mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
105 lines
4.3 KiB
Plaintext
105 lines
4.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * backup_and_restore/control_plane_backup_and_restore/backing-up-etcd.adoc
|
|
// * post_installation_configuration/cluster-tasks.adoc
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="backing-up-etcd-data_{context}"]
|
|
= Backing up etcd data
|
|
|
|
Follow these steps to back up etcd data by creating an etcd snapshot and backing up the resources for the static pods. This backup can be saved and used at a later time if you need to restore etcd.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Only save a backup from a single control plane host. Do not take a backup from each control plane host in the cluster.
|
|
====
|
|
|
|
.Prerequisites
|
|
|
|
* You have access to the cluster as a user with the `cluster-admin` role.
|
|
* You have checked whether the cluster-wide proxy is enabled.
|
|
+
|
|
[TIP]
|
|
====
|
|
You can check whether the proxy is enabled by reviewing the output of `oc get proxy cluster -o yaml`. The proxy is enabled if the `httpProxy`, `httpsProxy`, and `noProxy` fields have values set.
|
|
====
|
|
|
|
.Procedure
|
|
|
|
. Start a debug session as root for a control plane node:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ oc debug --as-root node/<node_name>
|
|
----
|
|
|
|
. Change your root directory to `/host` in the debug shell:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
sh-4.4# chroot /host
|
|
----
|
|
|
|
. If the cluster-wide proxy is enabled, export the `NO_PROXY`, `HTTP_PROXY`, and `HTTPS_PROXY` environment variables by running the following commands:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export HTTP_PROXY=http://<your_proxy.example.com>:8080
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export HTTPS_PROXY=https://<your_proxy.example.com>:8080
|
|
----
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ export NO_PROXY=<example.com>
|
|
----
|
|
+
|
|
|
|
. Run the `cluster-backup.sh` script in the debug shell and pass in the location to save the backup to.
|
|
+
|
|
[TIP]
|
|
====
|
|
The `cluster-backup.sh` script is maintained as a component of the etcd Cluster Operator and is a wrapper around the `etcdctl snapshot save` command.
|
|
====
|
|
+
|
|
[source,terminal]
|
|
----
|
|
sh-4.4# /usr/local/bin/cluster-backup.sh /home/core/assets/backup
|
|
----
|
|
+
|
|
.Example script output
|
|
[source,terminal]
|
|
----
|
|
found latest kube-apiserver: /etc/kubernetes/static-pod-resources/kube-apiserver-pod-6
|
|
found latest kube-controller-manager: /etc/kubernetes/static-pod-resources/kube-controller-manager-pod-7
|
|
found latest kube-scheduler: /etc/kubernetes/static-pod-resources/kube-scheduler-pod-6
|
|
found latest etcd: /etc/kubernetes/static-pod-resources/etcd-pod-3
|
|
ede95fe6b88b87ba86a03c15e669fb4aa5bf0991c180d3c6895ce72eaade54a1
|
|
etcdctl version: 3.4.14
|
|
API version: 3.4
|
|
{"level":"info","ts":1624647639.0188997,"caller":"snapshot/v3_snapshot.go:119","msg":"created temporary db file","path":"/home/core/assets/backup/snapshot_2021-06-25_190035.db.part"}
|
|
{"level":"info","ts":"2021-06-25T19:00:39.030Z","caller":"clientv3/maintenance.go:200","msg":"opened snapshot stream; downloading"}
|
|
{"level":"info","ts":1624647639.0301006,"caller":"snapshot/v3_snapshot.go:127","msg":"fetching snapshot","endpoint":"https://10.0.0.5:2379"}
|
|
{"level":"info","ts":"2021-06-25T19:00:40.215Z","caller":"clientv3/maintenance.go:208","msg":"completed snapshot read; closing"}
|
|
{"level":"info","ts":1624647640.6032252,"caller":"snapshot/v3_snapshot.go:142","msg":"fetched snapshot","endpoint":"https://10.0.0.5:2379","size":"114 MB","took":1.584090459}
|
|
{"level":"info","ts":1624647640.6047094,"caller":"snapshot/v3_snapshot.go:152","msg":"saved","path":"/home/core/assets/backup/snapshot_2021-06-25_190035.db"}
|
|
Snapshot saved at /home/core/assets/backup/snapshot_2021-06-25_190035.db
|
|
{"hash":3866667823,"revision":31407,"totalKey":12828,"totalSize":114446336}
|
|
snapshot db and kube resources are successfully saved to /home/core/assets/backup
|
|
----
|
|
+
|
|
In this example, two files are created in the `/home/core/assets/backup/` directory on the control plane host:
|
|
|
|
* `snapshot_<datetimestamp>.db`: This file is the etcd snapshot. The `cluster-backup.sh` script confirms its validity.
|
|
* `static_kuberesources_<datetimestamp>.tar.gz`: This file contains the resources for the static pods. If etcd encryption is enabled, it also contains the encryption keys for the etcd snapshot.
|
|
+
|
|
[NOTE]
|
|
====
|
|
If etcd encryption is enabled, it is recommended to store this second file separately from the etcd snapshot for security reasons. However, this file is required to restore from the etcd snapshot.
|
|
|
|
Keep in mind that etcd encryption only encrypts values, not keys. This means that resource types, namespaces, and object names are unencrypted.
|
|
====
|