rsync+inotify 远程同步
发起端master:192.168.2.100
接收端slave:192.168.2.101
发起端(master):
[root@mail named]#rpm -q httpd
httpd-2.2.15-29.el6.centos.x86_64
[root@mail named]#rpm -q rsync
rsync-3.0.6-9.el6_4.1.x86_64
[root@mail named]#vim /etc/rsyncd.conf
uid = nobody
gid = nobody
use chroot = yes
address = 192.16.2.100
port 873
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
hosts allow = 192.168.2.0/24
[wwwroot]
path =/var/www/html
comment = Documentroot
read only = yes
dont compress =*.gz*.bz2*.tgz*.zip*.rar*.z
auth users =backuper
secrets file =/etc/rsyncd_users.db
[root@mail named]#echo "backuper:123" > /etc/rsyncd_users.db
[root@mail named]#cat /etc/* |grep rsyncd_users.db
[root@mail named]#
[root@mail named]#chmod 600 /etc/rsyncd_users.db
[root@mail named]#cat /etc/rsyncd_users.db
backuper:123
[root@mail named]#rsync --daemon
[root@mail named]#netstat -anpt |grep 873
若是没有回显,则执行方法二:
[root@mail named]#vim /etc/xinetd.d/rsync
[root@mail named]#cat /etc/xinetd.d/rsync
# default: off
# description: Thersync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync
{
disable = no
flags =IPv6
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
[root@mail named]#yum -y install xinetd
[root@mail named]#service xinetd start
正在启动 xinetd: [确定]
[root@mail named]#netstat -anpt |grep xinetd
tcp 0 0 :::873 :::* LISTEN 62138/xinetd
[root@mail named]#
在主机测试
[root@mail run]# mkdir /aaa
[root@mail run]# mkdir /ccc
[root@mail run]# touch /aaa/test{1..5}
[root@mail run]# ls /aaa
test1 test2 test3 test4 test5
[root@mail run]# ls /ccc
[root@mail run]# rsync -r /aaa /ccc
[root@mail run]# ls /ccc
aaa
[root@mail run]# ls /aaa
test1 test2 test3 test4 test5
[root@mail run]# mkdir /bbb
[root@mail run]# rsync -r /aaa/ /bbb
[root@mail run]# ls /bbb
test1 test2 test3 test4 test5
[root@mail run]#
[root@mail run]# touch/var/www/html/file{1..5}
[root@mail run]# ls /var/www/html/
ad file1 file2 file3 file4 file5
接受端(slave):
[root@localhost ~]# mkdir/test
[root@localhost ~]# rsync [email protected]::wwwroot /test
Password:
@ERROR: auth failed on module wwwroot
rsync error: error starting client-serverprotocol (code 5) at main.c(1503) [receiver=3.0.6]
若出现报错,把发起端的密码改为pwd123
建议:密码设置在6位数以上,否则可能会报错,也有可能密码输入错误
[root@localhost ~]# rsync [email protected]::wwwroot /test
Password:
receiving incremental file list
./
file1
file2
file3
file4
file5
ad/
ad/index.html
sent 182 bytes received 482 bytes 120.73 bytes/sec
total size is 93 speedup is 0.14
[root@localhost ~]# ls /test
ad file1 file2 file3 file4 file5 test1 test2 test3
删除接收端有的文件,而发起端没有的文件
[root@localhost ~]# touch /test/abc{1..5}
[root@localhost ~]# ls /test/
abc1 abc3 abc5 file1 file3 file5 test2
abc2 abc4 ad file2 file4 test1 test3
[root@localhost ~]# rsync -avz --deletersync://[email protected]::wwwroot/test
ssh: Could not resolve hostname rsync: Nameor service not known
rsync: connection unexpectedly closed (0bytes received so far) [receiver]
rsync error: error in rsync protocol datastream (code 12) at io.c(600) [receiver=3.0.6]
[root@localhost ~]# rsync -avz --deletersync://[email protected]/wwwroot/test
Password:
receiving incremental file list
deleting abc5
deleting abc4
deleting abc3
deleting abc2
deleting abc1
./
sent 65 bytes received 241 bytes 68.00 bytes/sec
total size is 93 speedup is 0.30
[root@localhost ~]#
[root@localhost ~]# ls /test/
ad file1 file2 file3 file4 file5 test1 test2 test3
[root@localhost ~]#
rsync 原地的免交互处理
接收端:
[root@localhost ~]# touch /test/{a..g}
[root@localhost ~]# ls /test/
a b d f file2 file4 g test2
ad c e file1 file3 file5 test1 test3
[root@localhost ~]# echo "123456" >/etc/server.pass
[root@localhost ~]# chmod 600 /etc/server.pass
[root@localhost ~]# ll /etc/server.pass
-rw-------. 1 root root 7 4月 24 09:28 /etc/server.pass
[root@localhost ~]# /usr/bin/rsync -az --delete --password-file=/etc/server.pass [email protected]::wwwroot /test/
[root@localhost ~]# ls /test/
ad file1 file2 file3 file4 file5 test1 test2 test3
--password-file 密码文件
设置定时任务
[root@localhost ~]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
[root@localhost ~]# /etc/init.d/crond status
crond (pid 1559) 正在运行...
[root@localhost ~]# chkconfig --list crond
crond 0:关闭1:关闭 2:启用 3:启用 4:启用5:启用 6:关闭
[root@localhost ~]# crontab –l (修改内容)
30 08 * * * /usr/bin/rsync –az –delete –password-file=/etc/[email protected]::wwwroot /test/
rsync+inotify 实时同步
优点:同步源发生变化,立即启动备份,同步更新
缺点:如果同步源发生错误变化,那么导致的是由点到面的连锁性破坏,
产生后果影响自然就严重的多了。
发起端:
[root@mail html]# chown nobody:nobody /var/www/html/
[root@mail html]# sed -i '/read only/ s/yes/no/'/etc/rsyncd.conf
[root@mail html]# cat /etc/rsyncd.conf
uid = nobody
gid = nobody
use chroot = yes
address = 192.16.2.100
port 873
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
hosts allow = 192.168.2.0/24
[wwwroot]
path =/var/www/html
comment = Documentroot
read only = no
dont compress =*.gz*.bz2*.tgz*.zip*.rar*.z
auth users =backuper
secrets file =/etc/rsyncd_users.db
[root@mail html]# service xinetd restart
停止 xinetd: [确定]
正在启动 xinetd: [确定]
[root@mail html]# netstat -anpt |grep 873
tcp 0 0 :::873 :::* LISTEN 62485/xinetd
[root@mail html]#
[root@mail html]# vim /etc/sysctl.conf
[root@mail html]# sysctl -p
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
error: "net.bridge.bridge-nf-call-ip6tables" is anunknown key
error: "net.bridge.bridge-nf-call-iptables" is anunknown key
error: "net.bridge.bridge-nf-call-arptables" is anunknown key
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
fs.inotify.max_queued_events= 16384
fs.inotify.max_user_instances= 1024
fs.inotify.max_user_watches= 104576
安装inotify-tools
接收端:
[root@localhost ~]# tar xf inotify-tools-3.14.tar.gz -C /usr/src
[root@localhost ~]# cd /usr/src/inotify-tools-3.14/
[root@localhost inotify-tools-3.14]# ls
aclocal.m4 config.h.in COPYING libinotifytools man src
AUTHORS config.sub depcomp ltmain.sh missing
ChangeLog configure INSTALL Makefile.am NEWS
config.guess configure.ac install-sh Makefile.in README
[root@localhost inotify-tools-3.14]# ./configure &&make&&make install
(监控端,另开一个shell端口)
[root@localhost ~]# cd /var/www/html
[root@localhost html]# touch index.php
[root@localhost html]# echo "abc123">/var/www/html/index.html
[root@localhost html]# touch /var/www/html/a.txt
[root@localhost html]# mv /var/www/html/a.txt /var/www/html/c.txt
[root@localhost html]# rm -f /var/www/html/c.txt
则监控端:
[root@localhost html]# inotifywait -mrq -emodify,create,move,delete /var/www/html
/var/www/html/CREATE index.php端:
/var/www/html/CREATE index.html
/var/www/html/MODIFY index.html
/var/www/html/MODIFY index.html
/var/www/html/MODIFY index.html
/var/www/html/CREATE a.txt
/var/www/html/MOVED_FROM a.txt
/var/www/html/MOVED_TO c.txt
/var/www/html/DELETE c.txt
编写触发是同步脚本:
[root@localhost html]# vim /opt/inotify.sh
[root@localhost html]# chmod +x /opt/inotify.sh
[root@localhost html]# echo "/opt/inotify.sh">>/etc/rc.local
[root@localhost html]# cat /opt/inotify.sh
#!/bin/bash
INOTIFY_CMD="/usr/local/bin/inotifywait -mrq -emodify,create,attrib,move,delete/var/www/html/"
RSYNC_CMD="/usr/bin/rsync -azH --delete--password-file=/etc/server.pass /var/www/html/[email protected]::wwwroot"
$INOTIFY_CMD |while read DIRECTORY EVENT FILE
do
if [ $(rsync |wc -l)-le 0 ]; then
$RSYNC_CMD
fi
done
[root@localhost html]#
测试:
nohup 可以保证当前执行的用户退出当前系统后,当前程序不停止,仍可以执行后台程序
& 指将当前程序的行程 调入后台运行
接受端:
在/var/www/html/下 ,增添删改,看看发起端的/var/www/html/下是否直接发生同步变化
[root@localhost html]# nohup /bin/bash /opt/inotify.sh &
[1] 48271
[root@localhost html]# nohup: 忽略输入并把输出追加到"nohup.out"
[1]+ Done nohup /bin/bash/opt/inotify.sh
[root@localhost html]# ls
index.html index.php nohup.out
[root@localhost html]# touch aa{1..3}
[root@localhost html]# ls
aa1 aa2 aa3 index.html index.php nohup.out
方法2:
将backuper 系统用户改为自建的用户rput;密码不变 (发起端)
交互式的过程密码:用密钥对来代替 (客户端)
保留私钥,公钥给其他用户
发起端:
[root@mail ~]# useradd rput
[root@mail ~]# passwd rput
更改用户 rput 的密码 。
新的 密码:
无效的密码: 过于简单化/系统化
无效的密码: 过于简单
重新输入新的 密码:
passwd: 所有的身份验证令牌已经成功更新。
[root@mail ~]# ls -ld /var/www/html
drwxr-xr-x 2 nobody nobody 4096 6月 11 01:20 /var/www/html
[root@mail ~]# chown -R rput:rput /var/www/html
[root@mail ~]# cat /etc/rsyncd.conf
uid = nobody
gid = nobody
use chroot = yes
address = 192.16.2.100
port 873
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
hosts allow = 192.168.2.0/24
[wwwroot]
path =/var/www/html
comment = Documentroot
dont compress =*.gz*.bz2*.tgz*.zip*.rar*.z
# auth users = backuper
# secrets file = /etc/rsyncd_users.db
接收端:
[root@localhost html]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
98:e5:f6:78:41:dc:10:7d:ea:68:e9:d9:82:a3:43:[email protected]
The key's randomart p_w_picpath is:
+--[ RSA 2048]----+
| oo |
| . o. . |
| . o .o |
| E = . . |
| oo S .+ |
| .. o+.. |
| . .+oo |
| . o.+ . |
| .o . . |
+-----------------+
[root@localhost html]# ls -a /root/.ssh
. .. id_rsa id_rsa.pub known_hosts
[root@localhost .ssh]# ssh-copy-id [email protected]
[email protected]'s password:
Now try logging into the machine, with "ssh'[email protected]'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren'texpecting.
[root@localhost .ssh]#
[root@localhost .ssh]# rsync -azH --delete /var/www/[email protected]:/var/www/html
[root@localhost .ssh]# cd /var/www/html/
[root@localhost html]# bash-x /opt/inotify.sh
再开一个shell终端
[root@localhost ~]# cd/var/www/html/
[root@localhost html]# ls
file test
[root@localhost html]# rm -ftest
[root@localhost html]# rm-rf *
[root@localhost html]# echo"1213
" >index.html
[root@localhost html]# ls
index.html
[root@localhost html]#
发起端/var/www/html/下是否有同步:
[root@mail html]# ls
index.html
[root@mail html
注意:必须在客户端执行/opt/inotify.sh脚本后,才会同步。
root@localhost ~]# cd/var/www/html/
[root@localhost html]# ls
file test
[root@localhost html]# rm -ftest
[root@localhost html]# rm-rf *
[root@localhost html]# echo"1213
" >index.html
[root@localhost html]# ls
index.html
[root@localhost html]#
发起端/var/www/html/下是否有同步:
[root@mail html]# ls
index.html
[root@mail html
注意:必须在客户端执行/opt/inotify.sh脚本后,才会同步。