ETCD分布式存储部署

一、ETCD 概述

ETCD 是一个分布式一致性k-v存储系统，可用于服务注册发现与共享配置。具有一下优点:

• 简单： 相比于晦涩难懂的paxos算法，etcd基于相对简单且易实现的raft算法实现一致性，并通过gRPC提供接口调用
• 安全：支持TLS通信，并可以针对不同的用户进行对key的读写控制
• 高性能：10，000/秒的写性能

二、overlay网络模式

容器在两个跨主机通信的时候，是使用overlay network这个网络模式进行通信，如果使用host也可以实现跨主机进行通信，直接使用这个物理的ip地址就可以进行通信。overlay它会虚拟出一个网络比如10.0.9.3 这个ip地址，在这个overlay网络模式里面，有一个类似于服务网关的地址，然后这个包转发到物理服务器这个地址，最终通过路由和交换，到达另一个服务器的ip地址。

在docker容器里面overlay是怎么实现的呢？

我们会有一个服务发现，比如说consul，会定义一个ip地址池，比如10.0.9.0/24 之类的，上面会有容器，容器ip地址会从上面去获取，获取完了后，会通过eth1进行通信，贼这实现跨主机的东西。

三、部署ETCD集群

node1部署

[root@node1 ~]# wget https://github.com/coreos/etcd/releases/download/v3.0.12/etcd-v3.0.12-linux-amd64.tar.gz
[root@node1 ~]# tar zxf etcd-v3.0.12-linux-amd64.tar.gz
[root@node1 ~]# cd etcd-v3.0.12-linux-amd64/
[root@node1 etcd-v3.0.12-linux-amd64]# nohup ./etcd --name docker-node1 --initial-advertise-peer-urls http://10.211.55.12:2380 \
> --listen-peer-urls http://10.211.55.12:2380 \
> --listen-client-urls http://10.211.55.12:2379,http://127.0.0.1:2379 \
> --advertise-client-urls http://10.211.55.12:2379 \
> --initial-cluster-token etcd-cluster \
> --initial-cluster docker-node1=http://10.211.55.12:2380,docker-node2=http://10.211.55.13:2380 \
> --initial-cluster-state new&
[1] 32505

node2部署

[root@node2 ~]# wget https://github.com/coreos/etcd/releases/download/v3.0.12/etcd-v3.0.12-linux-amd64.tar.gz
[root@node2 ~]# tar zxf etcd-v3.0.12-linux-amd64.tar.gz
[root@node2 ~]# cd etcd-v3.0.12-linux-amd64/
[root@node2 etcd-v3.0.12-linux-amd64]# nohup ./etcd --name docker-node2 --initial-advertise-peer-urls http://10.211.55.13:2380 \
> --listen-peer-urls http://10.211.55.13:2380 \
> --listen-client-urls http://10.211.55.13:2379,http://127.0.0.1:2379 \
> --advertise-client-urls http://10.211.55.13:2379 \
> --initial-cluster-token etcd-cluster \
> --initial-cluster docker-node1=http://10.211.55.12:2380,docker-node2=http://10.211.55.13:2380 \
> --initial-cluster-state new&
[1] 19240

检查cluster状态

[root@node2 etcd-v3.0.12-linux-amd64]# ./etcdctl cluster-health
member 98da03f1eca9d9d is healthy: got healthy result from http://10.211.55.12:2379
member 63a987e985acb514 is healthy: got healthy result from http://10.211.55.13:2379
cluster is healthy

参数说明

参数说明：
● –data-dir 指定节点的数据存储目录，若不指定，则默认是当前目录。这些数据包括节点ID，集群ID，集群初始化配置，Snapshot文件，若未指 定–wal-dir，还会存储WAL文件
● –wal-dir 指定节点的was文件存储目录，若指定了该参数，wal文件会和其他数据文件分开存储
● –name 节点名称
● –initial-advertise-peer-urls 告知集群其他节点的URL，tcp2380端口用于集群通信
● –listen-peer-urls 监听URL，用于与其他节点通讯
● –advertise-client-urls 告知客户端的URL, 也就是服务的URL，tcp2379端口用于监听客户端请求
● –initial-cluster-token 集群的ID
● –initial-cluster 集群中所有节点
● –initial-cluster-state 集群状态，new为新创建集群，existing为已存在的集群

四、管理etcd集群

1.查看集群版本
# etcdctl  --version
# etcdctl  --help
1
2
2.查看集群健康状态
# etcdctl cluster-health
1
3.查看集群成员
# etcdctl  member  list
1
在任一节点上执行，可以看到集群的节点情况，并能看出哪个是leader节点
4.更新一个节点
如果你想更新一个节点的IP(peerURLS)，首先你需要知道那个节点的ID
# etcdctl member list
# etcdctl member update memberID http://ip:2380
1
2
5.删除一个节点（Etcd集群成员的缩）
#  etcdctl  member  list
#  etcdctl  member  remove  memberID
#  etcdctl  member  list
#  ps -ef|grep etcd          //在相关节点上kill掉etcd进程
1
2
3
4
6.增加一个新节点（Etcd集群成员的伸）
注意:步骤很重要，不然会报集群ID不匹配
# etcdctl member add --help
1
a. 将目标节点添加到集群
# etcdctl member add etcd3 http://10.1.2.174:2380
Addedmember named etcd3 with ID 28e0d98e7ec15cd4 to cluster
ETCD_NAME="etcd3"
ETCD_INITIAL_CLUSTER="etcd0=http://10.1.2.61:2380,etcd1=http://10.1.2.172:2380,etcd2=http://10.1.2.173:2380,etcd3=http://10.1.2.174:2380"
ETCD_INITIAL_CLUSTER_STATE="existing"
1
2
3
4
5
6
b. 查看新增成员列表，etcd3状态为unstarted
# etcdctl member list
d4f257d2b5f99b64[unstarted]:peerURLs=http://10.1.2.174:2380
1
2
c. 清空目标节点etcd3的data-dir
节点删除后，集群中的成员信息会更新，新节点是作为一个全新的节点加入集群，如果data-dir有数据，etcd启动时会读取己经存在的数据，仍然用老的memberID会造成无法加入集群，所以一定要清空新节点的data-dir。
# rm  -rf  /path/to/etcd/data
1
d. 在目标节点上启动新增加的成员
这里的initial标记一定要指定为existing，如果为new，则会自动生成一个新的memberID，这和前面添加节点时生成的ID不一致，故日志中会报节点ID不匹配的错。
# vim  etcd3.sh
1
修改etcd3.sh，脚本中–advertise-client-urls 和 –initial-advertis-peer-urls 参数修改为etcd3的，–initial-cluster-state改为existing
# nohup   ./etcd3.sh  &
# etcdctl  member  list

五、Docker使用ETCD分布式存储

node1

[root@node1 ~]#service docker stop
[root@node1 ~]# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=etcd://10.211.55.12:2379 --cluster-advertise=10.211.55.12:2375&

node2

[root@node2 ~]#service docker stop
[root@node2 ~]# /usr/bin/dockerd -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock --cluster-store=etcd://10.211.55.13:2379 --cluster-advertise=10.211.55.13:2375&

六、创建overlay network

在node1上创建一个demo的overlay network

[root@node1 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
550d5b450fe3        bridge              bridge              local
cca92be73cc6        host                host                local
d21360748bfc        none                null                local
[root@node1 ~]# docker network create -d overlay demo
97e959031044ec634d61d2e721cb0348d7ff852af3f575d75d2988c07e0f9846
[root@node1 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
550d5b450fe3        bridge              bridge              local
97e959031044        demo                overlay             global
cca92be73cc6        host                host                local
d21360748bfc        none                null                local
[root@node1 ~]# docker network inspect demo
[
    {
        "Name": "demo",
        "Id": "97e959031044ec634d61d2e721cb0348d7ff852af3f575d75d2988c07e0f9846",
        "Created": "2018-08-01T22:22:01.958142468+08:00",
        "Scope": "global",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": {},
            "Config": [
                {
                    "Subnet": "10.0.0.0/24",
                    "Gateway": "10.0.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {},
        "Options": {},
        "Labels": {}
    }
]

我们会看到在node2上，这个demo的overlay network会被同步创建

[root@node2 etcd-v3.0.12-linux-amd64]# cd
[root@node2 ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
c6af37ef6765        bridge              bridge              local
97e959031044        demo                overlay             global
de15cdab46b0        host                host                local
cc3ec612fd29        none                null                local
# 说明etcd分布式存储已经起作用，两个节点数据已同步

通过查看etcd的key-value, 我们获取到，这个demo的network是通过etcd从node1同步到node2的

[root@node2 etcd-v3.0.12-linux-amd64]# ./etcdctl ls /docker
/docker/nodes
/docker/network
[root@node2 etcd-v3.0.12-linux-amd64]# ./etcdctl ls /docker/nodes
/docker/nodes/10.211.55.12:2375
/docker/nodes/10.211.55.13:2375
[root@node2 etcd-v3.0.12-linux-amd64]# ./etcdctl ls /docker/network/v1.0/network
/docker/network/v1.0/network/97e959031044ec634d61d2e721cb0348d7ff852af3f575d75d2988c07e0f9846
[root@node2 etcd-v3.0.12-linux-amd64]# ./etcdctl get /docker/network/v1.0/network/97e959031044ec634d61d2e721cb0348d7ff852af3f575d75d2988c07e0f9846
{"addrSpace":"GlobalDefault","attachable":false,"configFrom":"","configOnly":false,"created":"2018-08-01T22:22:01.958142468+08:00","enableIPv6":false,"generic":{"com.docker.network.enable_ipv6":false,"com.docker.network.generic":{}},"id":"97e959031044ec634d61d2e721cb0348d7ff852af3f575d75d2988c07e0f9846","inDelete":false,"ingress":false,"internal":false,"ipamOptions":{},"ipamType":"default","ipamV4Config":"[{\"PreferredPool\":\"\",\"SubPool\":\"\",\"Gateway\":\"\",\"AuxAddresses\":null}]","ipamV4Info":"[{\"IPAMData\":\"{\\\"AddressSpace\\\":\\\"GlobalDefault\\\",\\\"Gateway\\\":\\\"10.0.0.1/24\\\",\\\"Pool\\\":\\\"10.0.0.0/24\\\"}\",\"PoolID\":\"GlobalDefault/10.0.0.0/24\"}]","labels":{},"loadBalancerIP":"","name":"demo","networkType":"overlay","persist":true,"postIPv6":false,"scope":"global"}

七、创建连接demo网络的容器

node1

[root@node1 ~]# docker run -d --name test1 --net demo busybox sh -c "while true; do sleep 3600; done"
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
8c5a7da1afbc: Pull complete
Digest: sha256:cb63aa0641a885f54de20f61d152187419e8f6b159ed11a251a09d115fdff9bd
Status: Downloaded newer image for busybox:latest
4bc3ab1cb7d838e8ef314618e6d3d878e744ef7842196a00b3999e6b6fe8402f
ERRO[2018-08-01T22:26:33.105124642+08:00] Failed to deserialize netlink ndmsg: invalid argument
INFO[0379] shim docker-containerd-shim started           address="/containerd-shim/moby/4bc3ab1cb7d838e8ef314618e6d3d878e744ef7842196a00b3999e6b6fe8402f/shim.sock" debug=false pid=6630
[root@node1 ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS               NAMES
4bc3ab1cb7d8        busybox             "sh -c 'while true; …"   26 seconds ago      Up 24 seconds                           test1
[root@node1 ~]# docker exec test1 ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:0A:00:00:02
          inet addr:10.0.0.2  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
eth1      Link encap:Ethernet  HWaddr 02:42:AC:12:00:02
          inet addr:172.18.0.2  Bcast:172.18.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:31 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4045 (3.9 KiB)  TX bytes:0 (0.0 B)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

node2

[root@node2 ~]# docker run -d --name test1 --net demo busybox sh -c "while true; do sleep 3600; done"
Unable to find image 'busybox:latest' locally
latest: Pulling from library/busybox
56bec22e3559: Pull complete
Digest: sha256:29f5d56d12684887bdfa50dcd29fc31eea4aaf4ad3bec43daf19026a7ce69912
Status: Downloaded newer image for busybox:latest
fad6dc6538a85d3dcc958e8ed7b1ec3810feee3e454c1d3f4e53ba25429b290b
docker: Error response from daemon: service endpoint with name test1 already exists.    # 容器已存在
[root@node2 ~]# docker run -d --name test2 --net demo busybox sh -c "while true; do sleep 3600; done"
9d494a2f66a69e6b861961d0c6af2446265bec9b1d273d7e70d0e46eb2e98d20

验证连通性

[root@node2 etcd-v3.0.12-linux-amd64]# docker exec -it test2 ifconfig
eth0      Link encap:Ethernet  HWaddr 02:42:0A:00:00:03
          inet addr:10.0.0.3  Bcast:10.0.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1450  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
eth1      Link encap:Ethernet  HWaddr 02:42:AC:12:00:02
          inet addr:172.18.0.2  Bcast:172.18.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:4110 (4.0 KiB)  TX bytes:0 (0.0 B)
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
[root@node1 ~]# docker exec test1 sh -c "ping 10.0.0.3"
PING 10.0.0.3 (10.0.0.3): 56 data bytes
64 bytes from 10.0.0.3: seq=0 ttl=64 time=0.698 ms
64 bytes from 10.0.0.3: seq=1 ttl=64 time=1.034 ms
64 bytes from 10.0.0.3: seq=2 ttl=64 time=1.177 ms
64 bytes from 10.0.0.3: seq=3 ttl=64 time=0.708 ms
64 bytes from 10.0.0.3: seq=4 ttl=64 time=0.651 ms