准备
selinux、iptables关闭
duwen111的配置
[root@duwen111 ~]# cat /etc/xinetd.d/rsync # default: off # description: The rsync server is a good addition to an ftp server, as it \ #allows crc checksumming etc. service rsync { disable= no #这里改成no了 flags= IPv6 socket_type = stream wait = no user = root server = /usr/bin/rsync server_args = --daemon log_on_failure += USERID }
[root@duwen111 xinetd.d]# /etc/init.d/xinetd start 正在启动 xinetd: [确定] [root@duwen111 xinetd.d]# netstat -anptu | grep 873 tcp 0 0 :::873 :::* LISTEN 17151/xinetd [root@duwen111 xinetd.d]#
准备好测试数据
服务端duwen111
[root@duwen111 html]# ls config-2.6.32-431.el6.x86_64 initramfs-2.6.32-431.el6.x86_64.img System.map-2.6.32-431.el6.x86_64 efi lost+found vmlinuz-2.6.32-431.el6.x86_64 grub symvers-2.6.32-431.el6.x86_64.gz [root@duwen111 html]# pwd /var/www/html [root@duwen111 html]#
客户端duwen112
[root@duwen112 ~]# mkdir /web_back [root@duwen112 ~]# cd /web_back/ [root@duwen112 web_back]# ls [root@duwen112 web_back]#
实验1
使用rsync备份数据
[root@duwen111 ~]# useradd rget1 [root@duwen111 ~]# useradd rput1 [root@duwen111 ~]# echo rget1:123456 | chpasswd [root@duwen111 ~]# echo rput1:123456 | chpasswd [root@duwen111 ~]# setfacl -R -m user:rput1:rwx /var/www/html/ [root@duwen111 ~]# setfacl -R -m default:user:rput1:rwx /var/www/html/ [root@duwen111 ~]# setfacl -R -m user:rget1:rwx /var/www/html/ [root@duwen111 ~]# setfacl -R -m default:rget1:rwx /var/www/html/
来看看效果
[root@duwen111 ~]# getfacl /var/www/html getfacl: Removing leading '/' from absolute path names # file: var/www/html # owner: root # group: root user::rwx user:rget1:rwx user:rput1:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:rget1:rwx default:user:rput1:rwx default:group::r-x default:mask::rwx default:other::r-x [root@duwen111 ~]#
开始干活
[root@duwen112 web_back]# rsync -avz --delete [email protected]:/var/www/html/ /web_back The authenticity of host '10.211.55.11 (10.211.55.11)' can't be established. RSA key fingerprint is 40:e1:ad:c0:9a:b6:fc:e7:d9:6d:c3:0e:f4:4d:3a:49. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.211.55.11' (RSA) to the list of known hosts. [email protected]'s password: Permission denied, please try again. [email protected]'s password: receiving incremental file list ./ System.map-2.6.32-431.el6.x86_64 config-2.6.32-431.el6.x86_64 initramfs-2.6.32-431.el6.x86_64.img symvers-2.6.32-431.el6.x86_64.gz vmlinuz-2.6.32-431.el6.x86_64 efi/ efi/EFI/ efi/EFI/redhat/ efi/EFI/redhat/grub.efi grub/ grub/device.map grub/e2fs_stage1_5 grub/fat_stage1_5 grub/ffs_stage1_5 grub/grub.conf grub/iso9660_stage1_5 grub/jfs_stage1_5 grub/menu.lst -> ./grub.conf grub/minix_stage1_5 grub/reiserfs_stage1_5 grub/splash.xpm.gz grub/stage1 grub/stage2 grub/ufs2_stage1_5 grub/vstafs_stage1_5 grub/xfs_stage1_5 lost+found/ sent 436 bytes received 22393077 bytes 1791481.04 bytes/sec total size is 24888221 speedup is 1.11 [root@duwen112 web_back]#
实验2
rsync非系统用户备份数据
使用系统配置文件/etc/rsyncd.conf来备份数据,创建备份账户,最后把rsync以deamon方式运行
[root@duwen111 ~]# cat /etc/rsyncd.conf uid = nobody gid = nobody address =10.211.55.11 port =873 hosts allow =10.211.55.12 use chroot = yes max connections = 5 pid file =/var/run/rsyncd.pid lock file =/var/run/rsync.lock log file =/var/log/rsyncd.log motd file =/etc/rsyncd.motd [MOShen] path =/var/www/html comment = used for web_back root read only = yes list = yes auth users = rsyncuser secrets file =/etc/rsync.passwd [root@duwen111 ~]#
创建提示文件和用户密码
[root@duwen111 ~]# echo "Welcome to Backup Server" > /etc/rsyncd.motd [root@duwen111 ~]# vim /etc/rsync.passwd [root@duwen111 ~]# cat /etc/rsync.passwd rsyncuser:111111 [root@duwen111 ~]# chmod 600 /etc/rsync.passwd [root@duwen111 ~]#
启动服务
rsync --daemon —config=/etc/rsyncd.conf [root@duwen111 ~]# netstat -antup | grep :873 tcp 0 0 :::873 :::* LISTEN 17151/xinetd [root@duwen111 ~]# chkconfig xinetd on
测试下
rsync语法: rsync 选项 用户名@备份源服务器IP::共享模块名 目标目录
[root@duwen112 ~]# rsync -avz [email protected]::MOShen /web_back/
执行后的屏幕输出,要输入密码:
Welcome to Backup Server
Password:
receiving incremental file list
rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13)
./
System.map-2.6.32-431.el6.x86_64
config-2.6.32-431.el6.x86_64
rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13)
symvers-2.6.32-431.el6.x86_64.gz
vmlinuz-2.6.32-431.el6.x86_64
efi/
efi/EFI/
efi/EFI/redhat/
efi/EFI/redhat/grub.efi
grub/
grub/device.map
grub/e2fs_stage1_5
grub/fat_stage1_5
grub/ffs_stage1_5
rsync: send_files failed to open "/grub/grub.conf" (in MOShen): Permission denied (13)
grub/iso9660_stage1_5
grub/jfs_stage1_5
grub/menu.lst -> ./grub.conf
grub/minix_stage1_5
grub/reiserfs_stage1_5
grub/splash.xpm.gz
grub/stage1
grub/stage2
grub/ufs2_stage1_5
grub/vstafs_stage1_5
grub/xfs_stage1_5
lost+found/
sent 486 bytes received 5059591 bytes 440006.70 bytes/sec
total size is 24888221 speedup is 4.92
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1505) [generator=3.0.6]
[root@duwen112 ~]#
这里有几行报错
/grub/grub.conf
/initramfs-2.6.32-431.el6.x86_64.img
/lost+found
由于在上实验1中已经给了/var/www/html/文件夹足够的acl权限
我们把duwen112上的/var/www/html 改成744权限
再次测试
[root@duwen112 ~]# rsync -avz [email protected]::MOShen /web_back/ Welcome to Backup Server Password: receiving incremental file list ./ System.map-2.6.32-431.el6.x86_64 config-2.6.32-431.el6.x86_64 initramfs-2.6.32-431.el6.x86_64.img symvers-2.6.32-431.el6.x86_64.gz vmlinuz-2.6.32-431.el6.x86_64 efi/ efi/EFI/ efi/EFI/redhat/ efi/EFI/redhat/grub.efi grub/ grub/device.map grub/e2fs_stage1_5 grub/fat_stage1_5 grub/ffs_stage1_5 grub/grub.conf grub/iso9660_stage1_5 grub/jfs_stage1_5 grub/menu.lst -> ./grub.conf grub/minix_stage1_5 grub/reiserfs_stage1_5 grub/splash.xpm.gz grub/stage1 grub/stage2 grub/ufs2_stage1_5 grub/vstafs_stage1_5 grub/xfs_stage1_5 lost+found/ sent 436 bytes received 22393077 bytes 1791481.04 bytes/sec total size is 24888221 speedup is 1.11 [root@duwen112 web_back]#
密码处理
新建一个文件保存好密码,然后在rsync命令中使用--password-file指定此文件即可
[root@duwen112 ~]# vim passfile [root@duwen112 ~]# cat passfile 111111 [root@duwen112 ~]# [root@duwen112 ~]# chmod 600 /root/passfile
先把web_back目录删掉
[root@duwen112 ~]# rm -rf /web_back/
自动密码测试
[root@duwen112 ~]# rsync -avz [email protected]::MOShen --password-file=/root/passfile /web_back/ Welcome to Backup Server receiving incremental file list created directory /web_back rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13) ./ System.map-2.6.32-431.el6.x86_64 config-2.6.32-431.el6.x86_64 rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13) symvers-2.6.32-431.el6.x86_64.gz vmlinuz-2.6.32-431.el6.x86_64 efi/ efi/EFI/ efi/EFI/redhat/ efi/EFI/redhat/grub.efi grub/ grub/device.map
有错误,跟上面一样的原因了,,,
实验3
脚本实现定时同步
这里有个脚本
[root@duwen112 ~]# vim /root/autobackup.sh [root@duwen112 ~]# cat /root/autobackup.sh #!/bin/bash rsync -avz [email protected]::MOShen --password-file=/root/passfile /web_back [root@duwen112 ~]#
先手动测试下脚本
[root@duwen112 ~]# rm -rf /web_back/* [root@duwen112 ~]# source autobackup.sh Welcome to Backup Server receiving incremental file list rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13) ./ System.map-2.6.32-431.el6.x86_64 config-2.6.32-431.el6.x86_64 rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13) symvers-2.6.32-431.el6.x86_64.gz vmlinuz-2.6.32-431.el6.x86_64 efi/ efi/EFI/ efi/EFI/redhat/ efi/EFI/redhat/grub.efi grub/ grub/device.map grub/e2fs_stage1_5 grub/fat_stage1_5 grub/ffs_stage1_5 rsync: send_files failed to open "/grub/grub.conf" (in MOShen): Permission denied (13) grub/iso9660_stage1_5 grub/jfs_stage1_5 grub/menu.lst -> ./grub.conf grub/minix_stage1_5 grub/reiserfs_stage1_5 grub/splash.xpm.gz grub/stage1 grub/stage2 grub/ufs2_stage1_5 grub/vstafs_stage1_5 grub/xfs_stage1_5 lost+found/ sent 486 bytes received 5059591 bytes 440006.70 bytes/sec total size is 24888221 speedup is 4.92 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1505) [generator=3.0.6] [root@duwen112 ~]# [root@duwen111 ~]# ll /var/www/html/grub/grub.conf -rw-rwx---+ 1 root root 787 9月 5 12:15 /var/www/html/grub/grub.conf [root@duwen111 ~]# getfacl /var/www/html/ getfacl: Removing leading '/' from absolute path names # file: var/www/html/ # owner: root # group: root user::rwx user:rget1:rwx user:rput1:rwx group::r-x mask::rwx other::r-x default:user::rwx default:user:rget1:rwx default:user:rput1:rwx default:group::r-x default:mask::rwx default:other::r-x
[root@duwen111 ~]# chmod +r /var/www/html/grub/grub.conf [root@duwen111 ~]# ll /var/www/html/grub/grub.conf -rw-rwxr--+ 1 root root 787 9月 5 12:15 /var/www/html/grub/grub.conf
再次测试
[root@duwen112 ~]# rm -rf /web_back/* [root@duwen112 ~]# source autobackup.sh Welcome to Backup Server receiving incremental file list rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13) ./ System.map-2.6.32-431.el6.x86_64 config-2.6.32-431.el6.x86_64 rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13) symvers-2.6.32-431.el6.x86_64.gz vmlinuz-2.6.32-431.el6.x86_64 efi/ efi/EFI/ efi/EFI/redhat/ efi/EFI/redhat/grub.efi grub/ grub/device.map grub/e2fs_stage1_5 grub/fat_stage1_5 grub/ffs_stage1_5 grub/grub.conf grub/iso9660_stage1_5 grub/jfs_stage1_5 grub/menu.lst -> ./grub.conf grub/minix_stage1_5 grub/reiserfs_stage1_5 grub/splash.xpm.gz grub/stage1 grub/stage2 grub/ufs2_stage1_5 grub/vstafs_stage1_5 grub/xfs_stage1_5 lost+found/ sent 486 bytes received 5060002 bytes 3373658.67 bytes/sec total size is 24888221 speedup is 4.92 rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1505) [generator=3.0.6] [root@duwen112 ~]#
同理,修改下列文件的权限
[root@duwen111 html]# chmod +r /var/www/html/initramfs-2.6.32-431.el6.x86_64.img [root@duwen111 ~]# chmod +r /var/www/html/lost+found/
再测试一次
[root@duwen112 ~]# rm -rf /web_back/* [root@duwen112 ~]# source autobackup.sh Welcome to Backup Server receiving incremental file list ./ System.map-2.6.32-431.el6.x86_64 config-2.6.32-431.el6.x86_64 initramfs-2.6.32-431.el6.x86_64.img symvers-2.6.32-431.el6.x86_64.gz vmlinuz-2.6.32-431.el6.x86_64 efi/ efi/EFI/ efi/EFI/redhat/ efi/EFI/redhat/grub.efi grub/ grub/device.map grub/e2fs_stage1_5 grub/fat_stage1_5 grub/ffs_stage1_5 grub/grub.conf grub/iso9660_stage1_5 grub/jfs_stage1_5 grub/menu.lst -> ./grub.conf grub/minix_stage1_5 grub/reiserfs_stage1_5 grub/splash.xpm.gz grub/stage1 grub/stage2 grub/ufs2_stage1_5 grub/vstafs_stage1_5 grub/xfs_stage1_5 lost+found/ sent 486 bytes received 22393158 bytes 6398184.00 bytes/sec total size is 24888221 speedup is 1.11 [root@duwen112 ~]#
可以看到成功了
加入任务计划
[root@duwen112 ~]# crontab -e [root@duwen112 ~]# crontab -l 11 23 * * * /bin/sh /root/autobackup.sh
重启crond服务器
[root@duwen112 ~]# killall crond [root@duwen112 ~]# ps aux | grep crond root 17902 0.0 0.1 103256 844 pts/0 S+ 22:09 0:00 grep crond [root@duwen112 ~]# /usr/sbin/crond [root@duwen112 ~]# ps aux | grep crond root 17961 0.0 0.2 117296 1244 ? Ss 22:09 0:00 /usr/sbin/crond root 17975 0.0 0.1 103256 844 pts/0 S+ 22:09 0:00 grep crond
结果
[root@duwen112 ~]# date 2016年 09月 05日 星期一 23:11:58 CST You have new mail in /var/spool/mail/root [root@duwen112 ~]# vim /var/spool/mail/root #先看下邮件,不过没有关系 [root@duwen112 ~]# ls /web_back/ config-2.6.32-431.el6.x86_64 initramfs-2.6.32-431.el6.x86_64.img System.map-2.6.32-431.el6.x86_64 efi lost+found vmlinuz-2.6.32-431.el6.x86_64 grub symvers-2.6.32-431.el6.x86_64.gz [root@duwen112 ~]#
实验4
rsync+inotify实时同步
上传inotify源码包
[root@duwen111 ~]# scp [email protected]:/Users/duwen/Downloads/inotify-tools-3.13.tar.gz /root The authenticity of host '10.211.55.2 (10.211.55.2)' can't be established. RSA key fingerprint is d6:3c:6e:2f:5d:46:c0:70:8b:a4:2f:40:d6:d5:3e:36. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.211.55.2' (RSA) to the list of known hosts. Password: inotify-tools-3.13.tar.gz 100% 380KB 380.3KB/s 00:00 [root@duwen111 ~]#
源码编译环境
[root@duwen111 ~]# yum -y install gcc* zlib* pcre*
查看内核支持inotify和调整
[root@duwen111 ~]# ls /proc/sys/fs/inotify/ max_queued_events max_user_instances max_user_watches
[root@duwen111 ~]# vim /etc/sysctl.conf
在最下面添加:
fs.inotify_max_queued_events = 32768
fs.inotify_max_user_instances = 1024
fs.inotify.max_user_watches = 90000000
安装inotify-tools
tar xf inotify-tools-3.13.tar.gz -C /usr/local/src/ cd /usr/local/src/inotify-tools-3.13/ ./configure --prefix=/usr/local/inotify-tools make ; make install cd ; ln -s /usr/local/inotify-tools/bin/* /usr/bin/
实现密钥访问
生成密钥文件
ssh-keygen
发布密钥
ssh-copy-id [email protected]
写好inotify监控脚本
[root@duwen111 ~]# cat inotify.sh #!/bin/bash SRC=/var/www/html [email protected]:/web_back inotifywait -mrq -e modify,delete,create,attrib ${SRC} | while read D E F do /usr/bin/rsync -avz --delete $SRC $DST done [root@duwen111 ~]#
把脚本/root/inotify.sh加入后台监控
[root@duwen111 ~]# chmod +x inotify.sh ; echo "sh /root/inotify.sh &" >> /etc/rc.local