cd /data/app/k8s-ssl/ cp ca.pem kubernetes-key.pem kubernetes.pem /data/app/etcd/ssl/
ETCD_NAME=`hostname` INTERNAL_IP=`hostname -i` INITIAL_CLUSTER=zy-nph-skg-fat-channel-redis-yace01=https://172.31.170.15:2380,zy-nph-skg-fat-channel-redis-yace02=https://172.31.170.16:2380,zy-nph-skg-fat-channel-redis-yace03=https://172.31.170.17:2380 SSL_PATH=/data/app/etcd/ssl cat << EOF | sudo tee /etc/systemd/system/etcd.service [Unit] Description=etcd Documentation=https://github.com/coreos [Service] ExecStart=/usr/local/bin/etcd \\ --name ${ETCD_NAME} \\ --cert-file=${SSL_PATH}/kubernetes.pem \\ --key-file=${SSL_PATH}/kubernetes-key.pem \\ --peer-cert-file=${SSL_PATH}/kubernetes.pem \\ --peer-key-file=${SSL_PATH}/kubernetes-key.pem \\ --trusted-ca-file=${SSL_PATH}/ca.pem \\ --peer-trusted-ca-file=${SSL_PATH}/ca.pem \\ --peer-client-cert-auth \\ --client-cert-auth \\ --initial-advertise-peer-urls https://${INTERNAL_IP}:2380 \\ --listen-peer-urls https://${INTERNAL_IP}:2380 \\ --listen-client-urls https://${INTERNAL_IP}:2379,https://127.0.0.1:2379 \\ --advertise-client-urls https://${INTERNAL_IP}:2379 \\ --initial-cluster-token etcd-cluster-0 \\ --initial-cluster ${INITIAL_CLUSTER} \\ --initial-cluster-state new \\ --data-dir=/data/app/etcd/data Restart=on-failure RestartSec=5 [Install] WantedBy=multi-user.target EOF
systemctl daemon-reload
systemctl enable etcd
systemctl start etcd
export ETCDCTL_API=3 etcdctl --endpoints="172.31.170.15:2379,172.31.170.16:2379,172.31.170.17:2379" --cacert=/data/app/etcd/ssl/ca.pem --cert=/data/app/etcd/ssl/kubernetes.pem --key=/data/app/etcd/ssl/kubernetes-key.pem endpoint status --write-out=table etcdctl --endpoints="172.31.170.15:2379,172.31.170.16:2379,172.31.170.17:2379" --cacert=/data/app/etcd/ssl/ca.pem --cert=/data/app/etcd/ssl/kubernetes.pem --key=/data/app/etcd/ssl/kubernetes-key.pem endpoint health --write-out=table