feat: add plugin: backup and restore etcd.

Signed-off-by: joyceliu <joyceliu@yunify.com>
2025-12-26 01:22:51 +00:00 · 2024-05-30 17:45:01 +08:00 · 2024-05-30 17:45:01 +08:00 · 8f4b8438da
parent 0491f22e6f
commit 8f4b8438da
14 changed files with 105 additions and 4 deletions
--- a/builtin/roles/init/init-os/tasks/init_repository.yaml
+++ b/builtin/roles/init/init-os/tasks/init_repository.yaml
@ -39,7 +39,7 @@
          mv /etc/apt/sources.list.kubekey.bak /etc/apt/sources.list
          mv /etc/apt/sources.list.d.kubekey.bak /etc/apt/sources.list.d
        else
-          apt install -y socat conntrack ipset ebtables chrony ipvsadm
+          apt-get update && apt install -y socat conntrack ipset ebtables chrony ipvsadm
        fi
      when: os.release.ID_LIKE == "debian"
    - name: Init rhel repository
--- a/builtin/roles/install/etcd/defaults/main.yaml
+++ b/builtin/roles/install/etcd/defaults/main.yaml
@ -9,6 +9,7 @@ etcd:
    compaction_retention: 8
    snapshot_count: 10000
    data_dir: /var/lib/etcd
+    token: k8s_etcd
 #    metrics: basic
 #    quota_backend_bytes: 100
 #    max_request_bytes: 100
--- a/builtin/roles/install/etcd/templates/etcd.env
+++ b/builtin/roles/install/etcd/templates/etcd.env
@ -3,7 +3,7 @@ ETCD_ADVERTISE_CLIENT_URLS={{ internal_ipv4|stringformat:"https://%s:2379" }}
 ETCD_INITIAL_ADVERTISE_PEER_URLS={{ internal_ipv4|stringformat:"https://%s:2380" }}
 ETCD_INITIAL_CLUSTER_STATE={{ etcd.state }}
 ETCD_LISTEN_CLIENT_URLS={{ internal_ipv4|stringformat:"https://%s:2379" }},https://127.0.0.1:2379
-ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
+ETCD_INITIAL_CLUSTER_TOKEN={{ etcd.env.token }}
 ETCD_LISTEN_PEER_URLS={{ internal_ipv4|stringformat:"https://%s:2380" }}
 ETCD_NAME={{ inventory_name }}
 ETCD_PROXY=off
--- a/pkg/project/local.go
+++ b/pkg/project/local.go
@ -27,8 +27,6 @@ import (
 	_const "github.com/kubesphere/kubekey/v4/pkg/const"
 )

-var builtinProjectFS fs.FS
-
 func newLocalProject(pipeline kubekeyv1.Pipeline) (Project, error) {
 	if !filepath.IsAbs(pipeline.Spec.Playbook) {
 		if pipeline.Spec.Project.Addr == "" {
--- a/plugins/playbooks/backup.yaml
+++ b/plugins/playbooks/backup.yaml
@ -0,0 +1,5 @@
+---
+- hosts:
+    - etcd|random
+  roles:
+    - etcd/backup
--- a/plugins/playbooks/restore.yaml
+++ b/plugins/playbooks/restore.yaml
@ -0,0 +1,15 @@
+---
+- hosts:
+    - kube_control_plane
+  roles:
+    - kubernetes/stop
+
+- hosts:
+    - etcd
+  roles:
+    - etcd/restore
+
+- hosts:
+    - kube_control_plane
+  roles:
+    - kubernetes/start
--- a/plugins/roles/etcd/backup/defaults/main.yaml
+++ b/plugins/roles/etcd/backup/defaults/main.yaml
@ -0,0 +1,4 @@
+etcd:
+  env:
+    data_dir: /var/lib/etcd
+    token: k8s_etcd
--- a/plugins/roles/etcd/backup/tasks/main.yaml
+++ b/plugins/roles/etcd/backup/tasks/main.yaml
@ -0,0 +1,15 @@
+---
+- name: Generate backup from etcd
+  command: |
+    if [ ! -d /tmp/kubekey/etcd/ ]; then
+      mkdir -p /tmp/kubekey/etcd/
+    fi
+    export $(cat /etc/etcd.env | grep ETCDCTL_CACERT)
+    export $(cat /etc/etcd.env | grep ETCDCTL_CERT)
+    export $(cat /etc/etcd.env | grep ETCDCTL_KEY)
+    ETCDCTL_API=3 etcdctl --endpoints=https://{{ internal_ipv4 }}:2379 snapshot save /tmp/kubekey/etcd/snapshot.db
+
+- name: Fetch backup to local
+  fetch:
+    src: /tmp/kubekey/etcd/snapshot.db
+    dest: "{{ work_dir }}/kubekey/etcd/snapshot.db"
--- a/plugins/roles/etcd/restore/defaults/main.yaml
+++ b/plugins/roles/etcd/restore/defaults/main.yaml
@ -0,0 +1,4 @@
+etcd:
+  env:
+    data_dir: /var/lib/etcd
+    token: k8s_etcd
--- a/plugins/roles/etcd/restore/tasks/main.yaml
+++ b/plugins/roles/etcd/restore/tasks/main.yaml
@ -0,0 +1,27 @@
+---
+- name: Sync etcd snapshot to remote
+  copy:
+    src: "{{ work_dir }}/kubekey/etcd/snapshot.db"
+    dest: /tmp/kubekey/etcd/snapshot.db
+
+- name: Stop etcd
+  command: systemctl stop etcd
+
+- name: Remove etcd data dir
+  command: |
+    rm -rf /var/lib/etcd/*
+
+- name: Restore etcd by snapshot
+  command: |
+    export $(cat /etc/etcd.env | grep ETCDCTL_CACERT)
+    export $(cat /etc/etcd.env | grep ETCDCTL_CERT)
+    export $(cat /etc/etcd.env | grep ETCDCTL_KEY)
+    etcdctl snapshot restore /tmp/kubekey/etcd/snapshot.db \
+        --name={{ inventory_name }} --endpoints=https://{{ internal_ipv4 }}:2379 \
+        --initial-cluster={% for h in groups['etcd'] %}{% set hv=inventory_hosts[h] %}{{ hv.inventory_name }}={{ hv.internal_ipv4|stringformat:"https://%s:2380" }}{% if (not forloop.Last) %},{% endif %}{% endfor %} \
+        --initial-advertise-peer-urls=https://{{ internal_ipv4 }}:2380\
+        --initial-cluster-token={{ etcd.env.token }} \
+        --data-dir={{ etcd.env.data_dir }}
+
+- name: Start etcd
+  command: systemctl start etcd
--- a/plugins/roles/kubernetes/start/defaults/main.yaml
+++ b/plugins/roles/kubernetes/start/defaults/main.yaml
@ -0,0 +1,2 @@
+cri:
+  container_manager: docker
--- a/plugins/roles/kubernetes/start/tasks/main.yaml
+++ b/plugins/roles/kubernetes/start/tasks/main.yaml
@ -0,0 +1,14 @@
+---
+- name: Start cri in kubernetes
+  block:
+    - name: Stop docker in kubernetes
+      command: |
+        systemctl start docker
+      when: cri.container_manager == 'docker'
+    - name: Start containerd in kubernetes
+      command: |
+        systemctl start containerd
+      when: cri.container_manager == 'containerd'
+
+- name: Start kubelet in kubernetes
+  command: systemctl start kubelet
--- a/plugins/roles/kubernetes/stop/defaults/main.yaml
+++ b/plugins/roles/kubernetes/stop/defaults/main.yaml
@ -0,0 +1,2 @@
+cri:
+  container_manager: docker
--- a/plugins/roles/kubernetes/stop/tasks/main.yaml
+++ b/plugins/roles/kubernetes/stop/tasks/main.yaml
@ -0,0 +1,14 @@
+---
+- name: Stop kubelet in kubernetes
+  command: systemctl stop kubelet
+
+- name: Stop cri in kubernetes
+  block:
+    - name: Stop docker in kubernetes
+      command: |
+        systemctl stop docker
+      when: cri.container_manager == 'docker'
+    - name: Stop containerd in kubernetes
+      command: |
+        systemctl stop containerd
+      when: cri.container_manager == 'containerd'