2019-07-08

                               rsync全网备份

一.rsync服务端（backup服务端）

（1）配置rsyncd.conf配置文件

[root@backup ~]# vim /etc/rsyncd.conf
#rsync_config____start
#created by chensiqi 10:30 2019-7-8
##blog:http://www.cnblogs.com/chensiqiqi/
##rsyncd.conf start##

# 用户
uid = rsync
# 组
gid = rsync
# 程序安全设置
use chroot = no
# 客户端连接数
max connections = 200
# 超时时间
timeout = 300
# 进程号文件位置
pid file = /var/run/rsyncd.pid
# 进程锁
lock file = /var/run/rsync.lock
# 日志文件位置
log file = /var/log/rsyncd.log
####################################
[backup]
# 使用目录
path = /backup/
# 有错误时忽略
ignore errors
# 可读可写（true或false）
read only = false
# 阻止远程列表（不让通过远程方式看服务端有啥）
list = false
# 允许IP
hosts allow = 172.16.1.0/24
# 禁止IP
hosts deny = 0.0.0.0/32
# 虚拟用户
auth users = rsync_backup
# 存放用户和密码的文件
secrets file = /etc/rsync.password

  rsync_config____end##
▽/etc/rsyncd.conf" 41L, 876C written

（2）创建rsync账户及共享目录并修改目录属主为rsync

[root@backup ~]# useradd -M -s /sbin/nologin rsync
[root@backup ~]# mkdir /backup
[root@backup ~]# chown -R rsync /backup

（3）创建密码文件，并修改权限为600

[root@backup ~]# echo 'rsync_backup:123456' >/etc/rsync.password 
[root@backup ~]# chmod 600 /etc/rsync.password
[root@backup ~]# ll /etc/rsync.password
-rw------- 1 root root 0 May 22 09:14 /etc/rsync.password
[root@backup ~]# cat /etc/rsync.password 
rsync_backup:123456

（4）启动和开机自动启动

[root@backup ~]# systemctl restart rsyncd
[root@backup ~]# systemctl is-active rsyncd
active
[root@backup ~]# systemctl is-enabled rsyncd
disabled
[root@backup ~]# systemctl enable rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
[root@backup ~]# systemctl is-enabled rsyncd
enabled
[root@backup ~]# ps -ef |grep 'rsync'
root       8067      1  0 09:21 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root       8102   7459  0 09:22 pts/0    00:00:00 grep --color=auto rsync
[root@backup ~]# ss -lntup |grep 'rsync'
tcp    LISTEN     0      5         *:873                   *:*                   users:(("rsync",pid=8067,fd=3))
tcp    LISTEN     0      5        :::873                  :::*                   users:(("rsync",pid=8067,fd=5))

（5）测试

[root@backup ~]# rsync -avz /etc/hostname  [email protected]::backup
Password: 
sending incremental file list
hostname

sent 102 bytes  received 43 bytes  41.43 bytes/sec
total size is 7  speedup is 0.05
[root@backup ~]# tree /backup/
/backup/
└── hostname

0 directories, 1 file
[root@backup ~]# cat /backup/hostname 
backup

二.rsync客户端（web01客户端）

1.密码文件和修改权限

[root@web01 ~]# echo '123456' >/etc/rsync.password
[root@web01 ~]# chmod 600 /etc/rsync.password
[root@web01 ~]# ll /etc/rsync.password
-rw------- 1 root root 7 May 22 09:25 /etc/rsync.password
[root@web01 ~]# cat /etc/rsync.password
123456

2.测试

（1）web01服务器：

[root@web01 ~]# rsync -avz /etc/hosts  [email protected]::backup --password-file=/etc/rsync.password 
sending incremental file list
hosts

sent 221 bytes  received 43 bytes  528.00 bytes/sec
total size is 349  speedup is 1.32

（2）backup服务器

[root@backup ~]# tree /backup/
/backup/
├── hostname
└── hosts

0 directories, 2 files
[root@backup ~]# cat /backup/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.1.5      lb01
172.16.1.6      lb02
172.16.1.7      web01
172.16.1.8      web02
172.16.1.31     nfs01
172.16.1.41     backup
172.16.1.51     db01 db01.etiantian.org
172.16.1.61     m01

三.备份命令和脚本：

1.客户端

（1）第一步：创建ip地址命名的目录：

[root@web01 ~]# IP=`hostname -I |awk '{print $2}'`
[root@web01 ~]# echo $IP
172.16.1.7
[root@web01 ~]# mkdir -p /backup/$IP
[root@web01 ~]# tree /backup/
/backup/
└── 172.16.1.7

1 directory, 0 files

（2）第二步： 打包压缩文件到这个目录下并以时间命名

[root@web01 ~]# DATE=`date +%F-%w`
[root@web01 ~]# echo $DATE
2019-07-9-2
[root@web01 ~]# tar zcf /backup/$IP/conf-$DATE.tar.gz   /etc/ 
tar: Removing leading `/' from member names
[root@web01 ~]# tree /backup/
/backup/
└── 172.16.1.7
    └── conf-2019-07-9-2.tar.gz

1 directory, 1 file

（3）第三步： 制作MD5校验码，并放到创建的目录下

[root@web01 ~]# HOST=`hostname`
[root@web01 ~]# echo $HOST
web01
[root@web01 ~]# find /backup/ -type f -name '*.tar.gz' |xargs md5sum >/backup/$IP/conf-$HOST.md5
[root@web01 ~]# tree /backup/
/backup/
└── 172.16.1.7
    ├── conf-2019-07-9-2.tar.gz
    └── conf-web01.md5

1 directory, 2 files
[root@web01 ~]# md5sum -c /backup/$IP/conf-$HOST.md5
/backup/172.16.1.7/conf-2019-07-9-2.tar.gz: OK

（4）第四步： 把备份推送到backup服务器的backup模块下

[root@web01 ~]# #备份推送到backup服务器的backup模块下
[root@web01 ~]# rsync -avz /backup/  [email protected]::backup --password-file=/etc/rsync.password 
sending incremental file list
./
172.16.1.7/
172.16.1.7/conf-2019-07-9-2.tar.gz
172.16.1.7/conf-web01.md5

sent 10,016,550 bytes  received 73 bytes  6,677,748.67 bytes/sec
total size is 10,217,175  speedup is 1.02
####到backup服务器下查看
[root@backup ~]# tree /backup/
/backup/
├── 172.16.1.7
│   ├── conf-2019-07-9-2.tar.gz
│   └── conf-web01.md5
├── hostname
└── hosts

1 directory, 4 files

（5）第五步： 删除7天之前的备份

[root@web01 ~]# find /backup/ -type f -name 'conf-*' -mtime +7 |xargs rm -f
[root@web01 ~]# ll /backup/172.16.1.7/
total 0

（6）第六步： 书写脚本

 [root@web02 ~]# vim /server/scripts/bak.sh
#!/bin/bash
#bianlaing
HOST=`hostname`
DATE=`date +%F-%w`
IP=`hostname -I |awk '{print $2}'`
#mkdir
mkdir -p /backup/$IP
#tar
tar zcf /backup/$IP/conf-$DATE-$HOST.tar.gz  /var/spool/cron/root /etc/rc.local /server/scripts/ /et
c/sysconfig/iptables /var/html/www/  /app/logs/ /var/log/messages /var/log/secure /var/log/cron  /va
r/log/rsyncd.log /etc/

#make md5
md5sum /backup/$IP/conf-$DATE-$HOST.tar.gz  >/backup/$IP/conf-$DATE-$HOST.md5
#bash
rsync -az /backup/ [email protected]::backup --password-file=/etc/rsync.password
#del 7 day ago md5 and tar file
find /backup/ -type f -name 'conf*' -mtime +7 |xargs rm -f

（7）第七步：执行脚本进行测试：

[root@web02 ~]# sh -x /server/scripts/bak.sh 
++ hostname
+ HOST=web02
++ date +%F-%w
+ DATE=2019-07-9-2
++ awk '{print $2}'
++ hostname -I
+ IP=172.16.1.8
+ mkdir -p /backup/172.16.1.8
+ tar zcf /backup/172.16.1.8/conf-2019-07-9-2-web02.tar.gz /var/spool/cron/root /etc/rc.local /server/scripts/ /etc/sysconfig/iptables /var/html/www/ /app/logs/ /var/log/messages /var/log/secure /var/log/cron /var/log/rsyncd.log /etc/
tar: Removing leading `/' from member names
tar: Removing leading `/' from hard link targets
+ md5sum /backup/172.16.1.8/conf-2019-07-9-2-web02.tar.gz
+ rsync -az /backup/ [email protected]::backup --password-file=/etc/rsync.password
+ find /backup/ -type f -name 'conf*' -mtime +7
+ xargs rm -f
[root@web02 ~]# tree /backup/
/backup/
└── 172.16.1.8
    ├── conf-2019-07-9-2-web02.md5
    └── conf-2019-07-9-2-web02.tar.gz

1 directory, 2 files
########到backup服务旗下查看是否推送过去了
[root@backup ~]# tree /backup/
/backup/
├── 172.16.1.8
│   ├── conf-2019-07-9-2-web02.md5
│   └── conf-2019-07-9-2-web02.tar.gz
└── chekmd5-2019-07-9-2.txt

1 directory, 3 files

（8）第八步：书写定时任务并进行测试

[root@web02 ~]# crontab -e
#bak web01 bash backup server
* *  * * *  sh  /server/scripts/bak.sh  >/dev/null >2&1
##########
测试成功后修改为我们所需要的
[root@web02 ~]# crontab -e
#bak web01 bash backup server
00 00  * * *  sh  /server/scripts/bak.sh  >/dev/null >2&1
[root@web02 ~]# 

2.服务端

（1）校验MD5信息

[root@backup ~]# md5sum -c /backup/172.16.1.8/conf-2019-07-9-2-web02.md5  >/backup/chekmd5-2019-07-9-2.txt 
[root@backup ~]# cat /backup/chekmd5-2019-07-9-2.txt 
/backup/172.16.1.8/conf-2019-07-9-2-web02.tar.gz: OK

（2）删除180天前的备份文件但是保留周六的

[root@backup ~]# find /backup/ -type f -name 'conf*' ! -name '*-6*'  -mtime +180 |xargs rm -f

（3）修改邮件服务的配置文件

[root@www script] vim /etc/mail.rc

在文件中添加如下：

set [email protected]

set smtp=smtp.qq.com

set [email protected]

set smtp-auth-password=yslsnzvgqqtadhee （QQ邮箱授权码，需要开启pop3和smtp就会生成）

set smtp-auth=login

set smtp-use-starttls （后面加上生成的pop3或smtp授权码）

set ssl-verify=ignore （后面加上生成的pop3或smtp授权码）

set nss-config-dir=/etc/pki/nssdb/ （后面加上生成的pop3或smtp授权码）

（4）发送邮件

[root@backup ~]# date 
Wed May 9 9:25:30 CST 2019
[root@backup ~]# mail -s "CHEK WEB01 BACK MD5" [email protected]  

（5）书写脚本并检测

[root@backup ~]# vim /server/scripts/chek.sh 
#!/bin/bash
DATE=`date +%F-%w`
#del 180 day ago and save Mon file 
find /backup/ -type f -name 'conf*' ! -name '*-6*'  -mtime +180 |xargs rm -f
#chek md5
find /backup/ -type f -name '*.md5' |xargs md5sum -c >/backup/chekmd5-$DATE.txt
#mail
mail -s "CHEK WEB01 BACK MD5" [email protected]  

（6）书写定时任务检测后改为我们需要的时间

[root@backup ~]# crontab -e
#chek bak file
* *  * * *    sh  /server/scripts/chek.sh   >/dev/null >2&1
########################
修改为我们需要的时间
[root@backup ~]# crontab -e
#chek bak file
00 00  * * *    sh  /server/scripts/chek.sh   >/dev/null >2&1