由于源站www.cnyunwei.cc 转移服务商备案的过程中操作失误,导致备案注销了,没法重新接入备案,只有新申请域名cnops.xyz 进行备案部署

第二节:安装ETCD 集群

Kubernetes Mr.c 3293℃ 0评论

  ETCD集群这里采用yum安装,安装后调整配置文件即可,集群就采用master和两台node节点分别安装,组合为一个ETCD集群,防止出现单节点故障影响整个kubernetes集群。
1.yum安装etcd

[root@k8s-master ~]#  yum -y install etcd

2.修改etcd.service系统文件

[root@k8s-master ~]# vim /usr/lib/systemd/system/etcd.service 
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target
Documentation=https://github.com/coreos

[Service]
Type=notify
WorkingDirectory=/var/lib/etcd/
EnvironmentFile=-/etc/etcd/etcd.conf
ExecStart=/usr/bin/etcd \
  --name ${ETCD_NAME} \
  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  --peer-cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --peer-key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
  --initial-advertise-peer-urls ${ETCD_INITIAL_ADVERTISE_PEER_URLS} \
  --listen-peer-urls ${ETCD_LISTEN_PEER_URLS} \
  --listen-client-urls ${ETCD_LISTEN_CLIENT_URLS},http://127.0.0.1:2379 \
  --advertise-client-urls ${ETCD_ADVERTISE_CLIENT_URLS} \
  --initial-cluster-token ${ETCD_INITIAL_CLUSTER_TOKEN} \
  --initial-cluster etcd0=https://master.cnyunwei.cc:2380,etcd1=https://node1.cnyunwei.cc:2380,etcd2=https://node2.cnyunwei.cc:2380 \
  --initial-cluster-state new \
  --data-dir=${ETCD_DATA_DIR}
Restart=on-failure
RestartSec=5
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target

3.修改环境变量配置文件/etc/etcd/etcd.conf

[root@k8s-master ~]# cat /etc/etcd/etcd.conf 
# [member]
ETCD_NAME=etcd0
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_LISTEN_PEER_URLS="https://192.168.8.6:2380"
ETCD_LISTEN_CLIENT_URLS="https://192.168.8.6:2379"

#[cluster]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.8.6:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.8.6:2379"

etcd.conf 中的IP地址填写为当前服务器的IP地址;
  上面的etcd.service 文件加入了很多变量,而且需要单独在/etc/etcd/etcd.conf 这指定这些变量,看似麻烦,但实际上更方便我们部署扩展,两个node节点只需要复制这两个文件,修改/etc/etcd/etcd.conf 中的IP地址即可。
4.启动集群

[root@k8s-master ~]# systemctl daemon-reload
[root@k8s-master ~]# systemctl enable etcd
[root@k8s-master ~]# systemctl start etcd

启动报错:
启动的时候出现启动失败,查看journalctl -xe 看到如下信息:
①. 报错一

May 24 16:37:06 k8s-master etcd[19712]: request sent was ignored (cluster ID mismatch: peer[e4c92d94d4e4e0b]=e2e683cff760f563, local=bbe49a377670e18d)
May 24 16:37:06 k8s-master etcd[19712]: request sent was ignored (cluster ID mismatch: peer[e4c92d94d4e4e0b]=e2e683cff760f563, local=bbe49a377670e18d)
May 24 16:37:06 k8s-master etcd[19712]: request sent was ignored (cluster ID mismatch: peer[ed879aed45353acc]=e2e683cff760f563, local=bbe49a377670e18d)
May 24 16:37:06 k8s-master etcd[19712]: request sent was ignored (cluster ID mismatch: peer[ed879aed45353acc]=e2e683cff760f563, local=bbe49a377670e18d)

  这是因为第一次启动的时候可能由于其他配置文件参数错误导致无法启动,但是已经在/var/lib/etcd/目录中生成了初始化文件导致,那么删除/var/lib/etcd/下文件即可

[root@k8s-master ~]# rm -rf  /var/lib/etcd/*

②. 报错二:

-- Unit etcd.service has begun starting up.
May 24 16:40:59 k8s-master systemd[19759]: Failed at step CHDIR spawning /usr/bin/etcd: No such file or directory
-- Subject: Process /usr/bin/etcd could not be executed
-- Defined-By: systemd
..........

  提示找不到/usr/bin/etcd ,可是明明就有这个可执行文件存在,这个问题原因是/var/lib/etcd 这个目录不存在,创建该目录即可。

5.验证集群状态

[root@k8s-master ~]# etcdctl \
  --ca-file=/etc/kubernetes/ssl/ca.pem \
  --cert-file=/etc/kubernetes/ssl/kubernetes.pem \
  --key-file=/etc/kubernetes/ssl/kubernetes-key.pem \
  cluster-health
member 11b53f527ee80a23 is healthy: got healthy result from https://192.168.8.6:2379
member 89b8c49a2b88a2f0 is healthy: got healthy result from https://192.168.8.8:2379
member bb94d79367f12502 is healthy: got healthy result from https://192.168.8.7:2379
cluster is healthy

  出现cluster is healthy 状态即集群启动成功;
由于咱们etcd集群加了证书,所以使用etcdctl命令的时候就需要加上证书相关参数,否则会出现以下错误:

[root@k8s-master ~]# etcdctl cluster-health
failed to check the health of member 11b53f527ee80a23 on https://192.168.8.6:2379: Get https://192.168.8.6:2379/health: x509: certificate signed by unknown authority
member 11b53f527ee80a23 is unreachable: [https://192.168.8.6:2379] are all unreachable
failed to check the health of member 89b8c49a2b88a2f0 on https://192.168.8.8:2379: Get https://192.168.8.8:2379/health: x509: certificate signed by unknown authority
member 89b8c49a2b88a2f0 is unreachable: [https://192.168.8.8:2379] are all unreachable
failed to check the health of member bb94d79367f12502 on https://192.168.8.7:2379: Get https://192.168.8.7:2379/health: x509: certificate signed by unknown authority
member bb94d79367f12502 is unreachable: [https://192.168.8.7:2379] are all unreachable
cluster is unhealthy

转载请注明:菜鸟运维 » 第二节:安装ETCD 集群

喜欢 (0)
发表我的评论
取消评论

表情

Hi,您需要填写昵称和邮箱!

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址
(2)个小伙伴在吐槽
  1. 大神,宕机后,再重启etcd就死活起不来了。publish error: etcdserver: request timed out,有没有遇到过。
    cwj2018-07-23 17:42 回复
    • 这个遇见过,很多都有这个情况,应该是ETCD_INITIAL_CLUSTER_STATE 这个参数导致,可以直接搜这个报错,很多解决办法
      Mr.c2018-07-24 16:33 回复