主页
产品
Red Hat Quay
3.6
管理 Red Hat Quay
第 11 章在 OpenShift Container Platform 部署中备份和恢复 Red Hat Quay

第 11 章在 OpenShift Container Platform 部署中备份和恢复 Red Hat Quay

使用本节中的内容在 OpenShift Container Platform 部署中备份和恢复 Red Hat Quay。

11.1. 备份 Red Hat Quay
复制链接

此流程只适用于 OpenShift Container Platform 和 NooBaa 部署。

先决条件

在 OpenShift Container Platform 上部署 Red Hat Quay。

流程

通过导出 QuayRegistry 自定义资源来备份它：

oc get quayregistry <quay-registry-name> -n <quay-namespace> -o yaml > quay-registry.yaml

$ oc get quayregistry <quay-registry-name> -n <quay-namespace> -o yaml > quay-registry.yaml

Copy to Clipboard

Toggle word wrap

编辑生成的 quayregistry.yaml 并删除 status 部分及以下元数据字段：

  metadata.creationTimestamp
  metadata.finalizers
  metadata.generation
  metadata.resourceVersion
  metadata.uid

  metadata.creationTimestamp
  metadata.finalizers
  metadata.generation
  metadata.resourceVersion
  metadata.uid

Copy to Clipboard

Toggle word wrap

备份受管密钥 secret：
注意
如果您正在运行早于 Red Hat Quay 3.0 的版本，可以跳过这一步。首次部署 Quay 时会自动生成一些 secret。它们存储在 QuayRegistry 命名空间中的名为 &lt ;quay-registry-name>-quay-registry-managed-secret-keys 的 secret 中。
```
oc get secret -n <quay-namespace> <quay-registry-name>-quay-registry-managed-secret-keys -o yaml > managed-secret-keys.yaml
```
```
$ oc get secret -n <quay-namespace> <quay-registry-name>-quay-registry-managed-secret-keys -o yaml > managed-secret-keys.yaml
```
Copy to Clipboard Toggle word wrap

编辑生成的 managed-secret-keys.yaml 文件并删除所有所有者引用。您的 managed-secret-keys.yaml 文件应类似于如下：

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: <quayname>-quay-registry-managed-secret-keys
  namespace: <quay-namespace>
data:
  CONFIG_EDITOR_PW: <redacted>
  DATABASE_SECRET_KEY: <redacted>
  DB_ROOT_PW: <redacted>
  DB_URI: <redacted>
  SECRET_KEY: <redacted>
  SECURITY_SCANNER_V4_PSK: <redacted>

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: <quayname>-quay-registry-managed-secret-keys
  namespace: <quay-namespace>
data:
  CONFIG_EDITOR_PW: <redacted>
  DATABASE_SECRET_KEY: <redacted>
  DB_ROOT_PW: <redacted>
  DB_URI: <redacted>
  SECRET_KEY: <redacted>
  SECURITY_SCANNER_V4_PSK: <redacted>

Copy to Clipboard

Toggle word wrap

data 属性下的所有信息都应保持不变。

备份当前的 Quay 配置：

oc get secret -n <quay-namespace>  $(oc get quayregistry <quay-registry-name> -n <quay-namespace>  -o jsonpath='{.spec.configBundleSecret}') -o yaml > config-bundle.yaml

$ oc get secret -n <quay-namespace>  $(oc get quayregistry <quay-registry-name> -n <quay-namespace>  -o jsonpath='{.spec.configBundleSecret}') -o yaml > config-bundle.yaml

Copy to Clipboard

Toggle word wrap

备份在 Quay pod 中挂载的 /conf/stack/config.yaml 文件：

oc exec -it quay-pod-name -- cat /conf/stack/config.yaml > quay-config.yaml

$ oc exec -it quay-pod-name -- cat /conf/stack/config.yaml > quay-config.yaml

Copy to Clipboard

Toggle word wrap

缩减 Quay Operator：

 oc scale --replicas=0 deployment $(oc get deployment -n <quay-operator-namespace> |awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>

$  oc scale --replicas=0 deployment $(oc get deployment -n <quay-operator-namespace> |awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>

Copy to Clipboard

Toggle word wrap

缩减 Quay 命名空间：

oc scale --replicas=0 deployment $(oc get deployment -n <quay-namespace> -l quay-component=quay -o jsonpath='{.items[0].metadata.name}') -n <quay-namespace>

$ oc scale --replicas=0 deployment $(oc get deployment -n <quay-namespace> -l quay-component=quay -o jsonpath='{.items[0].metadata.name}') -n <quay-namespace>

Copy to Clipboard

Toggle word wrap

等待 registry-quay-app pod 消失。您可以运行以下命令来检查其状态：

oc get pods -n <quay-namespace>

$ oc get pods -n <quay-namespace>

Copy to Clipboard

Toggle word wrap

输出示例：

registry-quay-config-editor-77847fc4f5-nsbbv   1/1     Running            0          9m1s
registry-quay-database-66969cd859-n2ssm        1/1     Running            0          6d1h
registry-quay-mirror-758fc68ff7-5wxlp          1/1     Running            0          8m29s
registry-quay-mirror-758fc68ff7-lbl82          1/1     Running            0          8m29s
registry-quay-redis-7cc5f6c977-956g8           1/1     Running            0          5d21h

registry-quay-config-editor-77847fc4f5-nsbbv   1/1     Running            0          9m1s
registry-quay-database-66969cd859-n2ssm        1/1     Running            0          6d1h
registry-quay-mirror-758fc68ff7-5wxlp          1/1     Running            0          8m29s
registry-quay-mirror-758fc68ff7-lbl82          1/1     Running            0          8m29s
registry-quay-redis-7cc5f6c977-956g8           1/1     Running            0          5d21h

Copy to Clipboard

Toggle word wrap

识别 Quay PostgreSQL pod 名称：

oc get pod -l quay-component=postgres -n <quay-namespace> -o jsonpath='{.items[0].metadata.name}'

$ oc get pod -l quay-component=postgres -n <quay-namespace> -o jsonpath='{.items[0].metadata.name}'

Copy to Clipboard

Toggle word wrap

exampe 输出：

quayregistry-quay-database-59f54bb7-58xs7

quayregistry-quay-database-59f54bb7-58xs7

Copy to Clipboard

Toggle word wrap

获取 Quay 数据库名称：

oc -n <quay-namespace> rsh $(oc get pod -l app=quay -o NAME -n <quay-namespace> |head -n 1) cat /conf/stack/config.yaml|awk -F"/" '/^DB_URI/ {print $4}'
quayregistry-quay-database

$ oc -n <quay-namespace> rsh $(oc get pod -l app=quay -o NAME -n <quay-namespace> |head -n 1) cat /conf/stack/config.yaml|awk -F"/" '/^DB_URI/ {print $4}'
quayregistry-quay-database

Copy to Clipboard

Toggle word wrap

下载备份数据库：

oc exec quayregistry-quay-database-59f54bb7-58xs7 -- /usr/bin/pg_dump -C quayregistry-quay-database  > backup.sql

$ oc exec quayregistry-quay-database-59f54bb7-58xs7 -- /usr/bin/pg_dump -C quayregistry-quay-database  > backup.sql

Copy to Clipboard

Toggle word wrap

解码并导出 AWS_ACCESS_KEY_ID ：

export AWS_ACCESS_KEY_ID=$(oc get secret -l app=noobaa -n <quay-namespace>  -o jsonpath='{.items[0].data.AWS_ACCESS_KEY_ID}' |base64 -d)

$ export AWS_ACCESS_KEY_ID=$(oc get secret -l app=noobaa -n <quay-namespace>  -o jsonpath='{.items[0].data.AWS_ACCESS_KEY_ID}' |base64 -d)

Copy to Clipboard

Toggle word wrap

解码并导出 AWS_SECRET_ACCESS_KEY_ID ：

export AWS_SECRET_ACCESS_KEY=$(oc get secret -l app=noobaa -n <quay-namespace> -o jsonpath='{.items[0].data.AWS_SECRET_ACCESS_KEY}' |base64 -d)

$ export AWS_SECRET_ACCESS_KEY=$(oc get secret -l app=noobaa -n <quay-namespace> -o jsonpath='{.items[0].data.AWS_SECRET_ACCESS_KEY}' |base64 -d)

Copy to Clipboard

Toggle word wrap

创建新目录并将所有 blob 复制到其中：

mkdir blobs

$ mkdir blobs

Copy to Clipboard

Toggle word wrap

aws s3 sync --no-verify-ssl --endpoint https://$(oc get route s3 -n openshift-storage  -o jsonpath='{.spec.host}')  s3://$(oc get cm -l app=noobaa -n <quay-namespace> -o jsonpath='{.items[0].data.BUCKET_NAME}') ./blobs

$ aws s3 sync --no-verify-ssl --endpoint https://$(oc get route s3 -n openshift-storage  -o jsonpath='{.spec.host}')  s3://$(oc get cm -l app=noobaa -n <quay-namespace> -o jsonpath='{.items[0].data.BUCKET_NAME}') ./blobs

Copy to Clipboard

Toggle word wrap

注意

您还可以使用 rclone 或 sc3md，而不是 AWS 命令行工具。

扩展 Quay Operator:

 oc scale --replicas=1 deployment $(oc get deployment -n <quay-operator-namespace> |awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>

$  oc scale --replicas=1 deployment $(oc get deployment -n <quay-operator-namespace> |awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>

Copy to Clipboard

Toggle word wrap

扩展 Quay 命名空间：

oc scale --replicas=1 deployment $(oc get deployment -n <quay-namespace> -l quay-component=quay -o jsonpath='{.items[0].metadata.name}') -n <quay-namespace>

$ oc scale --replicas=1 deployment $(oc get deployment -n <quay-namespace> -l quay-component=quay -o jsonpath='{.items[0].metadata.name}') -n <quay-namespace>

Copy to Clipboard

Toggle word wrap

检查 Operator 的状态：

oc get quayregistry <quay-registry-name> -n <quay-namespace> -o yaml

$ oc get quayregistry <quay-registry-name> -n <quay-namespace> -o yaml

Copy to Clipboard

Toggle word wrap

输出示例：

apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  ...
  name: example-registry
  namespace: <quay-namespace>
  ...
spec:
  components:
  - kind: quay
    managed: true
  ...
  - kind: clairpostgres
    managed: true
  configBundleSecret: init-config-bundle-secret
status:
  configEditorCredentialsSecret: example-registry-quay-config-editor-credentials-fg2gdgtm24
  configEditorEndpoint: https://example-registry-quay-config-editor-quay-enterprise.apps.docs.gcp.quaydev.org
  currentVersion: 3.7.0
  lastUpdated: 2022-05-11 13:28:38.199476938 +0000 UTC
  registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.gcp.quaydev.org
     0          5d21h

apiVersion: quay.redhat.com/v1
kind: QuayRegistry
metadata:
  ...
  name: example-registry
  namespace: <quay-namespace>
  ...
spec:
  components:
  - kind: quay
    managed: true
  ...
  - kind: clairpostgres
    managed: true
  configBundleSecret: init-config-bundle-secret
status:
  configEditorCredentialsSecret: example-registry-quay-config-editor-credentials-fg2gdgtm24
  configEditorEndpoint: https://example-registry-quay-config-editor-quay-enterprise.apps.docs.gcp.quaydev.org
  currentVersion: 3.7.0
  lastUpdated: 2022-05-11 13:28:38.199476938 +0000 UTC
  registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.gcp.quaydev.org
     0          5d21h

Copy to Clipboard

Toggle word wrap

返回顶部

第 11 章在 OpenShift Container Platform 部署中备份和恢复 Red Hat Quay

11.1. 备份 Red Hat Quay
复制链接

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

第 11 章 在 OpenShift Container Platform 部署中备份和恢复 Red Hat Quay

11.1. 备份 Red Hat Quay复制链接链接已复制到粘贴板!

学习

尝试、购买和销售

社区

关于红帽文档

让开源更具包容性

關於紅帽

Theme

Red Hat legal and privacy links

Red Hat legal and privacy links

第 11 章在 OpenShift Container Platform 部署中备份和恢复 Red Hat Quay

11.1. 备份 Red Hat Quay
复制链接