See below for managing the etcd database integrated into Cryptographic Security Platform.
Checking the etcd database size
Check whether the etcd database needs to be defragmented.
To check the size of the etcd database
Browse to the Etcd > etcd Status dashboard.
- Check the information in the DB Info per Member section: used space, need for defragmentation, available capacity, etc.
- If the dashboard alerts that the cluster requires defragmentation, or the etcd used space is approaching 100%, defragment the database as explained in the following section.
Defragmenting the etcd database
Repeat the procedure sequentially in all the nodes to defragment the etcd database.
Defragmenting a live etcd member blocks the system from reading and writing data while rebuilding states. This operation can take several seconds, during which the whole cluster node is unavailable.
To defragment the etcd database in one node
Get the current etcd revision.
rev=$(sudo ETCDCTL_API=3 etcdctl --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt endpoint status --write-out="json" | egrep -o '"revision":[0-9]*' | egrep -o '[0-9].*')Compact away all old
etcdrevisions.sudo ETCDCTL_API=3 etcdctl --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt compact $revDefragment
etcdon the node.sudo ETCDCTL_API=3 etcdctl --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt defragDisarm the
etcddatabase space alarm.sudo ETCDCTL_API=3 etcdctl --cert /var/lib/rancher/k3s/server/tls/etcd/client.crt --key /var/lib/rancher/k3s/server/tls/etcd/client.key --cacert /var/lib/rancher/k3s/server/tls/etcd/server-ca.crt alarm disarm