11.2. 恢复 Red Hat Quay
当 Red Hat Quay Operator 管理数据库时,这个流程用于恢复 Red Hat Quay。它应该在执行 Quay registry 备份后执行。
先决条件
- Red Hat Quay 使用 Quay Operator 在 OpenShift Container Platform 上部署。
- 您的 Red Hat Quay 数据库已被备份。
流程
恢复备份的 Quay 配置和随机生成的密钥:
$ oc create -f ./config-bundle.yaml
$ oc create -f ./managed-secret-keys.yaml
注意如果您收到错误
Error from server (AlreadyExists):创建 "./config-bundle.yaml": secrets "config-bundle-secret" already exists时的错误,您必须使用 $ oc delete Secret config-bundle-secret -n <quay重新创建它。-namespace>恢复 QuayRegistry 自定义资源:
$ oc create -f ./quay-registry.yaml
缩减 Quay Operator:
$ oc scale --replicas=0 deployment $(oc get deployment -n <quay-operator-namespace> |awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>缩减 Quay 命名空间:
$ oc scale --replicas=0 deployment $(oc get deployment -n <quay-namespace> -l quay-component=quay -o jsonpath='{.items[0].metadata.name}') -n <quay-namespace>识别您的 Quay 数据库 pod:
$ oc get pod -l quay-component=postgres -n <quay-namespace> -o jsonpath='{.items[0].metadata.name}'输出示例:
quayregistry-quay-database-59f54bb7-58xs7
通过从本地环境复制到本地环境和 pod 来上传备份:
$ oc cp ./backup.sql -n <quay-namespace> registry-quay-database-66969cd859-n2ssm:/tmp/backup.sql
打开到数据库的远程终端:
$ oc rsh -n <quay-namespace> registry-quay-database-66969cd859-n2ssm
Enter psql:
bash-4.4$ psql
您可以运行以下命令来列出数据库:
postgres=# \l
输出示例:
List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges ----------------------------+----------------------------+----------+------------+------------+----------------------- postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 | quayregistry-quay-database | quayregistry-quay-database | UTF8 | en_US.utf8 | en_US.utf8 |丢弃数据库:
postgres=# DROP DATABASE "quayregistry-quay-database";
输出示例:
DROP DATABASE
退出 postgres CLI 以重新输入 bash-4.4 :
\q
将您的 PostgreSQL 数据库重定向到备份数据库:
sh-4.4$ psql < /tmp/backup.sql
退出 bash:
sh-4.4$ exit
导出
AWS_ACCESS_KEY_ID:$ export AWS_ACCESS_KEY_ID=$(oc get secret -l app=noobaa -n <quay-namespace> -o jsonpath='{.items[0].data.AWS_ACCESS_KEY_ID}' |base64 -d)导出
AWS_SECRET_ACCESS_KEY:$ export AWS_SECRET_ACCESS_KEY=$(oc get secret -l app=noobaa -n <quay-namespace> -o jsonpath='{.items[0].data.AWS_SECRET_ACCESS_KEY}' |base64 -d)运行以下命令将所有 blob 上传到存储桶:
$ aws s3 sync --no-verify-ssl --endpoint https://$(oc get route s3 -n openshift-storage -o jsonpath='{.spec.host}') ./blobs s3://$(oc get cm -l app=noobaa -n <quay-namespace> -o jsonpath='{.items[0].data.BUCKET_NAME}')扩展 Quay Operator:
$ oc scale --replicas=1 deployment $(oc get deployment -n <quay-operator-namespace> |awk '/^quay-operator/ {print $1}') -n <quay-operator-namespace>扩展 Quay 命名空间:
$ oc scale --replicas=1 deployment $(oc get deployment -n <quay-namespace> -l quay-component=quay -o jsonpath='{.items[0].metadata.name}') -n <quay-namespace>检查 Operator 的状态,并确保它重新上线:
$ oc get quayregistry -n <quay-namespace> <registry-name> -o yaml
输出示例:
apiVersion: quay.redhat.com/v1 kind: QuayRegistry metadata: ... name: example-registry namespace: quay-enterprise ... spec: components: - kind: quay managed: true ... - kind: clairpostgres managed: true configBundleSecret: init-config-bundle-secret status: configEditorCredentialsSecret: example-registry-quay-config-editor-credentials-fg2gdgtm24 configEditorEndpoint: https://example-registry-quay-config-editor-quay-enterprise.apps.docs.gcp.quaydev.org currentVersion: 3.7.0 lastUpdated: 2022-05-11 13:28:38.199476938 +0000 UTC registryEndpoint: https://example-registry-quay-quay-enterprise.apps.docs.gcp.quaydev.org 0 5d21h
