etcd v3租约、续约、撤销操作大全

etcd v3租约、续约、撤销操作大全

Etcd租约即对特定的key实现时间控制处理。

本文包含了其关键操作梳理及特点分析，还不收藏等啥呢。

目录

创建租约

使用租约

租约失效

续约不成功的情形

续约及查询

撤销租约

附：所有可用的操作

---

创建租约

创建一个240秒的租约：

docker exec etcd_test etcdctl lease grant 240                           lease 5a578262b3f6f545 granted with TTL(240s)

使用租约

设置一个值/abc

docker exec etcd_test etcdctl put /abc  111  --user=root:rootOK

查看该租约已经在自动减少中：

docker exec etcd_test etcdctl lease timetolive 5a578262b3f6f545lease 5a578262b3f6f545 granted with TTL(240s), remaining(198s)

给 /abc绑定租约：

docker exec etcd_test etcdctl put --lease=5a578262b3f6f545 /abc  111 --user=root:rootOK

租约失效

查看一下/abc:

docker exec etcd_test etcdctl get /abc --user=root:root     /abc111

等到租约失效时：

docker exec etcd_test etcdctl lease timetolive 5a578262b3f6f545lease 5a578262b3f6f545 already expired

再次查看该key，发现已被删除。

也就是说，当对指定key设置租约，租约过期后如未续约则会自动删除对应的key。

续约不成功的情形

如果给已过期的租约进行续约：

docker exec etcd_test etcdctl lease keep-alive 5a57833bbf5edc50 --user=root:rootlease 5a57833bbf5edc50 expired or revoked.

会提示租约已经过期或者被撤销了，因此续约不成功。

注意，续约时不涉及专门的key，而是针对leaseID进行的操作。

续约及查询

创建一个60秒的租约，并绑定key:

docker exec etcd_test etcdctl lease grant 60lease 5a57833bbf5edc5b granted with TTL(60s)# docker exec etcd_test etcdctl put --lease=5a57833bbf5edc5b /abc  111 --user=root:rootOK

续约：

docker exec etcd_test etcdctl lease keep-alive 5a57833bbf5edc5b --user=root:rootlease 5a57833bbf5edc5b keepalived with TTL(60)lease 5a57833bbf5edc5b keepalived with TTL(60)lease 5a57833bbf5edc5b keepalived with TTL(60)……

(经过确认，每20秒打印一次）

经过调查，etcd主动给 Lease 进行续约，是以小于 TTL 的间隔来循环调用，可以想的到，如果比租期时间长，则已经过期了才续约就晚了)

每续约一次打印一次lease 5a57833bbf5edc5b keepalived with TTL(60)

快速查看租约的剩余时间：

docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(41s)# docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(40s)# docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(40s)# docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(59s)

可以看到每次到40秒时就会立即恢复为60秒。

需要指出的是，代码调用时也包含了续约单次

KeepAlive ：自动定时的续约某个租约；
KeepAliveOnce ：仅续约一次；

撤销租约

docker exec etcd_test etcdctl lease revoke 5a57833bbf5edc5b --user=root:rootlease 5a57833bbf5edc5b revoked

撤销后再次查看，已经过期：

docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc5blease 5a57833bbf5edc5b already expired

提示：在keep-alive自动续约那边中断，不能达到撤销/销毁租约的目的

！续约期间删除对应的key是什么情况？

docker exec etcd_test etcdctl del /abc --user=root:root1# docker exec etcd_test etcdctl del /abc --user=root:root0# docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(54s)# docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(52s)# docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(42s)# docker exec etcd_test etcdctl lease timetolive 5a57833bbf5edc79lease 5a57833bbf5edc79 granted with TTL(60s), remaining(59s)

可以看到，删除key后，不影响租约，租约依旧自动续期。

附：所有可用的操作

docker exec etcd etcdctl --help

或只看租约相关操作：

docker exec etcd etcdctl lease --help

NAME:etcdctl - A simple command line client for etcd3.USAGE:etcdctl [flags]VERSION:3.5.2API VERSION:3.5COMMANDS:alarm disarm            Disarms all alarmsalarm list              Lists all alarmsauth disable            Disables authenticationauth enable             Enables authenticationauth status             Returns authentication statuscheck datascale         Check the memory usage of holding data for different workloads on a given server endpoint.check perf              Check the performance of the etcd clustercompaction              Compacts the event history in etcddefrag                  Defragments the storage of the etcd members with given endpointsdel                     Removes the specified key or range of keys [key, range_end)elect                   Observes and participates in leader electionendpoint hashkv         Prints the KV history hash for each endpoint in --endpointsendpoint health         Checks the healthiness of endpoints specified in `--endpoints` flagendpoint status         Prints out the status of endpoints specified in `--endpoints` flagget                     Gets the key or a range of keyshelp                    Help about any commandlease grant             Creates leaseslease keep-alive        Keeps leases alive (renew)lease list              List all active leaseslease revoke            Revokes leaseslease timetolive        Get lease informationlock                    Acquires a named lockmake-mirror             Makes a mirror at the destination etcd clustermember add              Adds a member into the clustermember list             Lists all members in the clustermember promote          Promotes a non-voting member in the clustermember remove           Removes a member from the clustermember update           Updates a member in the clustermove-leader             Transfers leadership to another etcd cluster member.put                     Puts the given key into the storerole add                Adds a new rolerole delete             Deletes a rolerole get                Gets detailed information of a rolerole grant-permission   Grants a key to a rolerole list               Lists all rolesrole revoke-permission  Revokes a key from a rolesnapshot restore        Restores an etcd member snapshot to an etcd directorysnapshot save           Stores an etcd node backend snapshot to a given filesnapshot status         [deprecated] Gets backend snapshot status of a given filetxn                     Txn processes all the requests in one transactionuser add                Adds a new useruser delete             Deletes a useruser get                Gets detailed information of a useruser grant-role         Grants a role to a useruser list               Lists all usersuser passwd             Changes password of useruser revoke-role        Revokes a role from a userversion                 Prints the version of etcdctlwatch                   Watches events stream on keys or prefixesOPTIONS:--cacert=""                               verify certificates of TLS-enabled secure servers using this CA bundle--cert=""                                 identify secure client using this TLS certificate file--command-timeout=5s                      timeout for short running command (excluding dial timeout)--debug[=false]                           enable client-side debug logging--dial-timeout=2s                         dial timeout for client connections-d, --discovery-srv=""                        domain name to query for SRV records describing cluster endpoints--discovery-srv-name=""                   service name to query when using DNS discovery--endpoints=[127.0.0.1:2379]              gRPC endpoints-h, --help[=false]                            help for etcdctl--hex[=false]                             print byte strings as hex encoded strings--insecure-discovery[=true]               accept insecure SRV records describing cluster endpoints--insecure-skip-tls-verify[=false]        skip server certificate verification (CAUTION: this option should be enabled only for testing purposes)--insecure-transport[=true]               disable transport security for client connections--keepalive-time=2s                       keepalive time for client connections--keepalive-timeout=6s                    keepalive timeout for client connections--key=""                                  identify secure client using this TLS key file--password=""                             password for authentication (if this option is used, --user option shouldn't include password)--user=""                                 username[:password] for authentication (prompt if password is not supplied)-w, --write-out="simple"                      set the output format (fields, json, protobuf, simple, table)