Shulou(Shulou.com)06/03 Report--

The knowledge points of this article include: creating a config configuration file based on the root certificate on the root certificate server, creating an json configuration file for etcd self-signed certificate signing request csr, and installing etcd services on three hosts. Read the complete article and believe that you have a certain understanding of the use of etcd components.

Create a root certificate-based config profile 200 certs] # cd / opt/certs/200 certs] # vi / opt/certs/ca-config.json {"signing": {"default": {"expiry": "175200h"}, "profiles": {"server": {"expiry": "175200h" on the root certificate server "usages": ["signing", "key encipherment", "server auth"]}, "client": {"expiry": "175200h", "usages": ["signing" "key encipherment", "client auth"]}, "peer": {"expiry": "175200h", "usages": ["signing", "key encipherment" "server auth", "client auth"]} II. Create json profile 200 certs for etcd self-signed certificate signing request csr] # vi etcd-peer-csr.json {"CN": "k8s-etcd", "hosts": ["10.3.153.212" "10.3.153.221", "10.3.153.222"], "key": {"algo": "rsa", "size": 2048}, "names": [{"C": "CN", "ST": "beijing", "L": "beijing" "O": "od" "OU": "ops"}] 200 certs] # cfssl gencert-ca=ca.pem-ca-key=ca-key.pem-config=ca-config.json-profile=peer etcd-peer-csr.json | cfssl-json-bare etcd-peer [root@test-operator certs] # ll | grep etcd-peer-rw-r--r-- 1 root root 1062 Feb 1 00:19 etcd-peer.csr-rw-r--r-- 1 root root 375 Feb 1 00:15 Etcd-peer-csr.json-rw- 1 root root 1675 Feb 1 00:19 etcd-peer-key.pem # Certificate Private key-rw-r--r-- 1 root root 1428 Feb 1 00:19 etcd-peer.pem # Certificate File 3. Install the etcd service on three hosts

# 212Accord221Universe 222 machine:

~] # mkdir / opt/src~] # cd / opt/src/src] # useradd-s / sbin/nologin-M etcdsrc] # id etcd# download to GitHub or directly use the installation package https://github.com/etcd-io/etcd/tagssrc]# tar xf etcd-v3.1.20-linux-amd64.tar.gz-C / optopt] # mv etcd-v3.1.20-linux-amd64/ etcd-v3.1.20opt] # ln-s / opt/etcd- V3.1.20 / / opt/etcdopt] # cd etcd~# 212 opt/etcd/certs 221max 222 machine: etcd] # mkdir-p / opt/etcd/certs / data/etcd / data/logs/etcd-serveretcd] # cd certs/certs] # scp 10.3.153.200:/opt/certs/ca.pem. # enter the 200 virtual machine password certs] # scp 10.3.153.200:/opt/certs/etcd-peer.pem .certs] # scp 10.3.153.200:/opt / certs/etcd-peer-key.pem .certs] # cd.. etcd] # vi / opt/etcd/etcd-server-startup.sh# Note If it is a 21 machine, the following 12 will have to be changed to 21, and the initial color cluster will have all the machines, so there is no need to change them. There are 5 #! / bin/sh./etcd-- name etcd-server-7-12\-- data-dir / data/etcd/etcd-server\-- listen-peer-urls https://10.3.153.212:2380\-- listen-client-urls https://10.3.153.212:2379, Http://127.0.0.1:2379\-- quota-backend-bytes 8000000000\-- initial-advertise-peer-urls https://10.3.153.212:2380\-- advertise-client-urls https://10.4.7.12:2379,http://127.0.0.1:2379\-- initial-cluster etcd-server-7-12 = https://10.3.153.212:2380, Etcd-server-7-21 = https://10.3.153.221:2380, Etcd-server-7-22 = https://10.3.153.222:2380\-ca-file. / certs/ca.pem\-cert-file. / certs/etcd-peer.pem\-key-file. / certs/etcd-peer-key.pem\-client-cert-auth\-trusted-ca-file. / certs/ca.pem\-peer-ca-file . / certs/ca.pem\-- peer-cert-file. / certs/etcd-peer.pem\-- peer-key-file. / certs/etcd-peer-key.pem\-- peer-client-cert-auth\-- peer-trusted-ca-file. / certs/ca.pem\-- log-output stdoutetcd] # chmod + x etcd-server-startup.shetcd] # chown-R etcd.etcd / opt/etcd -v3.1.20/etcd] # chown-R etcd.etcd / data/etcd/etcd] # chown-R etcd.etcd / data/logs/etcd-server/~# 212 Universe 221TAM222 Machine: etcd] # yum install supervisor-y # used to start the service as a background service etcd] # systemctl start supervisordetcd] # systemctl enable supervisordetcd] # vi / etc/supervisord.d/etcd-server.ini# Note: 7-12 after modification Corresponding to the machine, for example, 21 machine is 7-21, there is a [program:etcd-server-7-12] command=/opt/etcd/etcd-server-startup.sh. The program (relative uses PATH, can take args) numprocs=1; number of processes copies tostart (def 1) directory=/opt/etcd; directory to cwd to before exec (def no cwd) autostart=true Start at supervisord start (default: true) autorestart=true; retstart at unexpected quit (default: true) startsecs=30; number of secs prog must stay running (def. 1) startretries=3; max # of serial start failures (default 3) exitcodes=0,2; 'expected' exitcodes for process (default 0Magne2) stopsignal=QUIT Signal used to kill process (default TERM) stopwaitsecs=10; max num secs to wait b4 SIGKILL (default 10) user=etcd; setuid to this UNIX account to run the programredirect_stderr=true Redirect proc stderr to stdout (default false) stdout_logfile=/data/logs/etcd-server/etcd.stdout.log; stdout log path, NONE for none; default AUTOstdout_logfile_maxbytes=64MB; max # logfile bytes b4 rotation (default 50MB) stdout_logfile_backups=4 # of stdout logfile backups (default 10) stdout_capture_maxbytes=1MB; number of bytes in 'capturemode' (default 0) stdout_events_enabled=false Emit events on stdout writes (default false) 12 etcd] # supervisorctl update# out:etcd-server-7-21: added process group12 etcd] # supervisorctl status# out:etcd-server-7-12 RUNNING pid 16582 Uptime 000 netstat 5912 etcd] # netstat-luntp | grep etcd# must be listening on ports 2379 and 2380 to be successful 12 etcd] # etcd-server-7-12: two methods for added process group~# any node to detect the health status of a cluster 22 etcd] #. / etcdctl cluster-health [root@test-nodes1 etcd] #. / etcdctl cluster-healthmember 3657c30473e13ab3 is healthy: got healthy result from and 6cbe98b6a135fd14 is healthy: got Healthy result from http://127.0.0.1:2379member b7ffbb00070336e7 is healthy: got healthy result from http://127.0.0.1:2379cluster is healthy22 etcd] #. / etcdctl member list [root@test-nodes1 etcd] #. / etcdctl member list3657c30473e13ab3: name=etcd-server-7-12 peerURLs= https://10.3.153.212:2380 clientURLs= http://127.0.0.1:2379, Https://10.3.153.212:2379 isLeader=false6cbe98b6a135fd14: name=etcd-server-7-21 peerURLs= https://10.3.153.221:2380 clientURLs= http://127.0.0.1:2379,https://10.3.153.221:2379 isLeader=falseb7ffbb00070336e7: name=etcd-server-7-22 peerURLs= https://10.3.153.222:2380 clientURLs= http://127.0.0.1:2379,https://10.3.153.222:2379 isLeader=true

The above is the full use of kubernetes cluster etcd components, after reading it, do you have anything to gain? If you want to know more about it, you are welcome to follow the industry information!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.