【Raspberry Pi】编译安装Etcd集群

abuliu · · 519 次点击 · · 开始浏览    
这是一个创建于 的文章,其中的信息可能已经有所发展或是发生改变。

生成CA证书

mkdir /etc/etcd/cert -v
curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
cat > /etc/etcd/cert/ca-config.json  << EOF
{
  "signing": {
    "default": {
      "expiry": "87600h"
    },
    "profiles": {
      "www": {
         "expiry": "87600h",
         "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
  "expiry": "87600h"
      }
    }
  }
}
EOF
cat > /etc/etcd/cert/ca-csr.json  << EOF
{
    "CN": "etcd CA",
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "ShenZhen",
            "ST": "ShenZhen",
      "O": "k8s",
            "OU": "System"
        }
    ],
    "ca": {
  "expiry": "87600h"
    }
}
EOF
cat > /etc/etcd/cert/server-csr.json  << EOF
{
    "CN": "etcd",
    "hosts": [
    "127.0.0.1",
    "172.16.0.0/16",
    "172.31.1.101",
    "172.31.1.102",
    "172.31.1.103",
    "172.31.1.201",
    "172.31.1.202",
    "172.31.1.203",
    "master1",
    "master2",
    "master3",
    "master1.k8s.abu.pub",
    "master2.k8s.abu.pub",
    "master3.k8s.abu.pub",
    "etcd1",
    "etcd2",
    "etcd3",
    "etcd1.k8s.abu.pub",
    "etcd2.k8s.abu.pub",
    "etcd3.k8s.abu.pub",
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "ShenZhen",
            "ST": "ShenZhen",
      "O": "k8s",
            "OU": "System"
        }
    ]
}
EOF
cd /etc/etcd/cert
cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server

安装ETCD

# yum install etcd-3.3.11 -y
ansible master -m yum -a "name=etcd-3.3.11 state=present"
ansible master -m shell -a "rpm -qa | grep etcd"
ansible master -m shell -a "systemctl enable etcd"
ansible master -m shell -a "systemctl status etcd"

分发证书

ansible master -m copy -a "src=/root/cert dest=/etc/etcd/"
ansible master -m shell -a "ls -l /etc/etcd/"

修改SYSTEMD

[root@node01 ~]# ssh master1
Last login: Tue Feb  9 20:24:48 2021 from 172.31.1.101
[root@master1 ~]# cat /usr/lib/systemd/system/etcd.service
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
User=etcd
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/bin/etcd --name=\"${ETCD_NAME}\" --data-dir=\"${ETCD_DATA_DIR}\" --listen-client-urls=\"${ETCD_LISTEN_CLIENT_URLS}\" --listen-peer-urls=\"${ETCD_LISTEN_PEER_URLS}\" --advertise-client-urls=\"${ETCD_ADVERTISE_CLIENT_URLS}\" --initial-cluster-token=\"${ETCD_INITIAL_CLUSTER_TOKEN}\" --initial-cluster=\"${ETCD_INITIAL_CLUSTER}\" --initial-cluster-state=\"${ETCD_INITIAL_CLUSTER_STATE}\" --cert-file=/etc/etcd/cert/server.pem --key-file=/etc/etcd/cert/server-key.pem --peer-cert-file=/etc/etcd/cert/server.pem --peer-key-file=/etc/etcd/cert/server-key.pem --trusted-ca-file=/etc/etcd/cert/ca.pem --peer-trusted-ca-file=/etc/etcd/cert/ca.pem"
Restart=on-failure
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

修改配置文件

[root@node01 ~]# ansible master -m shell -a "cat /etc/etcd/etcd.conf"
master2 | CHANGED | rc=0 >>
ETCD_NAME=etcd2
ETCD_DATA_DIR="/var/lib/etcd/etcd2"
ETCD_LISTEN_PEER_URLS="https://172.31.1.202:2380"
ETCD_LISTEN_CLIENT_URLS="https://127.0.0.1:2379,https://172.31.1.202:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.31.1.202:2380"
ETCD_INITIAL_CLUSTER="etcd1=https://172.31.1.201:2380,etcd2=https://172.31.1.202:2380,etcd3=https://172.31.1.203:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd_cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.31.1.202:2379"

master3 | CHANGED | rc=0 >>
ETCD_NAME=etcd3
ETCD_DATA_DIR="/var/lib/etcd/etcd3"
ETCD_LISTEN_PEER_URLS="https://172.31.1.203:2380"
ETCD_LISTEN_CLIENT_URLS="https://127.0.0.1:2379,https://172.31.1.203:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.31.1.203:2380"
ETCD_INITIAL_CLUSTER="etcd1=https://172.31.1.201:2380,etcd2=https://172.31.1.202:2380,etcd3=https://172.31.1.203:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd_cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.31.1.203:2379"

master1 | CHANGED | rc=0 >>
ETCD_NAME=etcd1
ETCD_DATA_DIR="/var/lib/etcd/etcd1"
ETCD_LISTEN_PEER_URLS="https://172.31.1.201:2380"
ETCD_LISTEN_CLIENT_URLS="https://127.0.0.1:2379,https://172.31.1.201:2379"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.31.1.201:2380"
ETCD_INITIAL_CLUSTER="etcd1=https://172.31.1.201:2380,etcd2=https://172.31.1.202:2380,etcd3=https://172.31.1.203:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd_cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://172.31.1.201:2379"

启动集群

[root@node01 ~]# ansible master -m shell -a "ls -la /etc/etcd"
[root@node01 ~]# ansible master -m shell -a "chown etcd.etcd  -R /etc/etcd"
[root@node01 ~]# ansible master -m shell -a "ls -la /etc/etcd"
[root@node01 ~]# ansible master -m shell -a "systemctl daemon-reload"
[root@node01 ~]# ansible master -m shell -a "systemctl restart etcd"

分发HOSTS文件

[root@node01 ~]# ansible master -m copy -a "src=/etc/hosts dest=/etc/hosts"
[root@node01 ~]# ansible master -m shell -a "cat /etc/hosts"
master3 | CHANGED | rc=0 >>
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
172.31.1.101 node01.k8s.abu.pub node01
172.31.1.201 master1.k8s.abu.pub master1 etcd1.k8s.abu.pub etcd1
172.31.1.202 master2.k8s.abu.pub master2 etcd2.k8s.abu.pub etcd2
172.31.1.203 master3.k8s.abu.pub master3 etcd3.k8s.abu.pub etcd3

master2 | CHANGED | rc=0 >>
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
172.31.1.101 node01.k8s.abu.pub node01
172.31.1.201 master1.k8s.abu.pub master1 etcd1.k8s.abu.pub etcd1
172.31.1.202 master2.k8s.abu.pub master2 etcd2.k8s.abu.pub etcd2
172.31.1.203 master3.k8s.abu.pub master3 etcd3.k8s.abu.pub etcd3

master1 | CHANGED | rc=0 >>
127.0.0.1               localhost.localdomain localhost
::1             localhost6.localdomain6 localhost6
172.31.1.101 node01.k8s.abu.pub node01
172.31.1.201 master1.k8s.abu.pub master1 etcd1.k8s.abu.pub etcd1
172.31.1.202 master2.k8s.abu.pub master2 etcd2.k8s.abu.pub etcd2
172.31.1.203 master3.k8s.abu.pub master3 etcd3.k8s.abu.pub etcd3

查看集群节点

[root@node01 ~]# etcdctl --ca-file=/etc/etcd/cert/ca.pem --cert-file=/etc/etcd/cert/server.pem --key-file=/etc/etcd/cert/server-key.pem --endpoints="https://etcd1:2379,https://etcd2:2379,https://etcd3:2379" member list
50f4483344412302: name=etcd1 peerURLs=https://172.31.1.201:2380 clientURLs=https://172.31.1.201:2379 isLeader=false
8dac7320d24550da: name=etcd3 peerURLs=https://172.31.1.203:2380 clientURLs=https://172.31.1.203:2379 isLeader=true
95452f9b859b3d69: name=etcd2 peerURLs=https://172.31.1.202:2380 clientURLs=https://172.31.1.202:2379 isLeader=false

查看集群状况

[root@node01 ~]# etcdctl --ca-file=/etc/etcd/cert/ca.pem --cert-file=/etc/etcd/cert/server.pem --key-file=/etc/etcd/cert/server-key.pem --endpoints="https://etcd1:2379,https://etcd2:2379,https://etcd3:2379" cluster-health
member 50f4483344412302 is healthy: got healthy result from https://172.31.1.201:2379
member 8dac7320d24550da is healthy: got healthy result from https://172.31.1.203:2379
member 95452f9b859b3d69 is healthy: got healthy result from https://172.31.1.202:2379
cluster is healthy

Golang编程客户端

go env -w GOPROXY=https://goproxy.io,direct
# go env -w GOPRIVATE=*.code.abu.pub,github.com/abuxliu
# go env -w GO111MODULE=on
# go get -v github.com/coreos/etcd/clientv3
go get github.com/coreos/etcd/clientv3@v3.3.11

附件1:编译安装

tar -xzvf etcd-v3.4.14.src.tgz
cd etcd-3.4.14
export GO111MODULE=on
export GOPROXY=https://goproxy.cn
go mod vendor
./build
yum install etcd
rpm -ql etcd

参考文献

etcd源码编译和简单使用
etcd集群yum安装方法(带ssl安全认证)
Etcd集群的搭建以及分析
使用Go env命令设置Go的环境
etcd证书配置
Etcd clientV3 配置TLS证书
Go 学习笔记(58)— Go 第三方库之 etcd/clientv3(连接客户端、PUT、GET、Lease、Op、Txn、Watch 基础概念说明)
golang etcd clientv3踩坑,rpc error: code = 1 desc = "context canceled"以及github.com\coreos\etcd@v3.3...


有疑问加站长微信联系(非本文作者)

本文来自:简书

感谢作者:abuliu

查看原文:【Raspberry Pi】编译安装Etcd集群

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

519 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传