把刚才生成的证书拷贝到配置文件中的位置:
另外两台etcd集群也要创建目录 mkdir /data/soft/etcd/{bin,cfg,ssl} -p mkdir /data/soft/kubernetes/{bin,cfg,ssl} -p cd /data/www/etcd-cert cp etcd-ca.pem etcd-server.pem etcd-server-key.pem /data/soft/etcd/ssl/ scp -P 12525 etcd-ca.pem etcd-server.pem etcd-server-key.pem www@192.168.0.12:/data/soft/etcd/ssl/ scp -P 12525 etcd-ca.pem etcd-server.pem etcd-server-key.pem www@192.168.0.4:/data/soft/etcd/ssl/ 将启动文件、配置文件拷贝到 节点1、节点2 cd /data/soft/ scp -P 12525 -r etcd www@192.168.0.12:/data/soft scp -P 12525 -r etcd www@192.168.0.4:/data/soft scp -P 12525 -r /usr/lib/systemd/system/etcd.service www@192.168.0.12:/usr/lib/systemd/system/etcd.service scp -P 12525 -r /usr/lib/systemd/system/etcd.service www@192.168.0.4:/usr/lib/systemd/system/etcd.service 192.168.0.12 node01配置文件修改 cat << EOF | tee /data/soft/etcd/cfg/etcd #[Member] ETCD_NAME="etcd02" ETCD_DATA_DIR="/data/www/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.0.12:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.0.12:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.0.12:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.0.12:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.0.10:2380,etcd02=https://192.168.0.12:2380,etcd03=https://192.168.0.4:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" EOF 192.168.0.4 node02配置文件修改 cat << EOF | tee /data/soft/etcd/cfg/etcd #[Member] ETCD_NAME="etcd03" ETCD_DATA_DIR="/data/www/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="https://192.168.0.4:2380" ETCD_LISTEN_CLIENT_URLS="https://192.168.0.4:2379" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.0.4:2380" ETCD_ADVERTISE_CLIENT_URLS="https://192.168.0.4:2379" ETCD_INITIAL_CLUSTER="etcd01=https://192.168.0.10:2380,etcd02=https://192.168.0.12:2380,etcd03=https://192.168.0.4:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" ETCD_INITIAL_CLUSTER_STATE="new" EOF 启动ETCD服务 systemctl daemon-reload systemctl enable etcd systemctl restart etcd #etcd 进程首次启动时会等待其它节点的 etcd 加入集群,命令 systemctl start etcd 会卡住一段时间,为正常现象; 验证ETCD集群是否正常运行 /data/soft/etcd/bin/etcdctl \ --ca-file=http://www.likecs.com/data/soft/etcd/ssl/ca.pem \ --cert-file=http://www.likecs.com/data/soft/etcd/ssl/server.pem \ --key-file=http://www.likecs.com/data/soft/etcd/ssl/server-key.pem \ --endpoints="https://192.168.0.10:2379,\ https://192.168.0.12:2379,\ https://192.168.0.4:2379" cluster-health member b8fffb7f5b2f26e is healthy: got healthy result from https://192.168.0.12:2379 member 5ac283d796e472ba is healthy: got healthy result from https://192.168.0.4:2379 member a569e0ee3b34eefa is healthy: got healthy result from https://192.168.0.10:2379 cluster is healthy 注意: 启动ETCD集群同时最少启动二个节点,启动一个节点集群是无法正常启动的; 常见etcd配置问题etcd启动不起来
错误1:因为etcd之间https通讯是基于证书的。我证书中的IP地址有错误。etcd启动后不加入集群
错误2:现象: Apr 18 10:34:45 k8s-master01 etcd: request cluster ID mismatch (got cf138cda9790f1d0 want 8732ef518b18f052) 解决方法: 此时etcd节点都已经启动,但是无法连接,发现有request cluster ID mismatch报错。找到etcd数据存储目录 [www@k8s-master01 ssl]# grep -i ETCD_DATA_DIR /data/soft/etcd/cfg/etcd ETCD_DATA_DIR="/data/www/etcd/default.etcd" 删除各节点/data/www/etcd/default.etcd,重启etcd即可解决。 由于删除的是数据存储目录,不是新建etcd集群,或者有重要数据的不可直接删除。 可以通过 journalctl -xefu etcd来详细排查问题。