如何从破碎的码头工人群中获取秘密 [英] how to get secrets from broken docker swarm

问题描述

我的集群服务器坏了（Linux系统错误），可惜它只是一个节点。

My swarm server is broken(Linux system error), sadly it is only one node.

我读了 https://docs.docker.com/v17.09/engine/swarm/admin_guide/#备份群

所以我尝试备份 / var / lib / docker / swarm 并将其还原到新设置的docker服务器上，如下所示：

So I tried to backup /var/lib/docker/swarm and restore it on a new set up docker server as below:

新的docker守护程序可以正常工作，没有任何群集功能，但是群集功能无法正常工作：

The new docker daemon works fine without any swarm feature, but swarm feature doesn't work like:

$ docker service ls
Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.

我认为我需要强制重新启动群集管理器：

I think that I need to force re-init swarm manager:

docker swarm init --force-new-cluster

在那之后，每个命令都与群集相关，例如

After that, every command relate to swarm like

docker service ls

没有响应，使docker daemon挂起的。

然后我尝试从后退文件中提取数据，然后发现此 https://medium.com/lucjuggery/raft-logs-on-swarm-mode-1351eff1e690 似乎很有用。但是我仍然无法恢复秘密。

Then I tried to extract data from back files, and I found this https://medium.com/lucjuggery/raft-logs-on-swarm-mode-1351eff1e690 seems useful. But I still can't recovery secrets.

只能得到类似的东西：

 secrets: <
        secret_id: "6vtndjswxr4fe9kxjtmmtk6af"
        secret_name: "DATABASE_ADMIN_URL"
        file: <
          name: "_DATABASE_ADMIN_URL"
          uid: "0"
          gid: "0"
          mode: -r--r--r--
        >
      >

其中不包含有用的数据。

which doesn't include useful data.

BTW：我不是要入侵服务器，我希望恢复数据而不是去研究捆绑服务的所有配置。

BTW: I'm not hacking the server, I hope recovery the data instead of going investigate all configs for bundle service.

推荐答案

今天花了我几个小时才弄清为什么docker daemon挂起

It took me few hours today to figure out why docker daemon hangs after

docker swarm init --force-new-cluster

我相信官方文档 https://docs.docker.com/v17.09/engine/swarm/admin_guide /＃restore-from-a-backup

因为我删除了 docker-state.json 然后运行

Because after I removed docker-state.json then ran

docker swarm init --force-new-cluster --advertise-addr <the-server-ip>:2377

事情按预期工作。

这篇关于如何从破碎的码头工人群中获取秘密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！