备份策略:数据保护最佳实践
备份策略框架
备份策略核心要素:
├── 备份类型: 全量、增量、差异
├── 备份频率: 实时、每小时、每天
├── 保留策略: 保留周期、版本数量
├── 存储位置: 本地、异地、云存储
└── 验证机制: 定期测试、完整性检查
备份类型
全量备份
#!/bin/bash
# full-backup.sh
BACKUP_DIR="/backup/full/$(date +%Y%m%d)"
mkdir -p $BACKUP_DIR
# 全量备份数据库
pg_dump -U postgres -h localhost -Fc mydb > $BACKUP_DIR/db_full.dump
# 全量备份文件系统
tar -czvf $BACKUP_DIR/files_full.tar.gz \
/etc/ \
/home/ \
/opt/app/config/
# 上传到S3
aws s3 sync $BACKUP_DIR s3://my-backups/full/$(date +%Y%m%d)/
echo "全量备份完成: $BACKUP_DIR"
增量备份
#!/bin/bash
# incremental-backup.sh
BACKUP_DIR="/backup/incremental/$(date +%Y%m%d_%H%M%S)"
mkdir -p $BACKUP_DIR
# 使用tar的增量备份功能
tar -czvf $BACKUP_DIR/files_inc.tar.gz \
--listed-incremental=/backup/snapshot.snar \
/home/ \
/opt/app/
# 数据库WAL归档(PostgreSQL)
# 在postgresql.conf中配置
# archive_mode = on
# archive_command = 'test ! -f /backup/wal/%f && cp %p /backup/wal/%f'
echo "增量备份完成"
差异备份
#!/bin/bash
# differential-backup.sh
FULL_BACKUP_DATE=$(ls -td /backup/full/* | head -1)
DIFF_BACKUP_DIR="/backup/differential/$(date +%Y%m%d)"
mkdir -p $DIFF_BACKUP_DIR
# 差异备份(自上次全量备份以来的变化)
tar -czvf $DIFF_BACKUP_DIR/files_diff.tar.gz \
--newer=$FULL_BACKUP_DATE \
/home/ \
/opt/app/
echo "差异备份完成: $DIFF_BACKUP_DIR"
数据库备份
PostgreSQL备份
#!/bin/bash
# postgres-backup.sh
# 全量备份
pg_dump -U postgres -h localhost -Fc -Z 9 mydb > /backup/db_full_$(date +%Y%m%d).dump
# 并行备份
pg_dump -U postgres -h localhost -Fc -j 4 mydb > /backup/db_parallel.dump
# 逻辑备份(SQL格式)
pg_dump -U postgres -h localhost -Fp mydb > /backup/db_sql_$(date +%Y%m%d).sql
# 备份所有数据库
pg_dumpall -U postgres -h localhost > /backup/all_databases.sql
MySQL备份
#!/bin/bash
# mysql-backup.sh
# 全量备份
mysqldump -u root -p --all-databases --single-transaction \
--routines --triggers --events | gzip > /backup/mysql_full_$(date +%Y%m%d).sql.gz
# 只备份特定数据库
mysqldump -u root -p mydb --single-transaction > /backup/mydb_$(date +%Y%m%d).sql
# 使用xtrabackup(物理备份)
xtrabackup --backup --target-dir=/backup/xtrabackup_$(date +%Y%m%d)
MongoDB备份
#!/bin/bash
# mongodb-backup.sh
# 使用mongodump
mongodump --uri="mongodb://localhost:27017" \
--out=/backup/mongodb_$(date +%Y%m%d) \
--gzip
# 备份特定数据库
mongodump --uri="mongodb://localhost:27017/mydb" \
--out=/backup/mydb_$(date +%Y%m%d)
文件系统备份
rsync备份
#!/bin/bash
# rsync-backup.sh
# 本地备份
rsync -avz --delete \
/home/ \
/backup/home/
# 远程备份
rsync -avz --delete \
/home/ \
user@remote-server:/backup/home/
# 使用增量备份
rsync -avz --delete --link-dest=/backup/latest \
/home/ \
/backup/incremental/$(date +%Y%m%d)/
# 更新latest链接
ln -sfn /backup/incremental/$(date +%Y%m%d) /backup/latest
使用Borg备份
#!/bin/bash
# borg-backup.sh
REPO="/backup/borg-repo"
ARCHIVE_NAME="home-$(date +%Y%m%d-%H%M%S)"
# 初始化仓库
borg init --encryption=repokey $REPO
# 创建备份
borg create \
--stats \
--progress \
--compression lz4 \
$REPO::$ARCHIVE_NAME \
/home/ \
/etc/ \
/opt/app/config/
# 列出备份
borg list $REPO
# 清理旧备份
borg prune \
--keep-daily=7 \
--keep-weekly=4 \
--keep-monthly=6 \
$REPO
云存储备份
AWS S3备份
#!/bin/bash
# s3-backup.sh
# 上传备份到S3
aws s3 sync /backup/ s3://my-backups/$(date +%Y%m%d)/ \
--storage-class STANDARD_IA
# 启用版本控制
aws s3api put-bucket-versioning \
--bucket my-backups \
--versioning-configuration Status=Enabled
# 设置生命周期策略
aws s3api put-bucket-lifecycle-configuration \
--bucket my-backups \
--lifecycle-configuration '{
"Rules": [
{
"ID": "MoveToIA",
"Status": "Enabled",
"Transitions": [
{
"Days": 30,
"StorageClass": "STANDARD_IA"
},
{
"Days": 90,
"StorageClass": "GLACIER"
}
],
"Expiration": {
"Days": 365
}
}
]
}'
配置备份策略
# backup-policy.yaml
backup_policy:
production_database:
type: "database"
method: "pg_dump"
frequency: "daily"
retention: "30d"
storage: "s3://backups/db/"
encryption: true
verification: true
production_files:
type: "filesystem"
method: "borg"
frequency: "daily"
retention: "90d"
storage: "s3://backups/files/"
compression: "lz4"
kubernetes_configs:
type: "kubernetes"
method: "kubectl"
frequency: "hourly"
retention: "7d"
storage: "s3://backups/k8s/"
备份验证
自动化验证脚本
#!/bin/bash
# verify-backup.sh
BACKUP_FILE=$1
VERIFY_DIR="/tmp/verify_$$"
mkdir -p $VERIFY_DIR
echo "验证备份文件: $BACKUP_FILE"
# 1. 检查文件完整性
echo "检查文件完整性..."
if ! gzip -t $BACKUP_FILE; then
echo "错误: 备份文件损坏"
exit 1
fi
# 2. 解压验证
echo "解压备份文件..."
gunzip -c $BACKUP_FILE > $VERIFY_DIR/restored.sql
# 3. 语法检查
echo "检查SQL语法..."
psql -U postgres -f $VERIFY_DIR/restored.sql --set ON_ERROR_STOP=on 2>&1 | head -20
# 4. 数据验证
echo "验证数据..."
TABLE_COUNT=$(psql -U postgres -t -c "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = 'public';")
echo "表数量: $TABLE_COUNT"
# 清理
rm -rf $VERIFY_DIR
echo "备份验证完成"
定期验证计划
# verification-schedule.yaml
verification:
daily:
- "检查备份文件大小"
- "验证备份完成状态"
weekly:
- "解压测试"
- "SQL语法验证"
monthly:
- "完整恢复测试"
- "数据一致性检查"
quarterly:
- "灾难恢复演练"
- "备份策略审查"
备份监控
Prometheus监控
# prometheus-rules.yaml
groups:
- name: backup-monitoring
rules:
- alert: BackupFailed
expr: backup_status{job="backup"} == 0
for: 1h
labels:
severity: critical
annotations:
summary: "备份任务失败"
description: "{{ $labels.backup_type }} 备份失败"
- alert: BackupOld
expr: time() - backup_last_success_timestamp > 86400 * 2
labels:
severity: warning
annotations:
summary: "备份过期"
description: "{{ $labels.backup_type }} 备份已超过2天未更新"
最佳实践
- 3-2-1规则: 3份副本,2种介质,1份异地
- 自动化: 备份过程完全自动化
- 加密: 备份数据必须加密
- 验证: 定期验证备份可恢复性
- 监控: 监控备份状态和完成情况
- 文档: 保持恢复流程文档更新