首页 > 其他分享 >二进制部署etcd-三个集群方案

二进制部署etcd-三个集群方案

时间:2024-06-04 17:25:15浏览次数:14  
标签:tmp amd64 二进制 -- cfssl 集群 etcd linux

etcd的二进制部署

还有什么问题,想咨询的,加群:582337768。 这个群不是我的,但是我在里面,但是还是那句话,我也不懂。

三个节点信息

node01ip=192.168.1.11
node02ip=192.168.1.12
node03ip=192.168.1.13

创建证书

# 下载制作证书的二进制文件
wget --no-check-certificate https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl

wget --no-check-certificate https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssljson_linux-amd64
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson

wget --no-check-certificate https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo

# 创建ca证书
mkdir /tmp/ssl
cd /tmp/ssl
cat > ca-config.json  << EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "87600h"
      }
    }
  }
}
EOF
# 创建 CA 证书签名请求
cat > ca-csr.json << EOF
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "GuangDong",
      "L": "ShenZhen",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF
/usr/local/bin/cfssl gencert -initca ca-csr.json | cfssljson -bare ca
ls ca*

# 创建etcd证书
cat > etcd-csr.json << EOF
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "${node01ip}",
    "${node02ip}",
    "${node03ip}",
    "k8s01.example.com",
    "k8s02.example.com",
    "k8s03.example.com"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "GuangDong",
      "L": "ShenZhen",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

/usr/local/bin/cfssl gencert -ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd

mkdir -p /etc/kubernetes/ssl
cp * /etc/kubernetes/ssl
cd ..

下载etcd二进制文件

# 三台机器都下载
ETCD_VER=v3.5.14

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

mv /tmp/etcd-download-test/etcd* /usr/local/bin/


# 生成配置文件
cat > /lib/systemd/system/etcd.service << \EOF
[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/etc/etcd/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/local/bin/etcd"

[Install]
WantedBy=multi-user.target
EOF

cat > etcd.conf << EOF
#[member]
ETCD_NAME="node-name"
ETCD_DATA_DIR="/var/lib/etcd"
#ETCD_SNAPSHOT_COUNTER="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="https://node-ip:2380"
ETCD_LISTEN_CLIENT_URLS="https://node-ip:2379,https://127.0.0.1:2379,http://127.0.0.1:4001"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://node-ip:2380"
# if you use different ETCD_NAME (e.g. test),
# set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
ETCD_INITIAL_CLUSTER="etcd-node01=https://${node01ip}:2380,etcd-node02=https://${node02ip}:2380,etcd-node03=https://${node03ip}:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://node-ip:2379"
#[security]
CLIENT_CERT_AUTH="true"
ETCD_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_CERT_FILE="/etc/kubernetes/ssl/etcd.pem"
ETCD_KEY_FILE="/etc/kubernetes/ssl/etcd-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/kubernetes/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/etc/kubernetes/ssl/etcd-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
EOF

name_id=1
for ip in ${node01ip} ${node02ip} ${node03ip}
do
  name=etcd-node0${name_id}
  sed  "s#node-name#${name}#g" etcd.conf > ${name}.conf
  sed -i "s#node-ip#${ip}#g" ${name}.conf
  ((name_id++))
done
mkdir -p /etc/etcd
cp etcd-node01.conf /etc/etcd/etcd.conf
mkdir -p /var/lib/etcd

分发给三台机器,然后

systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd

查看健康情况

export ETCDCTL_API=3
/usr/local/bin/etcdctl \
  --endpoints=https://${node01ip}:2379 \
  --cacert=/etc/kubernetes/ssl/ca.pem \
  --cert=/etc/kubernetes/ssl/etcd.pem \
  --key=/etc/kubernetes/ssl/etcd-key.pem \
  endpoint  health

使用域名方式测试部署

node01ip=192.168.1.11
node02ip=192.168.1.12
node03ip=192.168.1.13
domain01=node01.hankbook.cn
domain02=node02.hankbook.cn
domain03=node03.hankbook.cn

/etc/hosts


echo 192.168.1.11 node01.hankbook.cn >> /etc/hosts
echo 192.168.1.12 node02.hankbook.cn >> /etc/hosts
echo 192.168.1.13 node03.hankbook.cn >> /etc/hosts

创建证书

# 下载制作证书的二进制文件
wget --no-check-certificate https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl_linux-amd64
mv cfssl_linux-amd64 /usr/local/bin/cfssl

wget --no-check-certificate https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssljson_linux-amd64
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson

wget --no-check-certificate https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 /usr/local/bin/cfssl-certinfo

# 创建ca证书
mkdir /tmp/ssl
cd /tmp/ssl
cat >> ca-config.json  << EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "87600h"
      }
    }
  }
}
EOF
# 创建 CA 证书签名请求
cat >> ca-csr.json << EOF
{
  "CN": "kubernetes",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "GuangDong",
      "L": "ShenZhen",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF
/usr/local/bin/cfssl gencert -initca ca-csr.json | cfssljson -bare ca
ls ca*

# 创建etcd证书
cat >> etcd-csr.json << EOF
{
  "CN": "etcd",
  "hosts": [
    "127.0.0.1",
    "${domain01}",
    "${domain02}",
    "${domain03}"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "GuangDong",
      "L": "ShenZhen",
      "O": "k8s",
      "OU": "System"
    }
  ]
}
EOF

/usr/local/bin/cfssl gencert -ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes etcd-csr.json | cfssljson -bare etcd

mkdir -p /etc/kubernetes/ssl
cp * /etc/kubernetes/ssl
cd ..

下载etcd二进制文件

# 三台机器都下载
ETCD_VER=v3.5.14

# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}

rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test

curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /tmp/etcd-download-test --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz

mv /tmp/etcd-download-test/etcd* /usr/local/bin/


# 生成配置文件
cat > /lib/systemd/system/etcd.service << \EOF
[Unit]
Description=Etcd Server
After=network.target

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd
EnvironmentFile=-/etc/etcd/etcd.conf
# set GOMAXPROCS to number of processors
ExecStart=/bin/bash -c "GOMAXPROCS=$(nproc) /usr/local/bin/etcd"

[Install]
WantedBy=multi-user.target
EOF

cat > etcd.conf << EOF
#[member]
ETCD_NAME="node-name"
ETCD_DATA_DIR="/var/lib/etcd"
#ETCD_SNAPSHOT_COUNTER="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
ETCD_LISTEN_PEER_URLS="https://node-ip:2380"
ETCD_LISTEN_CLIENT_URLS="https://node-ip:2379,https://127.0.0.1:2379,http://127.0.0.1:4001"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
#ETCD_CORS=""
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://node-ip:2380"
# if you use different ETCD_NAME (e.g. test),
# set ETCD_INITIAL_CLUSTER value for this name, i.e. "test=http://..."
ETCD_INITIAL_CLUSTER="etcd-node01=https://${domain01}:2380,etcd-node02=https://${domain02}:2380,etcd-node03=https://${domain03}:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="k8s-etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://node-ip:2379"
#[security]
CLIENT_CERT_AUTH="true"
ETCD_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_CERT_FILE="/etc/kubernetes/ssl/etcd.pem"
ETCD_KEY_FILE="/etc/kubernetes/ssl/etcd-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_CA_FILE="/etc/kubernetes/ssl/ca.pem"
ETCD_PEER_CERT_FILE="/etc/kubernetes/ssl/etcd.pem"
ETCD_PEER_KEY_FILE="/etc/kubernetes/ssl/etcd-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/etc/kubernetes/ssl/ca.pem"
EOF

name_id=1
for ip in ${node01ip} ${node02ip} ${node03ip}
do
    name=etcd-node0${name_id}
    sed  "s#node-name#${name}#g" etcd.conf > ${name}.conf
    sed -i "s#node-ip#${ip}#g" ${name}.conf  # 这个需要改成绑定IP的操作,不能用域名,也就是listen 2379 和2380
    ((name_id++))
done
mkdir -p /etc/etcd
cp etcd-node01.conf /etc/etcd/etcd.conf

分发给三台机器,然后

systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd

查看健康情况

export ETCDCTL_API=3
/usr/local/bin/etcdctl \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/ssl/ca.pem \
  --cert=/etc/kubernetes/ssl/etcd.pem \
  --key=/etc/kubernetes/ssl/etcd-key.pem \
  endpoint  health --cluster=true

标签:tmp,amd64,二进制,--,cfssl,集群,etcd,linux
From: https://www.cnblogs.com/can-H/p/18231285

相关文章

  • C语言-----计算两个int(32位)整数m和n的二进制表达中,有多少个位(bit)不同?
    intcountBits(intn){intcount=0;while(n){count+=n&1;//count=count+n&1//n&1的结果只可能是1或者0//如果对应的二进制位上的数字不同,那么n&1的结果就是1,//那么count刚好加一n>>=1;......
  • repmgr+keepalived+pgbouncer构建postgresql集群
    安装环境操作系统:openeuler22LTSSP3数据库:postgresql16.3两台已经安装了数据库的服务器10.11.110.46 node110.11.110.47 node2配置node1和node2之间的免密登录,以及postgres用户需要无密执行systemd启停数据库服务。echo"postgresALL=(root)NOPASSWD:/usr/bin/sys......
  • 【Redis】Redis集群脑裂的原因及解决方案
    Redis集群脑裂(Split-Brain)是指在集群模式下,网络分区或节点故障导致集群中的一部分节点失去与其他节点的连接,从而出现多个孤立的子集群,各自认为自己是独立的主集群。这种情况可能导致数据不一致和服务不可用。脑裂的成因网络分区:网络故障导致集群中的部分节点无法互相通信......
  • 【大数据】Hadoop集群搭建(8249字)
    文章目录@[toc]NAT配置IP配置SecureCRT配置PropertiesTerminalEmulationAppearanceJava安装环境变量配置Hadoop1.0安装建立临时文件夹修改配置文件mastersslavescore-site.xmlmapred-site.xmlhdfs-site.xmlhadoop-env.sh环境变量配置Hadoop2.0安装修改配置文件ha......
  • Java运算符 二进制计算 素数问题 九九乘法表 月份问题 分解质因数 完全数问题 天数计
    1.代码观察inta=6--;System.out.println(a);在Java中,后置递减运算符--只能在整型(int)和长整型(long)变量上使用,而且必须将--放在变量值的后面。因此,6--是非法的,Java编译器会报错。正确代码如下inta=6;a--;System.out.println(a);输出结果为52.代码分析Syst......
  • 使用 docker-compose 部署 zookeeper(单机和集群)
    我之前编写了一些zookeeper的博客,当时是在windows系统上部署的单机版,在实际应用中绝大多数情况下都是部署在Linux系统上,因此很有必要介绍一下如何在CentOS7上快速部署zookeeper的单机版和集群版。这里就不详细介绍zookeeper了,网上资料很多,也可以查看官网或者我之前的......
  • Kubernetes 多集群通信的五种方案
    Kubernetes多集群通信的五种方案原创 oilbeater 我的观点 2024-05-3108:03 北京 听全文oilbeater读完需要8分钟速读仅需3分钟随着企业的业务规模不断扩大,Kubernetes的使用也从单集群逐步扩展到多集群部署。多集群环境下,集群之间的通信成为一个重要的研究课......
  • Redis集群搭建实战(主从复制、哨兵、集群)
    目录1、安装Redis3.02、主从复制(读写分离)2.1主从架构2.1.1 启动实例2.1.2设置主从2.1.3测试2.2主从从架构2.2.1启动实例2.2.2测试2.3从库只读​编辑2.4复制的过程原理2.5无磁盘复制2.6复制架构中出现宕机情况,怎么办?3、哨兵(sentinel)3.1什么是哨兵3......
  • 在Linux中,如何进行集群管理?
    在Linux中,进行集群管理涉及到多个步骤和考虑因素。以下是一个详细的指南,帮助你理解并执行Linux集群管理:一、理解集群管理的基本概念集群定义:集群是一组相互独立的、通过高速网络互联的计算机,它们构成一个组并以单一系统的模式加以管理。集群技术可以在较低成本下提供高性能、可......
  • K8S-集群-二进制安装
    1、环境准备1.1安装规划 服务器准备服务器ip  组件master-1  192.168.177.15  ectd、api-server、controller-master、scheduler、dockernode-1     192.168.177.16etcd、kubelet、kube-proxy、dockernode-1     192.168.177.17e......

赞助商

阅读排行

网站主页关于我们联系我们网站地图

本网站内容转载自其他媒体,侵权联系[admin##ips99.com]。

Copyright © 2020-2023 IPS99 版权所有 IPS99