CentOS7系统部署 ETCD 350 3个节点采用 tls并且再部署一个etcd UI管理请给出软件的下载地址和部署步骤及优化ETCD
- 下载ETCD 3.5.0:
官方下载地址:https://github.com/etcd-io/etcd/releases/tag/v3.5.0
- 部署ETCD 3.5.0:
步骤如下:
(1)安装etcd:
yum install etcd -y
(2)配置etcd:
在三台机器上,分别创建配置文件:
mkdir -p /etc/etcd/cert
# node1
cat > /etc/etcd/etcd.conf <<EOF
#[member]
ETCD_NAME="node1"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.1.11:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.11:2379"
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.11:2380"
ETCD_INITIAL_CLUSTER="node1=https://192.168.1.11:2380,node2=https://192.168.1.12:2380,node3=https://192.168.1.13:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="my-etcd-token"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.11:2379"
ETCD_CERT_FILE="/etc/etcd/cert/node1.pem"
ETCD_KEY_FILE="/etc/etcd/cert/node1-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/etcd/cert/ca.pem"
EOF
# node2
cat > /etc/etcd/etcd.conf <<EOF
#[member]
ETCD_NAME="node2"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.1.12:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.12:2379"
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.12:2380"
ETCD_INITIAL_CLUSTER="node1=https://192.168.1.11:2380,node2=https://192.168.1.12:2380,node3=https://192.168.1.13:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="my-etcd-token"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.12:2379"
ETCD_CERT_FILE="/etc/etcd/cert/node2.pem"
ETCD_KEY_FILE="/etc/etcd/cert/node2-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/etcd/cert/ca.pem"
EOF
# node3
cat > /etc/etcd/etcd.conf <<EOF
#[member]
ETCD_NAME="node3"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.1.13:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.13:2379"
#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.13:2380"
ETCD_INITIAL_CLUSTER="node1=https://192.168.1.11:2380,node2=https://192.168.1.12:2380,node3=https://192.168.1.13:2380"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="my-etcd-token"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.13:2379"
ETCD_CERT_FILE="/etc/etcd/cert/node3.pem"
ETCD_KEY_FILE="/etc/etcd/cert/node3-key.pem"
ETCD_TRUSTED_CA_FILE="/etc/etcd/cert/ca.pem"
EOF
(3)生成证书:
cd /etc/etcd/cert
# CA证书
cat > ca-config.json << EOF
{
"signing": {
"default": {
"expiry": "87600h"
},
"profiles": {
"server": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth"
]
},
"client": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"client auth"
]
},
"peer": {
"expiry": "87600h",
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
]
}
}
}
}
EOF
cat > ca-csr.json << EOF
{
"CN": "etcd-ca",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"O": "etcd",
"OU": "etcd",
"ST": "Beijing"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
# 生成etcd证书
cat > etcd-csr.json << EOF
{
"CN": "etcd",
"hosts": [
"127.0.0.1",
"192.168.1.11",
"192.168.1.12",
"192.168.1.13"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "Beijing",
"O": "etcd",
"OU": "etcd",
"ST": "Beijing"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd-csr.json | cfssljson -bare etcd
(4)启动etcd:
在三台机器上,启动etcd:
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
systemctl status etcd
(5)检查etcd:
在一台机器上,使用etcdctl查看etcd集群状态:
ETCDCTL_API=3 etcdctl --endpoints=https://192.168.1.11:2379,https://192.168.1.12:2379,https://192.168.1.13:2379 --cacert=/etc/etcd/cert/ca.pem --cert=/etc/etcd/cert/node1.pem --key=/etc/etcd/cert/node1-key.pem endpoint health
- 部署ETCD UI管理:
步骤如下:
(1)下载etcd-ui:
git clone https://github.com/soyking/etcd-ui.git
(2)修改etcd-ui配置文件:
cd etcd-ui
cp config.sample.json config.json
vi config.json
修改config.json中的etcd地址和证书路径:
{
"etcd": {
"hosts": [
"https://192.168.1.11:2379",
"https://192.168.1.12:2379",
"https://192.168.1.13:2379"
],
"tls": {
"cert": "/etc/etcd/cert/node1.pem",
"key": "/etc/etcd/cert/node1-key.pem",
"caCert": "/etc/etcd/cert/ca.pem"
}
},
"port": 8000,
"logLevel": "INFO"
}
(3)安装依赖:
npm install
(4)启动etcd-ui:
npm start
访问 http://your_ip:8000 即可。
- 优化ETCD:
(1)优化网络:
ETCD需要使用高速网络才能保证性能,建议使用千兆网卡或更高速的网络设备。
(2)优化存储:
ETCD的存储需要使用SSD或者NVMe等高速存储设备,可以使用RAID0或者分布式存储等方式提高性能。
(3)优化配置:
可以根据实际情况调整ETCD的配置,例如调整选举超时时间、心跳超时时间、最大请求大小等。
(4)监控和告警:
建议在ETCD集群中部署监控和告警系统,例如Prometheus、Grafana等,及时发现和解决问题。
原文地址: http://www.cveoy.top/t/topic/bLFN 著作权归作者所有。请勿转载和采集!