ETCD Ubuntu 20.04 安装
下载安装包
Github 下载最新版安装包
生成ETCD 需要的证书
ca-config.json
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"www": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}ca-csr.json
{
"CN": "etcd CA",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"ST": "Beijing"
}
]
}生成CA
gencert -initca ca-csr.json | cfssljson -bare ca -生成server.pem及server-key.pem
server-csr.json
{
"CN": "etcd",
"hosts": [
"192.168.2.221",
"192.168.2.222",
"192.168.2.223"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing"
}
]
}注意hosts中输入为所有节点的IP
执行以下命令生成server.pem server-key.pem
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server安装过程
创建目录
ansible k8s -m shell -a "mkdir -p /opt/etcd/bin"
ansible k8s -m shell -a "mkdir -p /opt/etcd/ssl"
ansible k8s -m shell -a "mkdir -p /opt/etcd/cfg"复制证书
ansible k8s -m copy -a "src=server.pem dest=/opt/etcd/ssl/"
ansible k8s -m copy -a "src=server-key.pem dest=/opt/etcd/ssl/"
ansible k8s -m copy -a "src=ca.pem dest=/opt/etcd/ssl/"
ansible k8s -m copy -a "src=ca-key.pem dest=/opt/etcd/ssl/"复制文件
mv etcd-v3.5.0-linux-amd64.tar.gz ~/works/k8s/
tar -xvf etcd-v3.5.0-linux-amd64.tar.gz
cd etcd-v3.5.0-linux-amd64
# 拷贝这ETCD服务及cli命令到所有服务器
ansible k8s -m copy -a "src=etcd dest=/opt/etcd/bin/"
ansible k8s -m copy -a "src=etcdctl dest=/opt/etcd/bin/"
# 设置可执行权限
ansible k8s -m shell -a "chmod -R 777 /opt/etcd/bin/*"创建配置文件-
etcd.conf
#[Member]
ETCD_NAME="etcd-1"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.2.221:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.2.221:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.2.221:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.2.221:2379"
ETCD_INITIAL_CLUSTER="etcd-1=https://192.168.2.221:2380,etcd-2=https://192.168.2.222:2380,etcd-3=https://192.168.2.223:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"拷贝到所有机器上
ansible k8s -m copy -a "src=etcd.conf dest=/opt/etcd/cfg/"修改配置
说明
Etcd_name = 集群名称,唯一不能重复
ETCD_LISTEN_PEER_URLS="https://本机IP:2380"
ETCD_LISTEN_CLIENT_URLS="https://本机IP:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://本机IP:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://本机IP:2379"
# 集群所有服务名-IP和端口
ETCD_INITIAL_CLUSTER="etcd-1=https://192.168.2.221:2380,etcd-2=https://192.168.2.222:2380,etcd-3=https://192.168.2.223:2380"创建systemctl 服务文件
etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/opt/etcd/cfg/etcd.conf
ExecStart=/opt/etcd/bin/etcd --cert-file=/opt/etcd/ssl/server.pem --key-file=/opt/etcd/ssl/server-key.pem --peer-cert-file=/opt/etcd/ssl/server.pem --peer-key-file=/opt/etcd/ssl/server-key.pem --trusted-ca-file=/opt/etcd/ssl/ca.pem --peer-trusted-ca-file=/opt/etcd/ssl/ca.pem --logger=zap
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target拷贝到3台机器上
ansible k8s -m copy -a "src=etcd.service dest=/usr/lib/systemd/system/"启动服务
ansible k8s -m shell -a "systemctl daemon-reload"
ansible k8s -m shell -a "systemctl start etcd"
ansible k8s -m shell -a "systemctl enable etcd"验证是否启动成功
显示running为集群搭建成功。
验证集群状态。按需修改配置
ETCDCTL_API=3 /opt/etcd/bin/etcdctl --cacert=/opt/etcd/ssl/ca.pem --cert=/opt/etcd/ssl/server.pem --key=/opt/etcd/ssl/server-key.pem --endpoints="https://192.168.2.221:2379,https://192.168.2.222:2379,https://192.168.2.223:2379" endpoint health --write-out=table
Health 为true 证明三个节点都已经可用。
文章不错交个朋友