etcd: configuring etcd-member by hand. #1074
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,127 @@ | ||
| # Setting up etcd v3 on Container Linux "by hand" | ||
|
|
||
| The etcd v3 binary is not slated to ship with Container Linux. With this in mind, you might be wondering, how do I run the newest etcd on my Container Linux node? The short answer: systemd and rkt! | ||
|
There was a problem hiding this comment. no exclamation points is the guideline. |
||
|
|
||
| **Before we begin** if you are able to use Container Linux Configs or ignition configs [to provision your Container Linux nodes][easier-setup], you should go that route. Only follow this guide if you *have* to setup etcd the 'hard' way. | ||
|
There was a problem hiding this comment. set up (verb) setup(noun) There was a problem hiding this comment. Before we begin: If you are .. Use this guide only if you must set up etcd the hard way. There was a problem hiding this comment. The target docpage does not mention ignition and I think we try to not point casual end-users to it. I'd only say |
||
|
|
||
| This tutorial outlines how to setup the newest version of etcd on a Container Linux cluster using the `etcd-member` systemd service. This service spawns a rkt container which houses the etcd process. | ||
|
|
||
| We will deploy a simple 2 node etcd v3 cluster on two local Virtual Machines. This tutorial does not cover setting up TLS, however principles and commands in the [etcd clustering guide][etcd-clustering] carry over into this workflow. | ||
|
There was a problem hiding this comment. virtual machines - no caps. |
||
|
|
||
| | Node # | IP | etcd member name | | ||
| | ------ | --------------- | ---------------- | | ||
| | 0 | 192.168.100.100 | my-etcd-0 | | ||
| | 1 | 192.168.100.101 | my-etcd-1 | | ||
|
|
||
| First, run `sudo systemctl edit etcd-member` and paste the following code into the editor: | ||
|
There was a problem hiding this comment. I tried this. But i was confused when the editor threw a blank file. We should somewhere mention that
|
||
|
|
||
| ```ini | ||
| [Service] | ||
| Environment="ETCD_IMAGE_TAG=v3.1.7" | ||
|
There was a problem hiding this comment. nit: even by hand this often shouldn't be set so that maybe comment on it being overridable if needed. |
||
| Environment="ETCD_OPTS=\ | ||
| --name=\"my-etcd-0\" \ | ||
| --listen-client-urls=\"http://192.168.100.100:2379\" \ | ||
| --advertise-client-urls=\"http://192.168.100.100:2379\" \ | ||
| --listen-peer-urls=\"http://192.168.100.100:2380\" \ | ||
| --initial-advertise-peer-urls=\"http://192.168.100.100:2380\" \ | ||
| --initial-cluster=\"my-etcd-0=http://192.168.100.100:2380,my-etcd-1=http://192.168.100.101:2380\" \ | ||
| --initial-cluster-token=\"f7b787ea26e0c8d44033de08c2f80632\" \ | ||
| --initial-cluster-state=\"new\"" | ||
| ``` | ||
|
|
||
| Replace: | ||
|
|
||
| | Variable | value | | ||
| | ---------------------------------- | -------------------------------------------------------------------------------------------- | | ||
| | `http://192.168.100.100` | Your first node's IP address. Found easily by running `ifconfig`. | | ||
| | `http://192.168.100.101` | The second node's IP address. | | ||
| | `my-etcd-0` | The first node's name (can be whatever you want). | | ||
| | `my-etcd-1` | The other node's name. | | ||
| | `f7b787ea26e0c8d44033de08c2f80632` | The discovery token obtained from https://discovery.etcd.io/new?size=2 (generate your own!). | | ||
|
|
||
| *If you want a cluster of more than 2 nodes, make sure `size=#` where # is the number of nodes you want. Otherwise the extra ndoes will become proxies.* | ||
|
There was a problem hiding this comment. where do we edit There was a problem hiding this comment. ..do we need to italicize the paragraph ? Instead, we could use |
||
|
|
||
| 1. Edit the file appropriately and save it. Run `systemctl daemon-reload`. | ||
|
There was a problem hiding this comment.
There was a problem hiding this comment. To create a cluster of more than 2 nodes, set (note ndoes > nodes, and this paragraph doesn't have to be in italics.) There was a problem hiding this comment. and I don't think you should use numbers with so few steps. words suffice. It looks to me like this should be (correct me if I'm misunderstanding, please): Save your changes, then run Repeat for your second node. After editing, it should look like this: There was a problem hiding this comment. The rule that I would follow is using a procedure for more than 2 steps. When I tested, there were multiple steps involved. There was a problem hiding this comment. If a procedure has more than 1 step I like to make it a list. Lists are easier to read than paragraphs. |
||
| 2. Do the same on the other node, swapping the names and ip-addresses appropriately. It should look like this: | ||
|
|
||
|
|
||
| ```ini | ||
| [Service] | ||
| Environment="ETCD_IMAGE_TAG=v3.1.7" | ||
| Environment="ETCD_OPTS=\ | ||
| --name=\"my-etcd-1\" \ | ||
| --listen-client-urls=\"http://192.168.100.101:2379\" \ | ||
|
There was a problem hiding this comment. should we state what 2379 and 2380 stand for ? are these replaceable ? There was a problem hiding this comment. Later we mention that the IPs are what should be replace and make no mention of the ports. Honestly you should be familiar with what etcd does, what ports it uses, etc. You should be an intermediate etcd admin to use this guide imo. |
||
| --advertise-client-urls=\"http://192.168.100.101:2379\" \ | ||
| --listen-peer-urls=\"http://192.168.100.101:2380\" \ | ||
| --initial-advertise-peer-urls=\"http://192.168.100.101:2380\" \ | ||
| --initial-cluster=\"my-etcd-0=http://192.168.100.100:2380,my-etcd-1=http://192.168.100.101:2380\" \ | ||
| --initial-cluster-token=\"f7b787ea26e0c8d44033de08c2f80632\" \ | ||
| --initial-cluster-state=\"new\"" | ||
| ``` | ||
|
|
||
| *If at any point you get confused about this configuration file, keep in mind that these arguments are the same as those passed to the etcd binary when starting a cluster. With that in mind, reference the [etcd clustering guide][etcd-clustering] for help and sanity-checks.* | ||
|
There was a problem hiding this comment. previous comment about adding a note applicable here as well.
|
||
|
|
||
| ## Verification | ||
|
|
||
|
There was a problem hiding this comment. shall we split this into steps ?
There was a problem hiding this comment. Note that the arguments used in this configuration file are the same as those passed to the etcd binary when starting a cluster. For more information on help and sanity checks, see the [etcd clustering guide]. |
||
| You can verify that the services have been configured by running `systemctl cat etcd-member`. This will print the service and it's override conf to the screen. You should see your changes on both nodes. | ||
|
|
||
| On both nodes run `systemctl enable etcd-member && systemctl start etcd-member`. | ||
|
There was a problem hiding this comment.
There was a problem hiding this comment. ps: Unfortunately, this command hung on my test machine. There was a problem hiding this comment. Verify that the services have been configured by ... This will print the service and its ... |
||
|
|
||
| If this command hangs for a very long time, <Ctrl>+c to exit out and run `journalctl -xef`. If this outputs something like `rafthttp: request cluster ID mismatch (got 7db8ba5f405afa8d want 5030a2a4c52d7b21)` this means there is existing data on the nodes. Since we are starting completely new nodes we will wipe away the existing data and re-start the service. Run the following on both nodes: | ||
|
|
||
| ```sh | ||
| $ rm -rf /var/lib/etcd | ||
|
There was a problem hiding this comment. maybe 'stop' etcd-member first for safety? |
||
| $ systemctl restart etcd-member | ||
| ``` | ||
|
|
||
| On your local machine, you should be able to run etcdctl commands which talk to this etcd cluster. | ||
|
|
||
| ```sh | ||
| $ etcdctl --endpoints="http://192.168.100.100:2379,http://192.168.100.101:2379" cluster-health | ||
|
There was a problem hiding this comment. I seem to remember the etcdctl we ship is an older v2 version, am I wrong? Does it need an explicit env flag to activate v3? Should this go via rkt enter instead? There was a problem hiding this comment. @lucab The purpose of this is just to verify that etcd works. I was assuming you could run this command on your personal OS and not on the nodes. Should we clarify that? I don't want to bring rkt into the mix on this. There was a problem hiding this comment. Oh sorry, I missed the |
||
| member fccad8b3e5be5a7 is healthy: got healthy result from http://192.168.100.100:2379 | ||
| member c337d56ffee02e40 is healthy: got healthy result from http://192.168.100.101:2379 | ||
| cluster is healthy | ||
| $ etcdctl --endpoints="http://192.168.100.100:2379,http://192.168.100.101:2379" set it-works true | ||
| true | ||
| $ etcdctl --endpoints="http://192.168.100.100:2379,http://192.168.100.101:2379" get it-works | ||
| true | ||
| ``` | ||
|
|
||
| There you have it! You have now setup etcd v3 by hand. Pat yourself on the back. Take five. | ||
|
There was a problem hiding this comment. set up (verb) or configured |
||
|
|
||
| ## Troubleshooting | ||
|
|
||
| In the process of setting up your etcd cluster you got it into a non-working state, you have a few options: | ||
|
There was a problem hiding this comment. Is this missing a starting "If"? There was a problem hiding this comment. If you encounter an issue while setting up your etcd cluster, do either of the following:
|
||
|
|
||
| 1. Reference the [runtime configuration guide][runtime-guide]. | ||
|
There was a problem hiding this comment. Is this a procedure or an option ? If option please use an itemized list instead of ordered list. |
||
| 2. Reset your environment. | ||
|
|
||
| Since etcd is running in a container, the second option is very easy. | ||
|
|
||
| Start by stopping the `etcd-member` service (run these commands *on* the Container Linux nodes). | ||
|
There was a problem hiding this comment. Run the following commands on the Container Linux nodes:
|
||
|
|
||
| ```sh | ||
| $ systemctl stop etcd-member | ||
| $ systemctl status etcd-member | ||
| ● etcd-member.service - etcd (System Application Container) | ||
| Loaded: loaded (/usr/lib/systemd/system/etcd-member.service; disabled; vendor preset: disabled) | ||
| Drop-In: /etc/systemd/system/etcd-member.service.d | ||
| └─override.conf | ||
| Active: inactive (dead) | ||
| Docs: https://github.com/coreos/etcd | ||
| ``` | ||
|
|
||
| Next, delete the etcd data (again, run on the Container Linux nodes): | ||
|
|
||
|
|
||
| ```sh | ||
| $ rm /var/lib/etcd2 | ||
| $ rm /var/lib/etcd | ||
| ``` | ||
|
|
||
| *If you set the etcd-member to have a custom data directory, you will need to run a different `rm` command.* | ||
|
|
||
| Edit the etcd-member service, restart the `etcd-member` service, and basically start this guide again from the top. | ||
|
There was a problem hiding this comment.
|
||
|
|
||
| [runtime-guide]: https://coreos.com/etcd/docs/latest/op-guide/runtime-configuration.html | ||
| [etcd-clustering]: https://coreos.com/etcd/docs/latest/op-guide/clustering.html | ||
| [easier-setup]: getting-started-with-etcd.md | ||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Configuring etcd v3 Manually on Container Linux
Setting up etcd v3 on Container Linux Manually ?
Manual Configuration of etcd3 on Container Linux ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the third one is the best one.