https://github.com/etcd-io/etcd/tree/master/etcdctl/ # etcdctl --help
NAME:
etcdctl - A simple command line client for etcd3.
USAGE:
etcdctl
VERSION:
3.2.24
API VERSION:
3.2
COMMANDS:
get Gets the key or a range of keys
put Puts the given key into the store
del Removes the specified key or range of keys [key, range_end)
txn Txn processes all the requests in one transaction
compaction Compacts the event history in etcd
alarm disarm Disarms all alarms
alarm list Lists all alarms
defrag Defragments the storage of the etcd members with given endpoints
endpoint health Checks the healthiness of endpoints specified in `--endpoints` flag
endpoint status Prints out the status of endpoints specified in `--endpoints` flag
watch Watches events stream on keys or prefixes
version Prints the version of etcdctl
lease grant Creates leases
lease revoke Revokes leases
lease timetolive Get lease information
lease keep-alive Keeps leases alive (renew)
member add Adds a member into the cluster
member remove Removes a member from the cluster
member update Updates a member in the cluster
member list Lists all members in the cluster
snapshot save Stores an etcd node backend snapshot to a given file
snapshot restore Restores an etcd member snapshot to an etcd directory
snapshot status Gets backend snapshot status of a given file
make-mirror Makes a mirror at the destination etcd cluster
migrate Migrates keys in a v2 store to a mvcc store
lock Acquires a named lock
elect Observes and participates in leader election
auth enable Enables authentication
auth disable Disables authentication
user add Adds a new user
user delete Deletes a user
user get Gets detailed information of a user
user list Lists all users
user passwd Changes password of user
user grant-role Grants a role to a user
user revoke-role Revokes a role from a user
role add Adds a new role
role delete Deletes a role
role get Gets detailed information of a role
role list Lists all roles
role grant-permission Grants a key to a role
role revoke-permission Revokes a key from a role
check perf Check the performance of the etcd cluster
help Help about any command
OPTIONS:
--cacert="" verify certificates of TLS-enabled secure servers using this CA bundle
--cert="" identify secure client using this TLS certificate file
--command-timeout=5s timeout for short running command (excluding dial timeout)
--debug[=false] enable client-side debug logging
--dial-timeout=2s dial timeout for client connections
--endpoints=[127.0.0.1:2379] gRPC endpoints
--hex[=false] print byte strings as hex encoded strings
--insecure-skip-tls-verify[=false] skip server certificate verification
--insecure-transport[=true] disable transport security for client connections
--key="" identify secure client using this TLS key file
--user="" username[:password] for authentication (prompt if password is not supplied)
-w, --write-out="simple" set the output format (fields, json, protobuf, simple, table)export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --write-out=table --endpoints=$ENDPOINTS endpoint status
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --write-out=table --endpoints=$ENDPOINTS member list
MEMBER_ID=fa6333c794b010d8
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --endpoints=$ENDPOINTS member remove ${MEMBER_ID}export HOST_1=192.168.5.41
export HOST_2=192.168.5.45
export HOST_3=192.168.5.46
export NAME_1=etcd1
export NAME_2=etcd2
export NAME_3=etcd3
etcdctl --endpoints=${HOST_1}:2379,${HOST_2}:2379 member add ${NAME_3} --peer-urls=http://${HOST_3}:2380
export TOKEN=etcd-cluster-3
export ADVERTISE_PRRE_URLS=https:$HOST_3:2380export NAME=etcd3
export CLINE_URLS="https://192.168.5.46:2379,https://192.168.5.46:4001"
export CLUSTER=$NAME_1="https:$HOST_1:2380,https://$HOST_1:4001",$NAME_2="https:$HOST_2:2380,https://$HOST_2:4001"
export ADVERTISE_PRRE_URLS=https:$HOST_3:2380
#/usr/local/bin/etcd
--peer-client-cert-auth
--client-cert-auth
--data-dir=/var/lib/rancher/etcd/
--advertise-client-urls=$CLINE_URLS
--key-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46-key.pem
--peer-cert-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46.pem
--peer-key-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46-key.pem
--election-timeout=5000
--name=$NAME
--listen-peer-urls=https://0.0.0.0:2380
--initial-cluster=$CLUSTER
--initial-cluster-state=existing
--initial-cluster-token=$TOKEN
--listen-client-urls=https://0.0.0.0:2379
--heartbeat-interval=500
--initial-advertise-peer-urls=$ADVERTISE_PRRE_URLS
--trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem
--peer-trusted-ca-file=/etc/kubernetes/ssl/kube-ca.pem
--cert-file=/etc/kubernetes/ssl/kube-etcd-192-168-5-46.pemexport ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
etcdctl --endpoints=$ENDPOINTS --prefix --keys-only=true get /export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
~ # etcdctl --endpoints=$ENDPOINTS get /testkey
/testkey
hello world~ # etcdctl --endpoints=$ENDPOINTS put /testkey_1 "test_1"
OK~ # etcdctl --endpoints=$ENDPOINTS del /testkey_1
1
~ # etcdctl --endpoints=$ENDPOINTS get /testkey_1
~ # ~ # etcdctl --endpoints=$ENDPOINTS watch /testkey
PUT
/testkey
1234对testkey进行put操作
etcdctl --endpoints="https://192.168.5.46:2379,https://192.168.5.41:2379,https://192.168.5.45:2379" put /testkey "1234"# etcd is not running
etcdctl defrag --data-dir default.etcd# etcd is running
etcdctl --endpoints=$ENDPOINTS defrag
export ENDPOINTS="192.168.5.41:2379,192.168.5.45:2379,192.168.5.46:2379"
Finished defragmenting etcd member[192.168.5.41:2379]
Finished defragmenting etcd member[192.168.5.45:2379]
Finished defragmenting etcd member[192.168.5.46:2379]保存备份当前集群etcd的信息,用于新的etcd集群
~ # etcdctl snapshot save snapshot.db
Snapshot saved at snapshot.db
~ # ls
snapshot.db
~ #etcdctl snapshot save snapshot.db
# restore members
bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:12380 --name sshot1 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:22380 --name sshot2 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
bin/etcdctl snapshot restore snapshot.db --initial-cluster-token etcd-cluster-1 --initial-advertise-peer-urls http://127.0.0.1:32380 --name sshot3 --initial-cluster 'sshot1=http://127.0.0.1:12380,sshot2=http://127.0.0.1:22380,sshot3=http://127.0.0.1:32380'
# launch members
bin/etcd --name sshot1 --listen-client-urls http://127.0.0.1:2379 --advertise-client-urls http://127.0.0.1:2379 --listen-peer-urls http://127.0.0.1:12380 &
bin/etcd --name sshot2 --listen-client-urls http://127.0.0.1:22379 --advertise-client-urls http://127.0.0.1:22379 --listen-peer-urls http://127.0.0.1:22380 &
bin/etcd --name sshot3 --listen-client-urls http://127.0.0.1:32379 --advertise-client-urls http://127.0.0.1:32379 --listen-peer-urls http://127.0.0.1:32380 &~ # etcdctl snapshot status snapshot.db
8b62e307, 3315546, 2490, 3.6 MB
~ # etcdctl snapshot status snapshot.db -w table
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| 8b62e307 | 3315546 | 2490 | 3.6 MB |
+----------+----------+------------+------------+
~ # ~ # etcdctl endpoint --cluster=true status -w table
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://192.168.5.46:2379 | 1995057e7efbae9f | 3.3.10 | 4.9 MB | false | 49661 | 3871036 |
| https://192.168.5.45:2379 | 8a5c1e9f00bb66a5 | 3.3.10 | 4.9 MB | true | 49661 | 3871053 |
| https://192.168.5.41:2379 | d6414a7c7c550d29 | 3.3.10 | 4.9 MB | false | 49661 | 3871074 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+~ # etcdctl --endpoints 192.168.5.45:2379 move-leader d6414a7c7c550d29
Leadership transferred from 8a5c1e9f00bb66a5 to d6414a7c7c550d29~ # etcdctl endpoint --cluster=true status -w table
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://192.168.5.46:2379 | 1995057e7efbae9f | 3.3.10 | 5.3 MB | false | 49662 | 3871620 |
| https://192.168.5.45:2379 | 8a5c1e9f00bb66a5 | 3.3.10 | 5.3 MB | false | 49662 | 3871641 |
| https://192.168.5.41:2379 | d6414a7c7c550d29 | 3.3.10 | 5.3 MB | true | 49662 | 3871657 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
~ # etcdctl user add rootetcdctl user add zhangjxetcdctl role add role1etcdctl user grant-role zhangjx role1etcdctl role grant-permission role1 read /testkeyetcdctl --endpoints=$ENDPOINTS auth enable#etcdctl put /testkey "1111" --user="zhangjx:111111"
Error: etcdserver: permission denied
# etcdctl get /testkey --user="zhangjx:111111"
/testkey
111111 原文:https://www.cnblogs.com/zhangjxblog/p/12168339.html