zoukankan      html  css  js  c++  java
  • ETCD集群部署

    此文档需要完善,谨慎参考

       172.18.1.229   172.18.1.231   172.18.1.233
    
    1.部署etcd
    (1)安装文件
    tar zxf etcd-v3.3.10-linux-amd64.tar.gz
    cd etcd-v3.3.10-linux-amd64
    useradd etcd
    mkdir -p /opt/etcd/{bin,data,log,ssl}
    cp etcd etcdctl /opt/etcd/bin/
    chown -R etcd:etcd /opt/etcd
    
    (2)生成etcd证书
    #生成ca证书配置文件
    cat > ca-config.json <<EOF
    {
      "signing": {
        "default": {
          "expiry": "87600h"
        },
        "profiles": {
          "etcd": {
            "usages": [
              "signing",
              "key encipherment",
              "server auth",
              "client auth"
            ],
            "expiry": "87600h"
          }
        }
      }
    }
    EOF
    
    #创建用来生成 CA 证书签名请求(CSR)的 JSON 配置文件
    cat > ca-csr.json <<EOF
    {
      "CN": "etcd",
      "key": {
        "algo": "rsa",
        "size": 2048
      },
      "names":[{
        "C": "CN",
        "ST": "Beijing",
        "L": "Beijing"
      }]
    }
    EOF
    
    #生成etcd根证书
    cfssl gencert -initca ca-csr.json | cfssljson -bare etcd-ca
    
    #生成etcd-server证书请求文件
    cat > server-csr.json <<EOF
    {
        "CN": "etcd",
        "hosts": [
        "172.18.1.229",
        "172.18.1.231",
        "172.18.1.233"
        ],
        "key": {
            "algo": "rsa",
            "size": 2048
        },
        "names": [
            {
                "C": "CN",
                "L": "BeiJing",
                "ST": "BeiJing"
            }
        ]
    }
    EOF
    
    #
    cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare etcd-server
    
    2.生成etcd启动文件
    cat >/lib/systemd/system/etcd.service <<EOF
    [Unit]
    Description=Etcd Server
    After=network.target
    After=network-online.target
    Wants=network-online.target
    Documentation=https://github.com/coreos
    
    [Service]
    LimitNOFILE=65536
    
    Type=notify
    WorkingDirectory=/opt/etcd
    
    ExecStart=/opt/etcd/bin/etcd 
      --advertise-client-urls=https://172.18.1.229:2379 \
      --cert-file=/opt/etcd/ssl/etcd-server.pem \
      --client-cert-auth=true \
      --data-dir=/opt/etcd/data \
      --initial-advertise-peer-urls=https://172.18.1.229:2380 \
      --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \
      --key-file=/opt/etcd/ssl/etcd-server-key.pem \
      --listen-client-urls=https://172.18.1.229:2379,http://127.0.0.1:2379 \
      --listen-peer-urls=https://172.18.1.229:2380 \
      --name=etcd-01 \
      --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \
      --peer-client-cert-auth=true \
      --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \
      --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
      --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
      --snapshot-count=10000 \
      --initial-cluster-token=etcd-cluster-0 \
      --initial-cluster-state=new
    
    RestartSec=5
    Restart=on-failure
    
    [Install]
    WantedBy=multi-user.targe
    EOF
    ---------------------------------------------------
    cat >/lib/systemd/system/etcd.service <<EOF
    [Unit]
    Description=Etcd Server
    After=network.target
    After=network-online.target
    Wants=network-online.target
    Documentation=https://github.com/coreos
    
    [Service]
    LimitNOFILE=65536
    
    Type=notify
    WorkingDirectory=/opt/etcd
    
    ExecStart=/opt/etcd/bin/etcd 
      --advertise-client-urls=https://172.18.1.231:2379 \
      --cert-file=/opt/etcd/ssl/etcd-server.pem \
      --client-cert-auth=true \
      --data-dir=/opt/etcd/data \
      --initial-advertise-peer-urls=https://172.18.1.231:2380 \
      --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \
      --key-file=/opt/etcd/ssl/etcd-server-key.pem \
      --listen-client-urls=https://172.18.1.231:2379,http://127.0.0.1:2379 \
      --listen-peer-urls=https://172.18.1.231:2380 \
      --name=etcd-02 \
      --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \
      --peer-client-cert-auth=true \
      --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \
      --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
      --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
      --snapshot-count=10000 \
      --initial-cluster-token=etcd-cluster-0 \
      --initial-cluster-state=new
    
    RestartSec=5
    Restart=on-failure
    
    [Install]
    WantedBy=multi-user.targe
    EOF
    -----------------------------------------------------------
    
    cat >/lib/systemd/system/etcd.service <<EOF
    [Unit]
    Description=Etcd Server
    After=network.target
    After=network-online.target
    Wants=network-online.target
    Documentation=https://github.com/coreos
    
    [Service]
    LimitNOFILE=65536
    
    Type=notify
    WorkingDirectory=/opt/etcd
    
    ExecStart=/opt/etcd/bin/etcd 
      --advertise-client-urls=https://172.18.1.233:2379 \
      --cert-file=/opt/etcd/ssl/etcd-server.pem \
      --client-cert-auth=true \
      --data-dir=/opt/etcd/data \
      --initial-advertise-peer-urls=https://172.18.1.233:2380 \
      --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \
      --key-file=/opt/etcd/ssl/etcd-server-key.pem \
      --listen-client-urls=https://172.18.1.233:2379,http://127.0.0.1:2379 \
      --listen-peer-urls=https://172.18.1.233:2380 \
      --name=etcd-03 \
      --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \
      --peer-client-cert-auth=true \
      --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \
      --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
      --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \
      --snapshot-count=10000 \
      --initial-cluster-token=etcd-cluster-0 \
      --initial-cluster-state=new
    
    RestartSec=5
    Restart=on-failure
    
    [Install]
    WantedBy=multi-user.targe
    EOF
    
    ----------------
    
    
    
    etcdctl --ca-file=/opt/etcd/ssl/etcd-ca.pem --cert-file=/opt/etcd/ssl/etcd-server.pem   --key-file=/opt/kubernetes/ssl/etcd-server-key.pem --endpoints=https://172.18.1.229:2379 cluster-health
  • 相关阅读:
    FFT学习及简单应用(一点点详细)
    Codeforces 1131 (div 2)
    【NOI2012】魔幻棋盘
    【hdu多校联考第二场】Odd Shops
    【Helvetic Coding Contest 2018】B2. Maximum Control (medium)
    解线性同余方程组
    Math teacher's homework
    【NOIP模拟赛】一道挖掉背景的数学题
    逆向基础-模块隐藏之断链
    解决请求筛选模块被配置为拒绝包含的查询字符串过长的请求
  • 原文地址:https://www.cnblogs.com/dingkailinux/p/10239749.html
Copyright © 2011-2022 走看看