版权声明:标为原创文章的,转载请注明出处。 https://blog.csdn.net/guestcode/article/details/84320945
一键部署高可用etcd集群(TLS,ubuntu)(freetoo、码客、卢益贵)
这是一个便捷高效的部署高可用etcd集群(TLS)的脚本工具。
下载链接:
https://download.csdn.net/download/guestcode/10798474
一、【功能说明】
1、自动安装cfssl
2、一键生成ssl秘钥
3、一键安装到目标主机
二、【使用方法】
1、修改文件install.sh,把集群所有主机的IP地址赋值给列表数组变量:
iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130")
2、创建ssl秘钥(生成ssl目录):
A: 在Ubuntu上执行命令创建ssl:
./install build
结果下图所示:
B:执行上述命令后生成ssl目录:
3、把ins-etcd整个目录复制到集群中每个Ubuntu主机上然后执行安装:
./install
结果如下图所示:
注意:
安装完毕后可删除ins-etcd目录
4、查询集群状态:
A、查询集群健康状态:
etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=https://192.168.116.128:2379 cluster-health
B、查询集群成员列表:
etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=https://192.168.116.128:2379 member list
结果如下图所示:
三、脚本源码
#!/bin/bash
############################################################
# Copyleft ©2018 freetoo(yigui-lu,卢益贵,码客)
# name: Deploying etcd clusters(HA, TLS)
# 一键部署高可用etcd集群(TLS)
# qq/wx: 48092788 e-mail: [email protected]
# blog: https://blog.csdn.net/guestcode
# create: 2018-11-21
############################################################
#【功能说明】
# 1、自动安装cfssl
# 2、一键生成ssl秘钥
# 3、一键安装到目标主机
#【使用方法】
# 1、把集群主机的IP地址赋值给列表数组变量:
# iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130")
# 2、创建ssl秘钥(生成ssl目录):
# ./install build
# 3、把ins-etcd整个目录复制到iplist变量指定IP的主机上执行安装:
# ./install
# 获取命令行参数,第一个命令行参数是build表示创建ssl秘钥
arg=$1
# 无命令行参数的默认是部署操作
if [ ! $arg ]; then
arg=install
fi
# 指定etcd集群主机的IP地址列表
iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130")
# 结束脚本函数
function exit_script() {
exit 1
}
# 1.创建ssl
if [ $arg = build ]; then
echo build ssl......
# 自动安装cfssl
hasssl=false
if [ -f /usr/bin/cfssl ]; then
hasssl=true
fi
if [ -f /usr/local/bin/cfssl ]; then
hasssl=true
fi
if [ $hasssl = false ]; then
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl*
mv cfssl_linux-amd64 /usr/local/bin/cfssl
fi
hasjson=false
if [ -f /usr/bin/cfssljson ]; then
hasjson=true
fi
if [ -f /usr/local/bin/cfssljson ]; then
hasjson=true
fi
if [ $hasjson = false ]; then
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssl*
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
fi
hascert=false
if [ -f /usr/bin/cfssl-certinfo ]; then
hascert=true
fi
if [ $hascert = false ]; then
#wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl*
#mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo
fi
cfgdir=cfg
ssldir=ssl
if [ -d $ssldir ]; then
rm -rf $ssldir
fi
mkdir $ssldir
for ip in ${iplist[@]}
do
if [ ! $ips ]; then
ips=\"$ip\"
else
ips=$ips,\"$ip\"
fi
done
hosts=" \"hosts\": [$ips],"
sed -i "s|^ \"hosts\".*$|$hosts|g" ./$cfgdir/server-csr.json
echo
echo make ca ......
cfssl gencert -initca $cfgdir/ca-csr.json | cfssljson -bare $ssldir/ca -
echo
echo make server key ......
cfssl gencert -ca=$ssldir/ca.pem -ca-key=$ssldir/ca-key.pem -config=$cfgdir/ca-config.json -profile=etcd $cfgdir/server-csr.json | cfssljson -bare $ssldir/server
exit_script
fi # if [ $masterip = build ]; then
# 本机IP地址
localip=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`
# 生成Url列表
for ip in ${iplist[@]}
do
if [ ! $clusterurls ]; then
clusterurls="etcd$ip=https://$ip:2380"
endpoints="https://$ip:2379"
else
clusterurls=$clusterurls,etcd$ip=https://$ip:2380
endpoints="$endpoints,https://$ip:2379"
fi
done
# 判断本机IP是否是iplist指定范围内
for ip in ${iplist[@]}
do
# 不是iplist指定范围的主机IP不给安装
if [ $ip = $localip ]; then
cfgfile=/etc/systemd/system/etcd.service
# 停止正在运行的进程
if [ -f $cfgfile ]; then
echo uninstall etcd......
systemctl stop etcd
systemctl disable etcd
rm $cfgfile
systemctl daemon-reload
echo reinstall etcd......
else
echo install etcd......
fi
# 删除旧数据
workdir=/var/lib/etcd/
if [ -d $workdir/ ]; then
rm -rf $workdir
fi
mkdir $workdir
# 复制秘钥等文件
ssldir=/etc/etcd/ssl/
if [ -d $ssldir ]; then
rm -rf $ssldir
fi
mkdir -p $ssldir
cp -f ./ssl/*.* $ssldir
# 复制etcd执行文件
cp -f ./bin/etcd* /usr/local/bin/
chmod +x /usr/local/bin/etcd*
# 配置服务启动文件
cp -f ./cfg/etcd.service /etc/systemd/system/
sed -i "s|localip|$localip|g" $cfgfile
sed -i "s|clusterurls|$clusterurls|g" $cfgfile
# 启动etcd
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
# 查询集群健康状况
echo
echo "etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=$endpoints cluster-health"
etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=$endpoints cluster-health
echo
# 查询服务运行状态
systemctl status etcd
exit_script
fi
done
# 不是iplist指定范围的主机IP不给安装
echo "the host-ip($localip) is\`t in ip-list:"${iplist[@]:0:${#iplist[@]}}