Jumpserver Dual-machine backup scheme

Source: Internet
Author: User
Tags rsync

First, write in front of


Since Jumpserver currently does not support dual-machine hot standby, the program uses database and system user data backup implementation, mainly in the following areas:

1, MySQL database master synchronization

2. System files:/etc/passwd/etc/shaow/etc/group file synchronization (Rsync+crontab)

3, Jumpserver related users and key files: Jumpserver/keys synchronization (Rsync+crontab)

4. Primary server: 10.44.131.212, slave server: 10.169.210.223

Second, rsync configuration


1, the main server part


①, close the SELinux edit firewall configuration file/etc/selinux/config as follows:

#SELINUX =enforcing #注释掉

#SELINUXTYPE =targeted #注释掉

Selinux=disabled #增加

Execution Setenforce 0 Immediate effect


Open the firewall TCP 873 port, edit the firewall configuration file/etc/sysconfig/iptables, and add the following:

-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 873-j ACCEPT

Restart the firewall for configuration to take effect/etc/init.d/iptables restart


②, installing Rsync Server Software

Yum Install Rsync-y


Third, create the rsyncd.conf profile/etc/rsyncd.conf, add the following:

UID = root

GID = root

Use chroot = no

Max connections = 4

PID file =/var/run/rsyncd.pid

Lock file =/var/run/rsync.lock

Log file =/var/log/rsyncd.log


[Jumpserver]

Path =/data/jumpserver/keys

#ignore errors

Read Only = False

List = False

Hosts allow = 10.169.210.223

Hosts Deny = 0.0.0.0/32

Auth users = Juser

Secrets file =/etc/rsync.pass


[Home]

Path =/Home

#ignore errors

Read Only = False

List = False

Hosts allow = 10.169.210.223

Hosts Deny = 0.0.0.0/32

Auth users = Juser

Secrets file =/etc/rsync.pass


[Sysfile]

Path =/etc/

#ignore errors

Read Only = False

List = False

Hosts allow = 10.169.210.223

Hosts Deny = 0.0.0.0/32

Auth users = Juser

Secrets file =/etc/rsync.pass



④, create user authentication file/etc/rsync.pass Add the following content

juser:juser20160125 #格式, user name: password, can be set multiple, one user name per line: password

Modify Profile Permissions:

Chown Root.root/etc/rsync.pass

chmod 600/etc/rsync.pass


⑤, start rsync

/usr/bin/rsync--daemon--config=/etc/rsyncd.conf


2. From the server section


①, create the authentication password file/ETC/RSYNC.PASSC

Modify Profile Permissions:

Chown ROOT.ROOT/ETC/RSYNC.PASSC

chmod 600/ETC/RSYNC.PASSC


②, perform data synchronization test operations:

RSYNC-AVH--port=873--progress--delete [email protected]:jumpserver--password-file=/etc/rsync.passc/data/ jumpservertest/

(v in-VZRTOPG in command line is Verbose,z is compression, R is RECURSIVE,TOPG is the parameter that keeps the original property of the file as owner, time. --progress is the display of detailed progress,--delete is that if the server side delete the file, then the client will also delete the file, to maintain true consistency. --exclude "logs/" means that the files in the/www/logs directory are not backed up. --exclude "conf/ssl.*/" means that the files in the/www/conf/ssl.*/directory are not backed up.

[Email protected]:jumpserver indicates that the command is a backup of the Jumpserver module in the server 10.44.131.212.]

Third, MySQL database master configuration


MySQL configuration file (master)

[Mysqld]

Datadir=/var/lib/mysql

Socket=/var/lib/mysql/mysql.sock

User=mysql

# Disabling Symbolic-links is recommended to prevent assorted security risks

Symbolic-links=0

wait_timeout=864000

interactive_timeout=864000

Server-id = 1

Log-bin=mysql-bin

Binlog_format=mixed

Expire_logs_days=5

[Mysqld_safe]

Log-error=/var/log/mysqld.log

Pid-file=/var/run/mysqld/mysqld.pid


MySQL configuration file (from)

[Mysqld]

Datadir=/var/lib/mysql

Socket=/var/lib/mysql/mysql.sock

User=mysql

# Disabling Symbolic-links is recommended to prevent assorted security risks

Symbolic-links=0

Server-id = 2

Log-bin=mysql-bin

Binlog_format=mixed

Expire_logs_days=5

[Mysqld_safe]

Log-error=/var/log/mysqld.log

Pid-file=/var/run/mysqld/mysqld.pid


After modifying the configuration file, restart Mysql:service mysqld restart


Log in to two databases using the root user, and perform the following Chitian for master-slave replication authorization:

GRANT REPLICATION SLAVE On * * to [e-mail protected] ' 10.169.210.223 ' identified by ' xiaoniu0125 ';

GRANT REPLICATION SLAVE On * * to [e-mail protected] ' localhost ' identified by ' xiaoniu0125 ';

GRANT REPLICATION SLAVE On * * to [e-mail protected] '% ' identified by ' xiaoniu0125 ';

Flush privileges;


Export the database data and upload it to perform data import from the server:

Mysqldump--single-transaction-h127.0.0.1-ujumpserver-p jumpserver > Jumpserver.sql

SCP Jumpserver.sql [Email protected]:/data/


Perform data import from database using Jumpserver user logon: Source/data/jumpserver.sql


Use the root user to log in to the primary database to view the current binary log information for the primary database: Show Master Status \g


Using the root user to log in from the database, perform the following data synchronization commands:

Change Master to master_host= ' 10.44.131.212 ', master_port=3306, master_user= ' repl ', master_password= ' xiaoniu0125 ', Master_log_file= ' mysql-bin.000004 ', master_log_pos=188397822;


Start data synchronization: Start slave


View Data sync Status: Show slave status \g


Use root login to view the current binary log information for the primary database from the database: Show Master Status \g


Log in to the primary database using the root user and perform the following data synchronization commands:

Change Master to master_host= ' 10.169.210.223 ', master_port=3306, master_user= ' repl ', master_password= ' xiaoniu0125 ', Master_log_file= ' mysql-bin.000004 ', master_log_pos=188397822;


Start data synchronization: Start slave


View Data sync Status: Show slave status \g

Iv. system user related files, jumpserver related users and key file backup


1. Log in from server backup/etc/passwd/etc/shaow/etc/group file

Mv/etc/passwd/etc/passwd_bak

Mv/etc/shaow/etc/shaow_bak

Mv/etc/group/etc/group_bak


2. Log in to the master server and copy the/etc/passwd/etc/shaow/etc/group to the slave server

scp/etc/passwd [Email protected]:/etc/

scp/etc/shaow [Email protected]:/etc/

Scp/etc/group [Email protected]:/etc/


3. Log in to the master server and copy all files from the/home path to the slave server

Scp-r/home/* [Email protected]:/home/


3. Log in to the master server and copy all files under Jumpserver to the slave server

Scp-r/jumpserver [Email protected]:/data/


4. Perform Jumpserver installation

Yum-y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass Lrzsz

CD Jumpserver/install && pip Install-r requirements.txt

Python install.py


5, modify the relevant file permissions, create change.sh, the content is as follows:

#!/bin/sh

users= ' Ls-l/data/jumpserver/keys/user | grep Pub | awk ' {print $9} ' | Awk-f. ' {print '} '

Echo $users

For user in $users

Do

echo/home/$user

echo/data/jumpserver/keys/user/$user *

/usr/bin/id $user >&/dev/null

Result=$?

if [$result = = 0];then

echo "Start modifying file user rights!" "

Chown $user. $user/home/$user

Chown $user. $user/data/jumpserver/keys/user/$user *

Result= ' echo $? '

if [$result = = 0];then

echo [$now _time] "Modify user" $user "directory Permissions succeeded" >>/data/jumpserver/logs/jump_cron.log

Else

echo [$now _time] "Modify user" $user "Directory Permissions failed" >>/data/jumpserver/logs/jump_cron.log

Exit 0

Fi

Else

echo [$now _time] $user "user does not exist! ">>/data/jumpserver/logs/jump_cron.log

Fi

Done

Exit 0

Execute the change script: Sh./change.sh


6. Modify log file permissions: chmod 777/data/jumpserver/logs/jumpserver.log


7, create the file Timing synchronization script, jump_cron.sh, the content is as follows:

#!/bin/sh

# #获取当前系统时间

Now_time= ' Date ' +%y-%m-_%d%h:%m:%s "'


# #开始同步jumpserve用户以及keys数据

/USR/BIN/RSYNC-AVH--port=873--progress--delete [email protected]::jumpserver--password-file=/etc/rsync.passc/ Data/jumpserver/keys

Result= ' echo $? '

if [$result = = 0];then

echo [$now _time] "Sync jumpserve users and Keys data success" >>/data/jumpserver/logs/jump_cron.log

Else

echo [$now _time] "Sync jumpserve user and keys failed" >>/data/jumpserver/logs/jump_cron.log

Exit 0

Fi

# #同步系统用户数据

/USR/BIN/RSYNC-AVH--port=873--progress--delete [email protected]::home--password-file=/etc/rsync.passc/home

Result= ' echo $? '

if [$result = = 0];then

echo [$now _time] "Synchronization system User Data Success" >>/data/jumpserver/logs/jump_cron.log

Else

echo [$now _time] "Sync system user failed" >>/data/jumpserver/logs/jump_cron.log

Exit 0

Fi


# #同步shaow passwd Group File

/USR/BIN/RSYNC-AVH--port=873--progress--delete--include ' shaow '--include ' passwd '--include ' group '--exclude ' * ' [E Mail Protected]::sysfile--password-file=/etc/rsync.passc/etc/

Result= ' echo $? '

if [$result = = 0];then

echo [$now _time] "Sync shaow passwd Group File Success" >>/data/jumpserver/logs/jump_cron.log

Else

echo [$now _time] "Sync shaow passwd Group file failed" >>/data/jumpserver/logs/jump_cron.log

Exit 0

Fi


# #获取当前用户信息用于修改相关文件权限

users= ' Ls-l/data/jumpserver/keys/user | grep Pub | awk ' {print $9} ' | Awk-f. ' {print '} '

Echo $users

For user in $users

Do

echo/home/$user

echo/data/jumpserver/keys/user/$user *

/usr/bin/id $user >&/dev/null

Result=$?

if [$result = = 0];then

echo "Start modifying file user rights!" "

Chown $user. $user/home/$user

Chown $user. $user/data/jumpserver/keys/user/$user *

Result= ' echo $? '

if [$result = = 0];then

echo [$now _time] "Modify user" $user "directory Permissions succeeded" >>/data/jumpserver/logs/jump_cron.log

Else

echo [$now _time] "Modify user" $user "Directory Permissions failed" >>/data/jumpserver/logs/jump_cron.log

Exit 0

Fi

Else

echo [$now _time] $user "user does not exist! ">>/data/jumpserver/logs/jump_cron.log

Fi

Done

Exit 0

8, create a scheduled task, 5 minutes to perform a data synchronization operation CRONTAB-E:

*/5 * * * */bin/sh/data/jumpserver/jump_cron.sh >>/dev/null 2>&1


9. Start Jumpserver:

./service.sh Start


This article is from the "My Ops Time" blog, so be sure to keep this source http://aaronsa.blog.51cto.com/5157083/1740524

Jumpserver Dual-machine backup scheme

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.