1. 程式人生 > >基於Docker部署ETCD集群

基於Docker部署ETCD集群

init sta 同步數據 localtime 占用 連接 集群部署 重要 但是

基於Docker部署ETCD集群

關於ETCD要不要使用TLS?

首先TLS的目的是為了鑒權為了防止別人任意的連接上你的etcd集群。其實意思就是說如果你要放到公網上的ETCD集群,並開放端口,我建議你一定要用TLS。
如果你的ETCD集群跑在一個內網環境比如(VPC環境),而且你也不會開放ETCD端口,你的ETCD跑在防火墻之後,一個安全的局域網中,那麽你用不用TLS,都行。

優化參數

  • --auto-compaction-retention
    • 由於ETCD數據存儲多版本數據,隨著寫入的主鍵增加歷史版本需要定時清理,默認的歷史數據是不會清理的,數據達到2G就不能寫入,必須要清理壓縮歷史數據才能繼續寫入;所以根據業務需求,在上生產環境之前就提前確定,歷史數據多長時間壓縮一次;推薦一小時壓縮一次數據這樣可以極大的保證集群穩定,減少內存和磁盤占用
  • --max-request-bytes
    • etcd Raft消息最大字節數,ETCD默認該值為1.5M; 但是很多業務場景發現同步數據的時候1.5M完全沒法滿足要求,所以提前確定初始值很重要;由於1.5M導致我們線上的業務無法寫入元數據的問題,我們緊急升級之後把該值修改為默認32M,但是官方推薦的是10M,大家可以根據業務情況自己調整
  • --quota-backend-bytes
    • ETCD db數據大小,默認是2G,當數據達到2G的時候就不允許寫入,必須對歷史數據進行壓縮才能繼續寫入;參加1裏面說的,我們啟動的時候就應該提前確定大小,官方推薦是8G,這裏我們也使用8G的配置

Docker安裝ETCD

請依次在你規劃好的etcd機器上運行即可

etcd-s1

mkdir -p /var/etcd
docker rm etcd1 -f
rm -rf /var/etcd
docker run --restart=always --net host -it --name etcd1 -d -v /var/etcd:/var/etcd -v /etc/localtime:/etc/localtime registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 etcd --name etcd-s1 --auto-compaction-retention=1
--max-request-bytes=33554432 --quota-backend-bytes=8589934592 --data-dir=/var/etcd/etcd-data --listen-client-urls http://0.0.0.0:2379 \ --listen-peer-urls http://0.0.0.0:2380 \ --initial-advertise-peer-urls http://192.168.150.141:2380 \ --advertise-client-urls http://192.168.150.141:2379,http://192.168.150.141:2380 \ -initial-cluster-token etcd-cluster -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" \
-initial-cluster-state new

etcd-s2

mkdir -p /var/etcd
docker rm etcd2 -f
rm -rf /var/etcd
docker run --restart=always --net host -it --name etcd2 -d -v /var/etcd:/var/etcd -v /etc/localtime:/etc/localtime registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 etcd --name etcd-s2  --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 --data-dir=/var/etcd/etcd-data --listen-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://192.168.150.142:2380 \
--advertise-client-urls http://192.168.150.142:2379,http://192.168.150.142:2380 \
-initial-cluster-token etcd-cluster -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" -initial-cluster-state new

etcd-s3

mkdir -p /var/etcd
docker rm etcd3 -f
rm -rf /var/etcd
docker run --restart=always --net host -it --name etcd3 -d -v /var/etcd:/var/etcd -v /etc/localtime:/etc/localtime registry.cn-hangzhou.aliyuncs.com/google_containers/etcd:3.2.24 etcd --name etcd-s3 --auto-compaction-retention=1 --max-request-bytes=33554432 --quota-backend-bytes=8589934592 --data-dir=/var/etcd/etcd-data --listen-client-urls http://0.0.0.0:2379 \
--listen-peer-urls http://0.0.0.0:2380 \
--initial-advertise-peer-urls http://192.168.150.143:2380 \
--advertise-client-urls http://192.168.150.143:2379,http://192.168.150.143:2380 \
-initial-cluster-token etcd-cluster -initial-cluster "etcd-s1=http://192.168.150.141:2380,etcd-s2=http://192.168.150.142:2380,etcd-s3=http://192.168.150.143:2380" -initial-cluster-state new

驗證

? ETCDCTL_API=3 etcdctl  member list
410feb26f4fa3c7f: name=etcd-s1 peerURLs=http://192.168.150.141:2380 clientURLs=http://192.168.150.141:2379,http://192.168.150.141:2380
56fa117fc503543c: name=etcd-s3 peerURLs=http://192.168.150.143:2380 clientURLs=http://192.168.150.143:2379,http://192.168.150.143:2380
bc4d900274366497: name=etcd-s2 peerURLs=http://192.168.150.142:2380 clientURLs=http://192.168.150.142:2379,http://192.168.150.142:2380

? ETCDCTL_API=3 etcdctl cluster-health
member 410feb26f4fa3c7f is healthy: got healthy result from http://192.168.150.141:2379
member 56fa117fc503543c is healthy: got healthy result from http://192.168.150.143:2379
member bc4d900274366497 is healthy: got healthy result from http://192.168.150.142:2379
cluster is healthy

到此ETCD集群部署完畢。

基於Docker部署ETCD集群