linux运维、架构之路-全网备份项目方案
一、项目需求说明
某公司有多台服务器,里面的数据很重要,如果磁盘坏了,数据就会丢失,所以公司要求把重要服务器数据备份以便出现问题时可以进行恢复,要求:每天晚上00点整在所有服务器上打包备份系统配置文件、网站程序目录及访问日志并通过rsync命令推送备份服务器backup上备份保留(备份思路可以是先在本地按日期打包,然后再推到备份服务器backup上)
二、具体需求规划
所有服务器的备份目录必须一致 /backup/
要备份的系统配置文件包括但不限于:
一、定时任务服务器的配置文件(/var/spool/cron/root 适合web服务器和nfs服务器)
二、开机自启动服务的配置文件(/etc/rc.local 适合web和nfs服务器)
三、日常脚本目录(/server/scripts)
四、防火墙iptables的配置文件 (/etc/init.d/iptables)
1、web服务器站点目录例如(/var/html/www)
2、web服务器访问日志路径例如(/app/logs)
3、web服务器保留打包后的7天的备份数据即可(因为本地服务器的磁盘会满)
4、备份服务器上,保留近180天的备份数据,6个月前的数据清除 每周一的所有数据进行保留
5、备份服务器上,要按照备份服务器的内网IP为目录保存备份,备份的文件按照时间名字保存
6、需要保存的数据尽量完整正确,在备份服务器上对备份的数据进行检查,把本分成功及失败的结果信息发送到系统管理员邮箱中
三、服务器信息
服务器说明 |
外网IP |
内网IP |
服务器主机名 |
Nginx web服务器 |
10.0.0.8/24 |
172.16.1.8/24 |
web01 |
NFS存储服务器 |
10.0.0.31/24 |
172.16.1.31/24 |
nfs01 |
rsync备份服务器 |
10.0.0.41/24 |
172.16.1.41/24 |
backup |
四、项目实战部署—搭建rsync服务端(backup)
1、rsync主配置文件
cat >/etc/rsyncd.conf<<EOF #rsync server# #created by yanxinjiang 2017-8-15 ##rsyncd.conf start## uid = rsync gid = rsync use chroot = no max connections = 200 timeout = 300 pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock log file = /var/log/rsyncd.log ignore errors read only = false list = false hosts allow = 172.16.1.0/24 hosts deny = 0.0.0.0/32 auth users = rsync_backup secrets file = /etc/rsync.password [backup] path = /backup EOF
2、创建统一备份数据的目录,添加备份目录管理用户
useradd -s /sbin/nologin -M rsync mkdir /backup -p chown -R rsync.rsync /backup/
3、创建用户认证文件
echo "rsync_backup:123456" >/etc/rsync.password chmod 600 /etc/rsync.password
4、启动rsync服务并设置开机自启动
rsync --daemon lsof -i:873 echo "rsync --daemon" >>/etc/rc.local
5、rsync客户端创建用户认证文件
echo "123456" >/etc/rsync.password chmod 600 /etc/rsync.password
6、客户端验证rsync服务推送功能
①nfs01服务器验证 [root@nfs01 backup]#rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password sending incremental file list hosts ②web01服务器验证 [root@web01 ~]#rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password sending incremental file list hosts
7、rsync服务脚本一键部署
#!/bin/sh . /etc/init.d/functions #created by yanxinjiang 2017-12-15 BakPath=/backup Passwd=123456 IP=172.16.1.0/24 Port=`netstat -lntup|grep 873|wc -l` Create_file(){ cat >/etc/rsyncd.conf<<EOF uid = rsync gid = rsync use chroot = no max connections = 200 timeout = 300 pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock log file = /var/log/rsyncd.log ignore errors read only = false list = false hosts allow = $IP hosts deny = 0.0.0.0/32 auth users = rsync_backup secrets file = /etc/rsync.password [backup] path = $BakPath EOF if [ ! -f /etc/rsyncd.conf ] then action "rsync配置" /bin/false exit 1 elif [ ! -f /usr/bin/rsync ] then action "rsync命令" /bin/false exit 1 fi } Create_user(){ id rsync &>/dev/null if [ $? -ne 0 ];then useradd rsync -s /sbin/nologin -M elif [ ! -d $BakPath ];then mkdir -p $BakPath chown -R rsync.rsync $BakPath echo "rsync_backup:$Passwd" >/etc/rsync.password /bin/chmod 600 /etc/rsync.password fi } Start_rsync(){ if [ $Port -lt 2 ];then rsync --daemon action "Starting rsync..." /bin/true else action "Rsync is running..." /bin/true fi } main(){ Create_file Create_user Start_rsync } main
五、rsync客户端编写备份脚本(web01)
#!/bin/sh . /etc/init.d/functions Backup_Dir=/backup Passwd=123456 Passwd_File=/etc/rsync.password IP=`hostname -I|awk '{print $2}'` Remote_IP=172.16.1.41 #no.1 create backup dir Create_dir(){ [ ! -d ${Backup_Dir}/$IP ] && mkdir -p ${Backup_Dir}/$IP echo "$Passwd" >$Passwd_File && chmod 600 $Passwd_File } #no.2 compress system data to backup_dir Backup_File(){ cd / &&\ tar zchf ${Backup_Dir}/$IP/sysconfig_$(date +%F).tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables &&\ tar zchf ${Backup_Dir}/$IP/html_$(date +%F).tar.gz application/nginx/html/ &&\ tar zchf ${Backup_Dir}/$IP/conf_$(date +%F).tar.gz application/nginx/conf/ } #no.3 push finger info data to remote backup Push_date(){ find ${Backup_Dir}/$IP/ -type f -name "*.tar.gz"|xargs md5sum >${Backup_Dir}/$IP/zhiwen_$(date +%F).txt rsync -az ${Backup_Dir}/$IP "rsync_backup"@${Remote_IP}::backup --password-file=${Passwd_File} if [ $? -eq 0 ];then action "backup" /bin/true else action "backup" /bin/false fi find ${Backup_Dir}/$IP -type f -name "*.tar.gz" -mtime +5|xargs rm -f if [ $? -eq 0 ];then action "rm" /bin/true else action "rm" /bin/false fi } main(){ Create_dir Backup_File Push_date } main
六、rsync客户端编写备份脚本(nfs01)
#!/bin/sh . /etc/init.d/functions Backup_Dir=/backup Passwd=123456 Passwd_File=/etc/rsync.password IP=`hostname -I|awk '{print $2}'` Remote_IP=172.16.1.41 Create_dir(){ [ ! -d ${Backup_Dir}/$IP ] && mkdir -p ${Backup_Dir}/$IP echo "$Passwd" >$Passwd_File && chmod 600 $Passwd_File } Backup_File(){ cd / &&\ tar zchf ${Backup_Dir}/$IP/sysconfig_$(date +%F).tar.gz var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables } Push_date(){ find ${Backup_Dir}/$IP/ -type f -name "*.tar.gz"|xargs md5sum >${Backup_Dir}/$IP/zhiwen_$(date +%F).txt rsync -az ${Backup_Dir}/$IP "rsync_backup"@${Remote_IP}::backup --password-file=${Passwd_File} if [ $? -eq 0 ];then action "backup" /bin/true else action "backup" /bin/false fi find ${Backup_Dir}/$IP -type f -name "*.tar.gz" -mtime +5|xargs rm -f if [ $? -eq 0 ];then action "rm" /bin/true else action "rm" /bin/false fi } main(){ Create_dir Backup_File Push_date } main
七、rsync服务端编写检验脚本(backup)
#!/bin/sh . /etc/init.d/functions BakPath=/backup Check_backup(){ if [ ! -d $BakPath ] then exit else find $BakPath -type f -name "zhiwen*.txt"|xargs md5sum -c >$BakPath/check_info.txt mail -s "check_data mail" 774181401@qq.com <$BakPath/check_info.txt &>/dev/null find $BakPath -type f -name "*.tar.gz" -mtime +7 ! -name "*1.tar.gz" |xargs rm -f fi if [ $? -eq 0 ];then action "check" /bin/true else action "check" /bin/false fi } Check_backup
八、编写全网备份定时任务
1.nfs01服务器定时任务编写
#nfs01 backup data info-cron 00 00 * * * /bin/sh /server/scripts/nfs_backup.sh &>dev/null
2.web01服务器定时任务编写
#web01 backup data info-cron 00 00 * * * /bin/sh /server/scripts/web_backup.sh &>dev/null
3.backup服务器定时任务编写
# backup: backup data info cron 00 05 * * * /bin/sh /server/scripts/backup_server.sh &>/dev/null