百度360必应搜狗淘宝本站头条
头像打包下载acmecadconverter_8.52绿色版mysql 昨天的日期个人网站源码word文档批量处理大师破解版
当前位置:网站首页 > 技术教程 > 正文

etcd安装(etc设备安装视频)

csdh11 2025-01-29 15:14 22 浏览

1、单节点部署

文档:https://etcd.io/docs/v3.5/install/

1.1、安装

# centos7环境安装etcd

# 1、下载etcd
wget https://github.com/etcd-io/etcd/releases/download/v3.5.11/etcd-v3.5.11-linux-amd64.tar.gz
 
# 2、解压
tar -xf etcd-v3.5.11-linux-amd64.tar.gz
 
# 3、进入 etcd-v3.5.11-linux-amd64目录
cd etcd-v3.5.11-linux-amd64
 
# 4、将etcd、etcdctl、etcdutl移动到/usr/local/bin目录
mv etcd /usr/local/bin/etcd
mv etcdctl /usr/local/bin/etcdctl
mv etcdutl /usr/local/bin/etcdutl
 
# 5、查看etcd版本
etcd --version
etcdctl version
etcdutl version

1.2、启动

# 运行etcd
# 会在当前目录创建data-dir="default.etcd",wal-dir="default.etcd/member/wal"
etcd
 
# 指定参数运行
etcd --listen-client-urls=http://$PRIVATE_IP:2379 \
   --advertise-client-urls=http://$PRIVATE_IP:2379
 
 
# 查看集群状态
etcdctl --endpoints=$ENDPOINTS endpoint status
etcdctl --endpoints=$ENDPOINTS endpoint health

1.3、配置

详见:https://etcd.io/docs/v3.5/op-guide/configuration/

You can configure etcd through the following:

  • Command-line flags
  • Environment variables: every flag has a corresponding environment variable that has the same name but is prefixed withETCD_ and formatted in all caps and snake case. For example, --some-flag would be ETCD_SOME_FLAG.
  • Configuration file

1.3.1、使用命令行参数启动etcd

# 使用命令行参数运行etcd
etcd --name 'command-line-flags' --data-dir '/root/command-line-flags'

1.3.2、使用环境变量启动etcd

创建/root/etcd.conf配置文件:

cat >  /root/etcd.conf <<"EOF"
#[Member]
ETCD_NAME='environment-variable'
ETCD_DATA_DIR='/root/environment-variable'
EOF

创建/etc/systemd/system/etcd.service服务配置文件:

cat > /etc/systemd/system/etcd.service <<"EOF"
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
 
[Service]
Type=notify
EnvironmentFile=/root/etcd.conf
ExecStart=/usr/local/bin/etcd
Restart=on-failure
RestartSec=5
LimitNOFILE=65536
 
[Install]
WantedBy=multi-user.target
EOF

启动Systemd服务:

# systemctl daemon-reload && systemctl enable --now etcd.service
systemctl daemon-reload && systemctl enable etcd && systemctl start etcd

systemctl status etcd

1.3.3、使用配置文件启动etcd

详见:

# Clustering Guide
https://etcd.io/docs/v3.5/op-guide/clustering/

# 操作 Kubernetes 中的 etcd 集群
https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/configure-upgrade-etcd/

# How to Set Up a Demo etcd Cluster
https://etcd.io/docs/v3.5/tutorials/how-to-setup-cluster/

# Transport security model
https://etcd.io/docs/v3.5/op-guide/security/

下载etcd.config.yml配置文件:

# 下载配置文件
wget https://github.com/etcd-io/etcd/blob/main/etcd.conf.yml.sample -O /root/etcd.config.yml

查看/root/etcd.config.yml文件:

# This is the configuration file for the etcd server.
 
# Human-readable name for this member.
name: 'default'
 
# Path to the data directory.
data-dir:
 
# Path to the dedicated wal directory.
wal-dir:
 
# Number of committed transactions to trigger a snapshot to disk.
snapshot-count: 10000
 
# Time (in milliseconds) of a heartbeat interval.
heartbeat-interval: 100
 
# Time (in milliseconds) for an election to timeout.
election-timeout: 1000
 
# Raise alarms when backend size exceeds the given quota. 0 means use the
# default quota.
quota-backend-bytes: 0
 
# List of comma separated URLs to listen on for peer traffic.
listen-peer-urls: http://localhost:2380
 
# List of comma separated URLs to listen on for client traffic.
listen-client-urls: http://localhost:2379
 
# Maximum number of snapshot files to retain (0 is unlimited).
max-snapshots: 5
 
# Maximum number of wal files to retain (0 is unlimited).
max-wals: 5
 
# Comma-separated white list of origins for CORS (cross-origin resource sharing).
cors:
 
# List of this member's peer URLs to advertise to the rest of the cluster.
# The URLs needed to be a comma-separated list.
initial-advertise-peer-urls: http://localhost:2380
 
# List of this member's client URLs to advertise to the public.
# The URLs needed to be a comma-separated list.
advertise-client-urls: http://localhost:2379
 
# Discovery URL used to bootstrap the cluster.
discovery:
 
# Valid values include 'exit', 'proxy'
discovery-fallback: 'proxy'
 
# HTTP proxy to use for traffic to discovery service.
discovery-proxy:
 
# DNS domain used to bootstrap initial cluster.
discovery-srv:
 
# Comma separated string of initial cluster configuration for bootstrapping.
# Example: initial-cluster: "infra0=http://10.0.1.10:2380,infra1=http://10.0.1.11:2380,infra2=http://10.0.1.12:2380"
initial-cluster:
 
# Initial cluster token for the etcd cluster during bootstrap.
initial-cluster-token: 'etcd-cluster'
 
# Initial cluster state ('new' or 'existing').
initial-cluster-state: 'new'
 
# Reject reconfiguration requests that would cause quorum loss.
strict-reconfig-check: false
 
# Enable runtime profiling data via HTTP server
enable-pprof: true
 
# Valid values include 'on', 'readonly', 'off'
proxy: 'off'
 
# Time (in milliseconds) an endpoint will be held in a failed state.
proxy-failure-wait: 5000
 
# Time (in milliseconds) of the endpoints refresh interval.
proxy-refresh-interval: 30000
 
# Time (in milliseconds) for a dial to timeout.
proxy-dial-timeout: 1000
 
# Time (in milliseconds) for a write to timeout.
proxy-write-timeout: 5000
 
# Time (in milliseconds) for a read to timeout.
proxy-read-timeout: 0
 
client-transport-security:
  # Path to the client server TLS cert file.
  cert-file:
 
  # Path to the client server TLS key file.
  key-file:
 
  # Enable client cert authentication.
  client-cert-auth: false
 
  # Path to the client server TLS trusted CA cert file.
  trusted-ca-file:
 
  # Client TLS using generated certificates
  auto-tls: false
 
peer-transport-security:
  # Path to the peer server TLS cert file.
  cert-file:
 
  # Path to the peer server TLS key file.
  key-file:
 
  # Enable peer client cert authentication.
  client-cert-auth: false
 
  # Path to the peer server TLS trusted CA cert file.
  trusted-ca-file:
 
  # Peer TLS using generated certificates.
  auto-tls: false
 
# The validity period of the self-signed certificate, the unit is year.
self-signed-cert-validity: 1
 
# Enable debug-level logging for etcd.
log-level: debug
 
logger: zap
 
# Specify 'stdout' or 'stderr' to skip journald logging even when running under systemd.
log-outputs: [stderr]
 
# Force to create a new one member cluster.
force-new-cluster: false
 
auto-compaction-mode: periodic
auto-compaction-retention: "1"
 
# Limit etcd to a specific set of tls cipher suites
cipher-suites: [
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
]
 
# Limit etcd to specific TLS protocol versions 
tls-min-version: 'TLS1.2'
tls-max-version: 'TLS1.3'

编辑/root/etcd.config.yml文件:

# 需要修改以下字段:
# name
# data-dir
# wal-dir
# listen-peer-urls
# listen-client-urls
# initial-advertise-peer-urls
# advertise-client-urls
# initial-cluster
# initial-cluster-token
# client-transport-security、client-transport-security下级字段
# peer-transport-security、peer-transport-security下级字段
 
 
name: 'configuration-file'
data-dir: '/root/configuration-file'
wal-dir:
snapshot-count: 10000
heartbeat-interval: 100
election-timeout: 1000
quota-backend-bytes: 0
listen-peer-urls: http://localhost:2380
listen-client-urls: http://localhost:2379
max-snapshots: 5
max-wals: 5
cors:
initial-advertise-peer-urls: http://localhost:2380
advertise-client-urls: http://localhost:2379
discovery:
discovery-fallback: 'proxy'
discovery-proxy:
discovery-srv:
initial-cluster:
initial-cluster-token: 'etcd-cluster'
initial-cluster-state: 'new'
strict-reconfig-check: false
enable-pprof: true
proxy: 'off'
proxy-failure-wait: 5000
proxy-refresh-interval: 30000
proxy-dial-timeout: 1000
proxy-write-timeout: 5000
proxy-read-timeout: 0
client-transport-security:
  cert-file:
  key-file:
  client-cert-auth: false
  trusted-ca-file:
  auto-tls: false
peer-transport-security:
  cert-file:
  key-file:
  client-cert-auth: false
  trusted-ca-file:
  auto-tls: false
self-signed-cert-validity: 1
log-level: debug
logger: zap
log-outputs: [stderr]
force-new-cluster: false
auto-compaction-mode: periodic
auto-compaction-retention: "1"
cipher-suites: [
  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
]
tls-min-version: 'TLS1.2'
tls-max-version: 'TLS1.3'

执行命令:

# 使用配置文件运行etcd
etcd --config-file /root/etcd.config.yml

2、集群部署

2.1、使用http通信

操作步骤如下:
1、在每个节点运行etcd
2、在172.17.0.2节点查看集群

etcd部分参数说明:
1、节点IP:172.17.0.2、172.17.0.3、172.17.0.4(所有节点安装etcd)
2、cluster-state:new
3、token:etcd-token
4、cluster=etcd-node-1=http://172.17.0.2:2380,etcd-node-2=http://172.17.0.3:2380,etcd-node-3=http://172.17.0.2:2380

2.1.1、节点配置

172.17.0.2节点:

etcd --data-dir=data.etcd --name etcd-node-1 \
	--initial-advertise-peer-urls http://172.17.0.2:2380 \
	--listen-peer-urls http://172.17.0.2:2380 \
	--advertise-client-urls http://172.17.0.2:2379 \
	--listen-client-urls http://172.17.0.2:2379 \
	--initial-cluster etcd-node-1=http://172.17.0.2:2380,etcd-node-2=http://172.17.0.3:2380,etcd-node-3=http://172.17.0.4:2380 \
	--initial-cluster-state new \
	--initial-cluster-token etcd-token \
	--peer-key-file peer.key \
	--peer-cert-file peer.cert

172.17.0.3节点:

etcd --data-dir=data.etcd --name etcd-node-2 \
	--initial-advertise-peer-urls http://172.17.0.3:2380 \
	--listen-peer-urls http://172.17.0.3:2380 \
	--advertise-client-urls http://172.17.0.3:2379 \
	--listen-client-urls http://172.17.0.3:2379 \
	--initial-cluster etcd-node-1=http://172.17.0.2:2380,etcd-node-2=http://172.17.0.3:2380,etcd-node-3=http://172.17.0.4:2380 \
	--initial-cluster-state new \
	--initial-cluster-token etcd-token

172.17.0.4节点:

etcd --data-dir=data.etcd --name etcd-node-3 \
	--initial-advertise-peer-urls http://172.17.0.4:2380 \
	--listen-peer-urls http://172.17.0.4:2380 \
	--advertise-client-urls http://172.17.0.4:2379 \
	--listen-client-urls http://172.17.0.4:2379 \
	--initial-cluster etcd-node-1=http://172.17.0.2:2380,etcd-node-2=http://172.17.0.3:2380,etcd-node-3=http://172.17.0.4:2380 \
	--initial-cluster-state new \
	--initial-cluster-token etcd-token

172.17.0.2节点,查看集群:

# 1、查看集群
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379,172.17.0.4:2379 member list
 
# 显示结果
17396d3aa5468ea, started, etcd-node-1, http://172.17.0.2:2380, http://172.17.0.2:2379, false
3a9e24ab09adc359, started, etcd-node-2, http://172.17.0.3:2380, http://172.17.0.3:2379, false
c79b72d1b9e2d891, started, etcd-node-3, http://172.17.0.4:2380, http://172.17.0.4:2379, false
 
# ===============================================================================
# 2、移除节点
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379,172.17.0.4:2379 member remove c79b72d1b9e2d891
 
# 显示结果
Member c79b72d1b9e2d891 removed from cluster 8cc616c226560de7
 
# 3、查看集群
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379,172.17.0.4:2379 member list
 
# 显示结果
17396d3aa5468ea, started, etcd-node-1, http://172.17.0.2:2380, http://172.17.0.2:2379, false
3a9e24ab09adc359, started, etcd-node-2, http://172.17.0.3:2380, http://172.17.0.3:2379, false
 
 
# ===============================================================================
# 4、添加节点
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379 member add etcd-node-3 --peer-urls=http://172.17.0.4:2380
 
# 显示结果
Member 99d9b4191b7df3f2 added to cluster 8cc616c226560de7
 
ETCD_NAME="etcd-node-3"
ETCD_INITIAL_CLUSTER="etcd-node-1=http://172.17.0.2:2380,etcd-node-2=http://172.17.0.3:2380,etcd-node-3=http://172.17.0.4:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.17.0.4:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"
 
# 5、查看集群
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379,172.17.0.4:2379 member list
 
# 显示结果
17396d3aa5468ea, started, etcd-node-1, http://172.17.0.2:2380, http://172.17.0.2:2379, false
3a9e24ab09adc359, started, etcd-node-2, http://172.17.0.3:2380, http://172.17.0.3:2379, false
91fd2ad3e8b7b64f, unstarted, , http://172.17.0.4:2380, , false
 
 
# 6、172.17.0.4节点执行
rm -rf ./etcd-node-3.etcd
 
# 7、172.17.0.4节点执行
etcd --data-dir=data.etcd --name etcd-node-3 \
	--initial-advertise-peer-urls http://172.17.0.4:2380 \
	--listen-peer-urls http://172.17.0.4:2380 \
	--advertise-client-urls http://172.17.0.4:2379 \
	--listen-client-urls http://172.17.0.4:2379 \
	--initial-cluster etcd-node-1=http://172.17.0.2:2380,etcd-node-2=http://172.17.0.3:2380,etcd-node-3=http://172.17.0.4:2380 \
	--initial-cluster-state existing \
	--initial-cluster-token etcd-token
 
# 8、查看集群
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379,172.17.0.4:2379 member list
 
# 显示结果
17396d3aa5468ea, started, etcd-node-1, http://172.17.0.2:2380, http://172.17.0.2:2379, false
2e6bc6b95d92f714, started, etcd-node-3, http://172.17.0.4:2380, http://172.17.0.4:2379, false
3a9e24ab09adc359, started, etcd-node-2, http://172.17.0.3:2380, http://172.17.0.3:2379, false

2.2、使用https通信

操作步骤如下:
1、在172.17.0.2节点安装cfssl,生成证书
2、将证书复制到其他节点(172.17.0.3、172.17.0.4)
3、在每个节点运行etcd
4、在172.17.0.2节点查看集群

2.2.1、安装cfssl

2.2.1.1、安装

# 1、下载cfssl、cfssljson、cfssl-certinfo
# cfssl:用于签发证书
# cfssljson:将cfssl签发生成的证书(json格式)变成文件承载式文件
# cfssl-certinfo:验证查看证书信息
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/local/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/local/bin/cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/local/bin/cfssl-certinfo
 
# 2、给cfssl、cfssljson、cfssl-certinfo添加可执行权限
chmod +x /usr/local/bin/cfssl*

2.2.1.2、生成证书

  • 配置文件:ca-config.json、ca-csr.json、etcd-csr.json
  • 文件内容来源:https://github.com/etcd-io/etcd/tree/main/hack/tls-setup

ca-config.json文件:

{
  "signing": {
    "default": {
        "usages": [
          "signing",
          "key encipherment",
          "server auth",
          "client auth"
        ],
        "expiry": "876000h"
    }
  }
}

ca-csr.json文件:

{
  "CN": "Autogenerated CA",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "O": "Honest Achmed's Used Certificates",
      "OU": "Hastily-Generated Values Divison",
      "L": "San Francisco",
      "ST": "California",
      "C": "US"
    }
  ]
}

etcd-csr.json文件:

{
  "CN": "etcd",
  "hosts": [
    "localhost",
    "127.0.0.1",
    "172.17.0.2",
    "172.17.0.3",
    "172.17.0.4"
  ],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "O": "autogenerated",
      "OU": "etcd cluster",
      "L": "the internet"
    }
  ]
}

执行命令:

# 1、创建目录
mkdir -p etcd/ssl
 
# 2、切换目录
cd etcd/ssl
 
# 3、创建文件,复制上述ca-config.json、ca-csr.json、etcd-csr.json内容到对应文件
touch {ca-config.json,ca-csr.json,etcd-csr.json}
 
# 4、生成CA根证书及其私钥
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
 
# 5、根据CA根证书及其私钥签名生成目标证书和私钥
cfssl gencert -ca ca.pem -ca-key ca-key.pem -config ca-config.json etcd-csr.json | cfssljson -bare etcd
 
# 6、复制etcd目录到其他节点
scp -r /root/etcd 172.17.0.3:/root/etcd
scp -r /root/etcd 172.17.0.4:/root/etcd

2.2.2、节点配置

172.17.0.2节点:

etcd --data-dir=data.etcd --name etcd-node-1 \
    --initial-advertise-peer-urls https://172.17.0.2:2380 \
    --listen-peer-urls https://172.17.0.2:2380 \
    --advertise-client-urls https://172.17.0.2:2379 \
    --listen-client-urls https://172.17.0.2:2379 \
    --initial-cluster 'etcd-node-1=https://172.17.0.2:2380,etcd-node-2=https://172.17.0.3:2380,etcd-node-3=https://172.17.0.4:2380' \
    --initial-cluster-state new \
    --initial-cluster-token etcd-token \
    --cert-file=/root/etcd/ssl/etcd.pem \
    --key-file=/root/etcd/ssl/etcd-key.pem \
    --peer-cert-file=/root/etcd/ssl/etcd.pem \
    --peer-key-file=/root/etcd/ssl/etcd-key.pem \
    --peer-client-cert-auth \
    --peer-trusted-ca-file=/root/etcd/ssl/ca.pem

172.17.0.3节点:

etcd --data-dir=data.etcd --name etcd-node-2 \
    --initial-advertise-peer-urls https://172.17.0.3:2380 \
    --listen-peer-urls https://172.17.0.3:2380 \
    --advertise-client-urls https://172.17.0.3:2379 \
    --listen-client-urls https://172.17.0.3:2379 \
    --initial-cluster 'etcd-node-1=https://172.17.0.2:2380,etcd-node-2=https://172.17.0.3:2380,etcd-node-3=https://172.17.0.4:2380' \
    --initial-cluster-state new \
    --initial-cluster-token etcd-token \
    --cert-file=/root/etcd/ssl/etcd.pem \
    --key-file=/root/etcd/ssl/etcd-key.pem \
    --peer-cert-file=/root/etcd/ssl/etcd.pem \
    --peer-key-file=/root/etcd/ssl/etcd-key.pem \
    --peer-client-cert-auth \
    --peer-trusted-ca-file=/root/etcd/ssl/ca.pem

172.17.0.4节点:

etcd --data-dir=data.etcd --name etcd-node-3 \
    --initial-advertise-peer-urls https://172.17.0.4:2380 \
    --listen-peer-urls https://172.17.0.4:2380 \
    --advertise-client-urls https://172.17.0.4:2379 \
    --listen-client-urls https://172.17.0.4:2379 \
    --initial-cluster 'etcd-node-1=https://172.17.0.2:2380,etcd-node-2=https://172.17.0.3:2380,etcd-node-3=https://172.17.0.4:2380' \
    --initial-cluster-state new \
    --initial-cluster-token etcd-token \
    --cert-file=/root/etcd/ssl/etcd.pem \
    --key-file=/root/etcd/ssl/etcd-key.pem \
    --peer-cert-file=/root/etcd/ssl/etcd.pem \
    --peer-key-file=/root/etcd/ssl/etcd-key.pem \
    --peer-client-cert-auth \
    --peer-trusted-ca-file=/root/etcd/ssl/ca.pem

172.17.0.2节点,查看集群:

# 查看集群
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379,172.17.0.4:2379 \
  --cert=/root/etcd/ssl/etcd.pem \
  --key=/root/etcd/ssl/etcd-key.pem \
  --cacert=/root/etcd/ssl/ca.pem \
  member list
 
# 显示结果
c6b958fbe52963, started, etcd-node-1, https://172.17.0.2:2380, https://172.17.0.2:2379, false
5f334165954101b, started, etcd-node-3, https://172.17.0.4:2380, https://172.17.0.4:2379, false
964941aff35ec5da, started, etcd-node-2, https://172.17.0.3:2380, https://172.17.0.3:2379, false
 
 
# 不带证书访问集群
etcdctl --endpoints=172.17.0.2:2379,172.17.0.3:2379,172.17.0.4:2379   member list
 
# 显示结果
{"level":"warn","ts":"2024-01-20T21:58:12.352461Z","logger":"etcd-client","caller":"v3@v3.5.11/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc000374380/172.17.0.2:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \"error reading server preface: EOF\""}
Error: context deadline exceeded

详见:

# 操作 Kubernetes 中的 etcd 集群 | Kubernetes
https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/configure-upgrade-etcd/

# Clustering Guide | etcd
https://etcd.io/docs/v3.5/op-guide/clustering/

# How to Set Up a Demo etcd Cluster | etcd
https://etcd.io/docs/v3.5/tutorials/how-to-setup-cluster/

# How to Add and Remove Members | etcd
https://etcd.io/docs/v3.5/tutorials/how-to-deal-with-membership/

3、Docker部署

详见:https://etcd.io/docs/v3.5/op-guide/container/

3.1、使用http通信

# 1、当前主机IP:10.0.8.13,创建目录
mkdir /root/etcd-data
 
 
# 2、当前主机IP:10.0.8.13,创建容器
docker run \
  -p 2379:2379 \
  -p 2380:2380 \
  --volume=/root/etcd-data:/root/etcd-data \
  --name etcd quay.io/coreos/etcd:latest \
  /usr/local/bin/etcd \
  --data-dir=/root/etcd-data --name node1 \
  --initial-advertise-peer-urls http://10.0.8.13:2380 \
  --listen-peer-urls http://0.0.0.0:2380 \
  --advertise-client-urls http://10.0.8.13:2379 \
  --listen-client-urls http://0.0.0.0:2379 \
  --initial-cluster node1=http://10.0.8.13:2380
 
 
# 3、当前主机IP:10.0.8.13,查看集群状态
etcdctl --endpoints=10.0.8.13:2379 member list
 
# 4、显示结果
942908011bbade83, started, node1, http://10.0.8.13:2380, http://10.0.8.13:2379, false

3.2、使用https通信

# 1、当前主机IP:10.0.8.13,创建目录
mkdir -p /root/etcd/{data,ssl}
 
# 生成证书
# 参考:“2.2、使用https通信” 的 “生成证书”
# 修改“etcd-csr.json文件” 的 “hosts” 字段,hosts值应为 “主机IP”
 
# 2、当前主机IP:10.0.8.13,创建容器
docker run \
  -p 2379:2379 \
  -p 2380:2380 \
  --volume=/root/etcd:/root/etcd \
  --name etcd quay.io/coreos/etcd:latest \
  /usr/local/bin/etcd \
  --data-dir=/root/etcd/data --name node1 \
  --initial-advertise-peer-urls https://10.0.8.13:2380 \
  --listen-peer-urls https://0.0.0.0:2380 \
  --advertise-client-urls https://10.0.8.13:2379 \
  --listen-client-urls https://0.0.0.0:2379 \
  --cert-file=/root/etcd/ssl/etcd.pem \
  --key-file=/root/etcd/ssl/etcd-key.pem \
  --peer-cert-file=/root/etcd/ssl/etcd.pem \
  --peer-key-file=/root/etcd/ssl/etcd-key.pem \
  --peer-client-cert-auth \
  --peer-trusted-ca-file=/root/etcd/ssl/ca.pem
 
# 3、查看集群
 
# 3.1、当前主机IP:10.0.8.13,查看集群
etcdctl --endpoints=10.0.8.13:2379 \
  --cert=/root/etcd/ssl/etcd.pem \
  --key=/root/etcd/ssl/etcd-key.pem \
  --cacert=/root/etcd/ssl/ca.pem \
  member list
 
# 显示结果
b0b9626eea1088ab, started, node1, https://10.0.8.13:2380, https://10.0.8.13:2379, false
 
 
# 3.2、当前主机IP:10.0.8.13,不带证书访问集群
etcdctl --endpoints=10.0.8.13:2379 member list
 
# 显示结果
{"level":"warn","ts":"2024-01-21T15:42:38.997455+0800","logger":"etcd-client","caller":"v3@v3.5.11/retry_interceptor.go:62","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc00007c000/10.0.8.13:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \"error reading server preface: read tcp 10.0.8.13:56464->10.0.8.13:2379: read: connection reset by peer\""}
Error: context deadline exceeded

相关推荐

探索Java项目中日志系统最佳实践:从入门到精通

探索Java项目中日志系统最佳实践:从入门到精通在现代软件开发中,日志系统如同一位默默无闻却至关重要的管家,它记录了程序运行中的各种事件,为我们排查问题、监控性能和优化系统提供了宝贵的依据。在Java...

用了这么多年的java日志框架,你真的弄懂了吗?

在项目开发过程中,有一个必不可少的环节就是记录日志,相信只要是个程序员都用过,可是咱们自问下,用了这么多年的日志框架,你确定自己真弄懂了日志框架的来龙去脉嘛?下面笔者就详细聊聊java中常用日志框架的...

物理老师教你学Java语言(中篇)(物理专业学编程)

第四章物质的基本结构——类与对象...

一文搞定!Spring Boot3 定时任务操作全攻略

各位互联网大厂的后端开发小伙伴们,在使用SpringBoot3开发项目时,你是否遇到过定时任务实现的难题呢?比如任务调度时间不准确,代码报错却找不到方向,是不是特别头疼?如今,随着互联网业务规模...

你还不懂java的日志系统吗 ?(java的日志类)

一、背景在java的开发中,使用最多也绕不过去的一个话题就是日志,在程序中除了业务代码外,使用最多的就是打印日志。经常听到的这样一句话就是“打个日志调试下”,没错在日常的开发、调试过程中打印日志是常干...

谈谈枚举的新用法--java(java枚举的作用与好处)

问题的由来前段时间改游戏buff功能,干了一件愚蠢的事情,那就是把枚举和运算集合在一起,然后运行一段时间后buff就出现各种问题,我当时懵逼了!事情是这样的,做过游戏的都知道,buff,需要分类型,且...

你还不懂java的日志系统吗(javaw 日志)

一、背景在java的开发中,使用最多也绕不过去的一个话题就是日志,在程序中除了业务代码外,使用最多的就是打印日志。经常听到的这样一句话就是“打个日志调试下”,没错在日常的开发、调试过程中打印日志是常干...

Java 8之后的那些新特性(三):Java System Logger

去年12月份log4j日志框架的一个漏洞,给Java整个行业造成了非常大的影响。这个事情也顺带把log4j这个日志框架推到了争议的最前线。在Java领域,log4j可能相对比较流行。而在log4j之外...

Java开发中的日志管理:让程序“开口说话”

Java开发中的日志管理:让程序“开口说话”日志是程序员的朋友,也是程序的“嘴巴”。它能让程序在运行过程中“开口说话”,告诉我们它的状态、行为以及遇到的问题。在Java开发中,良好的日志管理不仅能帮助...

吊打面试官(十二)--Java语言中ArrayList类一文全掌握

导读...

OS X 效率启动器 Alfred 详解与使用技巧

问:为什么要在Mac上使用效率启动器类应用?答:在非特殊专业用户的环境下,(每天)用户一般可以在系统中进行上百次操作,可以是点击,也可以是拖拽,但这些只是过程,而我们的真正目的是想获得结果,也就是...

Java中 高级的异常处理(java中异常处理的两种方式)

介绍异常处理是软件开发的一个关键方面,尤其是在Java中,这种语言以其稳健性和平台独立性而闻名。正确的异常处理不仅可以防止应用程序崩溃,还有助于调试并向用户提供有意义的反馈。...

【性能调优】全方位教你定位慢SQL,方法介绍下!

1.使用数据库自带工具...

全面了解mysql锁机制(InnoDB)与问题排查

MySQL/InnoDB的加锁,一直是一个常见的话题。例如,数据库如果有高并发请求,如何保证数据完整性?产生死锁问题如何排查并解决?下面是不同锁等级的区别表级锁:开销小,加锁快;不会出现死锁;锁定粒度...

看懂这篇文章,你就懂了数据库死锁产生的场景和解决方法

一、什么是死锁加锁(Locking)是数据库在并发访问时保证数据一致性和完整性的主要机制。任何事务都需要获得相应对象上的锁才能访问数据,读取数据的事务通常只需要获得读锁(共享锁),修改数据的事务需要获...

一周热门
最近发表
标签列表