一鍵部署高可用etcd叢集(TLS,ubuntu)(freetoo、碼客、盧益貴)
阿新 • • 發佈:2018-11-22
一鍵部署高可用etcd叢集(TLS,ubuntu)(freetoo、碼客、盧益貴)
這是一個便捷高效的部署高可用etcd叢集(TLS)的指令碼工具。
下載連結:
https://download.csdn.net/download/guestcode/10798474
一、【功能說明】
1、自動安裝cfssl
2、一鍵生成ssl祕鑰
3、一鍵安裝到目標主機
二、【使用方法】
1、修改檔案install.sh,把叢集所有主機的IP地址賦值給列表陣列變數:
iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130")
2、建立ssl祕鑰(生成ssl目錄):
A: 在Ubuntu上執行命令建立ssl:
./install build
結果下圖所示:
B:執行上述命令後生成ssl目錄:
3、把ins-etcd整個目錄複製到叢集中每個Ubuntu主機上然後執行安裝:
./install
結果如下圖所示:
注意:
安裝完畢後可刪除ins-etcd目錄
4、查詢叢集狀態:
A、查詢叢集健康狀態:
etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=https://192.168.116.128:2379 cluster-health
B、查詢叢集成員列表:
etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=https://192.168.116.128:2379 member list
結果如下圖所示:
三、指令碼原始碼
#!/bin/bash
############################################################
# Copyleft ©2018 freetoo(yigui-lu,盧益貴,碼客)
# name: Deploying etcd clusters(HA, TLS)
# 一鍵部署高可用etcd叢集(TLS)
# qq/wx: 48092788 e-mail: [email protected]
# blog: https://blog.csdn.net/guestcode
# create: 2018-11-21
############################################################
#【功能說明】
# 1、自動安裝cfssl
# 2、一鍵生成ssl祕鑰
# 3、一鍵安裝到目標主機
#【使用方法】
# 1、把叢集主機的IP地址賦值給列表陣列變數:
# iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130")
# 2、建立ssl祕鑰(生成ssl目錄):
# ./install build
# 3、把ins-etcd整個目錄複製到iplist變數指定IP的主機上執行安裝:
# ./install
# 獲取命令列引數,第一個命令列引數是build表示建立ssl祕鑰
arg=$1
# 無命令列引數的預設是部署操作
if [ ! $arg ]; then
arg=install
fi
# 指定etcd叢集主機的IP地址列表
iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130")
# 結束指令碼函式
function exit_script() {
exit 1
}
# 1.建立ssl
if [ $arg = build ]; then
echo build ssl......
# 自動安裝cfssl
hasssl=false
if [ -f /usr/bin/cfssl ]; then
hasssl=true
fi
if [ -f /usr/local/bin/cfssl ]; then
hasssl=true
fi
if [ $hasssl = false ]; then
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
chmod +x cfssl*
mv cfssl_linux-amd64 /usr/local/bin/cfssl
fi
hasjson=false
if [ -f /usr/bin/cfssljson ]; then
hasjson=true
fi
if [ -f /usr/local/bin/cfssljson ]; then
hasjson=true
fi
if [ $hasjson = false ]; then
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
chmod +x cfssl*
mv cfssljson_linux-amd64 /usr/local/bin/cfssljson
fi
hascert=false
if [ -f /usr/bin/cfssl-certinfo ]; then
hascert=true
fi
if [ $hascert = false ]; then
#wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
chmod +x cfssl*
#mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo
fi
cfgdir=cfg
ssldir=ssl
if [ -d $ssldir ]; then
rm -rf $ssldir
fi
mkdir $ssldir
for ip in ${iplist[@]}
do
if [ ! $ips ]; then
ips=\"$ip\"
else
ips=$ips,\"$ip\"
fi
done
hosts=" \"hosts\": [$ips],"
sed -i "s|^ \"hosts\".*$|$hosts|g" ./$cfgdir/server-csr.json
echo
echo make ca ......
cfssl gencert -initca $cfgdir/ca-csr.json | cfssljson -bare $ssldir/ca -
echo
echo make server key ......
cfssl gencert -ca=$ssldir/ca.pem -ca-key=$ssldir/ca-key.pem -config=$cfgdir/ca-config.json -profile=etcd $cfgdir/server-csr.json | cfssljson -bare $ssldir/server
exit_script
fi # if [ $masterip = build ]; then
# 本機IP地址
localip=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`
# 生成Url列表
for ip in ${iplist[@]}
do
if [ ! $clusterurls ]; then
clusterurls="etcd$ip=https://$ip:2380"
endpoints="https://$ip:2379"
else
clusterurls=$clusterurls,etcd$ip=https://$ip:2380
endpoints="$endpoints,https://$ip:2379"
fi
done
# 判斷本機IP是否是iplist指定範圍內
for ip in ${iplist[@]}
do
# 不是iplist指定範圍的主機IP不給安裝
if [ $ip = $localip ]; then
cfgfile=/etc/systemd/system/etcd.service
# 停止正在執行的程序
if [ -f $cfgfile ]; then
echo uninstall etcd......
systemctl stop etcd
systemctl disable etcd
rm $cfgfile
systemctl daemon-reload
echo reinstall etcd......
else
echo install etcd......
fi
# 刪除舊資料
workdir=/var/lib/etcd/
if [ -d $workdir/ ]; then
rm -rf $workdir
fi
mkdir $workdir
# 複製祕鑰等檔案
ssldir=/etc/etcd/ssl/
if [ -d $ssldir ]; then
rm -rf $ssldir
fi
mkdir -p $ssldir
cp -f ./ssl/*.* $ssldir
# 複製etcd執行檔案
cp -f ./bin/etcd* /usr/local/bin/
chmod +x /usr/local/bin/etcd*
# 配置服務啟動檔案
cp -f ./cfg/etcd.service /etc/systemd/system/
sed -i "s|localip|$localip|g" $cfgfile
sed -i "s|clusterurls|$clusterurls|g" $cfgfile
# 啟動etcd
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
# 查詢叢集健康狀況
echo
echo "etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=$endpoints cluster-health"
etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=$endpoints cluster-health
echo
# 查詢服務執行狀態
systemctl status etcd
exit_script
fi
done
# 不是iplist指定範圍的主機IP不給安裝
echo "the host-ip($localip) is\`t in ip-list:"${iplist[@]:0:${#iplist[@]}}