文章目录

1.环境准备

etcd01	10.0.0.101
etcd02	10.0.0.102
etcd03	10.0.0.103

2.安装证书生成工具cfssl

[root@etcd01 ~]# mkdir /data/ssl -p
 
[root@etcd01 ~]# cd /data/
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
 
[root@etcd01 data]# chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64
 
mv cfssl_linux-amd64 /usr/local/bin/cfssl
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo
 
cd /data/ssl/

3.生成key

[root@etcd01 ~]# mkdir /data/ssl/etcd -p
[root@etcd01 ~]# cd /data/ssl/etcd
[root@etcd01 etcd]# cat etcd.sh
# etcd
# cat ca-config.json
cat > ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "www": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF
 
# cat ca-csr.json
cat > ca-csr.json <<EOF
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF
 
# cat server-csr.json
cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "10.0.0.101",
    "10.0.0.102",
    "10.0.0.103"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing"
        }
    ]
}
EOF
 
执行脚本
[root@etcd01 etcd]# sh etcd.sh
 
[root@etcd01 etcd]# cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
[root@etcd01 etcd]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
 
[root@etcd01 etcd]# ls *pem
ca-key.pem  ca.pem  server-key.pem  server.pem

4.集群部署{所有节点操作}

mkdir /data/src/ -p
cd /data/src/
 
mkdir /opt/etcd/{bin,cfg,ssl} -p
tar xf etcd-v3.3.10-linux-amd64.tar.gz
mv etcd-v3.3.10-linux-amd64/{etcd,etcdctl} /opt/etcd/bin/
   
# 3台机器 ETCD_NAME 名字不一样  本机IP不一样,对应修改即可
[root@etcd01 ~]# cat /opt/etcd/cfg/etcd
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://10.0.0.101:2380"
ETCD_LISTEN_CLIENT_URLS="https://10.0.0.101:2379"
 
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://10.0.0.101:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://10.0.0.101:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://10.0.0.101:2380,etcd02=https://10.0.0.102:2380,etcd03=https://10.0.0.103:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
--------------------------------------------------------------------------------------------------------------------------
* ETCD_NAME 节点名称
* ETCD_DATA_DIR 数据目录
* ETCD_LISTEN_PEER_URLS 集群通信监听地址
* ETCD_LISTEN_CLIENT_URLS 客户端访问监听地址
* ETCD_INITIAL_ADVERTISE_PEER_URLS 集群通告地址
* ETCD_ADVERTISE_CLIENT_URLS 客户端通告地址
* ETCD_INITIAL_CLUSTER 集群节点地址
* ETCD_INITIAL_CLUSTER_TOKEN 集群Token
* ETCD_INITIAL_CLUSTER_STATE 加入集群的当前状态,new是新集群,existing表示加入已有集群

5.检查集群状态

[root@etcd01 etcd]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://10.0.0.101:2379,https://10.0.0.102:2379,https://10.0.0.103:2379" cluster-health
member 2cba54b8e3ba988a is healthy: got healthy result from https://10.0.0.103:2379
member 7c12135a398849e3 is healthy: got healthy result from https://10.0.0.102:2379
member f2fd0c12369e0d75 is healthy: got healthy result from https://10.0.0.101:2379
cluster is healthy
[root@etcd01 etcd]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://10.0.0.101:2379,https://10.0.0.102:2379,https://10.0.0.103:2379" member list
2cba54b8e3ba988a: name=etcd03 peerURLs=https://10.0.0.103:2380 clientURLs=https://10.0.0.103:2379 isLeader=false
7c12135a398849e3: name=etcd02 peerURLs=https://10.0.0.102:2380 clientURLs=https://10.0.0.102:2379 isLeader=false
f2fd0c12369e0d75: name=etcd01 peerURLs=https://10.0.0.101:2380 clientURLs=https://10.0.0.101:2379 isLeader=true

6.切换API版本

[root@etcd01 etcd]# /opt/etcd/bin/etcdctl --ca-file=ca.pem --cert-file=server.pem --key-file=server-key.pem --endpoints="https://10.0.0.101:2379,https://10.0.0.102:2379,https://10.0.0.103:2379" -v
etcdctl version: 3.3.10
API version: 2
 
 
设置环境变量支持V3版本接口
[root@etcd01 etcd]# export ETCDCTL_API=3
 
 
[root@etcd01 etcd]# /opt/etcd/bin/etcdctl --cacert=ca.pem   --cert=server.pem   --key=server-key.pem --endpoints "https://10.0.0.101:2379,https://10.0.0.102:2379,https://10.0.0.103:2379" version
etcdctl version: 3.3.10
API version: 3.3
 
 
别名设置(临时)
[root@etcd01 etcd]# alias ee='/opt/etcd/bin/etcdctl --cacert=ca.pem   --cert=server.pem   --key=server-key.pem --endpoints "https://10.0.0.101:2379,https://10.0.0.102:2379,https://10.0.0.103:2379"'
 
 
永久配置的话保存至~/.bashrc即可
 
[root@etcd01 etcd]# ee version
etcdctl version: 3.3.10
API version: 3.3
 
[root@etcd01 etcd]# ee put cheng 12
OK
[root@etcd01 etcd]# ee get cheng
cheng
12
# etcd # 云原生
Logo
EazyDevelop社区

一站式 AI 云服务平台

更多推荐

cover

仓颉迁移实战:将 Node.js 微服务移植到 Cangjie 的工程化评测

avatar EazyDevelop社区

探秘深海:一款强大的深度学习框架——DeepSea

在人工智能领域中,深度学习是推动科技进步的一股强大动力。今天,我们要向大家推荐的是一个专为深度学习爱好者和开发者打造的强大框架——DeepSea。该项目由Team-Neptune团队开发,并托管在Gitcode平台上,旨在简化和加速深度学习模型的研发过程。## 技术分析### 灵活的架构设计DeepSea采用模块化的设计,允许用户根据需求选择不同的组件,如优化器、损失函数等,以构建定制

avatar EazyDevelop社区

taosync:适用于AList v3的自动化同步工具

在现代生活中,数据同步和备份已成为维护数据安全的关键环节。taosync是一款专为AList v3设计的自动化同步工具,能够帮助用户轻松地同步和备份他们的数据到多个网盘或FTP存储服务。这款工具的开发初衷是为了保存孩子的成长照片,其名称“taoSync”也因此而来。taosync以开源免费的形式提供,支持几乎所有的常用平台,并且提供了完善的日志记录、任务管理以及安全的密码加密功能。## 项目技

avatar EazyDevelop社区