Red Hat Summit 红帽全球峰会支持控制台(Console)开发人员开始试用联系人

11.3. 从备份中恢复堆栈

如果升级过程失败,您可以使用升级前备份的文件备份来恢复堆栈。

注意

以下流程是可选的。

11.3.1. 拉取 ansible-on-clouds-ops 容器镜像
复制链接

流程

  1. 使用与基础部署相同的标签版本拉取 ansible-on-clouds-ops 2.2 容器镜像。

    注意

    在拉取 docker 镜像前,请确保使用 docker 登录到 registry.redhat.com。使用以下命令登录到 registry.redhat.com。 

    $ docker login registry.redhat.io
    Copy to Clipboard Toggle word wrap

    有关 registry 登录的更多信息,请参阅 Registry 身份验证 

    $ export IMAGE=registry.redhat.io/ansible-on-clouds/ansible-on-clouds-ops-rhel8:2.2.20230215
$ docker pull $IMAGE --platform=linux/amd64
    Copy to Clipboard Toggle word wrap

对于 EMEA 区域 (欧洲、中东、非洲) 运行以下命令: 

$ export IMAGE=registry.redhat.io/ansible-on-clouds/ansible-on-clouds-ops-emea-rhel8:2.2.20230215
$ docker pull $IMAGE --platform=linux/amd64
Copy to Clipboard Toggle word wrap

11.3.2. IAM 最低权限
复制链接

您必须具有以下 ASW IAM 权限才能恢复堆栈: 

required-roles:
 autoscaling:
   actions:
   - autoscaling:CreateAutoScalingGroup
   - autoscaling:CreateLaunchConfiguration
   - autoscaling:DeleteAutoScalingGroup
   - autoscaling:DeleteLaunchConfiguration
   - autoscaling:DescribeAutoScalingGroups
   - autoscaling:DescribeAutoScalingInstances
   - autoscaling:DescribeLaunchConfigurations
   - autoscaling:DescribeScalingActivities
   - autoscaling:UpdateAutoScalingGroup
   resources:
     - '*'
 backup:
   actions:
     - backup:DescribeRestoreJob
     - backup:StartRestoreJob
   resources:
     - '*'
 cloudformation:
   actions:
     - cloudformation:CreateChangeSet
     - cloudformation:CreateStack
     - cloudformation:CreateUploadBucket
     - cloudformation:DeleteStack
     - cloudformation:DescribeChangeSet
     - cloudformation:DescribeStackEvents
     - cloudformation:DescribeStacks
     - cloudformation:ExecuteChangeSet
     - cloudformation:GetStackPolicy
     - cloudformation:GetTemplateSummary
     - cloudformation:ListChangeSets
     - cloudformation:ListStackResources
     - cloudformation:ListStacks
     - cloudformation:TagResource
     - cloudformation:UpdateStack
     - cloudformation:ValidateTemplate
   resources:
     - '*'
 ec2:
   actions:
     - ec2:AllocateAddress
     - ec2:AssociateAddress
     - ec2:AssociateNatGatewayAddress
     - ec2:AssociateRouteTable
     - ec2:AssociateSubnetCidrBlock
     - ec2:AttachInternetGateway
     - ec2:AuthorizeSecurityGroupEgress
     - ec2:AuthorizeSecurityGroupIngress
     - ec2:CreateInternetGateway
     - ec2:CreateNatGateway
     - ec2:CreateRoute
     - ec2:CreateRouteTable
     - ec2:CreateSecurityGroup
     - ec2:CreateSubnet
     - ec2:CreateSubnetCidrReservation
     - ec2:CreateTags
     - ec2:CreateVpc
     - ec2:DeleteInternetGateway
     - ec2:DeleteNatGateway
     - ec2:DeleteRoute
     - ec2:DeleteRouteTable
     - ec2:DeleteSecurityGroup
     - ec2:DeleteSubnet
     - ec2:DeleteSubnetCidrReservation
     - ec2:DeleteVpc
     - ec2:DescribeAccountAttributes
     - ec2:DescribeAddresses
     - ec2:DescribeAddressesAttribute
     - ec2:DescribeAvailabilityZones
     - ec2:DescribeInstances
     - ec2:DescribeInternetGateways
     - ec2:DescribeKeyPairs
     - ec2:DescribeNatGateways
     - ec2:DescribeRouteTables
     - ec2:DescribeSecurityGroups
     - ec2:DescribeSubnets
     - ec2:DescribeVpcs
     - ec2:DetachInternetGateway
     - ec2:DisassociateAddress
     - ec2:DisassociateNatGatewayAddress
     - ec2:DisassociateRouteTable
     - ec2:DisassociateSubnetCidrBlock
     - ec2:GetSubnetCidrReservations
     - ec2:ModifyAddressAttribute
     - ec2:ModifyVpcAttribute
     - ec2:ReleaseAddress
     - ec2:RevokeSecurityGroupEgress
     - ec2:RevokeSecurityGroupIngress
   resources:
     - '*'
 elasticfilesystem:
   actions:
     - elasticfilesystem:CreateAccessPoint
     - elasticfilesystem:CreateFileSystem
     - elasticfilesystem:CreateMountTarget
     - elasticfilesystem:DeleteAccessPoint
     - elasticfilesystem:DeleteFileSystem
     - elasticfilesystem:DeleteMountTarget
     - elasticfilesystem:DescribeAccessPoints
     - elasticfilesystem:DescribeBackupPolicy
     - elasticfilesystem:DescribeFileSystemPolicy
     - elasticfilesystem:DescribeFileSystems
     - elasticfilesystem:DescribeLifecycleConfiguration
     - elasticfilesystem:DescribeMountTargets
   resources:
     - '*'
 elasticloadbalancing:
   actions:
     - elasticloadbalancing:AddTags
     - elasticloadbalancing:CreateListener
     - elasticloadbalancing:CreateLoadBalancer
     - elasticloadbalancing:CreateTargetGroup
     - elasticloadbalancing:DeleteListener
     - elasticloadbalancing:DeleteTargetGroup
     - elasticloadbalancing:DescribeListeners
     - elasticloadbalancing:DescribeTargetGroups
     - elasticloadbalancing:ModifyLoadBalancerAttributes
     - elasticloadbalancing:ModifyTargetGroupAttributes
   resources:
     - '*'
 iam:
   actions:
     - iam:AddRoleToInstanceProfile
     - iam:AttachRolePolicy
     - iam:CreateInstanceProfile
     - iam:CreateRole
     - iam:DeleteInstanceProfile
     - iam:DeleteRole
     - iam:DeleteRolePolicy
     - iam:DetachRolePolicy
     - iam:GetRolePolicy
     - iam:ListRoles
     - iam:PassRole
     - iam:PutRolePolicy
     - iam:RemoveRoleFromInstanceProfile
     - iam:TagRole
   resources:
     - '*'
 kms:
   actions:
     - kms:CreateGrant
     - kms:Decrypt
     - kms:DescribeKey
     - kms:GenerateDataKey
   resources:
     - '*'
 rds:
   actions:
     - rds:AddTagsToResource
     - rds:CreateDBInstance
     - rds:CreateDBSubnetGroup
     - rds:DeleteDBInstance
     - rds:DeleteDBSubnetGroup
     - rds:DescribeDBInstances
     - rds:DescribeDBSnapshots
     - rds:DescribeDBSubnetGroups
     - rds:ModifyDBInstance
     - rds:RestoreDBInstanceFromDBSnapshot
   resources:
     - '*'
 s3:
   actions:
     - s3:CreateBucket
     - s3:GetObject
     - s3:PutObject
   resources:
     - '*'
 secretsmanager:
   actions:
     - secretsmanager:CreateSecret
     - secretsmanager:DeleteSecret
     - secretsmanager:GetRandomPassword
     - secretsmanager:GetSecretValue
     - secretsmanager:PutSecretValue
     - secretsmanager:TagResource
   resources:
     - '*'
 sns:
   actions:
     - sns:ListTopics
   resources:
     - '*'
Copy to Clipboard Toggle word wrap

11.3.3. 准备环境
复制链接

流程

  1. 确保 AWS_CREDS_ABS_PATH 环境变量已定义指向 AWS 凭证文件。 

    export AWS_CREDS_ABS_PATH=/Users/<USER>/.aws/credentials
    Copy to Clipboard Toggle word wrap

  2. 创建一个 extra_vars/vars.yml 文件,并确保该文件包含以下值,并且自定义它们以匹配您的环境。

    • aws_foundation_stack_name = "my-foundation-stack"
    • aws_restored_stack_name = "my-foundation-stack-restored"
    • aws_region = us-east-1
    • aws_backup_vault_name = "Default"
    • aws_rds_db_snapshot_arn = "arn:aws:rds:us-east-1:123456789012:snapshot:my-foundation-stack-rds169785b9-55rtrqwtj4e6-snap-2023-03-07"
    • aws_backup_restore_point_arn = "arn:aws:backup:us-east-1:123456789012:recovery-point:878a542c-0f59-42d7-ad4d-f46848c21757"
    • aws_backup_iam_role_arn = "arn:aws:iam::123456789012:role/service-role/AWSBackupDefaultServiceRole"
    • aws_s3_bucket = "my-example-bucket"
    • aws_efs_physical_id = "fs-05a4f9a1049c00977"

    • aws_cf_keypair_name = "my-key-pair"

      其中:

    • aws_foundation_stack_name 是现有部署的名称。
    • aws_restored_stack_name 是您要用于新恢复的部署的名称。
    • aws_region 是部署现有堆栈的区域,以及新恢复的堆栈将部署到的区域。
    • aws_backup_vault_name 是您的 EFS 备份存储的备份库的名称。

    • aws_rds_db_snapshot_arn 是您要用于恢复的 RDS 快照的 ARN,它可作为 rds_db_snapshot_arn 从备份 playbook 输出中找到。

      注意

      如果您有要使用的特定 RDS 快照,则必须在 AWS 控制台中手动找到其 ARN。您还必须确保 RDS 快照在云部署中来自与您要用来运行恢复操作的 ansible-on-clouds-ops 容器版本匹配的 Ansible。

    • aws_backup_restore_point_arn 是您要用于恢复的恢复点的 ARN,可以从备份 playbook 输出中找到为 RecoveryPointArn。

      注意

      如果您设置了自动备份,且有要使用的特定 EFS 恢复点,则必须在 AWS 控制台中手动找到其 ARN。您还必须确保 EFS 恢复点是云部署的 Ansible 中,其版本与您要用来运行恢复操作的 ansible-on-clouds-ops 容器匹配。

    • aws_backup_iam_role_arn 是 AWS IAM 角色,具有执行备份操作的权限。

      注意

      您可以使用 AWS Backup Default Service Role,其格式为 arn:aws:iam::<Your AWS Account Number>:role/service-role/AWSBackupDefaultServiceRole

    • aws_s3_bucket 是 S3 存储桶的名称,playbook 可以访问它来上传 CloudFormation 模板。名称不得包含大写字母。
    • aws_efs_physical_id 是原始部署中的 EFS 的物理 Id。例如:fs-06837574544929090

    • aws_cf_keypair_name 是创建新恢复部署时作为参数传递的密钥对。

      注意

      使用的密钥对必须存在于您要恢复到的 AWS 区域中。

要在环境准备后恢复堆栈,请运行以下命令来触发恢复: 

$ docker run --rm --env PLATFORM=AWS \
-v $(pwd)/extra_vars:/extra_vars:ro \
-v ${AWS_CREDS_ABS_PATH}:/home/runner/.aws/credentials \
$IMAGE \
redhat.ansible_on_clouds.aws_restore_stack \
-e @/extra_vars/vars.yml
Copy to Clipboard Toggle word wrap
返回顶部
Red Hat logoGithubredditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。 了解我们当前的更新.

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

Theme

© 2025 Red Hat