etcd安装

签发etcd证书

配置etcd-peer-csr.json文件

{
    "CN": "etce-peer",
    "hosts": [
	"172.16.0.8",
	"172.16.0.15",
	"172.16.0.16",
	"172.16.16.17"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "GuiZhou",
            "ST": "GuiZhou"
        }
    ]
}

生成证书

cfssl gencert -ca=../ca.pem -ca-key=../ca-key.pem -config=../ca-config.json -profile=peer etcd-peer-csr.json | cfssl-json -bare etcd-peer

创建etcd用户

useradd -s /sbin/nologin -M etcd

下载etcd

wget https://github.com/etcd-io/etcd/releases/download/v3.4.8/etcd-v3.4.8-linux-amd64.tar.gz

解压

tar zxvf etcd-v3.4.8-linux-amd64.tar.gz

创建目录

mkdir -p /data/etcd /data/logs/etcd-server

分配目录用户

chown -R etcd.etcd /data/etcd /data/logs/etcd-server/

创建etcd的证书目录

mkdir -p /opt/etcd/certs

主机上生成的ca.pem、etcd-peer-key.pem、etcd-peer.pem拷贝到/opt/etcd/certs目录中，注意私钥文件权限600

[[email protected]_0_8_centos certs]# ll
total 12
-rw-r--r-- 1 root root 1281 May 19 14:42 ca.pem
-rw------- 1 root root 1675 May 19 14:41 etcd-peer-key.pem
-rw-r--r-- 1 root root 1363 May 19 14:41 etcd-peer.pem

给/opt/etcd/certs文件分配etcd用户

chown -R etcd.etcd /opt/etcd/certs/