记录一下log 文件被删除 怎么 恢复的操作于 kvm 虚机镜像被删除怎么恢复。
工作中我们服务器或者应用程序都会日常的生产一些log 。就比如我们的message 的log 文件为例。 我们对系统执行启动或者生产的操作会在message 生产一线log 文件。 当我们误删除的这个log 后怎么 恢复?
1. 恢复的前提, 当前的log 文件时有被进程使用的。 或者进程在读写log 文件, 就像我们一些应用时时会实时的读写一些log 文件这种文件会被进程占用,此进程会运行在内存里,从内存进行恢复。
实例:
进入到log 存放位置
[root@localhost log]# cd /var/log
查询所有的messages 开头的log
[root@localhost log]# ls messages*
messages messages-20210918
对删除的log 做备份
[root@localhost log]# cp messages messages-backup
[root@localhost log]# diff messages messages-backup
查询log 信息
[root@localhost log]# head -n 10 messages
Sep 18 03:40:01 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="678" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPREQUEST(virbr0) 192.168.122.17 52:54:00:2a:01:89
Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPACK(virbr0) 192.168.122.17 52:54:00:2a:01:89
Sep 18 03:51:11 localhost dhclient[1656]: DHCPREQUEST on ens33 to 192.168.233.254 port 67 (xid=0x742ad28b)
Sep 18 03:51:11 localhost dhclient[1656]: DHCPACK from 192.168.233.254 (xid=0x742ad28b)
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6824] dhcp4 (ens33): address 192.168.233.133
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6833] dhcp4 (ens33): plen 24 (255.255.255.0)
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): gateway 192.168.233.2
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): lease time 1800
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): nameserver '192.168.233.2'
删除log
[root@localhost log]# rm messages
rm: remove regular file ‘messages’? y
[root@localhost log]# ls messages*
messages-20210918 messages-backup
通过lsof 查找出那些进程在用这个log 文件
[root@localhost log]# lsof | grep message
rsyslogd 678 root 4w REG 8,3 57757 402862828 /var/log/messages (deleted)
in:imjour 678 700 root 4w REG 8,3 57757 402862828 /var/log/messages (deleted)
rs:main 678 703 root 4w REG 8,3 57757 402862828 /var/log/messages (deleted)
[root@localhost log]# lsof | more
COMMAND PID TID USER FD TYPE DEVICE SIZE/OFF NODE NAME
进入进程目录下查找 对应信息 (7=678 是pid ,4w 对应的是FD下的 )
[root@localhost log]# ll /proc/678/fd/4
l-wx------. 1 root root 64 Oct 12 23:48 /proc/678/fd/4 -> /var/log/messages (deleted)
查看进程文件内容
[root@localhost log]# head -n 10 /proc/678/fd/4
Sep 18 03:40:01 localhost rsyslogd: [origin software="rsyslogd" swVersion="8.24.0" x-pid="678" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPREQUEST(virbr0) 192.168.122.17 52:54:00:2a:01:89
Sep 18 03:44:10 localhost dnsmasq-dhcp[1451]: DHCPACK(virbr0) 192.168.122.17 52:54:00:2a:01:89
Sep 18 03:51:11 localhost dhclient[1656]: DHCPREQUEST on ens33 to 192.168.233.254 port 67 (xid=0x742ad28b)
Sep 18 03:51:11 localhost dhclient[1656]: DHCPACK from 192.168.233.254 (xid=0x742ad28b)
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6824] dhcp4 (ens33): address 192.168.233.133
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6833] dhcp4 (ens33): plen 24 (255.255.255.0)
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): gateway 192.168.233.2
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): lease time 1800
Sep 18 03:51:11 localhost NetworkManager[739]: <info> [1631951471.6834] dhcp4 (ens33): nameserver '192.168.233.2'
将进程文件内容重定向输入到messages log 中
[root@localhost log]# cat /proc/678/fd/4 > /var/log/messages
[root@localhost log]# ls messages*
messages messages-20210918 messages-backup
[root@localhost log]# diff messages messages-backup
[root@localhost log]#
kvm 镜像的恢复
这个是过程与上面恢复文件的流程一样
检查有一个正常运行的kvm 虚机
[root@localhost ~]# virsh list --all
Id Name State
----------------------------------------------------
1 rhel7.4 running
查询他的kvm 镜像存放位置,删除镜像 默认误删除操作
[root@localhost images]# virsh dumpxml rhel7.4 | grep qcow2
<driver name='qemu' type='qcow2'/>
<source file='/var/lib/libvirt/images/rhel7.4.qcow2'/>
[root@localhost images]#
[root@localhost images]# rm -rf /var/lib/libvirt/images/rhel7.4.qcow2
[root@localhost images]# date
Tue Oct 12 22:08:52 EDT 2021
[root@localhost images]# ls
img-2wv4jjcl.qcow2 rhel7.6.qcow2
查询那些进程在使用kvm 虚机
[root@localhost images]# lsof | grep /var/lib/libvirt/images/rhel7.4.qcow2
qemu-kvm 2073 qemu 14u REG 8,3 1353908224 268634350 /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)
qemu-kvm 2073 2104 qemu 14u REG 8,3 1353908224 268634350 /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)
qemu-kvm 2073 2106 qemu 14u REG 8,3 1353908224 268634350 /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)
将进程文件重新向到镜像文件
[root@localhost images]# cd /proc/2073/fd
[root@localhost fd]# ll 14
lrwx------. 1 qemu qemu 64 Oct 12 22:09 14 -> /var/lib/libvirt/images/rhel7.4.qcow2 (deleted)
[root@localhost fd]# cp 14 /var/lib/libvirt/images/rhel7.4.qcow2
[root@localhost fd]#
[root@localhost fd]# du -sh /var/lib/libvirt/images/rhel7.4.qcow2
1.3G /var/lib/libvirt/images/rhel7.4.qcow2
重启验证
[root@localhost ~]# virsh destroy 1
Domain 1 destroyed
[root@localhost ~]# virsh start rhel7.4
Domain rhel7.4 started
恢复成功