环境
IP | 主机名 |
---|---|
10.1.80.91 | s1 |
10.1.80.92 | s2 |
10.1.80.93 | s3 |
安装cfssl
cfssl版本 | 可执行文件存放目录 | 证书存放目录 |
---|---|---|
1.6.2 | /usr/local/bin | /tmp/certs |
1 | curl -L https://github.com/cloudflare/cfssl/releases/download/v1.6.2/cfssl_1.6.2_linux_amd64 -o /tmp/cfssl |
生成自签名CA证书
1 | mkdir -p /tmp/certs |
结果1
2
3
4
5
6
7
8
9
10
11
12
13
14 CSR configuration
/tmp/certs/root-ca-csr.json
CSR
/tmp/certs/root-ca.csr
self-signed root CA public key
/tmp/certs/root-ca.pem
self-signed root CA private key
/tmp/certs/root-ca-key.pem
cert-generation configuration for other TLS assets
/tmp/certs/gencert.json
生成本地颁发的带有私钥的证书
证书相关操作
由于3个节点用同一套证书,所以只需生成一套即可
1 | mkdir -p /tmp/certs |
结果1
2
3
4
5
6
7
8
9-rw-r--r-- 1 root root 323 Sep 30 05:28 etcd-ca-csr.json
-rw-r--r-- 1 root root 1098 Sep 30 05:28 etcd.csr
-rw------- 1 root root 1679 Sep 30 05:28 etcd-key.pem
-rw-r--r-- 1 root root 1493 Sep 30 05:28 etcd.pem
-rw-r--r-- 1 root root 205 Sep 30 05:25 gencert.json
-rw-r--r-- 1 root root 1017 Sep 30 05:25 root-ca.csr
-rw-r--r-- 1 root root 221 Sep 30 05:25 root-ca-csr.json
-rw------- 1 root root 1679 Sep 30 05:25 root-ca-key.pem
-rw-r--r-- 1 root root 1346 Sep 30 05:25 root-ca.pem
将证书传到s91, s92, s93,方便起见,就把所有文件都传了1
2
3scp -r /tmp/certs/ root@10.1.80.91:/root/
scp -r /tmp/certs/ root@10.1.80.92:/root/
scp -r /tmp/certs/ root@10.1.80.93:/root/
这里请更改成您自己所用的系统用户名
安装etcd
s91,s92,s93上安装etcd
1 | ETCD_VER=v3.4.21 |
frontend 运行etcd(不推荐,只用于测试功能用)
分别在s91,s92,s93上运行etcd
1 | make sure etcd process has write access to this directory |
1 | /opt/etcd3/etcd --name s2 \ |
1 | /opt/etcd3/etcd --name s3 \ |
–initial-cluster-token tkn “tkn”可以替换成你自己需要的值
检查etcd集群状态
1 | ETCDCTL_API=3 /opt/etcd3/etcdctl \ |
systemd运行方式(推荐)
s1
1 | after transferring certs to remote machines |
1 | to start service |
s2
1 | after transferring certs to remote machines |
s3
1 | after transferring certs to remote machines |
Check status:
1 | ETCDCTL_API=3 /opt/etcd3/etcdctl \ |
注意切换到指定用户
若结果如下,表示集群状态正常1
2
310.1.80.92:2379 is healthy: successfully committed proposal: took = 9.184858ms
10.1.80.93:2379 is healthy: successfully committed proposal: took = 8.681243ms
10.1.80.91:2379 is healthy: successfully committed proposal: took = 11.855811ms