Step-by-Step Binary Deployment of etcd Using Ansible

The deployment process for etcd starts with downloading the binary package, preparing HTTPS certificates, and creating configuration files that include distinct node names and IP addresses.

Systemd is then used to manage the etcd service, enabling it to start automatically on boot.

First, create a working directory and sub‑folders:

mkdir ansible-etcd-cluster-deploy

cd ansible-etcd-cluster-deploy

mkdir files

mkdir tls

Inspect the newly created directories with ll to confirm they are empty.

Place the TLS material (ca‑config.json.j2, ca‑csr.json.j2, cfssl.tar.gz, generate_etcd_cert.sh, server‑csr.json.j2) into the tls folder, then create a cert sub‑directory and move the Jinja2 templates into it, renaming as needed (e.g., mv ca-config.json.j2 cert/ca-config.json).

Edit the Ansible inventory file ( hosts) to list the target etcd nodes, for example:

[etcd]

192.168.20.41

192.168.20.42

192.168.20.43

Create the Ansible playbook tls.yaml that generates the certificates, then run it with: ansible-playbook -i hosts tls.yaml After the playbook finishes, verify the generated certificates in tls/cert/ (files such as ca.pem, server.pem, server-key.pem, etc.).

Next, configure etcd itself by editing etcd.yaml and execute: ansible-playbook -i hosts etcd.yaml Finally, confirm that the etcd service is running and that the host IPs have been correctly rendered in the configuration.