etcd 单节点

服务器IP	主机角色
192.168.10.31	etcd Server

etcd Server

1. 下载 etcd 安装包

   服务器支持访问互联网

   wget https://pdpublic.mingdao.com/private-deployment/offline/common/etcd-v3.6.11-linux-amd64.tar.gz

   服务器不支持访问互联网

   # etcd 安装包文件下载链接，下载完成后上传到部署服务器
   https://pdpublic.mingdao.com/private-deployment/offline/common/etcd-v3.6.11-linux-amd64.tar.gz

2. 创建 etcd 运行用户

   useradd -M -s /sbin/nologin etcd

3. 解压 etcd 安装包并安装二进制

   mkdir -p /usr/local/etcd/bin
   tar -zxf etcd-v3.6.11-linux-amd64.tar.gz
   cp etcd-v3.6.11-linux-amd64/etcd /usr/local/etcd/bin/
   cp etcd-v3.6.11-linux-amd64/etcdctl /usr/local/etcd/bin/
   cp etcd-v3.6.11-linux-amd64/etcdutl /usr/local/etcd/bin/
   chmod +x /usr/local/etcd/bin/etcd*
   chown -R etcd:etcd /usr/local/etcd

4. 创建数据目录和日志目录

   mkdir -p /data/etcd
   mkdir -p /data/logs/etcd
   chown -R etcd:etcd /data/etcd /data/logs/etcd

5. 修改 etcd 配置文件

   cat > /usr/local/etcd/etcd.conf.yml <<'EOF'
   name: etcd
   data-dir: /data/etcd
   listen-client-urls: http://192.168.10.31:2379,http://127.0.0.1:2379
   advertise-client-urls: http://192.168.10.31:2379
   listen-peer-urls: http://192.168.10.31:2380
   initial-advertise-peer-urls: http://192.168.10.31:2380
   listen-metrics-urls: http://192.168.10.31:2381,http://127.0.0.1:2381
   initial-cluster: etcd=http://192.168.10.31:2380
   initial-cluster-token: hap-milvus-etcd
   initial-cluster-state: new
   auto-compaction-mode: periodic
   auto-compaction-retention: 10h
   quota-backend-bytes: 8589934592
   snapshot-count: 100000
   max-snapshots: 5
   max-wals: 5
   strict-reconfig-check: true
   pre-vote: true
   enable-v2: false
   metrics: basic
   logger: zap
   log-level: info
   log-outputs:
     - /data/logs/etcd/etcd.log
   enable-log-rotation: true
   log-rotation-config-json: '{"maxsize":100,"maxage":180,"maxbackups":0,"localtime":true,"compress":true}'
   EOF

   • listen-client-urls 和 advertise-client-urls 中的 IP 请替换为实际部署服务器的 IP。

6. 配置 systemd 管理 etcd

   cat > /etc/systemd/system/etcd.service <<'EOF'
   [Unit]
   Description=etcd
   Documentation=https://etcd.io/docs/
   After=network-online.target
   Wants=network-online.target
   [Service]
   Type=simple
   User=etcd
   Group=etcd
   ExecStart=/usr/local/etcd/bin/etcd --config-file=/usr/local/etcd/etcd.conf.yml
   Restart=on-failure
   RestartSec=5s
   LimitNOFILE=65536
   LimitNPROC=65536
   OOMScoreAdjust=-999
   [Install]
   WantedBy=multi-user.target
   EOF

7. 启动 etcd 并加入开机自启动

   systemctl daemon-reload
   systemctl start etcd
   systemctl enable etcd

8. 服务状态检查

   systemctl status etcd --no-pager

9. 查看运行日志

   journalctl -u etcd -n 100 -l --no-pager

10. 验证服务

    export ETCD_ENDPOINTS=http://192.168.10.31:2379
    /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} endpoint health -w table
    /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} endpoint status -w table
    /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} put /etcd-test/hello world
    /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} get /etcd-test/hello
    /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} del /etcd-test/hello

11. 开启认证

    1. 设置变量

       export ETCD_ENDPOINTS=http://192.168.10.31:2379
       export ETCD_ROOT_PASSWORD='请替换成_root_强密码'

       • ETCD_ENDPOINTS 指定当前 etcd 服务的访问端点，后续所有认证相关命令都通过它操作。
       • ETCD_ROOT_PASSWORD 指定 root 用户密码，正式部署时请替换为强口令。

    2. 确认 root 密码变量已设置

       test -n "$ETCD_ROOT_PASSWORD" && echo "ETCD_ROOT_PASSWORD 已设置" || echo "ETCD_ROOT_PASSWORD 未设置"

       • 检查 root 密码变量是否已设置，避免后续执行时使用空密码。

    3. 创建 root 用户

       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} user add "root:${ETCD_ROOT_PASSWORD}"

       • user add 用于创建 root 用户并设置密码。

    4. 授予 root 角色

       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} user grant-role root root

       • user grant-role root root 用于给 root 用户授予 root 角色，确保其拥有管理员权限。

    5. 查看 root 用户信息

       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} user get root

       • user get root 用于查看 root 用户信息，确认用户已创建成功。

    6. 启用认证功能

       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} auth enable

       • auth enable 用于开启 etcd 认证功能，开启后访问服务必须携带用户凭据。

    7. 认证验证

       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} --user="root:${ETCD_ROOT_PASSWORD}" auth status
       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} --user="root:${ETCD_ROOT_PASSWORD}" endpoint health -w table
       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} --user="root:${ETCD_ROOT_PASSWORD}" endpoint status -w table
       /usr/local/etcd/bin/etcdctl --endpoints=${ETCD_ENDPOINTS} --user="root:${ETCD_ROOT_PASSWORD}" member list -w table

       • auth status 用于查看当前认证开关状态，确认认证是否已启用。
       • endpoint health -w table 用于检查当前端点健康状态，确认认证开启后服务仍可正常访问。
       • endpoint status -w table 用于查看端点详细状态，确认单机实例运行正常。
       • member list -w table 用于查看成员列表，确认当前成员信息完整。