ETCD集群部署

此文档需要完善,谨慎参考
   172.18.1.229   172.18.1.231   172.18.1.233

1.部署etcd
(1)安装文件
tar zxf etcd-v3.3.10-linux-amd64.tar.gz
cd etcd-v3.3.10-linux-amd64
useradd etcd
mkdir -p /opt/etcd/{bin,data,log,ssl}
cp etcd etcdctl /opt/etcd/bin/
chown -R etcd:etcd /opt/etcd

(2)生成etcd证书
#生成ca证书配置文件
cat > ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "etcd": {
        "usages": [
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ],
        "expiry": "87600h"
      }
    }
  }
}
EOF

#创建用来生成 CA 证书签名请求（CSR）的 JSON 配置文件
cat > ca-csr.json <<EOF
{
  "CN": "etcd",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names":[{
    "C": "CN",
    "ST": "Beijing",
    "L": "Beijing"
  }]
}
EOF

#生成etcd根证书
cfssl gencert -initca ca-csr.json | cfssljson -bare etcd-ca

#生成etcd-server证书请求文件
cat > server-csr.json <<EOF
{
    "CN": "etcd",
    "hosts": [
    "172.18.1.229",
    "172.18.1.231",
    "172.18.1.233"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing"
        }
    ]
}
EOF

#
cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem -config=ca-config.json -profile=etcd server-csr.json | cfssljson -bare etcd-server

2.生成etcd启动文件
cat >/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
LimitNOFILE=65536

Type=notify
WorkingDirectory=/opt/etcd

ExecStart=/opt/etcd/bin/etcd \
  --advertise-client-urls=https://172.18.1.229:2379 \\
  --cert-file=/opt/etcd/ssl/etcd-server.pem \\
  --client-cert-auth=true \\
  --data-dir=/opt/etcd/data \\
  --initial-advertise-peer-urls=https://172.18.1.229:2380 \\
  --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \\
  --key-file=/opt/etcd/ssl/etcd-server-key.pem \\
  --listen-client-urls=https://172.18.1.229:2379,http://127.0.0.1:2379 \\
  --listen-peer-urls=https://172.18.1.229:2380 \\
  --name=etcd-01 \\
  --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \\
  --peer-client-cert-auth=true \\
  --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \\
  --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \\
  --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \\
  --snapshot-count=10000 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster-state=new

RestartSec=5
Restart=on-failure

[Install]
WantedBy=multi-user.targe
EOF
---------------------------------------------------
cat >/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
LimitNOFILE=65536

Type=notify
WorkingDirectory=/opt/etcd

ExecStart=/opt/etcd/bin/etcd \
  --advertise-client-urls=https://172.18.1.231:2379 \\
  --cert-file=/opt/etcd/ssl/etcd-server.pem \\
  --client-cert-auth=true \\
  --data-dir=/opt/etcd/data \\
  --initial-advertise-peer-urls=https://172.18.1.231:2380 \\
  --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \\
  --key-file=/opt/etcd/ssl/etcd-server-key.pem \\
  --listen-client-urls=https://172.18.1.231:2379,http://127.0.0.1:2379 \\
  --listen-peer-urls=https://172.18.1.231:2380 \\
  --name=etcd-02 \\
  --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \\
  --peer-client-cert-auth=true \\
  --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \\
  --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \\
  --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \\
  --snapshot-count=10000 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster-state=new

RestartSec=5
Restart=on-failure

[Install]
WantedBy=multi-user.targe
EOF
-----------------------------------------------------------

cat >/lib/systemd/system/etcd.service <<EOF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
LimitNOFILE=65536

Type=notify
WorkingDirectory=/opt/etcd

ExecStart=/opt/etcd/bin/etcd \
  --advertise-client-urls=https://172.18.1.233:2379 \\
  --cert-file=/opt/etcd/ssl/etcd-server.pem \\
  --client-cert-auth=true \\
  --data-dir=/opt/etcd/data \\
  --initial-advertise-peer-urls=https://172.18.1.233:2380 \\
  --initial-cluster=etcd-01=https://172.18.1.229:2380,etcd-02=https://172.18.1.231:2380,etcd-03=https://172.18.1.233:2380 \\
  --key-file=/opt/etcd/ssl/etcd-server-key.pem \\
  --listen-client-urls=https://172.18.1.233:2379,http://127.0.0.1:2379 \\
  --listen-peer-urls=https://172.18.1.233:2380 \\
  --name=etcd-03 \\
  --peer-cert-file=/opt/etcd/ssl/etcd-server.pem \\
  --peer-client-cert-auth=true \\
  --peer-key-file=/opt/etcd/ssl/etcd-server-key.pem \\
  --peer-trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \\
  --trusted-ca-file=/opt/etcd/ssl/etcd-ca.pem \\
  --snapshot-count=10000 \\
  --initial-cluster-token=etcd-cluster-0 \\
  --initial-cluster-state=new

RestartSec=5
Restart=on-failure

[Install]
WantedBy=multi-user.targe
EOF

----------------



etcdctl --ca-file=/opt/etcd/ssl/etcd-ca.pem --cert-file=/opt/etcd/ssl/etcd-server.pem   --key-file=/opt/kubernetes/ssl/etcd-server-key.pem --endpoints=https://172.18.1.229:2379 cluster-health
posted @ 2019-01-08 16:33 dingkailinux 阅读(437) 评论(0) 编辑收藏举报
刷新页面返回顶部
dingkailinux

ETCD集群部署

公告
