1. 程式人生 > >一鍵部署高可用etcd叢集(TLS,ubuntu)(freetoo、碼客、盧益貴)

一鍵部署高可用etcd叢集(TLS,ubuntu)(freetoo、碼客、盧益貴)

一鍵部署高可用etcd叢集(TLS,ubuntu)(freetoo、碼客、盧益貴)

 

這是一個便捷高效的部署高可用etcd叢集(TLS)的指令碼工具。

下載連結:

https://download.csdn.net/download/guestcode/10798474


一、【功能說明】

 1、自動安裝cfssl
 2、一鍵生成ssl祕鑰
 3、一鍵安裝到目標主機

 

二、【使用方法】

 1、修改檔案install.sh,把叢集所有主機的IP地址賦值給列表陣列變數:

    iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130")


 2、建立ssl祕鑰(生成ssl目錄):

A: 在Ubuntu上執行命令建立ssl:

./install build

結果下圖所示:

B:執行上述命令後生成ssl目錄:


 3、把ins-etcd整個目錄複製到叢集中每個Ubuntu主機上然後執行安裝:

  ./install

結果如下圖所示:

注意:

安裝完畢後可刪除ins-etcd目錄

 

4、查詢叢集狀態:

A、查詢叢集健康狀態:

etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=https://192.168.116.128:2379 cluster-health

B、查詢叢集成員列表:

etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=https://192.168.116.128:2379 member list

結果如下圖所示:

 

三、指令碼原始碼

#!/bin/bash

############################################################
# Copyleft ©2018 freetoo(yigui-lu,盧益貴,碼客)
# name: Deploying etcd clusters(HA, TLS) 
#       一鍵部署高可用etcd叢集(TLS)
# qq/wx: 48092788    e-mail: 
[email protected]
# blog: https://blog.csdn.net/guestcode # create: 2018-11-21 ############################################################ #【功能說明】 # 1、自動安裝cfssl # 2、一鍵生成ssl祕鑰 # 3、一鍵安裝到目標主機 #【使用方法】 # 1、把叢集主機的IP地址賦值給列表陣列變數: # iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130") # 2、建立ssl祕鑰(生成ssl目錄): # ./install build # 3、把ins-etcd整個目錄複製到iplist變數指定IP的主機上執行安裝: # ./install # 獲取命令列引數,第一個命令列引數是build表示建立ssl祕鑰 arg=$1 # 無命令列引數的預設是部署操作 if [ ! $arg ]; then arg=install fi # 指定etcd叢集主機的IP地址列表 iplist=("192.168.116.128" "192.168.116.129" "192.168.116.130") # 結束指令碼函式 function exit_script() { exit 1 } # 1.建立ssl if [ $arg = build ]; then echo build ssl...... # 自動安裝cfssl hasssl=false if [ -f /usr/bin/cfssl ]; then hasssl=true fi if [ -f /usr/local/bin/cfssl ]; then hasssl=true fi if [ $hasssl = false ]; then wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 chmod +x cfssl* mv cfssl_linux-amd64 /usr/local/bin/cfssl fi hasjson=false if [ -f /usr/bin/cfssljson ]; then hasjson=true fi if [ -f /usr/local/bin/cfssljson ]; then hasjson=true fi if [ $hasjson = false ]; then wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 chmod +x cfssl* mv cfssljson_linux-amd64 /usr/local/bin/cfssljson fi hascert=false if [ -f /usr/bin/cfssl-certinfo ]; then hascert=true fi if [ $hascert = false ]; then #wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 chmod +x cfssl* #mv cfssl-certinfo_linux-amd64 /usr/bin/cfssl-certinfo fi cfgdir=cfg ssldir=ssl if [ -d $ssldir ]; then rm -rf $ssldir fi mkdir $ssldir for ip in ${iplist[@]} do if [ ! $ips ]; then ips=\"$ip\" else ips=$ips,\"$ip\" fi done hosts=" \"hosts\": [$ips]," sed -i "s|^ \"hosts\".*$|$hosts|g" ./$cfgdir/server-csr.json echo echo make ca ...... cfssl gencert -initca $cfgdir/ca-csr.json | cfssljson -bare $ssldir/ca - echo echo make server key ...... cfssl gencert -ca=$ssldir/ca.pem -ca-key=$ssldir/ca-key.pem -config=$cfgdir/ca-config.json -profile=etcd $cfgdir/server-csr.json | cfssljson -bare $ssldir/server exit_script fi # if [ $masterip = build ]; then # 本機IP地址 localip=`ifconfig | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'` # 生成Url列表 for ip in ${iplist[@]} do if [ ! $clusterurls ]; then clusterurls="etcd$ip=https://$ip:2380" endpoints="https://$ip:2379" else clusterurls=$clusterurls,etcd$ip=https://$ip:2380 endpoints="$endpoints,https://$ip:2379" fi done # 判斷本機IP是否是iplist指定範圍內 for ip in ${iplist[@]} do # 不是iplist指定範圍的主機IP不給安裝 if [ $ip = $localip ]; then cfgfile=/etc/systemd/system/etcd.service # 停止正在執行的程序 if [ -f $cfgfile ]; then echo uninstall etcd...... systemctl stop etcd systemctl disable etcd rm $cfgfile systemctl daemon-reload echo reinstall etcd...... else echo install etcd...... fi # 刪除舊資料 workdir=/var/lib/etcd/ if [ -d $workdir/ ]; then rm -rf $workdir fi mkdir $workdir # 複製祕鑰等檔案 ssldir=/etc/etcd/ssl/ if [ -d $ssldir ]; then rm -rf $ssldir fi mkdir -p $ssldir cp -f ./ssl/*.* $ssldir # 複製etcd執行檔案 cp -f ./bin/etcd* /usr/local/bin/ chmod +x /usr/local/bin/etcd* # 配置服務啟動檔案 cp -f ./cfg/etcd.service /etc/systemd/system/ sed -i "s|localip|$localip|g" $cfgfile sed -i "s|clusterurls|$clusterurls|g" $cfgfile # 啟動etcd systemctl daemon-reload systemctl enable etcd systemctl start etcd # 查詢叢集健康狀況 echo echo "etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=$endpoints cluster-health" etcdctl --ca-file=/etc/etcd/ssl/ca.pem --cert-file=/etc/etcd/ssl/server.pem --key-file=/etc/etcd/ssl/server-key.pem --endpoints=$endpoints cluster-health echo # 查詢服務執行狀態 systemctl status etcd exit_script fi done # 不是iplist指定範圍的主機IP不給安裝 echo "the host-ip($localip) is\`t in ip-list:"${iplist[@]:0:${#iplist[@]}}