定时备份etcd数据
1、etcd集群环境
endpoints="https://192.168.131.60:2379,https://192.168.131.61:2379,https://192.168.131.62:2379";
# cat /etc/etcd.env # Environment file for etcd v3.3.12 ETCD_DATA_DIR=/var/lib/etcd ETCD_ADVERTISE_CLIENT_URLS=https://192.168.131.60:2379 ETCD_INITIAL_ADVERTISE_PEER_URLS=https://192.168.131.60:2380 ETCD_INITIAL_CLUSTER_STATE=existing ETCD_METRICS=basic ETCD_LISTEN_CLIENT_URLS=https://192.168.131.60:2379,https://127.0.0.1:2379 ETCD_ELECTION_TIMEOUT=5000 ETCD_HEARTBEAT_INTERVAL=250 ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd ETCD_LISTEN_PEER_URLS=https://192.168.131.60:2380 ETCD_NAME=etcd1 ETCD_PROXY=off ETCD_INITIAL_CLUSTER=etcd1=https://192.168.131.60:2380,etcd2=https://192.168.131.61:2380,etcd3=https://192.168.131.62:2380 ETCD_AUTO_COMPACTION_RETENTION=8 ETCD_SNAPSHOT_COUNT=10000 # TLS settings ETCD_TRUSTED_CA_FILE=/etc/ssl/etcd/ssl/ca.pem ETCD_CERT_FILE=/etc/ssl/etcd/ssl/member-master1.pem ETCD_KEY_FILE=/etc/ssl/etcd/ssl/member-master1-key.pem ETCD_CLIENT_CERT_AUTH=true ETCD_PEER_TRUSTED_CA_FILE=/etc/ssl/etcd/ssl/ca.pem ETCD_PEER_CERT_FILE=/etc/ssl/etcd/ssl/member-master1.pem ETCD_PEER_KEY_FILE=/etc/ssl/etcd/ssl/member-master1-key.pem ETCD_PEER_CLIENT_CERT_AUTH=True # CLI settings ETCDCTL_ENDPOINTS=https://127.0.0.1:2379 ETCDCTL_CA_FILE=/etc/ssl/etcd/ssl/ca.pem ETCDCTL_KEY_FILE=/etc/ssl/etcd/ssl/admin-master1-key.pem ETCDCTL_CERT_FILE=/etc/ssl/etcd/ssl/admin-master1.pem
2、etcd备份脚本,其中有些参数需根据自身环境进行修改。
- etcd_endpoint值为各个etcd节点的ip加2379端口组成
- inventory_hostname值为每台etcd机器的hostname值,不同etcd机器需要配不同的值,可参考/etc/etcd.env里面的值。
备份脚本etcd-backup.sh模板。
#! /bin/bash ETCDCTL_PATH='/usr/local/bin/etcdctl' ENDPOINTS='{{ etcd_endpoint }}' ETCD_DATA_DIR="/var/lib/etcd" BACKUP_DIR="/var/backups/kube_etcd/etcd-$(date +%Y-%m-%d_%H:%M:%S)" ETCDCTL_CERT="/etc/ssl/etcd/ssl/admin-{{ inventory_hostname }}.pem" ETCDCTL_KEY="/etc/ssl/etcd/ssl/admin-{{ inventory_hostname }}-key.pem" ETCDCTL_CA_FILE="/etc/ssl/etcd/ssl/ca.pem" [ ! -d $BACKUP_DIR ] && mkdir -p $BACKUP_DIR sleep 3 { export ETCDCTL_API=3;$ETCDCTL_PATH --endpoints="$ENDPOINTS" snapshot save $BACKUP_DIR/snapshot.db \ --cacert="$ETCDCTL_CA_FILE" \ --cert="$ETCDCTL_CERT" \ --key="$ETCDCTL_KEY" } > /dev/null sleep 3 cd $BACKUP_DIR/../;ls -lt |awk '{if(NR>10){print "rm -rf "$9}}'|sh
endpoints="https://192.168.131.60:2379,https://192.168.131.61:2379,https://192.168.131.62:2379"环境备份备份脚本etcd-backup.sh。
#! /bin/bash ETCDCTL_PATH='/usr/local/bin/etcdctl' ENDPOINTS='https://192.168.131.60:2379,https://192.168.131.61:2379,https://192.168.131.62:2379' ETCD_DATA_DIR="/var/lib/etcd" BACKUP_DIR="/var/backups/kube_etcd/etcd-$(date +%Y-%m-%d_%H:%M:%S)" ETCDCTL_CERT="/etc/ssl/etcd/ssl/admin-master1.pem" ETCDCTL_KEY="/etc/ssl/etcd/ssl/admin-master1-key.pem" ETCDCTL_CA_FILE="/etc/ssl/etcd/ssl/ca.pem" [ ! -d $BACKUP_DIR ] && mkdir -p $BACKUP_DIR sleep 3 { export ETCDCTL_API=3;$ETCDCTL_PATH --endpoints="$ENDPOINTS" snapshot save $BACKUP_DIR/snapshot.db \ --cacert="$ETCDCTL_CA_FILE" \ --cert="$ETCDCTL_CERT" \ --key="$ETCDCTL_KEY" } > /dev/null sleep 3 cd $BACKUP_DIR/../;ls -lt |awk '{if(NR>10){print "rm -rf "$9}}'|sh
3、定时备份操作,etcd-backup.sh脚本放到/opt/etcd_back
- 加入crontab指令:crontab -e
- 新增一行指令,每天凌晨2点执行:0 2 * * * sh /opt/etcd_back/etcd-backup.sh