网硕互联帮助中心自动化备份全网服务器数据平台
项目环境
项目拓扑结构
软硬件环境清单
- 已知3台服务器主机名分别为web01、backup、nfs01,主机信息建下表。
| web01 | 192.168.61.140 | cpu:1颗2核内 存:2GBHDD:20GB网 络:NAT | VmWare17Centos7.9nginx1.20rsync3.1.2 |
| nfs01 | 192.168.61.141 | cpu:1颗2核内 存:2GBHDD:20GB网 络:NAT | VmWare17Centos7.9nfsrpcbindrsync3.1.2 |
| backup | 192.168.61.142 | cpu:1颗2核内 存:2GBHDD:20GB网 络:NAT | VmWare17Centos7.9mailx12.5rsync3.1.2 |
- Centos7.9的iso下载链接:https://mirrors.aliyun.com/centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-DVD-2207-02.iso
任务清单
项目环境搭建
-
可以使用iventoy网启安装3台centos7.9服务器
-
按照规划,最小化部署系统,关闭防火墙,禁用SELinux,确保能够联网。
服务器部署
Web服务器搭建部署
- 验证Rsync服务能否推送成功。
- 开发脚本实现打包备份、推送、校验、删除。
- 配置定时任务每天0点定时推送(0时是时间的一个分割点)。
NFS服务器搭建部署
-
验证Rsync服务能否推送成功。
-
开发脚本实现打包备份、推送、校验、删除。
-
配置定时任务每天0点定时推送(0时是时间的一个分隔点)。
-
配置脚本和web服务器类似,过程略。
搭建备份服务器
- rsync服务器搭建部署。
- 开发脚本实现校验、删除、报警。
- 配置实时任务每天6点实时执行。
- 配置告警邮件发送平台
实施步骤
环境搭建
- 安装Centos7.9系统
- 替换yum源
在CentOS 7中,默认的YUM源可能会因为网络问题或镜像失效导致无法正常下载软件包。为确保YUM源的可用性,可以执行以下步骤更新YUM源:
sudo yum clean all # 清理缓存
sudo yum makecache # 重新生成缓存
阿里云提供了针对CentOS 7的镜像源,可以通过以下步骤进行配置:
- 备份原有YUM源配置文件:
sudo cp /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
- 下载并替换为阿里云镜像源:
sudo wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
- 清理缓存并生成新的缓存:
sudo yum clean all
sudo yum makecache
-
关闭防火墙和selinux
#关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# systemctl status firewalld
● firewalld.service – firewalld – dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
#关闭selinux
[root@localhost ~]# vi /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# hostnamectl set-hostname web01
[root@localhost ~]# reboot
[root@localhost ~]# setenforce 0
setenforce: SELinux is disabled
将配置好的CentOS 7系统,克隆两个主机。
web01服务器环境搭建
- 设置主机名
[root@localhost ~]# hostnamectl set-hostname web01
[root@localhost ~]# reboot
- 设置静态ip
[root@web01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=504a9111-9eae-43e9-9937-dfb86587060c
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.61.140 #ip
PREFIX=24
GATEWAY=192.168.61.2 #网关
DNS1=114.114.114.114 #dns
[root@web01 ~]# nmcli c up ens32
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/7)
[root@web01 ~]# nmcli c reload
- 安装所有软件
[root@web01 ~]# yum install vim tree tar net-tools rsync nfs-utils -y
[root@web01 ~]# yum install nginx -y
- 部署网站
[root@web01 ~]# mkdir /www
[root@web01 ~]# cd /www
[root@web01 www]#
# 使用xftp将web源文件上传至/www
[root@web01 www]# ls
sczl.zip
#对sczl.zip进行解压缩
[root@web01 www]# unzip sczl.zip
#修改配置文件
[root@web01 www]# vim /etc/nginx/nginx.conf
42 root /www;
[root@web01 ~]# systemctl start nginx
[root@web01 ~]# systemctl enable nginx
Created symlink from /etc/systemd/system/multi-user.target.wants/nginx.service to /usr/lib/systemd/system/nginx.service.
# 测试:打开windows端浏览器输入服务端IP地址
nfs服务器环境搭建
- 设置主机名
[root@localhost ~]# hostnamectl set-hostname nfs01
[root@localhost ~]# reboot
- 设置静态ip
[root@nfs01 ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=504a9111-9eae-43e9-9937-dfb86587060c
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.61.141#ip
PREFIX=24
GATEWAY=192.168.61.2#网关
DNS1=114.114.114.114#dns
[root@nfs01 ~]# nmcli c up ens32
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@nfs01 ~]# nmcli c reload
- 安装所有软件
[root@nfs01 ~]# yum install vim tree tar net-tools rsync -y
[root@nfs01 ~]# yum install rpcbind -y
[root@nfs01 ~]# yum install nfs-utils -y
- 部署共享存储,nfs01为服务端,web01为客户端
在nfs01上操作:
[root@nfs01 ~]# mkdir /nfsfile
[root@nfs01 ~]# echo "welcome to www.openlab.com" > /nfsfile/readme
[root@nfs01 ~]# chmod -Rf 777 /nfsfile
# 编辑主配置文件
[root@nfs01 ~]# vim /etc/exports
/nfsfile 192.168.61.140/24(rw,sync,all_squash)
[root@nfs01 ~]# systemctl start rpcbind
[root@nfs01 ~]# systemctl enable rpcbind
[root@nfs01 ~]# systemctl start nfs-server
[root@nfs01 ~]# systemctl enable nfs-server
Created symlink from /etc/systemd/system/multi-user.target.wants/nfs-server.service to /usr/lib/systemd/system/nfs-server.service.
在web01上操作:
[root@web01 ~]# showmount -e 192.168.61.141
Export list for 192.168.61.141:
/nfsfile 192.168.61.140/24
[root@web01 ~]# mkdir /web_nfs
[root@web01 ~]# mount -t nfs 192.168.61.141:/nfsfile /web_nfs
[root@web01 ~]# cd /web_nfs
[root@web01 web_nfs]# ls
readme
[root@web01 web_nfs]# vim /etc/fstab
192.168.61.141:/nfsfile /web_nfs nfs defaults 0 0
[root@web01 web_nfs]# mount -a
[root@web01 web_nfs]# df -h
文件系统 容量 已用 可用 已用% 挂载点
devtmpfs 974M 0 974M 0% /dev
tmpfs 991M 0 991M 0% /dev/shm
tmpfs 991M 11M 980M 2% /run
tmpfs 991M 0 991M 0% /sys/fs/cgroup
/dev/mapper/centos-root 15G 4.6G 11G 31% /
/dev/sda1 1014M 174M 841M 18% /boot
tmpfs 199M 60K 198M 1% /run/user/0
192.168.61.141:/nfsfile 15G 5.3G 9.8G 35% /web_nfs
backup服务器环境搭建
- 设置主机名
[root@localhost ~]# hostnamectl set-hostname backup
[root@localhost ~]# reboot
- 设置静态ip
[root@backup ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens32
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens32
UUID=504a9111-9eae-43e9-9937-dfb86587060c
DEVICE=ens32
ONBOOT=yes
IPADDR=192.168.61.142 #ip
PREFIX=24
GATEWAY=192.168.61.2 # 网关
DNS1=114.114.114.114 #dns
[root@backup ~]# nmcli c up ens32
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)
[root@backup ~]# nmcli c reload
- 安装所有软件
[root@backup ~]# yum install vim tree tar net-tools rsync mailx -y
- 修改rsync配置文件
[root@backup ~]# vim /etc/rsyncd.conf
uid = rsync
gid = rsync
use chroot = no
max connections = 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
fake super = yes
[backup]
path = /backup
ignore errors
read only = false
list = false
hosts allow = 192.168.61.0/24
hosts deny = 0.0.0.0/32
auth users = rsync
secrets file = /etc/rsync.password
- 根据配置文件设置
# 创建rsync账户及共享目录并修改目录属主为rsync
[root@backup ~]# useradd -M -s /sbin/nologin rsync
[root@backup ~]# mkdir /backup
[root@backup ~]# chown -R rsync /backup
# 开机并启动服务
[root@backup ~]# systemctl enable –now rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
[root@backup ~]# ps -ef | grep rsync
root 63159 1 0 22:02 ? 00:00:00 /usr/bin/rsync –daemon –no-detach
root 63176 61314 0 22:03 pts/1 00:00:00 grep –color=auto rsync
# 创建rsync虚拟账户名和密码,并赋予密码文件600权限
[root@backup ~]# echo "rsync:rsync123" > /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password
配置备份脚本
配置web01客户端本地备份脚本
- web01客户端主机需要打包备份的内容:
#日志文件
[root@web01 ~]# tree /var/log/nginx
/var/log/nginx
├── access.log
└── error.log
0 directories, 2 files
#网站主数据
[root@web01 ~]# tree /www -d
/www
└── sczl
├── css
│?? └── fonts
├── img
├── js
└── temp
6 directories
# 以及定时任务和备份脚本源文件 :/var/spool/cron/root、/etc/rc.local、/server/scripts
- 编写备份web01服务器的脚本
[root@web01 ~]# mkdir /backup
[root@web01 ~]# mkdir -p /server/scripts
[root@web01 ~]# vim /server/scripts/backup.sh
#!/bin/bash
# Date:2025-8-10
#Author:yinbai
#Mail:3456372910@qq.com
#Function: Regularly backup data from web servers
#Version:V1.0
Date=$(date +%F_Week0%w)
Host_IP=$(ifconfig ens32 | awk '/inet / {print $2}')
Backup_Dir="/backup/"
Backup_Server_IP=192.168.61.142
# 创建指定目录和IP的目录
[ ! -d $Backup_Dir/$Host_IP ] && mkdir -p $Backup_Dir/$Host_IP
# 输出提示信息
echo ${Date} ${Host_IP} start backup ......
# 按要求打包备份所有本地重要文件
cd / &&\\
tar cf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz var/spool/cron &&\\
tar rf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz etc/rc.d/rc.local &&\\
tar rf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz server/scripts/ &&\\
tar zcf $Backup_Dir$Host_IP/www_${Date}_tar.gz www/ &&\\
tar zcf $Backup_Dir$Host_IP/nginx_logs_${Date}_tar.gz var/log/nginx/ &&\\
# 给所有备份的压缩文件建立指纹,放入指纹库flag,后面会验证完整性
find ${Backup_Dir:-/tmp} -type f -name "*${Date}_tar.gz" |xargs md5sum >$Backup_Dir/$Host_IP/${Date}.flag
# 把备份推送到备份服务器
rsync -az $Backup_Dir rsync@${Backup_Server_IP}::backup –password-file=/etc/rsync.password
# 删除7天以前的所有本地备份数据
find ${Backup_Dir:-/tmp} -type f -name "*.tar.gz" -a -name "*flag*" -mtime +7|xargs rm -f
echo "Local backup successful, the backup files have been pushed to the backup server"
[root@web01 ~]# vim /etc/rsync.password # 建立客户端密码
rsync123
[root@web01 ~]# chmod 600 /etc/rsync.password #密码认证文件权限设置为600
- 测试
[root@web01 ~]# bash /server/scripts/backup.sh
2025-08-11_Week01 192.168.61.140 start backup ......
Local backup successful, the backup files have been pushed to the backup server
# 在/backup/192.168.61.140/下可以看到备份的数据
[root@backup ~]# ls /backup/192.168.61.140/
2025-08-11_Week01.flag sys_file_bak_2025-08-11_Week01_tar.gz
nginx_logs_2025-08-11_Week01_tar.gz www_2025-08-11_Week01_tar.gz
配置nfs01客户端本地备份脚本
- nfs01客户端主机需要打包备份的内容:
[root@nfs01 ~]# tree /nfsfile/
/nfsfile/
└── readme
0 directories, 1 file
# 以及/var/log/message文件、mount -l 挂载信息
- 编写备份nfs01服务器的脚本
[root@nfs01 ~]# mkdir /backup
[root@nfs01 ~]# mkdir -p /server/scripts
[root@nfs01 ~]# vim /server/scripts/backup.sh
#!/bin/bash
#Date:2025-8-10
# Author:yinbai
# Mail:3456372910@qq.com
# Function: Regularly backup data from nfs servers
# Version: V1.0
Date=$(date +%F_Week0%w)
Host_IP=$(ifconfig ens32 | awk '/inet / {print $2}')
Backup_Dir="/backup/"
Backup_Server_IP=192.168.61.142
mount -l > /var/log/mount.log
# 创建指定目录和IP的目录
[ ! -d $Backup_Dir/$Host_IP ] && mkdir -p $Backup_Dir/$Host_IP
# 输出提示信息
echo ${Date} ${Host_IP} start backup ......
# 按要求打包备份所有本地重要文件
cd / &&\\
tar cf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz var/spool/cron &&\\
tar rf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz etc/rc.d/rc.local &&\\
tar rf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz server/scripts/ &&\\
tar zcf $Backup_Dir$Host_IP/nfs_${Date}_tar.gz nfsfile/ &&\\
tar zcf $Backup_Dir$Host_IP/mount_logs_${Date}_tar.gz var/log/mount.log/ &&\\
# 给所有备份的压缩文件建立指纹,放入指纹库flag,后面会验证完整性
find ${Backup_Dir:-/tmp} -type f -name "*${Date}_tar.gz" |xargs md5sum >$Backup_Dir/$Host_IP/${Date}.flag
# 把备份推送到备份服务器
rsync -az $Backup_Dir rsync@${Backup_Server_IP}::backup –password-file=/etc/rsync.password
# 删除7天以前的所有本地备份数据
find ${Backup_Dir:-/tmp} -type f -name "*.tar.gz" -a -name "*flag*" -mtime +7|xargs rm -f
echo "Local backup successful, the backup files have been pushed to the backup server"
[root@nfs01 ~]# vim /etc/rsync.password# 建立客户端密码
rsync123
[root@nfs01 ~]# chmod 600 /etc/rsync.password #密码认证文件权限设置为600
- 测试
[root@nfs01 ~]# bash /server/scripts/backup.sh
2025-08-11_Week01 192.168.61.141 start backup ......
Local backup successful, the backup files have been pushed to the backup server
[root@backup ~]# ls /backup/192.168.61.141
2025-08-11_Week01.flag nfs_2025-08-11_Week01_tar.gz
mount_logs_2025-08-11_Week01_tar.gz sys_file_bak_2025-08-11_Week01_tar.gz
配置定时任务
- web01服务器编辑定时任务,实现每天00:00定时备份本地数据,并推送到Rsync服务器上
# 查看crond服务状态,默认已安装
[root@web01 ~]# systemctl status crond
● crond.service – Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2025-08-11 12:41:36 CST; 6h ago
Main PID: 1376 (crond)
Tasks: 1
CGroup: /system.slice/crond.service
└─1376 /usr/sbin/crond -n
8月 11 12:41:36 web01 systemd[1]: Started Command Scheduler.
8月 11 12:41:36 web01 crond[1376]: (CRON) INFO (RANDOM_DELAY will be scaled with ...d.)
8月 11 12:41:36 web01 crond[1376]: (CRON) INFO (running with inotify support)
Hint: Some lines were ellipsized, use -l to show in full.
# 编辑定时任务
[root@web01 ~]# crontab -e
# crond-id-001:data backup
00 00 * * * /bin/sh /server/scripts/backup.sh > /dev/null 2>&1
# 若出现定时任务如下信息不用处理:
no crontab for root – using an empty one
crontab: installing new crontab
[root@web01 ~]# crontab -l
# crond-id-001:data backup
00 00 * * * /bin/sh/server/scripts/backup.sh > /dev/null 2>&1
- nfs01服务器编辑定时任务,实现每天00:00定时备份本地数据,并推送到Rsync服务器上
# 查看crond服务状态,默认已安装
[root@nfs01 ~]# systemctl status crond
● crond.service – Command Scheduler
Loaded: loaded (/usr/lib/systemd/system/crond.service; enabled; vendor preset: enabled)
Active: active (running) since 一 2025-08-11 12:41:34 CST; 6h ago
Main PID: 1104 (crond)
Tasks: 1
CGroup: /system.slice/crond.service
└─1104 /usr/sbin/crond -n
8月 11 12:41:34 nfs01 systemd[1]: Started Command Scheduler.
8月 11 12:41:34 nfs01 crond[1104]: (CRON) INFO (RANDOM_DELAY will be scaled with ...d.)
8月 11 12:41:34 nfs01 crond[1104]: (CRON) INFO (running with inotify support)
Hint: Some lines were ellipsized, use -l to show in full.
# 编辑定时任务
[root@web01 ~]# crontab -e
# crond-id-001:data backup
00 00 * * * /bin/sh /server/scripts/backup.sh > /dev/null 2>&1
# 若出现定时任务如下信息不用处理:
no crontab for root – using an empty one
crontab: installing new crontab
[root@nfs01 ~]# crontab -l
# crond-id-001:data backup
00 00 * * * /bin/sh /server/scripts/backup.sh > /dev/null 2>&1
- backup服务器编写脚本,实现删除180天前的所有备份数据,但保存每周一的
[root@backup ~]# mkdir -p /server/scripts
[root@backup ~]# cd /server/scripts/
[root@backup scripts]# vim /server/scripts/del_bak_data.sh
#!/bin/bash
# Date:2025-8-10
# Author:yinbai
# Mail:3456372910@qq.com
# Function: Delete all backup data from 180 days ago,but save every Monday
# Version:V1.0
Backup_Dir="/backup/"
# 删除7天前的压缩包和flag文件,但是每周一的不删
find ${Backup_Dir:-/tmp} -type f -name "*tar.gz*" ! -name "*Week01*" -o -name "*flag*" -mtime +7|xargs rm -f
# 删除180天前的所有压缩包和flag文件
find ${Backup_Dir:-/tmp} -type f -name "*tar.gz*" -name "*flag*" -mtime +180|xargs rm -f
# 注意:Backup_Dir:-/tmp表示检查环境变量 Backup_Dir 是否已设置。如果设置了,就使用其值;
如果没有设置,就使用默认值 /tmp
- backup服务器配置定时任务,实现服务端180天前数据自动删除
[root@backup ~]# crontab -e
# crond-id-003:data backup
00 00 * * * /bin/sh /server/scripts/del_bak_data.sh >/dev/null 2>&1
数据传输完整性验证与监控告警
验证数据完整性
- backup服务端针对客户端备份时的md5指纹数据,利用MD5命令进行验证,完成数据传输过程完整性验证。
[root@backup ~]# vim sed_mail.sh
#!/bin/bash
# Date:2025-8-10
# Author:yinbai
# Mail:3456372910@qq.com
# Function: Verify the integrity of backup files
# Version: V1.0
Date=$(date +%F_Week0%w)
Backup_Dir="/backup/"
Check_Log="/tmp/bak.log_$(date +%F)" # 定时检查备份结果的文件
Admin_Mail=3456372910@qq.com # 管理员邮箱
find $Backup_Dir -type f -name "${Date}.flag"|xargs md5sum -c >> $Check_Log
if [ -n "cat $Check_Log" ]
then
mail -s "$Date backup data info" $Admin_Mail < $Check_Log
else
echo "$Date backup data error,pls check it." > $Check_Log # 如果结果文件不存在,>日志信息变化,报错
mail -s "$Date backup data info" $Admin_Mail < $Check_Log
fi
cp $Check_Log{,.ori} && > $Check_Log
配置邮件告警
- 安装邮件服务
[root@backup ~]# yum install mailx -y
- 配置qq邮箱ssl证书
[root@backup ~]# mkdir -p /root/.certs
[root@backup ~]# cd /root/.certs
[root@backup .certs]# echo -n | openssl s_client -connect smtp.qq.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/qq.crt
[root@backup .certs]# certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
[root@backup .certs]# certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
[root@backup .certs]# certutil -A -n "GeoTrust SSL CA – G3" -t "Pu,Pu,Pu" -d ./ -i qq.crt
Notice: Trust flag u is set automatically if the private key is present.
- 配置邮件服务
[root@backup .certs]# vim /etc/mail.rc
# 最后一行后添加以下内容:
set from=3456372910@qq.com
set smtp=smtps://smtp.qq.com:465 # ssl端口默认465
set smtp-auth-user=3456372910@qq.com
set smtp-auth-password=pyyxjaqtydcjcicf # 授权码
set smtp-auth=login
set nss-config-dir=/root/.certs/ # 设置证书路径
set ssl-verify=ignore # 启用加密ssl传输in
- 测试邮件服务
[root@backup ~]# echo "testmail" | mail -s "testmail" 3456372910@qq.com
[root@backup ~]# smtp-server: "/root/dead.letter" 0/0
. . . message not sent.
[root@backup ~]# bash sed_mail.sh
[root@backup ~]# smtp-server: "/root/dead.letter" 0/0
. . . message not sent.
评论前必须登录!
注册