First, write in front of
Since Jumpserver currently does not support dual-machine hot standby, the program uses database and system user data backup implementation, mainly in the following areas:
1, MySQL database master synchronization
2. System files:/etc/passwd/etc/shaow/etc/group file synchronization (Rsync+crontab)
3, Jumpserver related users and key files: Jumpserver/keys synchronization (Rsync+crontab)
4. Primary server: 10.44.131.212, slave server: 10.169.210.223
Second, rsync configuration
1, the main server part
①, close the SELinux edit firewall configuration file/etc/selinux/config as follows:
#SELINUX =enforcing #注释掉
#SELINUXTYPE =targeted #注释掉
Selinux=disabled #增加
Execution Setenforce 0 Immediate effect
Open the firewall TCP 873 port, edit the firewall configuration file/etc/sysconfig/iptables, and add the following:
-A rh-firewall-1-input-m state--state new-m tcp-p TCP--dport 873-j ACCEPT
Restart the firewall for configuration to take effect/etc/init.d/iptables restart
②, installing Rsync Server Software
Yum Install Rsync-y
Third, create the rsyncd.conf profile/etc/rsyncd.conf, add the following:
UID = root
GID = root
Use chroot = no
Max connections = 4
PID file =/var/run/rsyncd.pid
Lock file =/var/run/rsync.lock
Log file =/var/log/rsyncd.log
[Jumpserver]
Path =/data/jumpserver/keys
#ignore errors
Read Only = False
List = False
Hosts allow = 10.169.210.223
Hosts Deny = 0.0.0.0/32
Auth users = Juser
Secrets file =/etc/rsync.pass
[Home]
Path =/Home
#ignore errors
Read Only = False
List = False
Hosts allow = 10.169.210.223
Hosts Deny = 0.0.0.0/32
Auth users = Juser
Secrets file =/etc/rsync.pass
[Sysfile]
Path =/etc/
#ignore errors
Read Only = False
List = False
Hosts allow = 10.169.210.223
Hosts Deny = 0.0.0.0/32
Auth users = Juser
Secrets file =/etc/rsync.pass
④, create user authentication file/etc/rsync.pass Add the following content
juser:juser20160125 #格式, user name: password, can be set multiple, one user name per line: password
Modify Profile Permissions:
Chown Root.root/etc/rsync.pass
chmod 600/etc/rsync.pass
⑤, start rsync
/usr/bin/rsync--daemon--config=/etc/rsyncd.conf
2. From the server section
①, create the authentication password file/ETC/RSYNC.PASSC
Modify Profile Permissions:
Chown ROOT.ROOT/ETC/RSYNC.PASSC
chmod 600/ETC/RSYNC.PASSC
②, perform data synchronization test operations:
RSYNC-AVH--port=873--progress--delete [email protected]:jumpserver--password-file=/etc/rsync.passc/data/ jumpservertest/
(v in-VZRTOPG in command line is Verbose,z is compression, R is RECURSIVE,TOPG is the parameter that keeps the original property of the file as owner, time. --progress is the display of detailed progress,--delete is that if the server side delete the file, then the client will also delete the file, to maintain true consistency. --exclude "logs/" means that the files in the/www/logs directory are not backed up. --exclude "conf/ssl.*/" means that the files in the/www/conf/ssl.*/directory are not backed up.
[Email protected]:jumpserver indicates that the command is a backup of the Jumpserver module in the server 10.44.131.212.]
Third, MySQL database master configuration
MySQL configuration file (master)
[Mysqld]
Datadir=/var/lib/mysql
Socket=/var/lib/mysql/mysql.sock
User=mysql
# Disabling Symbolic-links is recommended to prevent assorted security risks
Symbolic-links=0
wait_timeout=864000
interactive_timeout=864000
Server-id = 1
Log-bin=mysql-bin
Binlog_format=mixed
Expire_logs_days=5
[Mysqld_safe]
Log-error=/var/log/mysqld.log
Pid-file=/var/run/mysqld/mysqld.pid
MySQL configuration file (from)
[Mysqld]
Datadir=/var/lib/mysql
Socket=/var/lib/mysql/mysql.sock
User=mysql
# Disabling Symbolic-links is recommended to prevent assorted security risks
Symbolic-links=0
Server-id = 2
Log-bin=mysql-bin
Binlog_format=mixed
Expire_logs_days=5
[Mysqld_safe]
Log-error=/var/log/mysqld.log
Pid-file=/var/run/mysqld/mysqld.pid
After modifying the configuration file, restart Mysql:service mysqld restart
Log in to two databases using the root user, and perform the following Chitian for master-slave replication authorization:
GRANT REPLICATION SLAVE On * * to [e-mail protected] ' 10.169.210.223 ' identified by ' xiaoniu0125 ';
GRANT REPLICATION SLAVE On * * to [e-mail protected] ' localhost ' identified by ' xiaoniu0125 ';
GRANT REPLICATION SLAVE On * * to [e-mail protected] '% ' identified by ' xiaoniu0125 ';
Flush privileges;
Export the database data and upload it to perform data import from the server:
Mysqldump--single-transaction-h127.0.0.1-ujumpserver-p jumpserver > Jumpserver.sql
SCP Jumpserver.sql [Email protected]:/data/
Perform data import from database using Jumpserver user logon: Source/data/jumpserver.sql
Use the root user to log in to the primary database to view the current binary log information for the primary database: Show Master Status \g
Using the root user to log in from the database, perform the following data synchronization commands:
Change Master to master_host= ' 10.44.131.212 ', master_port=3306, master_user= ' repl ', master_password= ' xiaoniu0125 ', Master_log_file= ' mysql-bin.000004 ', master_log_pos=188397822;
Start data synchronization: Start slave
View Data sync Status: Show slave status \g
Use root login to view the current binary log information for the primary database from the database: Show Master Status \g
Log in to the primary database using the root user and perform the following data synchronization commands:
Change Master to master_host= ' 10.169.210.223 ', master_port=3306, master_user= ' repl ', master_password= ' xiaoniu0125 ', Master_log_file= ' mysql-bin.000004 ', master_log_pos=188397822;
Start data synchronization: Start slave
View Data sync Status: Show slave status \g
Iv. system user related files, jumpserver related users and key file backup
1. Log in from server backup/etc/passwd/etc/shaow/etc/group file
Mv/etc/passwd/etc/passwd_bak
Mv/etc/shaow/etc/shaow_bak
Mv/etc/group/etc/group_bak
2. Log in to the master server and copy the/etc/passwd/etc/shaow/etc/group to the slave server
scp/etc/passwd [Email protected]:/etc/
scp/etc/shaow [Email protected]:/etc/
Scp/etc/group [Email protected]:/etc/
3. Log in to the master server and copy all files from the/home path to the slave server
Scp-r/home/* [Email protected]:/home/
3. Log in to the master server and copy all files under Jumpserver to the slave server
Scp-r/jumpserver [Email protected]:/data/
4. Perform Jumpserver installation
Yum-y install git python-pip mysql-devel gcc automake autoconf python-devel vim sshpass Lrzsz
CD Jumpserver/install && pip Install-r requirements.txt
Python install.py
5, modify the relevant file permissions, create change.sh, the content is as follows:
#!/bin/sh
users= ' Ls-l/data/jumpserver/keys/user | grep Pub | awk ' {print $9} ' | Awk-f. ' {print '} '
Echo $users
For user in $users
Do
echo/home/$user
echo/data/jumpserver/keys/user/$user *
/usr/bin/id $user >&/dev/null
Result=$?
if [$result = = 0];then
echo "Start modifying file user rights!" "
Chown $user. $user/home/$user
Chown $user. $user/data/jumpserver/keys/user/$user *
Result= ' echo $? '
if [$result = = 0];then
echo [$now _time] "Modify user" $user "directory Permissions succeeded" >>/data/jumpserver/logs/jump_cron.log
Else
echo [$now _time] "Modify user" $user "Directory Permissions failed" >>/data/jumpserver/logs/jump_cron.log
Exit 0
Fi
Else
echo [$now _time] $user "user does not exist! ">>/data/jumpserver/logs/jump_cron.log
Fi
Done
Exit 0
Execute the change script: Sh./change.sh
6. Modify log file permissions: chmod 777/data/jumpserver/logs/jumpserver.log
7, create the file Timing synchronization script, jump_cron.sh, the content is as follows:
#!/bin/sh
# #获取当前系统时间
Now_time= ' Date ' +%y-%m-_%d%h:%m:%s "'
# #开始同步jumpserve用户以及keys数据
/USR/BIN/RSYNC-AVH--port=873--progress--delete [email protected]::jumpserver--password-file=/etc/rsync.passc/ Data/jumpserver/keys
Result= ' echo $? '
if [$result = = 0];then
echo [$now _time] "Sync jumpserve users and Keys data success" >>/data/jumpserver/logs/jump_cron.log
Else
echo [$now _time] "Sync jumpserve user and keys failed" >>/data/jumpserver/logs/jump_cron.log
Exit 0
Fi
# #同步系统用户数据
/USR/BIN/RSYNC-AVH--port=873--progress--delete [email protected]::home--password-file=/etc/rsync.passc/home
Result= ' echo $? '
if [$result = = 0];then
echo [$now _time] "Synchronization system User Data Success" >>/data/jumpserver/logs/jump_cron.log
Else
echo [$now _time] "Sync system user failed" >>/data/jumpserver/logs/jump_cron.log
Exit 0
Fi
# #同步shaow passwd Group File
/USR/BIN/RSYNC-AVH--port=873--progress--delete--include ' shaow '--include ' passwd '--include ' group '--exclude ' * ' [E Mail Protected]::sysfile--password-file=/etc/rsync.passc/etc/
Result= ' echo $? '
if [$result = = 0];then
echo [$now _time] "Sync shaow passwd Group File Success" >>/data/jumpserver/logs/jump_cron.log
Else
echo [$now _time] "Sync shaow passwd Group file failed" >>/data/jumpserver/logs/jump_cron.log
Exit 0
Fi
# #获取当前用户信息用于修改相关文件权限
users= ' Ls-l/data/jumpserver/keys/user | grep Pub | awk ' {print $9} ' | Awk-f. ' {print '} '
Echo $users
For user in $users
Do
echo/home/$user
echo/data/jumpserver/keys/user/$user *
/usr/bin/id $user >&/dev/null
Result=$?
if [$result = = 0];then
echo "Start modifying file user rights!" "
Chown $user. $user/home/$user
Chown $user. $user/data/jumpserver/keys/user/$user *
Result= ' echo $? '
if [$result = = 0];then
echo [$now _time] "Modify user" $user "directory Permissions succeeded" >>/data/jumpserver/logs/jump_cron.log
Else
echo [$now _time] "Modify user" $user "Directory Permissions failed" >>/data/jumpserver/logs/jump_cron.log
Exit 0
Fi
Else
echo [$now _time] $user "user does not exist! ">>/data/jumpserver/logs/jump_cron.log
Fi
Done
Exit 0
8, create a scheduled task, 5 minutes to perform a data synchronization operation CRONTAB-E:
*/5 * * * */bin/sh/data/jumpserver/jump_cron.sh >>/dev/null 2>&1
9. Start Jumpserver:
./service.sh Start
This article is from the "My Ops Time" blog, so be sure to keep this source http://aaronsa.blog.51cto.com/5157083/1740524
Jumpserver Dual-machine backup scheme