Documentation/demo: add member, auth example
Gyu-Ho Lee
parent
9664df1b5e
commit
b2a8acdf10
|
|
@ -312,3 +312,143 @@ etcdctl --endpoints=$ENDPOINT migrate --data-dir="default.etcd" --wal-dir="defau
|
|||
etcdctl --endpoints=$ENDPOINTS get /foo
|
||||
```
|
||||
|
||||
|
||||
## Member
|
||||
|
||||
`member` to add,remove,update membership:
|
||||
|
||||
<img src="https://storage.googleapis.com/etcd/demo/13_etcdctl_member_2016062301.gif" alt="13_etcdctl_member_2016062301"/>
|
||||
|
||||
```
|
||||
# For each machine
|
||||
TOKEN=my-etcd-token-1
|
||||
CLUSTER_STATE=new
|
||||
NAME_1=etcd-node-1
|
||||
NAME_2=etcd-node-2
|
||||
NAME_3=etcd-node-3
|
||||
HOST_1=10.240.0.13
|
||||
HOST_2=10.240.0.14
|
||||
HOST_3=10.240.0.15
|
||||
CLUSTER=${NAME_1}=http://${HOST_1}:2380,${NAME_2}=http://${HOST_2}:2380,${NAME_3}=http://${HOST_3}:2380
|
||||
|
||||
# For node 1
|
||||
THIS_NAME=${NAME_1}
|
||||
THIS_IP=${HOST_1}
|
||||
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||
--listen-client-urls http://${THIS_IP}:2379 \
|
||||
--initial-cluster ${CLUSTER} \
|
||||
--initial-cluster-state ${CLUSTER_STATE} \
|
||||
--initial-cluster-token ${TOKEN}
|
||||
|
||||
# For node 2
|
||||
THIS_NAME=${NAME_2}
|
||||
THIS_IP=${HOST_2}
|
||||
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||
--listen-client-urls http://${THIS_IP}:2379 \
|
||||
--initial-cluster ${CLUSTER} \
|
||||
--initial-cluster-state ${CLUSTER_STATE} \
|
||||
--initial-cluster-token ${TOKEN}
|
||||
|
||||
# For node 3
|
||||
THIS_NAME=${NAME_3}
|
||||
THIS_IP=${HOST_3}
|
||||
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||
--listen-client-urls http://${THIS_IP}:2379 \
|
||||
--initial-cluster ${CLUSTER} \
|
||||
--initial-cluster-state ${CLUSTER_STATE} \
|
||||
--initial-cluster-token ${TOKEN}
|
||||
```
|
||||
|
||||
Then replace a member with `member remove` and `member add` commands:
|
||||
|
||||
```
|
||||
# get member ID
|
||||
export ETCDCTL_API=3
|
||||
HOST_1=10.240.0.13
|
||||
HOST_2=10.240.0.14
|
||||
HOST_3=10.240.0.15
|
||||
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379,${HOST_3}:2379 member list
|
||||
|
||||
# remove the member
|
||||
MEMBER_ID=278c654c9a6dfd3b
|
||||
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379,${HOST_3}:2379 \
|
||||
member remove ${MEMBER_ID}
|
||||
|
||||
# add a new member (node 4)
|
||||
export ETCDCTL_API=3
|
||||
NAME_1=etcd-node-1
|
||||
NAME_2=etcd-node-2
|
||||
NAME_4=etcd-node-4
|
||||
HOST_1=10.240.0.13
|
||||
HOST_2=10.240.0.14
|
||||
HOST_4=10.240.0.16 # new member
|
||||
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379 \
|
||||
member add ${NAME_4} \
|
||||
--peer-urls=http://${HOST_4}:2380
|
||||
```
|
||||
|
||||
Next, start the new member with `--initial-cluster-state existing` flag:
|
||||
|
||||
```
|
||||
# [WARNING] If the new member starts from the same disk space,
|
||||
# make sure to remove the data directory of the old member
|
||||
#
|
||||
# restart with 'existing' flag
|
||||
TOKEN=my-etcd-token-1
|
||||
CLUSTER_STATE=existing
|
||||
NAME_1=etcd-node-1
|
||||
NAME_2=etcd-node-2
|
||||
NAME_4=etcd-node-4
|
||||
HOST_1=10.240.0.13
|
||||
HOST_2=10.240.0.14
|
||||
HOST_4=10.240.0.16 # new member
|
||||
CLUSTER=${NAME_1}=http://${HOST_1}:2380,${NAME_2}=http://${HOST_2}:2380,${NAME_4}=http://${HOST_4}:2380
|
||||
|
||||
THIS_NAME=${NAME_4}
|
||||
THIS_IP=${HOST_4}
|
||||
etcd --data-dir=data.etcd --name ${THIS_NAME} \
|
||||
--initial-advertise-peer-urls http://${THIS_IP}:2380 \
|
||||
--listen-peer-urls http://${THIS_IP}:2380 \
|
||||
--advertise-client-urls http://${THIS_IP}:2379 \
|
||||
--listen-client-urls http://${THIS_IP}:2379 \
|
||||
--initial-cluster ${CLUSTER} \
|
||||
--initial-cluster-state ${CLUSTER_STATE} \
|
||||
--initial-cluster-token ${TOKEN}
|
||||
```
|
||||
|
||||
|
||||
## Auth
|
||||
|
||||
`auth`,`user`,`role` for authentication:
|
||||
|
||||
<img src="https://storage.googleapis.com/etcd/demo/14_etcdctl_auth_2016062301.gif" alt="14_etcdctl_auth_2016062301"/>
|
||||
|
||||
```
|
||||
export ETCDCTL_API=3
|
||||
ENDPOINTS=localhost:2379
|
||||
|
||||
etcdctl --endpoints=${ENDPOINTS} role add root
|
||||
etcdctl --endpoints=${ENDPOINTS} role grant-permission root readwrite foo
|
||||
etcdctl --endpoints=${ENDPOINTS} role get root
|
||||
|
||||
etcdctl --endpoints=${ENDPOINTS} user add root
|
||||
etcdctl --endpoints=${ENDPOINTS} user grant-role root root
|
||||
etcdctl --endpoints=${ENDPOINTS} user get root
|
||||
|
||||
etcdctl --endpoints=${ENDPOINTS} auth enable
|
||||
# now all client requests go through auth
|
||||
|
||||
etcdctl --endpoints=${ENDPOINTS} --user=root:123 put foo bar
|
||||
etcdctl --endpoints=${ENDPOINTS} get foo
|
||||
etcdctl --endpoints=${ENDPOINTS} --user=root:123 get foo
|
||||
etcdctl --endpoints=${ENDPOINTS} --user=root:123 get foo1
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in New Issue