etcd 集群新增节点和移除节点
当前集群信息
节点 |
IP 地址 |
|---|---|
etcd1 |
192.168.110.12 |
etcd2 |
192.168.110.13 |
etcd3 |
192.168.110.15 |
etcd4(新增) |
192.168.110.17 |
一、新增节点
1. 下载 etcd 二进制包
wget https://github.com/etcd-io/etcd/releases/download/v3.5.15/etcd-v3.5.15-linux-amd64.tar.gz
2. 创建 etcd 目录
mkdir -p /data/etcd/{data,ssl,bin}
3. 解压并移动 etcd 命令至 etcd 目录
tar zxf etcd-v3.5.15-linux-amd64.tar.gz
cp etcd-v3.5.15-linux-amd64/etcd* /data/etcd/bin/
4. 配置环境变量
echo "export PATH=/data/etcd/bin:\$PATH" > /etc/profile.d/etcd.sh
source /etc/profile.d/etcd.sh
5. 复制证书文件
scp etcd1:/data/etcd/ssl/*.pem /data/etcd/ssl/
6. 复制配置文件
scp etcd1:/usr/lib/systemd/system/etcd.service /usr/lib/systemd/system/
7. 修改配置文件
编辑 /usr/lib/systemd/system/etcd.service:
[Service]
Type=notify
ExecStart=/data/etcd/bin/etcd \
--name=etcd4 \ # 修改:节点名称
--cert-file=/data/etcd/ssl/server.pem \
--key-file=/data/etcd/ssl/server-key.pem \
--peer-cert-file=/data/etcd/ssl/server.pem \
--peer-key-file=/data/etcd/ssl/server-key.pem \
--trusted-ca-file=/data/etcd/ssl/ca.pem \
--peer-trusted-ca-file=/data/etcd/ssl/ca.pem \
--peer-client-cert-auth \
--client-cert-auth \
--initial-advertise-peer-urls=https://192.168.110.17:2380 \ # 修改:新节点 IP
--listen-peer-urls=https://192.168.110.17:2380 \ # 修改:新节点 IP
--listen-client-urls=https://192.168.110.17:2379,https://127.0.0.1:2379 \ # 修改:新节点 IP
--advertise-client-urls=https://192.168.110.17:2379 \ # 修改:新节点 IP
--initial-cluster-token=etcd-cluster-1 \
--initial-cluster=etcd1=https://192.168.110.12:2380,etcd2=https://192.168.110.13:2380,etcd3=https://192.168.110.15:2380,etcd4=https://192.168.110.17:2380 \ # 新增:etcd4 条目
--initial-cluster-state=existing \ # 新家节点要注意,这里要改成 existing
--data-dir=/data/etcd/data
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
说明:
红色位置(需修改):
--name、--initial-advertise-peer-urls、--listen-peer-urls、--listen-client-urls、--advertise-client-urls绿色位置(新增):
--initial-cluster中追加etcd4=https://192.168.110.17:2380
--initial-cluster-state的值要改成existing,表示新节点加入现有集群,如果不修改,默认值是new,表示新节点要创建一个新的集群,这样就无法加入现有集群了。
8. 配置防火墙
在 etcd1-3 上执行(放行新节点 IP):
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.17" port protocol="tcp" port="2379" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.17" port protocol="tcp" port="2380" accept'
firewall-cmd --reload
在 etcd4 上执行(放行其他节点 IP):
# 放行 etcd1
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.12" port protocol="tcp" port="2379" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.12" port protocol="tcp" port="2380" accept'
# 放行 etcd2
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.13" port protocol="tcp" port="2379" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.13" port protocol="tcp" port="2380" accept'
# 放行 etcd3
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.15" port protocol="tcp" port="2379" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.15" port protocol="tcp" port="2380" accept'
# 放行 etcd4 自身
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.17" port protocol="tcp" port="2379" accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.110.17" port protocol="tcp" port="2380" accept'
firewall-cmd --reload
9. 加入新节点到集群
在 etcd1-3 中任意一个节点上执行一次即可:
etcdctl \
--endpoints=https://192.168.110.13:2379 \
--cacert=/data/etcd/ssl/ca.pem \
--cert=/data/etcd/ssl/server.pem \
--key=/data/etcd/ssl/server-key.pem \
member add etcd4 \
--peer-urls=https://192.168.110.17:2380
10. 启动新节点
systemctl start etcd
systemctl enable etcd
11. 查看集群信息
etcdctl \
--endpoints=https://192.168.110.12:2379 \
--cacert=/data/etcd/ssl/ca.pem \
--cert=/data/etcd/ssl/server.pem \
--key=/data/etcd/ssl/server-key.pem \
member list
二、移除节点
1. 查看需要移除的节点 ID
etcdctl \
--endpoints=https://192.168.110.12:2379 \
--cacert=/data/etcd/ssl/ca.pem \
--cert=/data/etcd/ssl/server.pem \
--key=/data/etcd/ssl/server-key.pem \
member list
2. 根据 ID 移除节点
etcdctl \
--endpoints=https://192.168.110.12:2379 \
--cacert=/data/etcd/ssl/ca.pem \
--cert=/data/etcd/ssl/server.pem \
--key=/data/etcd/ssl/server-key.pem \
member remove 5e994a4b4e60b7c9
三、重新加入被移除的节点
1. 修改节点启动配置
将 initial-cluster-state 参数的值修改为:existing
2. 清空数据目录
rm -rf /data/etcd/data/*
3. 执行加入新节点命令后再启动 etcd 服务
参考「新增节点」章节的第 9、10 步执行。