======================================================================================================================================================

Package Arch
Version
Repository Size

======================================================================================================================================================

Removing:

etcd x86_64
3.2.28-1.el7_8
@rhel-7-server-extras-rpms 42 M

Transaction Summary

======================================================================================================================================================

Remove 1 Package

Installed size: 42 M

Is this ok [y/N]: y

Downloading packages:

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Erasing :
etcd-3.2.28-1.el7_8.x86_64
1/1

warning: /etc/etcd/etcd.conf saved as /etc/etcd/etcd.conf.rpmsave

Jun 22 11:45:52 etcd-srv1 yum[27676]: Erased:
etcd-3.2.28-1.el7_8.x86_64

Jun 22 11:45:52 etcd-srv1 systemd: Reloading.

Jun 22 11:45:52 etcd-srv1 systemd: Started Flexible Branding
Service.

Uploading Package Profile

Loaded plugins: langpacks, product-id, subscription-manager

Verifying :
etcd-3.2.28-1.el7_8.x86_64
1/1

Removed:

etcd.x86_64 0:3.2.28-1.el7_8

Complete!

Uploading Enabled Repositories Report

Loaded plugins: langpacks, product-id, subscription-manager

# yum -y install etcd3

Loaded plugins: enabled_repos_upload, langpacks, package_upload,
product-id, search-disabled-repos, subscription-manager

Galec_EPEL_rhel7_EPEL_rhel7
| 2.5 kB 00:00:00

rhel-7-server-extras-rpms
| 2.0 kB 00:00:00

rhel-7-server-optional-rpms
| 2.0 kB 00:00:00

rhel-7-server-rpms |
2.0 kB 00:00:00

rhel-7-server-satellite-tools-6.6-rpms
| 2.1 kB 00:00:00

Package etcd3 is obsoleted by etcd, trying to install
etcd-3.2.28-1.el7_8.x86_64 instead

Resolving Dependencies

–> Running transaction check

—> Package etcd.x86_64 0:3.2.28-1.el7_8 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================

Package Arch
Version Repository Size

======================================================================================================================================================

Installing:

etcd x86_64 3.2.28-1.el7_8
rhel-7-server-extras-rpms 9.5 M

Transaction Summary

======================================================================================================================================================

Install 1 Package

Total download size: 9.5 M

Installed size: 42 M

Downloading packages:

etcd-3.2.28-1.el7_8.x86_64.rpm
| 9.5 MB 00:00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

Installing :
etcd-3.2.28-1.el7_8.x86_64
1/1

Jun 22 11:46:00 etcd-srv1 systemd: Reloading.

Jun 22 11:46:00 etcd-srv1 systemd: Started Flexible Branding
Service.

Jun 22 11:46:00 etcd-srv1 yum[27718]: Installed:
etcd-3.2.28-1.el7_8.x86_64

Uploading Package Profile

Loaded plugins: langpacks, product-id, subscription-manager

Verifying :
etcd-3.2.28-1.el7_8.x86_64
1/1

Installed:

etcd.x86_64 0:3.2.28-1.el7_8

Complete!

Uploading Enabled Repositories Report

Loaded plugins: langpacks, product-id, subscription-manager

# yum instal etcd3

Loaded plugins: enabled_repos_upload, langpacks, package_upload,
product-id, search-disabled-repos, subscription-manager

No such command: instal. Please use /usr/bin/yum –help

Uploading Enabled Repositories Report

Loaded plugins: langpacks, product-id, subscription-manager

Installation du service ETCd en cluster 3 nœuds

Script de création de service etcd3

#!/bin/sh

# SELF_IP is the IP of the node where this file resides.

SELF_IP=192.168.33.101

# IP of Node 1

NODE_1_IP=192.168.33.101

# IP of Node 2

NODE_2_IP=192.168.33.102

# IP of Node 3

NODE_3_IP=192.168.33.103

echo « [Unit]

Description=etcd

Documentation=https://github.com/coreos/etcd

Conflicts=etcd.service

Conflicts=etcd2.service

[Service]

Type=notify

Restart=always

RestartSec=25s

LimitNOFILE=40000

TimeoutStartSec=20s

#EnvironmentFile=-/etc/etcd/etcd.conf

ExecStart=/usr/bin/etcd \

–name etcd-${SELF_IP} \

–data-dir /var/lib/etcd –auto-compaction-retention 3 \

–listen-client-urls http://${SELF_IP}:2379,http://localhost:2379
\

–advertise-client-urls
http://${SELF_IP}:2379,http://localhost:2379 \

–listen-peer-urls http://${SELF_IP}:2380 \

–initial-advertise-peer-urls http://${SELF_IP}:2380 \

–initial-cluster etcd-${NODE_1_IP}=http://${NODE_1_IP}:2380,etcd-${NODE_2_IP}=http://${NODE_2_IP}:2380,etcd-${NODE_3_IP}=http://${NODE_3_IP}:2380
\

–initial-cluster-token my-etcd-token \

–initial-cluster-state new

[Install]

WantedBy=multi-user.target »>/etc/systemd/system/etcd3.service

Démarrage Etcd

# systemctl enable etcd3

# systemctl start etcd3

# systemctl status etcd3

● etcd3.service – etcd

Loaded: loaded (/etc/systemd/system/etcd3.service; enabled;
vendor preset: disabled)

Active: active (running) since Mon 2020-06-22 11:27:06 CEST;
2h 42min ago

Docs: https://github.com/coreos/etcd

Main PID: 27533 (etcd)

CGroup: /system.slice/etcd3.service

└─27533 /usr/bin/etcd –name etcd-192.168.33.103
–data-dir /var/lib/etcd –auto-compaction-retention 3 –listen-client-urls
http://192.1…

Jun 22 11:29:58 etcd-srv1 etcd[27533]: peer 712349e69c159139
became active

Jun 22 11:29:58 etcd-srv1 etcd[27533]: established a TCP
streaming connection with peer 712349e69c159139 (stream Message writer)

Jun 22 11:29:58 etcd-srv1 etcd[27533]: established a TCP
streaming connection with peer 712349e69c159139 (stream MsgApp …riter)

Jun 22 11:29:58 etcd-srv1 etcd[27533]: established a TCP
streaming connection with peer 712349e69c159139 (stream MsgApp …eader)

Jun 22 11:29:58 etcd-srv1 etcd[27533]: established a TCP
streaming connection with peer 712349e69c159139 (stream Message reader)

Jun 22 11:29:58 etcd-srv1 etcd[27533]: updating the cluster
version from 3.0 to 3.2

Jun 22 11:29:58 etcd-srv1 etcd[27533]: updated the cluster
version from 3.0 to 3.2

Jun 22 11:29:58 etcd-srv1 etcd[27533]: enabled capabilities for
version 3.2

Jun 22 11:30:00 etcd-srv1 etcd[27533]: health check for peer
712349e69c159139 could not connect: dial tcp 192.168.33.102:…SHOT »)

Jun 22 11:30:00 etcd-srv1 etcd[27533]: health check for peer
712349e69c159139 could not connect: dial tcp 192.168.33.102:…SAGE »)

Hint: Some lines were ellipsized, use -l to show in full.

Contrôle de l’état du cluster ETCD

tail -f /var/log/messages

…

# etcdctl member list

1d8ab03b91f9bb6: name=etcd-192.168.33.101 peerURLs=http://192.168.33.101:2380
clientURLs=http://192.168.33.101:2379,http://localhost:2379 isLeader=false

712349e69c159139: name=etcd-192.168.33.102
peerURLs=http://192.168.33.102:2380 clientURLs=http://192.168.33.102:2379,http://localhost:2379
isLeader=false

8e01c61aac13ade5: name=etcd-192.168.33.103
peerURLs=http://192.168.33.103:2380 clientURLs=http://192.168.33.103:2379,http://localhost:2379
isLeader=true

# etcdctl cluster-health

member 1d8ab03b91f9bb6 is healthy: got healthy result from
http://192.168.33.101:2379

member 712349e69c159139 is healthy: got healthy result from
http://192.168.33.102:2379

member 8e01c61aac13ade5 is healthy: got healthy result from
http://192.168.33.103:2379cluster is healthy

Monitoring du service ETCd

Monitoring serveur etcd

# for srv in etcd-srv1 etcd-srv2 etcd-srv3; do

> echo $srv

> curl -v http://$srv:2379/health

> echo

> done

etcd-srv1

* About to connect() to etcd-srv1 port 2379 (#0)

* Trying 192.168.33.103…

* Connected to etcd-srv1 (192.168.33.103) port 2379 (#0)

> GET /health HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv1:2379

> Accept: */*

< HTTP/1.1 200 OK

< Date: Mon, 22 Jun 2020 12:12:29 GMT

< Content-Length: 18

< Content-Type: text/plain; charset=utf-8

* Connection #0 to host etcd-srv1 left intact

{« health »: « true »}

etcd-srv2

* About to connect() to etcd-srv2 port 2379 (#0)

* Trying 192.168.33.101…

* Connected to etcd-srv2 (192.168.33.101) port 2379 (#0)

> GET /health HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv2:2379

> Accept: */*

< HTTP/1.1 200 OK

< Date: Mon, 22 Jun 2020 12:12:29 GMT

< Content-Length: 18

< Content-Type: text/plain; charset=utf-8

* Connection #0 to host etcd-srv2 left intact

{« health »: « true »}

etcd-srv3

* About to connect() to etcd-srv3 port 2379 (#0)

* Trying 192.168.33.102…

* Connected to etcd-srv3 (192.168.33.102) port 2379 (#0)

> GET /health HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv3:2379

> Accept: */*

< HTTP/1.1 200 OK

< Date: Mon, 22 Jun 2020 12:12:29 GMT

< Content-Length: 18

< Content-Type: text/plain; charset=utf-8

* Connection #0 to host etcd-srv3 left intact

{« health »: « true »}

Monitoring cluster etcd

# for srv in etcd-srv1 etcd-srv2 etcd-srv3; do echo $srv; curl -v
http://$srv:2379/v2/members; echo; done

etcd-srv1

* About to connect() to etcd-srv1 port 2379 (#0)

* Trying 192.168.33.103…

* Connected to etcd-srv1 (192.168.33.103) port 2379 (#0)

> GET /v2/members HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv1:2379

> Accept: */*

< HTTP/1.1 200 OK

< Content-Type: application/json

< X-Etcd-Cluster-Id: d1ac76b9522a74f1

< Date: Mon, 22 Jun 2020 12:16:33 GMT

< Content-Length: 499

{« members »:[{« id »: »1d8ab03b91f9bb6″, »name »: »etcd-192.168.33.101″, »peerURLs »:[« http://192.168.33.101:2380″], »clientURLs »:[« http://192.168.33.101:2379″, »http://localhost:2379 »]},{« id »: »712349e69c159139″, »name »: »etcd-192.168.33.102″, »peerURLs »:[« http://192.168.33.102:2380″], »clientURLs »:[« http://192.168.33.102:2379″, »http://localhost:2379 »]},{« id »: »8e01c61aac13ade5″, »name »: »etcd-192.168.33.103″, »peerURLs »:[« http://192.168.33.103:2380″], »clientURLs »:[« http://192.168.33.103:2379″, »http://localhost:2379 »]}]}

* Connection #0 to host etcd-srv1 left intact

etcd-srv2

* About to connect() to etcd-srv2 port 2379 (#0)

* Trying 192.168.33.101…

* Connected to etcd-srv2 (192.168.33.101) port 2379 (#0)

> GET /v2/members HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv2:2379

> Accept: */*

< HTTP/1.1 200 OK

< Content-Type: application/json

< X-Etcd-Cluster-Id: d1ac76b9522a74f1

< Date: Mon, 22 Jun 2020 12:16:33 GMT

< Content-Length: 499

* Connection #0 to host etcd-srv2 left intact

etcd-srv3

* About to connect() to etcd-srv3 port 2379 (#0)

* Trying 192.168.33.102…

* Connected to etcd-srv3 (192.168.33.102) port 2379 (#0)

> GET /v2/members HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv3:2379

> Accept: */*

< HTTP/1.1 200 OK

< Content-Type: application/json

< X-Etcd-Cluster-Id: d1ac76b9522a74f1

< Date: Mon, 22 Jun 2020 12:16:33 GMT

< Content-Length: 499

* Connection #0 to host etcd-srv3 left intact

Informations sur le cluster leader ETCD

# for srv in etcd-srv1 etcd-srv2 etcd-srv3; do

echo $srv;

curl -v http://$srv:2379/v2/stats/leader; echo; done

etcd-srv1

* About to connect() to etcd-srv1 port 2379 (#0)

* Trying 192.168.33.103…

* Connected to etcd-srv1 (192.168.33.103) port 2379 (#0)

> GET /v2/stats/leader HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv1:2379

> Accept: */*

< HTTP/1.1 200 OK

< Content-Type: application/json

< Date: Mon, 22 Jun 2020 12:18:17 GMT

< Content-Length: 430

* Connection #0 to host etcd-srv1 left intact

{« leader »: »8e01c61aac13ade5″, »followers »:{« 1d8ab03b91f9bb6 »:{« latency »:{« current »:0.000988, »average »:0.002586741935483871, »standardDeviation »:0.00219406899894064, »minimum »:0.000702, »maximum »:0.00991}, »counts »:{« fail »:0, »success »:31}}, »712349e69c159139″:{« latency »:{« current »:0.001123, »average »:0.002961423076923077, »standardDeviation »:0.004981174214156251, »minimum »:0.000796, »maximum »:0.025935}, »counts »:{« fail »:1, »success »:26}}}}

etcd-srv2

* About to connect() to etcd-srv2 port 2379 (#0)

* Trying 192.168.33.101…

* Connected to etcd-srv2 (192.168.33.101) port 2379 (#0)

> GET /v2/stats/leader HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv2:2379

> Accept: */*

< HTTP/1.1 403 Forbidden

< Content-Type: application/json

< Date: Mon, 22 Jun 2020 12:18:17 GMT

< Content-Length: 32

* Connection #0 to host etcd-srv2 left intact

{« message »: »not current leader »}

etcd-srv3

* About to connect() to etcd-srv3 port 2379 (#0)

* Trying 192.168.33.102…

* Connected to etcd-srv3 (192.168.33.102) port 2379 (#0)

> GET /v2/stats/leader HTTP/1.1

> User-Agent: curl/7.29.0

> Host: etcd-srv3:2379

> Accept: */*

< HTTP/1.1 403 Forbidden

< Content-Type: application/json

< Date: Mon, 22 Jun 2020 12:18:17 GMT

< Content-Length: 32

* Connection #0 to host etcd-srv3 left intact

{« message »: »not current leader »}

Authentification & sécurité

Gestion des utilisateurs API v2

etcdctl user list

etcdctl user add patroni

etcdctl role list

etcdctl user grant patroni –roles root

Gestion de l’authentification API v2

etcdctl user passwd root

etcdctl auth enable

etcdctl -u root user list

etcdctl -u root:rootpw user list

Gestion de l’authentification API v3

etcdctl user list

echo « pass » | etcdctl user add jmr –interactive=false

echo « jmr » | etcdctl user passwd jmr
–interactive=false

etcdctl put jmr2 Cool the world

etcdctl put jmr2/msg1 Cool the world 1

etcdctl put jmr2/msg2 Cool the world 2

etcdctl put jmr2/msg3 Cool the world 3

# echo « jmr » | etcdctl user add jmr –interactive=false

User jmr created

# etcdctl auth enable

error: etcdserver: root user does not exist

# echo « root » | etcdctl user add root
–interactive=false

User root created

# etcdctl auth enable

Authentication Enabled

rror: etcdserver: user name is empty

# etcdctl –write-out= »simple » get jmr2 –prefix
–user=jmr

Password:

Error: etcdserver: permission denied

# etcdctl –write-out= »simple » get jmr2 –prefix
–user=root

Password:

jmr2

Cool

jmr2/msg1

Cool

jmr2/msg2

Cool

jmr2/msg3

Cool

# etcdctl –write-out= »simple » get jmr2 –prefix
–user=root:root

jmr2

Cool

jmr2/msg1

Cool

jmr2/msg2

Cool

jmr2/msg3

Cool

etcdctl role list –user=root:root

# etcdctl get jmr2 –prefix –user=jmr

Password:

Error: etcdserver: permission denied

# etcdctl user grant-role jmr root –user=root:root

Role root is granted to user jmr

# etcdctl –write-out= »simple » get jmr2 –prefix
–user=jmr:jmr

jmr2

Cool

jmr2/msg1

Cool

jmr2/msg2

Cool

jmr2/msg3

Cool

# etcdctl user revoke-role jmr root –user=root:root

Role root is revoked from user jmr

# etcdctl –write-out= »simple » get jmr2 –prefix
–user=jmr:jmr

Error: etcdserver: permission denied

# etcdctl role add jmr2 –user=root:root

Role jmr2 created

# etcdctl role grant-permission jmr2 read jmr2 –prefix=true
–user=root:root

Role jmr2 updated

# etcdctl get /jmr2 –prefix –user=jmr:jmr

Error: etcdserver: permission denied

# etcdctl user grant-role jmr jmr2 –user=root:root

Role jmr2 is granted to user jmr

# etcdctl get jmr2 –prefix –user=jmr:jmr

jmr2

Cool

….

# etcdctl put jmr2 toto –user=jmr:jmr

Error: etcdserver: permission denied

# etcdctl put jmr2 toto –user=root:root

# etcdctl get jmr2 –prefix –user=jmr:jmr

jmr2

toto

….

# etcdctl role grant-permission jmr2 write jmr2 –prefix=true
–user=root:root

Role jmr2 updated

# etcdctl get jmr2 –prefix –user=jmr:jmr

Error: etcdserver: permission denied

# etcdctl role grant-permission jmr2 readwrite jmr2 –prefix=true
–user=root:root

Role jmr2 updated

# etcdctl get jmr2 –prefix –user=jmr:jmr

jmr2

toto

…

# etcdctl put jmr2 TITITITITIT –user=jmr:jmr

# etcdctl get jmr2 –prefix –user=jmr:jmr

jmr2

TITITITITIT

Gestion de répertoire de clé/valeur ETCd API v2

# etcdctl -u patroni:patroni mkdir patroni

# etcdctl -u patroni:patroni –debug ls

# etcdctl -u patroni:patroni –debug set /patroni/supercool true

# etcdctl -u patroni:patroni –debug ls

# etcdctl -u patroni:patroni –debug ls /patroni

# etcdctl -u patroni:patroni get /patroni/supercool

# etcdctl -u patroni:patroni -o json get /patroni/supercool

# for k in $(etcdctl -u patroni:patroni ls /serge/); do

echo « $k => $(etcdctl -u patroni:patroni get $k) »

done

Gestion de répertoire de clé/valeur ETCd API v3

# export ETCDCTL_API=3

# etcdctl version

etcdctl version: 3.2.28

API version: 3.2

# etcdctl –write-out= »simple » get jmr2 –prefix

jmr2

Cool the world

# etcdctl put jmr2/msg1 « Cool the world 1 »

# etcdctl put jmr2/msg2 « Cool the world 2 »

# etcdctl put jmr2/msg3 « Cool the world 3 »

# etcdctl –write-out= »simple » get jmr2 –prefix

jmr2

Cool the world

jmr2/msg1

Cool the world 1

jmr2/msg2

Cool the world 2

jmr2/msg3

Cool the world 3

# etcdctl –write-out= »simple » del jmr2

# etcdctl –write-out= »simple » get jmr2 –prefix

jmr2/msg1

Cool the world 1

jmr2/msg2

Cool the world 2

jmr2/msg3

Cool the world 3

# etcdctl –write-out= »simple » del jmr2 –prefix

# etcdctl –write-out= »simple » get jmr2 –prefix

Script changement mot de passe root

use strict;

use Expect;

my $timeout=60;

my $command= »etcdctl user passwd root »;

my $pass= »secret »;

$pass=$ARGV[0] if defined($ARGV[0]);

print » => $command\n »;

print » => $pass\n »;

my $exp = Expect->spawn($command) or die « Cannot spawn
$command: $!\n »;

$exp->raw_pty(1);

SAISIE:

$exp->expect($timeout,

[ ‘New password:’ => sub {

$exp->send(« $pass\n »);

goto SAISIE;

}

[ ‘Password updated’ => sub {

print « C’est OK 🙂 »;

goto ENDEXP;

}

]

);

ENDEXP:

$exp->soft_close();

Script ajout utilisateur etcd

use strict;

use Expect;

my $timeout=60;

my $command= »ETCDCTL_API=3 etcdctl user add « .$ARGV[0];

my $user=$ARGV[0];

my $pass= »secret »;

my $apivers=3;

$pass=$ARGV[1] if defined($ARGV[1]);

$apivers=$ARGV[2] if defined($ARGV[2]);

print » => $command\n »;

print » => $pass\n »;

my $exp = Expect->spawn($command) or die « Cannot spawn
$command: $!\n »;

$exp->raw_pty(1);

SAISIE:

$exp->expect($timeout,

[ « Password of $user: » => sub {

$exp->send(« $pass\n »);

goto SAISIE;

}

[ ‘New password:’ => sub {

$exp->send(« $pass\n »);

goto SAISIE;

}

[ « Type password of $user again for confirmation: »
=> sub {

$exp->send(« $pass\n »);

goto SAISIE;

}

[ « User $user created » => sub {

print « C’est OK 🙂 »;

goto ENDEXP;

}

]

);

ENDEXP:

$exp->soft_close();

Jean-Marie Renouard – Technologie du Web et des données

Etcd – Premier Pas

Installation et configuration ETCD sur Red Hat 7

Objectif général

Architecture globale

Installation des binaires ETCD 3.2

Installation du service ETCd en cluster 3 nœuds

Script de création de service etcd3

Démarrage Etcd

Contrôle de l’état du cluster ETCD

Monitoring du service ETCd

Monitoring serveur etcd

Monitoring cluster etcd

Informations sur le cluster leader ETCD

Authentification & sécurité

Gestion des utilisateurs API v2

Gestion de l’authentification API v2

Gestion de l’authentification API v3

Gestion de répertoire de clé/valeur ETCd API v2

Gestion de répertoire de clé/valeur ETCd API v3

Script changement mot de passe root

Script ajout utilisateur etcd

Laisser un commentaire Annuler la réponse