当前位置:网站首页>云原生技术---高可用etcd数据库集群搭建
云原生技术---高可用etcd数据库集群搭建
2022-06-08 23:35:00 【北漂的菜小白】
步骤一:服务器时间同步
yum install ntpdate -y
ntpdate time1.aliyun.com
步骤二: 安装 cfssl工具
#!/bin/bash
mkdir -p /root/local/bin
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl_linux-amd64
sudo mv cfssl_linux-amd64 /root/local/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssljson_linux-amd64
sudo mv cfssljson_linux-amd64 /root/local/bin/cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl-certinfo_linux-amd64
sudo mv cfssl-certinfo_linux-amd64 /root/local/bin/cfssl-certinfo
export PATH=/root/local/bin:$PATH
# 检测版本
cfssl version
步骤三:创建证书
准备 ca-config.json
{
"signing": {
"default": {
"expiry": "438000h"
},
"profiles": {
"server": {
"expiry": "438000h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
},
"client": {
"expiry": "438000h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"peer": {
"expiry": "438000h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
准备 ca-csr.json
{
"CN": "etcd",
"key": {
"algo": "rsa",
"size": 2048
}
}
准备 etcd.json
根据情况,修改ip列表
{
"CN": "etcd",
"hosts": [
"172.18.30.195",
"172.18.30.196",
"172.18.30.197"
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "CN",
"L": "BJ",
"ST": "BJ"
}
]
}
准备client-csr.json
{
"CN": "client",
"key": {
"algo": "ecdsa",
"size": 256
}
}
执行创建命令
#!/bin/bash
ls
echo '准备构建'
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client-csr.json | cfssljson -bare client -
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server etcd.json | cfssljson -bare server
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd.json | cfssljson -bare peer
echo '构建完毕'
ls -l
mkdir pki
# api-server 需要使用
mv client-key.pem ./pki/client-key.pem
mv client.pem ./pki/client.pem
mv ca.pem ./pki
# etcd-cluster 需要使用
mv server-key.pem ./pki
mv server.csr ./pki
mv server.pem ./pki
mv ca-key.pem ./pki
mv ca.csr ./pki
mv client.csr ./pki
mv peer-key.pem ./pki
mv peer.csr ./pki
mv peer.pem ./pki
分发密钥
将获得的密钥,分发到每台机器的 /etc/etcd/pki/目录中
每个节点下载etcd
cd /etc/etcd
# 下载压缩包
wget https://github.com/coreos/etcd/releases/download/v3.3.5/etcd-v3.3.5-linux-amd64.tar.gz
# 解压压缩包
tar zxvf etcd-v3.3.5-linux-amd64.tar.gz
编写etcd配置文件,并设置密钥文件存储路径
etcd-0.conf
#[Member]
ETCD_NAME="infra0"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://172.18.30.195:2380"
ETCD_LISTEN_CLIENT_URLS="https://172.18.30.195:2379,http://127.0.0.1:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.18.30.195:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://172.18.30.195:2379"
ETCD_INITIAL_CLUSTER="infra0=https://172.18.30.195:2380,infra1=https://172.18.30.196:2380,infra2=https://172.18.30.197:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#[Security]
ETCD_CERT_FILE="/etc/etcd/pki/server.pem"
ETCD_KEY_FILE="/etc/etcd/pki/server-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/etcd/pki/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/etc/etcd/pki/server.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/pki/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/pki/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
etcd-1.conf
#[Member]
ETCD_NAME="infra1"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://172.18.30.196:2380"
ETCD_LISTEN_CLIENT_URLS="https://172.18.30.196:2379,http://127.0.0.1:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.18.30.196:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://172.18.30.196:2379"
ETCD_INITIAL_CLUSTER="infra0=https://172.18.30.195:2380,infra1=https://172.18.30.196:2380,infra2=https://172.18.30.197:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#[Security]
ETCD_CERT_FILE="/etc/etcd/pki/server.pem"
ETCD_KEY_FILE="/etc/etcd/pki/server-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/etcd/pki/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/etc/etcd/pki/server.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/pki/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/pki/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
etcd-2.conf
#[Member]
ETCD_NAME="infra2"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://172.18.30.197:2380"
ETCD_LISTEN_CLIENT_URLS="https://172.18.30.197:2379,http://127.0.0.1:2379"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://172.18.30.197:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://172.18.30.197:2379"
ETCD_INITIAL_CLUSTER="infra0=https://172.18.30.195:2380,infra1=https://172.18.30.196:2380,infra2=https://172.18.30.197:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#[Security]
ETCD_CERT_FILE="/etc/etcd/pki/server.pem"
ETCD_KEY_FILE="/etc/etcd/pki/server-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/etcd/pki/ca.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_PEER_CERT_FILE="/etc/etcd/pki/server.pem"
ETCD_PEER_KEY_FILE="/etc/etcd/pki/server-key.pem"
ETCD_PEER_TRUSTED_CA_FILE="/etc/etcd/pki/ca.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
编写启动脚本etcd.service
注意etcd.conf名称和启动路径,根据真实情况修改
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
[Service]
Type=notify
EnvironmentFile=/etc/etcd/conf/etcd.conf
ExecStart=/etc/etcd/etcd-v3.3.5-linux-amd64/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTEN_CLIENT_URLS} \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER_TOKEN} \
--initial-cluster-state=${ETCD_INITIAL_CLUSTER_STATE} \
--cert-file=${ETCD_CERT_FILE} \
--key-file=${ETCD_KEY_FILE} \
--peer-cert-file=${ETCD_PEER_CERT_FILE} \
--peer-key-file=${ETCD_PEER_KEY_FILE} \
--trusted-ca-file=${ETCD_TRUSTED_CA_FILE} \
--client-cert-auth=${ETCD_CLIENT_CERT_AUTH} \
--peer-client-cert-auth=${ETCD_PEER_CLIENT_CERT_AUTH} \
--peer-trusted-ca-file=${ETCD_PEER_TRUSTED_CA_FILE}
Restart=on-failure
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
复制etcd.service到指定目录
cp etcd.service /lib/systemd/system
启动etcd集群
systemctl start etcd
观察日志情况,确定启动正常
tail -200f /var/log/messafes
边栏推荐
- [stm32cubemx learning] SPI reading and writing w25q16
- Timing action positioning | data set introduction and download (activitynet, thumos' 14)
- Get successfully submitted file loss retrieval scheme
- Scope and scope chain
- ZCMU--5251: 考试分数中的众数
- 【无标题】
- Sequential action localization | weakly supervised temporal action localization using fragment contrast learning
- fastlane build 版本号自增
- EfficientNetV2结构讲解( Smaller Models and Faster Training)
- 说明书丨Abbexa 人组蛋白 H3.1 蛋白说明书
猜你喜欢
Award winning research
Implementing efficientnetv2-s structure with tensorflow
说明书丨Abbexa 人组蛋白 H3.1 蛋白说明书
Description: abbexa mouse FK506 binding protein 7 protein
In the ray tracing process, the direction of the refracted ray is calculated according to the incident vector and the refractive index
Efficientnetv2 structure explanation (smaller models and faster training)
EfficientNetV2结构讲解( Smaller Models and Faster Training)
Microsoft Word tutorial "3", how to create a bulleted list and display word count in word?
本地KV删除
Epigentek highly sensitive sulfite sequencing kit protocol
随机推荐
Sequential action localization | weakly supervised temporal action localization using fragment contrast learning
Thesis learning -- hydrological time series motif mining
Day07/08/09 depth first search and breadth first search
Tencent map API
vcs && verdi labs(adder8)
[data visualization] antv L7 adds legend to the map
【无标题】
Electronic Association C language real and simulated questions
MVC Mode & three-tier architecture idea to complete addition, deletion, modification and inspection
Excel (0): related documents
EfficientNetV2结构讲解( Smaller Models and Faster Training)
各有特色的艾美捷Epigentek二代测序盒子们!
Description: abbexa mouse FK506 binding protein 7 protein
Detailed explanation of conv2d parameters
Epigentek EpiQuik 植物芯片试剂盒方案
Zcmu--1775: sequence of XX (C language)
Quic and the future of Internet transmission
How does gamefi break the circle? Aquanee shows its style with real "p2e"
Implementing efficientnetv2-s structure with tensorflow
部署(12) : 测试磁盘性能