Exam CKA topic 1 question 4 discussion

In the real exam you need restore from /var/lib/backup/etcd-snapshot-previous.db and there will be a permission issue, to fix this you need to be a root user and change owner permission then you need to restore db backup

The solution does not fully solve the excercise, because the restore operation creates a default.etcd directory in the current directory where the utility ectdctl is called. Inside the newly created defaultl.etcd directory, it's a subdirectory called "member" containing the actual backup. That location is for sure not the one that is configured at etcd start. First is advisable to find out where the ETCD data is (--data-dir flag at service start). To effectively apply the backup, for instance, after stopping the service, we should move the targeted "member" folder in --data-dir location, let's name it $DATA_DIR_PATH, and decorate the restore operation with the flag data-dir set to $DATA_DIR_PATH: # #-- SERVICE ETCD STOPPED -- ... # mv $DATA_DIR_PATH/member $SOME_OTHER_LOCATION # ETCDCTL_API=3 etcdctl --data-dir $DATA_DIR_PATH snapshot restore /var/lib/backup/etcd-snapshot-previous.db # #-- SERVICE ETCD STARTED --

ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --cacert=/etc/kubernetes/pki/etcd/ca.crt snapshot save /var/lib/backup/etcd-snapshot.db etcdutl --write-out=table snapshot status /var/lib/backup/etcd-snapshot.db ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --cacert=/etc/kubernetes/pki/etcd/ca.crt --data-dir=etc/kubernetes/new-etcd/ snapshot restore /etc/kubernetes/etcd-snapshot.db etcdutl --write-out=table snapshot status /var/lib/backup/etcd-snapshot.db Edit manifest: vi /etc/kubernetes/manifests/etcd.yaml #change hostpath - hostPath: path: /var/lib/new-etcd/ type: DirectoryOrCreate name: etcd-data

# practice backup and restore 2 lab in Mumshad udemy / kodekloud.

Hello, Can someone please explain the steps with commands to change to be a root user? Thank you

Backup: etcdctl --endpoints 127.0.0.1:2379 --cacert=/opt/KUIN00601/ca.crt --cert=/opt/KUIN00601/etcd-client.crt --key=/opt/KUIN00601/etcd-client.key snapshot save /var/lib/backup/etcd-snapshot.db Restore: mkdir -p /var/lib/new-etcd/ etcdctl snapshot restore --data-dir=/var/lib/new-etcd/ /var/lib/backup/etcd-snapshot-previous.db Edit manifest: vi /etc/kuberenetes/manifest/etcd.yaml #change hostpath - hostPath: path: /var/lib/new-etcd/ type: DirectoryOrCreate name: etcd-data

Do we need to update the Volume.hostPath in file - /etc/kubernetes/manifests/etcd.yaml post restore ?

Solution is here > https://www.youtube.com/watch?v=Onb85cQl1jc

$ ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cacert=/opt/KUIN00601/ca.crt --cert=/opt/KUIN00601/etcd-client.crt --key=/opt/KUIN00601/etcd-client.key snapshot save /var/lib/backup/etcd-snapshot.db $ ETCDCTL_API=3 etcdctl --endpoints 127.0.0.1:2379 --cacert=/opt/KUIN00601/ca.crt --cert=/opt/KUIN00601/etcd-client.crt --key=/opt/KUIN00601/etcd-client.key snapshot restore /var/lib/backup/etcd-snapshot-previous.db This is more effective one you can use

Wondering if no one has noticed the path in question? It clearly says to take the snapshot under /var/lib/backup/ but it seems everyone is okay with /etc/data/ Any hints/help?

Why do we need to stop etcd service?

If you see that the question simply says to restore a backup. Doesn't mention any data directory. There's a default.etcd directory that gets created if you restore this in the current working directory in the exam. Remember, if the etcd doesn't come back up the way it's expected, you may loose onto resources in the K8s cluster. There are around 9-10 questions to be performed in that context. You need to treat this question very carefully and not mess with the database by changing the manifest file.

#backup ETCDCTL_API=3 etcdctl --endpoints="https://127.0.0.1:2379" --cacert=/opt/KUIN000601/ca.crt --cert=/opt/KUIN000601/etcd-client.crt --key=/opt/KUIN000601/etcd-client.key snapshot save /etc/data/etcd-snapshot.db #restore ETCDCTL_API=3 etcdctl --endpoints="https://127.0.0.1:2379" --cacert=/opt/KUIN000601/ca.crt --cert=/opt/KUIN000601/etcd-client.crt --key=/opt/KUIN000601/etcd-client.key snapshot restore /var/lib/backup/etcd-snapshot-previoys.db

do we need to run these backup/restored commands from the master node?

https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/ to cover the etcd backup and restore

You may have 2 etcd instances. One running in the cluster itself and the second one running outside the kubernetes cluster. They are not asking you to change context so DO NOT restore in the kubernets cluster. Follow these steps outside the cluster: 1.Execute “member list” and “snapshot status” to check hash 2.systemctl stop etcd 3.restore another backup using same certs, endpoint, and different dir 4.chown -R etcd:etcd /DIR_YOU_RESTORE 5.change dir in the service file 6.system daemon-reload 7.systermctl start etcd 8.systemctl status etcd 9.member list - to check you have different hash

Any update about this task? Is there any step-by-step guide?