etcd 集群搭建

etcd集群服务器列表

服务器IP	角色
192.168.11.211	etcd
192.168.11.212	etcd
192.168.11.213	etcd

–snapshot-count=1000000 --max-snapshots=2 --max-wals=2 --auto-compaction-retention=24 --auto-compaction-mode=revision

mkdir /data/etcd/{data,bin} -p
curl -L https://github.com/etcd-io/etcd/releases/download/v3.5.0/etcd-v3.5.0-linux-amd64.tar.gz -o /tmp/etcd-v3.5.0-linux-amd64.tar.gz

tar zxvf /tmp/etcd-v3.5.0-linux-amd64.tar.gz -C /data/etcd
cd /data/etcd/etcd-v3.5.0-linux-amd64
mv etcd* /data/etcd/bin

cat > /etc/systemd/system/etcd.service << 'EOF'
[Unit]
Description=etcd Service
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
User=root
Group=root
Type=notify
WorkingDirectory=/data/etcd
#以下参数按实际服务器IP修改
ExecStart=/data/etcd/bin/etcd \
--name=192.168.11.211 \
--initial-advertise-peer-urls=http://192.168.11.211:2380 \
--listen-peer-urls=http://192.168.11.211:2380 \
--listen-client-urls=http://192.168.11.211:2379,http://127.0.0.1:2379 \
--advertise-client-urls=http://192.168.11.211:2379 \
--initial-cluster-token=etcd-cluster-0 \
--initial-cluster=192.168.11.211=http://192.168.11.211:2380,192.168.11.212=http://192.168.11.212:2380,192.168.11.213=http://192.168.11.213:2380 \
--initial-cluster-state=new \
--auto-compaction-retention=1 \
--auto-compaction-mode=revision \
--snapshot-count=1000000  \
--max-snapshots=2 \
--max-wals=2 \
--data-dir=/data/etcd/data
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF


systemctl daemon-reload
systemctl start etcd
systemctl enable etcd

• 查询etcd的状态

ETCDCTL_API=3 \
/data/etcd/bin/etcdctl \
--endpoints=http://192.168.11.211:2379,http://192.168.11.212:2379,http://192.168.11.213:2379 \
--write-out=table \
endpoint status

v3版本设置验证

# 1、添加root，创建root后，root默认有root最高权限
/data/etcd/bin/etcdctl --endpoints=http://127.0.0.1:2379 user add root

#2、启动验证
/data/etcd/bin/etcdctl --endpoints=http://127.0.0.1:2379 --user=root:123456 auth enable

#3、创建普通用户
/data/etcd/bin/etcdctl  --endpoints=http://127.0.0.1:2379 --user=root:123456 user add xbzeng

#4、添加角色
/data/etcd/bin/etcdctl  --endpoints=http://127.0.0.1:2379 --user=root:123456 role add normal

#5、角色授权
/data/etcd/bin/etcdctl  --endpoints=http://127.0.0.1:2379 --user=root:123456 role grant-permission --prefix=true normal readwrite /path_name

#6、用户绑定角色
/data/etcd/bin/etcdctl  --endpoints=http://127.0.0.1:2379 --user=root:123456 user grant-role xbzeng normal

#7、查询etcd keys(需要密码)
ETCDCTL_API=3 \
/data/etcd/bin/etcdctl \
--endpoints=http://192.168.11.211:2379,http://192.168.11.212:2379,http://192.168.11.213:2379 \
--user=xbzeng:123456  \
--command-timeout=30s \
get --keys-only --prefix /path_name

etcd web管理工具：etcd-manager

mkdir -p /data/etcd-manager/{config,logs}

cat > /data/etcd-manager/config/cfg.toml << 'EOF'
# debug模式
debug = false
# 日志文件路径
log_path = ""

# http 监听端口
[http]
# 监听地址
address = "0.0.0.0"
# 监听端口
port = 10280

# 使用 Let's Encrypt 证书 - tls_enable为true优先使用本地证书模式
tls_encrypt_enable = false
# 域名列表
#tls_encrypt_domain_names = ["shiguanghuxian.com"]

# 是否启用tls
tls_enable = false
# tls证书文件
[http.tls_config]
#cert_file = "cert_file"
#key_file = "key_file"


## 一下每一个server为一个etcd服务 ##
[[server]]
# 显示名称
title = "pixso_etcd"
# 标识名 - 只能是字母数字或下划线,（注：name修改后会报错）
name = "pixso_etcd"
# etcd连接地址 如果为集群请填写全部地址
#address = ["etcd0:2379","etcd1:2379","etcd2:2379"]
address = ["192.168.11.211:2379","192.168.11.212:2379","192.168.11.213:2379"]
# 查看的key前缀
key_prefix = "/"
# 简述信息
#desc = "docker方式etcd集群方式"
desc = "pixso_etcd"
#访问etcd的用户
username="root"
password="123456"
# 可访问服务器角色列表 - 不写则为所有用户可访问
roles = ["admin"]
# 是否启用tls连接
tls_enable = false
# tls证书配置
[server.tls_config]
#cert_file = "/etc/etcd/etcdSSL/etcd.pem"
#key_file = "/etc/etcd/etcdSSL/etcd-key.pem"
#ca_file = "/etc/etcd/etcdSSL/etcd-root-ca.pem"


#[[server]]
#title = "本地etcd"
#name = "local"
#address = ["127.0.0.1:2379"]
#key_prefix = "/"
#desc = "本机环境"
#roles = ["admin","dev"]

## 以下为用户列表 ##
#管理介面登录用户
[[user]]
username = "root"
password = "1234567"
role = "admin"

[[user]]
username = "xbzeng"
password = "123456"
role = "normal"
EOF

cat >/data/etcd-manager/start.sh << 'EOF'
docker run -it -d \
--name etcd-manager  \
-v /data/etcd-manager/config/cfg.toml:/app/config/cfg.toml \
-v /data/etcd-manager/logs:/app/logs  \
-v /etc/localtime:/etc/localtime \
-p 10280:10280  \
shiguanghuxian/etcd-manage:1
EOF

bash /data/etcd-manager/start.sh

访问：
http://192.168.11.212:10280

其它问题

1、etcd备份

#备份etcd
/data/etcd/bin/etcdctl --endpoints="http://192.168.11.211:2379" --user=root:123456  snapshot save snapshot.db   

2、etcd集群恢复（只有在整个集群崩溃后恢复时使用）

#关停etcd
systemctl stop etcd
#备份旧数据
mv /data/etcd/data /data/etcd/data.bak
#从备份中恢复数据
ETCDCTL_API=3  /data/etcd/bin/etcdctl  snapshot restore snapshot.db --data-dir=/data/etcd/data
#启动etcd
systemctl start etcd                                                                                                                                             

3、etcd集群中的一个节点失败的处理方法

#关停故障节点
systemctl stop etcd
#备份旧数据（也可直接删除）
mv /data/etcd/data /data/etcd/data.bak

#获取etcd集群健康状态
ETCDCTL_API=3 /data/etcd/bin/etcdctl \
--endpoints=http://192.168.11.211:2379,http://192.168.11.212:2379,http://192.168.11.213:2379 \
--write-out=table \
endpoint status

#获取etcd集群的节点列表
ETCDCTL_API=3 /data/etcd/bin/etcdctl \
--endpoints=http://192.168.11.213:2379   \
--write-out=table \
member list

#移动故障节点
ETCDCTL_API=3 /data/etcd/bin/etcdctl --endpoints=http://192.168.11.211:2379,http://192.168.11.212:2379,http://192.168.11.213:2379 --write-out=table --user=root:123456  member remove 80f89985fbc8cdd9

#重新把故障节点加回集群
ETCDCTL_API=3 /data/etcd/bin/etcdctl --endpoints=http://192.168.11.211:2379,http://192.168.11.212:2379,http://192.168.11.213:2379  member add 192.168.11.211 --peer-urls=" http://192.168.11.211:2380"  --user=root:123456

#修改启动脚本/etc/systemd/system/etcd.service
--initial-cluster-state=new 修改为 --initial-cluster-state=existing

#启动故障节点
systemctl daemon-reload
systemctl start etcd

#查看集群状态
ETCDCTL_API=3 /data/etcd/bin/etcdctl \
--endpoints=http://192.168.11.211:2379,http://192.168.11.212:2379,http://192.168.11.213:2379 \
--write-out=table \
endpoint status

etcdkeeper

#!/bin/bash
cd `dirname $0`
docker rm -f  etcdkeeper

docker run -d \
--restart=always \
--name etcdkeeper \
-p {{etcdkeeper_port}}:8080 \
-v /etc/localtime:/etc/localtime \
--entrypoint "./etcdkeeper.bin"  \
evildecay/etcdkeeper  -h 0.0.0.0 -p 8080 -auth