问题背景

1. 阿里云轻量服务器不支持自动定时创建磁盘快照，且一个实例只能创建三个磁盘快照
2. 阿里云轻量服务器上面部署了我的博客网站，之前博客网站被攻击过（挖矿程序），之前端口开太多，没太注意安全性问题，所以现在弥补一下，即使被攻击也能根据快照立刻恢复博客数据。

问题解决方案

方案概况：
一是使用阿里云api去实现磁盘快照创建
二是使用阿里云云效流水线实现定时触发执行

阿里云轻量服务器 api

使用阿里云api接口去实现此运维需求的编排。
阿里云api地址 ：

1. 轻量服务器API概览
2. API调用方式
3. 查询已创建快照信息
4. 根据快照id删除快照
5. 创建一个新快照

create-aliyun-lightserver-snapshot.py 代码如下

# -*- coding: utf-8 -*-
import json
import os
import time
import datetime
from aliyunsdkcore.client import AcsClient
from aliyunsdkcore.acs_exception.exceptions import ClientException
from aliyunsdkcore.acs_exception.exceptions import ServerException
from aliyunsdkcore.auth.credentials import AccessKeyCredential
from aliyunsdkcore.auth.credentials import StsTokenCredential
from aliyunsdkswas_open.request.v20200601.ListSnapshotsRequest import ListSnapshotsRequest
from aliyunsdkswas_open.request.v20200601.CreateSnapshotRequest import CreateSnapshotRequest
from aliyunsdkswas_open.request.v20200601.DeleteSnapshotRequest import DeleteSnapshotRequest

def describe_snapshots(client, disk_id):
    # 查询磁盘快照
    request = ListSnapshotsRequest()
    request.set_accept_format('json')
    request.set_endpoint("swas.cn-shanghai.aliyuncs.com")
    response = client.do_action_with_exception(request)
    print("--------------------------------------------------------------")
    print("查询磁盘快照" + disk_id + "完毕：")
    print(str(response, encoding='utf-8'))
    print("--------------------------------------------------------------")
    return json.loads(response)

def delete_snapshot(client, snapshot_id):
    # 删除快照
    request = DeleteSnapshotRequest()
    request.set_accept_format('json')
    request.set_endpoint("swas.cn-shanghai.aliyuncs.com")
    request.set_SnapshotId(snapshot_id)
    response = client.do_action_with_exception(request)
    print("--------------------------------------------------------------")
    print("查询磁盘快照" + snapshot_id + "完毕：")
    print(str(response, encoding='utf-8'))
    print("--------------------------------------------------------------")
    return json.loads(response)

def create_snapshot(client, disk_id):
    # 创建快照
    request = CreateSnapshotRequest()
    request.set_accept_format('json')
    # 获取当前时间戳
    timestamp = int(time.time())
    # 将时间戳转换为日期时间格式
    dt = datetime.datetime.fromtimestamp(timestamp)
    # 将日期时间格式转换为字符串格式
    dt_str = dt.strftime("%Y-%m-%d-%H-%M-%S")
    request.set_SnapshotName("SystemDisk-" + dt_str)
    request.set_DiskId(disk_id)
    request.set_endpoint("swas.cn-shanghai.aliyuncs.com")
    response = client.do_action_with_exception(request)
    print("--------------------------------------------------------------")
    print("创建快照完毕：")
    print(str(response, encoding='utf-8'))
    print("--------------------------------------------------------------")
    return json.loads(response)

def main():
    disk_id = 'd-xxx'
    credentials = AccessKeyCredential('xxx', 'xxx')
    client = AcsClient(region_id='cn-shanghai', credential=credentials)
    snapshots = describe_snapshots(client, disk_id)
    if snapshots.get('TotalCount', 0) >= 3:
        oldest_snapshot = None
        for snapshot in snapshots.get('Snapshots', []):
            if oldest_snapshot is None or snapshot['CreationTime'] < oldest_snapshot['CreationTime']:
                oldest_snapshot = snapshot
        if oldest_snapshot is not None:
            delete_snapshot(client, oldest_snapshot['SnapshotId'])

    create_snapshot(client, disk_id)

if __name__ == '__main__':
    main()

python代码添加到云效代码仓库

新创建一个代码仓库 添加create-aliyun-lightserver-snapshot.py文件

利用云效流水线每天定时执行快照创建

为此代码仓库创建一条流水线

python流水线流程添加python构建任务

配置如下

echo "python版本"
python --version
echo "pip安装依赖包"
pip install -i https://mirrors.aliyun.com/pypi/simple aliyun-python-sdk-core
pip install -i https://mirrors.aliyun.com/pypi/simple aliyun-python-sdk-swas-open==1.0.0
echo "开始执行快照创建任务"
python create-aliyun-lightserver-snapshot.py
echo "任务执行完毕"

流水线定时执行配置