kubernetes容器集羣部署Etcd集羣

時間 2019-11-11

原文原文鏈接

安裝etcd

二進制包下載地址：https://github.com/etcd-io/etcd/releases/tag/v3.2.12node

[root@master ~]# GOOGLE_URL=https://storage.googleapis.com/etcd
[root@master ~]# GITHUB_URL=https://github.com/coreos/etcd/releases/download
[root@master ~]# DOWNLOAD_URL=${GOOGLE_URL}
[root@master ~]# ETCD_VER=v3.2.12
[root@master ~]# curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz


  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 10.0M  100 10.0M    0     0  2161k      0  0:00:04  0:00:04 --:--:-- 2789k
[root@master ~]# ls /tmp
etcd-v3.2.12-linux-amd64.tar.gz 
解壓
[root@master ~]# tar -zxf /tmp/etcd-v3.2.12-linux-amd64.tar.gz 
[root@master ~]# ls
etcd-v3.2.12-linux-amd64 
建立集羣部署目錄
[root@master ~]# mkdir -p /opt/kubernetes/{bin,cfg,ssl}
[root@master ~]# tree /opt/kubernetes
/opt/kubernetes
├── bin
├── cfg
└── ssl
[root@master ~]# mv etcd-v3.2.12-linux-amd64/etcd /opt/kubernetes/bin
[root@master ~]# mv etcd-v3.2.12-linux-amd64/etcdctl /opt/kubernetes/bin
[root@master ~]# ls /opt/kubernetes/bin
etcd  etcdctl
添加配置文件
[root@master ~]# cat /opt/kubernetes/cfg/etcd
#[Member]
#指定etcd名稱
ETCD_NAME="etcd03"
#數據目錄
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#監聽集羣端口
ETCD_LISTEN_PEER_URLS="https://192.168.238.130:2380"
#監聽數據端口
ETCD_LISTEN_CLIENT_URLS="https://192.168.238.130:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.238.130:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.238.130:2379"
#集羣節點信息
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.238.129:2380,etcd02=https://192.168.238.128:2380,etcd03=https://192.168.238.130:2380"
#token
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"

[root@master ~]# cat /usr/lib/systemd/system/etcd.service 
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=-/opt/kubernetes/cfg/etcd
ExecStart=/opt/kubernetes/bin/etcd \
--name=${ETCD_NAME} \
--data-dir=${ETCD_DATA_DIR} \
--listen-peer-urls=${ETCD_LISTEN_PEER_URLS} \
--listen-client-urls=${ETCD_LISTENT_CLIENT_URLS},http://127.0.0.1:2379 \
--advertise-client-urls=${ETCD_ADVERTISE_CLIENT_URLS} \
--initial-advertise-peer-urls=${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
--initial-cluster=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-token=${ETCD_INITIAL_CLUSTER} \
--initial-cluster-state=new \
--cert-file=/opt/kubernetes/ssl/server.pem \
--key-file=/opt/kubernetes/ssl/server-key.pem \
--peer-cert-file=/opt/kubernetes/ssl/server.pem \
--peer-key-file=/opt/kubernetes/ssl/server-key.pem \
--trusted-ca-file=/opt/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
Restart=on-failure
LimitNOFILE=65535

[Install]
WantedBy=multi-user.target

證書存放到指定目錄
[root@master ~]# cp ssl/server*pem ssl/ca*pem /opt/kubernetes/ssl/
[root@master ~]# ls /opt/kubernetes/ssl/
ca-key.pem  ca.pem  server-key.pem  server.pem
啓動etcd
[root@master ~]# systemctl start etcd
Job for etcd.service failed because the control process exited with error code. See "systemctl status etcd.service" and "journalctl -xe" for details.
啓動失敗查看日誌
[root@master ~]# journalctl -u etcd
-- Logs begin at Tue 2019-07-02 17:22:07 EDT, end at Tue 2019-07-02 17:58:00 EDT. --
Jul 02 17:57:59 master systemd[1]: Starting Etcd Server...
Jul 02 17:57:59 master etcd[8172]: invalid value ",http://127.0.0.1:2379" for flag -listen-
Jul 02 17:57:59 master etcd[8172]: usage: etcd [flags]
Jul 02 17:57:59 master etcd[8172]: start an etcd server
Jul 02 17:57:59 master etcd[8172]: etcd --version
Jul 02 17:57:59 master etcd[8172]: show the version of etcd
Jul 02 17:57:59 master etcd[8172]: etcd -h | --help
Jul 02 17:57:59 master etcd[8172]: show the help information about etcd
Jul 02 17:57:59 master etcd[8172]: etcd --config-file
Jul 02 17:57:59 master etcd[8172]: path to the server configuration file
Jul 02 17:57:59 master etcd[8172]: etcd gateway
Jul 02 17:57:59 master etcd[8172]: run the stateless pass-through etcd TCP connection forwa
Jul 02 17:57:59 master etcd[8172]: etcd grpc-proxy
Jul 02 17:57:59 master etcd[8172]: run the stateless etcd v3 gRPC L7 reverse proxy
Jul 02 17:57:59 master systemd[1]: etcd.service: main process exited, code=exited, status=2
Jul 02 17:57:59 master systemd[1]: Failed to start Etcd Server.
Jul 02 17:57:59 master systemd[1]: Unit etcd.service entered failed state.
Jul 02 17:57:59 master systemd[1]: etcd.service failed.
Jul 02 17:57:59 master systemd[1]: etcd.service holdoff time over, scheduling restart.
Jul 02 17:57:59 master systemd[1]: Stopped Etcd Server.
Jul 02 17:57:59 master systemd[1]: Starting Etcd Server...
Jul 02 17:57:59 master etcd[8176]: invalid value ",http://127.0.0.1:2379" for flag -listen-
Jul 02 17:57:59 master etcd[8176]: usage: etcd [flags]
Jul 02 17:57:59 master etcd[8176]: start an etcd server
Jul 02 17:57:59 master etcd[8176]: etcd --version
Jul 02 17:57:59 master etcd[8176]: show the version of etcd
Jul 02 17:57:59 master etcd[8176]: etcd -h | --help
Jul 02 17:57:59 master etcd[8176]: show the help information about etcd
Jul 02 17:57:59 master etcd[8176]: etcd --config-file
Jul 02 17:57:59 master etcd[8176]: path to the server configuration file
Jul 02 17:57:59 master etcd[8176]: etcd gateway
Jul 02 17:57:59 master etcd[8176]: run the stateless pass-through etcd TCP connection forwa
Jul 02 17:57:59 master etcd[8176]: etcd grpc-proxy
Jul 02 17:57:59 master etcd[8176]: run the stateless etcd v3 gRPC L7 reverse proxy
Jul 02 17:57:59 master systemd[1]: etcd.service: main process exited, code=exited, status=2
Jul 02 17:57:59 master systemd[1]: Failed to start Etcd Server.
Jul 02 17:57:59 master systemd[1]: Unit etcd.service entered failed state.
Jul 02 17:57:59 master systemd[1]: etcd.service failed.
Jul 02 17:57:59 master systemd[1]: etcd.service holdoff time over, scheduling restart.
Jul 02 17:57:59 master systemd[1]: Stopped Etcd Server.
Jul 02 17:57:59 master systemd[1]: Starting Etcd Server...
lines 1-42

[root@master ~]# tail -n 20 /var/log/messages
Jul  2 17:58:00 localhost etcd: etcd --version
Jul  2 17:58:00 localhost etcd: show the version of etcd
Jul  2 17:58:00 localhost etcd: etcd -h | --help
Jul  2 17:58:00 localhost etcd: show the help information about etcd
Jul  2 17:58:00 localhost etcd: etcd --config-file
Jul  2 17:58:00 localhost etcd: path to the server configuration file
Jul  2 17:58:00 localhost etcd: etcd gateway
Jul  2 17:58:00 localhost etcd: run the stateless pass-through etcd TCP connection forwarding proxy
Jul  2 17:58:00 localhost etcd: etcd grpc-proxy
Jul  2 17:58:00 localhost etcd: run the stateless etcd v3 gRPC L7 reverse proxy
Jul  2 17:58:00 localhost systemd: etcd.service: main process exited, code=exited, status=2/INVALIDARGUMENT
Jul  2 17:58:00 localhost systemd: Failed to start Etcd Server.
Jul  2 17:58:00 localhost systemd: Unit etcd.service entered failed state.
Jul  2 17:58:00 localhost systemd: etcd.service failed.
Jul  2 17:58:00 localhost systemd: etcd.service holdoff time over, scheduling restart.
Jul  2 17:58:00 localhost systemd: Stopped Etcd Server.
Jul  2 17:58:00 localhost systemd: start request repeated too quickly for etcd.service
Jul  2 17:58:00 localhost systemd: Failed to start Etcd Server.
Jul  2 17:58:00 localhost systemd: Unit etcd.service entered failed state.
Jul  2 17:58:00 localhost systemd: etcd.service failed.

[root@master ~]# systemctl status etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: activating (start) since Tue 2019-07-02 18:32:55 EDT; 16s ago
 Main PID: 8138 (etcd)
   Memory: 20.5M
   CGroup: /system.slice/etcd.service
           └─8138 /opt/kubernetes/bin/etcd --name=etcd03 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.238.130:2380 --listen-client-urls=https://192.168.238.13...

Jul 02 18:33:09 master etcd[8138]: a7e9807772a004c5 received MsgVoteResp from a7e9807772a004c5 at term 72
Jul 02 18:33:09 master etcd[8138]: a7e9807772a004c5 [logterm: 1, index: 3] sent MsgVote request to 203750a5948d27da at term 72
Jul 02 18:33:09 master etcd[8138]: a7e9807772a004c5 [logterm: 1, index: 3] sent MsgVote request to c858c42725f38881 at term 72
Jul 02 18:33:10 master etcd[8138]: health check for peer 203750a5948d27da could not connect: dial tcp 192.168.238.128:2380: i/o timeout
Jul 02 18:33:10 master etcd[8138]: health check for peer c858c42725f38881 could not connect: dial tcp 192.168.238.129:2380: i/o timeout
Jul 02 18:33:11 master etcd[8138]: a7e9807772a004c5 is starting a new election at term 72
Jul 02 18:33:11 master etcd[8138]: a7e9807772a004c5 became candidate at term 73
Jul 02 18:33:11 master etcd[8138]: a7e9807772a004c5 received MsgVoteResp from a7e9807772a004c5 at term 73
Jul 02 18:33:11 master etcd[8138]: a7e9807772a004c5 [logterm: 1, index: 3] sent MsgVote request to 203750a5948d27da at term 73
Jul 02 18:33:11 master etcd[8138]: a7e9807772a004c5 [logterm: 1, index: 3] sent MsgVote request to c858c42725f38881 at term 73
[root@master ~]# ps -ef|grep etcd
root       8138      1  0 18:32 ?        00:00:00 /opt/kubernetes/bin/etcd --name=etcd03 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.238.130:2380 --listen-client-urls=https://192.168.238.130:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.238.130:2379 --initial-advertise-peer-urls=https://192.168.238.130:2380 --initial-cluster=etcd01=https://192.168.238.129:2380,etcd02=https://192.168.238.128:2380,etcd03=https://192.168.238.130:2380 --initial-cluster-token=etcd01=https://192.168.238.129:2380,etcd02=https://192.168.238.128:2380,etcd03=https://192.168.238.130:2380 --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --peer-cert-file=/opt/kubernetes/ssl/server.pem --peer-key-file=/opt/kubernetes/ssl/server-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
root       8147   8085  0 18:34 pts/0    00:00:00 grep --color=auto etcd
到此主節點部署完成
生成節點間免密登錄密鑰
[root@master ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
1b:b9:49:23:fc:32:64:6f:72:bd:77:d5:98:28:d4:a0 root@master
The key's randomart image is:
+--[ RSA 2048]----+
|                 |
|          .      |
|         . o     |
|     .  E.. .    |
|      = S.   . o.|
|     o = B. . o o|
|      + O ..   . |
|       *   .. .  |
|          .. .   |
+-----------------+
[root@master ~]# ls /root/.ssh/
id_rsa  id_rsa.pub
分發密鑰到各個節點
[root@master ~]# ssh-copy-id root@192.168.238.129
The authenticity of host '192.168.238.129 (192.168.238.129)' can't be established.
ECDSA key fingerprint is d2:7e:40:ca:2b:fb:be:53:f3:2c:8c:e7:54:08:3d:d4.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.238.129's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.238.129'"
and check to make sure that only the key(s) you wanted were added.

[root@master ~]# ssh-copy-id root@192.168.238.128
The authenticity of host '192.168.238.128 (192.168.238.128)' can't be established.
ECDSA key fingerprint is d2:7e:40:ca:2b:fb:be:53:f3:2c:8c:e7:54:08:3d:d4.
Are you sure you want to continue connecting (yes/no)? yes   
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.238.128's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@192.168.238.128'"
and check to make sure that only the key(s) you wanted were added.
測試免密登錄
[root@master ~]# ssh root@192.168.238.129
Last login: Tue Jul  2 17:23:09 2019 from 192.168.238.1
[root@node01 ~]# hostname
node01
節點1建立etcd安裝目錄
[root@node01 ~]# mkdir -p /opt/kubernetes/{bin,cfg,ssl}
主節點發送二進制包至node01
[root@master ~]# scp -r /opt/kubernetes/bin/ root@192.168.238.129:/opt/kubernetes/
etcd                                                                                                                                                       100%   17MB  17.0MB/s   00:00    
etcdctl                                                                                                                                                    100%   15MB  14.5MB/s   00:01    
node01查看文件
[root@node01 ~]# ls /opt/kubernetes/bin/
etcd  etcdctl
主節點發送配置文件至node01
[root@master ~]# scp -r /opt/kubernetes/cfg/ root@192.168.238.129:/opt/kubernetes/
etcd  
[root@master ~]# scp -r /usr/lib/systemd/system/etcd.service root@192.168.238.129:/usr/lib/systemd/system
etcd.service
node01查看文件
[root@node01 ~]# ls /opt/kubernetes/cfg/
etcd
[root@node01 ~]# ll /usr/lib/systemd/system/etcd.service  
-rw-r--r-- 1 root root 996 Jul  2 20:55 /usr/lib/systemd/system/etcd.service
主節點發送數字證書至node01
[root@master ~]# scp -r /opt/kubernetes/ssl/ root@192.168.238.129:/opt/kubernetes/
server-key.pem                                                                                                                                             100% 1675     1.6KB/s   00:00    
server.pem                                                                                                                                                 100% 1489     1.5KB/s   00:00    
ca-key.pem                                                                                                                                                 100% 1679     1.6KB/s   00:00    
ca.pem  
node01查看文件
[root@node01 ~]# ls /opt/kubernetes/ssl/
ca-key.pem  ca.pem  server-key.pem  server.pem
修改配置文件
[root@node01 ~]# cat /opt/kubernetes/cfg/etcd    
#[Member]
ETCD_NAME="etcd01"
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.238.129:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.238.129:2379"

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.238.129:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.238.129:2379"
ETCD_INITIAL_CLUSTER="etcd01=https://192.168.238.129:2380,etcd02=https://192.168.238.128:2380,etcd03=https://192.168.238.130:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
啓動
[root@node01 ~]# systemctl start etcd
[root@node01 ~]# ps -ef|grep etcd
root       8702      1  0 21:01 ?        00:00:00 /opt/kubernetes/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.238.129:2380 --listen-client-urls=https://192.168.238.129:2379,http://127.0.0.1:2379 --advertise-client-urls=https://192.168.238.129:2379 --initial-advertise-peer-urls=https://192.168.238.129:2380 --initial-cluster=etcd01=https://192.168.238.129:2380,etcd02=https://192.168.238.128:2380,etcd03=https://192.168.238.130:2380 --initial-cluster-token=etcd01=https://192.168.238.129:2380,etcd02=https://192.168.238.128:2380,etcd03=https://192.168.238.130:2380 --initial-cluster-state=new --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --peer-cert-file=/opt/kubernetes/ssl/server.pem --peer-key-file=/opt/kubernetes/ssl/server-key.pem --trusted-ca-file=/opt/kubernetes/ssl/ca.pem --peer-trusted-ca-file=/opt/kubernetes/ssl/ca.pem
root       8709   7875  0 21:02 pts/0    00:00:00 grep --color=auto etcd
[root@node01 ~]# systemctl status etcd
● etcd.service - Etcd Server
   Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
   Active: activating (start) since Tue 2019-07-02 21:01:39 EDT; 54s ago
 Main PID: 8702 (etcd)
   Memory: 6.2M
   CGroup: /system.slice/etcd.service
           └─8702 /opt/kubernetes/bin/etcd --name=etcd01 --data-dir=/var/lib/etcd/default.etcd --listen-peer-urls=https://192.168.238.129:2380 --listen-client-urls=https://192.168.238.12...

Jul 02 21:02:32 node01 etcd[8702]: c858c42725f38881 is starting a new election at term 36
Jul 02 21:02:32 node01 etcd[8702]: c858c42725f38881 became candidate at term 37
Jul 02 21:02:32 node01 etcd[8702]: c858c42725f38881 received MsgVoteResp from c858c42725f38881 at term 37
Jul 02 21:02:32 node01 etcd[8702]: c858c42725f38881 [logterm: 1, index: 3] sent MsgVote request to 203750a5948d27da at term 37
Jul 02 21:02:32 node01 etcd[8702]: c858c42725f38881 [logterm: 1, index: 3] sent MsgVote request to a7e9807772a004c5 at term 37
Jul 02 21:02:33 node01 etcd[8702]: c858c42725f38881 is starting a new election at term 37
Jul 02 21:02:33 node01 etcd[8702]: c858c42725f38881 became candidate at term 38
Jul 02 21:02:33 node01 etcd[8702]: c858c42725f38881 received MsgVoteResp from c858c42725f38881 at term 38
Jul 02 21:02:33 node01 etcd[8702]: c858c42725f38881 [logterm: 1, index: 3] sent MsgVote request to 203750a5948d27da at term 38
Jul 02 21:02:33 node01 etcd[8702]: c858c42725f38881 [logterm: 1, index: 3] sent MsgVote request to a7e9807772a004c5 at term 38
設置開機自啓動
[root@node01 ~]# systemctl enable etcd
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
同理部署node02

查看集羣狀態linux

設置環境變量
[root@master ~]# tail -n 1 /etc/profile
PATH=/opt/kubernetes/bin:$PATH
[root@master ~]# source /etc/profile
[root@master ~]# which etcd
/opt/kubernetes/bin/etcd
[root@master ~]# which etcdctl
/opt/kubernetes/bin/etcdctl
[root@master ~]# etcdctl --ca-file=/opt/kubernetes/ssl/ca.pem --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --endpoints="https://192.168.238.130:2379,https://192.168.238.129:2379,https://192.168.238.128:2379" cluster-health
cluster may be unhealthy: failed to list members
Error:  client: etcd cluster is unavailable or misconfigured; error #0: client: endpoint https://192.168.238.130:2379 exceeded header timeout
; error #1: client: endpoint https://192.168.238.128:2379 exceeded header timeout
; error #2: client: endpoint https://192.168.238.129:2379 exceeded header timeout

error #0: client: endpoint https://192.168.238.130:2379 exceeded header timeout
error #1: client: endpoint https://192.168.238.128:2379 exceeded header timeout
error #2: client: endpoint https://192.168.238.129:2379 exceeded header timeout
失敗的緣由多是防火牆或者selinux致使

[root@master ~]# etcdctl --ca-file=/opt/kubernetes/ssl/ca.pem --cert-file=/opt/kubernetes/ssl/server.pem --key-file=/opt/kubernetes/ssl/server-key.pem --endpoints="https://192.168.238.130:2379,https://192.168.238.129:2379,https://192.168.238.128:2379" cluster-health
member 203750a5948d27da is healthy: got healthy result from https://192.168.238.128:2379
member a7e9807772a004c5 is healthy: got healthy result from https://192.168.238.130:2379
member c858c42725f38881 is healthy: got healthy result from https://192.168.238.129:2379
cluster is healthy

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。