使用ssh实现oracle数据库备份文件自动异地存储

发表于:2007-05-26来源:作者:点击数: 标签:
使用export DATE=$(date +%Y%m%d) 日期参数和成功建立ssh RSA密匙对是关键 首先在oracle 数据库 服务器 (211.96.97.52)设定自动备份脚本 -bash-2.05b$ more /opt/oracle/product/movedata/movedata1.sh ORACLE_HOME=/opt/oracle/product/9.0.2 export ORACLE
使用export DATE=$(date +%Y%m%d)   日期参数和成功建立ssh RSA密匙对是关键

 

首先在oracle数据库服务器(211.96.97.52)设定自动备份脚本

-bash-2.05b$ more /opt/oracle/product/movedata/movedata1.sh
ORACLE_HOME=/opt/oracle/product/9.0.2
export ORACLE_HOME
. /opt/oracle/product/.bash_profile
export DATE=$(date +%Y%m%d)                   #DATE变量的赋值代表当前日期
/opt/oracle/product/9.0.2/bin/exp goldring/123456@szdb file=/data/OracleDB_Backup/goldring.dmp log=/data/OracleDB_Back
up/loggoldring.dmp consistent=yes
/opt/oracle/product/9.0.2/bin/exp jltgame/123456@szdb file=/data/OracleDB_Backup/jltgame$DATE.dmp log=/data/OracleDB_Ba
ckup/logjltgame$DATE.dmp consistent=yes
/opt/oracle/product/9.0.2/bin/exp userid=oraclebackup/"abcd456&*("@szdb owner=moonprincess file=/data/OracleDB_Backup/moon
princess.dmp log=/data/OracleDB_Backup/logmoonprincess.dmp consistent=yes
#ftp -n 10.0.0.3 < /opt/oracle/product/movedata/ftpcommand

把/opt/oracle/product/movedata/movedata1.sh加入定时任务自动执行
-bash-2.05b$ crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (/tmp/crontab.2257 installed on Wed Feb  2 13:40:43 2005)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0 2 * * * sh /opt/oracle/product/movedata/movedata1.sh
0 6 * * * rm -f /opt/oracle/product/9.0.2/oradata/szdb/archive/*

然后在远程备份存储服务器(61.144.222.111)编写如下远程拷贝脚本:(因为我远程oracle数据库的备份是放在211.96.97.46上,所以脚本中的ip不是oracle数据库服务器的211.96.97.52)
[log@gameserver log]$ more /home/log/52.sh        
export DATE=$(date +%Y%m%d)                  #注意:该DATE变量赋值的格式要和远程oracle数据库的DATE变量赋值格式一致
scp log@211.96.97.46:/data/OracleDB_Backup/jltgame$DATE.dmp /backup/52backup
scp log@211.96.97.46:/data/OracleDB_Backup/logjltgame$DATE.dmp /backup/52backup

将52.sh加入定时任务自动执行
[log@gameserver 37backup]$ crontab -l
30 3 * * * /home/log/52.sh

这时因为/home/log/52.sh script脚本没有设定输入密码,所以还需要建立RSA的密钥
在61.144.222.111生成log用户RSA密匙对


[log@gameserver log]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/log/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /log/.ssh/id_rsa.
Your public key has been saved in /log/.ssh/id_rsa.pub.
The key fingerprint is:
0a:be:f4:c6:55:50:d2:7a:e7:e7:ba:66:cd:d7:2f:26 log@gameserver

生成的过程中提示输入密钥对保存位置,直接回车,接受默认值就行了。接着会提示输入一
个不同于你的password的密码,直接回车,让它空着。当然,也可以输入一个。(我比较懒
,不想每次都要输入密码。) 这样,密钥对就生成完了。
其中公共密钥保存在 ~/.ssh/id_rsa.pub
私有密钥保存在 ~/.ssh/id_rsa
然后改一下 .ssh 目录的权限,使用命令 "chmod 755 ~/.ssh"
[log@gameserver log]$ chmod 0755 ~/.ssh/
之后把这个密钥对中的公共密钥拷贝到211.96.97.46的log用户,并保存为
~/.ssh/authorized_keys

[log@gameserver log]# scp /home/log/.ssh/id_rsa.pub 211.96.97.46:/home/log/.ssh/authorized_keys

此时调用/home/log/52.sh 一下,测试以下即大功告成

注意1:建立这对密钥以后,在61.144.222.111上远程登录211.96.97.46也不需要输入帐号密码了,这点很危险,所以慎用

注意2: id_rsa文件的权限必须是0700,否则密钥对不能生效,导致还是必须要输密码才能建立连接
[log@waplb .ssh]$ pwd
/home/log/.ssh
[log@waplb .ssh]$ ll
total 12
-rwx------    1 log      log           883  2月  2 17:16 id_rsa
-rwxr-xr-x    1 log      log           219  2月  2 17:16 id_rsa.pub
-rwxr-xr-x    1 log      log           445  2月  2 16:45 known_hosts

参考:http://www.chinaunix.net/jh/4/343905.html
      http://www-900.ibm.com/developerworks/cn/linux/l-backup/index.shtml
      http://www-900.ibm.com/developerWorks/cn/linux/security/openssh/part1/index.shtml#10

原文转自:http://www.ltesting.net