准备

selinux、iptables关闭

duwen111的配置

[root@duwen111 ~]# cat /etc/xinetd.d/rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#allows crc checksumming etc.
service rsync
{
disable= no            #这里改成no了
flags= IPv6
socket_type     = stream
wait            = no
user            = root
server          = /usr/bin/rsync
server_args     = --daemon
log_on_failure  += USERID
}

 

[root@duwen111 xinetd.d]# /etc/init.d/xinetd start
正在启动 xinetd:                                          [确定]
[root@duwen111 xinetd.d]# netstat -anptu | grep 873
tcp        0      0 :::873                      :::*                        LISTEN      17151/xinetd        
[root@duwen111 xinetd.d]#


准备好测试数据


服务端duwen111

[root@duwen111 html]# ls
config-2.6.32-431.el6.x86_64  initramfs-2.6.32-431.el6.x86_64.img  System.map-2.6.32-431.el6.x86_64
efi                           lost+found                           vmlinuz-2.6.32-431.el6.x86_64
grub                          symvers-2.6.32-431.el6.x86_64.gz
[root@duwen111 html]# pwd
/var/www/html
[root@duwen111 html]#


客户端duwen112

[root@duwen112 ~]# mkdir /web_back
[root@duwen112 ~]# cd /web_back/
[root@duwen112 web_back]# ls
[root@duwen112 web_back]#

实验1


使用rsync备份数据

[root@duwen111 ~]# useradd rget1  
[root@duwen111 ~]# useradd rput1  
[root@duwen111 ~]# echo rget1:123456 | chpasswd
[root@duwen111 ~]# echo rput1:123456 | chpasswd
[root@duwen111 ~]# setfacl -R -m user:rput1:rwx /var/www/html/
[root@duwen111 ~]# setfacl -R -m default:user:rput1:rwx /var/www/html/
[root@duwen111 ~]# setfacl -R -m user:rget1:rwx /var/www/html/
[root@duwen111 ~]# setfacl -R -m default:rget1:rwx /var/www/html/

来看看效果

[root@duwen111 ~]# getfacl  /var/www/html
getfacl: Removing leading '/' from absolute path names
# file: var/www/html
# owner: root
# group: root
user::rwx
user:rget1:rwx
user:rput1:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:rget1:rwx
default:user:rput1:rwx
default:group::r-x
default:mask::rwx
default:other::r-x
[root@duwen111 ~]#


开始干活

[root@duwen112 web_back]# rsync -avz --delete [email protected]:/var/www/html/ /web_back
The authenticity of host '10.211.55.11 (10.211.55.11)' can't be established.
RSA key fingerprint is 40:e1:ad:c0:9a:b6:fc:e7:d9:6d:c3:0e:f4:4d:3a:49.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.211.55.11' (RSA) to the list of known hosts.
[email protected]'s password: 
Permission denied, please try again.
[email protected]'s password: 
receiving incremental file list
./
System.map-2.6.32-431.el6.x86_64
config-2.6.32-431.el6.x86_64
initramfs-2.6.32-431.el6.x86_64.img
symvers-2.6.32-431.el6.x86_64.gz
vmlinuz-2.6.32-431.el6.x86_64
efi/
efi/EFI/
efi/EFI/redhat/
efi/EFI/redhat/grub.efi
grub/
grub/device.map
grub/e2fs_stage1_5
grub/fat_stage1_5
grub/ffs_stage1_5
grub/grub.conf
grub/iso9660_stage1_5
grub/jfs_stage1_5
grub/menu.lst -> ./grub.conf
grub/minix_stage1_5
grub/reiserfs_stage1_5
grub/splash.xpm.gz
grub/stage1
grub/stage2
grub/ufs2_stage1_5
grub/vstafs_stage1_5
grub/xfs_stage1_5
lost+found/
sent 436 bytes  received 22393077 bytes  1791481.04 bytes/sec
total size is 24888221  speedup is 1.11
[root@duwen112 web_back]#



实验2

rsync非系统用户备份数据


使用系统配置文件/etc/rsyncd.conf来备份数据,创建备份账户,最后把rsync以deamon方式运行

[root@duwen111 ~]# cat /etc/rsyncd.conf
uid = nobody
gid = nobody
address =10.211.55.11
port =873
hosts allow =10.211.55.12
use chroot = yes
max connections = 5
pid file =/var/run/rsyncd.pid
lock file =/var/run/rsync.lock
log file =/var/log/rsyncd.log
motd file =/etc/rsyncd.motd
[MOShen]
path =/var/www/html
comment = used for web_back root
read only = yes
list = yes
auth users = rsyncuser
secrets file =/etc/rsync.passwd
[root@duwen111 ~]#


创建提示文件和用户密码

[root@duwen111 ~]# echo "Welcome to Backup Server" > /etc/rsyncd.motd
[root@duwen111 ~]# vim /etc/rsync.passwd
[root@duwen111 ~]# cat /etc/rsync.passwd
rsyncuser:111111
[root@duwen111 ~]# chmod 600 /etc/rsync.passwd
[root@duwen111 ~]#

启动服务

rsync --daemon —config=/etc/rsyncd.conf
[root@duwen111 ~]# netstat -antup | grep :873
tcp        0      0 :::873                      :::*                        LISTEN      17151/xinetd        
[root@duwen111 ~]# chkconfig xinetd on


测试下

rsync语法:   rsync 选项 用户名@备份源服务器IP::共享模块名 目标目录

[root@duwen112 ~]# rsync -avz [email protected]::MOShen /web_back/

执行后的屏幕输出,要输入密码:

Welcome to Backup Server


Password: 

receiving incremental file list

rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13)

./

System.map-2.6.32-431.el6.x86_64

config-2.6.32-431.el6.x86_64

rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13)

symvers-2.6.32-431.el6.x86_64.gz

vmlinuz-2.6.32-431.el6.x86_64

efi/

efi/EFI/

efi/EFI/redhat/

efi/EFI/redhat/grub.efi

grub/

grub/device.map

grub/e2fs_stage1_5

grub/fat_stage1_5

grub/ffs_stage1_5

rsync: send_files failed to open "/grub/grub.conf" (in MOShen): Permission denied (13)

grub/iso9660_stage1_5

grub/jfs_stage1_5

grub/menu.lst -> ./grub.conf

grub/minix_stage1_5

grub/reiserfs_stage1_5

grub/splash.xpm.gz

grub/stage1

grub/stage2

grub/ufs2_stage1_5

grub/vstafs_stage1_5

grub/xfs_stage1_5

lost+found/


sent 486 bytes  received 5059591 bytes  440006.70 bytes/sec

total size is 24888221  speedup is 4.92

rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1505) [generator=3.0.6]

[root@duwen112 ~]# 


这里有几行报错

/grub/grub.conf

/initramfs-2.6.32-431.el6.x86_64.img

/lost+found


由于在上实验1中已经给了/var/www/html/文件夹足够的acl权限

我们把duwen112上的/var/www/html 改成744权限


再次测试

[root@duwen112 ~]# rsync -avz [email protected]::MOShen /web_back/
Welcome to Backup Server
Password: 
receiving incremental file list
./
System.map-2.6.32-431.el6.x86_64
config-2.6.32-431.el6.x86_64
initramfs-2.6.32-431.el6.x86_64.img
symvers-2.6.32-431.el6.x86_64.gz
vmlinuz-2.6.32-431.el6.x86_64
efi/
efi/EFI/
efi/EFI/redhat/
efi/EFI/redhat/grub.efi
grub/
grub/device.map
grub/e2fs_stage1_5
grub/fat_stage1_5
grub/ffs_stage1_5
grub/grub.conf
grub/iso9660_stage1_5
grub/jfs_stage1_5
grub/menu.lst -> ./grub.conf
grub/minix_stage1_5
grub/reiserfs_stage1_5
grub/splash.xpm.gz
grub/stage1
grub/stage2
grub/ufs2_stage1_5
grub/vstafs_stage1_5
grub/xfs_stage1_5
lost+found/
sent 436 bytes  received 22393077 bytes  1791481.04 bytes/sec
total size is 24888221  speedup is 1.11
[root@duwen112 web_back]#




密码处理

新建一个文件保存好密码,然后在rsync命令中使用--password-file指定此文件即可

[root@duwen112 ~]# vim passfile
[root@duwen112 ~]# cat passfile
111111
[root@duwen112 ~]# 
[root@duwen112 ~]# chmod 600 /root/passfile

先把web_back目录删掉

[root@duwen112 ~]# rm -rf /web_back/


自动密码测试

[root@duwen112 ~]# rsync -avz [email protected]::MOShen --password-file=/root/passfile /web_back/
Welcome to Backup Server
receiving incremental file list
created directory /web_back
rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13)
./
System.map-2.6.32-431.el6.x86_64
config-2.6.32-431.el6.x86_64
rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13)
symvers-2.6.32-431.el6.x86_64.gz
vmlinuz-2.6.32-431.el6.x86_64
efi/
efi/EFI/
efi/EFI/redhat/
efi/EFI/redhat/grub.efi
grub/
grub/device.map

有错误,跟上面一样的原因了,,,


实验3

脚本实现定时同步

这里有个脚本

[root@duwen112 ~]# vim /root/autobackup.sh
[root@duwen112 ~]# cat /root/autobackup.sh
#!/bin/bash
rsync -avz [email protected]::MOShen --password-file=/root/passfile /web_back
[root@duwen112 ~]#


先手动测试下脚本

[root@duwen112 ~]# rm -rf /web_back/*
[root@duwen112 ~]# source autobackup.sh 
Welcome to Backup Server
receiving incremental file list
rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13)
./
System.map-2.6.32-431.el6.x86_64
config-2.6.32-431.el6.x86_64
rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13)
symvers-2.6.32-431.el6.x86_64.gz
vmlinuz-2.6.32-431.el6.x86_64
efi/
efi/EFI/
efi/EFI/redhat/
efi/EFI/redhat/grub.efi
grub/
grub/device.map
grub/e2fs_stage1_5
grub/fat_stage1_5
grub/ffs_stage1_5
rsync: send_files failed to open "/grub/grub.conf" (in MOShen): Permission denied (13)
grub/iso9660_stage1_5
grub/jfs_stage1_5
grub/menu.lst -> ./grub.conf
grub/minix_stage1_5
grub/reiserfs_stage1_5
grub/splash.xpm.gz
grub/stage1
grub/stage2
grub/ufs2_stage1_5
grub/vstafs_stage1_5
grub/xfs_stage1_5
lost+found/
sent 486 bytes  received 5059591 bytes  440006.70 bytes/sec
total size is 24888221  speedup is 4.92
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1505) [generator=3.0.6]
[root@duwen112 ~]# 
[root@duwen111 ~]# ll /var/www/html/grub/grub.conf
-rw-rwx---+ 1 root root 787 9月   5 12:15 /var/www/html/grub/grub.conf
[root@duwen111 ~]# getfacl /var/www/html/
getfacl: Removing leading '/' from absolute path names
# file: var/www/html/
# owner: root
# group: root
user::rwx
user:rget1:rwx
user:rput1:rwx
group::r-x
mask::rwx
other::r-x
default:user::rwx
default:user:rget1:rwx
default:user:rput1:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

 

[root@duwen111 ~]# chmod +r /var/www/html/grub/grub.conf
[root@duwen111 ~]# ll /var/www/html/grub/grub.conf
-rw-rwxr--+ 1 root root 787 9月   5 12:15 /var/www/html/grub/grub.conf



再次测试

[root@duwen112 ~]# rm -rf /web_back/*
[root@duwen112 ~]# source autobackup.sh 
Welcome to Backup Server
receiving incremental file list
rsync: opendir "/lost+found" (in MOShen) failed: Permission denied (13)
./
System.map-2.6.32-431.el6.x86_64
config-2.6.32-431.el6.x86_64
rsync: send_files failed to open "/initramfs-2.6.32-431.el6.x86_64.img" (in MOShen): Permission denied (13)
symvers-2.6.32-431.el6.x86_64.gz
vmlinuz-2.6.32-431.el6.x86_64
efi/
efi/EFI/
efi/EFI/redhat/
efi/EFI/redhat/grub.efi
grub/
grub/device.map
grub/e2fs_stage1_5
grub/fat_stage1_5
grub/ffs_stage1_5
grub/grub.conf
grub/iso9660_stage1_5
grub/jfs_stage1_5
grub/menu.lst -> ./grub.conf
grub/minix_stage1_5
grub/reiserfs_stage1_5
grub/splash.xpm.gz
grub/stage1
grub/stage2
grub/ufs2_stage1_5
grub/vstafs_stage1_5
grub/xfs_stage1_5
lost+found/
sent 486 bytes  received 5060002 bytes  3373658.67 bytes/sec
total size is 24888221  speedup is 4.92
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1505) [generator=3.0.6]
[root@duwen112 ~]#

同理,修改下列文件的权限

[root@duwen111 html]# chmod +r /var/www/html/initramfs-2.6.32-431.el6.x86_64.img
[root@duwen111 ~]# chmod +r /var/www/html/lost+found/


再测试一次

[root@duwen112 ~]# rm -rf /web_back/*
[root@duwen112 ~]# source autobackup.sh 
Welcome to Backup Server
receiving incremental file list
./
System.map-2.6.32-431.el6.x86_64
config-2.6.32-431.el6.x86_64
initramfs-2.6.32-431.el6.x86_64.img
symvers-2.6.32-431.el6.x86_64.gz
vmlinuz-2.6.32-431.el6.x86_64
efi/
efi/EFI/
efi/EFI/redhat/
efi/EFI/redhat/grub.efi
grub/
grub/device.map
grub/e2fs_stage1_5
grub/fat_stage1_5
grub/ffs_stage1_5
grub/grub.conf
grub/iso9660_stage1_5
grub/jfs_stage1_5
grub/menu.lst -> ./grub.conf
grub/minix_stage1_5
grub/reiserfs_stage1_5
grub/splash.xpm.gz
grub/stage1
grub/stage2
grub/ufs2_stage1_5
grub/vstafs_stage1_5
grub/xfs_stage1_5
lost+found/
sent 486 bytes  received 22393158 bytes  6398184.00 bytes/sec
total size is 24888221  speedup is 1.11
[root@duwen112 ~]#

可以看到成功了


加入任务计划

[root@duwen112 ~]# crontab -e
[root@duwen112 ~]# crontab -l
11 23 * * * /bin/sh /root/autobackup.sh


重启crond服务器

[root@duwen112 ~]# killall crond 
[root@duwen112 ~]# ps aux | grep crond
root     17902  0.0  0.1 103256   844 pts/0    S+   22:09   0:00 grep crond
[root@duwen112 ~]# /usr/sbin/crond
[root@duwen112 ~]# ps aux | grep crond
root     17961  0.0  0.2 117296  1244 ?        Ss   22:09   0:00 /usr/sbin/crond
root     17975  0.0  0.1 103256   844 pts/0    S+   22:09   0:00 grep crond

 

结果

[root@duwen112 ~]# date
2016年 09月 05日 星期一 23:11:58 CST
You have new mail in /var/spool/mail/root
[root@duwen112 ~]# vim /var/spool/mail/root #先看下邮件,不过没有关系
[root@duwen112 ~]# ls /web_back/
config-2.6.32-431.el6.x86_64  initramfs-2.6.32-431.el6.x86_64.img  System.map-2.6.32-431.el6.x86_64
efi                           lost+found                           vmlinuz-2.6.32-431.el6.x86_64
grub                          symvers-2.6.32-431.el6.x86_64.gz
[root@duwen112 ~]#


实验4

rsync+inotify实时同步


上传inotify源码包

[root@duwen111 ~]# scp [email protected]:/Users/duwen/Downloads/inotify-tools-3.13.tar.gz /root
The authenticity of host '10.211.55.2 (10.211.55.2)' can't be established.
RSA key fingerprint is d6:3c:6e:2f:5d:46:c0:70:8b:a4:2f:40:d6:d5:3e:36.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.211.55.2' (RSA) to the list of known hosts.
Password:
inotify-tools-3.13.tar.gz                                                                   100%  380KB 380.3KB/s   00:00    
[root@duwen111 ~]#


源码编译环境

[root@duwen111 ~]# yum -y install gcc* zlib* pcre*


查看内核支持inotify和调整

[root@duwen111 ~]# ls /proc/sys/fs/inotify/ 
max_queued_events  max_user_instances  max_user_watches


[root@duwen111 ~]# vim /etc/sysctl.conf

在最下面添加:


fs.inotify_max_queued_events = 32768

fs.inotify_max_user_instances = 1024

fs.inotify.max_user_watches = 90000000


安装inotify-tools

tar xf inotify-tools-3.13.tar.gz -C /usr/local/src/
cd /usr/local/src/inotify-tools-3.13/
./configure --prefix=/usr/local/inotify-tools
make ; make install
cd ; ln -s /usr/local/inotify-tools/bin/* /usr/bin/

 


实现密钥访问

生成密钥文件

ssh-keygen

发布密钥

ssh-copy-id [email protected]


写好inotify监控脚本

[root@duwen111 ~]# cat inotify.sh
#!/bin/bash
SRC=/var/www/html
[email protected]:/web_back
inotifywait -mrq -e modify,delete,create,attrib ${SRC} | while read D E F
do 
/usr/bin/rsync -avz --delete $SRC $DST
done
[root@duwen111 ~]#



把脚本/root/inotify.sh加入后台监控

[root@duwen111 ~]# chmod +x inotify.sh ; echo "sh /root/inotify.sh &" >> /etc/rc.local