在master1上安装cfssl

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64chmod +x cfssl_linux-amd64 cfssljson_linux-amd64mv cfssl_linux-amd64 /usr/local/bin/cfsslmv cfssljson_linux-amd64 /usr/local/bin/cfssljson

安装etcd二进制文件

# 创建目录mkdir -p /data/etcd/bin

# 下载cd /tmpwget https://storage.googleapis.com/etcd/v3.3.25/etcd-v3.3.25-linux-amd64.tar.gztar zxf etcd-v3.3.25-linux-amd64.tar.gzcd etcd-v3.3.25-linux-amd64mv etcd etcdctl /data/etcd/bin/

创建ca证书，客户端，服务端，节点之间的证书

Etcd属于server ,etcdctl 属于client，二者之间通过http协议进行通信。

创建目录

创建ca证书

生成客户端证书

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json  | cfssljson -bare client -

生成server，peer证书

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server etcd.json | cfssljson -bare servercfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer etcd.json | cfssljson -bare peer

将master01的/data/etcd/ssl目录同步到master02和master03上

scp -r /data/etcd etcd2:/data/etcdscp -r /data/etcd etcd3:/data/etcd

etcd systemd配置文件

vim /usr/lib/systemd/system/etcd.service

三台主机配置不一样用的时候把注释尽量删除

启动etcd集群

systemctl daemon-reloadsystemctl enable etcdsystemctl start etcdsystemctl status etcd