = 集群名称,唯一不能重复

ETCD_LISTEN_PEER_URLS="https://本机IP:2380"
ETCD_LISTEN_CLIENT_URLS="https://本机IP:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://本机IP:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://本机IP:2379"
# 集群所有服务名-IP和端口
ETCD_INITIAL_CLUSTER="etcd-1=https://192.168.2.221:2380,etcd-2=https://192.168.2.222:2380,etcd-3=https://192.168.2.223:2380"

创建systemctl 服务文件

etcd.service

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/opt/etcd/cfg/etcd.conf
ExecStart=/opt/etcd/bin/etcd --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem --logger=zap
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

拷贝到3台机器上

ansible k8s -m copy -a "src=etcd.service dest=/usr/lib/systemd/system/"

启动服务

ansible k8s -m shell -a "systemctl daemon-reload"
ansible k8s -m shell -a "systemctl start etcd"
ansible k8s -m shell -a "systemctl enable etcd"

验证是否启动成功

image-20211003135352297

显示running为集群搭建成功。

验证集群状态。按需修改配置

ETCDCTL_API=3 /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.2.221:2379,https://192.168.2.222:2379,https://192.168.2.223:2379" endpoint health --write-out=table
image-20211003135524716

Health 为true 证明三个节点都已经可用。

发表评论

您的电子邮箱地址不会被公开。 必填项已用*标注