配置备份服务器

前提条件

• 安装前准备请提前规划备份服务器的相关网络平面参数。
• 已准备跨平台远程访问工具如“PuTTY”。
• 已获取eBackup服务器“root”帐号的登录密码。

操作步骤

1. 以“root”帐号登录待配置的eBackup服务器。

   “root”帐号初始密码为“Cloud12#$”。

   使用跨平台访问工具登录，或在VMware vSphere Client工具中的控制台登录。

2. 执行cd 备份软件安装包所在目录命令进入初始配置脚本目录。

   备份软件安装包所在目录为/opt/eBackup_8.0.0-LHC01/action。

3. 执行sh ebackup_utilities.sh config命令，开始进行初始化配置。

   回显如下信息。

   Please select network type for this machine:
    1.ipv4
    2.ipv6

4. 输入“1”，按“Enter”。

   1
   Please select a role for this machine:
    1.Backup Server 
    2.Backup Proxy 
    3.Backup Manager 
    4.Backup Workflow Server 

5. 输入“1”，按“Enter”。

   1
   ===================================================================================================
   Note:
   In the following steps you will be required to configure four network planes for eBackup.
   The definition of each network plane is as follows:
   Backup management plane: the communication plane for eBackup to provide external services.
   Internal communication plane: the communication plane between backup server and backup proxy.
   Production management plane: the communication plane between eBackup and the management plane of the production end.
   Storage plane: the communication plane between eBackup and the storage plane of the production end and communication plane between eBackup and backup storage.
   ====================================================================================================
   
   Set network adapter for 'Backup management' network plane:
   [1] bond1 MAC=28:6E:D4:88:C6:F2 IP=192.168.1.10 MASK=255.255.254.0 
   [2] bond2 MAC=28:6E:D4:88:C6:F3 IP=10.10.1.10 MASK=255.255.254.0 
   Which network adapter from the above list would you like to bind to the 'Backup management' network plane?

6. 配置备份服务器网络平面。
   

   此处需要为备份服务器的五个网络平面绑定相应的网卡，具体绑定哪张网卡请根据规划网络中的网络规划进行选择。

   本节以备份服务器配置两张网卡，备份管理平面、生产管理平面、内部通信平面、生产存储平面绑定在同一张网卡，备份存储平面绑定在一张网卡为例说明。

   1. 选择备份管理平面需要绑定的网卡，按“Enter”。
      

      如果选择bond1作为备份管理平面需要绑定的网卡，请输入“1”。

      1
      Set network adapter for 'Internal communication' network plane:
      [1] bond1 MAC=28:6E:D4:88:C6:F2 IP=192.168.1.10 MASK=255.255.254.0 
      [2] bond2 MAC=28:6E:D4:88:C6:F3 IP=10.10.1.10 MASK=255.255.254.0 
      Which network adapter from the above list would you like to bind to the 'Internal communication' network plane?

   2. 选择内部通信平面需要绑定的网卡，按“Enter”。

      1
      Set network adapter for 'Production management' network plane:
      [1] bond1 MAC=28:6E:D4:88:C6:F2 IP=192.168.1.10 MASK=255.255.254.0 
      [2] bond2 MAC=28:6E:D4:88:C6:F3 IP=10.10.1.10 MASK=255.255.254.0 
      Which network adapter from the above list would you like to bind to the 'Production management' network plane?

   3. 选择生产管理平面需要绑定的网卡，按“Enter”。

      1
      Set network adapter for 'Production Storage' network plane:
      [1] bond1 MAC=28:6E:D4:88:C6:F2 IP=192.168.1.10 MASK=255.255.254.0 
      [2] bond2 MAC=28:6E:D4:88:C6:F3 IP=10.10.1.10 MASK=255.255.254.0 
      Which network adapter from the above list would you like to bind to the 'Production Storage' network plane?    

   4. 选择生产存储平面需要绑定的网卡，按“Enter”。

      1
      Set network adapter for 'Backup Storage' network plane:
      [1] bond1 MAC=28:6E:D4:88:C6:F2 IP=192.168.1.10 MASK=255.255.254.0 
      [2] bond2 MAC=28:6E:D4:88:C6:F3 IP=10.10.1.10 MASK=255.255.254.0 
      Which network adapter from the above list would you like to bind to the 'Backup Storage' network plane?

   5. 选择备份存储平面需要绑定的网卡，按“Enter”。

      2
      Enter a floating IP address that is in the same network segment as the internal communication plane.

   6. 设置浮动IP地址。

      浮动IP地址为内部通信平面浮动IP地址。请确保浮动IP地址跟内部通信平面IP地址在同一网段中，且未被使用。

      回显如下信息，表示配置成功。

      192.168.1.12
      Configuration succeeded.
      grep: this version of PCRE is compiled without UTF support
      The ebk_accelerator agent of OceanStor BCManager eBackup was started successfully.
      Start:ebk_accelerator service succeeded.
      start reload gaussdb
      grep: this version of PCRE is compiled without UTF support
      The ebk_backup agent of OceanStor BCManager eBackup was started successfully.
      Start:ebk_backup service succeeded.
      grep: this version of PCRE is compiled without UTF support
      The ebk_copy agent of OceanStor BCManager eBackup was started successfully.
      Start:ebk_copy service succeeded.
      grep: this version of PCRE is compiled without UTF support
      The ebk_delete agent of OceanStor BCManager eBackup was started successfully.
      Start:ebk_delete service succeeded.
      grep: this version of PCRE is compiled without UTF support
      The ebk_mgr agent of OceanStor BCManager eBackup was started successfully.
      Start:ebk_mgr service succeeded.
      grep: this version of PCRE is compiled without UTF support
      The ebk_restore agent of OceanStor BCManager eBackup was started successfully.
      Start:ebk_restore service succeeded.
      grep: this version of PCRE is compiled without UTF support
      The ebk_vmware agent of OceanStor BCManager eBackup was started successfully.
      Start:ebk_vmware service succeeded.
      
      service hcp start:completed
      You can access the eBackup UI using the following link.
       https://192.168.1.10:8088 or 192.168.1.10
      Alternatively, you can access the eBackup CLI through SSH session.

7. 依次执行以下命令进行安全加固。

   加固后禁止使用“root”帐号直接登录，请使用“hcp”帐号登录，“hcp”帐号的初始密码为“PXU9@ctuNov17!”。

   cd /opt/huawei-data-protection/ebackup/bin/StandardHardening

   echo -e "yes\nyes\n"|./StandardSuseHardening.sh

   

   执行该命令会重启eBackup服务器，如需登录eBackup服务器请您稍后重试。