第1章

1.1环境

服务器角色 外网IP 内网IP 主机名 web 10.0.0.8 172.16.1.8 web01 nfs 10.0.0.31 172.16.1.31 nfs01 backup 10.0.0.41 172.16.1.41 backup01

1.2目录规划

web01

/var/html/www

/app/logs

/backup

/server/scripts

nfs01

/backup

/data/r_shared

/data/w_shared

/service

backup

/server/scripts

/nfsbacup

/backup

/data/r_aaron

/data/w_aaron

第2章 部署实施

2.1 环境准备

2.1.1 系统基础优化脚本（所有服务器上执行）

mkdir -p /server/scripts
cat >> /server/scripts/envpre.sh <<END
#!/bin/bash
#author aaron
#mail:aaromail@qq.com,aaromail@163.com
#QQ:2390943478

#selinux off
sed -i ‘s#SELINUX=enforcing#SELINUX=disabled#‘ /etc/selinux/config
#setenforce 0. 就可以不重启关闭selinux
setenforce 0



#iptables off
/etc/init.d/iptables stop
chkconfig iptables off



#services
chkconfig|egrep -v "crond|sshd|network|rsyslog|sysstat"|awk ‘{print "chkconfig",$1,"off"}‘|bash



#add users
useradd oldboy
echo "123456"|passwd --stdin oldboy
\cp /etc/sudoers /etc/sudoers.ori
echo "oldboy ALL=(ALL) NOPASSWD:ALL " >>/etc/sudoers
tail -1 /etc/sudoers
visudo -c



#ntpdate
ntpdate times.aliyun.com
echo ‘$time sync‘ >>/var/spool/cron/root
echo ‘*/5 * * * * /usr/sbin/ntpdate times.aliyun.com >/dev/null 2>&1‘ >>/var/spool/cron/root
crontab -l



#ulimit 调整连接数的
echo ‘* - nofile 65535‘ >>/etc/security/limits.conf
tail -1 /etc/security/limits.conf



#kernel
cat >>/etc/sysctl.conf<<EOF
net.ipv4.tcp_fin_timeout = 2
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.ip_local_port_range = 4000    65000
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_max_tw_buckets = 36000
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_synack_retries = 1
net.core.somaxconn = 16384
net.core.netdev_max_backlog = 16384
net.ipv4.tcp_max_orphans = 16384
#以下参数是对iptables防火墙的优化，防火墙不开会提示，可以忽略不理
net.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_max = 25000000
net.netfilter.nf_conntrack_tcp_timeout_established = 180
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120
EOF

sysctl -p


#yumrepo
yum install wget -y
END

sh -x /server/scripts/envpre.sh

2.1.2 主机名解析（所有服务器上执行）

cat >>/etc/hosts<<EOF
172.16.1.5/24   lb01
172/16.1.6/24   lb02
172.16.1.7/24   web02
172.16.1.8/24   web01
172.16.1.51/24  db01 db01.etiantian.org
172.16.1.31/24  nfs01
172.16.1.41/24  backup
172.16.1.61/24  m01
EOF

sh -x /server/scripts/envpre.sh

2.2 全网数据备份

2.2.1 backup 服务器搭建rsync服务

cat >>/server/scripts/rsyncser.sh
#!/bin/bash

#install rsync
yum -y install rsync  &&rpm -qa rsync


#Add the rsync service users
useradd rsync -s /sbin/nologin -M


#Generate rsyncd. Conf configuration file
cat >>/etc/rsyncd.conf<<EOF 
#15:01 2017-1-5
#rsyncd.conf start##
uid = rsync
gid = rsync
use chroot = no
max connections = 200
timeout = 300
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 172.16.1.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
[backup]
path = /backup
[nfsbackup]
path = /nfsbackup
#rsync_config____________end
EOF


#The auth rsyncd. Conf configuration of the users account
echo "rsync_backup:oldboy" > /etc/rsync.password
cat /etc/rsync.password


#Configure permissions for the password file
chmod 600 /etc/rsync.password


#Rsync to create the Shared directory and authorized service management
mkdir /backup -p
mkdir /nfsbackup -p
chown -R rsync.rsync /backup
chown -R rsync.rsync /nfsbackup

#Join the boot from the start
echo "/usr/bin/rsync --daemon" >>/etc/rc.local
tail -1 /etc/rc.local

#Start rsync service and check
rsync --daemon
lsof -i :873

sh -x /server/scripts/rsyncser.sh

2.2.2 web01 和nfs 配置rsync和本地备份目录

cat  >>/server/scripts/rsyncclirnt.sh<<EOF
#!/bin/bash
#install rsync
yum -y install rsync  &&rpm -qa rsync


#Generate connection server password file
echo "oldboy" >/etc/rsync.password


#Configure permissions for the password file
chmod 600 /etc/rsync.password


#Rsync to create the Shared directory and authorized service management
mkdir /backup -p

#测试
cd /backup/
touch web{01..10}
rsync -avz /backup/ rsync_backup@172.16.1.41::backup/ --password-file=/etc/rsync.password
EOF

sh -x /server/scripts/rsyncclirnt.sh

2.2.3 web01 上的备份脚本

mkdir -p /var/html/www /app/logs

vim /server/scripts/backup.sh

#!/bin/bash
IP=$(ifconfig eth1|awk -F "[ :]+" ‘NR==2 {print $4}‘)
Path=/backup

if [ $(date +%w) -eq 2 ]
then
	Time=$(date +%F-%w -d "-1day")
else
	Time=$(date +%F -d "-1day")
fi

mkdir $Path/$IP/ -p

cd / &&tar zcfh $Path/$IP/backup_$Time.tar.gz  var/spool/cron/root etc/rc.local server/scripts etc/sysconfig/iptables var/html/www app/logs &&
md5sum $Path/$IP/backup_$Time.tar.gz >$Path/$IP/flag_$Time.log &&
rsync -az $Path/ rsync_backup@172.16.1.41::backup/ --password-file=/etc/rsync.password &&
find $Path/ -type f -mtime +7  \(  -name "*1.log" -o  -name  "*1.tar.gz" \)|xargs rm -f

sh -x /server/scripts/backup.sh

#bak all server data
echo "#bak all server data" >>/var/spool/cron/root 
echo "01 00 * * * /bin/sh /server/scripts/backup.sh >/dev/null 2>&1" >>/var/spool/cron/root  
crontab -l|tail -2

2.2.4 backup 上的检查脚本和邮件配置

vim /server/scripts/install mail.sh
#!/bin/bash
#install mail
yum install mail -y &&
echo "set from=aaromail@163.com smtp=smtp.163.com smtp-auth-user=aaromail@163.com smtp-auth-password=chenbaojia88 smtp-auth=login" >>/etc/mail.rc

#测试
mail -s "$Time bak result" aaromail@163.com </server/scripts/rsyncser.sh

sh -x /server/scripts/install mail.sh

vim /server/scripts/check.sh 

#!/bin/bash

IP=$(ifconfig eth1|awk -F "[ :]+" ‘NR==2 {print $4}‘)
Path=/backup
if [ $(date +%w) -eq 2 ]
then
    Time=$(date +%F_%w -d "-1day")
else
    Time=$(date +%F -d "-1day")
fi

LANG=en

find $Path -type f -name "*$Time*.log"|xargs md5sum -c >>$Path/${Time}_result.log 2>&1 

mail -s "$Time bak result" aaromail@163.com <$Path/${Time}_result.log

find $Path/ -type f -mtime +180 ! \( -name "*-1.log" -o -name "*-1.tar.gz" \) |xargs rm -f

2.2.5 backup 添加定时任务

echo "#check" >>/var/spool/cron/root 
echo "00 04 * * * /bin/sh /server/scripts/check.sh >/dev/null 2>&1" >>/var/spool/cron/root  
crontab -l|tail -2

2.3 nfs01 配置共享

2.3.1 nfs 服务器安装

安装NFS服务器 vim /server/scripts/nfsser.sh

#!/bin/bash

#install nfs rpc
yum install nfs-utils rpcbind -y &&rpm -aq nfs-utils rpcbind


#Create a directory
groupadd -g 888 nfsnobodyro
useradd nfsnobodyro -u 888 -g 888
mkdir /data/w_shared -p
mkdir /data/r_shared -p
chown -R nfsnobody.nfsnobody /data/w_shared
chown -R nfsnobodyro.nfsnobodyro  /data/r_shared 
ls -ld /data/w_shared
 

#To optimize the
cat >>/etc/sysctl.conf<<EOF
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
EOF
sysctl -p


#nfs conffile
cat >>/etc/exports<<EOF
/data/w_shared 172.16.1.0/24(rw,sync)
/data/r_shared 172.16.1.0/24(ro,sync,all_squash,anonuid=888,anongid=888)
EOF
tail -3 /etc/exports 
/etc/init.d/nfs reload


#Start the rpcbind
LANG=en
/etc/init.d/rpcbind start &&lsof -i :111


#Start the nfs
/etc/init.d/nfs start


#Since the launch of boot
echo "#start up nfs serivce by Aaron at 20170118" >>/etc/rc.local 
echo "/etc/init.d/rpcbind start" >>/etc/rc.local 
echo "/etc/init.d/nfs start" >>/etc/rc.local 
tail -3 /etc/rc.local 



#test
showmount -e 172.16.1.31


#Since the launch of NFS service is open
ps -ef|egrep "rpc|nfs"
chkconfig rpcbind on
chkconfig nfs on
chkconfig --list nfs
chkconfig --list rpcbind

sh -x /server/scripts/nfsser.sh

2.3.2 web01 挂载共享

创建共享目录 vim /server/scripts/nfsmount.sh

#!/bin/sh
yum install nfs-utils rpcbind -y
rpm -qa nfs-utils rpcbind

/etc/init.d/rpcbind start
/etc/init.d/rpcbind status
chkconfig rpcbind on
chkconfig --list rpcbind

mkdir -p /data/b_w
mkdir -p /data/b_r
chown -R nfsnobody.nfsnobody /data/b_r
chown -R nfsnobody.nfsnobody /data/b_w
mount -t nfs 172.16.1.31:/data/w_shared /data/b_w
mount -t nfs 172.16.1.31:/data/r_shared /data/b_r
df -h



echo "#start up nfs serivce by Aaron at 20170118" >>/etc/rc.local 
echo "/etc/init.d/rpcbind start" >>/etc/rc.local 



# nfs
echo "mount -t nfs 172.16.1.31:/data/w_shared /data/b_w" >>/etc/rc.local
echo "mount -t nfs 172.16.1.31:/data/r_shared /data/b_r" >> /etc/rc.local



cat >>/etc/sysctl.conf<<EOF
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
EOF
sysctl -p

sh -x /server/scripts/nfsmount.sh

2.3.3 backup 挂载共享

vim /server/scripts/nfsmount.sh

#!/bin/sh
yum install nfs-utils rpcbind -y
rpm -qa nfs-utils rpcbind

/etc/init.d/rpcbind start
/etc/init.d/rpcbind status
chkconfig rpcbind on
chkconfig --list rpcbind

mkdir -p /data/w_aaron
mkdir -p /data/r_aaron
chown -R nfsnobody.nfsnobody /data/w_aaron
chown -R nfsnobody.nfsnobody /data/r_aaron
mount -t nfs 172.16.1.31:/data/w_shared /data/w_aaron
mount -t nfs 172.16.1.31:/data/r_shared /data/r_aaron
df -h



echo "#start up nfs serivce by Aaron at 20170118" >>/etc/rc.local 
echo "/etc/init.d/rpcbind start" >>/etc/rc.local 



# nfs
echo "mount -t nfs 172.16.1.31:/data/w_shared /data/w_aaron" >>/etc/rc.local
echo "mount -t nfs 172.16.1.31:/data/r_shared /data/r_aaron" >> /etc/rc.local



cat >>/etc/sysctl.conf<<EOF
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
EOF
sysctl -p

sh -x /server/scripts/nfsmount.sh

2.4 nfs 实时同步

2.4.1 nfs 服务器安装inotify 脚本 and inotify 服务

inotify 安装和优化

yum install -y wget &&wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-6.repo && 
yum install inotify-tools -y 
rpm -qa inotify-tools


echo "655350" > /proc/sys/fs/inotify/max_queued_events 
echo "655350" >/proc/sys/fs/inotify/max_user_watches 


echo "#inotify by oldboy for laoda 20170123" >>/etc/rc.local
echo "echo "655350" > /proc/sys/fs/inotify/max_queued_events " >>/etc/rc.local
echo "echo "655350" >/proc/sys/fs/inotify/max_user_watches" >>/etc/rc.local
tail -3 /etc/rc.local

vim /server/scripts/inotify.sh

#!/bin/bash
Path=/data/w_shared
Ip=172.16.1.41
/usr/bin/inotifywait -mrq --format ‘%w%f‘ -e create,close_write,delete $Path | while read file
 do
 if [ if $file ];then
  rsync -az $file  --delete rsync_backup@$Ip::nfsbackup --password-file=/etc/rsync.password
 else
   cd $Path &&  rsync -az ./  --delete rsync_backup@$Ip::nfsbackup --password-file=/etc/rsync.password
 fi
 done

inotify 服务脚本

vim /etc/init.d/inotify

#!/bin/bash
#chkconfig: 2345 38 46


. /etc/init.d/functions

if [ $# -ne 1 ];then
   usage: $0 [start|stop]
   exit 1
fi

case "$1" in
start)
    /bin/bash /server/scripts/inotify.sh &
    echo $$ >/var/run/inotify.pid
    if [ `ps -ef|grep inotify|wc -l` -gt 2 ];then
       action "inotify service is started" /bin/true
    else
       action "inotify service is started" /bin/false
    fi
    ;;
stop)
    kill -9 `cat /var/run/inotify.pid` >/dev/null 2>&1
    pkill inotifywait
    sleep 2
    if [ `ps -ef|grep inotify|grep -v grep|wc -l` -eq 0 ];then
       action "inotify service is stopped" /bin/true
    else
       action "inotify service is stopped" /bin/false
    fi
   ;;
*)
    usage: $0 {start|stop}
    exit 1
esac

启动脚本

chmod +x /etc/init.d/inotify
chkconfig --add inotify
chkconfig inotify on
chkconfig --list inotify

/etc/init.d/inotify start

50 台集群服务器全网数据备份解决方案

原文：http://www.cnblogs.com/aofo/p/6379591.html