保护你的兄弟,安全...
ZFS 0.8能够发送加密数据的增量快照而无需解密。也就是说,拥有一个加密的阵列,您可以在远程计算机上组织其镜像副本,而不用信任远程场所的所有者。密钥和解密的数据不会离开受信任的前提。如果发生火灾,例如星星,我的客户(微控制器)没有一个以上的服务器机房。在危险的管理业务中与您的同事达成协议后,您可以彼此相互保证,而不必担心他们会使用数据。任何虚拟机形式的服务都安装在Proxmox上,数据位于ZFS上,您将始终有机会存储虚拟机的远程副本。有一天,您可能会变得沮丧而不是沮丧,而是去了一个偏僻的房间,拿起一块铁,并以良好的身体状态运行了所有服务。大约2年前,我已经将几乎所有服务转移到Proxmox,我不后悔,一切正常。在ZFS上,我有一个可供30个人使用的终端服务器,该服务器与瘦客户机相关联(即30个完整的作业)。除了当前副本,您还将在本地和远程获得最近x天的快照。是的,您会因为使用zfs和加密而失去工作效率,但是对我自己而言,我得出的结论是,我已经准备为此功能支付此价格。一汤匙焦油
在解决问题时,您会立即在药膏中飞翔。是的,ZFS较慢。实质上。但是您不能将其用作常规fs。它应在磁盘阵列中工作,欢迎增加磁盘数量,磁盘最好是SAS,控制器应在HBA模式下工作(而不是raid0作为单个磁盘),应该有ECC RAM,并且应该很多,必须有一个SSD(更好的PCI-E)作为用于读取第二级(较小,从64开始的演出)的高速缓存,而用于ZIL的一个SSD可能很小,但最好是MLC。关于固态硬盘,我提出了这些建议,并购买了2个128的PCI-E SSD,每个硬盘分为16个演出和其余的演出。我在ZIL中启动了两个16 GB分区作为镜像,并在第二级缓存下将其余部分作为条带启动。在zfs的帮助下,演出了16场歌剧。(事实证明,使用ebay购买的一位母亲的一个插槽无法正常工作;如果有效,则可以使用32个插槽)zfskeeper.sh
从脚本中,我需要自动通知问题,监视两端的捕捉次数和速度控制。在我掌握的剧本中,没有什么令我满意。下面,我将提供一些在执行此操作之前检查过的脚本。接收电子邮件通知,代替我的数据在你的send_error_to_mail()与你的功能zfskeeper.sh帮助会告诉你使用的例子zfskeeper.sh准备会告诉你的预备动作的程序(推荐)zfskeeper.sh银行/加密/ subvol-100磁盘0 10将获取当前快照,并保留最后10个快照zfskeeper.sh bank /加密/ subvol-100-disk-0 10 Remotehost 22 10m复制器bank / rtl / subvol-100-disk-0 20将未加密的数据发送到remotehost:22个用户复制器下的数据,速度高达10MB / s,并在源上保留10个图像,在远程主机上保留 20个图像zfskeeper.sh bank / encrypted / subvol-100-disk-0 10 Remotehost 22 10m复制器bank / rtl / subvol -100-disk-0 20 -w是同一件事,但是数据将被加密#!/bin/bash
zpool=$1
lsnaps=$2
ip=$3
port=$4
speedl=$5
remoteuser=$6
backpool=$7
rsnaps=$8
sendargs=$9
ZFSLOGDIR=~/zfskeeplogs
if [ ! -d "$ZFSLOGDIR" ]; then
mkdir -p $ZFSLOGDIR
fi
NAMESNAP=`date "+%Y_%m_%d_%T"|sed s/:/_/g`
logfile=$ZFSLOGDIR/$NAMESNAP.log
write_to_log ()
{
echo `date +"%T"`" $1" >> $logfile
}
log_last_command ()
{
if [ $? -ne 0 ]; then
write_to_log "$1 FAILED."
if [ $2 = true ]; then
write_to_log "Script execution stops"
send_error_to_mail "$1" "$?" "$*"
exit 1
fi
else
write_to_log "$1 COMPLETED."
fi
}
send_error_to_mail ()
{
Subject=`hostname`" ZFS backup $zpool missing"
swaks --header "Subject: $Subject" --to admin@mydomain.ru --from "alertbot@mydomain.ru" -a LOGIN -au alertbot@mydomain.ru -ap ailPass --server mail.mydomain.ru -tls --body \
"$Subject
command: zfskeeper.sh $3
$1
$2" \
--attach $logfile
}
case "$#" in
1)
case "$1" in
prepare)
echo "
Sender mashine:
apt install swaks mbuffer
useradd -s /bin/bash replicator
mkdir -p /home/replicator
chown replicator:replicator /home/replicator
zfs allow -u replicator send,snapshot,destroy,mount bank/encrypted
su replicator
ssh-keygen
Receiver machine:
ln -s /usr/sbin/zfs /usr/local/bin/zfs
useradd -s /bin/bash replicator
mkdir -p /home/replicator
chown replicator:replicator /home/replicator
passwd replicator
Sender mashine:
ssh-copy-id -i .ssh/id_rsa.pub Remotehost
zfs allow -u replicator compression,create,receive,destroy,mount bank/companyname
"
;;
*)
echo "
Usage:
To show the prepare instrutions:
zfskeeper.sh prepare
localkeeping:
keep last 10 snapshots of bank/encrypted/subvol-100-disk-0
zfskeeper.sh bank/encrypted/subvol-100-disk-0 10
remotekeeping:
keep last 10 snapshots bank/encrypted/subvol-100-disk-0 and send it by ssh to Remotehost:22 bank/rtl/subvol-100-disk-0
and keep last 20 copies by replicator user and limit transferspeed 10Mb/s
zfskeeper.sh bank/encrypted/subvol-100-disk-0 10 Remotehost 22 10m replicator bank/rtl/subvol-100-disk-0 20
If you need to send encrypted data, then you need add -w to the end of the line
zfskeeper bank/encrypted/subvol-100-disk-0 10 Remotehost 22 10m replicator bank/rtl/subvol-100-disk-0 20 -w
"
;;
esac
exit 0
;;
2)
echo `date +"%T"`" Local keeping of $NAMESNAP being started" > $logfile
;;
8|9)
echo `date +"%T"`" Remote keeping of $NAMESNAP being started" > $logfile
;;
*)
echo "illegal number of parameters" >&2
exit 1
;;
esac
numsnap=`zfs list -H -o name -t snapshot -s creation|grep "${zpool}@"|wc|awk '{ print $1 }'`
let MAXSNAP=numsnap-lsnaps+1 >/dev/null
if [ $MAXSNAP -gt 0 ] ; then
for d in `zfs list -H -o name -t snapshot -s creation| grep "${zpool}@"|/usr/bin/head -n"$MAXSNAP"`; do
zfs destroy ${d}
log_last_command "Remove local snapshot $d"
done
fi
zfs snapshot $zpool@backup_$NAMESNAP
log_last_command "Create local $zpool@backup_$NAMESNAP" true
if [ -z "$backpool" ]; then
write_to_log "Local keeping is complete"
exit 0
fi
if [ -n "$ip" ]; then
if ping -c 1 $ip > null ; then
sship="ssh -c aes128-ctr -p"$port" -l"$remoteuser" "$ip
else
echo "URL $ip is not accesiible, abort"
send_error_to_mail "Try to ping remote host" "URL $ip is not accesiible, abort" "$*"
exit 1
fi
else
exit 0
fi
numsnap=`$sship zfs list -H -o name -t snapshot -s creation|grep "${backpool}@"|wc|awk '{ print $1 }'`
let MAXSNAP=numsnap-rsnaps+1 >/dev/null
if [ $MAXSNAP -gt 0 ] ; then
for d in `$sship zfs list -H -o name -t snapshot -s creation| grep "${backpool}@"|/usr/bin/head -n"$MAXSNAP"`; do
$sship zfs destroy ${d}
log_last_command "Remove local snapshot $d"
done
fi
MOST_SLAVE_SNAP_NAME=`$sship zfs list -H -o name -t snapshot -s creation|grep "$backpool@backup"|tail -n1|awk -F "@" '{print $2}'`
if [ -n "`zfs list -H -o name -t snapshot -s creation|grep -w "$zpool@$MOST_SLAVE_SNAP_NAME"`" ]; then
zfs send $sendargs -i $MOST_SLAVE_SNAP_NAME $zpool@backup_$NAMESNAP | mbuffer -q -v 0 -s 128k -m 1G | pv -L $speedl | $sship "mbuffer -q -v 0 -s 128k -m 1G | zfs receive -vF $backpool@backup_$NAMESNAP" &>> $logfile
log_last_command "Sending incremental backup to the remote machine" true
else
if [ -n "`$sship zfs list -H -o name -s creation|grep -w "$backpool"`" ]; then
$sship zfs destroy -r $backpool 2>> $logfile
log_last_command "Need to destroy remotepool for full sending $backpool" true
fi
zfs send $sendargs $zpool@backup_$NAMESNAP | mbuffer -q -v 0 -s 128k -m 1G | pv -L $speedl | $sship "mbuffer -q -v 0 -s 128k -m 1G | zfs receive -vF $backpool" &>> $logfile
log_last_command "Sending full backup to the remote machine" true
fi
write_to_log "Remote keeping is complete"
exit 0
zfskeepall.sh
为了保持几个部分的色调,您需要一个控制脚本。每个人都可以根据自己的口味和颜色来进行配置,具体取决于配置。我的测试看起来像这样:#!/bin/bash
scriptpath=/home/replicator/zfskeeper.sh
$scriptpath bank/encrypted/subvol-100-disk-0 5 RemoteHost 22 30m replicator bank/rtl/subvol-100-disk-0 5 -w
现有解决方案
我首先找到它,然后根据它检查了该机制的整体可操作性。感谢作者,但是写作风格很脏,必须明确地重写。zfs-auto-snapshot.sh仅仅是一个块。zfsbackup.sh值得一看,它漂亮,整洁但又笨重,功能低下-也是一个整洁但功能低下的PS我从第三次咬住zfs以来,每次咬了约一个月。我无法让她迅速工作,而最大程度地失败了。通常,安装SAS磁盘(至少7200,至少NL)后,情况发生了变化。大家平安!感谢您的阅读!