使用Kopia备份Jenkins

Kopia是一个快速、安全的开源备份/恢复工具,用于管理远程存储中的文件系统快照。如何使用kopia来备份Jenkins呢?

一、搭建Jenkins

关于Jenkins的搭建,本文不再赘述,参考https://www.jenkins.io/doc/book/installing/进行部署。

二、部署minio服务端

1、使用docker部署minio

docker run -d -p 9001:9000 -p 9002:9002 --name minio \
  -e "MINIO_ACCESS_KEY=admin" \
  -e "MINIO_SECRET_KEY=admin@minio" \
  -v /opt/minio/data:/data \
  -v /opt/minio/config:/root/.minio \
  minio/minio:latest server /data --console-address ":9002"

访问minio控制台(http://192.168.116.128:9002/login

2、创建bucket
创建名为jenkins-backup的存储桶。

三、kopia

1、部署kopia

//install the GPG signing key to verify authenticity of the releases
rpm --import https://kopia.io/signing-key

//Install Yum repository
cat <<EOF | sudo tee /etc/yum.repos.d/kopia.repo
[Kopia]
name=Kopia
baseurl=http://packages.kopia.io/rpm/stable/\$basearch/
gpgcheck=1
enabled=1
gpgkey=https://kopia.io/signing-key
EOF

//install Kopia
sudo yum install kopia

2、创建repository

kopia repository create s3 \
  --endpoint=192.168.116.128:9001 \
  --bucket=jenkins-backup \
  --access-key=admin \
  --secret-access-key=admin@minio \
  --disable-tls

执行以上命令,并根据提示设置仓库密码。

[root@localhost ~]# kopia repository create s3 \
>   --endpoint=192.168.116.128:9001 \
>   --bucket=jenkins-backup \
>   --access-key=admin \
>   --secret-access-key=admin@minio \
>   --disable-tls
Enter password to create new repository:
Re-enter password for verification:
Initializing repository with:
  block hash:          BLAKE2B-256-128
  encryption:          AES256-GCM-HMAC-SHA256
  splitter:            DYNAMIC-4M-BUZHASH
Connected to repository.

NOTICE: Kopia will check for updates on GitHub every 7 days, starting 24 hours after first use.
To disable this behavior, set environment variable KOPIA_CHECK_FOR_UPDATES=false
Alternatively you can remove the file "/root/.config/kopia/repository.config.update-info.json".

Retention:
  Annual snapshots:     3   (defined for this target)
  Monthly snapshots:   24   (defined for this target)
  Weekly snapshots:     4   (defined for this target)
  Daily snapshots:      7   (defined for this target)
  Hourly snapshots:    48   (defined for this target)
  Latest snapshots:    10   (defined for this target)
Compression disabled.

To find more information about default policy run 'kopia policy get'.
To change the policy use 'kopia policy set' command.

NOTE: Kopia will perform quick maintenance of the repository automatically every 1h0m0s
and full maintenance every 24h0m0s when running as root@localhost.

See https://kopia.io/docs/advanced/maintenance/ for more information.

NOTE: To validate that your provider is compatible with Kopia, please run:

$ kopia repository validate-provider

按照提示执行kopia repository validate-provider进行验证。

[root@localhost ~]# kopia repository validate-provider
Validating storage capacity and usage
Validating blob list responses
Validating non-existent blob responses
Writing blob (5000000 bytes)
Validating conditional creates...
Validating list responses...
Validating partial reads...
Validating full reads...
Validating metadata...
Running concurrency test for 30s...
All good.
Cleaning up temporary data...

3、使用命令kopia repository status查看存储库的状态

[root@localhost ~]# kopia repository status
Config file:         /root/.config/kopia/repository.config

Description:         Repository in S3: 192.168.116.128:9001 jenkins-backup
Hostname:            localhost
Username:            root
Read-only:           false
Format blob cache:   15m0s

Storage type:        s3
Storage capacity:    unbounded
Storage config:      {
                       "bucket": "jenkins-backup",
                       "endpoint": "192.168.116.128:9001",
                       "doNotUseTLS": true,
                       "accessKeyID": "admin",
                       "secretAccessKey": "***********",
                       "sessionToken": ""
                     }

Unique ID:           203d2b34e4b92e5def58be71652bc7070bfe54cf2664c59e843302976d01e8ee
Hash:                BLAKE2B-256-128
Encryption:          AES256-GCM-HMAC-SHA256
Splitter:            DYNAMIC-4M-BUZHASH
Format version:      2
Content compression: true
Password changes:    true
Max pack length:     20 MiB
Index Format:        v2

Epoch Manager:       enabled
Current Epoch: 0

Epoch refresh frequency: 20m0s
Epoch advance on:        20 blobs or 10 MiB, minimum 24h0m0s
Epoch cleanup margin:    4h0m0s
Epoch checkpoint every:  7 epochs

4、创建快照
接下来创建jenkins_home目录的快照:kopia snapshot create /var/jenkins_home

[root@localhost ~]# kopia snapshot create /var/jenkins_home
Snapshotting root@localhost:/var/jenkins_home ...
 * 0 hashing, 3936 hashed (442.8 MB), 0 cached (0 B), uploaded 407.4 MB, estimated 442.8 MB (100.0%) 0s left
Created snapshot with root k83ef262e4cb8b8a9b0fb9b38afde032c and ID d2c3ca1c3adb2b58fe5d72dc8ffe7b66 in 7s
Running full maintenance...
Looking for active contents...
Looking for unreferenced contents...
Rewriting contents from short packs...
Not enough time has passed since previous successful Snapshot GC. Will try again next time.
Skipping blob deletion because not enough time has passed yet (59m59s left).
Cleaned up 0 logs.
Cleaning up old index blobs which have already been compacted...
Finished full maintenance.

列出文件和目录的快照

[root@localhost ~]# kopia snapshot list
root@localhost:/var/jenkins_home
  2022-04-27 18:54:35 CST k83ef262e4cb8b8a9b0fb9b38afde032c 442.8 MB drwxr-xr-x files:3936 dirs:1240 (latest-1,hourly-1,daily-1,weekly-1,monthly-1,annual-1)

5、回到Jenkins,运行几次任务,然后再次创建快照

[root@localhost ~]# kopia snapshot create --all
Snapshotting root@localhost:/var/jenkins_home ...
 * 0 hashing, 25 hashed (24.6 KB), 3930 cached (442.8 MB), uploaded 203 B, estimating...
Created snapshot with root k69a63ee3adaf12012c9d55aff4a38fa3 and ID 04defac5438cf141af2b744f35a9ee8f in 0s

此时,再次查看快照列表

[root@localhost ~]# kopia snapshot list
root@localhost:/var/jenkins_home
  2022-04-27 18:54:35 CST k83ef262e4cb8b8a9b0fb9b38afde032c 442.8 MB drwxr-xr-x files:3936 dirs:1240 (latest-2,hourly-2)
  2022-04-27 19:05:24 CST k69a63ee3adaf12012c9d55aff4a38fa3 442.8 MB drwxr-xr-x files:3955 dirs:1245 (latest-1,hourly-1,daily-1,weekly-1,monthly-1,annual-1)

6、可以通过kopia diff来获取两次快照的差异

kopia diff k83ef262e4cb8b8a9b0fb9b38afde032c k69a63ee3adaf12012c9d55aff4a38fa3

7、前面是针对整个jenkins_home做的快照,但是有些目录不需要做快照,比如.cache.groovy.java等目录。
首先,查看当前的快照策略

[root@localhost ~]# kopia policy show /var/jenkins_home/
Policy for root@localhost:/var/jenkins_home:

Retention:
  Annual snapshots:                     3   inherited from (global)
  Monthly snapshots:                   24   inherited from (global)
  Weekly snapshots:                     4   inherited from (global)
  Daily snapshots:                      7   inherited from (global)
  Hourly snapshots:                    48   inherited from (global)
  Latest snapshots:                    10   inherited from (global)

Files policy:
  Ignore cache directories:          true   inherited from (global)
  No ignore rules:
  Read ignore rules from files:             inherited from (global)
    .kopiaignore
  Scan one filesystem only:         false   inherited from (global)

Error handling policy:
  Ignore file read errors:          false   inherited from (global)
  Ignore directory read errors:     false   inherited from (global)
  Ignore unknown types:              true   inherited from (global)

Scheduling policy:
  Scheduled snapshots:
    None.
  Manual snapshot:                  false   inherited from (global)

Uploads:
  Max parallel snapshots (server/UI):   1   inherited from (global)
  Max parallel file reads:              -   inherited from (global)

Compression disabled.

No actions defined.

Logging details (0-none, 10-maximum):
  Directory snapshotted:                5   inherited from (global)
  Directory ignored:                    5   inherited from (global)
  Entry snapshotted:                    0   inherited from (global)
  Entry ignored:                        5   inherited from (global)
  Entry cache hit:                      0   inherited from (global)
  Entry cache miss:                     0   inherited from (global)

接下来,设置忽略提及的几个目录

[root@localhost ~]# kopia policy set --add-ignore .cache/ --add-ignore .groovy/ --add-ignore .java/ /var/jenkins_home/
Setting policy for root@localhost:/var/jenkins_home
 - adding ".cache/" to "ignore rules"
 - adding ".groovy/" to "ignore rules"
 - adding ".java/" to "ignore rules"

再次查看策略

[root@localhost ~]# kopia policy show /var/jenkins_home/
Policy for root@localhost:/var/jenkins_home:

Retention:
  Annual snapshots:                     3   inherited from (global)
  Monthly snapshots:                   24   inherited from (global)
  Weekly snapshots:                     4   inherited from (global)
  Daily snapshots:                      7   inherited from (global)
  Hourly snapshots:                    48   inherited from (global)
  Latest snapshots:                    10   inherited from (global)

Files policy:
  Ignore cache directories:          true   inherited from (global)
  Ignore rules:                             (defined for this target)
    .cache/
    .groovy/
    .java/
......

通过kopia policy list可以查看策略列表:

[root@localhost ~]# kopia policy list
4f3609b9bc6670c3e9e61b6f09cd1d0d (global)
aff64b90cc1993f4c968eec2a940b123 root@localhost:/var/jenkins_home

四、定时创建快照
前面的内容,我们都是手动执行来进行备份。但在实际应用中,可以结合crontab设置定时任务来执行。
创建定时备份脚本jenkins-kopia.sh

#!/bin/bash
export KOPIA_PASSWORD=123

kopia repository connect s3 --endpoint=192.168.116.128:9001 --bucket=jenkins-backup --access-key=admin --secret-access-key=admin@minio --disable-tls --no-check-for-updates
kopia snapshot create --all

结合crontab配置定时任务,

*/1 * * * * /opt/minio/jenkins-kopia.sh 2>&1

五、从快照恢复jenkins
进入jenkins_home,删除目录内的所有文件,然后通过kopia snapshot restore进行恢复,恢复后运行Jenkins进行检查。

[root@localhost ~]# cd /var/jenkins_home/
[root@localhost jenkins_home]# rm -rf *
[root@localhost jenkins_home]# ll
总用量 0
[root@localhost jenkins_home]#
[root@localhost jenkins_home]# kopia snapshot restore k69a63ee3adaf12012c9d55aff4a38fa3 /var/jenkins_home
Restoring to local filesystem (/var/jenkins_home) with parallelism=8...
Processed 1727 (124.8 MB) of 5199 (442.8 MB) 124.8 MB/s (28.2%) remaining 1s.
Processed 2125 (236.5 MB) of 5199 (442.8 MB) 118.2 MB/s (53.4%) remaining 0s.
Processed 2672 (272.5 MB) of 5199 (442.8 MB) 89.4 MB/s (61.5%) remaining 0s.
Processed 2995 (319.3 MB) of 5199 (442.8 MB) 78.8 MB/s (72.1%) remaining 0s.
Processed 3505 (352.7 MB) of 5199 (442.8 MB) 69.8 MB/s (79.7%) remaining 0s.
Processed 4950 (409 MB) of 5199 (442.8 MB) 67.5 MB/s (92.4%) remaining 0s.
Processed 5200 (442.8 MB) of 5199 (442.8 MB) 68.6 MB/s (100.0%) remaining 0s.
Restored 3955 files, 1245 directories and 0 symbolic links (442.8 MB).

参考:
https://kopia.io/docs/installation/#linux-installation-using-rpm-redhat-centos-fedora
https://kopia.io/docs/repositories/#amazon-s3

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,294评论 6 493
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,493评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,790评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,595评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,718评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,906评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,053评论 3 410
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,797评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,250评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,570评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,711评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,388评论 4 332
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,018评论 3 316
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,796评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,023评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,461评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,595评论 2 350

推荐阅读更多精彩内容