安裝etcd服務

#下載etcd-v3.4.27
wget https://github.com/etcd-io/etcd/releases/download/v3.4.27/etcd-v3.4.27-linux-arm64.tar.gz

##############################################
#
# 方式1：
#  etcd服務的配置文件都定義在etcd.service中
#  在etcd.conf文件中少體現
#
##############################################

mkdir -p /opt/etcd/{bin,cfg,ssl}

# 1、定義etcd服務配置文件
cat>/opt/etcd/cfg/etcd.conf<<EOFA
#[Member]
ETCD_NAME="etcd-1"
ETCD_DATA_DIR="/opt/etcd/data"
ETCD_LISTEN_PEER_URLS="https://168.7.10.201:2380"
ETCD_LISTEN_CLIENT_URLS="https://168.7.10.201:2379"
ETCD_UNSUPPORTED_ARCH=arm64
logger=zap

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://168.7.10.201:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://168.7.10.201:2379"
ETCD_INITIAL_CLUSTER="etcd-1=https://168.7.10.201:2380,etcd-2=https://168.7.10.202:2380,etcd-3=https://168.7.10.203:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
EOFA


# 2、定義服務啓動文件
cat>/usr/lib/systemd/system/etcd.service<<EOFF
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/opt/etcd/cfg/etcd.conf
ExecStart=/opt/etcd/bin/etcd \
--cert-file=/opt/etcd/ssl/server.crt \
--key-file=/opt/etcd/ssl/server.key \
--peer-cert-file=/opt/etcd/ssl/server.crt \
--peer-key-file=/opt/etcd/ssl/server.key \
--trusted-ca-file=/opt/etcd/ssl/ca.crt \
--peer-trusted-ca-file=/opt/etcd/ssl/ca.crt
Restart=on-failure

[Install]
WantedBy=multi-user.target
EOFF

##############################################
#
# 方式2：
#  etcd服務的配置文件都定義在etcd.conf中
#  在etcd.service文件中少體現
#
##############################################

mkdir -p /opt/etcd/{bin,cfg,ssl}

# 1、定義etcd服務配置文件
cat>/opt/etcd/cfg/etcd.conf<<EOFB
#[Member]
ETCD_NAME="etcd-3"
ETCD_DATA_DIR="/opt/etcd/data"
ETCD_LISTEN_PEER_URLS="https://168.7.10.203:2380"
ETCD_LISTEN_CLIENT_URLS="https://168.7.10.203:2379,http://127.0.0.1:2379"
#本地和遠端私鑰文件
ETCD_KEY_FILE="/opt/etcd/ssl/server.key"
ETCD_PEER_KEY_FILE="/opt/etcd/ssl/server.key"
#本地和遠端證書文件
ETCD_CERT_FILE="/opt/etcd/ssl/server.crt"
ETCD_PEER_CERT_FILE="/opt/etcd/ssl/server.crt"
#本地和遠端受信任CA頒發機構證書文件
ETCD_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.crt"
ETCD_PEER_TRUSTED_CA_FILE="/opt/etcd/ssl/ca.crt"
ETCD_CLIENT_CERT_AUTH=true
ETCD_UNSUPPORTED_ARCH=arm64
logger=zap

#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://168.7.10.203:2380"
ETCD_ADVERTISE_CLIENT_URLS="https://168.7.10.203:2379"
ETCD_INITIAL_CLUSTER="etcd-1=https://168.7.10.201:2380,etcd-2=https://168.7.10.202:2380,etcd-3=https://168.7.10.203:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@host203 cfg]#
EOFB


# 2、定義服務啓動文件
cat>/usr/lib/systemd/system/etcd.service<<EOFZ
[Unit]
Description=Etcd Server
After=network.target
After=network-online.target
Wants=network-online.target

[Service]
Type=notify
EnvironmentFile=/opt/etcd/cfg/etcd.conf
ExecStart=/opt/etcd/bin/etcd

#本地和遠端私鑰文件
#--key-file=/opt/etcd/ssl/server.key \
#--peer-key-file=/opt/etcd/ssl/server.key \
#本地和遠端證書文件
#--cert-file=/opt/etcd/ssl/server.crt \
#--peer-cert-file=/opt/etcd/ssl/server.crt \
#本地和遠端受信任CA頒發機構證書文件
#--trusted-ca-file=/opt/etcd/ssl/ca.crt \
#--peer-trusted-ca-file=/opt/etcd/ssl/ca.crt

Restart=on-failure

[Install]
WantedBy=multi-user.target
EOFZ

#檢查ETCD健康狀態
ETCDCTL_API=3 /opt/etcd/bin/etcdctl \
--cacert=/opt/etcd/ssl/ca.crt \
--cert=/opt/etcd/ssl/server.crt \
--key=/opt/etcd/ssl/server.key \
--endpoints="https://168.7.10.202:2379,\
https://168.7.10.203:2379,\
https://168.7.10.201:2379" \
endpoint health --write-out=table


ETCDCTL_API=3 /opt/etcd/bin/etcdctl \
--cacert=/opt/etcd/ssl/ca.crt \
--cert=/opt/etcd/ssl/server.crt \
--key=/opt/etcd/ssl/server.key \
--endpoints="https://168.7.10.202:2379,\
https://168.7.10.203:2379,\
https://168.7.10.201:2379" \
endpoint status  --write-out=table