前言:
- 数据库的安全性需要做一个保证,那么,本地备份策略显然是不太安全的,如果,本地磁盘有突发损坏问题,将无法恢复数据库。
因此,远程备份也就是把备份文件拷贝到远端服务器是一个必要的措施。
PostgreSQL数据备份方式
- 按照备份后的文件类型划分为
物理备份:文件系统级别的备份
逻辑备份:备份后的文件是sql文件或特定格式的导出文件
- 按照备份过程中是否停止数据库服务划分为
冷备份
热备份
- 按照备份是否是完整的数据库划分为
全量备份:备份是完整的数据库
增量备份:备份是上一次全量备份后数据库改变的内容
远程备份策略的几种方案对比
远程备份的具体实现我们可以使用的工具是比较多的,其中比较高效的是再生龙,scp,rsync以及pg_dump命令远程连接数据库备份。
那么,这几种工具到底使用哪个比较好呢?
1,再生龙的配置比较复杂,对系统的侵入比较多,因此,这个工具并不适用于我们的场景。
2,Scp命令需要配置服务器免密或者明文使用服务器的密码,对服务器的安全是有一定损害的,因此,scp也不太适用于我们的场景。,
3,Pg_dump命令同样需要postgresql数据库的特权账号和密码,基本是明文形式,对服务器的安全也是有一定的损害,因此,pg_dump也是不太适用的,并且,网络直连数据库也是对磁盘有一定的损害。
4,Rsync远程备份
Rsync作为一个专业的数据同步软件,支持增量同步,因此,该工具是十分适合远程备份的,该工具具有配置简单,安全性有保证(可设置密码),备份效率高的特点
一,
数据库的远程备份的实现案例
计划使用两台服务器,一台服务器安装了postgresql,该服务器的IP地址为192.168.123.60,在远备中的角色为客户端,推送数据的
该服务器只备份了单库test3:
postgres=# \l+ List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges | Size | Tablespace | Description -----------+----------+----------+-------------+-------------+-------------------+----------+------------+-------------------------------------------- postgres | pg1 | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | 10001 kB | pg_default | default administrative connection database template0 | pg1 | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/pg1 +| 7809 kB | pg_default | unmodifiable empty database | | | | | pg1=CTc/pg1 | | | template1 | pg1 | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/pg1 +| 7809 kB | pg_default | default template for new databases | | | | | pg1=CTc/pg1 | | | test | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | 7817 kB | mytbs | test2 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | 7809 kB | pg_default | test3 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | | 7817 kB | pg_default | (6 rows) postgres=# \dt List of relations Schema | Name | Type | Owner --------+------+-------+---------- public | ssss | table | postgres (1 row)
备份的单库文件为test3.dump文件:
[pg1@EULER1 ~]$ pg_dump -Upostgres -d test3 -Fc -f test3.dump [pg1@EULER1 ~]$ pg_restore -l test3.dump ; ; Archive created at 2023-06-10 10:51:53 CST ; dbname: test3 ; TOC Entries: 7 ; Compression: -1 ; Dump Version: 1.14-0 ; Format: CUSTOM ; Integer: 4 bytes ; Offset: 8 bytes ; Dumped from database version: 12.5 ; Dumped by pg_dump version: 12.5 ; ; ; Selected TOC Entries: ; 202; 1259 49157 TABLE public test3 postgres 3086; 0 49157 TABLE DATA public test3 postgres 2959; 2606 49161 CONSTRAINT public test3 test3_pkey postgres
另一台服务器只安装了rsync,该服务器的ip地址为192.168.123.61,在远备中的角色为服务器,接受数据的,也就是说60服务器上的本地备份文件以及物理文件推送到该服务器上进行保存,从而达到远备的目的。
二,
Rsync远程备份的实现步骤
1,
在61上执行以下,安装接收备份文件的rsync服务端:
安装rsync,如果是最小化安装,通常没有rsync,需要yum安装, yum install rsync -y
2,
编辑 /etc/sysconfig/rsyncd ,内容如下:
OPTIONS="/etc/rsyncd.conf"
3,
编辑/etc/rsyncd.conf,内容如下:
uid = root gid = root port = 11873 use chroot = yes max connections = 4 hosts allow = * pid file = /var/run/rsyncd.pid log file = /var/log/rsyncd/rsyncd.log lock file =/var/run/rsync.lock exclude = lost+found/ transfer logging = yes timeout = 900 ignore nonreadable = yes dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 [pgsql_danku] path = /data/pgsql_danku comment = pgsql danku read only = no auth users = rsync secrets file = /etc/rsyncd.passwd [pgsql_all] path = /data/pgsql_all comment = pgsql all read only = no auth users = rsync secrets file = /etc/rsyncd.passwd
4. 日志文件的生成
mkdir -p /var/log/rsyncd/ && touch /var/log/rsyncd/rsyncd.log && chmod 755 /var/log/rsyncd/rsyncd.log
5.根据 /etc/rsyncd.conf这个配置文件,生成账号和密码保存文件
vim /etc/rsyncd.passwd #文件内容如下:
rsync:你要设定的密码,客户端60使用的。
6. 设定账号密码文件权限为600
chmod 600 /etc/rsyncd.passwd
7.根据 /etc/rsyncd.conf 这个配置文件,生成存放同步及备份文件或目录的目录
[root@centos61 ~]# mkdir -p /data/pgsql_danku [root@centos61 ~]# mkdir -p /data/pgsql_all
8.启动服务并加入开机启动,查看服务状态
systemctl enable rsyncd && systemctl start rsyncd && systemctl status rsyncd
在60服务器,也就是存放备份文件test3.dump的服务器执行推送:
vim /etc/rsync.passwd
密码,和服务器端设定的密码一致,只写密码什么都不写
chmod 600 /etc/rsync.passwd
编写推送脚本(按实际情况填写):
#!/bin/bash #!auther zsk rsync -avz --port=11873 /home/pg1/test3.dump rsync@192.168.123.61::pgsql_danku --password-file=/etc/rsync.passwd
执行此推送脚本,大体输出如下:
[root@EULER1 ~]# bash rsync_pgsql.sh sending incremental file list ./ .bash_history .bash_logout .bash_profile .bashrc .psql_history .viminfo logfile test3.dump sent 7,808 bytes received 170 bytes 15,956.00 bytes/sec total size is 50,944 speedup is 6.39
####注:服务端的配置文件空格回车等等不能使用Windows的,否则会报错:
[root@EULER1 ~]# bash rsync_pgsql.sh @ERROR: no path setting. rsync error: error starting client-server protocol (code 5) at main.c(1648) [sender=3.1.2]
查看rsyncd这个服务的日志:
2023/06/10 11:05:55 [2964] No path specified for module pgsql_danku 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: "dont compress " 2023/06/10 11:06:59 [2967] IGNORING unknown parameter "dont compress " 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " path" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " path" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " comment" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " comment" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " read only" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " read only" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " auth users" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " auth users" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " secrets file" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " secrets file" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " comment" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " comment" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " read only" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " read only" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " auth users" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " auth users" 2023/06/10 11:06:59 [2967] Unknown Parameter encountered: " secrets file" 2023/06/10 11:06:59 [2967] IGNORING unknown parameter " secrets file" 2023/06/10 11:06:59 [2967] name lookup failed for 192.168.123.60: Name or service not known 2023/06/10 11:06:59 [2967] connect from UNKNOWN (192.168.123.60) 2023/06/10 11:06:59 [2967] No path specified for module pgsql_danku 2023/06/10 11:10:22 [2958] sent 0 bytes received 0 bytes total size 0 2023/06/10 11:10:22 [2984] rsyncd version 3.0.9 starting, listening on port 11873 2023/06/10 11:10:26 [2985] Unknown Parameter encountered: " read only" 2023/06/10 11:10:26 [2985] IGNORING unknown parameter " read only" 2023/06/10 11:10:26 [2985] Unknown Parameter encountered: " auth users" 2023/06/10 11:10:26 [2985] IGNORING unknown parameter " auth users" 2023/06/10 11:10:26 [2985] Unknown Parameter encountered: " secrets file" 2023/06/10 11:10:26 [2985] IGNORING unknown parameter " secrets file"
因此,在61服务器上,重新打/etc/rsyncd.conf的空格,然后重启rsyncd服务即可恢复正常。
60服务器的物理文件在/usr/local/pgsql/data 这个路径下
[root@EULER1 ~]# ps aux |grep postgres root 3241 0.0 0.0 112724 992 pts/0 S+ 11:31 0:00 grep --color=auto postgres pg1 79417 0.0 1.0 317636 41804 ? Ss 10:53 0:00 /usr/local/pgsql/bin/postgres -D /usr/local/pgsql/data pg1 79418 0.0 0.0 126996 704 ? Ss 10:53 0:00 postgres: logger pg1 79420 0.0 0.0 318028 3040 ? Ss 10:53 0:00 postgres: checkpointer pg1 79421 0.0 0.0 317896 2336 ? Ss 10:53 0:00 postgres: background writer pg1 79422 0.0 0.1 317636 4740 ? Ss 10:53 0:00 postgres: walwriter pg1 79423 0.0 0.0 318912 1800 ? Ss 10:53 0:00 postgres: autovacuum launcher pg1 79424 0.0 0.0 129272 1028 ? Ss 10:53 0:00 postgres: stats collector pg1 79425 0.0 0.0 318740 1384 ? Ss 10:53 0:00 postgres: logical replication launcher
60服务器的推送脚本增加如下内容:
#!/bin/bash #!auther zsk rsync -avz --port=11873 /home/pg1/ rsync@192.168.123.61::pgsql_danku --password-file=/etc/rsync.passwd rsync -avz --port=11873 /usr/local/pgsql/data/ rsync@192.168.123.61::pgsql_all --password-file=/etc/rsync.passwd
再次推送文件到服务端:
。。。。。前面的略略略。。。。。。。。。 pg_stat_tmp/pgss_query_texts.stat pg_subtrans/ pg_subtrans/0000 pg_tblspc/ pg_tblspc/32771 -> /opt/custome-tablespace pg_twophase/ pg_wal/ pg_wal/00000003.history pg_wal/00000004.history pg_wal/000000040000000000000010 pg_wal/000000040000000000000011 pg_wal/archive_status/ pg_wal/archive_status/00000003.history.done pg_xact/ pg_xact/0000 sent 6,189,113 bytes received 32,673 bytes 1,777,653.14 bytes/sec total size is 78,376,166 speedup is 12.60
到61服务器上查看远备的情况:
[root@centos61 ~]# cd /data/pgsql_all/ [root@centos61 pgsql_all]# ls backup_label.old pg_commit_ts pg_ident.conf pg_serial pg_tblspc postgresql.auto.conf base pg_dynshmem pg_logical pg_snapshots pg_twophase postgresql.conf current_logfiles pg_enterprise_views.explain pg_multixact pg_stat PG_VERSION postmaster.opts global pg_enterprise_views.stat pg_notify pg_stat_tmp pg_wal postmaster.pid log pg_hba.conf pg_replslot pg_subtrans pg_xact tablespace_map.old [root@centos61 pgsql_all]# cd /data/pgsql_danku/ [root@centos61 pgsql_danku]# ll total 40 -rw-------. 1 postgres postgres 35091 Jun 10 10:53 logfile -rw-------. 1 postgres postgres 1517 Jun 10 10:51 test3.dump
那么, 现在61服务器上的这个/data/pgsql_all/目录是可以直接启动为一个数据库的,只是现在缺少了lib目录和bin目录
这两个目录准备好后,就可以以备份文件为data,启动一个新的postgresql了:
[root@centos61 pgsql_all]# su - postgres -c "pg_ctl -D /data/pgsql_all/ start" pg_ctl: another server might be running; trying to start server anyway waiting for server to start....2023-06-10 12:39:46.401 CST 3090 @ from [vxid: txid:0] [] LOG: starting PostgreSQL 12.5 on x86_64-pc-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-16), 64-bit 2023-06-10 12:39:46.406 CST 3090 @ from [vxid: txid:0] [] LOG: listening on IPv4 address "0.0.0.0", port 5432 2023-06-10 12:39:46.406 CST 3090 @ from [vxid: txid:0] [] LOG: listening on IPv6 address "::", port 5432 2023-06-10 12:39:46.413 CST 3090 @ from [vxid: txid:0] [] LOG: listening on Unix socket "/tmp/.s.PGSQL.5432" 2023-06-10 12:39:46.920 CST 3090 @ from [vxid: txid:0] [] LOG: could not open directory "pg_tblspc/32771/PG_12_201909212": No such file or directory 2023-06-10 12:39:46.921 CST 3090 @ from [vxid: txid:0] [] LOG: redirecting log output to logging collector process 2023-06-10 12:39:46.921 CST 3090 @ from [vxid: txid:0] [] HINT: Future log output will appear in directory "log". done server started
