一、背景

生产环境的mongodb数据库是直接购买阿里云的云数据库，但是在公司研发环境，我们是自己手动部署的。开发和测试的数据当然没有生产环境那么重要，但备份也是必要的，只不过容忍一定的数据丢失。

二、备份脚本

• vi /etc/crontab

# 每天的凌晨1点执行备份
0 1 * * *  root /usr/bin/bash /data/mongo_bak.sh >/dev/null 2>&1

• vi /data/mongo_bak.sh

#!/bin/bash
#
d=$(date -d "-1 day" "+%F")# 先把备份数据库保存在本地目录/mongo_bak/
[ -d /mongo_bak/$d ] || mkdir -p /mongo_bak/$d
mongodump --port 3717 -u "{用户名}" -p "{密码}" --authenticationDatabase "admin" -o /mongo_bak/$d/ >/dev/null 2>&1# 压缩
cd /mongo_bak && tar -czf /mongo_bak/$d.tar.gz $d && cd# 将备份文件复到远端目录/data/mongo_bak/bak/
scp /mongo_bak/$d.tar.gz mongo_bak@192.168.8.15:/data/mongo_bak/bak/ >/dev/null 2>&1#删除源目录中的备份文件
rm -rf /mongo_bak/*#远端保留7天的备份
ssh mongo_bak@192.168.8.15 "find /data/mongo_bak/bak/ -mtime +7 |xargs rm -rf"

• 192.168.8.15 是保存数据库备份的远程机器
• /data/mongo_bak/bak/是远程机器的备份目录
• /mongo_bak/是本地机器的备份目录

三、ssh免密登录

1、生成ssh密钥对

[root@mongodb1 mongo_bak]# ssh-keygen -t rsa -C "mongo" -b 4096
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:xouv9rIur/REHf88TroIiiupY+uidqHZFPBfUAwftc0 mongo
The key's randomart image is:
+---[RSA 4096]----+
|     .+o..       |
| .   .... +      |
|  o   .... E     |
|   o   + o       |
|    o o S .      |
|   o o o . o     |
| .= o + .   =    |
|== =.+oo . + .   |
|X==.o**=+ o..    |
+----[SHA256]-----+[root@mongodb1 mongo_bak]# ll ~/.ssh/
total 12
-rw------- 1 root root  381 Oct 11  2023 authorized_keys
-rw------- 1 root root 3243 May 28 16:16 id_rsa
-rw-r--r-- 1 root root  731 May 28 16:16 id_rsa.pub

2、发送ssh公钥至远程机器

[root@mongodb1 mongo_bak]# cat ~/.ssh/id_rsa.pub | ssh root@192.168.8.15 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys | chmod 700 ~/.ssh && chmod 600 ~/.ssh/authorized_keys"The authenticity of host '192.168.8.15 (192.168.8.15)' can't be established.
ECDSA key fingerprint is SHA256:kq7eeYGHgUUw1HrymOBVR8amY0Krpv4RZFpBQUMHh2M.
ECDSA key fingerprint is MD5:9b:7d:49:5c:61:18:61:58:23:85:63:46:58:94:f1:23.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.8.15' (ECDSA) to the list of known hosts.
root@192.168.8.15's password: 

执行该命令后，最后会提示你输入远程机器的root用户对应的登录密码。

3、登录远程机器，查看authorized_keys

root@EOS6:~/.ssh# vi authorized_keys

4、本机验证

ssh root@192.168.8.15 本地不用输入密码即可登录远程机器192.168.8.15。

四、验证

1、本地备份

在备份的过程中，会在目录/mongo_bak生成如下文件。

[root@mongodb1 mongo_bak]# ll -h
total 2.0G
drwxr-xr-x 17 root root 4.0K May 28 16:32 2024-05-27
-rw-r--r--  1 root root 1.9G May 28 16:46 2024-05-27.tar.gz
[root@mongodb1 mongo_bak]# pwd
/mongo_bak

2、远程机器

• 备份执行前
  

root@EOS6:/data/mongo_bak/bak# ll
总用量 8
drwxr-xr-x 2 root root 4096 5月  28 16:33 ./
drwxr-xr-x 3 root root 4096 5月  28 16:33 ../

• 备份执行后
  

root@EOS6:/data/mongo_bak/bak# ll -h
总用量 3.0G
drwxr-xr-x 2 root root 4.0K 5月  28 17:11 ./
drwxr-xr-x 3 root root 4.0K 5月  28 16:33 ../
-rw-r--r-- 1 root root 3.0G 5月  28 17:12 2024-05-27.tar.gz