etcd概述

etcd是分布式系统中最关键数据的分布式可靠键值存储，重点是：
简单：定义明确、面向用户的API（gRPC）
安全：自动TLS，可选客户端证书身份验证
快速：以每秒10000次写入为基准
可靠：使用Raft正确分布

etcd是用Go编写的，并使用Raft共识算法来管理高可用的复制日志。

etcd被许多公司用于生产环境，开发团队在关键部署场景中支持它，其中etcd经常与Kubernetes、locksmith、vulcan、Doorman等应用程序合作。严格的稳健性测试进一步确保了可靠性。

etcd使用http协议工作，支持tls，生产环境中一般使用的是https访问。

etcdctl是一个用于与etcd服务器交互的命令行工具，用户大多通过输入或获取键的值与etcd进行交互。

etcdctl用来与etcd对话的API版本可以通过etcdctl_API环境变量设置为版本2或3。

默认情况下，"etcdctl 3.4+"的etcdctl使用v3 API，早期版本"etcdctl 3.3-"默认为v2 API。

值得注意的是，etcd v2版本写入的数据无法通过v3的版本进行查询，说白了，就是高版本不兼容低版本，相当于v3重写了etcd。

生产环境中，官方推荐使用v3版本。

etcd的双端口作用:
- 2379: HTTP|HTTPS

对客户端使用。

- 2380: TCP 
    etcd集群内部使用。

安装

1.包管理方式安装： 安装简单，但是版本低
apt -y install etcd-client

2.二进制方式安装：可以安装任意版本
  2.1 下载etcd的软件包
    wget https://github.com/etcd-io/etcd/releases/download/v3.5.21/etcd-v3.5.21-    linux-amd64.tar.gz

  2.2 解压etcd的二进制程序包到PATH环境变量路径
   [root@node-exporter41 ~]# tar -xf etcd-v3.5.21-linux-amd64.tar.gz -C  /usr/local/bin etcd-v3.5.21-linux-amd64/etcd{,ctl}  --strip-components=1 
   [root@node-exporter41 ~]# ll /usr/local/bin/etcd*
   [root@node-exporter41 ~]# etcdctl version
     etcdctl version: 3.5.21
     API version: 3.5
[root@node-exporter41 ~]# 

  2.3 将软件包下发到所有节点
   [root@node-exporter41 ~]# scp /usr/local/bin/etcd* 10.0.0.42:/usr/local/bin

   [root@node-exporter41 ~]# scp /usr/local/bin/etcd* 10.0.0.43:/usr/local/bin

  2.4 准备etcd的证书文件
   2.4.1 下载并安装cfssl证书管理工具
     [root@node-exporter41 ~]# apt install rename
     [root@node-exporter41 ~]# 
     [root@node-exporter41 ~]# rename -v "s/_1.6.5_linux_amd64//g" cfssl*
     [root@node-exporter41 ~]# 
     [root@node-exporter41 ~]# mv cfssl* /usr/local/bin/
     [root@node-exporter41 ~]# 
     [root@node-exporter41 ~]# chmod +x /usr/local/bin/cfssl*
     [root@node-exporter41 ~]# 
     [root@node-exporter41 ~]# ll /usr/local/bin/cfssl*
       -rwxr-xr-x 1 root root 11890840 Jun 15 11:56 /usr/local/bin/cfssl*
       -rwxr-xr-x 1 root root  8413336 Jun 15 11:56 /usr/local/bin/cfssl-certinfo*
       -rwxr-xr-x 1 root root  6205592 Jun 15 11:56 /usr/local/bin/cfssljson*
     [root@node-exporter41 ~]# 
 
   2.4.2 创建证书存储目录
     [root@node-exporter41 ~]# mkdir -pv /violet/certs/etcd && cd /violet/certs/etcd/

   2.4.3 生成证书的CSR文件： 证书签发请求文件，配置了一些域名，公司，单位
[root@node-exporter41 etcd]# cat > etcd-ca-csr.json <<EOF
      {
        "CN": "etcd",
        "key": {
       "algo": "rsa",
       "size": 2048
  },
      "names": [
         {
           "C": "CN",
           "ST": "Beijing",
           "L": "Beijing",
           "O": "etcd",
          "OU": "Etcd Security"
    }
  ],
  "ca": {
    "expiry": "876000h"
  }
}
EOF
  2.4.4 生成etcd CA证书和CA证书的key
     [root@node-exporter41 etcd]# cfssl gencert -initca etcd-ca-csr.json | cfssljson -bare /violet/certs/etcd/etcd-ca
     [root@node-exporter41 etcd]# 
     [root@node-exporter41 etcd]# ll /violet/certs/etcd/etcd-ca*
      -rw-r--r-- 1 root root 1050 Nov 15 10:42 /violet/certs/etcd/etcd-ca.csr
      -rw-r--r-- 1 root root  249 Nov 15 10:42 /violet/certs/etcd/etcd-ca-csr.json
      -rw------- 1 root root 1675 Nov 15 10:42 /violet/certs/etcd/etcd-ca-key.pem
      -rw-r--r-- 1 root root 1318 Nov 15 10:42 /violet/certs/etcd/etcd-ca.pem
     [root@node-exporter41 etcd]# 

   2.4.5 生成etcd证书的有效期为100年
    [root@node-exporter41 etcd]# cat > ca-config.json <<EOF
{
  "signing": {
    "default": {
      "expiry": "876000h"
    },
    "profiles": {
      "kubernetes": {
        "usages": [
            "signing",
            "key encipherment",
            "server auth",
            "client auth"
        ],
        "expiry": "876000h"
      }
    }
  }
}
EOF
   
   2.4.6 生成证书的CSR文件： 证书签发请求文件，配置了一些域名，公司，单位

  [root@node-exporter41 etcd]# cat > etcd-csr.json <<EOF
{
  "CN": "etcd",
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "ST": "Beijing",
      "L": "Beijing",
      "O": "etcd",
      "OU": "Etcd Security"
    }
  ]
}
EOF
 
    2.4.7  基于自建的ectd ca证书生成etcd的证书

    [root@node-exporter41 etcd]# cfssl gencert \
      -ca=/violet/certs/etcd/etcd-ca.pem \
      -ca-key=/violet/certs/etcd/etcd-ca-key.pem \
      -config=ca-config.json \
      --hostname=127.0.0.1,node-exporter41,node-exporter42,node-       exporter43,10.0.0.41,10.0.0.42,10.0.0.43 \
      --profile=kubernetes \
   etcd-csr.json  | cfssljson -bare /violet/certs/etcd/etcd-server

    [root@k8s-master01 pki]# ll /violet/certs/etcd/etcd-server*
      -rw-r--r-- 1 root root 1131 Jun 24 15:18 /violet/certs/etcd/etcd-server.csr
      -rw------- 1 root root 1679 Jun 24 15:18 /violet/certs/etcd/etcd-server-key.pem
      -rw-r--r-- 1 root root 1464 Jun 24 15:18 /violet/certs/etcd/etcd-server.pem
    [root@k8s-master01 pki]# 
       
    2.4.8 将etcd证书拷贝到其他两个master节点

   [root@node-exporter41 etcd]# scp -r /violet/certs/ 10.0.0.42:/violet

[root@node-exporter41 etcd]# scp -r /violet/certs/ 10.0.0.43:/violet

[root@node-exporter42 ~]# ll /violet/certs/etcd/
total 44
drwxr-xr-x 2 root root 4096 Nov 15 10:49 ./
drwxr-xr-x 3 root root 4096 Nov 15 10:49 ../
-rw-r--r-- 1 root root  294 Nov 15 10:49 ca-config.json
-rw-r--r-- 1 root root 1050 Nov 15 10:49 etcd-ca.csr
-rw-r--r-- 1 root root  249 Nov 15 10:49 etcd-ca-csr.json
-rw------- 1 root root 1675 Nov 15 10:49 etcd-ca-key.pem
-rw-r--r-- 1 root root 1318 Nov 15 10:49 etcd-ca.pem
-rw-r--r-- 1 root root  210 Nov 15 10:49 etcd-csr.json
-rw-r--r-- 1 root root 1143 Nov 15 10:49 etcd-server.csr
-rw------- 1 root root 1679 Nov 15 10:49 etcd-server-key.pem
-rw-r--r-- 1 root root 1476 Nov 15 10:49 etcd-server.pem
[root@node-exporter42 ~]# 

[root@node-exporter43 ~]# ll /violet/certs/etcd/
total 44
drwxr-xr-x 2 root root 4096 Nov 15 10:49 ./
drwxr-xr-x 3 root root 4096 Nov 15 10:49 ../
-rw-r--r-- 1 root root  294 Nov 15 10:49 ca-config.json
-rw-r--r-- 1 root root 1050 Nov 15 10:49 etcd-ca.csr
-rw-r--r-- 1 root root  249 Nov 15 10:49 etcd-ca-csr.json
-rw------- 1 root root 1675 Nov 15 10:49 etcd-ca-key.pem
-rw-r--r-- 1 root root 1318 Nov 15 10:49 etcd-ca.pem
-rw-r--r-- 1 root root  210 Nov 15 10:49 etcd-csr.json
-rw-r--r-- 1 root root 1143 Nov 15 10:49 etcd-server.csr
-rw------- 1 root root 1679 Nov 15 10:49 etcd-server-key.pem
-rw-r--r-- 1 root root 1476 Nov 15 10:49 etcd-server.pem
[root@node-exporter43 ~]# 
[root@node-exporter43 ~]# 

3.创建etcd集群各节点配置文件

 node-exporter41节点的配置文件
     [root@node-exporter41 ~]# mkdir -pv /violet/softwares/etcd
     [root@node-exporter41 ~]# 
     [root@node-exporter41 ~]# cat > /violet/softwares/etcd/etcd.config.yml <<'EOF'
         name: 'node-exporter41'
         data-dir: /var/lib/etcd
         wal-dir: /var/lib/etcd/wal
         snapshot-count: 5000
         heartbeat-interval: 100
         election-timeout: 1000
         quota-backend-bytes: 0
         listen-peer-urls: 'https://10.0.0.41:2380'
         listen-client-urls: 'https://10.0.0.41:2379,http://127.0.0.1:2379'
         max-snapshots: 3
         max-wals: 5
         cors:
         initial-advertise-peer-urls: 'https://10.0.0.41:2380'
         advertise-client-urls: 'https://10.0.0.41:2379'
         discovery:
         discovery-fallback: 'proxy'
         discovery-proxy:
         discovery-srv:
         initial-cluster: 'node-exporter41=https://10.0.0.41:2380,node- exporter42=https://10.0.0.42:2380,node-exporter43=https://10.0.0.43:2380'
         initial-cluster-token: 'etcd-k8s-cluster'
         initial-cluster-state: 'new'
         strict-reconfig-check: false
         enable-v2: true
         enable-pprof: true
         proxy: 'off'
         proxy-failure-wait: 5000
         proxy-refresh-interval: 30000
         proxy-dial-timeout: 1000
         proxy-write-timeout: 5000
         proxy-read-timeout: 0
         client-transport-security:
         cert-file: '/violet/certs/etcd/etcd-server.pem'
         key-file: '/violet/certs/etcd/etcd-server-key.pem'
         client-cert-auth: true
         trusted-ca-file: '/violet/certs/etcd/etcd-ca.pem'
         auto-tls: true
         peer-transport-security:
         cert-file: '/violet/certs/etcd/etcd-server.pem'
         key-file: '/violet/certs/etcd/etcd-server-key.pem'
         peer-client-cert-auth: true
         trusted-ca-file: '/violet/certs/etcd/etcd-ca.pem'
         auto-tls: true
         debug: false
         log-package-levels:
         log-outputs: [default]
         force-new-cluster: false
EOF

node-exporter42节点的配置文件

[root@node-exporter42 ~]# mkdir -pv /violet/softwares/etcd
[root@node-exporter42 ~]# 
[root@node-exporter42 ~]# cat > /violet/softwares/etcd/etcd.config.yml <<'EOF'
		name: 'node-exporter42'
		data-dir: /var/lib/etcd
		wal-dir: /var/lib/etcd/wal
		snapshot-count: 5000
		heartbeat-interval: 100
		election-timeout: 1000
		quota-backend-bytes: 0
		listen-peer-urls: 'https://10.0.0.42:2380'
		listen-client-urls: 'https://10.0.0.42:2379,http://127.0.0.1:2379'
		max-snapshots: 3
		max-wals: 5
		cors:
		initial-advertise-peer-urls: 'https://10.0.0.42:2380'
		advertise-client-urls: 'https://10.0.0.42:2379'
		discovery:
		discovery-fallback: 'proxy'
		discovery-proxy:
		discovery-srv:
		initial-cluster: 'node-exporter41=https://10.0.0.41:2380,node-exporter42=https://10.0.0.42:2380,node-exporter43=https://10.0.0.43:2380'
		initial-cluster-token: 'etcd-k8s-cluster'
		initial-cluster-state: 'new'
		strict-reconfig-check: false
		enable-v2: true
		enable-pprof: true
		proxy: 'off'
		proxy-failure-wait: 5000
		proxy-refresh-interval: 30000
		proxy-dial-timeout: 1000
		proxy-write-timeout: 5000
		proxy-read-timeout: 0
		client-transport-security:
		  cert-file: '/violet/certs/etcd/etcd-server.pem'
		  key-file: '/violet/certs/etcd/etcd-server-key.pem'
		  client-cert-auth: true
		  trusted-ca-file: '/oldboyedu/certs/etcd/etcd-ca.pem'
		  auto-tls: true
		peer-transport-security:
		  cert-file: '/violet/certs/etcd/etcd-server.pem'
		  key-file: '/violet/certs/etcd/etcd-server-key.pem'
		  peer-client-cert-auth: true
		  trusted-ca-file: '/violet/certs/etcd/etcd-ca.pem'
		  auto-tls: true
		debug: false
		log-package-levels:
		log-outputs: [default]
		force-new-cluster: false
EOF

node-exporter43节点的配置文件

[root@node-exporter43 ~]# mkdir -pv /violet/softwares/etcd
[root@node-exporter43 ~]# 
[root@node-exporter43 ~]# cat > /violet/softwares/etcd/etcd.config.yml <<'EOF'
		name: 'node-exporter43'
		data-dir: /var/lib/etcd
		wal-dir: /var/lib/etcd/wal
		snapshot-count: 5000
		heartbeat-interval: 100
		election-timeout: 1000
		quota-backend-bytes: 0
		listen-peer-urls: 'https://10.0.0.43:2380'
		listen-client-urls: 'https://10.0.0.43:2379,http://127.0.0.1:2379'
		max-snapshots: 3
		max-wals: 5
		cors:
		initial-advertise-peer-urls: 'https://10.0.0.43:2380'
		advertise-client-urls: 'https://10.0.0.43:2379'
		discovery:
		discovery-fallback: 'proxy'
		discovery-proxy:
		discovery-srv:
		initial-cluster: 'node-exporter41=https://10.0.0.41:2380,node-exporter42=https://10.0.0.42:2380,node-exporter43=https://10.0.0.43:2380'
		initial-cluster-token: 'etcd-k8s-cluster'
		initial-cluster-state: 'new'
		strict-reconfig-check: false
		enable-v2: true
		enable-pprof: true
		proxy: 'off'
		proxy-failure-wait: 5000
		proxy-refresh-interval: 30000
		proxy-dial-timeout: 1000
		proxy-write-timeout: 5000
		proxy-read-timeout: 0
		client-transport-security:
		  cert-file: '/violet/certs/etcd/etcd-server.pem'
		  key-file: '/violet/certs/etcd/etcd-server-key.pem'
		  client-cert-auth: true
		  trusted-ca-file: '/violet/certs/etcd/etcd-ca.pem'
		  auto-tls: true
		peer-transport-security:
		  cert-file: '/violet/certs/etcd/etcd-server.pem'
		  key-file: '/violet/certs/etcd/etcd-server-key.pem'
		  peer-client-cert-auth: true
		  trusted-ca-file: '/violet/certs/etcd/etcd-ca.pem'
		  auto-tls: true
		debug: false
		log-package-levels:
		log-outputs: [default]
		force-new-cluster: false
EOF

5.所有节点编写etcd启动脚本

cat > /usr/lib/systemd/system/etcd.service <<'EOF'
		[Unit]
		Description=Jason Yin's Etcd Service
		Documentation=https://coreos.com/etcd/docs/latest/
		After=network.target

		[Service]
		Type=notify
		ExecStart=/usr/local/bin/etcd --config-file=/violet/softwares/etcd/etcd.config.yml
		Restart=on-failure
		RestartSec=10
		LimitNOFILE=65536

		[Install]
		WantedBy=multi-user.target
		Alias=etcd3.service
		EOF
6.所有节点启动etcd集群

         systemctl daemon-reload && systemctl enable --now etcd
         systemctl status etcd
7.查看etcd集群状态

[root@node-exporter41 ~]# etcdctl --endpoints="10.0.0.41:2379,10.0.0.42:2379,10.0.0.43:2379" --cacert=/violet/certs/etcd/etcd-ca.pem --cert=/violet/certs/etcd/etcd-server.pem --key=/violet/certs/etcd/etcd-server-key.pem  endpoint status --write-out=table
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|    ENDPOINT    |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 10.0.0.41:2379 | 9378902f41df91e9 |  3.5.21 |   20 kB |      true |      false |         2 |          9 |                  9 |        |
| 10.0.0.42:2379 | 18f972748ec1bd96 |  3.5.21 |   20 kB |     false |      false |         2 |          9 |                  9 |        |
| 10.0.0.43:2379 | a3dfd2d37c461ee9 |  3.5.21 |   20 kB |     false |      false |         2 |          9 |                  9 |        |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
[root@node-exporter41 ~]# 

8.验证etcd高可用集群

		8.1 停止leader节点
[root@node-exporter41 ~]# ss -ntl | egrep "2379|2380"
LISTEN 0      4096       127.0.0.1:2379      0.0.0.0:*          
LISTEN 0      4096       10.0.0.41:2379      0.0.0.0:*          
LISTEN 0      4096       10.0.0.41:2380      0.0.0.0:*          
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# systemctl stop etcd
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# ss -ntl | egrep "2379|2380"
[root@node-exporter41 ~]#  
                 8.2 查看现有集群环境，发现新leader诞生
[root@node-exporter41 ~]# etcdctl --endpoints="10.0.0.43:2379,10.0.0.42:2379,10.0.0.41:2379" --cacert=/violet/certs/etcd/etcd-ca.pem --cert=/violet/certs/etcd/etcd-server.pem --key=/violet/certs/etcd/etcd-server-key.pem  endpoint status --write-out=table
{"level":"warn","ts":"2025-03-31T09:43:21.900584+0800","logger":"etcd-client","caller":"v3@v3.5.21/retry_interceptor.go:63","msg":"retrying of unary invoker failed","target":"etcd-endpoints://0xc0000b4000/10.0.0.43:2379","attempt":0,"error":"rpc error: code = DeadlineExceeded desc = latest balancer error: last connection error: connection error: desc = \"transport: Error while dialing: dial tcp 10.0.0.41:2379: connect: connection refused\""}
Failed to get the status of endpoint 10.0.0.41:2379 (context deadline exceeded)
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|    ENDPOINT    |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 10.0.0.43:2379 | a3dfd2d37c461ee9 |  3.5.21 |   20 kB |     false |      false |         3 |         10 |                 10 |        |
| 10.0.0.42:2379 | 18f972748ec1bd96 |  3.5.21 |   20 kB |      true |      false |         3 |         10 |                 10 |        |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
[root@node-exporter41 ~]# 

		8.3 再将之前的leader起来
[root@node-exporter41 ~]# systemctl start etcd
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# ss -ntl | egrep "2379|2380"
LISTEN 0      4096       127.0.0.1:2379      0.0.0.0:*          
LISTEN 0      4096       10.0.0.41:2379      0.0.0.0:*          
LISTEN 0      4096       10.0.0.41:2380      0.0.0.0:*          
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl --endpoints="10.0.0.41:2379,10.0.0.42:2379,10.0.0.43:2379" --cacert=/violet/certs/etcd/etcd-ca.pem --cert=/violet/certs/etcd/etcd-server.pem --key=/violet/certs/etcd/etcd-server-key.pem  endpoint status --write-out=table
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|    ENDPOINT    |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 10.0.0.41:2379 | 9378902f41df91e9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
| 10.0.0.42:2379 | 18f972748ec1bd96 |  3.5.21 |   20 kB |      true |      false |         3 |         11 |                 11 |        |
| 10.0.0.43:2379 | a3dfd2d37c461ee9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
[root@node-exporter41 ~]# 

9.添加别名

         9.1 添加别名
[root@node-exporter41 ~]# vim .bashrc 
...
alias etcdctl='etcdctl --endpoints="10.0.0.41:2379,10.0.0.42:2379,10.0.0.43:2379" --cacert=/violet/certs/etcd/etcd-ca.pem --cert=/violet/certs/etcd    /etcd-server.pem --key=/violet/certs/etcd/etcd-server-key.pem ' 

...
[root@node-exporter41 ~]# source .bashrc
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl endpoint status --write-out=table
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|    ENDPOINT    |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 10.0.0.41:2379 | 9378902f41df91e9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
| 10.0.0.42:2379 | 18f972748ec1bd96 |  3.5.21 |   20 kB |      true |      false |         3 |         11 |                 11 |        |
| 10.0.0.43:2379 | a3dfd2d37c461ee9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# scp .bashrc 10.0.0.42:~
[root@node-exporter41 ~]#
[root@node-exporter41 ~]# scp .bashrc 10.0.0.43:~


		9.2 测试验证 【需要断开重连】
[root@node-exporter42 ~]# etcdctl endpoint status --write-out=table
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|    ENDPOINT    |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 10.0.0.41:2379 | 9378902f41df91e9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
| 10.0.0.42:2379 | 18f972748ec1bd96 |  3.5.21 |   20 kB |      true |      false |         3 |         11 |                 11 |        |
| 10.0.0.43:2379 | a3dfd2d37c461ee9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
[root@node-exporter42 ~]# 


[root@node-exporter43 ~]# etcdctl endpoint status --write-out=table
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
|    ENDPOINT    |        ID        | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
| 10.0.0.41:2379 | 9378902f41df91e9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
| 10.0.0.42:2379 | 18f972748ec1bd96 |  3.5.21 |   20 kB |      true |      false |         3 |         11 |                 11 |        |
| 10.0.0.43:2379 | a3dfd2d37c461ee9 |  3.5.21 |   20 kB |     false |      false |         3 |         11 |                 11 |        |
+----------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
[root@node-exporter43 ~]#

以上就是etcd集群的搭建，要注意的是证书生成的过程一定要仔细，确保证书不缺失！

etcd的基本使用

1.etcd基础操作概述
etcd的操作和zookeeper，Redis的操作类似，存储数据都是键值对。

2.etcd增删改查基础操作
		2.1 写入数据KEY的school，value等于qinghua
[root@node-exporter41 ~]# etcdctl put school qinghua
OK
[root@node-exporter41 ~]# etcdctl put /class qinghua1
OK
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl put service 服务
OK
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl put /violet/docker/harbor 镜像仓库
OK
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl put /violet/docker/registry 轻量级镜像仓库
OK
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl put /violet/docker/dockerhub 官方镜像仓库
OK
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# 


		2.2 查看数据
[root@node-exporter41 ~]# etcdctl get school
school
qinghua
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get school  --keys-only
qinghua

[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get school   --print-value-only
violet
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get / --prefix --keys-only
/class

/violet/docker/dockerhub

/violet/docker/harbor

/violet/docker/registry

[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get / --prefix --print-value-only
qinghua1
官方镜像仓库
镜像仓库
轻量级镜像仓库
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only  # 查看etcd所有数据
/class

/violet/docker/dockerhub

/violet/docker/harbor

/violet/docker/registry

school

service

[root@node-exporter41 ~]# 

		2.3 修改数据
[root@node-exporter42 ~]# etcdctl get school --print-value-only
qinghua
[root@node-exporter42 ~]# 
[root@node-exporter41 ~]# etcdctl put school violet007
OK
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get school --print-value-only
violet007
[root@node-exporter41 ~]# 


	
		2.4 删除数据 
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
/class

/violet/docker/dockerhub

/violet/docker/harbor

/violet/docker/registry

school

service

[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl del school
1
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl del / --prefix
4
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
service

[root@node-exporter41 ~]# 


彩蛋：删除etcd所有数据
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
/violet/docker/dockerhub

/violet/docker/harbor

/violet/docker/registry

offic

school

service

[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl del "" --prefix 
6
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
[root@node-exporter41 ~]#

etcd集群基于快照实现数据备份实战

		1 原生数据【数据随机创建即可，用于模拟备份环节】
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
/violet/docker/dockerhub

/violet/docker/harbor

/violet/docker/registry

offic

school

service

[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# 


		2 创建快照用于备份数据
[root@node-exporter41 ~]# \etcdctl snapshot save /tmp/violet-etcd-`date +%F`.backup
{"level":"info","ts":"2025-03-31T10:33:18.973693+0800","caller":"snapshot/v3_snapshot.go:65","msg":"created temporary db file","path":"/tmp/violet-etcd-2025-03-31.backup.part"}
{"level":"info","ts":"2025-03-31T10:33:18.974617+0800","logger":"client","caller":"v3@v3.5.21/maintenance.go:212","msg":"opened snapshot stream; downloading"}
{"level":"info","ts":"2025-03-31T10:33:18.974650+0800","caller":"snapshot/v3_snapshot.go:73","msg":"fetching snapshot","endpoint":"127.0.0.1:2379"}
{"level":"info","ts":"2025-03-31T10:33:18.977933+0800","logger":"client","caller":"v3@v3.5.21/maintenance.go:220","msg":"completed snapshot read; closing"}
{"level":"info","ts":"2025-03-31T10:33:18.981992+0800","caller":"snapshot/v3_snapshot.go:88","msg":"fetched snapshot","endpoint":"127.0.0.1:2379","size":"25 kB","took":"now"}
{"level":"info","ts":"2025-03-31T10:33:18.982309+0800","caller":"snapshot/v3_snapshot.go:97","msg":"saved","path":"/tmp/violet-etcd-2025-03-31.backup"}
Snapshot saved at /tmp/violet-etcd-2025-03-31.backup
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# ll -h /tmp/violet-etcd-2025-03-31.backup 
-rw------- 1 root root 25K Mar 31 10:33 /tmp/violet-etcd-2025-03-31.backup
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl snapshot status /tmp/violet-etcd-2025-03-31.backup -w table  # 查看官网文档的状态
Deprecated: Use `etcdutl snapshot status` instead.

+----------+----------+------------+------------+
|   HASH   | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| dc3f60fb |       15 |         25 |      25 kB |
+----------+----------+------------+------------+
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# scp /tmp/violet-etcd-2025-03-31.backup 10.0.0.42:~
[root@node-exporter41 ~]# scp /tmp/violet-etcd-2025-03-31.backup 10.0.0.43:~


		3.3 删除所有数据 
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
/violet/docker/dockerhub

/violet/docker/harbor

/violet/docker/registry

offic

school

service

[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl del "" --prefix 
6
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
[root@node-exporter41 ~]# 

		3.4 停止etcd集群
[root@node-exporter41 ~]# systemctl stop  etcd
[root@node-exporter42 ~]# systemctl stop  etcd
[root@node-exporter43 ~]# systemctl stop  etcd



		3.5 各节点恢复数据 【恢复的数据目录必须为空】
[root@node-exporter41 ~]# etcdctl snapshot restore /tmp/violet-etcd-2025-03-31.backup --data-dir=/var/lib/etcd-2025
Deprecated: Use `etcdutl snapshot restore` instead.

2025-03-31T10:38:52+08:00	info	snapshot/v3_snapshot.go:265	restoring snapshot	{"path": "/tmp/violet-etcd-2025-03-31.backup", "wal-dir": "/var/lib/etcd-2025/member/wal", "data-dir": "/var/lib/etcd-2025", "snap-dir": "/var/lib/etcd-2025/member/snap", "initial-memory-map-size": 0}
2025-03-31T10:38:52+08:00	info	membership/store.go:138	Trimming membership information from the backend...
2025-03-31T10:38:52+08:00	info	membership/cluster.go:421	added member	{"cluster-id": "cdf818194e3a8c32", "local-member-id": "0", "added-peer-id": "8e9e05c52164694d", "added-peer-peer-urls": ["http://localhost:2380"], "added-peer-is-learner": false}
2025-03-31T10:38:52+08:00	info	snapshot/v3_snapshot.go:293	restored snapshot	{"path": "/tmp/violet-etcd-2025-03-31.backup", "wal-dir": "/var/lib/etcd-2025/member/wal", "data-dir": "/var/lib/etcd-2025", "snap-dir": "/var/lib/etcd-2025/member/snap", "initial-memory-map-size": 0}
[root@node-exporter41 ~]# 


[root@node-exporter42 ~]# etcdctl snapshot restore /root/violet-etcd-2025-03-31.backup --data-dir=/var/lib/etcd-2025
Deprecated: Use `etcdutl snapshot restore` instead.

2025-03-31T10:40:07+08:00	info	snapshot/v3_snapshot.go:265	restoring snapshot	{"path": "/root/violet-etcd-2025-03-31.backup", "wal-dir": "/var/lib/etcd-2025/member/wal", "data-dir": "/var/lib/etcd-2025", "snap-dir": "/var/lib/etcd-2025/member/snap", "initial-memory-map-size": 0}
2025-03-31T10:40:07+08:00	info	membership/store.go:138	Trimming membership information from the backend...
2025-03-31T10:40:07+08:00	info	membership/cluster.go:421	added member	{"cluster-id": "cdf818194e3a8c32", "local-member-id": "0", "added-peer-id": "8e9e05c52164694d", "added-peer-peer-urls": ["http://localhost:2380"], "added-peer-is-learner": false}
2025-03-31T10:40:08+08:00	info	snapshot/v3_snapshot.go:293	restored snapshot	{"path": "/root/violet-etcd-2025-03-31.backup", "wal-dir": "/var/lib/etcd-2025/member/wal", "data-dir": "/var/lib/etcd-2025", "snap-dir": "/var/lib/etcd-2025/member/snap", "initial-memory-map-size": 0}
[root@node-exporter42 ~]# 


[root@node-exporter43 ~]# etcdctl snapshot restore /root/violet-etcd-2025-03-31.backup --data-dir=/var/lib/etcd-2025
Deprecated: Use `etcdutl snapshot restore` instead.

2025-03-31T10:40:20+08:00	info	snapshot/v3_snapshot.go:265	restoring snapshot	{"path": "/root/violet-etcd-2025-03-31.backup", "wal-dir": "/var/lib/etcd-2025/member/wal", "data-dir": "/var/lib/etcd-2025", "snap-dir": "/var/lib/etcd-2025/member/snap", "initial-memory-map-size": 0}
2025-03-31T10:40:20+08:00	info	membership/store.go:138	Trimming membership information from the backend...
2025-03-31T10:40:20+08:00	info	membership/cluster.go:421	added member	{"cluster-id": "cdf818194e3a8c32", "local-member-id": "0", "added-peer-id": "8e9e05c52164694d", "added-peer-peer-urls": ["http://localhost:2380"], "added-peer-is-learner": false}
2025-03-31T10:40:20+08:00	info	snapshot/v3_snapshot.go:293	restored snapshot	{"path": "/root/violet-etcd-2025-03-31.backup", "wal-dir": "/var/lib/etcd-2025/member/wal", "data-dir": "/var/lib/etcd-2025", "snap-dir": "/var/lib/etcd-2025/member/snap", "initial-memory-map-size": 0}
[root@node-exporter43 ~]# 


		3.6 将恢复后的数据目录作为新的数据目录
[root@node-exporter41 ~]# grep "/var/lib/etcd" /violet/softwares/etcd/etcd.config.yml 
data-dir: /var/lib/etcd
wal-dir: /var/lib/etcd/wal
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# sed -ri "s#(/var/lib/etcd)#\1-2025#g" /violet/softwares/etcd/etcd.config.yml 
[root@node-exporter41 ~]# 
[root@node-exporter41 ~]# grep "/var/lib/etcd" /violet/softwares/etcd/etcd.config.yml 
data-dir: /var/lib/etcd-2025
wal-dir: /var/lib/etcd-2025/wal
[root@node-exporter41 ~]# 


[root@node-exporter42 ~]# sed -ri "s#(/var/lib/etcd)#\1-2025#g" /violet/softwares/etcd/etcd.config.yml 
[root@node-exporter42 ~]# 
[root@node-exporter42 ~]# grep "/var/lib/etcd" /violet/softwares/etcd/etcd.config.yml
data-dir: /var/lib/etcd-2025
wal-dir: /var/lib/etcd-2025/wal
[root@node-exporter42 ~]# 


[root@node-exporter43 ~]# sed -ri "s#(/var/lib/etcd)#\1-2025#g" /violet/softwares/etcd/etcd.config.yml 
[root@node-exporter43 ~]# 
[root@node-exporter43 ~]# grep "/var/lib/etcd" /violet/softwares/etcd/etcd.config.yml
data-dir: /var/lib/etcd-2025
wal-dir: /var/lib/etcd-2025/wal
[root@node-exporter43 ~]# 

		3.7 启动etcd集群 
[root@node-exporter41 ~]# systemctl start etcd

[root@node-exporter42 ~]# systemctl start etcd
 
[root@node-exporter43 ~]# systemctl start etcd


		3.8 验证数据是否恢复 
[root@node-exporter41 ~]# etcdctl get "" --prefix --keys-only
/violet/docker/dockerhub

/violet/docker/harbor

/violet/docker/registry

offic

school

service

[root@node-exporter41 ~]# 



推荐阅读:
	https://etcd.io/docs/v3.5/op-guide/recovery/
	https://etcd.io/docs/v3.5/op-guide/ 
	https://etcd.io/docs/v3.5/learning/ 
	https://etcd.io/docs/v3.5/upgrades/
	
	
	
- 使用curl工具连接etcd测试

[root@node-exporter41 ~]# curl -s -k --cacert /violet/certs/etcd/etcd-ca.pem --cert /violet/certs/etcd/etcd-server.pem  --key /violet/certs/etcd/etcd-server-key.pem  https://10.0.0.41:2379/metrics | wc -l
1627
[root@node-exporter41 ~]#

发表回复取消回复

Related News

基于kubeadm部署K8S 1.23-

基于kubeadm部署K8S 1.24+

You may have missed

kafka单点部署-和kafka集群搭建

zookeeper单点部署以及集群搭建

Kibana如何部署

Prometheus监控es集群

归档

其他

etcd概述

安装

以上就是etcd集群的搭建，要注意的是证书生成的过程一定要仔细，确保证书不缺失！

etcd的基本使用

etcd集群基于快照实现数据备份实战

发表回复 取消回复

Related News

基于kubeadm部署K8S 1.23-

基于kubeadm部署K8S 1.24+

You may have missed

kafka单点部署-和kafka集群搭建

zookeeper单点部署以及集群搭建

Kibana如何部署

Prometheus监控es集群

发表回复取消回复