定时备份etcd数据

1、etcd集群环境

    endpoints="https://192.168.131.60:2379,https://192.168.131.61:2379,https://192.168.131.62:2379"；

    cat /etc/etcd.env

# Environment file for etcd v3.3.12
ETCD_DATA_DIR=/var/lib/etcd
ETCD_ADVERTISE_CLIENT_URLS=https://192.168.131.60:2379
ETCD_INITIAL_ADVERTISE_PEER_URLS=https://192.168.131.60:2380
ETCD_INITIAL_CLUSTER_STATE=existing
ETCD_METRICS=basic
ETCD_LISTEN_CLIENT_URLS=https://192.168.131.60:2379,https://127.0.0.1:2379
ETCD_ELECTION_TIMEOUT=5000
ETCD_HEARTBEAT_INTERVAL=250
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
ETCD_LISTEN_PEER_URLS=https://192.168.131.60:2380
ETCD_NAME=etcd1
ETCD_PROXY=off
ETCD_INITIAL_CLUSTER=etcd1=https://192.168.131.60:2380,etcd2=https://192.168.131.61:2380,etcd3=https://192.168.131.62:2380
ETCD_AUTO_COMPACTION_RETENTION=8
ETCD_SNAPSHOT_COUNT=10000

# TLS settings
ETCD_TRUSTED_CA_FILE=/etc/ssl/etcd/ssl/ca.pem
ETCD_CERT_FILE=/etc/ssl/etcd/ssl/member-master1.pem
ETCD_KEY_FILE=/etc/ssl/etcd/ssl/member-master1-key.pem
ETCD_CLIENT_CERT_AUTH=true

ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/etcd/ssl/ca.pem
ETCD_PEER_CERT_FILE=/etc/ssl/etcd/ssl/member-master1.pem
ETCD_PEER_KEY_FILE=/etc/ssl/etcd/ssl/member-master1-key.pem
ETCD_PEER_CLIENT_CERT_AUTH=True

# CLI settings
ETCDCTL_ENDPOINTS=https://127.0.0.1:2379
ETCDCTL_CA_FILE=/etc/ssl/etcd/ssl/ca.pem
ETCDCTL_KEY_FILE=/etc/ssl/etcd/ssl/admin-master1-key.pem
ETCDCTL_CERT_FILE=/etc/ssl/etcd/ssl/admin-master1.pem

2、etcd备份脚本，其中有些参数需根据自身环境进行修改。

• etcd_endpoint值为各个etcd节点的ip加2379端口组成
• inventory_hostname值为每台etcd机器的hostname值，不同etcd机器需要配不同的值，可参考/etc/etcd.env里面的值。

备份脚本etcd-backup.sh模板。

#! /bin/bash


ETCDCTL_PATH='/usr/local/bin/etcdctl'
ENDPOINTS='{{ etcd_endpoint }}'
ETCD_DATA_DIR="/var/lib/etcd"
BACKUP_DIR="/var/backups/kube_etcd/etcd-$(date +%Y-%m-%d_%H:%M:%S)"

ETCDCTL_CERT="/etc/ssl/etcd/ssl/admin-{{ inventory_hostname }}.pem"
ETCDCTL_KEY="/etc/ssl/etcd/ssl/admin-{{ inventory_hostname }}-key.pem"
ETCDCTL_CA_FILE="/etc/ssl/etcd/ssl/ca.pem"


[ ! -d $BACKUP_DIR ] && mkdir -p $BACKUP_DIR


export ETCDCTL_API=2;$ETCDCTL_PATH backup --data-dir $ETCD_DATA_DIR --backup-dir $BACKUP_DIR

sleep 3

{
export ETCDCTL_API=3;$ETCDCTL_PATH --endpoints="$ENDPOINTS" snapshot save $BACKUP_DIR/snapshot.db 
                                   --cacert="$ETCDCTL_CA_FILE" 
                                   --cert="$ETCDCTL_CERT" 
                                   --key="$ETCDCTL_KEY"
} > /dev/null 

sleep 3

cd $BACKUP_DIR/../;ls -lt |awk '{if(NR>10){print "rm -rf "$9}}'|sh

endpoints="https://192.168.131.60:2379,https://192.168.131.61:2379,https://192.168.131.62:2379"环境备份备份脚本etcd-backup.sh。

#! /bin/bash


ETCDCTL_PATH='/usr/local/bin/etcdctl'
ENDPOINTS='https://192.168.131.60:2379,https://192.168.131.61:2379,https://192.168.131.62:2379'
ETCD_DATA_DIR="/var/lib/etcd"
BACKUP_DIR="/var/backups/kube_etcd/etcd-$(date +%Y-%m-%d_%H:%M:%S)"

ETCDCTL_CERT="/etc/ssl/etcd/ssl/admin-master1.pem"
ETCDCTL_KEY="/etc/ssl/etcd/ssl/admin-master1-key.pem"
ETCDCTL_CA_FILE="/etc/ssl/etcd/ssl/ca.pem"


[ ! -d $BACKUP_DIR ] && mkdir -p $BACKUP_DIR


export ETCDCTL_API=2;$ETCDCTL_PATH backup --data-dir $ETCD_DATA_DIR --backup-dir $BACKUP_DIR

sleep 3

{
export ETCDCTL_API=3;$ETCDCTL_PATH --endpoints="$ENDPOINTS" snapshot save $BACKUP_DIR/snapshot.db 
                                   --cacert="$ETCDCTL_CA_FILE" 
                                   --cert="$ETCDCTL_CERT" 
                                   --key="$ETCDCTL_KEY"
} > /dev/null 

sleep 3

cd $BACKUP_DIR/../;ls -lt |awk '{if(NR>10){print "rm -rf "$9}}'|sh

3、定时备份操作，etcd-backup.sh脚本放到/opt/etcd_back

• 加入crontab指令：crontab -e
• 新增一行指令，每天凌晨2点执行：0 2 * * * sh /opt/etcd_back/etcd-backup.sh