mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
Merge pull request #25313 from hwlife/20220415-3-2-1-Backup-plan-with-Fedora-ARM-server.md
translated
This commit is contained in:
Xingyu.Wang
GitHub
commit
f724f89234
@ -1,306 +0,0 @@
|
||||
[#]: subject: "3-2-1 Backup plan with Fedora ARM server"
|
||||
[#]: via: "https://fedoramagazine.org/3-2-1-backup-plan-with-fedora-arm-server/"
|
||||
[#]: author: "Hanku Lee https://fedoramagazine.org/author/hankuoffroad/"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: "hwllife"
|
||||
[#]: reviewer: " "
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
3-2-1 Backup plan with Fedora ARM server
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
Photo by [Markus Winkler][2] on [Unsplash][3]
|
||||
|
||||
Fedora Server Edition works on Single Board Computers (SBC) like Raspberry Pi. This article is aimed at data backup and restoration of personal data for users who want to take advantage of solid server systems and built-in tools like Cockpit. It describes 3 levels of backup.
|
||||
|
||||
### Pre-requisites
|
||||
|
||||
To use this guide, all you need is a working Fedora Linux workstation and the following items.
|
||||
|
||||
* You should read, understand, and practice the requirements as documented in the Fedora Docs for [server installation][4] and [administration][5]
|
||||
* An SBC (Single Board Computer), tested for Fedora Linux. Check [hardware status here][6].
|
||||
* [Fedora ARM][7] [server][7] raw image & ARM image installer
|
||||
* A choice of microSD Card (64 GB / Class 10) and SSD device
|
||||
* Ethernet cable / DHCP reserved IP or static IP
|
||||
* A Linux client workstation with ssh keys prepared
|
||||
* Make a choice of cloud storage services
|
||||
* Have an additional Linux workstation available
|
||||
|
||||
|
||||
|
||||
With this setup, I opted for Raspberry Pi 3B+/4B+ (one for hot-swap) because of the price and availability at the time of writing this article. While the Pi server is remotely connected using Cockpit, you can position the Pi near the router for a neat set-up.
|
||||
|
||||
### Harden server security
|
||||
|
||||
After following through with server installation and administration on the SBC, it is a good practice to harden the server security with firewalld.
|
||||
|
||||
You must configure the firewall as soon as the server is online before connecting the storage device to the server. Firewalld is a zone-based firewall. It creates one pre-defined zone ‘FedoraServer’ after following through with the installation and administration guide in the Fedora Docs.
|
||||
|
||||
#### Rich rules in firewalld
|
||||
|
||||
Rich rules are used to block or allow a particular IP address or address range. The following rule accepts SSH connections only from the host with the registered IP (of client workstation) and drops other connections. Run the commands in Cockpit Terminal or terminal in client workstation connect to the server via ssh.
|
||||
|
||||
```
|
||||
|
||||
firewall-cmd --add-rich-rule='rule family=ipv4 source address=<registered_ip_address>/24 service name=ssh log prefix="SSH Logs" level="notice" accept'
|
||||
|
||||
```
|
||||
|
||||
#### Reject ping requests from all hosts
|
||||
|
||||
Use this command to set the icmp reject and disallow ping requests
|
||||
|
||||
```
|
||||
|
||||
firewall-cmd --add-rich-rule='rule protocol value=icmp reject'
|
||||
|
||||
```
|
||||
|
||||
To carry out additional firewall controls, such as managing ports and zones, please refer to the link below. Please be aware that misconfiguring the firewall may make it vulnerable to security breaches.
|
||||
|
||||
[Managing firewall in Cockpit][8]
|
||||
[firewalld rules][9]
|
||||
|
||||
### Configure storage for file server
|
||||
|
||||
The next step is to connect a storage device to the SBC and partition a newly attached storage device using Cockpit. With Cockpit’s graphical server management interface, managing a home lab (whether a single server or several servers) is much simpler than before. Fedora Linux server offers Cockpit as standard.
|
||||
|
||||
In this setup, an SSD device, powered by the USB port of the SBC, is placed in service without the need for an additional power supply.
|
||||
|
||||
* Connect the storage device to a USB port of the SBC
|
||||
* After Cockpit is running (as set up in the pre-requisites), visit **ip-address-of-machine:9090** in the web browser of your client workstation
|
||||
* After logging into Cockpit, click ‘Turn on administrative access’ at the top of the Cockpit page
|
||||
* Click the “Storage” on the left pane
|
||||
* Select the device under “Drives” section to format and partition a blank storage device
|
||||
|
||||
|
||||
|
||||
![Cockpit Storage management][10]
|
||||
|
||||
* On the screen of the selected storage device create a new partition table or format and create new partitions. When prompted to initialize disk, in the “Partitioning” type, select GPT partition
|
||||
* For a file system type from the drop-down list (XFS and ext4), choose ext4. This is suitable for an SBC with limited I/O capability (like USB 2.0 port) and limited bandwidth (less than 200MB/s)
|
||||
|
||||
|
||||
|
||||
![Create a partition in Cockpit][11]
|
||||
|
||||
* To create a single partition taking up all the storage space on the device, specify its mount point, such as “/media” and click “Ok”
|
||||
* Click “Create partition”, which creates a new partition mounted at “/media”.
|
||||
|
||||
|
||||
|
||||
### Create backups and restore from backups
|
||||
|
||||
Backups are rarely one-size-fits-all. There are a few choices to make such as where the data is backed up, the steps you take to backup data, identify any automation, and determine how to restore backed-up data.
|
||||
|
||||
![Backup workflow – version 1.0][12]
|
||||
|
||||
#### Backup 1. rsync from client to file server (Raspberry Pi)
|
||||
|
||||
The command used for this transfer was:
|
||||
|
||||
```
|
||||
|
||||
rsync -azP ~/source syncuser@host1:/destination
|
||||
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
Options:
|
||||
-a, --archive
|
||||
-z, --compress
|
||||
-P, --progress
|
||||
|
||||
```
|
||||
|
||||
To run rsync with additional options, set the following flags:
|
||||
|
||||
Update destination files in-place
|
||||
|
||||
```
|
||||
|
||||
--inplace
|
||||
|
||||
```
|
||||
|
||||
Append data onto shorter files
|
||||
|
||||
```
|
||||
|
||||
--append
|
||||
|
||||
```
|
||||
|
||||
Source-side deduplication combined with compression is the most effective way to reduce the size of data to be backed up before it goes to backup storage.
|
||||
|
||||
I run this manually at the end of the day. Automation scripts are advantageous once I settled in with the cloud backup workflow.
|
||||
|
||||
For details on rsync, please visit the Fedora magazine article [here][13].
|
||||
|
||||
#### Backup 2. rsync from file server to primary cloud storage
|
||||
|
||||
Factors to consider when selecting cloud storage are;
|
||||
|
||||
* Cost: Upload, storage, and download fee
|
||||
* rsync, sftp supported
|
||||
* Data redundancy (RAID 10 or data center redundancy plan in place)
|
||||
* Snapshots
|
||||
|
||||
|
||||
|
||||
One of the cloud storage fitting these criteria is Hetzner’s hosted Nextcloud – [Storage Box][14]. You are not tied to a supplier and are free to switch without an exit penalty.
|
||||
|
||||
##### Generate SSH keys and create authorized key files in the file server
|
||||
|
||||
Use ssh-keygen to generate a new pair of SSH keys for the file server and cloud storage.
|
||||
|
||||
```
|
||||
|
||||
ssh-keygen
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key . . .
|
||||
|
||||
```
|
||||
|
||||
Insert the required public SSH keys into a new local authorized_keys file.
|
||||
|
||||
```
|
||||
|
||||
cat .ssh/id_rsa.pub >> storagebox_authorized_keys
|
||||
|
||||
```
|
||||
|
||||
##### Transfer keys to cloud storage
|
||||
|
||||
The next step is to upload the generated authorized_keys file to the Storage Box. To do this, create the directory .ssh with permission 700 and create the file authorized_keys with the public SSH keys and permission 600. Run the following command.
|
||||
|
||||
```
|
||||
|
||||
echo -e "mkdir .ssh \n chmod 700 .ssh \n put storagebox_authorized_keys .ssh/authorized_keys \n chmod 600 .ssh/authorized_keys" | sftp <username>@<username>.your-storagebox.de
|
||||
|
||||
```
|
||||
|
||||
##### Use rsync over ssh
|
||||
|
||||
Use rsync to synchronize the current state of your file directories to Storage Box.
|
||||
|
||||
```
|
||||
|
||||
rsync --progress -e 'ssh -p23' --recursive <local_directory> <username>@<username>.your-storagebox.de:<target_directory>
|
||||
|
||||
```
|
||||
|
||||
This process is called a push operation because it “pushes” a directory from the local system to a remote system.
|
||||
|
||||
##### Restore a directory from cloud storage
|
||||
|
||||
To restore a directory from the Storage Box, swap the directories:
|
||||
|
||||
```
|
||||
|
||||
rsync --progress -e 'ssh -p23' --recursive <username>@<username>.your-storagebox.de:<remote_directory> <local_directory>
|
||||
|
||||
```
|
||||
|
||||
#### Backup 3. Client backup to secondary cloud storage
|
||||
|
||||
[Deja Dup][15] is in the Fedora software repo, making it a quick backup solution for Fedora Workstation. It handles the GPG encryption, scheduling, and file inclusion (which directories to back up).
|
||||
|
||||
![Backing up to the secondary cloud][16]
|
||||
|
||||
![Restoring files from cloud storage][17]
|
||||
|
||||
### Archive personal data
|
||||
|
||||
Not every data needs a 3-2-1 backup strategy. That is personal data share. I repurposed a hand-me-down laptop with a 1TB HDD as an archive of personal data (family photos).
|
||||
|
||||
Go to “Sharing” in settings (in my case, the GNOME file manager) and toggle the slider to enable sharing.
|
||||
|
||||
![][18]
|
||||
|
||||
Turn on “file sharing”, “Networks” and “Required password”, which allows you to share your public folders with other workstations on your local network using WebDAV.
|
||||
|
||||
![][19]
|
||||
|
||||
### Prepare fallback options
|
||||
|
||||
Untested backups are no better than no backups at all. I take the ‘hot swap’ approach in a home lab environment where disruptions like frequent power outages or liquid damages do happen. However, my recommendations are far from disaster recovery plans or automatic failover in corporate IT.
|
||||
|
||||
* Dry run restoration of files on a regular basis
|
||||
* Backup ssh/GPG keys onto an external storage device
|
||||
* Copy a raw image of the Fedora ARM server onto an SD card
|
||||
* Keep snapshots of full backups at primary cloud storage
|
||||
* Automate backup process to minimize human error or oversight
|
||||
|
||||
|
||||
|
||||
### Track activity and troubleshoot with Cockpit
|
||||
|
||||
As your project grows, so does the number of servers you manage. Activity and alert tracking in Cockpit ease your administrative burden. You can achieve this in three ways using Cockpit’s graphical interface.
|
||||
|
||||
#### SELinux menu
|
||||
|
||||
How to diagnose network issues, find logs and troubleshoot in Cockpit
|
||||
|
||||
* Go to SELinux to check logs
|
||||
* Check “solution details”
|
||||
* Select “Apply this solution” when necessary
|
||||
* View automation script and run it if necessary
|
||||
|
||||
|
||||
|
||||
![SELinux logs][20]
|
||||
|
||||
#### Network or storage logs
|
||||
|
||||
Server logs track detailed metrics that correlate CPU load, memory usage, network activity, and storage performance with the system’s journal. Logs are organized under the network or storage dashboard.
|
||||
|
||||
![Storage logs in Cockpit][21]
|
||||
|
||||
#### Software updates
|
||||
|
||||
Cockpit helps security updates on preset time and frequency. You can run all updates when you need them.
|
||||
|
||||
![Software updates][22]
|
||||
|
||||
Congratulations on setting up a file/backup server with the Fedora ARM server edition.
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/3-2-1-backup-plan-with-fedora-arm-server/
|
||||
|
||||
作者:[Hanku Lee][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[译者ID](https://github.com/译者ID)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/hankuoffroad/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2022/04/3-2-1_backup-816x345.jpg
|
||||
[2]: https://unsplash.com/@markuswinkler?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[3]: https://unsplash.com/s/photos/computer-backup?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[4]: https://docs.fedoraproject.org/en-US/fedora-server/server-installation-sbc/
|
||||
[5]: https://docs.fedoraproject.org/en-US/fedora-server/sysadmin-postinstall/
|
||||
[6]: https://docs.fedoraproject.org/en-US/quick-docs/raspberry-pi/
|
||||
[7]: https://arm.fedoraproject.org/
|
||||
[8]: https://fedoramagazine.org/managing-network-interfaces-and-firewalld-in-cockpit/
|
||||
[9]: https://www.redhat.com/sysadmin/firewalld-rules-and-scenarios
|
||||
[10]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-05-00b-1024x576.png
|
||||
[11]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-03-36a.png
|
||||
[12]: https://fedoramagazine.org/wp-content/uploads/2022/04/Backups3-1-1024x525.jpg
|
||||
[13]: https://fedoramagazine.org/copying-large-files-with-rsync-and-some-misconceptions/
|
||||
[14]: https://docs.hetzner.com/robot/storage-box/
|
||||
[15]: https://fedoramagazine.org/easy-backups-with-deja-dup/
|
||||
[16]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-47-30.png
|
||||
[17]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-41-57.png
|
||||
[18]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-14-20-48-49-1024x733.png
|
||||
[19]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-14-20-51-18st.png
|
||||
[20]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-02-11-24-30b-1024x441.png
|
||||
[21]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-04-21-47-06SL-1024x259.png
|
||||
[22]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-04-21-35-42b.png
|
||||
@ -0,0 +1,310 @@
|
||||
[#]: subject: "3-2-1 Backup plan with Fedora ARM server"
|
||||
[#]: via: "https://fedoramagazine.org/3-2-1-backup-plan-with-fedora-arm-server/"
|
||||
[#]: author: "Hanku Lee https://fedoramagazine.org/author/hankuoffroad/"
|
||||
[#]: collector: "lujun9972"
|
||||
[#]: translator: "hwllife"
|
||||
[#]: reviewer: " "
|
||||
[#]: publisher: " "
|
||||
[#]: url: " "
|
||||
|
||||
使用 Fedora ARM 服务器来做 3-2-1 备份计划
|
||||
======
|
||||
|
||||
![][1]
|
||||
|
||||
Photo by [Markus Winkler][2] on [Unsplash][3]
|
||||
|
||||
Fedora 服务器版操作系统运行在类似树莓派的单板计算机 (SBC) 上。这篇文章针对用户想要充分利用实体服务器系统和类似 Cockpit 的内置工具进行数据备份和个人数据的恢复。这里描述了备份的 3 个阶段。
|
||||
|
||||
### 必要的准备
|
||||
|
||||
想要使用本指南,你所需要的是一个运行着的 Fedora Linux 工作站和以下的项目。
|
||||
|
||||
|
||||
* 你应该阅读,理解和实践 Fedora 文档中 [服务器安装][4] 和[管理][5] 的要求
|
||||
* 一个为测试 Fedora Linux 的 SBC (单板计算机)。这里检查 [硬件状态][6]
|
||||
* [Fedora ARM][7] [服务器][7] 原生镜像 & ARM 镜像安装器
|
||||
* SD存储卡 (64 GB / Class 10) 和 SSD 设备两者选一个
|
||||
* 以太网 / DHCP 预留 IP 地址 或者 静态 IP 地址
|
||||
* 预备 ssh 密钥的 Linux 客户端工作站
|
||||
* 选择云存储服务
|
||||
* 有额外可用的 Linux 工作站
|
||||
|
||||
|
||||
对于这种设置,在写这篇文章的时候,由于成本和可用性的原因,我选择树莓派 3B+/4B+ (其中一个用来热转换) 。当使用 Cockpit 远程连接树莓派服务器时,你可以将树莓派放到路由器附近以便有序设置。
|
||||
|
||||
|
||||
### 加强服务器的安全
|
||||
|
||||
在 SBC 完成服务器的安装和管理后,用 firewalld 加强服务器的安全是一个好的做法。
|
||||
|
||||
连接存储设备到服务器之前,一旦服务器在线你必须设置好防火墙。Firewalld 是基于区域的防火墙。在依照 Fedora 文档完成安装和管理指南之后,创建一个名为 ‘FedoraServer’ 的预定义区域。
|
||||
|
||||
#### firewalld 里的 rich 规则
|
||||
|
||||
Rich 规则用来阻止或者允许一个特定的 IP 地址或者地址段。下面这条规则只从有(客户端工作站)注册 IP 地址来接受 SSH 连接并断开其它的连接。在 Cockpit 终端或者客户端工作站终端运行命令通过 ssh 来连接到服务器。
|
||||
|
||||
```
|
||||
|
||||
firewall-cmd --add-rich-rule='rule family=ipv4 source address=<registered_ip_address>/24 service name=ssh log prefix="SSH Logs" level="notice" accept'
|
||||
|
||||
```
|
||||
|
||||
#### 拒绝所有主机的 ping 请求
|
||||
|
||||
使用这个命令来设置 icmp 拒绝并不允许 ping 请求
|
||||
|
||||
```
|
||||
|
||||
firewall-cmd --add-rich-rule='rule protocol value=icmp reject'
|
||||
|
||||
```
|
||||
|
||||
要进行额外的防火墙控制,比如管理端口和区域,请查阅以下链接。请注意错配防火墙可能会使安全出现漏洞受到攻击。
|
||||
|
||||
[Managing firewall in Cockpit][8]
|
||||
[firewalld rules][9]
|
||||
|
||||
### 为文件服务器配置存储
|
||||
|
||||
下一步是连接存储设备到 SBC 然后使用 Cockpit 对新插入的存储设备进行分区。使用 Cockpit 的图形化服务器管理界面,管理一个家庭实验室(可以是一个或者多个服务器)比之前更加简单。Fedora Linux 服务器提供 Cockpit 作为标准。
|
||||
|
||||
在这个阶段,一个通过 SBC 的 USB 插口接电的 SSD 设备在没有额外电源供给的情况下投入使用。
|
||||
|
||||
|
||||
* 将存储设备连接到 SBC 的 USB 接口
|
||||
* 运行之后 (如必要的准备所设置的那样),然后在你的客户端工作站浏览器上访问 **机器的 IP 地址:9090**
|
||||
* 登录进 Cockpit 之后,点击 Cockpit 页面顶部的‘打开管理访问权限’
|
||||
* 点击左边面板的 “存储” 按钮
|
||||
* 选择下面显示的 “驱动器” 然后分区并格式化一个空白的存储设备
|
||||
|
||||
|
||||
|
||||
![Cockpit Storage management][10]
|
||||
|
||||
|
||||
* 在选定的存储设备这个界面上,创建一个新的分区表或者格式化并创建新的分区。当初始化磁盘的时候,在 <ruby>“Partitioning”<rt>分区</rt></ruby> 类型选项上,选择 GPT 分区表
|
||||
* 选择一个文件系统类型,这里选择 ext4 。对于一个限制 I/O 能力 (比如 USB 2.0 接口) 和限制带宽 (小于 200MB/s) 的设备是适合的
|
||||
|
||||
|
||||
|
||||
![Create a partition in Cockpit][11]
|
||||
|
||||
* 要在设备上创建单个占据整个存储空间的分区,指定它的挂载点,比如 “/media” 然后点击 “确定” 。
|
||||
* 点击 <ruby>“Create partition”<rt>创建分区</rt></ruby>, 创建一个挂载点为 “/media” 的新分区。
|
||||
|
||||
|
||||
### 创建备份和恢复备份
|
||||
|
||||
备份很少是一刀切的。这里有一些选择比如数据备份在哪里,备份数据的步骤,验证一些自动化,并决定怎样来恢复备份了的数据。
|
||||
|
||||
![Backup workflow – version 1.0][12]
|
||||
|
||||
#### 备份 1. 用 rsync 从客户端远程同步到文件服务器 <ruby>(Raspberry Pi)<rt>树莓派</rt></ruby>
|
||||
|
||||
这个传输用到的命令是:
|
||||
|
||||
```
|
||||
|
||||
rsync -azP ~/source syncuser@host1:/destination
|
||||
|
||||
```
|
||||
|
||||
```
|
||||
|
||||
参数:
|
||||
-a, --archive
|
||||
-z, --compress
|
||||
-P, --progress
|
||||
|
||||
```
|
||||
|
||||
要运行 rsync 额外的传输,设置以下的标签:
|
||||
|
||||
|
||||
直接替换更新目标文档
|
||||
|
||||
```
|
||||
|
||||
--inplace
|
||||
|
||||
```
|
||||
|
||||
追加数据到较短的文档中
|
||||
|
||||
```
|
||||
|
||||
--append
|
||||
|
||||
```
|
||||
|
||||
在将文档备份到存储空间之前,源端文档文件重复消除和压缩是减少备份数据容量最有效的方式。
|
||||
|
||||
每天结束我手动运行这个。一旦我设置了云备份工作流,自动化脚本是一个优势。
|
||||
|
||||
关于 rsync 的详细信息,请在 [这里][13] 访问 Fedora 杂志的文章。
|
||||
|
||||
#### 备份 2. 使用 rysnc 从文件服务器远程同步到主要的云存储上
|
||||
|
||||
选择云存储是考虑的因素;
|
||||
|
||||
* 成本:上传,存储空间和下载费用
|
||||
* 支持 rsync ,sftp
|
||||
* 数据冗余 (RAID 10 或者运行中的数据中心冗余计划)
|
||||
* 快照
|
||||
|
||||
|
||||
符合这些云存储标准之一的就是 Hetzner 托管的 Nextcloud– [存储盒子][14]。你不受供应商限制,可以自由切换,无需退出处罚。
|
||||
|
||||
##### 在文件服务器上生成 SSH 密钥并创建授权密钥文件
|
||||
|
||||
使用 ssh-keygen 命令为文件服务器和云存储生成一对新的 SSH 密钥对。
|
||||
|
||||
```
|
||||
|
||||
ssh-keygen
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key . . .
|
||||
|
||||
```
|
||||
|
||||
插入要求的 SSH 公钥到新的本地授权密钥文件中。
|
||||
|
||||
```
|
||||
|
||||
cat .ssh/id_rsa.pub >> storagebox_authorized_keys
|
||||
|
||||
```
|
||||
|
||||
##### 传输密钥文件到云存储
|
||||
|
||||
下一步就是上传生成了的授权密钥文件到存储盒子。要做这些,先用 700 权限创建 .ssh 目录,然后用 SSH 公钥创建授权文件并赋予 600 权限。运行以下命令。
|
||||
|
||||
```
|
||||
|
||||
echo -e "mkdir .ssh \n chmod 700 .ssh \n put storagebox_authorized_keys .ssh/authorized_keys \n chmod 600 .ssh/authorized_keys" | sftp <username>@<username>.your-storagebox.de
|
||||
|
||||
```
|
||||
|
||||
##### 通过 ssh 使用 rsync
|
||||
|
||||
使用 rsync 同步你的文件目录当前状态到存储盒子。
|
||||
|
||||
```
|
||||
|
||||
rsync --progress -e 'ssh -p23' --recursive <local_directory> <username>@<username>.your-storagebox.de:<target_directory>
|
||||
|
||||
```
|
||||
|
||||
这个过程被叫做推送操作,因为它 “推送” 本地系统的一个目录到一个远程的系统中去。
|
||||
|
||||
##### 从云存储中恢复目录
|
||||
|
||||
要从存储盒子恢复目录,转换到这个目录:
|
||||
|
||||
```
|
||||
|
||||
rsync --progress -e 'ssh -p23' --recursive <username>@<username>.your-storagebox.de:<remote_directory> <local_directory>
|
||||
|
||||
```
|
||||
|
||||
#### 备份 3. 客户端备份到第二个云储存
|
||||
|
||||
[Deja Dup][15] 是 Fedora 软件仓库中为 Fedora 工作站提供快速备份解决方案的工具。它拥有 GPG 加密,计划任务,文件包含(哪个目录要备份)。
|
||||
|
||||
|
||||
![Backing up to the secondary cloud][16]
|
||||
|
||||
![Restoring files from cloud storage][17]
|
||||
|
||||
### 归档个人数据
|
||||
|
||||
不是所有数据都需要 3-2-1 备份策略。这就是个人数据共享。我将一台拥有 1TB 硬盘的笔记本作为我个人数据的档案(家庭照片)。
|
||||
|
||||
转到设置中的 “共享” (在我的例子中是GNOME文件管理器)并切换滑块以启用共享。
|
||||
|
||||
![][18]
|
||||
|
||||
打开 “文件共享”,“网络” 和 “需要的密码”,允许你使用 WebDAV 协议在你的本地网络上分享你的公共文件夹给其它的工作站。
|
||||
|
||||
![][19]
|
||||
|
||||
### 准备回滚选项
|
||||
|
||||
未测试的备份并不比完全没有备份好。我在家庭实验室环境中使用 ‘热交换’ 方法来避免像频繁的断电或者液体损坏的情况发生。然而,我的建议远没有达到灾难恢复计划或企业 IT 中自动故障修复。
|
||||
|
||||
* 定期运行文件恢复操作
|
||||
* 备份 ssh/GPG 密钥 到一个额外的存储设备中
|
||||
* 复制一个 Fedora ARM 服务器的原生镜像到一个 SD 卡中
|
||||
* 在主云存储中保持全备份的快照
|
||||
* 自动化备份过程最小化减少人为错误或者疏忽
|
||||
|
||||
|
||||
|
||||
### 使用 Cockpit 追踪活动并解决问题
|
||||
|
||||
当你的项目在成长时,你所管理的服务器数量也在增长。在 Cockpit 中追踪活动和警告可以减轻你的管理负担。你可以使用 Cockpit 的图形化界面的三种方法来归档这些。
|
||||
|
||||
|
||||
#### SELinux 菜单
|
||||
|
||||
怎样诊断网络问题,找到日志并在 Cockpit 中解决问题
|
||||
|
||||
* 去 SELinux 中检查日志
|
||||
* 检查“解决方案详细信息”
|
||||
* 当必要时,选择 “应用这个方案”
|
||||
* 如果必要,查看自动化脚本并运行它
|
||||
|
||||
|
||||
|
||||
![SELinux logs][20]
|
||||
|
||||
#### 网络或者存储日志
|
||||
|
||||
服务器日志跟踪CPU负载、内存使用、网络活动和存储性能和系统日志关联的详细指标。日志被组织在网络面板或者存储面板里显示。
|
||||
|
||||
![Storage logs in Cockpit][21]
|
||||
|
||||
#### 软件更新
|
||||
|
||||
在预设的时间和频率下,Cockpit 帮助安全更新。当你需要时,你可以运行所有的更新。
|
||||
|
||||
![Software updates][22]
|
||||
|
||||
恭喜你在 Fedora ARM 服务器版本上设置了一个文件/备份服务器。
|
||||
|
||||
--------------------------------------------------------------------------------
|
||||
|
||||
via: https://fedoramagazine.org/3-2-1-backup-plan-with-fedora-arm-server/
|
||||
|
||||
作者:[Hanku Lee][a]
|
||||
选题:[lujun9972][b]
|
||||
译者:[hwlife](https://github.com/hwlife)
|
||||
校对:[校对者ID](https://github.com/校对者ID)
|
||||
|
||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||
|
||||
[a]: https://fedoramagazine.org/author/hankuoffroad/
|
||||
[b]: https://github.com/lujun9972
|
||||
[1]: https://fedoramagazine.org/wp-content/uploads/2022/04/3-2-1_backup-816x345.jpg
|
||||
[2]: https://unsplash.com/@markuswinkler?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[3]: https://unsplash.com/s/photos/computer-backup?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText
|
||||
[4]: https://docs.fedoraproject.org/en-US/fedora-server/server-installation-sbc/
|
||||
[5]: https://docs.fedoraproject.org/en-US/fedora-server/sysadmin-postinstall/
|
||||
[6]: https://docs.fedoraproject.org/en-US/quick-docs/raspberry-pi/
|
||||
[7]: https://arm.fedoraproject.org/
|
||||
[8]: https://fedoramagazine.org/managing-network-interfaces-and-firewalld-in-cockpit/
|
||||
[9]: https://www.redhat.com/sysadmin/firewalld-rules-and-scenarios
|
||||
[10]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-05-00b-1024x576.png
|
||||
[11]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-03-36a.png
|
||||
[12]: https://fedoramagazine.org/wp-content/uploads/2022/04/Backups3-1-1024x525.jpg
|
||||
[13]: https://fedoramagazine.org/copying-large-files-with-rsync-and-some-misconceptions/
|
||||
[14]: https://docs.hetzner.com/robot/storage-box/
|
||||
[15]: https://fedoramagazine.org/easy-backups-with-deja-dup/
|
||||
[16]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-47-30.png
|
||||
[17]: https://fedoramagazine.org/wp-content/uploads/2022/03/Screenshot-from-2022-03-29-22-41-57.png
|
||||
[18]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-14-20-48-49-1024x733.png
|
||||
[19]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-14-20-51-18st.png
|
||||
[20]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-02-11-24-30b-1024x441.png
|
||||
[21]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-04-21-47-06SL-1024x259.png
|
||||
[22]: https://fedoramagazine.org/wp-content/uploads/2022/04/Screenshot-from-2022-04-04-21-35-42b.png
|
||||
Loading…
Reference in New Issue
Block a user