우분투에서 APT 패키지 매니저를 사용하여 etcd를 설치하는 방법

우분투에서 APT 패키지 매니저를 사용하여 etcd를 설치하는 방법

테스트 환경

역할	호스트 이름	아이피 주소	비고
etcd 서버	node111	192.168.10.111
etcd 서버	node112	192.168.10.112
etcd 서버	node113	192.168.10.113

 

APT 패키지 리스트 업데이트

sudo apt-get update

etcd 설치

sudo apt-get install -y etcd

etcd 서비스 구성

• 설치가 완료되면 etcd 서비스를 구성해야 합니다.
• 기본적으로 /etc/default/etcd 파일을 편집하여 환경 변수를 설정할 수 있습니다.

vim /etc/default/etcd

---

cat /etc/default/etcd

## etcd(1) daemon options
## See "/usr/share/doc/etcd-server/op-guide/configuration.md.gz"

### Member flags

##### --name
## Human-readable name for this member.
## This value is referenced as this node's own entries listed in the
## `--initial-cluster` flag (e.g., `default=http://localhost:2380`). This
## needs to match the key used in the flag if using static bootstrapping. When
## using discovery, each member must have a unique name. `Hostname` or
## `machine-id` can be a good choice.
## default: "default"
# ETCD_NAME="default"

##### --data-dir
## Path to the data directory.
## default: "${name}.etcd"
# ETCD_DATA_DIR="/var/lib/etcd/default"

##### --wal-dir
## Path to the dedicated wal directory. If this flag is set, etcd will write
## the WAL files to the walDir rather than the dataDir. This allows a
## dedicated disk to be used, and helps avoid io competition between logging
## and other IO operations.
## default: ""
# ETCD_WAL_DIR

##### --snapshot-count
## Number of committed transactions to trigger a snapshot to disk.
## default: "100000"
# ETCD_SNAPSHOT_COUNT="100000"

##### --heartbeat-interval
## Time (in milliseconds) of a heartbeat interval.
## default: "100"
# ETCD_HEARTBEAT_INTERVAL="100"

##### --election-timeout
## Time (in milliseconds) for an election to timeout. See
## /usr/share/doc/etcd-server/tuning.md.gz for details.
## default: "1000"
# ETCD_ELECTION_TIMEOUT="1000"

##### --listen-peer-urls
## List of URLs to listen on for peer traffic. This flag tells the etcd to
## accept incoming requests from its peers on the specified scheme://IP:port
## combinations. Scheme can be either http or https.If 0.0.0.0 is specified as
## the IP, etcd listens to the given port on all interfaces. If an IP address is
## given as well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen
## on. The etcd will respond to requests from any of the listed addresses and
## ports.
## default: "http://localhost:2380"
## example: "http://10.0.0.1:2380"
## invalid example: "http://example.com:2380" (domain name is invalid for binding)
# ETCD_LISTEN_PEER_URLS="http://localhost:2380"

##### --listen-client-urls
## List of URLs to listen on for client traffic. This flag tells the etcd to
## accept incoming requests from the clients on the specified scheme://IP:port
## combinations. Scheme can be either http or https. If 0.0.0.0 is specified as
## the IP, etcd listens to the given port on all interfaces. If an IP address is
## given as well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen
## on. The etcd will respond to requests from any of the listed addresses and
## ports.
## default: "http://localhost:2379"
## example: "http://10.0.0.1:2379"
## invalid example: "http://example.com:2379" (domain name is invalid for binding)
# ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"

##### --max-snapshots
## Maximum number of snapshot files to retain (0 is unlimited)
## The default for users on Windows is unlimited, and manual purging down to 5
## (or some preference for safety) is recommended.
## default: 5
# ETCD_MAX_SNAPSHOTS="5"

##### --max-wals
## Maximum number of wal files to retain (0 is unlimited)
## The default for users on Windows is unlimited, and manual purging down to 5
## (or some preference for safety) is recommended.
## default: 5
# ETCD_MAX_WALS="5"

##### --cors
## Comma-separated white list of origins for CORS (cross-origin resource
## sharing).
## default: none
# ETCD_CORS

#### --quota-backend-bytes
## Raise alarms when backend size exceeds the given quota (0 defaults to low
## space quota).
## default: 0
# ETCD_QUOTA_BACKEND_BYTES="0"

#### --backend-batch-limit
## BackendBatchLimit is the maximum operations before commit the backend
## transaction.
## default: 0
# ETCD_BACKEND_BATCH_LIMIT="0"

#### --backend-batch-interval
## BackendBatchInterval is the maximum time before commit the backend
## transaction.
## default: 0
# ETCD_BACKEND_BATCH_INTERVAL="0"

#### --max-txn-ops
## Maximum number of operations permitted in a transaction.
## default: 128
# ETCD_MAX_TXN_OPS="128"

#### --max-request-bytes
## Maximum client request size in bytes the server will accept.
## default: 1572864
# ETCD_MAX_REQUEST_BYTES="1572864"

#### --grpc-keepalive-min-time
## Minimum duration interval that a client should wait before pinging server.
## default: 5s
# ETCD_GRPC_KEEPALIVE_MIN_TIME="5"

#### --grpc-keepalive-interval
## Frequency duration of server-to-client ping to check if a connection is
## alive (0 to disable).
## default: 2h
# ETCD_GRPC_KEEPALIVE_INTERVAL="2h"

#### --grpc-keepalive-timeout
## Additional duration of wait before closing a non-responsive connection
## (0 to disable).
## default: 20s
# ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"


### Clustering flags

# `--initial` prefix flags are used in bootstrapping (static bootstrap,
# discovery-service bootstrap or runtime reconfiguration) a new member, and
# ignored when restarting an existing member.

# `--discovery` prefix flags need to be set when using discovery service.

##### --initial-advertise-peer-urls

## List of this member's peer URLs to advertise to the rest of the cluster.
## These addresses are used for communicating etcd data around the cluster. At
## least one must be routable to all cluster members. These URLs can contain
## domain names.
## default: "http://localhost:2380"
## example: "http://example.com:2380, http://10.0.0.1:2380"
# ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"

##### --initial-cluster
## Initial cluster configuration for bootstrapping.
## The key is the value of the `--name` flag for each node provided. The
## default uses `default` for the key because this is the default for the
## `--name` flag.
## default: "default=http://localhost:2380"
# ETCD_INITIAL_CLUSTER="default=http://localhost:2380"

##### --initial-cluster-state
## Initial cluster state ("new" or "existing"). Set to `new` for all members
## present during initial static or DNS bootstrapping. If this option is set to
## `existing`, etcd will attempt to join the existing cluster. If the wrong value
## is set, etcd will attempt to start but fail safely.
## default: "new"
# ETCD_INITIAL_CLUSTER_STATE="new"

##### --initial-cluster-token
## Initial cluster token for the etcd cluster during bootstrap.
## default: "etcd-cluster"
# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"

##### --advertise-client-urls
## List of this member's client URLs to advertise to the rest of the cluster.
## These URLs can contain domain names.
## Be careful if advertising URLs such as http://localhost:2379 from a cluster
## member and are using the proxy feature of etcd. This will cause loops, because
## the proxy will be forwarding requests to itself until its resources (memory,
## file descriptors) are eventually depleted.
## default: "http://localhost:2379"
## example: "http://example.com:2379, http://10.0.0.1:2379"
# ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"

##### --discovery
## Discovery URL used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY

##### --discovery-srv
## DNS srv domain used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY_SRV

##### --discovery-fallback
## Expected behavior ("exit" or "proxy") when discovery services fails. "proxy"
## supports v2 API only.
## default: "proxy"
# ETCD_DISCOVERY_FALLBACK="proxy"

##### --discovery-proxy
## HTTP proxy to use for traffic to discovery service.
## default: none
# ETCD_DISCOVERY_PROXY

##### --strict-reconfig-check
## Reject reconfiguration requests that would cause quorum loss.
## default: false
# ETCD_STRICT_RECONFIG_CHECK

##### --auto-compaction-retention
## Auto compaction retention for mvcc key value store in hour. 0 means disable
## auto compaction.
## default: 0
# ETCD_AUTO_COMPACTION_RETENTION="0"

##### --enable-v2
## Accept etcd V2 client requests
## default: true
# ETCD_ENABLE_V2="true"


### Proxy flags

# `--proxy` prefix flags configures etcd to run in proxy mode. "proxy" supports
# v2 API only.

##### --proxy
## Proxy mode setting ("off", "readonly" or "on").
## default: "off"
# ETCD_PROXY="off"

##### --proxy-failure-wait
## Time (in milliseconds) an endpoint will be held in a failed state before
## being reconsidered for proxied requests.
## default: 5000
# ETCD_PROXY_FAILURE_WAIT="5000"

##### --proxy-refresh-interval
## Time (in milliseconds) of the endpoints refresh interval.
## default: 30000
# ETCD_PROXY_REFRESH_INTERVAL="30000"

##### --proxy-dial-timeout
## Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
## default: 1000
# ETCD_PROXY_DIAL_TIMEOUT="1000"

##### --proxy-write-timeout
## Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
## default: 5000
# ETCD_PROXY_WRITE_TIMEOUT="5000"

##### --proxy-read-timeout
## Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
## Don't change this value if using watches because use long polling requests.
## default: 0
# ETCD_PROXY_READ_TIMEOUT="0"


### Security flags

# The security flags help to build a secure etcd cluster.

##### --ca-file (**DEPRECATED**)
## Path to the client server TLS CA file. `--ca-file ca.crt` could be replaced
## by `--trusted-ca-file ca.crt --client-cert-auth` and etcd will perform the
## same.
## default: none
# ETCD_CA_FILE

##### --cert-file
## Path to the client server TLS cert file.
## default: none
# ETCD_CERT_FILE

##### --key-file
## Path to the client server TLS key file.
## default: none
# ETCD_KEY_FILE

##### --client-cert-auth
## Enable client cert authentication.
## CN authentication is not supported by gRPC-gateway.
## default: false
# ETCD_CLIENT_CERT_AUTH

#### --client-crl-file
## Path to the client certificate revocation list file.
## default: ""
# ETCD_CLIENT_CRL_FILE

##### --trusted-ca-file
## Path to the client server TLS trusted CA key file.
## default: none
# ETCD_TRUSTED_CA_FILE

##### --auto-tls
## Client TLS using generated certificates
## default: false
# ETCD_AUTO_TLS

##### --peer-ca-file (**DEPRECATED**)
## Path to the peer server TLS CA file. `--peer-ca-file ca.crt` could be
## replaced by `--peer-trusted-ca-file ca.crt --peer-client-cert-auth` and etcd
## will perform the same.
## default: none
# ETCD_PEER_CA_FILE

##### --peer-cert-file
## Path to the peer server TLS cert file.
## default: none
# ETCD_PEER_CERT_FILE

##### --peer-key-file
## Path to the peer server TLS key file.
## default: none
# ETCD_PEER_KEY_FILE

##### --peer-client-cert-auth
## Enable peer client cert authentication.
## default: false
# ETCD_PEER_CLIENT_CERT_AUTH

#### --peer-crl-file
## Path to the peer certificate revocation list file.
## default: ""
# ETCD_PEER_CRL_FILE

##### --peer-trusted-ca-file
## Path to the peer server TLS trusted CA file.
## default: none
# ETCD_PEER_TRUSTED_CA_FILE

##### --peer-auto-tls
## Peer TLS using generated certificates
## default: false
# ETCD_PEER_AUTO_TLS

#### --peer-cert-allowed-cn
## Allowed CommonName for inter peer authentication.
## default: none
# ETCD_PEER_CERT_ALLOWED_CN

#### --cipher-suites
## Comma-separated list of supported TLS cipher suites between server/client and
## peers.
## default: ""
# ETCD_CIPHER_SUITES

#### --experimental-peer-skip-client-san-verification
## Skip verification of SAN field in client certificate for peer connections.
## default: false
#+ ETCD_EXPERIMENTAL_PEER_SKIP_CLIENT_SAN_VERIFICATION


### Logging flags

#### --log-outputs
## Specify 'stdout' or 'stderr' to skip journald logging even when running
## under systemd, or list of comma separated output targets.
## default: default
# ETCD_LOG_OUTPUTS

##### --debug
## Drop the default log level to DEBUG for all subpackages.
## default: false (INFO for all packages)
# ETCD_DEBUG

##### --log-package-levels
## Set individual etcd subpackages to specific log levels. An example being
## `etcdserver=WARNING,security=DEBUG`
## default: none (INFO for all packages)
# ETCD_LOG_PACKAGE_LEVELS


### Unsafe flags

# Please be CAUTIOUS when using unsafe flags because it will break the guarantees given by the consensus protocol.
# For example, it may panic if other members in the cluster are still alive.
# Follow the instructions when using these flags.

##### --force-new-cluster
## Force to create a new one-member cluster. It commits configuration changes
## forcing to remove all existing members in the cluster and add itself. It needs
## to be set to restore a backup.
## default: false
# ETCD_FORCE_NEW_CLUSTER

---

• node111

cat <<EOF | sudo tee /etc/default/etcd
ETCD_NAME=node111
ETCD_DATA_DIR=/var/lib/etcd
ETCD_LISTEN_PEER_URLS=http://192.168.10.111:2380
ETCD_LISTEN_CLIENT_URLS="http://192.168.10.111:2379,http://127.0.0.1:2379"
ETCD_ADVERTISE_CLIENT_URLS=http://0.0.0.0:2379
ETCD_INITIAL_ADVERTISE_PEER_URLS=http://192.168.10.111:2380
ETCD_INITIAL_CLUSTER="node111=http://192.168.10.111:2380,node112=http://192.168.10.112:2380,node113=http://192.168.10.113:2380"
ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster
ETCD_INITIAL_CLUSTER_STATE=new
EOF

• node112

cat <<EOF | sudo tee /etc/default/etcd
ETCD_NAME=node112
ETCD_DATA_DIR=/var/lib/etcd
ETCD_LISTEN_PEER_URLS=http://192.168.10.112:2380
ETCD_LISTEN_CLIENT_URLS="http://192.168.10.112:2379,http://127.0.0.1:2379"
ETCD_ADVERTISE_CLIENT_URLS=http://192.168.10.112:2379
ETCD_INITIAL_ADVERTISE_PEER_URLS=http://192.168.10.112:2380
ETCD_INITIAL_CLUSTER="node111=http://192.168.10.111:2380,node112=http://192.168.10.112:2380,node113=http://192.168.10.113:2380"
ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster
ETCD_INITIAL_CLUSTER_STATE=new
EOF

• node113

cat <<EOF | sudo tee /etc/default/etcd
ETCD_NAME=node113
ETCD_DATA_DIR=/var/lib/etcd
ETCD_LISTEN_PEER_URLS=http://192.168.10.113:2380
ETCD_LISTEN_CLIENT_URLS="http://192.168.10.113:2379,http://127.0.0.1:2379"
ETCD_ADVERTISE_CLIENT_URLS=http://192.168.10.113:2379
ETCD_INITIAL_ADVERTISE_PEER_URLS=http://192.168.10.113:2380
ETCD_INITIAL_CLUSTER="node111=http://192.168.10.111:2380,node112=http://192.168.10.112:2380,node113=http://192.168.10.113:2380"
ETCD_INITIAL_CLUSTER_TOKEN=etcd-cluster
ETCD_INITIAL_CLUSTER_STATE=new
EOF

728x90

환경 변수 설정

• etcd 3.x 버전부터는 API v3가 기본값이지만 명시적으로 설정해보는 것이 좋습니다.

export ETCDCTL_API=3

etcd 서비스 시작 및 활성화

• etcd 서비스를 시작하고 시스템 부팅 시 자동으로 시작되도록 설정합니다.

sudo systemctl start etcd

sudo systemctl enable etcd

etcd 상태 확인

• etcd 서비스가 정상적으로 실행 중인지 확인합니다.

sudo systemctl status etcd

지정된 엔드포인의 health 상태 확인

etcdctl endpoint health --endpoints=http://192.168.10.111:2379

http://192.168.10.111:2379 is healthy: successfully committed proposal: took = 4.49542ms

클러스터 전체의 health 상태 확인

etcdctl endpoint health --cluster --endpoints=http://192.168.10.111:2379

http://0.0.0.0:2379 is healthy: successfully committed proposal: took = 16.842356ms
http://192.168.10.112:2379 is healthy: successfully committed proposal: took = 17.873776ms
http://192.168.10.113:2379 is healthy: successfully committed proposal: took = 24.794284ms

etcd 클라이언트의 모든 멤버를 목록 확인

etcdctl member list --endpoints=http://192.168.10.111:2379

d1a738620d17bc30, started, node112, http://192.168.10.112:2380, http://192.168.10.112:2379
e99cf0b8c0f1c992, started, node111, http://192.168.10.111:2380, http://0.0.0.0:2379
f7380dff15d757a4, started, node113, http://192.168.10.113:2380, http://192.168.10.113:2379

 

apt 패키지 매니저를 사용하여 etcd를 설치하고 구성할 수 있습니다. 필요에 따라 etcd 구성 파일을 조정하여 클러스터 환경에서 사용할 수도 있습니다.