Linux中自动化备份全网服务器数据平台(Rsync+shell)
1.项目说明:该项目共分为2个子项目,由环境搭建和实施备份两部分组成,目的是系统服务部署使用、shell编程等知识
2.项目背景知识:
(1)总体需求:某企业里有一台Web服务器,里面的数据很重要,但是如果硬盘坏了数据就会丢失,现在领导要求把数据 做备份,这样Web服务器数据丢失在可以进行恢复
3.实验步骤
安装、启动Nginx并配置Nginx配置文件
#下载nginx
[root@web01 ~]# wget -O /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo
[root@web01 ~]# yum makecache
[root@web01 ~]# yum install nginx -y
#启动并设置开机自启
[root@web01 ~]# systemctl enable --now nginx
#编写配置文件
[root@web01 ~]# mkdir /www
[root@web01 ~]# ls /www
sczl
[root@web01 ~]# vim /etc/nginx/nginx.conf
root /www/sczl;
[root@web01 ~]# systemctl restart nginx
配置web01客户端本地备份脚本
[root@web01 ~]# mkdir /backup
[root@web01 ~]# mkdir -p /server/scripts
[root@web01 ~]# vim /server/scripts/backup.sh
#!/bin/bash
# Date:2026-6-24
# Author:zlybn
# Mail:zlybn@152.com
# Function: Regularly backup data from web servers
# Version: V1.0
Date=$(date +%F_Week0%w) # 定义时间方式
Host_IP=$(ifconfig ens32 | awk '/inet / {print $2}') # 获取IP,注意网卡名
Backup_Dir="/backup/" # 本地备份路径
Backup_Server_IP=192.168.247.154 # 备份服务器的IP
# 创建指定目录和IP的目录
[ ! -d $Backup_Dir/$Host_IP ] && mkdir -p $Backup_Dir/$Host_IP
# 输出提示信息
echo ${Date} ${Host_IP} start backup ......
# 按要求打包备份所有本地重要文件
cd / &&\
tar cf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz var/spool/cron &&\
tar rf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz etc/rc.d/rc.local &&\
tar rf ${Backup_Dir}${Host_IP}/sys_file_bak_${Date}_tar.gz server/scripts/ &&\
tar zcf $Backup_Dir$Host_IP/www_${Date}_tar.gz www/ &&\
tar zcf $Backup_Dir$Host_IP/nginx_logs_${Date}_tar.gz var/log/nginx/ &&\
# 给所有备份的压缩文件建立指纹,放入指纹库flag,后面会验证完整性
find ${Backup_Dir:-/tmp} -type f -name "*${Date}_tar.gz" |xargs md5sum >$Backup_Dir/$Host_IP/${Date}.flag
# 把备份推送到备份服务器
rsync -az $Backup_Dir rsync@${Backup_Server_IP}::backup --password-file=/etc/rsync.password
# 删除7天以前的所有本地备份数据
find ${Backup_Dir:-/tmp} -type f -name "*.tar.gz" -a -name "*flag*" -mtime +7|xargs rm -f
echo "Local backup successful, the backup files have been pushed to the backup server"
[root@web01 ~]# vim /etc/rsync.password
rsync123
[root@web01 ~]# chmod 600 /etc/rsync.password
备份服务器 (Backup) Rsync 服务端配置
#修改配置文件
[root@backup ~]# vim /etc/rsyncd.conf
uid = rsync
gid = rsync
use chroot = no
max connections = 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
fake super = yes
[backup]
path = /backup
ignore errors
read only = false
list = false
hosts allow = 192.168.88.0/24
hosts deny = 0.0.0.0/32
auth users = rsync
secrets file = /etc/rsync.password
#根据配置文件设置
[root@backup ~]# useradd -M -s /sbin/nologin rsync
[root@backup ~]# mkdir /backup
[root@backup ~]# chown -R rsync /backup
[root@backup ~]# systemctl enable --now rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
[root@backup ~]# ps -ef | grep rsync
root 40165 1 0 02:45 ? 00:00:00 /usr/bin/rsync --daemon --no-detach
root 40289 1315 0 02:45 pts/0 00:00:00 grep --color=auto rsync
[root@backup ~]# echo "rsync:rsync123" > /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password
配置邮件告警
[root@backup ~]# yum install mailx -y
配置qq邮箱ssl证书
[root@backup ~]# mkdir /root/.certs
[root@backup ~]# cd /root/.certs/
[root@backup .certs]# echo -n | openssl s_client -connect smtp.qq.com:465 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ~/.certs/qq.crt
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root G2
verify return:1
depth=1 C = US, O = "DigiCert, Inc.", CN = DigiCert Secure Site OV G2 TLS CN RSA4096 SHA256 2022 CA1
verify return:1
depth=0 C = CN, ST = Guangdong Province, L = Shenzhen, O = Shenzhen Tencent Computer Systems Company Limited, CN = *.mail.qq.com
verify return:1
DONE
[root@backup .certs]# certutil -A -n "GeoTrust SSL CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
[root@backup .certs]# certutil -A -n "GeoTrust Global CA" -t "C,," -d ~/.certs -i ~/.certs/qq.crt
[root@backup .certs]# certutil -A -n "GeoTrust SSL CA - G3" -t "Pu,Pu,Pu" -d ./ -i qq.crt
Notice: Trust flag u is set automatically if the private key is present.
[root@backup .certs]#
配置邮件服务
[root@backup .certs]# vim /etc/mail.rc
# 最后一行后添加以下内容:
set from=3215848290@qq.com
set smtp=smtps://smtp.qq.com:465 # ssl端口默认465
set smtp-auth-user=3215848290@qq.com
set smtp-auth-password=ubggnghllqtacgij # 授权码
set smtp-auth=login
set nss-config-dir=/root/.certs/ # 设置证书路径
set ssl-verify=ignore # 启用加密ssl传输in
项目总结:
1.技术能力提升
熟练掌握 CentOS7 系统初始化、静态 IP、防火墙 / SELinux 优化、NFS 共享存储、Nginx 网站部署;精通 rsync 本地 / 远程同步、daemon 服务端部署、免密备份方案;独立编写完整运维 Shell 脚本,掌握变量、判断、文件查找、MD5 校验、定时任务调度;掌握 mailx 邮件告警、SSL 加密邮件服务搭建,实现运维自动化监控。
2. 企业运维实战思维
- 分层备份思想:本地短期留存 + 备份中心长期归档,兼顾恢复速度与存储成本;
- 数据可靠性保障:MD5 校验机制,解决网络传输文件损坏问题;
- 自动化运维:全流程无人值守,定时执行、异常主动告警,减少人工操作;
- 标准化规范:统一备份目录、脚本路径、文件命名,便于多人协作维护;
- 故障恢复能力:服务器硬盘故障时,可从 backup 服务器取回完整历史备份恢复业务。
