[未整理] etcd的原生、docker部署维护

docker版本的etcd

# 需要注意的是,如果使用yum install etcd安装的etcd,默认用户为etcd
# 所以需要通过 chown 来把 data-dir 和 各种证书所在的文件夹的属主属组设置成 etcd
# 添加节点的时候,先运行 etcdctl member add,然后根据打印的结果来设置新节点
# 然后再启动新节点

# 启动一个运行在docker里面的etcd,建议使用host network,这样可以避免本机docker无法访问本机原生etcd的情况
docker run -d --network host -v /etc/ssl/certs/etcd:/etc/ssl/certs/etcd -v /mnt/ram/etcd:/etcd-data --name etcd quay.io/coreos/etcd:v3.3.11 /usr/local/bin/etcd \
--name bjht1111 \
--data-dir /etcd-data \
--client-cert-auth=true \
--cert-file=/etc/ssl/certs/etcd/etcd1.pem \
--advertise-client-urls=https://0.0.0.0:2379 \
--initial-advertise-peer-urls=https://本机IP:2380 \
--initial-cluster=bjht2222=https://10.33.333.8:2380,bjht3333=https://10.33.444.9:2380 \   # 此部分是自动生成的
--initial-cluster-state=existing \
--key-file=/etc/ssl/certs/etcd/etcd1-key.pem \
--listen-client-urls=https://0.0.0.0:2379 \
--listen-peer-urls=https://0.0.0.0:2380 \
--peer-cert-file=/etc/ssl/certs/etcd/etcd1.pem \
--peer-client-cert-auth=true \
--peer-key-file=/etc/ssl/certs/etcd/etcd1-key.pem \
--peer-trusted-ca-file=/etc/ssl/certs/etcd/ca.pem \
--snapshot-count=10000 \
--trusted-ca-file=/etc/ssl/certs/etcd/ca.pem


# 控制器
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/ssl/certs/etcd/ca.pem --cert=/etc/ssl/certs/etcd/etcd1.pem --key=/etc/ssl/certs/etcd/etcd1-key.pem 命令

原生etcd的配置文件

#ETCD_CORS=""
ETCD_DATA_DIR="/home/etcd"
#ETCD_WAL_DIR=""
ETCD_LISTEN_PEER_URLS="https://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="https://0.0.0.0:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
ETCD_NAME="bjht1111"
ETCD_SNAPSHOT_COUNT="10000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_QUOTA_BACKEND_BYTES="0"
#ETCD_MAX_REQUEST_BYTES="1572864"
#ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
#ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
#ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
#
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://本机IP:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://0.0.0.0:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_DISCOVERY_SRV=""
ETCD_INITIAL_CLUSTER="自动生成的"
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_STRICT_RECONFIG_CHECK="true"
#ETCD_ENABLE_V2="true"
#
#[Proxy]
#ETCD_PROXY="off"
#ETCD_PROXY_FAILURE_WAIT="5000"
#ETCD_PROXY_REFRESH_INTERVAL="30000"
#ETCD_PROXY_DIAL_TIMEOUT="1000"
#ETCD_PROXY_WRITE_TIMEOUT="5000"
#ETCD_PROXY_READ_TIMEOUT="0"
#
#[Security]
ETCD_CERT_FILE="/etc/ssl/certs/etcd/etcd1.pem"
ETCD_KEY_FILE="/etc/ssl/certs/etcd/etcd1-key.pem"
ETCD_CLIENT_CERT_AUTH="true"
ETCD_TRUSTED_CA_FILE="/etc/ssl/certs/etcd/ca.pem"
#ETCD_AUTO_TLS="false"
ETCD_PEER_CERT_FILE="/etc/ssl/certs/etcd/etcd1.pem"
ETCD_PEER_KEY_FILE="/etc/ssl/certs/etcd/etcd1-key.pem"
ETCD_PEER_CLIENT_CERT_AUTH="true"
ETCD_PEER_TRUSTED_CA_FILE="/etc/ssl/certs/etcd/ca.pem"
#ETCD_PEER_AUTO_TLS="false"
#
#[Logging]
#ETCD_DEBUG="false"
#ETCD_LOG_PACKAGE_LEVELS=""
#ETCD_LOG_OUTPUT="default"
#
#[Unsafe]
#ETCD_FORCE_NEW_CLUSTER="false"
#
#[Version]
#ETCD_VERSION="false"
#ETCD_AUTO_COMPACTION_RETENTION="0"
#
#[Profiling]
#ETCD_ENABLE_PPROF="false"
#ETCD_METRICS="basic"
#
#[Auth]
#ETCD_AUTH_TOKEN="simple"

etcd的添加,删除操作

  • 添加,--peer-urls后面地址的端口是2380,添加命令完成后,控制台会打印需要的参数,复制使用即可
  • 删除,正常情况下都是先删除,后添加

其他

  • 如果etcd因为某些事情挂掉,再次启动时,可能需要修改ETCD_INITIAL_CLUSTER_STATEexisting

本文链接:

https://omen.ltd/archives/10/
1 + 6 =
快来做第一个评论的人吧~