Hi I would like to restore etcd snapshot but the restore wil rancher-users #rke2

Title

great-photographer-94826

08/22/2022, 1:14 PM

Hi! I would like to restore etcd snapshot but the restore will fail. Used command rke2 server \

--cluster-reset \
 --cluster-reset-restore-path=/tmp/etcd-snapshot-2022-08-22 \
 --token=mytoken

Versions • OS: "Ubuntu 20.04" • rke2 version I use: "1.21.5-rke2r2" • etcd image I use: "etcd:v3.4.13-k3s1-build20210223" ETCD does not start due to the following error

2022-08-22 12:40:13.947166 I | etcdmain: Loading server configuration from "/var/lib/rancher/rke2/server/db/etcd/config". Other configuration command line flags and environment variables will be ignored if provided.
2022-08-22 12:40:13.947196 E | etcdmain: error verifying flags, open /var/lib/rancher/rke2/server/db/etcd/config: permission denied. See 'etcd --help'.

ETCD config permissions

-rw------- 1 etcd etcd 1043 Aug 22 15:03 /var/lib/rancher/rke2/server/db/etcd/config

ETCD pod

/var/lib/rancher/rke2/agent/pod-manifests/etcd.yaml
...  
  securityContext:
    runAsGroup: 1001
    runAsUser: 1001
...

etcd user/groups

id etcd
uid=1001(etcd) gid=1001(etcd) groups=1001(etcd)

RKE2 config.yaml

profile: cis-1.6
tls-san:
  - ******
  - ******
disable-cloud-controller: true
etcd-snapshot-schedule-cron: "0 */12 * * *"
etcd-snapshot-retention: 5
secrets-encryption: true

creamy-pencil-82913

08/22/2022, 5:52 PM

that is a very old release on an EOL branch. Can you try with the latest 1.21 release, or preferably with a supported branch (1.22, 1.23, 1.24) ?

great-photographer-94826

08/23/2022, 7:30 AM

@creamy-pencil-82913 Same with 1.23.6 and etcd: v3.5.3 and higher versions.

If I delete "profile: cis-1.6" arg than restore works fine.

5 Views

#rke2 Join Slack