Merge pull request #5762 from gyuho/member_auth
Documentation/demo: add member, auth examplerelease-3.0
commit
a7189ef073
|
@ -312,3 +312,143 @@ etcdctl --endpoints=$ENDPOINT migrate --data-dir="default.etcd" --wal-dir="defau
|
||||||
etcdctl --endpoints=$ENDPOINTS get /foo
|
etcdctl --endpoints=$ENDPOINTS get /foo
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Member
|
||||||
|
|
||||||
|
`member` to add,remove,update membership:
|
||||||
|
|
||||||
|
<img src="https://storage.googleapis.com/etcd/demo/13_etcdctl_member_2016062301.gif" alt="13_etcdctl_member_2016062301"/>
|
||||||
|
|
||||||
|
```
|
||||||
|
# For each machine
|
||||||
|
TOKEN=my-etcd-token-1
|
||||||
|
CLUSTER_STATE=new
|
||||||
|
NAME_1=etcd-node-1
|
||||||
|
NAME_2=etcd-node-2
|
||||||
|
NAME_3=etcd-node-3
|
||||||
|
HOST_1=10.240.0.13
|
||||||
|
HOST_2=10.240.0.14
|
||||||
|
HOST_3=10.240.0.15
|
||||||
|
CLUSTER=${NAME_1}=http://${HOST_1}:2380,${NAME_2}=http://${HOST_2}:2380,${NAME_3}=http://${HOST_3}:2380
|
||||||
|
|
||||||
|
# For node 1
|
||||||
|
THIS_NAME=${NAME_1}
|
||||||
|
THIS_IP=${HOST_1}
|
||||||
|
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||||
|
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--listen-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--initial-cluster ${CLUSTER} \
|
||||||
|
--initial-cluster-state ${CLUSTER_STATE} \
|
||||||
|
--initial-cluster-token ${TOKEN}
|
||||||
|
|
||||||
|
# For node 2
|
||||||
|
THIS_NAME=${NAME_2}
|
||||||
|
THIS_IP=${HOST_2}
|
||||||
|
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||||
|
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--listen-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--initial-cluster ${CLUSTER} \
|
||||||
|
--initial-cluster-state ${CLUSTER_STATE} \
|
||||||
|
--initial-cluster-token ${TOKEN}
|
||||||
|
|
||||||
|
# For node 3
|
||||||
|
THIS_NAME=${NAME_3}
|
||||||
|
THIS_IP=${HOST_3}
|
||||||
|
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||||
|
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--listen-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--initial-cluster ${CLUSTER} \
|
||||||
|
--initial-cluster-state ${CLUSTER_STATE} \
|
||||||
|
--initial-cluster-token ${TOKEN}
|
||||||
|
```
|
||||||
|
|
||||||
|
Then replace a member with `member remove` and `member add` commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
# get member ID
|
||||||
|
export ETCDCTL_API=3
|
||||||
|
HOST_1=10.240.0.13
|
||||||
|
HOST_2=10.240.0.14
|
||||||
|
HOST_3=10.240.0.15
|
||||||
|
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379,${HOST_3}:2379 member list
|
||||||
|
|
||||||
|
# remove the member
|
||||||
|
MEMBER_ID=278c654c9a6dfd3b
|
||||||
|
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379,${HOST_3}:2379 \
|
||||||
|
member remove ${MEMBER_ID}
|
||||||
|
|
||||||
|
# add a new member (node 4)
|
||||||
|
export ETCDCTL_API=3
|
||||||
|
NAME_1=etcd-node-1
|
||||||
|
NAME_2=etcd-node-2
|
||||||
|
NAME_4=etcd-node-4
|
||||||
|
HOST_1=10.240.0.13
|
||||||
|
HOST_2=10.240.0.14
|
||||||
|
HOST_4=10.240.0.16 # new member
|
||||||
|
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379 \
|
||||||
|
member add ${NAME_4} \
|
||||||
|
--peer-urls=http://${HOST_4}:2380
|
||||||
|
```
|
||||||
|
|
||||||
|
Next, start the new member with `--initial-cluster-state existing` flag:
|
||||||
|
|
||||||
|
```
|
||||||
|
# [WARNING] If the new member starts from the same disk space,
|
||||||
|
# make sure to remove the data directory of the old member
|
||||||
|
#
|
||||||
|
# restart with 'existing' flag
|
||||||
|
TOKEN=my-etcd-token-1
|
||||||
|
CLUSTER_STATE=existing
|
||||||
|
NAME_1=etcd-node-1
|
||||||
|
NAME_2=etcd-node-2
|
||||||
|
NAME_4=etcd-node-4
|
||||||
|
HOST_1=10.240.0.13
|
||||||
|
HOST_2=10.240.0.14
|
||||||
|
HOST_4=10.240.0.16 # new member
|
||||||
|
CLUSTER=${NAME_1}=http://${HOST_1}:2380,${NAME_2}=http://${HOST_2}:2380,${NAME_4}=http://${HOST_4}:2380
|
||||||
|
|
||||||
|
THIS_NAME=${NAME_4}
|
||||||
|
THIS_IP=${HOST_4}
|
||||||
|
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||||
|
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||||
|
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--listen-client-urls http://${THIS_IP}:2379 \
|
||||||
|
--initial-cluster ${CLUSTER} \
|
||||||
|
--initial-cluster-state ${CLUSTER_STATE} \
|
||||||
|
--initial-cluster-token ${TOKEN}
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Auth
|
||||||
|
|
||||||
|
`auth`,`user`,`role` for authentication:
|
||||||
|
|
||||||
|
<img src="https://storage.googleapis.com/etcd/demo/14_etcdctl_auth_2016062301.gif" alt="14_etcdctl_auth_2016062301"/>
|
||||||
|
|
||||||
|
```
|
||||||
|
export ETCDCTL_API=3
|
||||||
|
ENDPOINTS=localhost:2379
|
||||||
|
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} role add root
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} role grant-permission root readwrite foo
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} role get root
|
||||||
|
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} user add root
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} user grant-role root root
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} user get root
|
||||||
|
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} auth enable
|
||||||
|
# now all client requests go through auth
|
||||||
|
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} --user=root:123 put foo bar
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} get foo
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} --user=root:123 get foo
|
||||||
|
etcdctl --endpoints=${ENDPOINTS} --user=root:123 get foo1
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in New Issue