最近在搞公司内网数据备份,在此记录下。拓扑如下:
环境描述:web服务器为lnmp环境,其中attachment目录是用户数据,大约有300G,很重要。mysql服务器每天零时备份数据库,备份的数据也需要推到异地。备份软件选用rsync,原因如下:
能更新整个目录和树和文件系统;
有选择性的保持符号链链、硬链接、文件属于、权限、设备以及时间等;
对于安装来说,无任何特殊权限要求;
对于多个文件来说,内部流水线减少文件等待的延时;
只同步增加的数据,效率更高;
搭建过程:
1,rsync服务端安装:
[root@backup ~]# rpm -qa rsync
rsync-3.0.9-18.el7.x86_64
这里已经安装rsync,如果没有安装,则使用下面的命令安装:
[root@backup ~]# yum install rsync -y
2,编辑rsync配置文件:
由于我是使用daemon模式去启动rsync,因此需要一个配置文件,位置为/etc/rsyncd.conf,以下是配置文件的内容:
# Rsync configuration file
uid = root
gid = root
port = 873
address = 192.168.1.222
max connections = 200
use chroot = yes
timeout = 200
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
log format = %t %a %m %f %b
auth users = bkuser
secrets file = /etc/rsyncd.secrets
[attachment]
path = /backup/1/attachment/
comment = "Poplar web data"
list = yes
read only = no
ignore errors = yes
hosts allow = 192.168.1.126/24
hosts deny = *
[dbm]
path = /backup/1/mysql/db.pop.cn/
comment = "database backup"
list = yes
read only = no
ignore errors = yes
hosts allow = 192.168.1.137/24
hosts deny = *
3,创建相应的模块挂载点:
由于数据量比较大,所以我加了一块2T的磁盘单独做备份,挂载点为/disk/1,同时为了防止数据误删,我又在/下创建了backup目录,通过这个入口去链接真正的备份数据。结构如下:
[root@backup ~]# mkdir /backup
[root@backup ~]# mount /dev/sdb /disk/1/ #把2T的磁盘挂载到/disk/1/下
[root@backup ~]# ln -sv /disk/1/ /backup/1 #将/backup/1链接到/disk/1/
‘/backup/1’ -> ‘/disk/1/’
4,设置服务器端权限:
[root@backup ~]# echo ‘bkuser:123456’ > /etc/rsyncd.secrets
[root@backup ~]# chmod 600 /etc/rsyncd.secrets
这里一定要将密码权限设置为600,否则后面推送文件时会报错。
5,启动rsync服务:
[root@backup ~]# rsync --daemon --config=/etc/rsyncd.conf
#检查rsync启动情况
[root@backup ~]# netstat -tnlp | grep rsync
tcp 0 0 192.168.1.222:873 0.0.0.0:* LISTEN 1073/rsync
[root@backup ~]# ps -ef | grep -v grep | grep rsync
root 1073 1 0 03:51 ? 00:00:00 rsync --daemon --config=/etc/rsyncd.conf
可以看到rsync服务已经启动成功。
6,设置rsync开机自启动:
[root@backup ~]# echo '/usr/bin/rsync --daemon --config=/etc/rsyncd.conf' >> /etc/rc.d/rc.local
#这里要注意,/etc/rc.d/rc.local这个文件一定要有可执行权限 chmod +x /etc/rc.d/rc.local
#尽量使用命令的绝对路径。
7,客户端配置权限:
#web主机
[root@web ~]# echo '123456' > /etc/rsync.passwd
[root@web ~]# chmod 600 /etc/rsync.passwd
#mysql主机
[root@mysql ~]# echo '123456' > /etc/rsync.passwd
[root@mysql ~]# chmod 600 /etc/rsync.passwd
8,客户端推送命令:
[root@web ~]# rsync -avz /mnt/wwwroot/poplar/public/attachment/ bkuser@192.168.1.222::attachment --password-file=/etc/rsync.passwd
rsync: failed to connect to 192.168.1.222 (192.168.1.222): No route to host (113)
rsync error: error in socket IO (code 10) at clientserver.c(122) [sender=3.0.9]
报错,No route to host,首先想到的就是防火墙,查看rsync服务端:
[root@backup ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
INPUT_direct all -- anywhere anywhere
INPUT_ZONES_SOURCE all -- anywhere anywhere
INPUT_ZONES all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
#果然有策略
[root@backup ~]# iptables -F
[root@backup ~]# service iptables save
The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
#又报错,这里需要安装iptables-services服务
[root@backup ~]# yum install iptables-services
[root@web ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@web ~]# systemctl start iptables
[root@web ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
#再次推送:
[root@web ~]# rsync -avz /mnt/wwwroot/poplar/public/attachment/ bkuser@192.168.1.222::attachment --password-file=/etc/rsync.passwd
...
sent 1044543 bytes received 9553 bytes 2108192.00 bytes/sec
total size is 4351974 speedup is 4.13
#推送成功
查看服务器端备份情况:
[root@backup ~]# ll /backup/1/attachment/
#发现有一个软链接文件的源文件没有同步过来(不停的闪红色)
查看rsync的帮助信息:
-L, --copy-links transform symlink into referent file/dir
使用-L 选项可以备份软链接文件的源文件,于是我们的推送命令变成了这样:
[root@web ~]# rsync -avzLP /mnt/wwwroot/poplar/public/attachment/ bkuser@192.168.1.222::attachment --password-file=/etc/rsync.passwd
数据库端的推送命令和web端类似,只是不需要-L参数,这里就不演示了。
转载于:https://blog.51cto.com/hld1992/2052617