Last active
February 7, 2022 10:35
-
-
Save liejuntao001/e2d44ab8544853b3c54c0b8e57bf1ab5 to your computer and use it in GitHub Desktop.
Rook Ceph filesystem back plan
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Backup the Ceph Filesystem in Kubernetes. Code for https://liejuntao001.medium.com/file-system-backup-for-ceph-in-kubernetes-6c299c860ab3 | |
| --- | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| name: rook-cephfs-backup-job | |
| namespace: rook-ceph | |
| spec: | |
| template: | |
| spec: | |
| restartPolicy: Never #OnFailure | |
| containers: | |
| - name: rook-direct-mount | |
| image: rook/ceph:v1.7.6 | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/sh | |
| - -c | |
| args: | |
| - |- | |
| set -e | |
| info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; } | |
| /tini -s -g -- /usr/local/bin/toolbox.sh & | |
| sleep 5 | |
| info this is rook-direct-mount container | |
| info mount the cephfs now | |
| mkdir -p /mnt/cephfs | |
| mon_endpoints=$(grep mon_host /etc/ceph/ceph.conf | awk '{print $3}') | |
| my_secret=$(grep key /etc/ceph/keyring | awk '{print $3}') | |
| mount -t ceph -o mds_namespace=myfs,name=admin,secret=$my_secret $mon_endpoints:/ /mnt/cephfs | |
| ls -ltra /mnt/cephfs | |
| sleep 2 | |
| info mount the cephfs done | |
| info install restic now | |
| yum -y install yum-plugin-copr | |
| yum -y copr enable copart/restic | |
| yum -y install restic | |
| restic version | |
| sleep 2 | |
| info install restic done | |
| restic_ret="$(restic snapshots --cache-dir /mnt/cephfs/.restic_cache 2>&1)" | |
| if [ $? -ne 0 ]; then | |
| if [[ $restic_ret == *"unlock"* ]]; then | |
| echo 'The remote repository might be locked. Try to unlock' | |
| restic unlock --cache-dir /mnt/cephfs/.restic_cache | |
| # do a check after unlock | |
| restic check --cache-dir /mnt/cephfs/.restic_cache | |
| else | |
| echo 'The remote repository does not exist yet. Create it now' | |
| restic init --cache-dir /mnt/cephfs/.restic_cache | |
| fi | |
| fi | |
| RESTIC_INCLUDE=/tmp/restic.files | |
| RESTIC_EXCLUDE=/tmp/restic_exclude.files | |
| cat <<EOF > ${RESTIC_INCLUDE} | |
| /mnt/cephfs | |
| EOF | |
| cat <<EOF > ${RESTIC_EXCLUDE} | |
| /mnt/cephfs/.restic_cache | |
| /mnt/cephfs/test | |
| /mnt/cephfs/test1 | |
| /mnt/cephfs/es_data | |
| EOF | |
| info backup now | |
| restic backup \ | |
| --host cephfs-backup \ | |
| --cache-dir /mnt/cephfs/.restic_cache \ | |
| --cleanup-cache \ | |
| --exclude-caches \ | |
| --tag ${NAMESPACE} \ | |
| --files-from ${RESTIC_INCLUDE} \ | |
| --exclude-file ${RESTIC_EXCLUDE} | |
| sleep 2 | |
| info backup is done | |
| echo now do prune | |
| restic forget --group-by tag --prune --cache-dir /mnt/cephfs/.restic_cache --keep-daily 7 --keep-weekly 4 --keep-monthly 3 && | |
| sleep 2 | |
| info prune is done | |
| info umount the cephfs now | |
| umount /mnt/cephfs | |
| info job is done | |
| env: | |
| - name: ROOK_CEPH_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| name: rook-ceph-mon | |
| key: ceph-username | |
| - name: ROOK_CEPH_SECRET | |
| valueFrom: | |
| secretKeyRef: | |
| name: rook-ceph-mon | |
| key: ceph-secret | |
| - name: AZURE_ACCOUNT_NAME | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: AZURE_ACCOUNT_NAME | |
| - name: AZURE_ACCOUNT_KEY | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: AZURE_ACCOUNT_KEY | |
| - name: RESTIC_REPOSITORY | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: RESTIC_REPOSITORY | |
| - name: RESTIC_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: RESTIC_PASSWORD | |
| - name: NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - mountPath: /dev | |
| name: dev | |
| - mountPath: /sys/bus | |
| name: sysbus | |
| - mountPath: /lib/modules | |
| name: libmodules | |
| - name: mon-endpoint-volume | |
| mountPath: /etc/rook | |
| volumes: | |
| - name: dev | |
| hostPath: | |
| path: /dev | |
| - name: sysbus | |
| hostPath: | |
| path: /sys/bus | |
| - name: libmodules | |
| hostPath: | |
| path: /lib/modules | |
| - name: mon-endpoint-volume | |
| configMap: | |
| name: rook-ceph-mon-endpoints | |
| items: | |
| - key: data | |
| path: mon-endpoints | |
| --- | |
| apiVersion: batch/v1 | |
| kind: CronJob | |
| metadata: | |
| name: rook-cephfs-backup-cronjob | |
| namespace: rook-ceph | |
| spec: | |
| schedule: 0 4 * * * | |
| jobTemplate: | |
| spec: | |
| template: | |
| spec: | |
| restartPolicy: OnFailure | |
| containers: | |
| - name: rook-direct-mount | |
| image: rook/ceph:v1.7.6 | |
| imagePullPolicy: IfNotPresent | |
| command: | |
| - /bin/sh | |
| - -c | |
| args: | |
| - |- | |
| set -e | |
| info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; } | |
| /tini -s -g -- /usr/local/bin/toolbox.sh & | |
| sleep 5 | |
| info this is rook-direct-mount container | |
| info mount the cephfs now | |
| mkdir -p /mnt/cephfs | |
| mon_endpoints=$(grep mon_host /etc/ceph/ceph.conf | awk '{print $3}') | |
| my_secret=$(grep key /etc/ceph/keyring | awk '{print $3}') | |
| mount -t ceph -o mds_namespace=myfs,name=admin,secret=$my_secret $mon_endpoints:/ /mnt/cephfs | |
| ls -ltra /mnt/cephfs | |
| sleep 2 | |
| info mount the cephfs done | |
| info install restic now | |
| yum -y install yum-plugin-copr | |
| yum -y copr enable copart/restic | |
| yum -y install restic | |
| restic version | |
| sleep 2 | |
| info install restic done | |
| restic_ret="$(restic snapshots --cache-dir /mnt/cephfs/.restic_cache 2>&1)" | |
| if [ $? -ne 0 ]; then | |
| if [[ $restic_ret == *"unlock"* ]]; then | |
| echo 'The remote repository might be locked. Try to unlock' | |
| restic unlock --cache-dir /mnt/cephfs/.restic_cache | |
| # do a check after unlock | |
| restic check --cache-dir /mnt/cephfs/.restic_cache | |
| else | |
| echo 'The remote repository does not exist yet. Create it now' | |
| restic init --cache-dir /mnt/cephfs/.restic_cache | |
| fi | |
| fi | |
| RESTIC_INCLUDE=/tmp/restic.files | |
| RESTIC_EXCLUDE=/tmp/restic_exclude.files | |
| cat <<EOF > ${RESTIC_INCLUDE} | |
| /mnt/cephfs | |
| EOF | |
| cat <<EOF > ${RESTIC_EXCLUDE} | |
| /mnt/cephfs/.restic_cache | |
| /mnt/cephfs/test | |
| /mnt/cephfs/test1 | |
| /mnt/cephfs/es_data | |
| EOF | |
| info backup now | |
| restic backup \ | |
| --host cephfs-backup \ | |
| --cache-dir /mnt/cephfs/.restic_cache \ | |
| --cleanup-cache \ | |
| --exclude-caches \ | |
| --tag ${NAMESPACE} \ | |
| --files-from ${RESTIC_INCLUDE} \ | |
| --exclude-file ${RESTIC_EXCLUDE} | |
| sleep 2 | |
| info backup is done | |
| echo now do prune | |
| restic forget --group-by tag --prune --cache-dir /mnt/cephfs/.restic_cache --keep-daily 7 --keep-weekly 4 --keep-monthly 3 && | |
| sleep 2 | |
| info prune is done | |
| info umount the cephfs now | |
| umount /mnt/cephfs | |
| info job is done | |
| env: | |
| - name: ROOK_CEPH_USERNAME | |
| valueFrom: | |
| secretKeyRef: | |
| name: rook-ceph-mon | |
| key: ceph-username | |
| - name: ROOK_CEPH_SECRET | |
| valueFrom: | |
| secretKeyRef: | |
| name: rook-ceph-mon | |
| key: ceph-secret | |
| - name: AZURE_ACCOUNT_NAME | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: AZURE_ACCOUNT_NAME | |
| - name: AZURE_ACCOUNT_KEY | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: AZURE_ACCOUNT_KEY | |
| - name: RESTIC_REPOSITORY | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: RESTIC_REPOSITORY | |
| - name: RESTIC_PASSWORD | |
| valueFrom: | |
| secretKeyRef: | |
| name: restic-secrets | |
| key: RESTIC_PASSWORD | |
| - name: NAMESPACE | |
| valueFrom: | |
| fieldRef: | |
| fieldPath: metadata.namespace | |
| securityContext: | |
| privileged: true | |
| volumeMounts: | |
| - mountPath: /dev | |
| name: dev | |
| - mountPath: /sys/bus | |
| name: sysbus | |
| - mountPath: /lib/modules | |
| name: libmodules | |
| - name: mon-endpoint-volume | |
| mountPath: /etc/rook | |
| volumes: | |
| - name: dev | |
| hostPath: | |
| path: /dev | |
| - name: sysbus | |
| hostPath: | |
| path: /sys/bus | |
| - name: libmodules | |
| hostPath: | |
| path: /lib/modules | |
| - name: mon-endpoint-volume | |
| configMap: | |
| name: rook-ceph-mon-endpoints | |
| items: | |
| - key: data | |
| path: mon-endpoints |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment