• etcd数据备份与恢复验证


    目录

    正文

    一、单机

    说明:执行etcd备份数据的恢复的机器必须和原先etcd所在机器一致

    1、单机备份

    1 etcdctl --endpoints="https://10.25.72.62:2379" 
    2 --cert=/etc/etcd/ssl/etcd.pem 
    3 --key=/etc/etcd/ssl/etcd-key.pem 
    4 --cacert=/etc/kubernetes/ssl/ca.pem 
    5 snapshot save snapshot.db

    2、单机数据恢复

    复制代码
     1 [root@SZD-L0105331 ~]# systemctl stop etcd   # 停止etcd服务
     2 [root@SZD-L0105331 ~]# export ETCDCTL_API=3; # 使用ETCDCTL API 3
     3 [root@SZD-L0105331 ~]# etcdctl  snapshot restore snapshot.db 
     4         --name=SZD-L0105331 
     5         --endpoints=https://10.25.72.62:2379 
     6         --cacert=/etc/kubernetes/ssl/ca.pem 
     7         --cert=/etc/etcd/ssl/etcd.pem 
     8         --key=/etc/etcd/ssl/etcd-key.pem  
     9         --initial-cluster=SZD-L0105331=https://10.25.72.62:2380  
    10         --initial-advertise-peer-urls=https://10.25.72.62:2380 
    11         --initial-cluster-token=etcd-cluster-0 
    12         --data-dir=/var/lib/etcd4   # 注意--data-dir参数,以下步骤需要使用
    13 
    14 [root@SZD-L0105331 ~]# # 修改etcd启动参数--data-dir指向上一步的数据回复目录,一般在/etc/etcd/etcd文件中
    15 
    16 [root@SZD-L0105331 ~]# cat /etc/etcd/etcd  # 完整参数文件如下
    17 ETCD_OPTIONS="--name=SZD-L0105331 
    18    --client-cert-auth=true 
    19    --cert-file=/etc/etcd/ssl/etcd.pem 
    20    --key-file=/etc/etcd/ssl/etcd-key.pem 
    21    --peer-cert-file=/etc/etcd/ssl/etcd.pem 
    22    --peer-key-file=/etc/etcd/ssl/etcd-key.pem 
    23    --trusted-ca-file=/etc/kubernetes/ssl/ca.pem 
    24    --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem 
    25    --initial-advertise-peer-urls=https://10.25.72.62:2380 
    26    --listen-peer-urls=https://10.25.72.62:2380 
    27    --listen-client-urls=https://10.25.72.62:2379,https://127.0.0.1:2379 
    28    --advertise-client-urls=https://10.25.72.62:2379 
    29    --initial-cluster-token=etcd-cluster-0 
    30    --initial-cluster=SZD-L0105331=https://10.25.72.62:2380 
    31    --initial-cluster-state=new 
    32    --data-dir=/var/lib/etcd"
    33 
    34 [root@SZD-L0105331 ~]# systemctl start etcd # 启动etcd服务
    复制代码

    二、集群

    1、模拟写入数据到Etcd集群

    复制代码
     1 # 使用API 3写入数据库
     2 [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem put /name/1 zxg
     3 # 读取数据
     4 [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem get  /name/1
     5 2018-08-16 20:47:13.017586 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
     6 /name/1
     7 zxg
     8 
     9 # 使用API 2写入数据库
    10 [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=2 etcdctl --cert-file /root/etcd-cluster/etcd.pem --ca-file /root/etcd-cluster/ca.pem --key-file /root/etcd-cluster/etcd-key.pem --endpoints="https://10.25.73.25:2379,https://10.25.73.150:2379,https://10.25.84.251:2379" set /name1 zxg1
    11 2018-08-16 18:27:35.060559 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
    12 zxg1
    13 # 读取数据
    14 [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=2 etcdctl --cert-file /root/etcd-cluster/etcd.pem --ca-file /root/etcd-cluster/ca.pem --key-file /root/etcd-cluster/etcd-key.pem --endpoints="https://10.25.73.25:2379,https://10.25.73.150:2379,https://10.25.84.251:2379" get /name1
    15 2018-08-16 18:27:47.884908 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
    16 zxg1
    复制代码

    2、备份etcd数据

    1 [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem  snapshot save mysnapshot.db
    2 2018-08-16 20:50:47.206334 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
    3 Snapshot saved at mysnapshot.db

    3、停止etcd集群

    停止方法:分别在3台etcd的宿主机上执行以下命令停止etcd服务
    systemctl stop etcd

    停掉Leader 10.25.73.25, 查看集群状况,重新选举出了leader,集群可正常使用

    复制代码
    1 [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem  endpoint status --write-out=table
    2 2018-08-16 18:31:50.686352 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
    3 Failed to get the status of endpoint https://10.25.73.25:2379 (context deadline exceeded)
    4 +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    5 |         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
    6 +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    7 | https://10.25.84.251:2379 | 2a53eb67dfa37cc0 | 3.1.10  | 25 kB   | false     |        14 |         19 |
    8 | https://10.25.73.150:2379 | c267a0ca02c6bff7 | 3.1.10  | 25 kB   | true      |        14 |         19 |
    9 +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    复制代码

    停掉10.25.73.150,查看集群状况,集群已经无法正常使用,说明3节点的Etcd容错为1

    复制代码
     1 [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem  endpoint status --write-out=table
     2 2018-08-16 18:33:44.526382 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
     3 Failed to get the status of endpoint https://10.25.73.25:2379 (context deadline exceeded)
     4 Failed to get the status of endpoint https://10.25.73.150:2379 (context deadline exceeded)
     5 +---------------------------+------------------+---------+---------+-----------+-----------+------------+
     6 |         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
     7 +---------------------------+------------------+---------+---------+-----------+-----------+------------+
     8 | https://10.25.84.251:2379 | 2a53eb67dfa37cc0 | 3.1.10  | 25 kB   | false     |        14 |         19 |
     9 +---------------------------+------------------+---------+---------+-----------+-----------+------------+
    复制代码

    删除etcd数据,方法:登录etcd所在主机执行:(注意:危险操作,请谨慎操作,确保在有数据备份并且确定Etcd集群无法正常工作后操作)
    rm -rf /var/lib/etcd

    4、使用备份数据进行恢复

    恢复10.25.84.251节点数据到/var/lib/etcd
    [root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0097856 --endpoints="https://10.25.84.251:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.84.251:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
    2018-08-16 19:52:33.409406 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
    2018-08-16 19:52:33.409481 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
    2018-08-16 19:52:33.409499 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
    [root@SZD-L0097856 etcd-cluster]#
    恢复10.25.73.25节点数据到/var/lib/etcd
    [root@SZD-L0101798 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0101798 --endpoints="https://10.25.73.25:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.73.25:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
    2018-08-16 19:55:30.735518 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
    2018-08-16 19:55:30.735601 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
    2018-08-16 19:55:30.735617 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
    [root@SZD-L0101798 etcd-cluster]#
    恢复10.25.73.150节点数据到/var/lib/etcd
    [root@SZD-L0103739 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0103739 --endpoints="https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.73.150:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
    2018-08-16 19:58:21.892719 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
    2018-08-16 19:58:21.892796 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
    2018-08-16 19:58:21.892812 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
    [root@SZD-L0103739 etcd-cluster]#

    5、启动Etcd服务

    分别在etcd所在主机执行如下命令:
    systemctl start etcd

    6、验证数据完整性

    经过验证,使用ETCDCTL_API=2 存放的数据会丢失,使用ETCDCTL_API=3存放的数据能正常恢复
    附录:
    查询etcd API3的键
    [root@SZD-L0101798 ~]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem get / --prefix --keys-only
    2018-08-16 20:38:06.954368 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
    /name/1

    /name/2

    /name/3

    /name/4

     
  • 相关阅读:
    关于 iOS 证书,你必须了解的知识
    Spark踩坑记:共享变量
    Python 操作 MySQL 的正确姿势
    【黑客浅析】像黑客一样思考
    利用 Flask+Redis 维护 IP 代理池
    程序员的江湖:从黑木崖到回龙观
    [NM 状态机1] Application状态机详解
    Hadoop 2.0 编译问题小结
    Yarn上的几个问题整理
    Yarn中如何生成状态机图
  • 原文地址:https://www.cnblogs.com/Python-K8S/p/14270674.html
Copyright © 2020-2023  润新知