安装
#!/bin/bash
ETCD_VER=$1
rm -f /bin/etcd /bin/etcdctl
mv /data/yunwei/service/etcd /data/yunwei/service/etcd.bak
# choose either URL
GOOGLE_URL=https://storage.googleapis.com/etcd
GITHUB_URL=https://github.com/etcd-io/etcd/releases/download
DOWNLOAD_URL=${GOOGLE_URL}
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
rm -rf /tmp/etcd-download-test && mkdir -p /tmp/etcd-download-test
mkdir -p /data/yunwei/service/etcd/
curl -L ${DOWNLOAD_URL}/${ETCD_VER}/etcd-${ETCD_VER}-linux-amd64.tar.gz -o /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
tar xzvf /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz -C /data/yunwei/service/etcd/ --strip-components=1
rm -f /tmp/etcd-${ETCD_VER}-linux-amd64.tar.gz
cat << 'EOF' > /usr/lib/systemd/system/etcd.service
[Unit]
Description=etcd server
Documentation=https://github.com/etcd-io/etcd
After=network.target
[Service]
PermissionsStartOnly=true
LimitNOFILE=1048576
LimitNPROC=512
CapabilityBoundingSet=CAP_NET_BIND_SERVICE
AmbientCapabilities=CAP_NET_BIND_SERVICE
NoNewPrivileges=true
User=root
ExecStart=/data/yunwei/service/etcd/etcd --config-file /data/yunwei/service/etcd/conf.yml
ExecReload=/bin/kill -SIGUSR1 $MAINPID
Restart=on-failure
[Install]
WantedBy=multi-user.target
EOF
/data/yunwei/service/etcd/etcd --version
/data/yunwei/service/etcd/etcdctl version
ln -s /data/yunwei/service/etcd/etcd /bin/etcd
ln -s /data/yunwei/service/etcd/etcdctl /bin/etcdctl证书
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -sha256 -days 36501 -out ca.crt -subj "/CN=etcd-ca"
openssl genrsa -out server.key 2048
openssl req -new -key server.key -out server.csr -subj "/CN=cvm-prod-tc-sg-bdt-iop-etcd"
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 36500 -sha256
openssl genrsa -out client.key 2048
openssl req -new -key client.key -out client.csr -subj "/CN=etcd-client"
openssl x509 -req -in client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out client.crt -days 36500 -sha256配置
name: cvm-prod-tc-sg-bdt-iop-etcd
data-dir: /data/yunwei/service/etcd/data
listen-client-urls: https://10.233.192.143:2379
advertise-client-urls: https://10.233.192.143:2379
listen-peer-urls: https://10.233.192.143:2380
client-transport-security:
cert-file: /data/yunwei/service/etcd/etcd-crt/client.crt
key-file: /data/yunwei/service/etcd/etcd-crt/client.key
trusted-ca-file: /data/yunwei/service/etcd/etcd-crt/ca.crt
client-cert-auth: true
client-cert-allowed-cn: etcd-client
peer-transport-security:
cert-file: /data/yunwei/service/etcd/etcd-crt/server.crt
key-file: /data/yunwei/service/etcd/etcd-crt/server.key
trusted-ca-file: /data/yunwei/service/etcd/etcd-crt/ca.crt
client-cert-auth: true
client-cert-allowed-cn: cvm-prod-tc-sg-bdt-iop-etcd
