• 误删除log 怎么恢复与怎么恢复误删除的kvm镜像


    记录一下log 文件被删除 怎么 恢复的操作于 kvm 虚机镜像被删除怎么恢复。

    工作中我们服务器或者应用程序都会日常的生产一些log 。就比如我们的message 的log 文件为例。 我们对系统执行启动或者生产的操作会在message 生产一线log 文件。 当我们误删除的这个log 后怎么 恢复? 

    1. 恢复的前提, 当前的log 文件时有被进程使用的。 或者进程在读写log 文件, 就像我们一些应用时时会实时的读写一些log 文件这种文件会被进程占用,此进程会运行在内存里,从内存进行恢复。 

    实例: 

    进入到log 存放位置

    [root@localhost log]# cd /var/log

    查询所有的messages 开头的log 
    [root@localhost log]# ls messages*
    messages messages-20210918

    对删除的log 做备份    

    [root@localhost log]# cp messages messages-backup

    [root@localhost log]# diff messages messages-backup
    查询log 信息
    [root@localhost log]# head -n 10 messages
    Sep 18 03:40:01 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="678" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
    Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPREQUEST(virbr0) 192.168.122.17 52:54:00:2a:01:89
    Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPACK(virbr0) 192.168.122.17 52:54:00:2a:01:89
    Sep 18 03:51:11 localhost dhclient[1656]: DHCPREQUEST on ens33 to 192.168.233.254 port 67 (xid=0x742ad28b)
    Sep 18 03:51:11 localhost dhclient[1656]: DHCPACK from 192.168.233.254 (xid=0x742ad28b)
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6824] dhcp4 (ens33): address 192.168.233.133
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6833] dhcp4 (ens33): plen 24 (255.255.255.0)
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): gateway 192.168.233.2
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): lease time 1800
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): nameserver '192.168.233.2'
    删除log 
    [root@localhost log]# rm messages
    rm: remove regular file ‘messages’? y
    [root@localhost log]# ls messages*
    messages-20210918 messages-backup
    通过lsof 查找出那些进程在用这个log 文件
    [root@localhost log]# lsof | grep message
    rsyslogd 678 root 4w REG 8,3 57757 402862828 /var/log/messages (deleted)
    in:imjour 678 700 root 4w REG 8,3 57757 402862828 /var/log/messages (deleted)
    rs:main 678 703 root 4w REG 8,3 57757 402862828 /var/log/messages (deleted)

    [root@localhost log]# lsof | more
    COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME

    进入进程目录下查找 对应信息   (7=678 是pid ,4w 对应的是FD下的 )
    [root@localhost log]# ll /proc/678/fd/4
    l-wx------. 1 root root 64 Oct 12 23:48 /proc/678/fd/4 -> /var/log/messages (deleted)

    查看进程文件内容
    [root@localhost log]# head -n 10 /proc/678/fd/4
    Sep 18 03:40:01 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="678" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
    Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPREQUEST(virbr0) 192.168.122.17 52:54:00:2a:01:89
    Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPACK(virbr0) 192.168.122.17 52:54:00:2a:01:89
    Sep 18 03:51:11 localhost dhclient[1656]: DHCPREQUEST on ens33 to 192.168.233.254 port 67 (xid=0x742ad28b)
    Sep 18 03:51:11 localhost dhclient[1656]: DHCPACK from 192.168.233.254 (xid=0x742ad28b)
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6824] dhcp4 (ens33): address 192.168.233.133
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6833] dhcp4 (ens33): plen 24 (255.255.255.0)
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): gateway 192.168.233.2
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): lease time 1800
    Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): nameserver '192.168.233.2'
    将进程文件内容重定向输入到messages log 中
    [root@localhost log]# cat /proc/678/fd/4 > /var/log/messages

    [root@localhost log]# ls messages*
    messages messages-20210918 messages-backup
    [root@localhost log]# diff messages messages-backup
    [root@localhost log]#

    kvm 镜像的恢复

    这个是过程与上面恢复文件的流程一样

    检查有一个正常运行的kvm 虚机

    [root@localhost ~]# virsh list --all
    Id Name State
    ----------------------------------------------------
    1 rhel7.4 running

    查询他的kvm 镜像存放位置,删除镜像 默认误删除操作

    [root@localhost images]# virsh dumpxml rhel7.4 | grep qcow2
    <driver name='qemu' type='qcow2'/>
    <source file='/var/lib/libvirt/images/rhel7.4.qcow2'/>
    [root@localhost images]#
    [root@localhost images]# rm -rf /var/lib/libvirt/images/rhel7.4.qcow2
    [root@localhost images]# date
    Tue Oct 12 22:08:52 EDT 2021

    [root@localhost images]# ls
    img-2wv4jjcl.qcow2 rhel7.6.qcow2

    查询那些进程在使用kvm 虚机

    [root@localhost images]# lsof | grep /var/lib/libvirt/images/rhel7.4.qcow2
    qemu-kvm 2073 qemu 14u REG 8,3 1353908224 268634350 /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)
    qemu-kvm 2073 2104 qemu 14u REG 8,3 1353908224 268634350 /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)
    qemu-kvm 2073 2106 qemu 14u REG 8,3 1353908224 268634350 /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)

    将进程文件重新向到镜像文件

    [root@localhost images]# cd /proc/2073/fd

    [root@localhost fd]# ll 14
    lrwx------. 1 qemu qemu 64 Oct 12 22:09 14 -> /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)

    [root@localhost fd]# cp 14 /var/lib/libvirt/images/rhel7.4.qcow2

    [root@localhost fd]#
    [root@localhost fd]# du -sh /var/lib/libvirt/images/rhel7.4.qcow2
    1.3G /var/lib/libvirt/images/rhel7.4.qcow2

    重启验证

    [root@localhost ~]# virsh destroy 1
    Domain 1 destroyed

    [root@localhost ~]# virsh start rhel7.4
    Domain rhel7.4 started

    恢复成功

  • 相关阅读:
    PetaPoco 使用总结(一)
    sql查询语句时怎么把几个字段拼接成一个字段
    js传入和传出参数乱码
    js事件
    耳机没有声音
    JQuery $未定义
    SQL Server导入导出不丢主键和视图的方法
    Transact-SQL解析和基本的实用语句
    数据库索引原理
    Web Service基本概念
  • 原文地址:https://www.cnblogs.com/yk0625/p/15401552.html
Copyright © 2020-2023  润新知