Linux 发行版本众多,现如今也得到了越来越广泛的应用,同时也面临着系统出现故障的潜在风险,本文将以发行版本 RHEL6 为例详细介绍几种 Linux 灾难恢复技术和方法,以确保 Linux 系统的安全恢复。
在介绍 Linux 灾难恢复方法之前,我们先来了解下 MBR,其全称为 Master Boot Record,即硬盘的主引导记录。它由三个部分组成,主引导程序、硬盘分区表和硬盘有效标志。在总共 512 字节的主引导扇区里主引导程序(Bootloader)占 446 个字节,第二部分是硬盘分区表,占 64 个字节,硬盘有多少分区以及每一分区的大小都记录在其中。第三部分是硬盘有效标志,占 2 个字节。具体如图示:
图 1. MBR
系统硬盘分区表破坏
生产环境中的 Linux 服务器可能会因为病毒或者意外断电而引起硬盘分区表被破坏,通常恢复硬盘分区表需要之前我们先备份其分区表的信息,一般我们使用 USB 外接设备来备份主机硬盘的分区表。
在主机上挂载 USB 设备后我们查看系统当前磁盘设备:
复制
[root@FCoE ~]# fdisk -l Disk /dev/sda: 43.0 GB, 42991616000 bytes 255 heads, 63 sectors/track, 5226 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00032735 Device Boot Start End Blocks Id System /dev/sda1 * 1 17 131072 83 Linux Partition 1 does not end on cylinder boundary. /dev/sda2 17 147 1048576 82 Linux swap / Solaris Partition 2 does not end on cylinder boundary. /dev/sda3 147 5227 40803328 83 Linux Disk /dev/sdb: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Disk /dev/sdb doesn't contain a valid partition table
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
现在我们在 sdb 这个设备上创建一个新的分区:
复制
[root@FCoE ~]# fdisk /dev/sdb Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel Building a new DOS disklabel with disk identifier 0xcdd48395. Changes will remain in memory only, until you decide to write them. After that, of course, the previous content won't be recoverable. Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite) WARNING: DOS-compatible mode is deprecated. It's strongly recommended to switch off the mode (command 'c') and change display units to sectors (command 'u'). Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-261, default 1): Using default value 1 Last cylinder, +cylinders or +size{K,M,G} (1-261, default 261): Using default value 261 Command (m for help): p Disk /dev/sdb: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xcdd48395 Device Boot Start End Blocks Id System /dev/sdb1 1 261 2096451 83 Linux Command (m for help): w The partition table has been altered! Calling ioctl() to re-read partition table. Syncing disks.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
在新分区 sdb1 上创建文件系统:
复制
[root@FCoE ~]# mkfs.ext3 /dev/sdb1 mke2fs 1.41.12 (17-May-2010) Filesystem label= OS type: Linux Block size=4096 (log=2) Fragment size=4096 (log=2) Stride=0 blocks, Stripe width=0 blocks 131072 inodes, 524112 blocks 26205 blocks (5.00%) reserved for the super user First data block=0 Maximum filesystem blocks=536870912 16 block groups 32768 blocks per group, 32768 fragments per group 8192 inodes per group Superblock backups stored on blocks: 32768, 98304, 163840, 229376, 294912 Writing inode tables: done Creating journal (8192 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 24 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
挂载新的文件系统:
复制
[root@FCoE ~]# mount /dev/sdb1 /mnt/
1.
通常我们通过备份硬盘的 MBR 来备份硬盘分区表:
复制
[root@FCoE ~]# dd if=/dev/sda of=/mnt/sda.mbr bs=512 count=1 1+0 records in 1+0 records out 512 bytes (512 B) copied, 0.000777948 s, 658 kB/s
1.
2.
3.
4.
现在我们来写零硬盘分区表来实现类似分区表被破坏的结果:
复制
[root@FCoE ~]# dd if=/dev/zero of=/dev/sda bs=1 count=64 skip=446 seek=446 64+0 records in 64+0 records out 64 bytes (64 B) copied, 0.00160668 s, 39.8 kB/s
1.
2.
3.
4.
查询硬盘 sda 上的分区信息,发现其已不包含任何分区:
复制
[root@FCoE ~]# fdisk -l Disk /dev/sda: 43.0 GB, 42991616000 bytes 255 heads, 63 sectors/track, 5226 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00032735 Device Boot Start End Blocks Id System Disk /dev/sdb: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xcdd48395 Device Boot Start End Blocks Id System /dev/sdb1 1 261 2096451 83 Linux
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
当主机硬盘分区表丢失了之后,再次启动后 GRUB 会因找不到配置文件而进入命令行模式:
图 2. 分区表丢失
接下来我们挂载 RHEL6 的安装盘,同时也接入我们之前备份的 USB 设备,然后重启主机,选择 CD-ROM 为第一引导设备,启动后选择“Rescue installed system”。
图 3. 选择援救
按照提示,最终我们选择一个 shell。
图 4. 选择 shell
我们查询系统磁盘信息,发现硬盘设备 sda 没有包含任何分区。
复制
bash-4.1# fdik – l Disk /dev/sda: 43.0 GB, 42991616000 bytes 255 heads, 63 sectors/track, 5226 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00032735 Device Boot Start End Blocks Id System Disk /dev/sdb: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xcdd48395 Device Boot Start End Blocks Id System /dev/sdb1 1 261 2096451 83 Linux
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
我们来恢复它的硬盘分区表,创建一个目录并且挂载之前备份的 USB 设备,我们看到它的设备名是 /dev/sdb。
复制
bash-4.1# mount /dev/sdb1 /usb bash-4.1# ls /usb lost+found sda.mbr
1.
2.
3.
通过原来备份的 sda.mbr 文件来恢复硬盘设备 sda 的硬盘分区表:
复制
bash-4.1# dd if=/usb/sda.mbr of=/dev/sda bs=1 count=64 skip=446 seek=446 64+0 records in 64+0 records out 64 bytes (64 B) copied, 0.038358 s, 4.6 kB/s
1.
2.
3.
4.
再次查询系统磁盘信息:
复制
bash-4.1# fdisk -l Disk /dev/sda: 43.0 GB, 42991616000 bytes 255 heads, 63 sectors/track, 5226 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00032735 Device Boot Start End Blocks Id System /dev/sda1 * 1 17 131072 83 Linux Partition 1 does not end on cylinder boundary. /dev/sda2 17 147 1048576 82 Linux swap / Solaris Partition 2 does not end on cylinder boundary. /dev/sda3 147 5227 40803328 83 Linux Disk /dev/sdb: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xcdd48395 Device Boot Start End Blocks Id System /dev/sdb1 1 261 2096451 83 Linux
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
硬盘设备 sda 的分区表已经恢复,重启后系统便可正常引导。#p#
系统 GRUB 损坏
类似得我们可以来写零 Bootloader 来实现 GRUB 被破坏的结果:
复制
[root@FCoE grub]# dd if=/dev/zero of=/dev/sda bs=446 count=1 1+0 records in 1+0 records out 446 bytes (446 B) copied, 0.0017583 s, 254 kB/s
1.
2.
3.
4.
重启后系统会因找不到 GRUB 而卡在“Booting from Hard Disk …”
挂载系统安装光盘然后选择进入 Rescue 模式,然后恢复 GRUB:
复制
bash-4.1# chroot /mnt/sysimage sh-4.1# grub grub > root hd(0,0) grub > setup (hd0) grub > quit
1.
2.
3.
4.
5.
图 5. 恢复 GRUB
重启主机后,系统可正常引导。
系统内核文件丢失
系统丢失内核 kernel 文件,再次启动后会提示找不到文件。
图 6. 内核丢失
挂载系统安装盘进入援救模式,检查 /boot 目录下发现没有 kernel 文件。
复制
bash-4.1# chroot /mnt/sysimage bash-4.1# ls /boot ls config-2.6.32-71.el6.x86_64 lost+found efi symvers-2.6.32-71.el6.x86_64.gz grub System.map-2.6.32-71.el6.x86_64 initramfs-2.6.32-71.el6.x86_64.img
1.
2.
3.
4.
5.
6.
7.
从挂载的系统安装盘强制重新安装内核:
复制
sh-4.1# mount – o loop /dev/sr0 /media sh-4.1# cd /media/Server/Packages sh-4.1# rpm -ivh --force kernel-2.6.32-71.el6.x86_64.rpm warning: kernel-2.6.32-71.el6.x86_64.rpm: Header V3 RSA/SHA256 Signature, \ key ID fd431d51: NOKEY Preparing... ########################################### [100%] 1:kernel ########################################### [100%]
1.
2.
3.
4.
5.
6.
7.
在 /boot 目录下已经生成新的 kernel 文件 vmlinuz-2.6.32-71.el6.x86_64
复制
sh-4.1## ls /boot config-2.6.32-71.el6.x86_64 lost+found efi symvers-2.6.32-71.el6.x86_64.gz grub System.map-2.6.32-71.el6.x86_64 initramfs-2.6.32-71.el6.x86_64.img vmlinuz-2.6.32-71.el6.x86_64
1.
2.
3.
4.
5.
重启主机后,系统可正常引导。
系统镜像文件丢失
系统丢失镜像文件,主机启动后黑屏。
图 7. 镜像丢失
挂载系统安装盘进入援救模式 , 检查 /boot 目录下发现没有镜像文件。
复制
bash-4.1# chroot /mnt/sysimage sh-4.1# ls /boot config-2.6.32-71.el6.x86_64 symvers-2.6.32-71.el6.x86_64.gz efi System.map-2.6.32-71.el6.x86_64 grub vmlinuz-2.6.32-71.el6.x86_64 lost+found
1.
2.
3.
4.
5.
6.
重新生成镜像文件 initramfs-2.6.32-71.el6.x86_64.img。
复制
sh-4.1# cd /boot sh-4.1# mkinit sh-4.1# ls config-2.6.32-71.el6.x86_64 lost+found efi symvers-2.6.32-71.el6.x86_64.gz grub System.map-2.6.32-71.el6.x86_64 initramfs-2.6.32-71.el6.x86_64.img vmlinuz-2.6.32-71.el6.x86_64
1.
2.
3.
4.
5.
6.
7.
重启主机后 , 系统可正常引导。#p#
系统 /boot 分区损坏
一般来说系统 /boot 分区损坏,我们会先尝试修复文件系统。如果文件系统损坏不能修复,那么我们可以参照前述的方法来依次新建 /boot 分区,重新安装内核和镜像,然后安装 GURB 再手工编辑引导菜单,以最终来恢复系统可正常引导。通常我们需要按照如下的步骤来恢复。
创建分区
碰到比较严重的情况就是 /boot 分区已经完全损坏,启动时会提示找不到引导设备。
图 8. 引导分区损坏
挂载安装盘后进入援救模式,查看分区情况,发现分区 /dev/sda1 不存在。
复制
bash-4.1# Disk /dev/sda: 43.0 GB, 42991616000 bytes 255 heads, 63 sectors/track, 5226 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sda2 17 147 1048576 82 Linux swap / Solaris Partition 2 does not end on cylinder boundary. /dev/sda3 147 5227 40803328 83 Linux Disk /dev/sdb: 2147 MB, 2147483648 bytes 255 heads, 63 sectors/track, 261 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xcdd48395 Device Boot Start End Blocks Id System /dev/sdb1 1 261 2096451 83 Linux
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
新建一个分区并且设置它为启动分区。
复制
bash-4.1# fdisk /dev/sda WARNING: DOS-compatible mode is deprecated. It's strongly recommended to switch off the mode (command 'c') and change display units to sectors (command 'u'). Command (m for help): n Command action e extended p primary partition (1-4) p Partition number (1-4): 1 First cylinder (1-5226, default 1): Using default value 1 Last cylinder, +cylinders or +size{K,M,G} (1-16, default 16): Using default value 16 Command (m for help): a Partition number (1-4): 1 Command (m for help): p Disk /dev/sda: 43.0 GB, 42991616000 bytes 255 heads, 63 sectors/track, 5226 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000 Device Boot Start End Blocks Id System /dev/sda1 * 1 16 128488+ 83 Linux /dev/sda2 17 147 1048576 82 Linux swap / Solaris Partition 2 does not end on cylinder boundary. /dev/sda3 147 5227 40803328 83 Linux Command (m for help): w The partition table has been altered!
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
重启主机以更新分区表,然后进入援救模式,并在我们新创建的分区上创建文件系统。
复制
bash-4.1# mkfs.ext4 /dev/sda1 Filesystem label= OS type: Linux Block size=1024 (log=0) Fragment size=1024 (log=0) Stride=0 blocks, Stripe width=0 blocks 32128 inodes, 128488 blocks 6424 blocks (5.00%) reserved for the super user First data block=1 Maximum filesystem blocks=67371008 16 block groups 8192 blocks per group, 8192 fragments per group 2008 inodes per group Superblock backups stored on blocks: 8193, 24577, 40961, 57345, 73729 Writing inode tables: done Creating journal (4096 blocks): done Writing superblocks and filesystem accounting information: done This filesystem will be automatically checked every 38 mounts or 180 days, whichever comes first. Use tune2fs -c or -i to override.
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
安装内核镜像文件
通过前述的方法我们安装内核和镜像文件。
复制
bash-4.1# chroot /mnt/sysimage sh-4.1# mount /dev/sda1 /boot sh-4.1# mount – o loop /dev/sr0 /media sh-4.1# cd /media/Server/Packages sh-4.1# rpm -ivh --force kernel-2.6.32-71.el6.x86_64.rpm warning: kernel-2.6.32-71.el6.x86_64.rpm: \ Header V3 RSA/SHA256 Signature, key ID fd431d51: NOKEY Preparing... ########################################### [100%] 1:kernel ########################################### [100%]
1.
2.
3.
4.
5.
6.
7.
8.
9.
安装 GRUB
我们安装 GRUB 到硬盘设备 sda 上。
复制
sh-4.1# grub-install /dev/sda Installation finished. No error reported. This is the contents of the device map /boot/grub/device.map. Check if this is correct or not. If any of the lines is incorrect, fix it and re-run the script `grub-install'. (fd0) /dev/fd0 (hd0) /dev/sda (hd1) /dev/sdb
1.
2.
3.
4.
5.
6.
7.
8.
9.
编辑引导菜单
由于我们创建了新的分区,其对应的 UUID 会发生变化,可以通过命令 blkid 来查询分区的 UUID。
复制
bash-4.1# blkid /dev/loop0: TYPE="squashfs" /dev/sda2: UUID="7b1e0fac-ff06-492c-848d-497e2a38c54e" TYPE="swap" /dev/sda3: UUID="ef89764e-04ff-4f26-ae82-dcab267ecc66" TYPE="ext4" /dev/sdb1: UUID="2b824352-df2a-44c6-a547-838d46f526fa" SEC_TYPE="ext2" TYPE="ext3" /dev/loop1: LABEL="RHEL_6.0 x86_64 Disc 1" TYPE="iso9660" /dev/sda1: UUID="cec964af-1618-48ff-ac33-4ef71b9d3265" TYPE="ext4"
1.
2.
3.
4.
5.
6.
7.
上述的 sda3 为根分区,编辑 /boot/grub/grub.conf 文件更新其对应的 UUID,其内容如下。
复制
title Red Hat Enterprise Linux 6 root (hd0,0) kernel /vmlinuz-2.6.32-71.el6.x86_64 \ root=UUID=ef89764e-04ff-4f26-ae82-dcab267ecc66 rhgb quiet initrd /initramfs-2.6.32-71.el6.x86_64.img
1.
2.
3.
4.
5.
更新 /etc/fstab
类似的我们也需要更新 /etc/fstab 里 /boot 分区对应的新 UUID,其内容如下。
复制
# # /etc/fstab # Created by anaconda on Sun Mar 18 04:35:07 2012 # # Accessible filesystems, by reference, are maintained under '/dev/disk' # See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info # UUID=ef89764e-04ff-4f26-ae82-dcab267ecc66 / ext4 defaults 1 1 UUID=cec964af-1618-48ff-ac33-4ef71b9d3265 /boot ext4 defaults 1 2 UUID=7b1e0fac-ff06-492c-848d-497e2a38c54e swap swap defaults 0 0 tmpfs /dev/shm tmpfs defaults 0 0 devpts /dev/pts devpts gid=5,mode=620 0 0 sysfs /sys sysfs defaults 0 0 proc /proc proc defaults 0 0
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
现在我们的恢复步骤已经完成,重启主机后 GRUB 中可见我们配置的系统列表。
图 9. GRUB 菜单
至此 /boot 分区已恢复,系统可正常引导启动。
图 10. 系统启动
总结
本文阐述了常见的 Linux 灾难恢复技术和方法,及其出现严重灾难时应注意的恢复顺序,以确保 Linux 系统在出现灾难时得以安全恢复。