目录
使用etcdctl备份与恢复
简介
**etcdctl**
是用于管理和操作 etcd 数据库的命令行工具。etcd 是一个高可用的分布式键值存储系统,广泛用于存储和管理配置数据。etcdctl
提供了备份和恢复 etcd 数据库的功能,这对于数据保护和系统迁移至关重要
本次 etcd 集群由三个节点组成,采用高可用配置。备份操作只需在任意一个节点上进行,因为所有节点的数据是同步的。然而,恢复数据时需要在每个节点上进行恢复操作。
集群信息
安装方式 | 版本 |
---|---|
kubeadm | 1.23.17 |
etcdctl安装
下载
wget https://gh.monlor.com/https://github.com/etcd-io/etcd/releases/download/v3.4.30/etcd-v3.4.30-linux-amd64.tar.gz
安装
tar -zxf etcd-v3.4.30-linux-amd64.tar.gz
mv etcd-v3.4.30-linux-amd64/etcdctl /usr/local/bin
chmod +x /usr/local/bin/
同步到其他节点
scp -r /usr/local/bin/etcdctl master02:/usr/local/bin/
scp -r /usr/local/bin/etcdctl master03:/usr/local/bin/
配置环境变量
vi ~/.bashrc
export ETCDCTL_API=3
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key
export ETCDCTL_ENDPOINTS=192.168.1.31:2379,192.168.1.32:2379,192.168.1.33:2379
source ~/.bashrc
查看集群状态
ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379,192.168.1.162:2379,192.168.1.163:2379 \
etcdctl --write-out=table endpoint health
#执行结果
+--------------------+--------+-------------+-------+
| ENDPOINT | HEALTH | TOOK | ERROR |
+--------------------+--------+-------------+-------+
| 192.168.1.162:2379 | true | 14.612588ms | |
| 192.168.1.161:2379 | true | 21.240783ms | |
| 192.168.1.163:2379 | true | 20.533771ms | |
+--------------------+--------+-------------+-------+
查看所有key
ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379,192.168.1.162:2379,192.168.1.163:2379 \
etcdctl get / --prefix --keys-only
查看指定key
ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379,192.168.1.162:2379,192.168.1.163:2379 \
etcdctl get /registry/namespaces/default
备份
所有节点创建备份目录
mkdir -p /opt/etcd_backup/
备份etcd数据
注意:etcdctl
进行快照操作时必须连接到 一个特定的 etcd 节点,而不是多个节点 ,否则会出现 snapshot must be requested to one selected node”的错误 如下所示
指定单个节点备份
ETCDCTL_API=3 \
ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt \
ETCDCTL_CERT=/etc/kubernetes/pki/etcd/peer.crt \
ETCDCTL_KEY=/etc/kubernetes/pki/etcd/peer.key \
ETCDCTL_ENDPOINTS=192.168.1.161:2379 \
etcdctl snapshot save /opt/etcd_backup/snap-etcd-$(date +%F-%H-%M-%S).db
快照已成功保存到指定路径 /opt/etcd_backup/snap-etcd-2024-09-06-10-21-42.db
恢复
删除资源
我们删除掉defualt下和ops下的资源
[root@master01 ~]# kubectl delete deployments.apps nginx
deployment.apps "nginx" deleted
[root@master01 ~]# kubectl -n ops delete deployments.apps redis-single
deployment.apps "redis-single" deleted
所有master节点停止etcd
mv /etc/kubernetes/manifests/etcd.yaml /home/
所有master节点备份原有数据
[root@master01 home]# mv /var/lib/etcd/ /var/lib/etcd-$(date +%F-%H-%M-%S)-backup/
[root@master01 home]# ls /var/lib/etcd-2024-09-06-10-45-19-backup
member
master01恢复
ETCDCTL_API=3 etcdctl snapshot restore /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--data-dir=/var/lib/etcd/ \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=master01=https://192.168.1.161:2380,master02=https://192.168.1.162:2380,master03=https://192.168.1.163:2380 \
--name=master01 \
--initial-advertise-peer-urls=https://192.168.1.161:2380
恢复成功如下
[root@master01 ~]# ls /var/lib/etcd
member
发送快照文件到其他master节点
scp /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db master02:/opt/etcd_backup/
scp /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db master03:/opt/etcd_backup/
master02恢复
注意修改主机名称和urls地址
ETCDCTL_API=3 etcdctl snapshot restore /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--data-dir=/var/lib/etcd/ \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=master01=https://192.168.1.161:2380,master02=https://192.168.1.162:2380,master03=https://192.168.1.163:2380 \
--name=master02 \
--initial-advertise-peer-urls=https://192.168.1.162:2380
master03恢复
ETCDCTL_API=3 etcdctl snapshot restore /opt/etcd_backup/snap-etcd-2024-09-06-11-12-02.db \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--data-dir=/var/lib/etcd/ \
--endpoints=https://127.0.0.1:2379 \
--initial-cluster=master01=https://192.168.1.161:2380,master02=https://192.168.1.162:2380,master03=https://192.168.1.163:2380 \
--name=master03 \
--initial-advertise-peer-urls=https://192.168.1.163:2380
所有节点启动etcd
mv /home/etcd.yaml /etc/kubernetes/manifests/
验证
可以看到我们删除的资源已经恢复了
增加备份脚本
[root@master01 scpipt]# cat etcd_backup.sh
#!/bin/bash
# 定义环境变量
ETCDCTL_API=3
ETCD_CACERT="/etc/kubernetes/pki/etcd/ca.crt"
ETCD_CERT="/etc/kubernetes/pki/etcd/peer.crt"
ETCD_KEY="/etc/kubernetes/pki/etcd/peer.key"
ETCD_ENDPOINTS="192.168.1.161:2379" # 可以根据需要添加更多端点
# 定义备份目录和文件名
BACKUP_DIR="/opt/etcd_backup"
BACKUP_FILE="snap-etcd-$(date +%F-%H-%M-%S).db"
BACKUP_PATH="${BACKUP_DIR}/${BACKUP_FILE}"
# 创建备份目录(如果不存在)
mkdir -p "${BACKUP_DIR}"
# 执行备份操作
ETCDCTL_CACERT="${ETCD_CACERT}" \
ETCDCTL_CERT="${ETCD_CERT}" \
ETCDCTL_KEY="${ETCD_KEY}" \
ETCDCTL_ENDPOINTS="${ETCD_ENDPOINTS}" \
etcdctl snapshot save "${BACKUP_PATH}"
# 检查备份是否成功
if [ $? -eq 0 ]; then
echo "Backup successfully created at ${BACKUP_PATH}"
else
echo "Backup failed"
exit 1
fi
每周三晚上12点执行备份脚本:
[root@master01 scpipt]# crontab -e
0 0 * * 4 /scpipt/etcd_backup.sh
标签:kubernetes,Kubernetes,ETCDCTL,192.168,etc,etcd,pki,备份
From: https://www.cnblogs.com/Unstoppable9527/p/18399967