zoukankan      html  css  js  c++  java
  • 部署etcd集群

    1、集群规划

    服务器名称 服务地址 角色
    YN101-22.host.com 192.168.101.22 etcd leader
    YN101-31.host.com 192.168.101.31 etcd follow
    YN101-32.host.com 192.168.101.32 etcd follow

    2、创建基于根证书的config配置文件YN101-100.host.com主机操作

    cd /opt/certs/
    vi ca-config.json
    
    {
      "signing": {
        "default": {
          "expiry": "175200h"
        },
        "profiles": {
          "server": {
            "expiry": "175200h",
            "usages": [
              "signing",
              "key encipherment",
              "server auth"
            ]
          },
          "client": {
            "expiry": "175200h",
            "usages": [
              "signing",
              "key encipherment",
              "server auth"
            ]
          },
          "peer": {
            "expiry": "175200h",
            "usages": [
              "signing",
              "key encipherment",
              "server auth"
            ]
          }
        }
      }
    }
    
    vi etcd-peer-csr.json
    {
      "CN": "k8s-etcd",
      "hosts": [
        "192.168.101.21",
        "192.168.101.22",
        "192.168.101.31",
        "192.168.101.32"
      ],
      "key": {
        "algo": "rsa",
        "size": 2048
      },
      "names": [
        {
          "C": "CN",
          "ST": "YN",
          "L": "KM",
          "O": "kevin",
          "OU": "edu"
        }
      ]
    }
    
    
    #生成etcd证书和私钥
    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd-peer-csr.json |cfssl-json -bare etcd-peer
    #生成证书如下
    [root@yn101-100 certs]# ll
    total 36
    -rw-r--r-- 1 root root  610 Feb 17 22:54 ca-config.json
    -rw-r--r-- 1 root root  985 Feb 16 12:53 ca.csr
    -rw-r--r-- 1 root root  189 Feb 16 12:53 ca-csr.json
    -rw------- 1 root root 1679 Feb 16 12:53 ca-key.pem
    -rw-r--r-- 1 root root 1322 Feb 16 12:53 ca.pem
    -rw-r--r-- 1 root root 1054 Feb 17 22:56 etcd-peer.csr
    -rw-r--r-- 1 root root  300 Feb 17 22:37 etcd-peer-csr.json
    -rw------- 1 root root 1679 Feb 17 22:56 etcd-peer-key.pem
    -rw-r--r-- 1 root root 1395 Feb 17 22:56 etcd-peer.pem
    

    3、YN101-22.host.com主机操作

    给etcd创建一个用户

    useradd -s /sbin/nologin -M etcd
    [root@yn101-22 src]# id etcd
    uid=1000(etcd) gid=1000(etcd) groups=1000(etcd)
    
    #etcd下载地址,本机安装3.1.20版本
    https://github.com/etcd-io/etcd/releases/tag/v3.1.20
    
    #解压
    cd /opt/src
    tar xfv etcd-v3.1.20-linux-amd64.tar.gz -C /opt/
    mv etcd-v3.1.20-linux-amd64/ etcd-v3.1.20
    #软连接
    [root@yn101-22 opt]# ln -s /opt/etcd-v3.1.20/ /opt/etcd
    [root@yn101-22 opt]# ll
    total 0
    lrwxrwxrwx 1 root   root   18 Feb 17 23:05 etcd -> /opt/etcd-v3.1.20/
    drwxr-xr-x 3 478493 89939 123 Oct 11  2018 etcd-v3.1.20
    drwxr-xr-x 2 root   root   45 Feb 17 22:19 src
    
    #创建目录,拷贝证书和私钥
    mkdir -p /opt/etcd/certs /data/etcd /data/logs/etcd-server
    scp yn101-100:/opt/certs/ca.pem .
    scp yn101-100:/opt/certs/etcd-peer.pem .
    scp yn101-100:/opt/certs/etcd-peer-key.pem .
    

    创建etcd的启动脚本 vi /opt/etcd/etcd-server-startup.sh

    #!/bin/sh
    ./etcd --name etcd-server-101-22 
    		--data-dir /data/etcd/etcd-server 
    		--listen-peer-urls https://192.168.101.22:2380 
    		--listen-client-urls https://192.168.101.22:2379,http://127.0.0.1:2379 
    		--quota-backend-bytes 8000000000 
    		--initial-advertise-peer-urls https://192.168.101.22:2380 
    		--advertise-client-urls https://192.168.101.22:2379,http://127.0.0.1:2379 
    		--initial-cluster etcd-server-101-22=https://192.168.101.22:2380,etcd-server-101-31=https://192.168.101.31:2380,etcd-server-101-32=https://192.168.101.32:2380 
    		--ca-file ./certs/ca.pem 
    		--cert-file ./certs/etcd-peer.pem 
    		--key-file ./certs/etcd-peer-key.pem 
    		--client-cert-auth 
    		--trusted-ca-file ./certs/ca.pem 
    		--peer-ca-file ./certs/ca.pem 
    		--peer-cert-file ./certs/etcd-peer.pem 
    		--peer-key-file ./certs/etcd-peer-key.pem 
    		--peer-client-cert-auth 
    		--peer-trusted-ca-file ./certs/ca.pem 
    		--log-output stdout
    
    chmod +x etcd-server-startup.sh
    chown -R etcd.etcd /opt/etcd-v3.1.20/
    #更改后输出如下,文件为etcd用户
    [root@yn101-22 etcd]# ll
    total 30072
    drwxr-xr-x  2 etcd etcd       66 Feb 17 23:12 certs
    drwxr-xr-x 11 etcd etcd     4096 Oct 11  2018 Documentation
    -rwxr-xr-x  1 etcd etcd 16406432 Oct 11  2018 etcd
    -rwxr-xr-x  1 etcd etcd 14327712 Oct 11  2018 etcdctl
    -rwxr-xr-x  1 etcd etcd      876 Feb 17 23:30 etcd-server-startup.sh
    -rw-r--r--  1 etcd etcd    32632 Oct 11  2018 README-etcdctl.md
    -rw-r--r--  1 etcd etcd     5878 Oct 11  2018 README.md
    -rw-r--r--  1 etcd etcd     7892 Oct 11  2018 READMEv2-etcdctl.md
    [root@yn101-22 etcd]# chown -R etcd.etcd /data/etcd/
    [root@yn101-22 etcd]# chown -R etcd.etcd /data/logs/etcd-server/
    
    #安装管理后台进程软件,etcd后台启动如果进程掉了会自动启动
    yum install supervisor -y
    [root@yn101-22 etcd]# systemctl start supervisord
    [root@yn101-22 etcd]# systemctl enable supervisord
    Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
    
    #创建supervisor的启动文件
    vi /etc/supervisord.d/etcd-server.ini
    #内容如下
    [program:etcd-server-101-22]
    command=/opt/etcd/etcd-server-startup.sh
    numprocs=1
    directory=/opt/etcd
    autostart=true
    autorestart=true
    startsecs=30
    startretries=3
    exitcodes=0,2
    stopsignal=QUIT
    stopwaitsecs=10
    user=etcd
    redirect_stderr=true
    stdout_logfile=/data/logs/etcd-server/etcd.stdout.log
    stdout_logfile_maxbytes=64MB
    stdout_logfile_backups=4
    stdout_capture_maxbytes=1MB
    stdout_events_enabled=false
    
    [root@yn101-22 etcd]# supervisorctl update
    etcd-server-101-22: added process group
    #查看启动状态
    [root@yn101-22 etcd]# supervisorctl status
    etcd-server-101-22               RUNNING   pid 11849, uptime 0:01:31
    #查看启动日志
    tail -fn 200 /data/logs/etcd-server/etcd.stdout.log
    #为running状态,监听2379和2380端口才算启动成功
    [root@yn101-22 etcd]# netstat -luntp | grep etcd
    tcp        0      0 192.168.101.22:2379     0.0.0.0:*               LISTEN      11850/./etcd        
    tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      11850/./etcd        
    tcp        0      0 192.168.101.22:2380     0.0.0.0:*               LISTEN      11850/./etcd 
    

    4、YN101-31.host.com安装etcd

    cd /opt/src
    tar xfv etcd-v3.1.20-linux-amd64.tar.gz -C /opt/
    mv etcd-v3.1.20-linux-amd64/ etcd-v3.1.20
    #软连接
    ln -s /opt/etcd-v3.1.20/ /opt/etcd
    #创建一个etcd的用户
    useradd -s /sbin/nologin -M etcd
    #创建目录,拷贝证书和私钥
    mkdir -p /opt/etcd/certs /data/etcd /data/logs/etcd-server
    scp yn101-100:/opt/certs/ca.pem .
    scp yn101-100:/opt/certs/etcd-peer.pem .
    scp yn101-100:/opt/certs/etcd-peer-key.pem .
    

    创建etcd的启动脚本 vi /opt/etcd/etcd-server-startup.sh

    #!/bin/sh
    ./etcd --name etcd-server-101-32 
    		--data-dir /data/etcd/etcd-server 
    		--listen-peer-urls https://192.168.101.32:2380 
    		--listen-client-urls https://192.168.101.32:2379,http://127.0.0.1:2379 
    		--quota-backend-bytes 8000000000 
    		--initial-advertise-peer-urls https://192.168.101.32:2380 
    		--advertise-client-urls https://192.168.101.32:2379,http://127.0.0.1:2379 
    		--initial-cluster etcd-server-101-22=https://192.168.101.22:2380,etcd-server-101-31=https://192.168.101.31:2380,etcd-server-101-32=https://192.168.101.32:2380 
    		--ca-file ./certs/ca.pem 
    		--cert-file ./certs/etcd-peer.pem 
    		--key-file ./certs/etcd-peer-key.pem 
    		--client-cert-auth 
    		--trusted-ca-file ./certs/ca.pem 
    		--peer-ca-file ./certs/ca.pem 
    		--peer-cert-file ./certs/etcd-peer.pem 
    		--peer-key-file ./certs/etcd-peer-key.pem 
    		--peer-client-cert-auth 
    		--peer-trusted-ca-file ./certs/ca.pem 
    		--log-output stdout
    
    chmod +x etcd-server-startup.sh
    #更改文件为etcd用户权限
    chown -R etcd.etcd /opt/etcd-v3.1.20/
    chown -R etcd.etcd /data/etcd/
    chown -R etcd.etcd /data/logs/etcd-server/
    
    #安装管理后台进程软件,etcd后台启动如果进程掉了会自动启动
    yum install supervisor -y
    [root@yn101-22 etcd]# systemctl start supervisord
    [root@yn101-22 etcd]# systemctl enable supervisord
    Created symlink from /etc/systemd/system/multi-user.target.wants/supervisord.service to /usr/lib/systemd/system/supervisord.service.
    
    #创建supervisor的启动文件
    vi /etc/supervisord.d/etcd-server.ini
    #内容如下
    [program:etcd-server-101-32]
    command=/opt/etcd/etcd-server-startup.sh
    numprocs=1
    directory=/opt/etcd
    autostart=true
    autorestart=true
    startsecs=30
    startretries=3
    exitcodes=0,2
    stopsignal=QUIT
    stopwaitsecs=10
    user=etcd
    redirect_stderr=true
    stdout_logfile=/data/logs/etcd-server/etcd.stdout.log
    stdout_logfile_maxbytes=64MB
    stdout_logfile_backups=4
    stdout_capture_maxbytes=1MB
    stdout_events_enabled=false
    
    [root@yn101-22 etcd]# supervisorctl update
    etcd-server-101-22: added process group
    #查看启动状态
    [root@yn101-22 etcd]# supervisorctl status
    etcd-server-101-22               RUNNING   pid 11849, uptime 0:01:31
    #查看启动日志
    tail -fn 200 /data/logs/etcd-server/etcd.stdout.log
    #为running状态,监听2379和2380端口才算启动成功
    [root@yn101-22 etcd]# netstat -luntp | grep etcd
    tcp        0      0 192.168.101.22:2379     0.0.0.0:*               LISTEN      11850/./etcd        
    tcp        0      0 127.0.0.1:2379          0.0.0.0:*               LISTEN      11850/./etcd        
    tcp        0      0 192.168.101.22:2380     0.0.0.0:*               LISTEN      11850/./etcd 
    
    #全部状态为running时,可在任意节点查看etcd健康状态
    [root@yn101-22 etcd]# supervisorctl status
    etcd-server-101-22               RUNNING   pid 11849, uptime 0:01:31
    #健康状态监测
    cd /opt/etcd
    ./etcdctl cluster-health
    
  • 相关阅读:
    我是5型
    现在的我,有两个状态。我要去找第三个
    什么是BNF范式,什么又是EBNF范式?
    又是好久不写日志
    语料库资源汇总
    原生js与css3结合的电风扇
    JavaScript基础2
    JavaScript基础1
    JavaScript基础4
    JavaScript基础3
  • 原文地址:https://www.cnblogs.com/kevin-ying/p/12343699.html
Copyright © 2011-2022 走看看