ETCD备份恢复脚本

etcd备份脚本

#! /bin/bash
etcdpwd=“/apps/etcd_bak” #etcd将要备份的目录
bak_date=date +"%Y-%m-%d"
etcdip=cat /etc/etcd/etcd.conf | grep ETCD_ADVERTISE_CLIENT_URLS | awk -F"=" '{print $2}' | awk -F "[\"]" '{print $2}' | awk -F"," '{print $1}'
#etcdip=cat /etc/kubernetes/apiserver | grep -E "etcd-servers|http" | awk '{print $1}' | tr "=" " " | awk '{print $2}' | grep -v kubernetes
export ETCDCTL_API=3
etcdctl --endpoints=$etcdip --cacert=“/etc/kubernetes/ssl/ca.crt” --cert=“/etc/kubernetes/ssl/etcd_server.crt” --key=“/etc/kubernetes/ssl/etcd_server.key” snapshot save $etcdpwd/etcd_$bak_date.db >>/dev/null 2>&1
if [ $? -eq 0 ]
then
echo “etcd备份完成”
else
echo “etcd备份失败，请检查etcd是否正常!”
fi

etcd恢复脚本，必须三台etcd上同时执行

#! /bin/bash
etcd_bak_db=“/apps/etcd_bak/etcd_2023-03-17.db”
etcd_data=“/data/etcd_data/etcd”
etcd_name=cat /etc/etcd/etcd.conf | grep ETCD_NAME | awk -F"=" '{print $2}' | awk -F"[\"]" '{print $2}'
#initial_cluster=cat /etc/etcd/etcd.conf | grep "ETCD_INITIAL_CLUSTER" | head -n 1 | awk -F "[\"]" '{ print $2}' | cut -d "=" -f 2-7
#initial_cluster=cat /etc/etcd/etcd.conf | grep "ETCD_INITIAL_CLUSTER" | head -n 1 | cut -d "=" -f 2-7
cluster_token=cat /etc/etcd/etcd.conf | grep ETCD_INITIAL_CLUSTER_TOKEN | awk -F "[\"]" '{print $2}'
peer_urls=cat /etc/etcd/etcd.conf | grep ETCD_INITIAL_ADVERTISE_PEER_URLS |awk -F "[\"]" '{print $2}'
etcdip=“https://192.168.133.128:2380,https://192.168.133.129:2380,https://192.168.133.130:2380”
#etcdip=cat /etc/etcd/etcd.conf | grep ETCD_ADVERTISE_CLIENT_URLS | awk -F"=" '{print $2}' | awk -F "[\"]" '{print $2}' | awk -F"," '{print $1}'
systemctl stop etcd
sleep 10s
rm -rf $etcd_data/*
export ETCDCTL_API=3
etcdctl --endpoints=$etcdip --name $etcd_name --initial-cluster “etcd_133_128=https://192.168.133.128:2380,etcd_133_129=https://192.168.133.129:2380,etcd_133_130=https://192.168.133.130:2380” \
–initial-cluster-token $cluster_token --initial-advertise-peer-urls $peer_urls --cacert=“/etc/kubernetes/ssl/ca.crt” --cert=“/etc/kubernetes/ssl/etcd_server.crt” --key=“/etc/kubernetes/ssl/etcd_server.key” --data-dir=$etcd_data snapshot restore $etcd_bak_db >>/dev/null 2>&1
if [ $? -eq 0 ]
then
echo “etcd恢复完成”
else
echo “etcd恢复失败，请检查etcd是否正常!”
fi
systemctl daemon-reload
systemctl restart etcd
if [ $? -eq 0 ]
then
echo “etcd启动成功”
else
echo “etcd启动失败，请检查etcd是否正常!”
fi

注： 如果在原有三台etcd主机无法恢复的情况下，需要重新部署三台新的etcd，用如上恢复脚本进行恢复时，主要新生成的etcd证书，需要将新的etcd证书放到kube-apiserver的配置文件指定的位置，重新启动kube-apiserver，即可进行恢复。如图：