etcd-keeper的简单使用和相关Docker操作
启动后访问http://127.0.0.1:11080/etcdkeeper/,如果开启用户认证,需要登陆root和root用户的密码,如果etcd server开启tls,则etcd keeper需要配置证书相关。ps: 图中的10.0.2.15为docker服务安装的宿主机地址,我是用virtual box安装的centos7的虚拟机,docker服务安装在虚拟机上,所以10.0.2.15也就
·
etcd的web UI端方案很多:
e3w:
https://github.com/soyking/e3w
etcd-browser:
https://github.com/wudaoluo/etcd-browser
etcd-keeper:
https://github.com/evildecay/etcdkeeper
etcd-manage:
https://github.com/shiguanghuxian/etcd-manage
但是从调研角度结果,选择了etcd-keeper。它支持etcdv3,并且也支持用户认证和TLS,配置简单,使用方便。
etcdkeeper 服务启动步骤:
wget https://github.com/evildecay/etcdkeeper/releases/download/v0.7.6/etcdkeeper-v0.7.6-linux_x86_64.zip
yum install -y unzip zip
unzip etcdkeeper-v0.7.6-linux_x86_64.zip
cd etcdkeeper
chmod +x etcdkeeper
./etcdkeeper -auth -usetls -cacert /root/yaml/etcd-keeper/tls/ca.pem -cert /root/yaml/etcd-keeper/tls/client.pem -key /root/yaml/etcd-keeper/tls/client-key.pem
上述是通过可执行文件运行服务,同时开启了用户认证和TLS。
下面通过制作docker image后,使用更方便。
在上述的etcdkeeper目录下,新建Dockerfile文件,内容如下:
FROM alpine:latest
ENV TLS_ENABLE=""
ENV AUTH_ENABLE=""
ENV HOST="0.0.0.0"
ENV PORT="8080"
ENV SEP="/"
ENV CACERT="/opt/etcdkeeper/tls/ca.pem"
ENV CERT="/opt/etcdkeeper/tls/client.pem"
ENV KEY="/opt/etcdkeeper/tls/client-key.pem"
ENV TIMEOUT=5
WORKDIR /opt
RUN mkdir etcdkeeper
WORKDIR /opt/etcdkeeper
COPY etcdkeeper .
ADD assets assets
ADD tls tls
EXPOSE ${PORT}
WORKDIR /opt/etcdkeeper
CMD ./etcdkeeper -h $HOST -p $PORT -timeout $TIMEOUT -sep $SEP $TLS_ENABLE -cacert $CACERT -cert $CERT -key $KEY $AUTH_ENABLE
制作docker image:
docker build -t etcd-keeper:1.1.1 .
编写服务docker-compose.yaml
version: '3'
services:
etcdkeeper:
image: etcd-keeper:1.1.1
container_name: "etcdkeeper"
environment:
- TLS_ENABLE=-usetls
- AUTH_ENABLE=-auth
- CACERT=/opt/etcdkeeper/tls/ca.pem
- CERT=/opt/etcdkeeper/tls/client.pem
- KEY=/opt/etcdkeeper/tls/client-key.pem
volumes:
- ./tls:/opt/etcdkeeper/tls
ports:
- "11080:8080"
用docker-compose up -d 启动服务,当服务日志出现listening on 0.0.0.0:8080,则代表服务启动成功
启动后访问http://127.0.0.1:11080/etcdkeeper/,如果开启用户认证,需要登陆root和root用户的密码,如果etcd server开启tls,则etcd keeper需要配置证书相关。
如果连接etcd server成功,会有相关日志打印:POST v3 connect success.
操作页面如下:
ps: 图中的10.0.2.15为docker服务安装的宿主机地址,我是用virtual box安装的centos7的虚拟机,docker服务安装在虚拟机上,所以10.0.2.15也就是虚拟机的地址。
以下为etcd cluser集群docker-compose ,并开启用户认证和TLS。相关参数配置
version: '3.0'
services:
node1:
image: 'bitnami/etcd:latest'
container_name: tls_etcd1
environment:
- "ETCD_NAME=node1"
- "ETCD_ROOT_PASSWORD=hillstone"
- "ETCD_CLIENT_CERT_AUTH=true"
- "ETCD_PEER_CLIENT_CERT_AUTH=true"
- "ETCD_HEARTBEAT_INTERVAL=1000"
- "ETCD_ELECTION_TIMEOUT=10000"
- "ETCD_ADVERTISE_CLIENT_URLS=https://10.0.2.15:42379"
- "ETCD_INITIAL_ADVERTISE_PEER_URLS=https://10.0.2.15:42380"
- "ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
- "ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
- "ETCD_INITIAL_CLUSTER_TOKEN=etcd_cluster"
- "ETCD_INITIAL_CLUSTER=node1=https://10.0.2.15:42380,node2=https://10.0.2.15:52380,node3=https://10.0.2.15:62380"
- "ETCD_INITIAL_CLUSTER_STATE=new"
- "ETCD_TRUSTED_CA_FILE=/opt/bitnami/etcd/conf/ca.pem"
- "ETCD_KEY_FILE=/opt/bitnami/etcd/conf/server-key.pem"
- "ETCD_CERT_FILE=/opt/bitnami/etcd/conf/server.pem"
- "ETCD_PEER_TRUSTED_CA_FILE=/opt/bitnami/etcd/conf/ca.pem"
- "ETCD_PEER_KEY_FILE=/opt/bitnami/etcd/conf/peer-key.pem"
- "ETCD_PEER_CERT_FILE=/opt/bitnami/etcd/conf/peer.pem"
volumes:
- /etc/localtime:/etc/localtime
- ./node1/ca.pem:/opt/bitnami/etcd/conf/ca.pem
- ./node1/node1.pem:/opt/bitnami/etcd/conf/peer.pem
- ./node1/node1-key.pem:/opt/bitnami/etcd/conf/peer-key.pem
- ./node1/server.pem:/opt/bitnami/etcd/conf/server.pem
- ./node1/server-key.pem:/opt/bitnami/etcd/conf/server-key.pem
- ./node1/client-key.pem:/opt/bitnami/etcd/client-key.pem
- ./node1/client.pem:/opt/bitnami/etcd/client.pem
- ./node1/data:/bitnami/etcd/data
ports:
- 42379:2379
- 42380:2380
node2:
image: 'bitnami/etcd:latest'
container_name: tls_etcd2
environment:
- "ETCD_NAME=node2"
- "ETCD_ROOT_PASSWORD=hillstone"
- "ETCD_CLIENT_CERT_AUTH=true"
- "ETCD_PEER_CLIENT_CERT_AUTH=true"
- "ETCD_HEARTBEAT_INTERVAL=1000"
- "ETCD_ELECTION_TIMEOUT=10000"
- "ETCD_ADVERTISE_CLIENT_URLS=https://10.0.2.15:52379"
- "ETCD_INITIAL_ADVERTISE_PEER_URLS=https://10.0.2.15:52380"
- "ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
- "ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
- "ETCD_INITIAL_CLUSTER_TOKEN=etcd_cluster"
- "ETCD_INITIAL_CLUSTER=node1=https://10.0.2.15:42380,node2=https://10.0.2.15:52380,node3=https://10.0.2.15:62380"
- "ETCD_INITIAL_CLUSTER_STATE=new"
- "ETCD_TRUSTED_CA_FILE=/opt/bitnami/etcd/conf/ca.pem"
- "ETCD_KEY_FILE=/opt/bitnami/etcd/conf/server-key.pem"
- "ETCD_CERT_FILE=/opt/bitnami/etcd/conf/server.pem"
- "ETCD_PEER_TRUSTED_CA_FILE=/opt/bitnami/etcd/conf/ca.pem"
- "ETCD_PEER_KEY_FILE=/opt/bitnami/etcd/conf/peer-key.pem"
- "ETCD_PEER_CERT_FILE=/opt/bitnami/etcd/conf/peer.pem"
volumes:
- /etc/localtime:/etc/localtime
- ./node2/ca.pem:/opt/bitnami/etcd/conf/ca.pem
- ./node2/node2.pem:/opt/bitnami/etcd/conf/peer.pem
- ./node2/node2-key.pem:/opt/bitnami/etcd/conf/peer-key.pem
- ./node2/server.pem:/opt/bitnami/etcd/conf/server.pem
- ./node2/server-key.pem:/opt/bitnami/etcd/conf/server-key.pem
- ./node2/client-key.pem:/opt/bitnami/etcd/client-key.pem
- ./node2/client.pem:/opt/bitnami/etcd/client.pem
- ./node2/data:/bitnami/etcd/data
ports:
- 52379:2379
- 52380:2380
node3:
image: 'bitnami/etcd:latest'
container_name: tls_etcd3
environment:
- "ETCD_NAME=node3"
- "ETCD_ROOT_PASSWORD=hillstone"
- "ETCD_CLIENT_CERT_AUTH=true"
- "ETCD_PEER_CLIENT_CERT_AUTH=true"
- "ETCD_HEARTBEAT_INTERVAL=1000"
- "ETCD_ELECTION_TIMEOUT=10000"
- "ETCD_ADVERTISE_CLIENT_URLS=https://10.0.2.15:62379"
- "ETCD_INITIAL_ADVERTISE_PEER_URLS=https://10.0.2.15:62380"
- "ETCD_LISTEN_CLIENT_URLS=https://0.0.0.0:2379"
- "ETCD_LISTEN_PEER_URLS=https://0.0.0.0:2380"
- "ETCD_INITIAL_CLUSTER_TOKEN=etcd_cluster"
- "ETCD_INITIAL_CLUSTER=node1=https://10.0.2.15:42380,node2=https://10.0.2.15:52380,node3=https://10.0.2.15:62380"
- "ETCD_INITIAL_CLUSTER_STATE=new"
- "ETCD_TRUSTED_CA_FILE=/opt/bitnami/etcd/conf/ca.pem"
- "ETCD_KEY_FILE=/opt/bitnami/etcd/conf/server-key.pem"
- "ETCD_CERT_FILE=/opt/bitnami/etcd/conf/server.pem"
- "ETCD_PEER_TRUSTED_CA_FILE=/opt/bitnami/etcd/conf/ca.pem"
- "ETCD_PEER_KEY_FILE=/opt/bitnami/etcd/conf/peer-key.pem"
- "ETCD_PEER_CERT_FILE=/opt/bitnami/etcd/conf/peer.pem"
volumes:
- /etc/localtime:/etc/localtime
- ./node3/ca.pem:/opt/bitnami/etcd/conf/ca.pem
- ./node3/node3.pem:/opt/bitnami/etcd/conf/peer.pem
- ./node3/node3-key.pem:/opt/bitnami/etcd/conf/peer-key.pem
- ./node3/server.pem:/opt/bitnami/etcd/conf/server.pem
- ./node3/server-key.pem:/opt/bitnami/etcd/conf/server-key.pem
- ./node3/client-key.pem:/opt/bitnami/etcd/client-key.pem
- ./node3/client.pem:/opt/bitnami/etcd/client.pem
- ./node3/data:/bitnami/etcd/data
ports:
- 62379:2379
- 62380:2380
etcdkeeper:
image: ksyun/etcd-keeper:1.1.1
container_name: "tls_etcdkeeper"
environment:
- TLS_ENABLE=-usetls
- AUTH_ENABLE=-auth
- CACERT=/opt/etcdkeeper/tls/ca.pem
- CERT=/opt/etcdkeeper/tls/client.pem
- KEY=/opt/etcdkeeper/tls/client-key.pem
volumes:
- ./tls:/opt/etcdkeeper/tls
depends_on:
- node1
- node2
- node3
ports:
- "11080:8080"
华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。
更多推荐
0
0- 0
已为社区贡献1条内容
所有评论(0)