档案备份中心采用三层架构:存储层、服务层、接入层。存储层使用RAID6磁盘阵列提供数据冗余,服务层通过NFS/SMB协议提供文件共享,接入层部署Web管理界面。
最小化配置要求:
推荐采用隔离网络架构:
使用CentOS Stream 9作为基础系统:
```bash 下载系统镜像 wget https://mirrors.aliyun.com/centos-stream/9-stream/BaseOS/x86_64/iso/CentOS-Stream-9-latest-x86_64-dvd1.iso 制作启动U盘(Linux环境) sudo dd if=CentOS-Stream-9-latest-x86_64-dvd1.iso of=/dev/sdb bs=4M status=progress 安装时分区方案 /boot 1GB xfs / 50GB xfs /data 剩余空间 xfs swap 16GB ```安装后立即执行以下配置:
```bash 1. 禁用SELinux sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config 2. 配置静态IP(以enp3s0网卡为例) sudo nmcli connection modify enp3s0 ipv4.method manual \ ipv4.addresses 192.168.1.100/24 \ ipv4.gateway 192.168.1.1 \ ipv4.dns 223.5.5.5 3. 配置主机名 sudo hostnamectl set-hostname backup-center 4. 更新系统并安装基础工具 sudo dnf update -y sudo dnf install -y vim net-tools htop tree rsync ```假设硬盘设备为sdb、sdc、sdd、sde:
```bash 安装mdadm工具 sudo dnf install -y mdadm 创建RAID6阵列 sudo mdadm --create /dev/md0 --level=6 --raid-devices=4 \ /dev/sdb /dev/sdc /dev/sdd /dev/sde 查看阵列状态 sudo mdadm --detail /dev/md0 配置RAID自动启动 sudo mdadm --detail --scan | sudo tee -a /etc/mdadm.conf ```在RAID设备上创建LVM:
```bash 1. 创建物理卷 sudo pvcreate /dev/md0 2. 创建卷组 sudo vgcreate backup_vg /dev/md0 3. 创建逻辑卷 sudo lvcreate -L 20T -n archive_lv backup_vg 4. 格式化为XFS文件系统 sudo mkfs.xfs /dev/backup_vg/archive_lv 5. 创建挂载点并挂载 sudo mkdir -p /data/archive sudo mount /dev/backup_vg/archive_lv /data/archive 6. 配置开机自动挂载 echo "/dev/backup_vg/archive_lv /data/archive xfs defaults 0 0" | sudo tee -a /etc/fstab ```安装并配置Samba实现Windows兼容共享:
```bash 安装Samba sudo dnf install -y samba samba-client 创建备份专用用户 sudo useradd backup_user sudo smbpasswd -a backup_user 配置Samba sudo tee /etc/samba/smb.conf << 'EOF' [global] workgroup = WORKGROUP server string = Archive Backup Center security = user map to guest = bad user dns proxy = no [archive] path = /data/archive browsable = yes writable = yes valid users = backup_user create mask = 0770 directory mask = 0770 EOF 启动服务 sudo systemctl enable smb sudo systemctl start smb sudo systemctl enable nmb sudo systemctl start nmb 开放防火墙端口 sudo firewall-cmd --permanent --add-service=samba sudo firewall-cmd --reload ```为Linux/Unix客户端提供NFS共享:
```bash 安装NFS服务 sudo dnf install -y nfs-utils 配置共享目录 sudo tee /etc/exports << 'EOF' /data/archive 192.168.1.0/24(rw,sync,no_root_squash) /data/archive 10.10.10.0/24(rw,sync,no_root_squash) EOF 启动NFS服务 sudo systemctl enable nfs-server sudo systemctl start nfs-server 应用配置 sudo exportfs -rav 开放防火墙 sudo firewall-cmd --permanent --add-service=nfs sudo firewall-cmd --permanent --add-service=mountd sudo firewall-cmd --permanent --add-service=rpc-bind sudo firewall-cmd --reload ```
创建每日增量备份脚本:
```bash sudo tee /usr/local/bin/incremental_backup.sh << 'EOF' !/bin/bash 增量备份脚本 BACKUP_SOURCE="/data/archive" BACKUP_DEST="/data/backups" LOG_FILE="/var/log/backup_$(date +%Y%m%d).log" SNAPSHOT_FILE="/var/backup_snapshot" 创建备份目录 mkdir -p $BACKUP_DEST/daily 执行增量备份 rsync -av --delete --link-dest=$BACKUP_DEST/latest \ --log-file=$LOG_FILE \ $BACKUP_SOURCE/ $BACKUP_DEST/daily/$(date +%Y%m%d) 更新软链接 rm -f $BACKUP_DEST/latest ln -s $BACKUP_DEST/daily/$(date +%Y%m%d) $BACKUP_DEST/latest 保留最近30天备份 find $BACKUP_DEST/daily -type d -mtime +30 -exec rm -rf {} \; EOF sudo chmod +x /usr/local/bin/incremental_backup.sh ```设置自动化备份计划:
```bash 编辑crontab sudo crontab -e 添加以下内容 每天凌晨2点执行增量备份 0 2 /usr/local/bin/incremental_backup.sh 每周日凌晨1点执行全量备份 0 1 0 /usr/local/bin/full_backup.sh 每月1号凌晨3点清理旧备份 0 3 1 find /data/backups -type f -mtime +365 -delete ```创建磁盘监控脚本:
```bash sudo tee /usr/local/bin/disk_monitor.sh << 'EOF' !/bin/bash THRESHOLD=90 CURRENT_USE=$(df -h /data/archive | awk 'NR==2 {print $5}' | sed 's/%//') if [ $CURRENT_USE -gt $THRESHOLD ]; then echo "警告:/data/archive 磁盘使用率 ${CURRENT_USE}%" | \ mail -s "备份中心磁盘空间告警" admin@example.com fi EOF sudo chmod +x /usr/local/bin/disk_monitor.sh ```配置服务监控:
```bash 创建服务监控脚本 sudo tee /etc/systemd/system/backup-monitor.service << 'EOF' [Unit] Description=Backup Center Monitor After=network.target [Service] Type=oneshot ExecStart=/usr/local/bin/check_services.sh User=root [Install] WantedBy=multi-user.target EOF 创建检查脚本 sudo tee /usr/local/bin/check_services.sh << 'EOF' !/bin/bash SERVICES=("smb" "nfs-server" "rsyncd") for service in "${SERVICES[@]}"; do if ! systemctl is-active --quiet $service; then systemctl restart $service echo "$service was restarted at $(date)" >> /var/log/service_monitor.log fi done EOF sudo chmod +x /usr/local/bin/check_services.sh 每5分钟检查一次 echo "/5 root /usr/local/bin/check_services.sh" | sudo tee /etc/cron.d/service-monitor ```Windows映射网络驱动器步骤:
Linux挂载NFS共享:
```bash 创建本地挂载点 sudo mkdir -p /mnt/archive_backup 配置自动挂载 echo "192.168.1.100:/data/archive /mnt/archive_backup nfs defaults 0 0" | sudo tee -a /etc/fstab 测试挂载 sudo mount -a 验证挂载 df -h | grep archive_backup ```从增量备份恢复单个文件:
```bash 查找备份文件 find /data/backups -name "目标文件名" -type f 恢复文件到指定位置 cp /data/backups/daily/20240115/目标文件 /data/archive/恢复位置/ 验证文件完整性 md5sum /data/backups/daily/20240115/目标文件 md5sum /data/archive/恢复位置/目标文件 ```恢复整个目录结构:
```bash 停止相关服务(防止数据冲突) sudo systemctl stop smb sudo systemctl stop nfs-server 执行恢复 rsync -av --delete /data/backups/daily/20240115/ /data/archive/ 重启服务 sudo systemctl start nfs-server sudo systemctl start smb 验证恢复结果 ls -la /data/archive/ ```配置防火墙严格限制访问:
```bash 清空现有规则 sudo firewall-cmd --remove-service=ssh --permanent 仅允许特定IP访问管理端口 sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.50" port port="22" protocol="tcp" accept' 配置业务网络访问规则 sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.10.0/24" port port="445" protocol="tcp" accept' sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.10.10.0/24" port port="2049" protocol="tcp" accept' 应用配置 sudo firewall-cmd --reload ```启用详细操作日志:
```bash 配置Samba详细日志 sudo tee -a /etc/samba/smb.conf << 'EOF' log level = 2 log file = /var/log/samba/log.%m max log size = 10000 EOF 配置NFS操作日志 sudo tee -a /etc/nfs.conf << 'EOF' [nfsd] debug=all [exportfs] debug=all EOF 重启服务应用配置 sudo systemctl restart smb sudo systemctl restart nfs-server ```
微信咨询
电话联系
QQ客服
微信咨询一对一服务