rsync
文章目录
1. rsync简介
rsync
是linux
系统下的数据镜像备份工具。使用快速增量备份工具Remote Sync
可以远程同步,支持本地复制,或者与其他SSH
、rsync
主机同步。
2. rsync特性
rsync
支持很多特性:
- 可以镜像保存整个目录树和文件系统
- 可以很容易做到保持原来文件的权限、时间、软硬链接等等
- 无须特殊权限即可安装
- 快速:第一次同步时
rsync
会复制全部内容,但在下一次只传输修改过的文件。rsync
在传输数据的过程中可以实行压缩及解压缩操作,因此可以使用更少的带宽 - 安全:可以使用
scp
、ssh
等方式来传输文件,当然也可以通过直接的socket
连接 - 支持匿名传输,以方便进行网站镜像
3. rsync的ssh认证协议
rsync
命令来同步系统文件之前要先登录remote
主机认证,认证过程中用到的协议有2种:
ssh
协议rsync
协议
rsync server`端不用启动`rsync`的`daemon`进程,只要获取`remote host`的用户名和密码就可以直接`rsync`同步文件 `rsync server`端因为不用启动`daemon`进程,所以也不用配置文件`/etc/rsyncd.conf
ssh
认证协议跟scp
的原理是一样的,如果在同步过程中不想输入密码就用ssh-keygen -t rsa
打通通道
//这种方式默认是省略了 -e ssh 的,与下面等价:
rsync -avz /SRC -e ssh root@172.16.12.129:/DEST
-a //文件宿主变化,时间戳不变
-z //压缩数据传输
//当遇到要修改端口的时候,我们可以:
rsync -avz /SRC -e "ssh -p2222" root@172.16.12.129:/DEST
//修改了ssh 协议的端口,默认是22
4. rsync部署
1.环境配置
//源主机:192.168.116.146
//目标主机:192.168.116.147
2.修改主机名
[root@localhost ~]# hostnamectl set-hostname src
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@src ~]#
[root@localhost ~]# hostnamectl set-hostname dest
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@dest ~]#
3.关闭防火墙
[root@src ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@src ~]# vim /etc/selinux/config
SELINUX=disabled
[root@src ~]# setenforce 0
[root@dest ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@dest ~]# vim /etc/selinux/config
SELINUX=disabled
[root@dest ~]# setenforce 0
4.版本
[root@src ~]# cat /etc/os-release
PRETTY_NAME="UOS Server 20"
NAME="UOS Server 20"
VERSION_ID="20"
VERSION="20"
ID=uos
HOME_URL="https://www.chinauos.com/"
BUG_REPORT_URL="https://bbs.chinauos.com/"
VERSION_CODENAME=kongzi
PLATFORM_ID="platform:uelc20"
[root@dest ~]# cat /etc/os-release
PRETTY_NAME="UOS Server 20"
NAME="UOS Server 20"
VERSION_ID="20"
VERSION="20"
ID=uos
HOME_URL="https://www.chinauos.com/"
BUG_REPORT_URL="https://bbs.chinauos.com/"
VERSION_CODENAME=kongzi
PLATFORM_ID="platform:uelc20"
5.安装rsync
[root@src ~]# yum -y install rsync
完毕!
[root@dest ~]# yum -y install rsync
完毕!
6.同步资源
//同步文件
[root@dest ~]# ls /tmp
qtsingleapp-uosdev-2dc4-0-lockfile systemd-private-4e54a31f722d460b928dcadf1e9821b9-chronyd.service-eVTFex
qtsingleapp-uoslic-e6e4-0 systemd-private-4e54a31f722d460b928dcadf1e9821b9-systemd-logind.service-s1htvL
qtsingleapp-uoslic-e6e4-0-lockfile
[root@src ~]# rsync -avz anaconda-ks.cfg root@192.168.116.147:/tmp
The authenticity of host '192.168.116.147 (192.168.116.147)' can't be established.
ECDSA key fingerprint is SHA256:NmTmj8AZttR+QqiPin3+KkuKagCElpgZ5IXN6TU25oc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '192.168.116.147' (ECDSA) to the list of known hosts.
UOS Server 20 1060a
root@192.168.116.147's password:
sending incremental file list
anaconda-ks.cfg
sent 769 bytes received 35 bytes 55.45 bytes/sec
total size is 1,237 speedup is 1.54
[root@dest ~]# ls /tmp
anaconda-ks.cfg qtsingleapp-uoslic-e6e4-0 systemd-private-4e54a31f722d460b928dcadf1e9821b9-chronyd.service-eVTFex
qtsingleapp-uosdev-2dc4-0-lockfile qtsingleapp-uoslic-e6e4-0-lockfile systemd-private-4e54a31f722d460b928dcadf1e9821b9-systemd-logind.service-s1htvL
//同步目录
[root@src ~]# mkdir /root/runtime
[root@src ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg runtime
[root@src ~]# cd runtime
[root@src runtime]# touch 123.txt
[root@src runtime]# ls
123.txt
[root@dest ~]# mkdir /root/hl
[root@dest ~]# ls
anaconda-ks.cfg hl initial-setup-ks.cfg
[root@dest ~]# ls hl
[root@src ~]# rsync -avz /root/runtime root@192.168.116.147:/root/hl
UOS Server 20 1060a
root@192.168.116.147's password:
sending incremental file list
runtime/
runtime/123.txt
sent 121 bytes received 39 bytes 21.33 bytes/sec
total size is 0 speedup is 0.00
[root@dest ~]# ls hl
runtime
[root@dest ~]# tree hl
hl
└── runtime
└── 123.txt
1 directory, 1 file
7.备份
//备份目录
[root@src ~]# rsync -avz runtime abc
sending incremental file list
created directory abc
runtime/
runtime/123.txt
sent 121 bytes received 65 bytes 372.00 bytes/sec
total size is 0 speedup is 0.00
[root@src ~]# ls
abc anaconda-ks.cfg initial-setup-ks.cfg runtime
[root@src ~]# ll -ih
总用量 12K
1419921 drwxr-xr-x 3 root root 21 12月 14 14:34 abc
67771613 -rw------- 1 root root 1.3K 12月 14 12:58 anaconda-ks.cfg
67771628 -rw------- 1 root root 5.5K 12月 14 13:16 initial-setup-ks.cfg
101572737 drwxr-xr-x 2 root root 21 12月 14 14:26 runtime
//备份文件
[root@src ~]# rsync -avz anaconda-ks.cfg 123.txt
sending incremental file list
anaconda-ks.cfg
sent 769 bytes received 35 bytes 1,608.00 bytes/sec
total size is 1,237 speedup is 1.54
[root@src ~]# ll -ih
总用量 16K
67149098 -rw------- 1 root root 1.3K 12月 14 12:58 123.txt
1419921 drwxr-xr-x 3 root root 21 12月 14 14:34 abc
67771613 -rw------- 1 root root 1.3K 12月 14 12:58 anaconda-ks.cfg
67771628 -rw------- 1 root root 5.5K 12月 14 13:16 initial-setup-ks.cfg
101572737 drwxr-xr-x 2 root root 21 12月 14 14:26 runtime
8.同步删除资源
[root@src ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg runtime
[root@src ~]# ls runtime
123.txt
[root@dest ~]# ls
anaconda-ks.cfg hl initial-setup-ks.cfg
[root@dest ~]# tree hl
hl
└── runtime
└── 123.txt
1 directory, 1 file
[root@src ~]# rm -rf /root/runtime/123.txt
[root@src ~]# ls runtime
[root@src ~]# rsync -avz --delete /root/runtime root@192.168.116.147:/root/hl
UOS Server 20 1060a
root@192.168.116.147's password:
sending incremental file list
deleting runtime/123.txt
runtime/
sent 61 bytes received 39 bytes 13.33 bytes/sec
total size is 0 speedup is 0.00
[root@dest ~]# tree hl
hl
└── runtime
1 directory, 0 files
//更改资源同步
[root@src ~]# ls
anaconda-ks.cfg initial-setup-ks.cfg runtime
[root@src ~]# cd runtime
[root@src runtime]# touch 123 456 789
[root@src runtime]# ls
123 456 789
[root@src runtime]# cd
[root@src ~]# rsync -avz /root/runtime root@192.168.116.147:/root/hl
UOS Server 20 1060a
root@192.168.116.147's password:
sending incremental file list
runtime/
runtime/123
runtime/456
runtime/789
sent 219 bytes received 77 bytes 45.54 bytes/sec
total size is 0 speedup is 0.00
[root@dest ~]# tree hl
hl
└── runtime
├── 123
├── 456
└── 789
1 directory, 3 files
9.免密登入传输
[root@src ~]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa
Your public key has been saved in /root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:CiVd9ysra2OrDrzavQvRp+1DrzWIK0S4YL9V1orQBBM root@src
The key's randomart image is:
+---[RSA 3072]----+
| Eo . . |
| .o . . . |
| .+ o . . |
|.....= o . . |
|...o+ = S . . |
| .o.= B.. o |
| .* +.+.+ |
| o.= o=+.. |
| ..ooB*== |
+----[SHA256]-----+
[root@src ~]# ssh-copy-id root@192.168.116.147
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
UOS Server 20 1060a
root@192.168.116.147's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.116.147'"
and check to make sure that only the key(s) you wanted were added.
[root@src ~]# ls .ssh
id_rsa id_rsa.pub known_hosts
[root@src ~]# cd /runtime
[root@src runtime]# ls
test
[root@src runtime]# mkdir test2
[root@src runtime]# ls
test test2
[root@src ~]# rsync -avz /root/runtime root@192.168.116.147:/root/hl
UOS Server 20 1060a
sending incremental file list
sent 78 bytes received 17 bytes 190.00 bytes/sec
total size is 0 speedup is 0.00
[root@dest ~]# ls /hl
runtime test
[root@dest ~]# ls /hl/runtime
test test2
5. rsync+inotify
rsync
与传统的cp
、tar
备份方式相比,rsync
具有安全性高、备份迅速、支持增量备份等优点,通过rsync
可以解决对实时性要求不高的数据备份需求,例如定期的备份文件服务器数据到远端服务器,对本地磁盘定期做数据镜像等。
随着应用系统规模的不断扩大,对数据的安全性和可靠性也提出的更好的要求,rsync
在高端业务系统中也逐渐暴露出了很多不足,首先,rsync
同步数据时,需要扫描所有文件后进行比对,进行差量传输。如果文件数量达到了百万甚至千万量级,扫描所有文件将是非常耗时的。而且正在发生变化的往往是其中很少的一部分,这是非常低效的方式。其次,rsync
不能实时的去监测、同步数据,虽然它可以通过linux
守护进程的方式进行触发同步,但是两次触发动作一定会有时间差,这样就导致了服务端和客户端数据可能出现不一致,无法在应用故障时完全的恢复数据。基于以上原因,rsync
+inotify
组合出现了!
Inotify
是一种强大的、细粒度的、异步的文件系统事件监控机制,linux
内核从2.6.13
起,加入了Inotify
支持,通过Inotify
可以监控文件系统中添加、删除,修改、移动等各种细微事件,利用这个内核接口,第三方软件就可以监控文件系统下文件的各种变化情况,而inotify-tools
就是这样的一个第三方软件。
在前面有讲到,rsync可以实现触发式的文件同步,但是通过crontab
守护进程方式进行触发,同步的数据和实际数据会有差异,而inotify
可以监控文件系统的各种变化,当文件有任何变动时,就触发rsync
同步,这样刚好解决了同步数据的实时性问题。
配置环境
1.环境配置
//源主机:192.168.116.146
//目标主机:192.168.116.147
2.修改主机名
[root@localhost ~]# hostnamectl set-hostname src
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@src ~]#
[root@localhost ~]# hostnamectl set-hostname dest
[root@localhost ~]# bash
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@dest ~]#
3.关闭防火墙
[root@src ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@src ~]# vim /etc/selinux/config
SELINUX=disabled
[root@src ~]# setenforce 0
[root@dest ~]# systemctl disable --now firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@dest ~]# vim /etc/selinux/config
SELINUX=disabled
[root@dest ~]# setenforce 0
在目标服务器上做以下操作(先安装rsync并启动):
1.安装
[root@dest ~]# yum list all | grep rsync
rsync.x86_64 3.1.3-19.uelc20 @UnionTechOS-20-BaseOS
apache-ranger-usersync.x86_64 2.1.0-3.uelc20.01 UnionTechOS-20-Plus
libguestfs-rsync.x86_64 1:1.44.0-9.0.1.module+uelc20+1093+2b4389a2.01 UnionTechOS-20-AppStream
librsync.x86_64 2.3.1-1.uelc20.1 UnionTechOS-20-Plus
librsync-devel.x86_64 2.3.1-1.uelc20.1 UnionTechOS-20-Plus
librsync-doc.noarch 2.3.1-1.uelc20.1 UnionTechOS-20-Plus
rsync-bpc.x86_64 3.1.2.0-5.uelc20.1 UnionTechOS-20-Plus
rsync-daemon.noarch 3.1.3-19.uelc20 UnionTechOS-20-BaseOS
[root@dest ~]# yum -y install rsync-daemon //安装rsync启动的服务
完毕!
2.向配置文件添加内容
[root@dest ~]# vim /etc/rsyncd.conf
[root@dest ~]# tail -20 /etc/rsyncd.conf
# path = /home/ftp
# comment = ftp export area
log file = /var/log/rsyncd.log //从这里开始,把下面的内容加到配置文件
pidfile = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
secrets file = /etc/rsync.pass //这里的密码位置可以自定义,不一定非要在/etc/下面
[etc_from_client] //源主机同步数据的位置
path = /hl/ //同步到目标主机的路径
comment = sync etc from client
uid = root
gid = root
port = 873
ignore errors //出现错误可以忽略
use chroot = no //允许软链接的方式同步
read only = no
list = no
max connections = 200
timeout = 600
auth users = admin
[root@dest ~]# mkdir /hl
3.创建用户认证文件
[root@dest ~]# echo 'admin:123456' > /etc/rsync.pass
[root@dest ~]# cat /etc/rsync.pass
admin:123456
//设置文件权限
[root@dest ~]# chmod 600 /etc/rsync.pass
[root@dest ~]# ll /etc/rsync.pass
-rw------- 1 root root 13 12月 14 15:19 /etc/rsync.pass
4.启动rsync并设置开机自启
[root@dest ~]# systemctl enable --now rsyncd
Created symlink /etc/systemd/system/multi-user.target.wants/rsyncd.service → /usr/lib/systemd/system/rsyncd.service.
[root@dest ~]# systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2023-12-14 15:22:18 CST; 19s ago
Main PID: 357602 (rsync)
Tasks: 1
Memory: 192.0K
CGroup: /system.slice/rsyncd.service
└─357602 /usr/bin/rsync --daemon --no-detach
12月 14 15:22:18 dest systemd[1]: Started fast remote file copy program daemon.
[root@dest ~]# ss -antl
State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
LISTEN 0 5 0.0.0.0:873 0.0.0.0:*
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 127.0.0.1:631 0.0.0.0:*
LISTEN 0 5 [::]:873 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::1]:631 [::]:*
在源服务器上做以下操作(先安装rsync并启动):
1.创建认证密码文件
[root@src ~]# echo '123456' > /etc/rsync.pass //这个上面的密码要跟目标主机上面的一致,存放位置可以不一样
[root@src ~]# cat /etc/rsync.pass
123456
2.设置文件权限,只设置文件所有者具有读取、写入权限即可
[root@src ~]# chmod 600 /etc/rsync.pass
[root@src ~]# ll /etc/rsync.pass
-rw------- 1 root root 7 12月 14 15:50 /etc/rsync.pass
3.在源服务器上创建测试目录,然后在源服务器运行以下命令
[root@src ~]# mkdir -pv /runtime/test
mkdir: 已创建目录 '/runtime'
mkdir: 已创建目录 '/runtime/test'
[root@src ~]# ls /runtime
test
[root@src ~]# rsync -avH --port 873 --progress --delete /runtime/test admin@192.168.116.147::etc_from_client --password-file=/etc/rsync.pass
sending incremental file list
test/
sent 62 bytes received 24 bytes 172.00 bytes/sec
total size is 0 speedup is 0.00
[root@dest ~]# ls /hl
test
4.安装inotify-tools工具,实时触发rsync进行同步
//查看服务器内核是否支持inotify
[root@src ~]# ll /proc/sys/fs/inotify/
总用量 0
-rw-r--r-- 1 root root 0 12月 14 16:03 max_queued_events
-rw-r--r-- 1 root root 0 12月 14 16:03 max_user_instances
-rw-r--r-- 1 root root 0 12月 14 16:03 max_user_watches
//安装inotify-tools
//可以直接用yum list all | grep inotify查找,直接下,如果没有的话下个epel-release源再下载
[root@src ~]# wget https://dl.fedoraproject.org/pub/epel/8/Everything/x86_64/Packages/i/inotify-tools-3.14-19.el8.x86_64.rpm
[root@src ~]# yum -y install inotify-tools-3.14-19.el8.x86_64.rpm
5.写同步脚本,此步乃最最重要的一步,请慎之又慎。让脚本自动去检测我们制定的目录下
//文件发生的变化,然后再执行rsync的命令把它同步到我们的服务器端去
//创建目录,在目录下创建一个文件
[root@src ~]# mkdir /scripts
[root@src ~]# touch /scripts/inotify.sh
//设置权限
[root@src ~]# chmod 755 /scripts/inotify.sh
[root@src ~]# ll /scripts/inotify.sh
-rwxr-xr-x 1 root root 0 12月 14 17:41 /scripts/inotify.sh
//编辑文件,向里面写入脚本
[root@src ~]# vim /scripts/inotify.sh
[root@src ~]# cat /scripts/inotify.sh
#!/bin/bash
host=192.168.116.147
src=/runtime
des=etc_from_client
password=/etc/rsync.pass
user=admin
inotifywait=/usr/bin/inotifywait
$inotifywait -mrq --timefmt '%Y%m%d %H:%M' --format '%T %w%f%e' -e modify,delete,create,attrib $src \
| while read files;do
rsync -avzP --delete --timeout=100 --password-file=${password} $src $user@$host::$des
echo "${files} was rsynced" >>/tmp/rsync.log 2>&1
done
6.启动脚本
[root@src ~]# nohup bash /scripts/inotify.sh &
[1] 107195
[root@src ~]# nohup: 忽略输入并把输出追加到'nohup.out'
[root@src ~]# ps -ef|grep inotify
root 107195 1485 0 17:46 pts/0 00:00:00 bash /scripts/inotify.sh
root 107196 107195 0 17:46 pts/0 00:00:00 /usr/bin/inotifywait -mrq --timefmt %Y%m%d %H:%M --format %T %w%f%e -e modify,delete,create,attrib /runtime
root 107197 107195 0 17:46 pts/0 00:00:00 bash /scripts/inotify.sh
root 109147 1485 0 17:46 pts/0 00:00:00 grep --color=auto inotify
7.在源服务器上生成一个新文件
[root@src ~]# ls /runtime/test
[root@src ~]# echo 'hello world' > /runtime/test/abc
[root@src ~]# cat /runtime/test/abc
hello world
[root@dest ~]# cat /hl/runtime/test/abc
hello world
8.查看inotify生成的日志
[root@src ~]# tail /tmp/rsync.log
20231214 17:49 /runtime/test/abcCREATE was rsynced
20231214 17:49 /runtime/test/abcMODIFY was rsynced
设置脚本开机自动启动:
[root@src ~]# ll /etc/rc.d/rc.local
-rw-r--r-- 1 root root 506 12月 14 13:00 /etc/rc.d/rc.local
[root@src ~]# chmod +x /etc/rc.d/rc.local
[root@src ~]# vim /etc/rc.d/rc.local
[root@src ~]# tail -2 /etc/rc.d/rc.local
/sbin/sysctl -p /etc/sysctl.conf
nohup /bin/bash /scripts/inotify.sh //把这一段添加到开机自启的文件中/etc/rc.local,加执行权限
//测试
[root@src ~]# reboot
连接断开
连接断开
连接主机...
UOS Server 20 1060a
连接主机成功
Welcome to UOS Server 20
Last login: Thu Dec 14 17:50:49 2023 from 192.168.116.1
Welcome to 4.19.0-91.82.152.uelc20.x86_64
[root@src ~]# echo 'hello china' >> /runtime/test/abc
[root@src ~]# cat /runtime/test/abc
hello world
hello china
[root@dest ~]# cat /hl/runtime/test/abc
hello world
hello china