go.etcd.io/etcd@v3.3.27+incompatible/Documentation/platforms/container-linux-systemd.md (about) 1 --- 2 title: Container Linux with systemd 3 --- 4 5 The following guide shows how to run etcd with [systemd][systemd-docs] under [Container Linux][container-linux-docs]. 6 7 ## Provisioning an etcd cluster 8 9 Cluster bootstrapping in Container Linux is simplest with [Ignition][container-linux-ignition]; `coreos-metadata.service` dynamically fetches the machine's IP for discovery. Note that etcd's discovery service protocol is only meant for bootstrapping, and cannot be used with runtime reconfiguration or cluster monitoring. 10 11 The [Container Linux Config Transpiler][container-linux-ct] compiles etcd configuration files into Ignition configuration files: 12 13 ```yaml container-linux-config:norender 14 etcd: 15 version: 3.2.0 16 name: s1 17 data_dir: /var/lib/etcd 18 advertise_client_urls: http://{PUBLIC_IPV4}:2379 19 initial_advertise_peer_urls: http://{PRIVATE_IPV4}:2380 20 listen_client_urls: http://0.0.0.0:2379 21 listen_peer_urls: http://{PRIVATE_IPV4}:2380 22 discovery: https://discovery.etcd.io/<token> 23 ``` 24 25 `ct` would produce the following Ignition Config: 26 27 ``` 28 $ ct --platform=gce --in-file /tmp/ct-etcd.cnf 29 {"ignition":{"version":"2.0.0","config"... 30 ``` 31 32 ```json ignition-config 33 { 34 "ignition":{"version":"2.0.0","config":{}}, 35 "storage":{}, 36 "systemd":{ 37 "units":[{ 38 "name":"etcd-member.service", 39 "enable":true, 40 "dropins":[{ 41 "name":"20-clct-etcd-member.conf", 42 "contents":"[Unit]\nRequires=coreos-metadata.service\nAfter=coreos-metadata.service\n\n[Service]\nEnvironmentFile=/run/metadata/coreos\nEnvironment=\"ETCD_IMAGE_TAG=v3.1.8\"\nExecStart=\nExecStart=/usr/lib/coreos/etcd-wrapper $ETCD_OPTS \\\n --name=\"s1\" \\\n --data-dir=\"/var/lib/etcd\" \\\n --listen-peer-urls=\"http://${COREOS_GCE_IP_LOCAL_0}:2380\" \\\n --listen-client-urls=\"http://0.0.0.0:2379\" \\\n --initial-advertise-peer-urls=\"http://${COREOS_GCE_IP_LOCAL_0}:2380\" \\\n --advertise-client-urls=\"http://${COREOS_GCE_IP_EXTERNAL_0}:2379\" \\\n --discovery=\"https://discovery.etcd.io/\u003ctoken\u003e\""}]}]}, 43 "networkd":{}, 44 "passwd":{}} 45 ``` 46 47 To avoid accidental misconfiguration, the transpiler helpfully verifies etcd configurations when generating Ignition files: 48 49 ```yaml container-linux-config:norender 50 etcd: 51 version: 3.2.0 52 name: s1 53 data_dir_x: /var/lib/etcd 54 advertise_client_urls: http://{PUBLIC_IPV4}:2379 55 initial_advertise_peer_urls: http://{PRIVATE_IPV4}:2380 56 listen_client_urls: http://0.0.0.0:2379 57 listen_peer_urls: http://{PRIVATE_IPV4}:2380 58 discovery: https://discovery.etcd.io/<token> 59 ``` 60 61 ``` 62 $ ct --platform=gce --in-file /tmp/ct-etcd.cnf 63 warning at line 3, column 2 64 Config has unrecognized key: data_dir_x 65 ``` 66 67 See [Container Linux Provisioning][container-linux-provision] for more details. 68 69 ## etcd 3.x service 70 71 [Container Linux][container-linux-docs] does not include etcd 3.x binaries by default. Different versions of etcd 3.x can be fetched via `etcd-member.service`. 72 73 Confirm unit file exists: 74 75 ``` 76 systemctl cat etcd-member.service 77 ``` 78 79 Check if the etcd service is running: 80 81 ``` 82 systemctl status etcd-member.service 83 ``` 84 85 Example systemd drop-in unit to override the default service settings: 86 87 ```bash 88 cat > /tmp/20-cl-etcd-member.conf <<EOF 89 [Service] 90 Environment="ETCD_IMAGE_TAG=v3.2.0" 91 Environment="ETCD_DATA_DIR=/var/lib/etcd" 92 Environment="ETCD_SSL_DIR=/etc/ssl/certs" 93 Environment="ETCD_OPTS=--name s1 \ 94 --listen-client-urls https://10.240.0.1:2379 \ 95 --advertise-client-urls https://10.240.0.1:2379 \ 96 --listen-peer-urls https://10.240.0.1:2380 \ 97 --initial-advertise-peer-urls https://10.240.0.1:2380 \ 98 --initial-cluster s1=https://10.240.0.1:2380,s2=https://10.240.0.2:2380,s3=https://10.240.0.3:2380 \ 99 --initial-cluster-token mytoken \ 100 --initial-cluster-state new \ 101 --client-cert-auth \ 102 --trusted-ca-file /etc/ssl/certs/etcd-root-ca.pem \ 103 --cert-file /etc/ssl/certs/s1.pem \ 104 --key-file /etc/ssl/certs/s1-key.pem \ 105 --peer-client-cert-auth \ 106 --peer-trusted-ca-file /etc/ssl/certs/etcd-root-ca.pem \ 107 --peer-cert-file /etc/ssl/certs/s1.pem \ 108 --peer-key-file /etc/ssl/certs/s1-key.pem \ 109 --auto-compaction-retention 1" 110 EOF 111 mv /tmp/20-cl-etcd-member.conf /etc/systemd/system/etcd-member.service.d/20-cl-etcd-member.conf 112 ``` 113 114 Or use a Container Linux Config: 115 116 ```yaml container-linux-config:norender 117 systemd: 118 units: 119 - name: etcd-member.service 120 dropins: 121 - name: conf1.conf 122 contents: | 123 [Service] 124 Environment="ETCD_SSL_DIR=/etc/ssl/certs" 125 126 etcd: 127 version: 3.2.0 128 name: s1 129 data_dir: /var/lib/etcd 130 listen_client_urls: https://0.0.0.0:2379 131 advertise_client_urls: https://{PUBLIC_IPV4}:2379 132 listen_peer_urls: https://{PRIVATE_IPV4}:2380 133 initial_advertise_peer_urls: https://{PRIVATE_IPV4}:2380 134 initial_cluster: s1=https://{PRIVATE_IPV4}:2380,s2=https://10.240.0.2:2380,s3=https://10.240.0.3:2380 135 initial_cluster_token: mytoken 136 initial_cluster_state: new 137 client_cert_auth: true 138 trusted_ca_file: /etc/ssl/certs/etcd-root-ca.pem 139 cert_file: /etc/ssl/certs/s1.pem 140 key_file: /etc/ssl/certs/s1-key.pem 141 peer_client_cert_auth: true 142 peer_trusted_ca_file: /etc/ssl/certs/etcd-root-ca.pem 143 peer_cert_file: /etc/ssl/certs/s1.pem 144 peer_key_file: /etc/ssl/certs/s1-key.pem 145 auto_compaction_retention: 1 146 ``` 147 148 ``` 149 $ ct --platform=gce --in-file /tmp/ct-etcd.cnf 150 {"ignition":{"version":"2.0.0","config"... 151 ``` 152 153 To see all runtime drop-in changes for system units: 154 155 ``` 156 systemd-delta --type=extended 157 ``` 158 159 To enable and start: 160 161 ``` 162 systemctl daemon-reload 163 systemctl enable --now etcd-member.service 164 ``` 165 166 To see the logs: 167 168 ``` 169 journalctl --unit etcd-member.service --lines 10 170 ``` 171 172 To stop and disable the service: 173 174 ``` 175 systemctl disable --now etcd-member.service 176 ``` 177 178 ## etcd 2.x service 179 180 [Container Linux][container-linux-docs] includes a unit file `etcd2.service` for etcd 2.x, which will be removed in the near future. See [Container Linux FAQ][container-linux-faq] for more details. 181 182 Confirm unit file is installed: 183 184 ``` 185 systemctl cat etcd2.service 186 ``` 187 188 Check if the etcd service is running: 189 190 ``` 191 systemctl status etcd2.service 192 ``` 193 194 To stop and disable: 195 196 ``` 197 systemctl disable --now etcd2.service 198 ``` 199 200 [systemd-docs]: https://github.com/systemd/systemd 201 [container-linux-docs]: https://coreos.com/os/docs/latest 202 [container-linux-faq]: https://github.com/coreos/docs/blob/master/etcd/os-faq.md 203 [container-linux-provision]: https://github.com/coreos/docs/blob/master/os/provisioning.md 204 [container-linux-ignition]: https://github.com/coreos/docs/blob/master/ignition/what-is-ignition.md 205 [container-linux-ct]: https://github.com/coreos/container-linux-config-transpiler