Created
December 6, 2016 18:49
-
-
Save mffiedler/648886c0d6fdb9685525cb5e0e65a2da to your computer and use it in GitHub Desktop.
Add etcd to a cluster
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
In general, but not complete: https://access.redhat.com/articles/2650151 | |
cd /etc/etcd | |
export NEW_ETCD="ip-172-31-31-215.us-west-2.compute.internal" | |
export CN=$NEW_ETCD | |
export SAN="IP:172.31.31.215" | |
export PREFIX="./generated_certs/etcd-$CN/" | |
mkdir $PREFIX | |
#generate cert/key/ca tarball | |
openssl req -new -keyout ${PREFIX}server.key -config ca/openssl.cnf -out ${PREFIX}server.csr -reqexts etcd_v3_req -batch -nodes -subj /CN=$CN | |
openssl ca -name etcd_ca -config ca/openssl.cnf -out ${PREFIX}server.crt -in ${PREFIX}server.csr -extensions etcd_v3_ca_server -batch | |
openssl req -new -keyout ${PREFIX}peer.key -config ca/openssl.cnf -out ${PREFIX}peer.csr -reqexts etcd_v3_req -batch -nodes -subj /CN=$CN | |
openssl ca -name etcd_ca -config ca/openssl.cnf -out ${PREFIX}peer.crt -in ${PREFIX}peer.csr -extensions etcd_v3_ca_peer -batch | |
cp ca.crt ${PREFIX} | |
cp etcd.conf ${PREFIX} | |
tar czvf generated_certs/etcd-${CN}.tgz -C ${PREFIX} . | |
#add member to cluster | |
export ETCD_CA_HOST=ip-172-31-30-194.us-west-2.compute.internal | |
export NEW_ETCD=ip-172-31-31-215.us-west-2.compute.internal | |
export NEW_ETCD_IP=172.31.31.215 | |
etcdctl -C https://${ETCD_CA_HOST}:2379 --ca-file=/etc/etcd/ca.crt --cert-file=/etc/etcd/peer.crt --key-file=/etc/etcd/peer.key member add ${NEW_ETCD} https://${NEW_ETCD_IP}:2380 | |
etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt --endpoints https://ip-172-31-30-194.us-west-2.compute.internal:2379,https://ip-172-31-30-193.us-west-2.compute.internal:2379,https://ip-172-31-30-192.us-west-2.compute.internal:2379 cluster-health | |
# scp tarball to new server and configure | |
untar tarball in /etc/etcd | |
chown etcd:etcd /etc/etcd/* | |
replace values in etcd.conf with generated values from etcdctl member add above | |
fix up any other urls in etcd.conf | |
start the service | |
etcdctl --cert-file /etc/etcd/peer.crt --key-file /etc/etcd/peer.key --ca-file /etc/etcd/ca.crt --endpoints https://ip-172-31-30-194.us-west-2.compute.internal:2379,https://ip-172-31-30-193.us-west-2.compute.internal:2379,https://ip-172-31-30-192.us-west-2.compute.internal:2379 cluster-health |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment