1.1 准备安装etcd环境
chmod 644 /etc/ssl/etcd-key.pem useradd -s /sbin/nologin -M etcd mkdir -p /var/lib/etcd/ chown -R etcd:etcd /var/lib/etcd/
1.2 二进制安装及分发etcd
cd /server/tools/ tar xf etcd-v3.3.7-linux-amd64.tar.gz cd etcd-v3.3.7-linux-amd64/ cp etcd etcdctl /usr/bin/ scp etcd etcdctl 192.168.10.154:/usr/bin/ scp etcd etcdctl 192.168.10.155:/usr/bin/ scp etcd etcdctl 192.168.10.156:/usr/bin/
1.3 配置etcd启动文件
1.3.1 etcd01节点
cat > /usr/lib/systemd/system/etcd.service <<EOF [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] User=etcd Type=notify WorkingDirectory=/var/lib/etcd/ ExecStart=/usr/bin/etcd \\ --data-dir=/var/lib/etcd \\ --name=etcd01 \\ --cert-file=/etc/ssl/etcd.pem \\ --key-file=/etc/ssl/etcd-key.pem \\ --trusted-ca-file=/etc/ssl/ca.pem \\ --peer-cert-file=/etc/ssl/etcd.pem \\ --peer-key-file=/etc/ssl/etcd-key.pem \\ --peer-trusted-ca-file=/etc/ssl/ca.pem \\ --peer-client-cert-auth \\ --client-cert-auth \\ --listen-peer-urls=https://192.168.10.154:2380 \\ --initial-advertise-peer-urls=https://192.168.10.154:2380 \\ --listen-client-urls=https://192.168.10.154:2379,http://127.0.0.1:2379 \\ --advertise-client-urls=https://192.168.10.154:2379 \\ --initial-cluster-token=etcd-cluster-0 \\ --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\ --initial-cluster-state=new Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF
- 说明:
- User:指定以 k8s 账户运行
- WorkingDirectory、--data-dir:指定工作目录和数据目录为/var/lib/etcd,需在启动服务前创建这个目录
- --name:指定节点名称,当--initial-cluster-state 值为 new 时,--name 的参数值必须位于 --initial-cluster 列表中
- --cert-file、--key-file:etcd server 与 client 通信时使用的证书和私钥
- --trusted-ca-file:签名 client 证书的 CA 证书,用于验证 client 证书
- --peer-cert-file、--peer-key-file:etcd 与 peer 通信使用的证书和私钥
- --peer-trusted-ca-file:签名 peer 证书的 CA 证书,用于验证 peer 证书
1.3.2 etcd02节点
cat > /usr/lib/systemd/system/etcd.service <<EOF [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] User=etcd Type=notify WorkingDirectory=/var/lib/etcd/ ExecStart=/usr/bin/etcd \\ --data-dir=/var/lib/etcd \\ --name=etcd02 \\ --cert-file=/etc/ssl/etcd.pem \\ --key-file=/etc/ssl/etcd-key.pem \\ --trusted-ca-file=/etc/ssl/ca.pem \\ --peer-cert-file=/etc/ssl/etcd.pem \\ --peer-key-file=/etc/ssl/etcd-key.pem \\ --peer-trusted-ca-file=/etc/ssl/ca.pem \\ --peer-client-cert-auth \\ --client-cert-auth \\ --listen-peer-urls=https://192.168.10.155:2380 \\ --initial-advertise-peer-urls=https://192.168.10.155:2380 \\ --listen-client-urls=https://192.168.10.155:2379,http://127.0.0.1:2379 \\ --advertise-client-urls=https://192.168.10.155:2379 \\ --initial-cluster-token=etcd-cluster-0 \\ --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\ --initial-cluster-state=new Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF
1.3.3 etcd03节点
cat > /usr/lib/systemd/system/etcd.service <<EOF [Unit] Description=Etcd Server After=network.target After=network-online.target Wants=network-online.target Documentation=https://github.com/coreos [Service] User=etcd Type=notify WorkingDirectory=/var/lib/etcd/ ExecStart=/usr/bin/etcd \\ --data-dir=/var/lib/etcd \\ --name=etcd03 \\ --cert-file=/etc/ssl/etcd.pem \\ --key-file=/etc/ssl/etcd-key.pem \\ --trusted-ca-file=/etc/ssl/ca.pem \\ --peer-cert-file=/etc/ssl/etcd.pem \\ --peer-key-file=/etc/ssl/etcd-key.pem \\ --peer-trusted-ca-file=/etc/ssl/ca.pem \\ --peer-client-cert-auth \\ --client-cert-auth \\ --listen-peer-urls=https://192.168.10.156:2380 \\ --initial-advertise-peer-urls=https://192.168.10.156:2380 \\ --listen-client-urls=https://192.168.10.156:2379,http://127.0.0.1:2379 \\ --advertise-client-urls=https://192.168.10.156:2379 \\ --initial-cluster-token=etcd-cluster-0 \\ --initial-cluster=etcd01=https://192.168.10.154:2380,etcd02=https://192.168.10.155:2380,etcd03=https://192.168.10.156:2380 \\ --initial-cluster-state=new Restart=on-failure RestartSec=5 LimitNOFILE=65536 [Install] WantedBy=multi-user.target EOF
1.4 启动etcd服务
systemctl daemon-reload systemctl enable etcd systemctl restart etcd systemctl status etcd
1.5 检查集群状态
[root@etcd01 ~]# etcdctl --endpoints=https://192.168.10.154:2379,https://192.168.10.155:2379,https://192.168.10.156:2379 \ --cert-file=/etc/ssl/etcd.pem \ --ca-file=/etc/ssl/ca.pem \ --key-file=/etc/ssl/etcd-key.pem \ cluster-health member 681e4ff9726c6fcc is healthy: got healthy result from https://192.168.10.154:2379 member 85c5f993576bf5ec is healthy: got healthy result from https://192.168.10.156:2379 member f53fe2a3dd43a313 is healthy: got healthy result from https://192.168.10.155:2379 cluster is healthy

我的微信
如果有技术上的问题可以扫一扫我的微信