etcd搭建过程记录

其他 2019-03-16 18:18:02 阅读次数: 0

安装介质准备

etcd 安装介质

wget https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz

cfssl证书制作工具 :访问时加HTTPSwget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64

服务器

主机名

IP

k8s-master1

192.168.193.63

k8s-node1

192.168.193.65

扫描二维码关注公众号,回复: 5553088 查看本文章

k8s-node2

192.168.193.66

目录初始化

mkdir -p /k8s/etcd/{bin,cfg,ssl}

mkdir -p /data/etcd

 到介质目录下 执行

chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64

mv cfssl_linux-amd64 /usr/local/bin/cfssl

mv cfssljson_linux-amd64 /usr/local/bin/cfssljson

mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo

证书生成配置

生成etcd ca配置  ssl 为证书目录

cd /k8s/etcd/ssl/

 

cat << EOF | tee ca-config.json
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "etcd": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF

 生成etcd ca-csr配置

cat << EOF | tee ca-csr.json
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF

生成etcd server-csr配置

cat << EOF | tee server-csr.json
{
    "CN": "etcd",
    "hosts": [
    "192.168.193.63",
    "192.168.193.65",
    "192.168.193.66"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF

开始制作etcd相关证书

 cfssl gencert -initca ca-csr.json | cfssljson -bare ca

说明:生成 "ca-csr.json  ca-key.pem  ca.pem" 三个文件

 

 

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare server

 

生成 "server-csr.json  server-key.pem  server.pem" 三个文件

 

192.168.193.63上生成的证书密钥拷贝到对应目录

scp  /k8s/etcd/ssl/*.pem   [email protected]:/k8s/etcd/ssl/

scp  /k8s/etcd/ssl/*.pem   [email protected]:/k8s/etcd/ssl/

etcd安装

在介质目录下

tar -xvf etcd-v3.3.10-linux-amd64.tar.gz

cd etcd-v3.3.10-linux-amd64/

cp etcd etcdctl /k8s/etcd/bin/
vim /k8s/etcd/cfg/etcd.conf  #这里注意一下 每个服务器的标红处需要填写本服务Ip

#[Member]
ETCD_NAME="etcd01"   #其他的 分别为 etcd02  etcd03 与标绿 处对应
ETCD_DATA_DIR="/data/etcd"  
ETCD_LISTEN_PEER_URLS="https://192.168.193.63:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.193.63:2379,https://127.0.0.1:2379"
 
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.193.63:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.193.63:2379,https://127.0.0.1:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.193.63:2380,etcd02=https://192.168.193.65:2380,etcd03=https://192.168.193.66:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

#[Security]
ETCD_CERT_FILE="/k8s/etcd/ssl/server.pem"
ETCD_KEY_FILE="/k8s/etcd/ssl/server-key.pem"
ETCD_TRUSTED_CA_FILE="/k8s/etcd/ssl/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/k8s/etcd/ssl/server.pem"
ETCD_PEER_KEY_FILE="/k8s/etcd/ssl/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/k8s/etcd/ssl/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"

[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
WorkingDirectory=/data/etcd/
EnvironmentFile=-/k8s/etcd/cfg/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /k8s/etcd/bin/etcd --name=\"${ETCD_NAME}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" --listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" --advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" --initial-cluster-token=\"${ETCD_INITIAL_CLUSTER_TOKEN}\" --initial-cluster=\"${ETCD_INITIAL_CLUSTER}\" --initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\" --cert-file=\"${ETCD_CERT_FILE}\" --key-file=\"${ETCD_KEY_FILE}\" --trusted-ca-file=\"${ETCD_TRUSTED_CA_FILE}\" --client-cert-auth=\"${ETCD_CLIENT_CERT_AUTH}\" --peer-cert-file=\"${ETCD_PEER_CERT_FILE}\" --peer-key-file=\"${ETCD_PEER_KEY_FILE}\" --peer-trusted-ca-file=\"${ETCD_PEER_TRUSTED_CA_FILE}\" --peer-client-cert-auth=\"${ETCD_PEER_CLIENT_CERT_AUTH}\""
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
vim /usr/lib/systemd/system/etcd.service

启动服务

#集群所有节点都配置好配置文件,同时启动。

systemctl daemon-reload && systemctl enable etcd && systemctl start etcd
/k8s/etcd/bin/etcdctl --ca-file=/k8s/etcd/ssl/ca.pem --cert-file=/k8s/etcd/ssl/server.pem --key-file=/k8s/etcd/ssl/server-key.pem --endpoints="https://192.168.193.63:2379,https://192.168.193.65:2379,https://192.168.193.66:2379" cluster-health

日志  查看方式  journalctl -b -u etcd  

可能出现的问题一般是端口占用 防火墙端口未开 以及 每个服务器上编辑配置文件时 Ip没有对应好本服务器

猜你喜欢

转载自www.cnblogs.com/nhz-M/p/10543331.html
今日推荐
富文本编辑器 Quill 2.0 重磅发布,特性、可靠性与开发者体验大幅提升
“开源信徒”周鸿祎开源360智脑大模型
周排行
VS2017编译opensmile具体过程和遇到的问题
PowerEnglish——mini-story3总结
微信小程序 数据库获取字符串 在view中显示换行
Java静态代码块/构造代码块/构造函数/静态变量/成员变量(相关示例)
Keras使用tensorflowjs部署demo
window下用git连接Github
图象的全变分和去噪
LeetCode刷题笔记--119. Pascal's Triangle II
【Linux】进程间通信 - 管道
polyA|ribo-minus|differentiated cell|Genetic heterogeneity
每日归档
更多
2024-04-17(5)
2024-04-16(70)
2024-04-15(42)
2024-04-14(0)
2024-04-13(119)
2024-04-12(38)
2024-04-11(14)
2024-04-10(68)
2024-04-09(5)
2024-04-08(60)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022