kubernetes集群管理系列讲座(六)etcd备份与恢复

2020-06-22  本文已影响0人  炼狱腾蛇Eric

课程目标

灾备原理

怎样备份

怎样恢复

1. 灾备原理

etcd设计用于承受机器故障。etcd集群自动从临时故障(例如,机器重新启动)中恢复,并且对N个成员的集群最多可容忍(N-1)/2个永久故障。当一个成员永久性地失败时,无论是由于硬件故障还是磁盘损坏,它都将失去对集群的访问。如果集群永久失去超过(N-1)/2个成员,那么它将无法使用,永久地失去仲裁能力。一旦仲裁丢失,群集就无法达成共识,因此无法继续接受更新。

为了从灾难性故障中恢复,etcd v3提供了快照和恢复功能,以便在不丢失etcd v3 key数据的情况下重新创建集群。

也就是说,etcd的备份实际上是备份了某个key在某个时间的状态,也就是备份的内容是整个的keyspace

2. 备份

刚才说过了,备份实际上就是对于keyspace的snapshot。而恢复集群首先需要的是从etcd集群成员中对于keyspace的snapshot。快照可以是使用etcdctl snapshot save命令导出的文件,或者是从etcd数据文件夹中member/snap/db复制出来的db文件。我们可以使用下面的命令对etcd数据库打快照。

$ ETCDCTL_API=3 etcdctl --endpoints $ENDPOINT snapshot save snapshot.db

当然,我们这里使用的是带ssl证书的,应该使用下面的命令

ETCDCTL_API=3 etcdctl --endpoints https://10.0.13.126:2379 --cacert="/etc/kubernetes/pki/etcd/ca.pem" --cert="/etc/kubernetes/pki/etcd/members.pem" --key="/etc/kubernetes/pki/etcd/members-key.pem" snapshot save /tmp/snapshot.db
{"level":"info","ts":1592547629.6369183,"caller":"snapshot/v3_snapshot.go:119","msg":"created temporary db file","path":"/tmp/snapshot.db.part"}
{"level":"info","ts":"2020-06-19T06:20:29.643Z","caller":"clientv3/maintenance.go:200","msg":"opened snapshot stream; downloading"}
{"level":"info","ts":1592547629.6432784,"caller":"snapshot/v3_snapshot.go:127","msg":"fetching snapshot","endpoint":"https://10.0.13.126:2379"}
{"level":"info","ts":"2020-06-19T06:20:29.644Z","caller":"clientv3/maintenance.go:208","msg":"completed snapshot read; closing"}
{"level":"info","ts":1592547629.6491425,"caller":"snapshot/v3_snapshot.go:142","msg":"fetched snapshot","endpoint":"https://10.0.13.126:2379","size":"20 kB","took":0.012103202}
{"level":"info","ts":1592547629.6492367,"caller":"snapshot/v3_snapshot.go:152","msg":"saved","path":"/tmp/snapshot.db"}
Snapshot saved at /tmp/snapshot.db

这样我们就得到了snapshot文件,/tmp/snapshot.db

3. 恢复

要恢复集群,只需要一个快照“db”文件。使用etcdctl snapshot restore的群集还原将创建新的etcd数据目录;所有成员都应使用同一快照还原。还原将覆盖某些快照元数据(特别是成员ID和群集ID);该成员将丢失其以前的标识。此元数据覆盖可防止新成员无意中加入现有群集。因此,要从快照启动群集,还原必须启动新的逻辑群集。

注意

步骤如下

$ etcdctl put name jormun --cacert="/etc/kubernetes/pki/etcd/ca.pem" --cert="/etc/kubernetes/pki/etcd/members.pem" --key="/etc/kubernetes/pki/etcd/members-key.pem"

$ etcdctl get name --cacert="/etc/kubernetes/pki/etcd/ca.pem" --cert="/etc/kubernetes/pki/etcd/members.pem" --key="/etc/kubernetes/pki/etcd/members-key.pem"
name
jormun

$ ETCDCTL_API=3 etcdctl --endpoints https://10.0.13.126:2379 --cacert="/etc/kubernetes/pki/etcd/ca.pem" --cert="/etc/kubernetes/pki/etcd/members.pem" --key="/etc/kubernetes/pki/etcd/members-key.pem" snapshot save /tmp/snap.db
{"level":"info","ts":1592548731.7236383,"caller":"snapshot/v3_snapshot.go:119","msg":"created temporary db file","path":"/tmp/snap.db.part"}
{"level":"info","ts":"2020-06-19T06:38:51.727Z","caller":"clientv3/maintenance.go:200","msg":"opened snapshot stream; downloading"}
{"level":"info","ts":1592548731.7275999,"caller":"snapshot/v3_snapshot.go:127","msg":"fetching snapshot","endpoint":"https://10.0.13.126:2379"}
{"level":"info","ts":"2020-06-19T06:38:51.730Z","caller":"clientv3/maintenance.go:208","msg":"completed snapshot read; closing"}
{"level":"info","ts":1592548731.7342563,"caller":"snapshot/v3_snapshot.go:142","msg":"fetched snapshot","endpoint":"https://10.0.13.126:2379","size":"20 kB","took":0.010554193}
{"level":"info","ts":1592548731.7343948,"caller":"snapshot/v3_snapshot.go:152","msg":"saved","path":"/tmp/snap.db"}
Snapshot saved at /tmp/snap.db

$ etcdctl put name jormun_new --cacert="/etc/kubernetes/pki/etcd/ca.pem" --cert="/etc/kubernetes/pki/etcd/members.pem" --key="/etc/kubernetes/pki/etcd/members-key.pem"
OK

$ etcdctl get name --cacert="/etc/kubernetes/pki/etcd/ca.pem" --cert="/etc/kubernetes/pki/etcd/members.pem" --key="/etc/kubernetes/pki/etcd/members-key.pem"
name
jormun_new

$ systemctl stop etcd

$ ETCDCTL_API=3 etcdctl snapshot restore /tmp/snap.db \
   --name infra0 \
   --initial-cluster infra0=https://10.0.11.36:2380,infra1=https://10.0.12.21:2380,infra2=https://10.0.13.126:2380 \
   --initial-cluster-token ea8cfe2bfe85b7e6c66fe190f9225838 \
   --initial-advertise-peer-urls https://10.0.11.36:2380 \
   --cacert="/etc/kubernetes/pki/etcd/ca.pem" \
   --cert="/etc/kubernetes/pki/etcd/members.pem" \
   --key="/etc/kubernetes/pki/etcd/members-key.pem"
   
{"level":"info","ts":1592805749.46045,"caller":"snapshot/v3_snapshot.go:296","msg":"restoring snapshot","path":"/tmp/snap.db","wal-dir":"infra0.etcd/member/wal","data-dir":"infra0.etcd","snap-dir":"infra0.etcd/member/snap"}
{"level":"info","ts":1592805749.467868,"caller":"membership/cluster.go:392","msg":"added member","cluster-id":"f36e4227f36fdc03","local-member-id":"0","added-peer-id":"466035bfe5ac7a64","added-peer-peer-urls":["https://10.0.13.126:2380"]}
{"level":"info","ts":1592805749.4684293,"caller":"membership/cluster.go:392","msg":"added member","cluster-id":"f36e4227f36fdc03","local-member-id":"0","added-peer-id":"784e0050552d81cd","added-peer-peer-urls":["https://10.0.12.21:2380"]}
{"level":"info","ts":1592805749.4684544,"caller":"membership/cluster.go:392","msg":"added member","cluster-id":"f36e4227f36fdc03","local-member-id":"0","added-peer-id":"f7d6895384ae86d2","added-peer-peer-urls":["https://10.0.11.36:2380"]}
{"level":"info","ts":1592805749.4759514,"caller":"snapshot/v3_snapshot.go:309","msg":"restored snapshot","path":"/tmp/snap.db","wal-dir":"infra0.etcd/member/wal","data-dir":"infra0.etcd","snap-dir":"infra0.etcd/member/snap"}

$ ls /data/
etcd  infra0.etcd

# DATA_DIR=/data/etcd
DATA_DIR=/data/infra0.etcd

ETCDCTL_API=3 etcdctl snapshot restore /tmp/snap.db \
   --name infra1 \
   --initial-cluster infra0=https://10.0.11.36:2380,infra1=https://10.0.12.21:2380,infra2=https://10.0.13.126:2380 \
   --initial-cluster-token ea8cfe2bfe85b7e6c66fe190f9225838 \
   --initial-advertise-peer-urls https://10.0.12.21:2380 \
   --cacert="/etc/kubernetes/pki/etcd/ca.pem" \
   --cert="/etc/kubernetes/pki/etcd/members.pem" \
   --key="/etc/kubernetes/pki/etcd/members-key.pem"

ETCDCTL_API=3 etcdctl snapshot restore /tmp/snap.db \
   --name infra2 \
   --initial-cluster infra0=https://10.0.11.36:2380,infra1=https://10.0.12.21:2380,infra2=https://10.0.13.126:2380 \
   --initial-cluster-token ea8cfe2bfe85b7e6c66fe190f9225838 \
   --initial-advertise-peer-urls https://10.0.13.126:2380 \
   --cacert="/etc/kubernetes/pki/etcd/ca.pem" \
   --cert="/etc/kubernetes/pki/etcd/members.pem" \
   --key="/etc/kubernetes/pki/etcd/members-key.pem"

DATA_DIR=/data/infra1.etcd
HOST_NAME=infra1
HOST_IP=10.0.12.21
CLUSTER=infra0=https://10.0.11.36:2380,infra1=https://10.0.12.21:2380,infra2=https://10.0.13.126:2380
CLUSTER_STATE=new
TOKEN=ea8cfe2bfe85b7e6c66fe190f9225838

DATA_DIR=/data/infra2.etcd
HOST_NAME=infra2
HOST_IP=10.0.13.126
CLUSTER=infra0=https://10.0.11.36:2380,infra1=https://10.0.12.21:2380,infra2=https://10.0.13.126:2380
CLUSTER_STATE=new
TOKEN=ea8cfe2bfe85b7e6c66fe190f9225838

chown -R etcd:adm infra0.etcd

chown -R etcd:adm infra1.etcd

chown -R etcd:adm infra2.etcd

systemctl start etcd

etcdctl get name --cacert="/etc/kubernetes/pki/etcd/ca.pem" --cert="/etc/kubernetes/pki/etcd/members.pem" --key="/etc/kubernetes/pki/etcd/members-key.pem"
name
jormun

为了方便大家学习,请大家加我的微信,我会把大家加到微信群(微信群的二维码会经常变)和qq群821119334,问题答案云原生技术课堂,有问题可以一起讨论

2020 CKA考试视频 真题讲解 https://www.bilibili.com/video/BV167411K7hp

2020 CKA考试指南 https://www.bilibili.com/video/BV1sa4y1479B/

2020年 5月CKA考试真题 https://mp.weixin.qq.com/s/W9V4cpYeBhodol6AYtbxIA

上一篇 下一篇

猜你喜欢

热点阅读