Product SiteDocumentation Site

9.10. 备份

Making backups is one of the main responsibilities of any administrator, but it is a complex subject, involving powerful tools which are often difficult to master. The importance of backups cannot be stressed enough, though. Backups are also not to be confused with the availability of data. Both can complement each other, but they are essentially different.
Many programs exist, such as amanda, bacula, or BackupPC. Those are client/server systems featuring many options, whose configuration is rather difficult. Some of them provide user-friendly web interfaces to mitigate this. For non-enterprise systems, administrators might want to check out rsnapshot or rdiff-backup. Users can easily create backups of their filesystems with timeshift, fsarchiver, duplicity, or even dd.
Debian contains dozens of other backup software covering all possible use cases, as you can easily confirm with apt-cache search backup.
本节并没有详细介绍这些工具,而是介绍 Falcot Corp 管理员们确定备份策略时的思路。
在 Falcot Corp公司,备份有两个目的:恢复被误删的文件,迅速恢复硬盘损坏的电脑(服务器或桌面电脑)。

9.10.1. 使用 rsync备份

以磁带备份太慢且太贵,现在采用备份在专属服务器的硬盘策略,以 RAID (见 第 12.1.1 节 “软 RAID”) 软件保护数据在硬盘毁损时不致遗失。桌面电脑没有个别备份的策略,用户应在部门的文件服务器备份其数据。rsync 命令 (取自同名的软件包) 用于日常备份这些服务器。
有限的硬盘空间限制了每天完全备份数据。因此,rsync 命令对之前备份的内容使用硬链接,这样可以避免使用过多的硬盘空间。 然后rsync 进程只覆盖上次备份后修改过的文件。通过这种机制,大量的备份只占用小的磁盘空间。所有的备份会立即生效并且可以读写(例如,在共享网络上的不同目录),可以迅速比较两个不同日期的文件。
这种备份机制可以通过 dirvish 程序执行。使用备份存储空间(“空”的),放置有时间戳的备份文件集(这些文件集在dirvish 文档中称为“vaults”)。
主要配置在 /etc/dirvish/master.conf 文件中。它定义了备份存储空间的位置,要管理的“vaults”,和备份超期的默认值。配置的其他部分在 bank/vault/dirvish/default.conf 文件中,包含对应文件集的特殊配置。

例 9.3. /etc/dirvish/master.conf 文件

bank:
    /backup
exclude:
    lost+found/
    core
    *~
Runall:
    root    22:00
expire-default: +15 days
expire-rule:
# MIN HR    DOM MON       DOW  STRFTIME_FMT
    *   *     *   *         1    +3 months
    *   *     1-7 *         1    +1 year
    *   *     1-7 1,4,7,10  1
The bank setting indicates the directory in which the backups are stored. The exclude setting allows you to indicate files (or file types) to exclude from the backup. The Runall is a list of file sets to backup with a time-stamp for each set, which allows you to assign the correct date to the copy, in case the backup is not triggered at precisely the assigned time. You have to indicate a time just before the actual execution time (according to /etc/cron.d/dirvish). Finally, the expire-default and expire-rule settings define the expiration policy for backups. The above example keeps forever backups that are generated on the first Sunday of each quarter, deletes after one year those from the first Sunday of each month, and after 3 months those from other Sundays. Other daily backups are kept for 15 days. The order of the rules does matter, Dirvish uses the last matching rule, or the expire-default one if no other expire-rule matches.

例 9.4. /backup/root/dirvish/default.conf 文件

client: rivendell.falcot.com
tree: /
xdev: 1
index: gzip
image-default: %Y%m%d
exclude:
    /var/cache/apt/archives/*.deb
    /var/cache/man/**
    /tmp/**
    /var/tmp/**
    *.bak
上面的例子中指明了要备份的文件集:这些文件在机器 rivendell.falcot.com 上(对本地数据备份,只需指明本地机器 hostname),主要是在根目录下(tree: /),除了在 exclude中列出的文件。备份仅限于一个文件系统中的内容(xdev: 1)。不包含其他挂载点的文件。产生保存文件的索引(index: gzip),镜像文件根据当前日期进行命名(image-default: %Y%m%d)。
There are many options available, all documented in the dirvish.conf(5) manual page. Once these configuration files are setup, you have to initialize each file set with the dirvish --vault vault --init command. From there on the daily invocation of dirvish-runall will automatically create a new backup copy just after having deleted those that expired.

9.10.2. 不使用备份恢复系统

Desktop computers, which are not backed up, will be easy to reinstall from custom DVD-ROMs/USB sticks prepared with simple-cdd (see 第 12.3.3 节 “Simple-CDD: The All-In-One Solution”). Since this performs an installation from scratch, it loses any customization that can have been made after the initial installation. This is fine since the systems are all hooked to a central LDAP directory for accounts and most desktop applications are preconfigured thanks to dconf (see 第 13.3.1 节 “GNOME” for more information about this).
Falcot Corp 的管理员知道该公司备份政策的限制。未以防火墙保护备份服务器,而是把它放在另一个房间,以免在灾难来临时与主服务器同归于尽。而且,每周以 DVD-ROM 做增量备份 — 只备份修改过的文件。