Назад | Перейти на главную страницу

Etcd: машины не могут подключиться к кластеру

Я перенастроил свой кластер etcd для работы с сертификатами, и теперь, когда я пытаюсь начать, я получаю первую машину:

Nov 05 16:24:43 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 received vote from 21b9ef35413b514 at term 493
Nov 05 16:24:43 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 [logterm: 1, index: 2] sent vote request to aa869cb0f2e7ed31 at term 493
Nov 05 16:24:44 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 is starting a new election at term 493
Nov 05 16:24:44 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 became candidate at term 494
Nov 05 16:24:44 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 received vote from 21b9ef35413b514 at term 494
Nov 05 16:24:44 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 [logterm: 1, index: 2] sent vote request to aa869cb0f2e7ed31 at term 494
Nov 05 16:24:46 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 is starting a new election at term 494
Nov 05 16:24:46 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 became candidate at term 495
Nov 05 16:24:46 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 received vote from 21b9ef35413b514 at term 495
Nov 05 16:24:46 Dm3Ch-Server-Node1 etcd[13999]: 21b9ef35413b514 [logterm: 1, index: 2] sent vote request to aa869cb0f2e7ed31 at term 495

Вторая машина:

Nov 05 16:24:31 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 received vote from aa869cb0f2e7ed31 at term 474
Nov 05 16:24:31 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 [logterm: 1, index: 2] sent vote request to 21b9ef35413b514 at term 474
Nov 05 16:24:33 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 is starting a new election at term 474
Nov 05 16:24:33 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 became candidate at term 475
Nov 05 16:24:33 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 received vote from aa869cb0f2e7ed31 at term 475
Nov 05 16:24:33 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 [logterm: 1, index: 2] sent vote request to 21b9ef35413b514 at term 475
Nov 05 16:24:35 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 is starting a new election at term 475
Nov 05 16:24:35 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 became candidate at term 476
Nov 05 16:24:35 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 received vote from aa869cb0f2e7ed31 at term 476
Nov 05 16:24:35 Dm3Ch-Server-Node3 etcd[8141]: aa869cb0f2e7ed31 [logterm: 1, index: 2] sent vote request to 21b9ef35413b514 at term 476

Версия etcd:

root@Dm3Ch-Server-Node3:/usr/share/ca-certificates# etcd -v
2016-11-05 16:26:18.044893 W | flags: flag "-v" is no longer supported - ignoring.
2016-11-05 16:26:18.050046 I | etcdmain: etcd Version: 3.0.14
2016-11-05 16:26:18.050082 I | etcdmain: Git SHA: 8a37349
2016-11-05 16:26:18.050106 I | etcdmain: Go Version: go1.6.3
2016-11-05 16:26:18.050130 I | etcdmain: Go OS/Arch: linux/amd64
2016-11-05 16:26:18.050157 I | etcdmain: setting maximum number of CPUs to 2, total number of available CPUs is 2
2016-11-05 16:26:18.050182 W | etcdmain: no data-dir provided, using default data-dir ./default.etcd
2016-11-05 16:26:18.050710 I | etcdmain: listening for peers on http://localhost:2380
2016-11-05 16:26:18.050870 I | etcdmain: stopping listening for peers on http://localhost:2380
2016-11-05 16:26:18.050934 C | etcdmain: listen tcp 127.0.0.1:2379: bind: address already in use

Обе машины работают под управлением Debian Jessie. Etcd config первая машина:

## etcd(1) daemon options
## See "/usr/share/doc/etcd/Documentation/configuration.md.gz".

### Member Flags

##### -name
## Human-readable name for this member.
## default: host name returned by `hostname`.
## This value is referenced as this node's own entries listed in the `-initial-cluster`
## flag (Ex: `default=http://localhost:2380` or `default=http://localhost:2380,default=http://localhost:7001`).
## This needs to match the key used in the flag if you're using [static boostrapping](clustering.md#static).
ETCD_NAME="node1"

##### -data-dir
## Path to the data directory.
# ETCD_DATA_DIR="/var/lib/etcd"

##### -wal-dir
## Path to the dedicated wal directory. If this flag is set, etcd will write the
## WAL files to the walDir rather than the dataDir. This allows a dedicated disk
## to be used, and helps avoid io competition between logging and other IO operations.
## default: ""
# ETCD_WAL_DIR

##### -snapshot-count
## Number of committed transactions to trigger a snapshot to disk.
## default: "10000"
# ETCD_SNAPSHOT_COUNT="10000"

##### -heartbeat-interval
## Time (in milliseconds) of a heartbeat interval.
## default: "100"
# ETCD_HEARTBEAT_INTERVAL="100"

##### -election-timeout
## Time (in milliseconds) for an election to timeout.
## See /usr/share/doc/etcd/Documentation/tuning.md
## default: "1000"
# ETCD_ELECTION_TIMEOUT="1000"

##### -listen-peer-urls
## List of URLs to listen on for peer traffic. This flag tells the etcd to accept
## incoming requests from its peers on the specified scheme://IP:port combinations.
## Scheme can be either http or https. If 0.0.0.0 is specified as the IP, etcd
## listens to the given port on all interfaces. If an IP address is given as
## well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen on.
## The etcd will respond to requests from any of the listed addresses and ports.
## example: "http://10.0.0.1:2380"
## invalid example: "http://example.com:2380" (domain name is invalid for binding)
## default: "http://localhost:2380,http://localhost:7001"
ETCD_LISTEN_PEER_URLS="https://192.168.1.2:2380"

##### -listen-client-urls
## List of URLs to listen on for client traffic. This flag tells the etcd to accept
## incoming requests from the clients on the specified scheme://IP:port combinations.
## Scheme can be either http or https. If 0.0.0.0 is specified as the IP, etcd
## listens to the given port on all interfaces. If an IP address is given as
## well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen on.
## The etcd will respond to requests from any of the listed addresses and ports.
## (ADVERTISE_CLIENT_URLS is required when LISTEN_CLIENT_URLS is set explicitly).
## example: "http://10.0.0.1:2379"
## invalid example: "http://example.com:2379" (domain name is invalid for binding)
## default: "http://localhost:2379,http://localhost:4001"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.2:2379,https://127.0.0.1:2379"

##### -max-snapshots
## Maximum number of snapshot files to retain (0 is unlimited)
## default: 5
# ETCD_MAX_SNAPSHOTS="5"

##### -max-wals
## Maximum number of wal files to retain (0 is unlimited)
## default: 5
# ETCD_MAX_WALS="5"

##### -cors
## Comma-separated whitelist of origins for CORS (cross-origin resource sharing).
## default: none
# ETCD_CORS

### Clustering Flags
## For an explanation of the various ways to do cluster setup, see:
## /usr/share/doc/etcd/Documentation/clustering.md.gz
##
## The command line parameters starting with -initial-cluster will be
## ignored on subsequent runs of etcd as they are used only during initial
## bootstrap process.

##### -initial-advertise-peer-urls
## List of this member's peer URLs to advertise to the rest of the cluster.
## These addresses are used for communicating etcd data around the cluster.
## At least one must be routable to all cluster members.
## These URLs can contain domain names.
## example: "http://example.com:2380, http://10.0.0.1:2380"
## default: "http://localhost:2380,http://localhost:7001"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.2:2380"

##### -initial-cluster
## initial cluster configuration for bootstrapping.
## The key is the value of the `-name` flag for each node provided.
## The default uses `default` for the key because this is the default for the `-name` flag.
## default: "default=http://localhost:2380,default=http://localhost:7001"
ETCD_INITIAL_CLUSTER="node1=https://192.168.1.2:2380,node3=https://192.168.1.11:2380"

##### -initial-cluster-state
## Initial cluster state ("new" or "existing"). Set to `new` for all members
## present during initial static or DNS bootstrapping. If this option is set to
## `existing`, etcd will attempt to join the existing cluster. If the wrong
## value is set, etcd will attempt to start but fail safely.
## default: "new"
# ETCD_INITIAL_CLUSTER_STATE="existing"

##### -initial-cluster-token
## Initial cluster token for the etcd cluster during bootstrap.
## If you are spinning up multiple clusters (or creating and destroying a
## single cluster) with same configuration for testing purpose, it is highly
## recommended that you specify a unique initial-cluster-token for the
## different clusters.
## default: "etcd-cluster"
# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"

##### -advertise-client-urls
## List of this member's client URLs to advertise to the rest of the cluster.
## These URLs can contain domain names.
## example: "http://example.com:2379, http://10.0.0.1:2379"
## Be careful if you are advertising URLs such as http://localhost:2379 from a
## cluster member and are using the proxy feature of etcd. This will cause loops,
## because the proxy will be forwarding requests to itself until its resources
## (memory, file descriptors) are eventually depleted.
## default: "http://localhost:2379,http://localhost:4001"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.2:2379"

##### -discovery
## Discovery URL used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY

##### -discovery-srv
## DNS srv domain used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY_SRV

##### -discovery-fallback
## Expected behavior ("exit" or "proxy") when discovery services fails.
## default: "proxy"
# ETCD_DISCOVERY_FALLBACK="proxy"

##### -discovery-proxy
## HTTP proxy to use for traffic to discovery service.
## default: none
# ETCD_DISCOVERY_PROXY

### Proxy Flags

##### -proxy
## Proxy mode setting ("off", "readonly" or "on").
## default: "off"
# ETCD_PROXY="on"

##### -proxy-failure-wait
## Time (in milliseconds) an endpoint will be held in a failed state before being
## reconsidered for proxied requests.
## default: 5000
# ETCD_PROXY_FAILURE_WAIT="5000"

##### -proxy-refresh-interval
## Time (in milliseconds) of the endpoints refresh interval.
## default: 30000
# ETCD_PROXY_REFRESH_INTERVAL="30000"

##### -proxy-dial-timeout
## Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
## default: 1000
# ETCD_PROXY_DIAL_TIMEOUT="1000"

##### -proxy-write-timeout
## Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
## default: 5000
# ETCD_PROXY_WRITE_TIMEOUT="5000"

##### -proxy-read-timeout
## Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
## Don't change this value if you use watches because they are using long polling requests.
## default: 0
# ETCD_PROXY_READ_TIMEOUT="0"

### Security Flags

##### -ca-file [DEPRECATED]
## Path to the client server TLS CA file.
## default: none
# ETCD_CA_FILE=""

##### -cert-file
## Path to the client server TLS cert file.
## default: none
ETCD_CERT_FILE="/etc/ssl/certs/node1-etcd.crt"

##### -key-file
## Path to the client server TLS key file.
## default: none
ETCD_KEY_FILE="/etc/ssl/private/node1-etcd.key"

##### -client-cert-auth
## Enable client cert authentication.
## default: false
# ETCD_CLIENT_CERT_AUTH

##### -trusted-ca-file
## Path to the client server TLS trusted CA key file.
## default: none
# ETCD_TRUSTED_CA_FILE

##### -peer-ca-file [DEPRECATED]
## Path to the peer server TLS CA file. `-peer-ca-file ca.crt` could be replaced
## by `-peer-trusted-ca-file ca.crt -peer-client-cert-auth` and etcd will perform the same.
## default: none
# ETCD_PEER_CA_FILE

##### -peer-cert-file
## Path to the peer server TLS cert file.
## default: none
ETCD_PEER_CERT_FILE="/etc/ssl/certs/node1-etcd.crt"

##### -peer-key-file
## Path to the peer server TLS key file.
## default: none
ETCD_PEER_KEY_FILE="/etc/ssl/certs/node1-etcd.key"

##### -peer-client-cert-auth
## Enable peer client cert authentication.
## default: false
ETCD_PEER_CLIENT_CERT_AUTH

##### -peer-trusted-ca-file
## Path to the peer server TLS trusted CA file.
## default: none
ETCD_PEER_TRUSTED_CA_FILE="/usr/share/ca-certificates/extra/Dm3Ch-rootCA.crt"

### Logging Flags
##### -debug
## Drop the default log level to DEBUG for all subpackages.
## default: false (INFO for all packages)
# ETCD_DEBUG

##### -log-package-levels
## Set individual etcd subpackages to specific log levels.
## An example being `etcdserver=WARNING,security=DEBUG`
## default: none (INFO for all packages)
# ETCD_LOG_PACKAGE_LEVELS


#### Daemon parameters:
# DAEMON_ARGS=""

Конфигурация второй машины:

## etcd(1) daemon options
## See "/usr/share/doc/etcd/Documentation/configuration.md.gz".

### Member Flags

##### -name
## Human-readable name for this member.
## default: host name returned by `hostname`.
## This value is referenced as this node's own entries listed in the `-initial-cluster`
## flag (Ex: `default=http://localhost:2380` or `default=http://localhost:2380,default=http://localhost:7001`).
## This needs to match the key used in the flag if you're using [static boostrapping](clustering.md#static).
ETCD_NAME="node3"

##### -data-dir
## Path to the data directory.
# ETCD_DATA_DIR="/var/lib/etcd"

##### -wal-dir
## Path to the dedicated wal directory. If this flag is set, etcd will write the
## WAL files to the walDir rather than the dataDir. This allows a dedicated disk
## to be used, and helps avoid io competition between logging and other IO operations.
## default: ""
# ETCD_WAL_DIR

##### -snapshot-count
## Number of committed transactions to trigger a snapshot to disk.
## default: "10000"
# ETCD_SNAPSHOT_COUNT="10000"

##### -heartbeat-interval
## Time (in milliseconds) of a heartbeat interval.
## default: "100"
# ETCD_HEARTBEAT_INTERVAL="100"

##### -election-timeout
## Time (in milliseconds) for an election to timeout.
## See /usr/share/doc/etcd/Documentation/tuning.md
## default: "1000"
# ETCD_ELECTION_TIMEOUT="1000"

##### -listen-peer-urls
## List of URLs to listen on for peer traffic. This flag tells the etcd to accept
## incoming requests from its peers on the specified scheme://IP:port combinations.
## Scheme can be either http or https. If 0.0.0.0 is specified as the IP, etcd
## listens to the given port on all interfaces. If an IP address is given as
## well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen on.
## The etcd will respond to requests from any of the listed addresses and ports.
## example: "http://10.0.0.1:2380"
## invalid example: "http://example.com:2380" (domain name is invalid for binding)
## default: "http://localhost:2380,http://localhost:7001"
ETCD_LISTEN_PEER_URLS="https://192.168.1.11:2380"

##### -listen-client-urls
## List of URLs to listen on for client traffic. This flag tells the etcd to accept
## incoming requests from the clients on the specified scheme://IP:port combinations.
## Scheme can be either http or https. If 0.0.0.0 is specified as the IP, etcd
## listens to the given port on all interfaces. If an IP address is given as
## well as a port, etcd will listen on the given port and interface.
## Multiple URLs may be used to specify a number of addresses and ports to listen on.
## The etcd will respond to requests from any of the listed addresses and ports.
## (ADVERTISE_CLIENT_URLS is required when LISTEN_CLIENT_URLS is set explicitly).
## example: "http://10.0.0.1:2379"
## invalid example: "http://example.com:2379" (domain name is invalid for binding)
## default: "http://localhost:2379,http://localhost:4001"
ETCD_LISTEN_CLIENT_URLS="https://192.168.1.11:2379,https://127.0.0.1:2379"

##### -max-snapshots
## Maximum number of snapshot files to retain (0 is unlimited)
## default: 5
# ETCD_MAX_SNAPSHOTS="5"

##### -max-wals
## Maximum number of wal files to retain (0 is unlimited)
## default: 5
# ETCD_MAX_WALS="5"

##### -cors
## Comma-separated whitelist of origins for CORS (cross-origin resource sharing).
## default: none
# ETCD_CORS

### Clustering Flags
## For an explanation of the various ways to do cluster setup, see:
## /usr/share/doc/etcd/Documentation/clustering.md.gz
##
## The command line parameters starting with -initial-cluster will be
## ignored on subsequent runs of etcd as they are used only during initial
## bootstrap process.

##### -initial-advertise-peer-urls
## List of this member's peer URLs to advertise to the rest of the cluster.
## These addresses are used for communicating etcd data around the cluster.
## At least one must be routable to all cluster members.
## These URLs can contain domain names.
## example: "http://example.com:2380, http://10.0.0.1:2380"
## default: "http://localhost:2380,http://localhost:7001"
ETCD_INITIAL_ADVERTISE_PEER_URLS="https://192.168.1.11:2380"

##### -initial-cluster
## initial cluster configuration for bootstrapping.
## The key is the value of the `-name` flag for each node provided.
## The default uses `default` for the key because this is the default for the `-name` flag.
## default: "default=http://localhost:2380,default=http://localhost:7001"
ETCD_INITIAL_CLUSTER="node1=https://192.168.1.2:2380,node3=https://192.168.1.11:2380"

##### -initial-cluster-state
## Initial cluster state ("new" or "existing"). Set to `new` for all members
## present during initial static or DNS bootstrapping. If this option is set to
## `existing`, etcd will attempt to join the existing cluster. If the wrong
## value is set, etcd will attempt to start but fail safely.
## default: "new"
# ETCD_INITIAL_CLUSTER_STATE="existing"

##### -initial-cluster-token
## Initial cluster token for the etcd cluster during bootstrap.
## If you are spinning up multiple clusters (or creating and destroying a
## single cluster) with same configuration for testing purpose, it is highly
## recommended that you specify a unique initial-cluster-token for the
## different clusters.
## default: "etcd-cluster"
# ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"

##### -advertise-client-urls
## List of this member's client URLs to advertise to the rest of the cluster.
## These URLs can contain domain names.
## example: "http://example.com:2379, http://10.0.0.1:2379"
## Be careful if you are advertising URLs such as http://localhost:2379 from a
## cluster member and are using the proxy feature of etcd. This will cause loops,
## because the proxy will be forwarding requests to itself until its resources
## (memory, file descriptors) are eventually depleted.
## default: "http://localhost:2379,http://localhost:4001"
ETCD_ADVERTISE_CLIENT_URLS="https://192.168.1.11:2379"

##### -discovery
## Discovery URL used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY

##### -discovery-srv
## DNS srv domain used to bootstrap the cluster.
## default: none
# ETCD_DISCOVERY_SRV

##### -discovery-fallback
## Expected behavior ("exit" or "proxy") when discovery services fails.
## default: "proxy"
# ETCD_DISCOVERY_FALLBACK="proxy"

##### -discovery-proxy
## HTTP proxy to use for traffic to discovery service.
## default: none
# ETCD_DISCOVERY_PROXY

### Proxy Flags

##### -proxy
## Proxy mode setting ("off", "readonly" or "on").
## default: "off"
# ETCD_PROXY="on"

##### -proxy-failure-wait
## Time (in milliseconds) an endpoint will be held in a failed state before being
## reconsidered for proxied requests.
## default: 5000
# ETCD_PROXY_FAILURE_WAIT="5000"

##### -proxy-refresh-interval
## Time (in milliseconds) of the endpoints refresh interval.
## default: 30000
# ETCD_PROXY_REFRESH_INTERVAL="30000"

##### -proxy-dial-timeout
## Time (in milliseconds) for a dial to timeout or 0 to disable the timeout
## default: 1000
# ETCD_PROXY_DIAL_TIMEOUT="1000"

##### -proxy-write-timeout
## Time (in milliseconds) for a write to timeout or 0 to disable the timeout.
## default: 5000
# ETCD_PROXY_WRITE_TIMEOUT="5000"

##### -proxy-read-timeout
## Time (in milliseconds) for a read to timeout or 0 to disable the timeout.
## Don't change this value if you use watches because they are using long polling requests.
## default: 0
# ETCD_PROXY_READ_TIMEOUT="0"

### Security Flags

##### -ca-file [DEPRECATED]
## Path to the client server TLS CA file.
## default: none
# ETCD_CA_FILE=""

##### -cert-file
## Path to the client server TLS cert file.
## default: none
ETCD_CERT_FILE="/etc/ssl/certs/node3-etcd.crt"

##### -key-file
## Path to the client server TLS key file.
## default: none
ETCD_KEY_FILE="/etc/ssl/private/node3-etcd.key"

##### -client-cert-auth
## Enable client cert authentication.
## default: false
# ETCD_CLIENT_CERT_AUTH

##### -trusted-ca-file
## Path to the client server TLS trusted CA key file.
## default: none
# ETCD_TRUSTED_CA_FILE

##### -peer-ca-file [DEPRECATED]
## Path to the peer server TLS CA file. `-peer-ca-file ca.crt` could be replaced
## by `-peer-trusted-ca-file ca.crt -peer-client-cert-auth` and etcd will perform the same.
## default: none
# ETCD_PEER_CA_FILE

##### -peer-cert-file
## Path to the peer server TLS cert file.
## default: none
ETCD_PEER_CERT_FILE="/etc/ssl/certs/node3-etcd.crt"

##### -peer-key-file
## Path to the peer server TLS key file.
## default: none
ETCD_PEER_KEY_FILE="/etc/ssl/private/node3-etcd.key"

##### -peer-client-cert-auth
## Enable peer client cert authentication.
## default: false
ETCD_PEER_CLIENT_CERT_AUTH

##### -peer-trusted-ca-file
## Path to the peer server TLS trusted CA file.
## default: none
ETCD_PEER_TRUSTED_CA_FILE="/usr/share/ca-certificates/extra/Dm3Ch-rootCA.crt"

### Logging Flags
##### -debug
## Drop the default log level to DEBUG for all subpackages.
## default: false (INFO for all packages)
# ETCD_DEBUG

##### -log-package-levels
## Set individual etcd subpackages to specific log levels.
## An example being `etcdserver=WARNING,security=DEBUG`
## default: none (INFO for all packages)
# ETCD_LOG_PACKAGE_LEVELS


#### Daemon parameters:
# DAEMON_ARGS=""

Есть ли способ решить эту проблему?