分布式键值数据库etcd

概念

etcd

etcd是coreOS基于Raft开发的分布式key-value存储,可用于发现、共享配置以及一致性保障等,多用于服务注册与发现等。

raft协议

raft协议,多用于分布式协议中,最常见的功能是选主和数据复制。在raft协议中,有三个角色,learder 、foller、learner。learder通过投票选举的方式选举而出。类似于redis的哨兵模式选举。

安装部署

单节点安装

官方站点 https://github.com/etcd-io/etcd/releases

##安装
ETCD_VER=v3.5.4

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
mkdir /tmp/etcd-download-test
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

/tmp/etcd-download-test/etcd --version
/tmp/etcd-download-test/etcdctl version
/tmp/etcd-download-test/etcdutl version
##后台启动
nohup ./etcd   --name s1   --data-dir ./etcd-data   --listen-client-urls http://localhost:12379   --advertise-client-urls http://localhost:12379   --listen-peer-urls http://localhost:12380   --initial-advertise-peer-urls http://localhost:12380   --initial-cluster s1=http://localhost:12380 &

基本操作

##查看成员menber
etcdctl member list --write-out=table --endpoints=localhost:12379
###以json的格式查看
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl member list --endpoints=localhost:12379  --write-out=json
{"header":{"cluster_id":17478742799590499669,"member_id":14532165781622267127,"raft_term":3},"members":[{"ID":14532165781622267127,"name":"s1","peerURLs":["http://localhost:12380"],"clientURLs":["http://localhost:12379"]}]}
###以表格的形式查看
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl member list --endpoints=localhost:12379  --write-out=table
+------------------+---------+------+------------------------+------------------------+------------+
|        ID        | STATUS  | NAME |       PEER ADDRS       |      CLIENT ADDRS      | IS LEARNER |
+------------------+---------+------+------------------------+------------------------+------------+
| c9ac9fc89eae9cf7 | started |   s1 | http://localhost:12380 | http://localhost:12379 |      false |
+------------------+---------+------+------------------------+------------------------+------------+


##查看一个key
 ./etcdctl --endpoints=localhost:12379 get <keyname>
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints=localhost:12379 get key
key
1231
##模糊查询一个key
./etcdctl --endpoints=localhost:12379 get --prefix <key的起始关键字>

root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints=localhost:12379 get --prefix /
/key3
124
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints=localhost:12379 get --prefix ke
key
1231
key1
value1
key3
124
##手动添加一个key-value
 ./etcdctl --endpoints=localhost:12379 put <keyname> <valuename>
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints=localhost:12379 put /key2 vu2
OK

##watch变化
./etcdctl --endpoints=localhost:12379 watch --prefix <key的起始关键字>
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints=localhost:12379 watch --prefix /
PUT
/key4
value22
##只查看key
etcdctl --endpoints=localhost:12379 get --prefix <key的起始关键字> --keys-only
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints=localhost:12379 get  --prefix ke --keys-only
key

key1

key3

集群搭建

证书生成

### 安装ssl生成依赖工具

apt install -y golang-cfssl


### 创建ssl生成安装目录

mkdir -p /root/go/src/github.com/etcd-io
cd /root/go/src/github.com/etcd-io

###下载工具
git clone https://github.com/etcd-io/etcd.git

cd /root/go/src/github.com/etcd-io/etcd/hack/tls-setup
### 创建etcd证书配置
#重点在hosts段,将所有可能的etcd节点添加到host列表,不能使用网段,新增etcd服务器需要重新签发证书
vi config/req-csr.json


### Generate certs

{
  "CN": "etcd",
  "hosts": [
    "192.168.64.4",
    "192.168.64.5"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "O": "autogenerated",
      "OU": "etcd cluster",
      "L": "the internet"
    }
  ]
}
###########
##安装make工具
apt install -y apt 
###使用make进行编译生成
root@instance-0tow586x:~/go/src/github.com/etcd-io/etcd/hack/tls-setup# make

mkdir -p certs
2022/06/21 11:42:50 [INFO] generating a new CA key and certificate from CSR
2022/06/21 11:42:50 [INFO] generate received request
2022/06/21 11:42:50 [INFO] received CSR
2022/06/21 11:42:50 [INFO] generating key: rsa-2048
2022/06/21 11:42:51 [INFO] encoded CSR
2022/06/21 11:42:51 [INFO] signed certificate with serial number 340186287917479715808558445725165990705570006691
2022/06/21 11:42:51 [INFO] generate received request
2022/06/21 11:42:51 [INFO] received CSR
2022/06/21 11:42:51 [INFO] generating key: rsa-2048
2022/06/21 11:42:51 [INFO] encoded CSR
2022/06/21 11:42:51 [INFO] signed certificate with serial number 482570927956782093447849627791114070761911420751
2022/06/21 11:42:51 [INFO] generate received request
2022/06/21 11:42:51 [INFO] received CSR
2022/06/21 11:42:51 [INFO] generating key: rsa-2048
2022/06/21 11:42:51 [INFO] encoded CSR
2022/06/21 11:42:51 [INFO] signed certificate with serial number 294701696333946860002100358935477196065785772183
2022/06/21 11:42:51 [INFO] generate received request
2022/06/21 11:42:51 [INFO] received CSR
2022/06/21 11:42:51 [INFO] generating key: rsa-2048
2022/06/21 11:42:51 [INFO] encoded CSR
2022/06/21 11:42:51 [INFO] signed certificate with serial number 609210534296083557299767958983098136468633529008
2022/06/21 11:42:51 [INFO] generate received request
2022/06/21 11:42:51 [INFO] received CSR
2022/06/21 11:42:51 [INFO] generating key: rsa-2048
2022/06/21 11:42:52 [INFO] encoded CSR
2022/06/21 11:42:52 [INFO] signed certificate with serial number 700711747464921821107936238916836900699626547037
2022/06/21 11:42:52 [INFO] generate received request
2022/06/21 11:42:52 [INFO] received CSR
2022/06/21 11:42:52 [INFO] generating key: rsa-2048
2022/06/21 11:42:52 [INFO] encoded CSR
2022/06/21 11:42:52 [INFO] signed certificate with serial number 330075179443522829883235814908650488032653961105
2022/06/21 11:42:52 [INFO] generate received request
2022/06/21 11:42:52 [INFO] received CSR
2022/06/21 11:42:52 [INFO] generating key: rsa-2048
2022/06/21 11:42:52 [INFO] encoded CSR
2022/06/21 11:42:53 [INFO] signed certificate with serial number 511724654708593851765818391118710976104272377396

###
##将生成的cert放置到相关目录
mkdir /tmp/etcd-certs
mv certs /tmp/etcd-certs

集群环境安装搭建

host1 :192.168.64.5 etcdname:infra0
host2 :192.168.64.4 ETCname:infra1

infra0安装

##infra0安装
ETCD_VER=v3.5.4

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
mkdir /tmp/etcd-download-test
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

###编辑启动脚本
vim /tmp/etcd-download-test/start.sh

#!/bin/bash
nohup /tmp/etcd-download-test/etcd --name infra0 \
        --data-dir=/tmp/etcd/infra0 \
        --listen-peer-urls https://192.168.64.5:3380 \
        --initial-advertise-peer-urls https://192.168.64.5:3380 \
        --listen-client-urls https://192.168.64.5:3379 \
        --advertise-client-urls https://192.168.64.5:3379 \
        --initial-cluster-token etcd-cluster-1 \
        --initial-cluster infra0=https://192.168.64.5:3380,infra1=https://192.168.64.4:3380 \
        --initial-cluster-state new \
        --client-cert-auth --trusted-ca-file=/tmp/etcd-certs/certs/ca.pem \
        --cert-file=/tmp/etcd-certs/certs/192.168.64.5.pem \
        --key-file=/tmp/etcd-certs/certs/192.168.64.5-key.pem \
        --peer-client-cert-auth --peer-trusted-ca-file=/tmp/etcd-certs/certs/ca.pem \
        --peer-cert-file=/tmp/etcd-certs/certs/192.168.64.5.pem \
        --peer-key-file=/tmp/etcd-certs/certs/192.168.64.5-key.pem 2>&1 > /var/log/infra0.log &
##启动进程
/tmp/etcd-download-test/start.sh

infra1安装

##infra0安装
ETCD_VER=v3.5.4

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
mkdir /tmp/etcd-download-test
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

###编辑启动脚本
vim /tmp/etcd-download-test/start.sh
nohup /tmp/etcd-download-test/etcd --name infra1 \
        --data-dir=/tmp/etcd/infra1 \
        --listen-peer-urls https://192.168.64.4:3380 \
        --initial-advertise-peer-urls https://192.168.64.4:3380 \
        --listen-client-urls https://192.168.64.4:3379 \
        --advertise-client-urls https://192.168.64.4:3379 \
        --initial-cluster-token etcd-cluster-1 \
        --initial-cluster infra0=https://192.168.64.5:3380,infra1=https://192.168.64.4:3380\
        --initial-cluster-state new \
        --client-cert-auth --trusted-ca-file=/tmp/etcd-certs/certs/ca.pem \
        --cert-file=/tmp/etcd-certs/certs/192.168.64.4.pem \
        --key-file=/tmp/etcd-certs/certs/192.168.64.4-key.pem \
        --peer-client-cert-auth --peer-trusted-ca-file=/tmp/etcd-certs/certs/ca.pem \
        --peer-cert-file=/tmp/etcd-certs/certs/192.168.64.4.pem \
        --peer-key-file=/tmp/etcd-certs/certs/192.168.64.4-key.pem 2>&1 > /var/log/infra1.log &
## 将生成的cert传到infr1节点上

root@instance-90v8moam:/tmp/etcd-download-test# mkdir /tmp/etcd-certs
root@instance-90v8moam:/tmp/etcd-download-test# unzip -d /tmp/etcd-certs/ /root/certs.zip 
##启动进程
/tmp/etcd-download-test/start.sh

查看集群状态

##查看cluster member
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints https://192.168.64.5:3379 --cert /tmp/etcd-certs/certs/192.168.64.5.pem  --key /tmp/etcd-certs/certs/192.168.64.5-key.pem  --cacert /tmp/etcd-certs/certs/ca.pem member list 
102a6b2ffea8837b, started, infra0, https://192.168.64.5:3380, https://192.168.64.5:3379, false
64f283d3a9238c90, started, infra1, https://192.168.64.4:3380, https://192.168.64.4:3379, false
##更新一条数据
root@instance-0tow586x:/tmp/etcd-download-test# ./etcdctl --endpoints https://192.168.64.5:3379 --cert /tmp/etcd-certs/certs/192.168.64.5.pem  --key /tmp/etcd-certs/certs/192.168.64.5-key.pem  --cacert /tmp/etcd-certs/certs/ca.pem put name liaoxz 
OK
##在follower查看更新数据
root@instance-90v8moam:/tmp/etcd-download-test# ./etcdctl --endpoints https://192.168.64.4:3379 --cert /tmp/etcd-certs/certs/192.168.64.4.pem  --key /tmp/etcd-certs/certs/192.168.64.4-key.pem  --cacert /tmp/etcd-certs/certs/ca.pem get --prefix  n
name
liaoxz
posted @ 2022-06-20 16:49  老实人张彡  阅读(179)  评论(0编辑  收藏  举报