首批通过分布式安全可靠测评,为关键业务系统打造
租户备份
更新时间:2026-04-13 16:46:32
本文介绍如何进行租户数据备份。租户数据备份的关键资源为 OBTenantBackupPolicy 和 OBTenantBackup,分别表示备份策略和备份任务。通过备份策略,可以为 OceanBase 集群当中某个租户指定周期性的日志归档和数据备份配置。备份策略会通过创建备份任务的方式来执行具体的任务。备份目的地支持 NFS 和 OSS 两种。
前提条件
备份到 NFS 的方式需要确保部署 OceanBase 集群时设置了备份的 volume,对应的 NFS 可以正常访问并有读写权限。
备份策略的配置
参考配置
租户备份策略为特定的租户配置,可以参考的配置文件如下:
apiVersion: oceanbase.oceanbase.com/v1alpha1
kind: OBTenantBackupPolicy
metadata:
name: backup-policy-example
namespace: oceanbase
spec:
obClusterName: "test"
tenantName: "t1"
tenantSecret: "t1-credential"
tenantCRName: "tenant-cr"
jobKeepWindow: "1d"
suspend: false
dataClean:
recoveryWindow: "8d"
logArchive:
destination:
type: "OSS"
path: "oss://bucket/archive?host=oss-cn-hangzhou.aliyuncs.com"
ossAccessSecret: "oss-access"
# type: "NFS"
# path: "t1/logArchive"
switchPieceInterval: "1d"
binding: Optional
dataBackup:
destination:
type: "OSS"
path: "oss://bucket/backup?host=oss-cn-hangzhou.aliyuncs.com"
ossAccessSecret: "oss-access"
# type: "NFS"
# path: "t1/dataBackup"
fullCrontab: "30 0 * * 6"
incrementalCrontab: "30 1 * * *"
encryptionSecret: t1-encryption
配置说明
备份策略配置说明:
- obClusterName: 同 namespace 下 OB 集群资源的名称
- tenantName: 数据库中的租户名
- tenantSecret: 包含名为 tenantName 的租户 root 用户密码的 Secret 资源名
- tenantCRName: OBTenant 租户资源名,若指定了该字段,则无需指定 tenantName 和 tenantSecret
- jobKeepWindow: 备份任务资源保留时间窗口
- suspend: 备份任务是否暂停,如果不配置,默认为
false - dataClean: 过期备份数据清理配置
- recoveryWindow: 数据恢复的时间窗口
- logArchive: 日志归档配置
- destination: 备份目的地配置
- switchPieceInterval: 日志归档中
piece的切换周期,取值范围为[1d, 7d]。如果不设置,默认为1d - binding: 设置归档和业务的优先模式。目前支持
Optional和Mandatory两种模式。如果不配置,默认为Optional模式
- dataBackup: 数据备份配置
- destination: 备份目的地配置
- fullCrontab: 全量备份的定时触发配置,采用 cron expression 格式
- incrementalCrontab: 增量备份的定时触发配置,采用 cron expression 格式
- encryptionSecret: 数据备份加密配置的 Secret 资源名
备份目的地配置说明:
destination:
- type:目的地类型,支持 NFS 和 OSS 两种。
- path:目的地的备份路径,如果是 OSS 类型,则需要以
oss://开头;如果是 NFS 类型,则是非/开头的相对路径。 - ossAccessSecret: 存放访问 OSS 凭证的 Secret 资源名,如果备份目的地类型为 OSS,该字段必须提供。
tenantSecret 示例:
apiVersion: v1
kind: Secret
metadata:
name: tenant-root
namespace: oceanbase
data:
# base64 encoded
password: ******
encryptionSecret 示例:
apiVersion: v1
kind: Secret
metadata:
name: tenant-backup-encryption
namespace: oceanbase
data:
# base64 encoded
password: ******
ossAccessSecret 示例:
apiVersion: v1
kind: Secret
metadata:
name: oss-access
namespace: obcluster
data:
# base64 encoded
accessId: ******
accessKey: ******
常用操作
发起备份
使用如下命令,创建备份相关的 Secret 资源,文件名请根据实际情况进行指定。
kubectl apply -f tenant-secret.yaml
kubectl apply -f backup-encryption.yaml
kubectl apply -f oss-access.yaml
使用如下命令创建租户备份策略。
kubectl apply -f backup-policy.yaml
查看备份策略状态
使用如下命令查看备份策略的状态。
kubectl get obtenantbackuppolicies.oceanbase.oceanbase.com -n oceanbase
返回结果示例如下:
NAME STATUS AGE TENANTNAME NEXTFULL NEXTINCREMENTAL FULLCRONTAB INCREMENTALCRONTAB
backup-policy-example RUNNING 2m46s t1 2023-11-10 11:07:58 */60 * * * * */25 * * * *
查看备份任务状态
备份策略会通过创建备份任务的形式来执行具体的备份操作,使用如下命令可以查看备份任务的状态:
kubectl get obtenantbackups.oceanbase.oceanbase.com -n oceanbase
返回结果示例如下:
NAME TYPE STATUS TENANTNAME STARTEDAT ENDEDAT
backup-policy-example-clean-20231110110746 CLEAN RUNNING t1
backup-policy-example-full-20231110110756 FULL SUCCESSFUL t1 2023-11-10 11:08:06.952711 2023-11-10 11:13:31.079246
backup-policy-example-archive-20231110110746 ARCHIVE RUNNING t1 2023-11-10 11:07:50.139978 2023-11-10 11:13:50.128627
查看备份策略详细信息
使用如下命令可以查看备份策略的详细信息。
- 使用
kubectl get -o yaml
kubectl get -n oceanbase obtenantbackuppolicies.oceanbase.oceanbase.com backup-policy-example -o yaml
返回结果示例如下:
apiVersion: oceanbase.oceanbase.com/v1alpha1
kind: OBTenantBackupPolicy
metadata:
creationTimestamp: "2023-11-10T03:07:39Z"
finalizers:
- obtenantbackuppolicy.finalizers.oceanbase.com
generation: 1
name: backup-policy-example
namespace: oceanbase
resourceVersion: "775461"
uid: 7ab40200-f849-434d-b1a5-6aad888cf42e
spec:
dataBackup:
destination:
ossAccessSecret: oss-access
path: oss://bucket/backup?host=oss-cn-hangzhou.aliyuncs.com
type: OSS
fullCrontab: '*/60 * * * *'
incrementalCrontab: '*/25 * * * *'
encryptionSecret: t1-encryption
dataClean:
recoveryWindow: 8d
jobKeepWindow: 1d
logArchive:
destination:
ossAccessSecret: oss-access
path: oss://bucket/archive?host=oss-cn-hangzhou.aliyuncs.com
type: OSS
switchPieceInterval: 1d
obClusterName: test
tenantName: t1
tenantSecret: t1-credential
status:
latestArchiveLogJob:
fields: values...
latestFullBackupJob:
fields: values...
nextFull: "2023-11-10 12:00:00"
nextIncremental: "2023-11-10 11:25:00"
observedGeneration: 1
status: RUNNING
tenantCR:
fields: values...
tenantInfo:
fields: values...
- 使用
kubectl describe
kubectl describe -n oceanbase obtenantbackuppolicies.oceanbase.oceanbase.com backup-policy-example
返回结果示例如下:
Name: backup-policy-example
Namespace: oceanbase
Labels: <none>
Annotations: <none>
API Version: oceanbase.oceanbase.com/v1alpha1
Kind: OBTenantBackupPolicy
Metadata:
Creation Timestamp: 2023-11-10T03:07:39Z
Finalizers:
obtenantbackuppolicy.finalizers.oceanbase.com
Generation: 1
Resource Version: 775477
UID: 7ab40200-f849-434d-b1a5-6aad888cf42e
Spec:
Data Backup:
Destination:
Oss Access Secret: oss-access
Path: oss://bucket/backup?host=oss-cn-hangzhou.aliyuncs.com
Type: OSS
Full Crontab: */60 * * * *
Incremental Crontab: */25 * * * *
Encryption Secret: t1-encryption
Data Clean:
Recovery Window: 8d
Job Keep Window: 1d
Log Archive:
Destination:
Oss Access Secret: oss-access
Path: oss://bucket/archive?host=oss-cn-hangzhou.aliyuncs.com
Type: OSS
Switch Piece Interval: 1d
Ob Cluster Name: test
Tenant Name: t1
Tenant Secret: t1-credential
Status:
Latest Archive Log Job:
fields: values...
Latest Full Backup Job:
fields: values...
Next Full: 2023-11-10 12:00:00
Next Incremental: 2023-11-10 11:25:00
Observed Generation: 1
Status: RUNNING
Tenant CR:
fields: values...
Tenant Info:
fields: values...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal 12m obtenantbackuppolicy-controller init status