centos7.9部署rsync守护进程模式
服务端部署
关闭防火墙 关闭防火墙
修改rsync配置文件
[root@backup ~]# vim /etc/rsyncd.conf
fake super = yes uid = rsync gid = rsync use chrroot = no max connections = 2000 timeout = 600 pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock log file = /var/log/rsyncd.log ignore errors read only = false list = false hosts allow = 10.0.0.0/24 #hosts deny = 0.0.0.0/32 auth users = rsync_backup secrets file = /etc/rsync.password ######################################### [backup] comment = www by nfs01 14:18 2013-1-13 path = /backup
配置文件解析说明
#全局配置 fake super = yes #7里面必须加这条且是yes,不然传输就会报错 uid = rsync #运行的用户 gid = rsync #运行的用户组 use chrroot = no #安全相关 max connections = 2000 #同一时间最大连接数 timeout = 600 #连接超时时间/秒 pid file = /var/run/rsyncd.pid #pid文件路径 、存放服务的pid号(进程号) lock file = /var/run/rsync.lock #进程、服务的锁文件路径, log file = /var/log/rsyncd.log #rsync日志存放路径 ignore errors #忽略一些错误 read only = false #可以进行读写 list = false #关闭rsync服务端列表功能 hosts allow = 10.0.0.0/24 #只准哪些ip访问 #hosts deny = 0.0.0.0/32 #拒绝哪些ip访问 auth users = rsync_backup #rsync服务端进行验证用户:用户名 secrets file = /etc/rsync.password # rsync服务端进行验证用户的密码 ######################################## #局部变量 [backup] # 模块名 comment = www by nfs01 14:18 2013-1-13 #注释说明 path = /badkup #模块对应目录
创建虚拟用户
[root@backup ~]# useradd -s /sbin/nologin -M rsync
创建验证用户和密码
[root@backup ~]# echo 'rsync_backup:123' >/etc/rsync.password
修改权限,不改低权限会报错
ERROR: password file must not be other-accessible
rsync error: syntax or usage error (code 1) at authenticate.c(196) [sender=3.1.2]
[root@backup ~]# ll /etc/rsync.password -rw-r--r-- 1 root root 17 Nov 11 08:41 /etc/rsync.password [root@backup ~]# chmod 600 /etc/rsync.password [root@backup ~]# ll /etc/rsync.password -rw------- 1 root root 17 Nov 11 08:41 /etc/rsync.password
创建模块backup目录
[root@backup ~]# mkdir -p /backup
修改所属者所属组
[root@backup ~]# chown rsync:rsync /backup
加入开机自启动,启动服务
[root@backup ~]# systemctl enable rsyncd Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service. [root@backup ~]# systemctl start rsyncd
看下进程
[root@backup ~]# ps -ef |grep rsync root 1928 1 0 08:49 ? 00:00:00 /usr/bin/rsync --daemon --no-detach root 1931 1673 0 08:51 pts/0 00:00:00 grep --color=auto rsync
看下端口
[root@backup ~]# ss -lntup |grep rsync tcp LISTEN 0 5 *:873 *:* users:(("rsync",pid=1928,fd=3)) tcp LISTEN 0 5 [::]:873 [::]:* users:(("rsync",pid=1928,fd=5))
本地测试
[root@backup ~]# rsync -avz /etc/hostname rsync_backup@10.0.0.41::backup
客户端配置
创建密码文件
[root@nfs01 ~]# echo 123 >/etc/rsync.client [root@nfs01 ~]# cat /etc/rsync.client 123
[root@nfs01 ~]# chmod 600 /etc/rsync.client
[root@nfs01 ~]# rsync -av /etc/hosts rsync_backup@10.0.0.41::backup --password-file=/etc/rsync.client
客户端测试也没问题之后可以配合定时任务做备份
备份什么:
- 数据
- 配置文件
- 日志(收集)
- 代码
- 脚本
我是测试环境,没有数据和代码,就拿配置文件测试
创建客户端目录
mkdir /backup
创建放脚本的目录
mkdir -p /server/scripts
编辑一个打包和推送的脚本
[root@nfs01 /backup]# vim /server/scripts/conf-bak.sh
#!/bin/bash
ip=`hostname -I |cut -d " " -f2`
time=`date +%F`
bak_dir=/backup
mkdir -p $bak_dir/$ip
tar zcf $bak_dir/$ip/conf-$time.tar.gz /etc/ /var/spool/cron
find $bak_dir -type f -name '*.tar.gz' |xargs md5sum >$bak_dir/$ip/finger.md5
rsync -avz $bak_dir/ rsync_backup@10.0.0.41::backup --password-file=/etc/rsync.client
运行脚本测试,服务端查看是否传过去
[root@nfs01 ~]# sh /server/scripts/conf-bak.sh tar: Removing leading `/' from member names sending incremental file list ./ conf-2021-11-13.tar.gz sent 10,298,946 bytes received 46 bytes 6,865,994.67 bytes/sec total size is 10,500,715 speedup is 1.02
没问题就可以设置定时任务了,先设置每分钟执行,没问题再设置成24:00执行
[root@nfs01 ~]# crontab -e 00 00 * * * sh /server/scripts/conf-bak.sh &>/dev/null
查看crontab日志
[root@nfs01 ~]# tail -f /var/log/cron Nov 13 10:08:01 nfs01 anacron[3118]: Normal exit (1 job run) Nov 13 10:45:08 nfs01 crontab[3172]: (root) BEGIN EDIT (root) Nov 13 10:46:24 nfs01 crontab[3172]: (root) REPLACE (root) Nov 13 10:46:24 nfs01 crontab[3172]: (root) END EDIT (root) Nov 13 10:47:01 nfs01 CROND[3175]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null) Nov 13 10:48:01 nfs01 CROND[3184]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null) Nov 13 10:49:01 nfs01 CROND[3211]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null) Nov 13 10:49:24 nfs01 crontab[3219]: (root) BEGIN EDIT (root) Nov 13 10:50:01 nfs01 CROND[3222]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null) Nov 13 10:51:01 nfs01 CROND[3230]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null)
检查客户端与服务端备份的数据是否一致
服务端操作
先命令行查看
[root@backup /backup/172.16.1.31]# find /backup -type f -name '*.md5' |xargs md5sum -c /backup/172.16.1.31/conf-2021-11-13.tar.gz: OK
写成脚本
[root@backup /backup]# vim /server/scripts/check.sh find /backup -type f -name '*.md5' |xargs md5sum -c
写入定时任务
[root@backup /backup]# crontab -e
30 00 * * * sh /server/scripts/check.sh &>/backup/result.txt
配置邮件提醒
set from=xiaohanshen@163.com
#set smtp=smtps://smtp.163.com:465
set smtp-auth-user=xiaohanshen@163.com
set smtp-password=授权码
set smtp-auth-login
#set ssl-verify=ignore
#set nss-config-dir=/etc/pki/nssdb/
set from=xiaohanshen@163.com #发件人地址 set smtp=smtps://smtp.qq.com:465 #发件时调用的服务器 smtp服务器端口25 smtps服务器465(加密) set smtp-auth-user=xiaohanshen@163.com #发件人 set smtp-password=授权码 发件人授权码set ssl-verify=ignore set nss-config-dir=/etc/pki/nssdb/
mail -s '网站永不宕机' qq@qq.com </backup/result.txt
写入脚本
[root@backup /backup]# vim /server/scripts/check.sh find /backup -type f -name '*.md5' |xargs md5sum -c mail -s '网站永不宕机' qq@qq.com </backup/result.txt