OpenShift 項目的備份和恢復實驗
本測試記錄從openshift 3.6環境中導出項目,而後在將項目環境恢復到Openshift 3.11中所須要的步驟node
從而指導導入導出的升級過程。linux
1.安裝Openshift 3.6版本
過程略nginx
2.安裝OpenShift 3.11版本
過程略git
3.在Openshift 3.6版本中創建各種資源
- 建立用戶
htpasswd /etc/origin/master/htpasswd eric
htpasswd /etc/origin/master/htpasswd alice
- 給節點打標籤
oc label node node2.example.com application=eric-tomcat
[root@master ~]# oc get node node2.example.com --show-labels NAME STATUS AGE VERSION LABELS node2.example.com Ready 1d v1.6.1+5115d708d7 application=eric-tomcat,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node2.example.com,region=infra,zone=default
- 導入鏡像
docker load -i tomcat.tar docker tag docker.io/tomcat:8-slim registry.example.com/tomcat:8-slim docker push registry.example.com/tomcat:8-slim
- 建立項目ericproject1
用eric用戶登陸github
oc new-project ericproject1 oc import-image tomcat:8-slim --from=registry.example.com/tomcat:8-slim --insecure --confirm oc new-app tomcat:8-slim --name=ericapp1 oc expose service ericapp1 oc scale dc/ericapp1 --replicas=3
oc new-app tomcat:8-slim --name=ericapp2
oc expose service ericapp2web
- 建立項目ericproject2
用eric用戶登陸docker
oc new-project ericproject2 oc import-image tomcat:8-slim --from=registry.example.com/tomcat:8-slim --insecure --confirm oc new-app tomcat:8-slim --name=eric-tomcat oc expose service eric-tomcat
- 創建template
[root@master ~]# cat eric2tomcat-project2.yaml apiVersion: v1 kind: Template metadata: creationTimestamp: null name: eric2tomcat objects: - apiVersion: v1 kind: DeploymentConfig metadata: annotations: openshift.io/generated-by: OpenShiftNewApp creationTimestamp: null generation: 1 labels: app: ${APP_NAME} name: ${APP_NAME} spec: replicas: 1 selector: app: ${APP_NAME} deploymentconfig: ${APP_NAME} strategy: activeDeadlineSeconds: 21600 resources: {} rollingParams: intervalSeconds: 1 maxSurge: 25% maxUnavailable: 25% timeoutSeconds: 600 updatePeriodSeconds: 1 type: Rolling template: metadata: annotations: openshift.io/generated-by: OpenShiftNewApp creationTimestamp: null labels: app: ${APP_NAME} deploymentconfig: ${APP_NAME} spec: containers: - image: registry.example.com/tomcat@sha256:8f701fff708316aabc01520677446463281b5347ba1d6e9e237dd21de600f809 imagePullPolicy: IfNotPresent name: ${APP_NAME} ports: - containerPort: 8080 protocol: TCP resources: {} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File dnsPolicy: ClusterFirst restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 test: false triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - ${APP_NAME} from: kind: ImageStreamTag name: tomcat:8-slim namespace: ericproject2 type: ImageChange status: availableReplicas: 0 latestVersion: 0 observedGeneration: 0 replicas: 0 unavailableReplicas: 0 updatedReplicas: 0 - apiVersion: v1 kind: Service metadata: annotations: openshift.io/generated-by: OpenShiftNewApp creationTimestamp: null labels: app: ${APP_NAME} name: ${APP_NAME} spec: ports: - name: 8080-tcp port: 8080 protocol: TCP targetPort: 8080 selector: app: ${APP_NAME} deploymentconfig: ${APP_NAME} sessionAffinity: None type: ClusterIP status: loadBalancer: {} - apiVersion: v1 kind: Route metadata: annotations: openshift.io/host.generated: "true" creationTimestamp: null labels: app: ${APP_NAME} name: ${APP_NAME} spec: host: ${APP_NAME}-ericproject2.app.example.com port: targetPort: 8080-tcp to: kind: Service name: ${APP_NAME} weight: 100 wildcardPolicy: None status: ingress: - conditions: - lastTransitionTime: 2019-03-07T15:16:35Z status: "True" type: Admitted host: ${APP_NAME}-ericproject2.app.example.com routerName: router wildcardPolicy: None parameters: - name: APP_NAME displayname: application name value: myapp
oc create -f eric2tomcat-project2.yaml
- 基於template創建應用
oc new-app eric2tomcat
- 創建configmap
[root@master ~]# cat nginx.conf user nginx; worker_processes 1; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; }
oc create configmap nginx-conf --from-file=nginx.conf
- gluster pv相關設置
[root@master ~]# cat gluster-endpoints.yaml apiVersion: v1 kind: Endpoints metadata: name: gluster-endpoints subsets: - addresses: - ip: 192.168.56.107 ports: - port: 1 protocol: TCP - addresses: - ip: 192.168.56.108 ports: - port: 1 protocol: TCP
[root@master ~]# cat gluster-service.yaml apiVersion: v1 kind: Service metadata: name: gluster-service spec: ports: - port: 1
[root@master ~]# cat gluster-pv.yaml apiVersion: v1 kind: PersistentVolume metadata: name: gluster-pv spec: capacity: storage: 10Gi accessModes: - ReadWriteMany glusterfs: endpoints: gluster-endpoints path: /gv0 readOnly: false persistentVolumeReclaimPolicy: Retain
[root@master ~]# cat tomcat-claim.yaml apiVersion: v1 kind: PersistentVolumeClaim metadata: name: tomcat-claim spec: accessModes: - ReadWriteMany resources: requests: storage: 1Gi
- 用alice帳戶登陸建立項目
oc new-project alice-project oc import-image tomcat:8-slim --from=registry.example.com/tomcat:8-slim --insecure --confirm oc new-app tomcat:8-slim --name=alice-tomcat oc expose service alice-tomcat oc scale dc/alice-tomcat --replicas=10
4.開始資源導出過程
如下在OpenShift 3.6的集羣環境下操做。json
先下載jq和安裝(在執行導出的集羣的節點和執行導入的集羣節點上都須要安裝)api
https://stedolan.github.io/jq/tomcat
執行導出
./project_export.sh ericproject1 ./project_export.sh ericproject2 ./project_export.sh alice-project
導出完成後發現當前目錄下有這三個目錄
導出後進入項目查看內容
簡單寫了個批量導出項目的腳本
[root@master ~]# cat all_export.sh result="true"; systemproject=(kube-system kube-public kube-service-catalog default logging management-infra openshift openshift-infra) for i in $(oc get projects | awk 'NR>1{print $1}'); do # echo $i for j in ${systemproject[@]}; do # echo $j if [ $i == $j ]; then # echo "enter" result="false" fi; done if [ $result == "true" ]; then echo $i; ./project_export.sh $i; fi; result="true" done
導出截取了一段ericproject2
ericproject2
###########
# WARNING #
###########
This script is distributed WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND
Beware ImageStreams objects are not importables due to the way they work
See https://github.com/openshift/openshift-ansible-contrib/issues/967
for more information
Exporting namespace to ericproject2/ns.json Exporting 'rolebindings' resources to ericproject2/rolebindings.json Exporting 'serviceaccounts' resources to ericproject2/serviceaccounts.json Exporting 'secrets' resources to ericproject2/secrets.json Exporting deploymentconfigs to ericproject2/dc_*.json Patching DC... Patching DC... Exporting 'bc' resources to ericproject2/bcs.json Skipped: list empty Exporting 'builds' resources to ericproject2/builds.json Skipped: list empty Exporting 'is' resources to ericproject2/iss.json Exporting 'imagestreamtags' resources to ericproject2/imagestreamtags.json Exporting 'rc' resources to ericproject2/rcs.json Exporting services to ericproject2/svc_*.json Exporting 'po' resources to ericproject2/pods.json Exporting 'podpreset' resources to ericproject2/podpreset.json the server doesn't have a resource type "podpreset" Skipped: no data Exporting 'cm' resources to ericproject2/cms.json Exporting 'egressnetworkpolicies' resources to ericproject2/egressnetworkpolicies.json Skipped: list empty Exporting 'rolebindingrestrictions' resources to ericproject2/rolebindingrestrictions.json Skipped: list empty Exporting 'cm' resources to ericproject2/cms.json Exporting 'egressnetworkpolicies' resources to ericproject2/egressnetworkpolicies.json Skipped: list empty Exporting 'rolebindingrestrictions' resources to ericproject2/rolebindingrestrictions.json Skipped: list empty Exporting 'limitranges' resources to ericproject2/limitranges.json Skipped: list empty Exporting 'resourcequotas' resources to ericproject2/resourcequotas.json Skipped: list empty Exporting 'pvc' resources to ericproject2/pvcs.json Skipped: list empty Exporting 'pvc' resources to ericproject2/pvcs_attachment.json Skipped: list empty Exporting 'routes' resources to ericproject2/routes.json Exporting 'templates' resources to ericproject2/templates.json Exporting 'cronjobs' resources to ericproject2/cronjobs.json Skipped: list empty Exporting 'statefulsets' resources to ericproject2/statefulsets.json Skipped: list empty Exporting 'hpa' resources to ericproject2/hpas.json Skipped: list empty Exporting 'deploy' resources to ericproject2/deployments.json Skipped: list empty Exporting 'replicasets' resources to ericproject2/replicasets.json Skipped: list empty Exporting 'poddisruptionbudget' resources to ericproject2/poddisruptionbudget.json Skipped: list empty Exporting 'daemonset' resources to ericproject2/daemonset.json Skipped: list empty
5.執行導入過程
將三個目錄所有拷貝到執行導入的節點,OpenShift 3.11的版本
- 先導入鏡像
docker load -i tomcat.tar docker tag docker.io/tomcat:8-slim registry.example.com/tomcat:8-slim docker push registry.example.com/tomcat:8-slim
- 以admin的身份登陸,而後運行
./project_import.sh ericproject1 ./project_import.sh ericproject2 ./project_import.sh alice-project
6. 恢復到3.11後的驗證
- 用戶
[root@master ~]# oc get users NAME UID FULL NAME IDENTITIES admin 3d7951e7-422a-11e9-90df-080027dc991a htpasswd_auth:admin
可見導入過程並不會對用戶進行任何操做,但實際環境中openshift集羣都是鏈接LDAP或其餘外部用戶,因此這關係不大。
- 項目
[root@master ~]# oc projects You have access to the following projects and can switch between them with 'oc project <projectname>': * alice-project default ericproject1 ericproject2 kube-public kube-system management-infra openshift openshift-console openshift-infra openshift-logging openshift-metrics-server openshift-monitoring openshift-node openshift-sdn openshift-web-console Using project "alice-project" on server "https://master.example.com:8443".
經過admin能看到全部的導入項目,進入項目後由於image stream的問題,發現有些DeploymentConfig一直在deploy階段,但並沒有實例運行
運行下面的命令讓實例從新裝載
oc delete pod alice-tomcat-1-deploy oc rollout latest alice-tomcat
而後就能夠看到實例所有裝載成功
- label
可見並無將咱們的label導入到新環境中
[root@master ~]# oc get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS master.example.com Ready master 2d v1.11.0+d4cacc0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=master.example.com,node-role.kubernetes.io/master=true node1.example.com Ready infra 2d v1.11.0+d4cacc0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node1.example.com,node-role.kubernetes.io/infra=true node2.example.com Ready compute 2d v1.11.0+d4cacc0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=node2.example.com,node-role.kubernetes.io/compute=true
- 權限RBAC
[root@master ~]# oc get rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin alice system:deployers /system:deployer deployer system:image-builders /system:image-builder builder system:image-pullers /system:image-puller system:serviceaccounts:alice-project [root@master ~]# oc project ericproject1 Now using project "ericproject1" on server "https://master.example.com:8443". [root@master ~]# oc get rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin eric system:deployers /system:deployer deployer system:image-builders /system:image-builder builder system:image-pullers /system:image-puller system:serviceaccounts:ericproject1 [root@master ~]# oc project ericproject2 Now using project "ericproject2" on server "https://master.example.com:8443". [root@master ~]# oc get rolebinding NAME ROLE USERS GROUPS SERVICE ACCOUNTS SUBJECTS admin /admin eric system:deployers /system:deployer deployer system:image-builders /system:image-builder builder system:image-pullers /system:image-puller system:serviceaccounts:ericproject2 [root@master ~]#
可見全部的項目權限都保存下來。
7.升級建議
由於原有的集羣下節點數目和新的集羣極可能不同,所以單純的備份etcd和恢復etcd的辦法上有很大風險。
這種模式下,採用項目導入導出的方式不失爲一種較爲安全的方式。
須要注意的地方包括:
- 用戶不會導出,但在openshift的權限信息會保存。
- 節點的Label不會導出
- 導入導出過程須要rollout。
- 用glusterfs的時候,每一個project的gluster-endpoint資源沒有保存下來,估計和gluster-service沒有關聯相關
- 由於pv不是屬於項目資源而屬於整個集羣資源,導入項目前,先創建pv
- 遇到pod沒法啓動不少時候和mount存儲有關係
相關文章
- 1. 實驗項目五:備份和恢復
- 2. 實驗:備份mbr和恢復
- 3. RAM備份與恢復的實驗
- 4. elasticsearch的備份和恢復
- 5. GIt的備份和恢復
- 6. MySQL的備份和恢復
- 7. Mysql的備份和恢復
- 8. mysql的備份和恢復
- 9. MySQL增量備份與恢復--實驗
- 10. java 實現mysql的備份和恢復
- 更多相關文章...
- • Thymeleaf項目實踐 - Thymeleaf 教程
- • Mozilla 項目 - 瀏覽器信息
- • TiDB 在摩拜單車在線數據業務的應用和實踐
- • 適用於PHP初學者的學習線路和建議
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
- 1. 在windows下的虛擬機中,安裝華爲電腦的deepin操作系統
- 2. 強烈推薦款下載不限速解析神器
- 3. 【區塊鏈技術】孫宇晨:區塊鏈技術帶來金融服務的信任變革
- 4. 搜索引起的鏈接分析-計算網頁的重要性
- 5. TiDB x 微衆銀行 | 耗時降低 58%,分佈式架構助力實現普惠金融
- 6. 《數字孿生體技術白皮書》重磅發佈(附完整版下載)
- 7. 雙十一「避坑」指南:區塊鏈電子合同爲電商交易保駕護航!
- 8. 區塊鏈產業,怎樣「鏈」住未來?
- 9. OpenglRipper使用教程
- 10. springcloud請求一次好用一次不好用zuul Name or service not known
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. 實驗項目五:備份和恢復
- 2. 實驗:備份mbr和恢復
- 3. RAM備份與恢復的實驗
- 4. elasticsearch的備份和恢復
- 5. GIt的備份和恢復
- 6. MySQL的備份和恢復
- 7. Mysql的備份和恢復
- 8. mysql的備份和恢復
- 9. MySQL增量備份與恢復--實驗
- 10. java 實現mysql的備份和恢復