刚接触的 tidb 集群日常备份到S3的存储,之前都是云上申请的 S3 存储,拿来直接用,听前同事说,直接用阿里云的S3 好像有点问题,再就是目前我的阿里云的 S3,现在不免费了。那就本地自建存储,进行模拟一把。本次采用了 MinIO 软件。本篇先记录本地使用 MinIO 自建存储 S3 ,S3 全名是Simple Storage Service,Amazon S3 (Simple Storage Service) 简单存储服务,是 Amazon 的公开云存储服务,与之对应的协议被称为 S3 协议,目前 S3 协议已经被视为公认的行业标准协议,因此目前国内主流的对象存储厂商基本上都会支持 S3 协议。

TiDB 支持 Amazon S3、Google Cloud Storage (GCS)、Azure Blob Storage 和 NFS 作为备份恢复的存储。具体来说,可以在 br--storage-s 选项中指定备份存储的 URI。

本地环境信息:

操作系统:Oracle Linux 9.5 arm 架构

安装步骤

1. 下载 MinIO Server (ARM64 版本)

1
2
3
4
5
6
7
8
# 下载 MinIO 二进制文件
wget https://dl.min.io/server/minio/release/linux-arm64/minio

# 添加执行权限
chmod +x minio

# 移动到系统路径
sudo mv minio /usr/local/bin/

2. 创建 MinIO 用户和数据目录

1
2
3
4
5
6
7
8
# 创建 MinIO 用户
sudo useradd -r minio-user -s /sbin/nologin

# 创建数据存储目录
sudo mkdir -p /mnt/data

# 设置目录权限
sudo chown minio-user:minio-user /mnt/data

3. 创建 systemd 服务文件

1
sudo vim /etc/systemd/system/minio.service

添加以下内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
[Unit]
Description=MinIO
Documentation=https://docs.min.io
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio

[Service]
WorkingDirectory=/usr/local/

User=minio-user
Group=minio-user

Environment="MINIO_ROOT_USER=minioadmin"
Environment="MINIO_ROOT_PASSWORD=minioadmin123"

ExecStart=/usr/local/bin/minio server /mnt/data --console-address ":9001"

Restart=always

# 性能优化
LimitNOFILE=65536
TasksMax=infinity

[Install]
WantedBy=multi-user.target

4. 配置防火墙

1
2
3
4
# 如果启用了防火墙,开放端口
sudo firewall-cmd --permanent --add-port=9000/tcp  # MinIO API
sudo firewall-cmd --permanent --add-port=9001/tcp  # MinIO Console
sudo firewall-cmd --reload

5. 启动 MinIO 服务

1
2
3
4
5
6
7
8
9
10
11
# 重新加载 systemd 配置
sudo systemctl daemon-reload

# 启动 MinIO
sudo systemctl start minio

# 设置开机自启
sudo systemctl enable minio

# 查看服务状态
sudo systemctl status minio

6. 访问 MinIO

  • API 端点: http://your-server-ip:9000
  • Web Console: http://your-server-ip:9001

默认登录凭据:

  • 用户名: minioadmin
  • 密码: minioadmin123

可选:安装 MinIO Client (mc)

1
2
3
4
5
6
7
8
9
# 下载 mc 客户端
wget https://dl.min.io/client/mc/release/linux-arm64/mc

# 添加执行权限并移动
chmod +x mc
sudo mv mc /usr/local/bin/

# 配置别名
mc alias set myminio http://localhost:9000 minioadmin minioadmin123

安全建议

  1. 修改默认密码:在生产环境中务必修改 MINIO_ROOT_USERMINIO_ROOT_PASSWORD
  2. 使用 HTTPS:配置 SSL/TLS 证书
  3. 配置访问策略:设置合适的存储桶策略和用户权限

验证安装

1
2
3
4
5
# 查看 MinIO 版本
minio --version

# 查看服务日志
sudo journalctl -u minio -f

安装过程遇到的问题

sudo systemctl status minio
× minio.service - MinIO
Loaded: loaded (/etc/systemd/system/minio.service; enabled; preset: disabled)
Active: failed (Result: exit-code) since Tue 2025-11-18 09:02:43 GMT; 38s ago
Duration: 2ms
Docs: https://docs.min.io
Process: 444020 ExecStart=/usr/local/bin/minio server /mnt/data –console-address :9001 (code=exited, status=203/EXEC)
Main PID: 444020 (code=exited, status=203/EXEC)
CPU: 2ms
Nov 18 09:02:43 tihtap systemd[1]: minio.service: Scheduled restart job, restart counter is at 6.
Nov 18 09:02:43 tihtap systemd[1]: Stopped MinIO.
Nov 18 09:02:43 tihtap systemd[1]: minio.service: Start request repeated too quickly.
Nov 18 09:02:43 tihtap systemd[1]: minio.service: Failed with result ‘exit-code’.
Nov 18 09:02:43 tihtap systemd[1]: Failed to start MinIO.

经过排查是本机启用了 SELinux

解决方案:

1、关闭 SELinux

1
2
3
4
5
6
7
8
9
# 查看 SELinux 状态
getenforce

# 如果是 Enforcing,临时设置为 Permissive 测试
sudo setenforce 0

# 然后重启服务
sudo systemctl restart minio
sudo systemctl status minio

2、配置 SELinux 上下文:

1
2
3
4
5
6
7
8
9
10
# 设置正确的 SELinux 上下文
sudo semanage fcontext -a -t bin_t /usr/local/bin/minio
sudo restorecon -v /usr/local/bin/minio

# 恢复 SELinux
sudo setenforce 1

# 然后重启服务
sudo systemctl restart minio
sudo systemctl status minio

附截图:

image-20251119112937354 image-20251119113000222

这里采用 命令行的方式进行管理

创建 bucket 及用户、密码,权限设置

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
[root@tihtap ~]# mc mb myminio/tidb-backup
Bucket created successfully `myminio/tidb-backup`.
[root@tihtap ~]# mc admin user list myminio
[root@tihtap ~]# mc admin user add myminio tidb SecurePassword123
Added user `tidb` successfully.
[root@tihtap ~]# mc admin policy attach myminio readwrite --user  tidb
Attached Policies: [readwrite]
To User: tidb
[root@tihtap ~]# mc admin user list myminio
enabled    tidb                  readwrite
[root@tihtap ~]#



PD_IP="10.0.0.15"
MINIO_IP="10.0.0.15"
ACCESS_KEY="tidb"
SECRET_KEY="SecurePassword123"
BUCKET_NAME="tidb-backup"
[tidb@tihtap ~]$
[tidb@tihtap ~]$
[tidb@tihtap ~]$ tiup br backup full \
    --pd "$PD_IP:2379" \
    --storage "s3://$BUCKET_NAME/snapshot-$(date +%F%T)?access-key=$ACCESS_KEY&secret-access-key=$SECRET_KEY&endpoint=http://$MINIO_IP:9000&force-path-style=true" \
    --log-file backupfull.log
Starting component br: /home/tidb/.tiup/components/br/v8.5.3/br backup full --pd 10.0.0.15:2379 --storage s3://tidb-backup/snapshot-2025-11-1906:41:10?access-key=tidb&secret-access-key=SecurePassword123&endpoint=http://10.0.0.15:9000&force-path-style=true --log-file backupfull.log
Detail BR log in backupfull.log
Full Backup <------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------> 100.00%
Checksum <---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------> 100.00%
[2025/11/19 06:41:14.847 +00:00] [INFO] [collector.go:77] ["Full Backup success summary"] [total-ranges=34] [ranges-succeed=34] [ranges-failed=0] [backup-checksum=22.974113ms] [backup-total-ranges=102] [backup-total-regions=102] [total-take=3.688120772s] [total-kv=45996] [total-kv-size=3.253MB] [average-speed=882.1kB/s] [backup-data-size(after-compressed)=640.7kB] [Size=640679] [BackupTS=462299980425854977]

查看备份:

1
2
3
4
5
6
[root@tihtap ~]#  mc ls myminio/tidb-backup/snapshot-2025-11-1906:41:10
[2025-11-19 06:41:11 GMT]    78B STANDARD backup.lock
[2025-11-19 06:41:14 GMT]   369B STANDARD backupmeta
[2025-11-19 06:41:14 GMT] 7.7KiB STANDARD backupmeta.datafile.000000001
[2025-11-19 06:41:14 GMT] 242KiB STANDARD backupmeta.schema.000000002
[2025-11-19 06:44:16 GMT]     0B 1/

web 页面查看:

image-20251119145444917

原文作者: liups.com

原文链接: http://liups.com/posts/1a3359b9/

许可协议: 知识共享署名-非商业性使用 4.0 国际许可协议