ETCDデータバックアップとリカバリ検証

22806 ワード

etcd

ETCDデータバックアップとリカバリ検証

一、単機

説明:etcdバックアップデータのリカバリを実行するマシンは、元のetcdが存在するマシンと一致する必要があります.

1、スタンドアロンバックアップ

etcdctl --endpoints="https://10.25.72.62:2379" \
        --cert=/etc/etcd/ssl/etcd.pem \
        --key=/etc/etcd/ssl/etcd-key.pem \
        --cacert=/etc/kubernetes/ssl/ca.pem \
        snapshot save snapshot.db

2、単機データ復旧

[root@SZD-L0105331 ~]# systemctl stop etcd   #  etcd 
[root@SZD-L0105331 ~]# export ETCDCTL_API=3; #  ETCDCTL API 3
[root@SZD-L0105331 ~]# etcdctl  snapshot restore snapshot.db \
        --name=SZD-L0105331 \
        --endpoints=https://10.25.72.62:2379 \
        --cacert=/etc/kubernetes/ssl/ca.pem \
        --cert=/etc/etcd/ssl/etcd.pem \
        --key=/etc/etcd/ssl/etcd-key.pem  \
        --initial-cluster=SZD-L0105331=https://10.25.72.62:2380  \
        --initial-advertise-peer-urls=https://10.25.72.62:2380 \
        --initial-cluster-token=etcd-cluster-0 \
        --data-dir=/var/lib/etcd4   #  --data-dir , 

[root@SZD-L0105331 ~]# #  etcd --data-dir ， /etc/etcd/etcd 

[root@SZD-L0105331 ~]# cat /etc/etcd/etcd  #  
ETCD_OPTIONS="--name=SZD-L0105331 \
   --client-cert-auth=true \
   --cert-file=/etc/etcd/ssl/etcd.pem \
   --key-file=/etc/etcd/ssl/etcd-key.pem \
   --peer-cert-file=/etc/etcd/ssl/etcd.pem \
   --peer-key-file=/etc/etcd/ssl/etcd-key.pem \
   --trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
   --peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
   --initial-advertise-peer-urls=https://10.25.72.62:2380 \
   --listen-peer-urls=https://10.25.72.62:2380 \
   --listen-client-urls=https://10.25.72.62:2379,https://127.0.0.1:2379 \
   --advertise-client-urls=https://10.25.72.62:2379 \
   --initial-cluster-token=etcd-cluster-0 \
   --initial-cluster=SZD-L0105331=https://10.25.72.62:2380 \
   --initial-cluster-state=new \
   --data-dir=/var/lib/etcd"

[root@SZD-L0105331 ~]# systemctl start etcd #  etcd

二、クラスター

1、アナログ書き込みデータをEtcdクラスタへ

#  API 3 
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem put /name/1 zxg
#  
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem get  /name/1
2018-08-16 20:47:13.017586 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
/name/1
zxg

#  API 2 
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=2 etcdctl --cert-file /root/etcd-cluster/etcd.pem --ca-file /root/etcd-cluster/ca.pem --key-file /root/etcd-cluster/etcd-key.pem --endpoints="https://10.25.73.25:2379,https://10.25.73.150:2379,https://10.25.84.251:2379" set /name1 zxg1
2018-08-16 18:27:35.060559 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
zxg1
#  
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=2 etcdctl --cert-file /root/etcd-cluster/etcd.pem --ca-file /root/etcd-cluster/ca.pem --key-file /root/etcd-cluster/etcd-key.pem --endpoints="https://10.25.73.25:2379,https://10.25.73.150:2379,https://10.25.84.251:2379" get /name1
2018-08-16 18:27:47.884908 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
zxg1

2、etcdデータのバックアップ

[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem  snapshot save mysnapshot.db
2018-08-16 20:50:47.206334 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Snapshot saved at mysnapshot.db
[root@SZD-L0097856 etcd-cluster]#

3、etcdクラスタの停止

停止方法:etcdサービス

を停止するには、それぞれ3台のetcdのホスト上で以下のコマンドを実行する.

systemctl stop etcd

Leader 10.25.73.25を停止し、クラスタの状況を確認し、leaderを再選挙し、クラスタは

を正常に使用することができる.

[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem  endpoint status --write-out=table
2018-08-16 18:31:50.686352 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Failed to get the status of endpoint https://10.25.73.25:2379 (context deadline exceeded)
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
|         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://10.25.84.251:2379 | 2a53eb67dfa37cc0 | 3.1.10  | 25 kB   | false     |        14 |         19 |
| https://10.25.73.150:2379 | c267a0ca02c6bff7 | 3.1.10  | 25 kB   | true      |        14 |         19 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
[root@SZD-L0097856 etcd-cluster]#

は10.25.73.150を停止して、クラスタの状況を見て、クラスタはすでに正常に使用することができなくて、3ノードのEtcdの許容誤差が1

であることを説明します

[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem  endpoint status --write-out=table
2018-08-16 18:33:44.526382 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Failed to get the status of endpoint https://10.25.73.25:2379 (context deadline exceeded)
Failed to get the status of endpoint https://10.25.73.150:2379 (context deadline exceeded)
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
|         ENDPOINT          |        ID        | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://10.25.84.251:2379 | 2a53eb67dfa37cc0 | 3.1.10  | 25 kB   | false     |        14 |         19 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+

etcdデータを削除する方法:etcdが存在するホストにログインして実行する:(注意:危険な操作、慎重に操作して、データバックアップがあり、Etcdクラスタが正常に動作しないと判断した後に操作する)

rm -rf /var/lib/etcd

4、バックアップデータによるリカバリ

10.25.84.251ノードデータを/var/lib/etcd

に復元

[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0097856 --endpoints="https://10.25.84.251:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.84.251:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
2018-08-16 19:52:33.409406 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:52:33.409481 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:52:33.409499 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
[root@SZD-L0097856 etcd-cluster]#

10.25.73.25ノードデータを/var/lib/etcd

に復元

[root@SZD-L0101798 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0101798 --endpoints="https://10.25.73.25:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.73.25:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
2018-08-16 19:55:30.735518 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:55:30.735601 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:55:30.735617 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
[root@SZD-L0101798 etcd-cluster]#

10.25.73.150ノードデータを/var/lib/etcd

に復元

[root@SZD-L0103739 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0103739 --endpoints="https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.73.150:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
2018-08-16 19:58:21.892719 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:58:21.892796 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:58:21.892812 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
[root@SZD-L0103739 etcd-cluster]#

5、Etcdサービスの起動

etcdが存在するホストでは、次のコマンドが実行されます.

systemctl start etcd

6、データ整合性の検証

検証済み、ETCDCTLを使用API=2格納されたデータが失われ、ETCDCTLを使用するAPI=3格納データは正常に

回復できる

付録:

etcd API 3を問い合わせるキー

[root@SZD-L0101798 ~]#  ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem get / --prefix --keys-only
2018-08-16 20:38:06.954368 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
/name/1

/name/2

/name/3

/name/4

>wecode 14 UI/UX開発者の仕事

Gitlabサーバの移行