etcd数据备份与恢复验证
一、单机
说明:执行etcd备份数据的恢复的机器必须和原先etcd所在机器一致
1、单机备份
etcdctl --endpoints="https://10.25.72.62:2379" \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
--cacert=/etc/kubernetes/ssl/ca.pem \
snapshot save snapshot.db
2、单机数据恢复
[root@SZD-L0105331 ~]# systemctl stop etcd # 停止etcd服务
[root@SZD-L0105331 ~]# export ETCDCTL_API=; # 使用ETCDCTL API
[root@SZD-L0105331 ~]# etcdctl snapshot restore snapshot.db \
--name=SZD-L0105331 \
--endpoints=https://10.25.72.62:2379 \
--cacert=/etc/kubernetes/ssl/ca.pem \
--cert=/etc/etcd/ssl/etcd.pem \
--key=/etc/etcd/ssl/etcd-key.pem \
--initial-cluster=SZD-L0105331=https://10.25.72.62:2380 \
--initial-advertise-peer-urls=https://10.25.72.62:2380 \
--initial-cluster-token=etcd-cluster- \
--data-dir=/var/lib/etcd4 # 注意--data-dir参数,以下步骤需要使用 [root@SZD-L0105331 ~]# # 修改etcd启动参数--data-dir指向上一步的数据回复目录,一般在/etc/etcd/etcd文件中 [root@SZD-L0105331 ~]# cat /etc/etcd/etcd # 完整参数文件如下
ETCD_OPTIONS="--name=SZD-L0105331 \
--client-cert-auth=true \
--cert-file=/etc/etcd/ssl/etcd.pem \
--key-file=/etc/etcd/ssl/etcd-key.pem \
--peer-cert-file=/etc/etcd/ssl/etcd.pem \
--peer-key-file=/etc/etcd/ssl/etcd-key.pem \
--trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--peer-trusted-ca-file=/etc/kubernetes/ssl/ca.pem \
--initial-advertise-peer-urls=https://10.25.72.62:2380 \
--listen-peer-urls=https://10.25.72.62:2380 \
--listen-client-urls=https://10.25.72.62:2379,https://127.0.0.1:2379 \
--advertise-client-urls=https://10.25.72.62:2379 \
--initial-cluster-token=etcd-cluster- \
--initial-cluster=SZD-L0105331=https://10.25.72.62:2380 \
--initial-cluster-state=new \
--data-dir=/var/lib/etcd" [root@SZD-L0105331 ~]# systemctl start etcd # 启动etcd服务
二、集群
1、模拟写入数据到Etcd集群
# 使用API 3写入数据库
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API= etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem put /name/ zxg
# 读取数据
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API= etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem get /name/
-- ::13.017586 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
/name/
zxg # 使用API 2写入数据库
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API= etcdctl --cert-file /root/etcd-cluster/etcd.pem --ca-file /root/etcd-cluster/ca.pem --key-file /root/etcd-cluster/etcd-key.pem --endpoints="https://10.25.73.25:2379,https://10.25.73.150:2379,https://10.25.84.251:2379" set /name1 zxg1
-- ::35.060559 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
zxg1
# 读取数据
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API= etcdctl --cert-file /root/etcd-cluster/etcd.pem --ca-file /root/etcd-cluster/ca.pem --key-file /root/etcd-cluster/etcd-key.pem --endpoints="https://10.25.73.25:2379,https://10.25.73.150:2379,https://10.25.84.251:2379" get /name1
-- ::47.884908 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
zxg1
2、备份etcd数据
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API= etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem snapshot save mysnapshot.db
-- ::47.206334 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Snapshot saved at mysnapshot.db
3、停止etcd集群
停止方法:分别在3台etcd的宿主机上执行以下命令停止etcd服务
systemctl stop etcd
停掉Leader 10.25.73.25, 查看集群状况,重新选举出了leader,集群可正常使用
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API= etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem endpoint status --write-out=table
-- ::50.686352 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Failed to get the status of endpoint https://10.25.73.25:2379 (context deadline exceeded)
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://10.25.84.251:2379 | 2a53eb67dfa37cc0 | 3.1.10 | 25 kB | false | 14 | 19 |
| https://10.25.73.150:2379 | c267a0ca02c6bff7 | 3.1.10 | 25 kB | true | 14 | 19 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
停掉10.25.73.150,查看集群状况,集群已经无法正常使用,说明3节点的Etcd容错为1
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API= etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem endpoint status --write-out=table
-- ::44.526382 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
Failed to get the status of endpoint https://10.25.73.25:2379 (context deadline exceeded)
Failed to get the status of endpoint https://10.25.73.150:2379 (context deadline exceeded)
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | RAFT TERM | RAFT INDEX |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
| https://10.25.84.251:2379 | 2a53eb67dfa37cc0 | 3.1.10 | 25 kB | false | 14 | 19 |
+---------------------------+------------------+---------+---------+-----------+-----------+------------+
删除etcd数据,方法:登录etcd所在主机执行:(注意:危险操作,请谨慎操作,确保在有数据备份并且确定Etcd集群无法正常工作后操作)
rm -rf /var/lib/etcd
4、使用备份数据进行恢复
恢复10.25.84.251节点数据到/var/lib/etcd
[root@SZD-L0097856 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0097856 --endpoints="https://10.25.84.251:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.84.251:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
2018-08-16 19:52:33.409406 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:52:33.409481 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:52:33.409499 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
[root@SZD-L0097856 etcd-cluster]#
恢复10.25.73.25节点数据到/var/lib/etcd
[root@SZD-L0101798 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0101798 --endpoints="https://10.25.73.25:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.73.25:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
2018-08-16 19:55:30.735518 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:55:30.735601 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:55:30.735617 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
[root@SZD-L0101798 etcd-cluster]#
恢复10.25.73.150节点数据到/var/lib/etcd
[root@SZD-L0103739 etcd-cluster]# ETCDCTL_API=3 etcdctl --name=SZD-L0103739 --endpoints="https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem --initial-cluster-token=etcd-cluster-0 --initial-advertise-peer-urls=https://10.25.73.150:2380 --initial-cluster=SZD-L0101798=https://10.25.73.25:2380,SZD-L0103739=https://10.25.73.150:2380,SZD-L0097856=https://10.25.84.251:2380 --data-dir=/varlib/etcd snapshot restore mysnapshot.db
2018-08-16 19:58:21.892719 I | etcdserver/membership: added member 2a53eb67dfa37cc0 [https://10.25.84.251:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:58:21.892796 I | etcdserver/membership: added member 304bcbfa92e84c75 [https://10.25.73.25:2380] to cluster 4741a9e2cf17e1fa
2018-08-16 19:58:21.892812 I | etcdserver/membership: added member c267a0ca02c6bff7 [https://10.25.73.150:2380] to cluster 4741a9e2cf17e1fa
[root@SZD-L0103739 etcd-cluster]#
5、启动Etcd服务
分别在etcd所在主机执行如下命令:
systemctl start etcd
6、验证数据完整性
经过验证,使用ETCDCTL_API=2 存放的数据会丢失,使用ETCDCTL_API=3存放的数据能正常恢复
附录:
查询etcd API3的键
[root@SZD-L0101798 ~]# ETCDCTL_API=3 etcdctl --endpoints="https://10.25.84.251:2379,https://10.25.73.25:2379,https://10.25.73.150:2379" --cert=/root/etcd-cluster/etcd.pem --key=/root/etcd-cluster/etcd-key.pem --cacert=/root/etcd-cluster/ca.pem get / --prefix --keys-only
2018-08-16 20:38:06.954368 I | warning: ignoring ServerName for user-provided CA for backwards compatibility is deprecated
/name/1
/name/2
/name/3
/name/4
etcd数据备份与恢复验证的更多相关文章
- redis基础操作~~数据备份与恢复、数据安全、性能测试、客户端连接、分区
数据备份与恢复 数据备份redis save 命令用于创建当前数据库的备份. redis 127.0.0.1:6379> SAVE OK 该命令将在 redis 安装目录中创建dump.rdb文 ...
- Redis 数据备份与恢复,安全,性能测试,客户端连接,管道技术,分区(四)
Redis 数据备份与恢复 Redis SAVE 命令用于创建当前数据库的备份. 语法 redis Save 命令基本语法如下: redis 127.0.0.1:6379> SAVE 实例 re ...
- etcd数据备份和恢复--转发
对于etcd api v3数据备份与恢复方法 # export ETCDCTL_API=3 # etcdctl --endpoints localhost:2379 snapshot save sna ...
- Database基础(四):密码恢复及设置、 用户授权及撤销、数据备份与恢复、MySQL管理工具
一.密码恢复及设置 目标: 本案例要求熟悉MySQL管理密码的控制,完成以下任务操作: 练习重置MySQL管理密码的操作 通过正常途径设置MySQL数据库的管理密码 步骤: 步骤一:重置MySQL管理 ...
- ETCD数据迁移
ETCD数据迁移 本文阅读对象为想要将Rainbond平台rbd-etcd切换至外部etcd的相关人员. 在k8s master节点创建secret 本文中将要切换的ETCD为根据Rainbond官方 ...
- 解决Yii2 启用_csrf验证后POST数据仍提示“您提交的数据无法验证”
一 CSRF 概念 CSRF(Cross-site request forgery跨站请求伪造,也被称为“One Click Attack”或者Session Riding,通常缩写为CSRF或者XS ...
- wicket基础应用(1)--使用wicket对表单中的数据进行验证
作者:lhx1026 出处:http://lhx1026.iteye.com/ wicket基础应用(1)--使用wicket对表单中的数据进行验证 举个例子: 1.有一个Java文件SysCharg ...
- InfluxDB数据备份与恢复
数据备份与恢复 Example:(192.167.8.13 InfluxDB:DeviceHistory备份到192.167.8.52,然后恢复到该服务器上) steps: login 192 ...
- Mysql 数据备份与恢复,用户创建,授权
Mysql 数据备份与恢复,用户创建,授权 1. Mysqldump >outfile.sql 2. Mysql –uxxx –pxxx < backfile.sql 3. Create ...
随机推荐
- 【Centos7】Tomcat安装及一个服务器配置多个Tomcat
完成解压 参考 http://www.cnblogs.com/h--d/p/5074800.html https://www.cnblogs.com/tudou-22/p/9330875.html 步 ...
- What is the difference between rhel 6 and rhel7
What is the difference between rhel 6 and rhel7 difference rhel 6 RHEL 7 release date 10 NOV 2010 as ...
- Python - 三大器 迭代器,生层器,装饰器
目录 Python - 三大器 迭代器,生层器,装饰器 一. 容器 二. 可迭代对象(iterable) 三. 迭代器 四. 生成器 五. 装饰器 1. 定义 六. 闭包 Python - 三大器 迭 ...
- jquery源码分析(四)——回调对象 Callbacks
借用百度百科来说明下回调函数: 回调函数就是一个通过函数指针调用的函数.如果你把函数的指针(地址)作为参数传递给另一个函数,当这个指针被用来调用其所指向的函数时,我们就说这是回调函数.回调函数不是由该 ...
- ssh_整合总结
开场白:首先,我先帮大家整理一下思路 准备: 数据库,表,数据 jar 包准备 Hibernate 基本jar 包 C3p0 数据库连接池 Spring AOP 基本包 Spring Ioc 基本包 ...
- 【ACM】nyoj_6_喷水装置(1)_201308150853
喷水装置(一)时间限制:3000 ms | 内存限制:65535 KB 难度:3描述 现有一块草坪,长为20米,宽为2米,要在横中心线上放置半径为Ri的喷水装置,每个喷水装置的效果都会让以它为中心 ...
- Java中处理线程同步
引自:http://blog.csdn.net/aaa1117a8w5s6d/article/details/8295527和http://m.blog.csdn.net/blog/undoner/1 ...
- [转]使用代码去描述WCF配置文件
转自:使用代码去描述WCF配置文件 在应用程序部署的时候,WCF客户端因为服务器地址的变化,需要修改程序配置文件的地址URL,手动修改很不方便,还会造成错误,所以尽量把描述WCF配置文件的配置使用代码 ...
- zookeeper协调技术
本文转自http://www.cnblogs.com/wuxl360/p/5817471.html 感谢作者 一.分布式协调技术 在给大家介绍ZooKeeper之前先来给大家介绍一种技术——分布式协调 ...
- React Native Mac配置指南
步骤 http://facebook.github.io/react-native/docs/getting-started.html#content 依照React Native官网步骤一步步安装, ...