zoukankan      html  css  js  c++  java

  • etcd搭建过程记录

    安装介质准备

    etcd 安装介质

    wget https://github.com/etcd-io/etcd/releases/download/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz

    cfssl证书制作工具 :访问时加HTTPSwget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
    wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
    wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64

    服务器

    主机名

    IP

    k8s-master1

    192.168.193.63

    k8s-node1

    192.168.193.65

    k8s-node2

    192.168.193.66

    目录初始化

    mkdir -p /k8s/etcd/{bin,cfg,ssl}

    mkdir -p /data/etcd

     到介质目录下 执行

    chmod +x cfssl_linux-amd64 cfssljson_linux-amd64 cfssl-certinfo_linux-amd64

mv cfssl_linux-amd64 /usr/local/bin/cfssl

mv cfssljson_linux-amd64 /usr/local/bin/cfssljson

mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo

    证书生成配置

    生成etcd ca配置  ssl 为证书目录

    cd /k8s/etcd/ssl/

     

    cat << EOF | tee ca-config.json
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "etcd": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ]
      }
    }
  }
}
EOF

     生成etcd ca-csr配置

    cat << EOF | tee ca-csr.json
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF

    生成etcd server-csr配置

    cat << EOF | tee server-csr.json
{
    "CN": "etcd",
    "hosts": [
    "192.168.193.63",
    "192.168.193.65",
    "192.168.193.66"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "Beijing",
            "ST": "Beijing"
        }
    ]
}
EOF

    开始制作etcd相关证书

     cfssl gencert -initca ca-csr.json | cfssljson -bare ca

    说明:生成 "ca-csr.json  ca-key.pem  ca.pem" 三个文件

     

     

    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare server

     

    生成 "server-csr.json  server-key.pem  server.pem" 三个文件

     

    192.168.193.63上生成的证书密钥拷贝到对应目录

    scp  /k8s/etcd/ssl/*.pem   root@192.168.193.65:/k8s/etcd/ssl/

scp  /k8s/etcd/ssl/*.pem   root@192.168.193.66:/k8s/etcd/ssl/

    etcd安装

    在介质目录下

    tar -xvf etcd-v3.3.10-linux-amd64.tar.gz

cd etcd-v3.3.10-linux-amd64/

cp etcd etcdctl /k8s/etcd/bin/
    vim /k8s/etcd/cfg/etcd.conf  #这里注意一下 每个服务器的标红处需要填写本服务Ip

    #[Member]
ETCD_NAME="etcd01"   #其他的 分别为 etcd02  etcd03 与标绿 处对应
ETCD_DATA_DIR="/data/etcd"  
ETCD_LISTEN_PEER_URLS="https://192.168.193.63:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.193.63:2379,https://127.0.0.1:2379"
 
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.193.63:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.193.63:2379,https://127.0.0.1:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.193.63:2380,etcd02=https://192.168.193.65:2380,etcd03=https://192.168.193.66:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

#[Security]
ETCD_CERT_FILE="/k8s/etcd/ssl/server.pem"
ETCD_KEY_FILE="/k8s/etcd/ssl/server-key.pem"
ETCD_TRUSTED_CA_FILE="/k8s/etcd/ssl/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/k8s/etcd/ssl/server.pem"
ETCD_PEER_KEY_FILE="/k8s/etcd/ssl/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/k8s/etcd/ssl/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"

    [Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
WorkingDirectory=/data/etcd/
EnvironmentFile=-/k8s/etcd/cfg/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /k8s/etcd/bin/etcd --name="${ETCD_NAME}" --data-dir="${ETCD_DATA_DIR}" --listen-client-urls="${ETCD_LISTEN_CLIENT_URLS}" --listen-peer-urls="${ETCD_LISTEN_PEER_URLS}" --advertise-client-urls="${ETCD_ADVERTISE_CLIENT_URLS}" --initial-cluster-token="${ETCD_INITIAL_CLUSTER_TOKEN}" --initial-cluster="${ETCD_INITIAL_CLUSTER}" --initial-cluster-state="${ETCD_INITIAL_CLUSTER_STATE}" --cert-file="${ETCD_CERT_FILE}" --key-file="${ETCD_KEY_FILE}" --trusted-ca-file="${ETCD_TRUSTED_CA_FILE}" --client-cert-auth="${ETCD_CLIENT_CERT_AUTH}" --peer-cert-file="${ETCD_PEER_CERT_FILE}" --peer-key-file="${ETCD_PEER_KEY_FILE}" --peer-trusted-ca-file="${ETCD_PEER_TRUSTED_CA_FILE}" --peer-client-cert-auth="${ETCD_PEER_CLIENT_CERT_AUTH}""
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
    vim /usr/lib/systemd/system/etcd.service

    启动服务

    #集群所有节点都配置好配置文件,同时启动。

    systemctl daemon-reload && systemctl enable etcd && systemctl start etcd
    /k8s/etcd/bin/etcdctl --ca-file=/k8s/etcd/ssl/ca.pem --cert-file=/k8s/etcd/ssl/server.pem --key-file=/k8s/etcd/ssl/server-key.pem --endpoints="https://192.168.193.63:2379,https://192.168.193.65:2379,https://192.168.193.66:2379" cluster-health

    日志  查看方式  journalctl -b -u etcd  

    可能出现的问题一般是端口占用 防火墙端口未开 以及 每个服务器上编辑配置文件时 Ip没有对应好本服务器

    nhz94259@163.com
  • 相关阅读:
    KindEditor的使用
    python过滤文件中特殊标签
    django中orm的简单操作
    django中models联合唯一unique_together
    博客当中的文章分类以及归档
    zabbix前端添加平台脚本监控
    django重写form表单中的局部钩子函数
    input获取、失去焦点对输入内容做验证
    django admin后台的简单使用
    django中博客后台将图片上传作为用户头像
  • 原文地址:https://www.cnblogs.com/nhz-M/p/10543331.html
Copyright © 2011-2022 走看看