rsync实践
[@more@]Normal07.8 磅02falsefalsefalseMicrosoftInternetExplorer4搭建rsync服务器
服务器端:
[root@wang xinetd.d]# cat rsync
# default: off
# description: The rsync server is a good addition to an ftp server, as it
# allows crc checksumming etc.
service rsync
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
[root@wang xinetd.d]# pwd
/etc/xinetd.d
[root@wang xinetd.d]#
[root@wang etc]# cat rsyncd.conf
uid = nobody
gid = nobody
use chroot = no
max connections = 4
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
motd file = /etc/rsyncd.motd
[tmp]
path = /root
comment = www service html
ignore errors
read only = true
list = false
hosts allow = 192.168.1.254
hosts deny = 0.0.0.0/32
auth users = uplook
secrets file = /etc/rsyncd.secrets
[root@wang etc]#
[root@wang etc]# ll /etc/rsync*(保证权限为600)
-rw------- 1 root root 383 07-03 15:41 /etc/rsyncd.conf
-rw------- 1 root root 67 07-03 13:37 /etc/rsyncd.motd
-rw------- 1 root root 14 07-03 15:32 /etc/rsyncd.secrets
-rw------- 1 root root 7 07-03 15:41 /etc/rsync.pass
[root@wang etc]#
[root@wang etc]# cat /etc/rsyncd.motd
+++++++++++++++++++ Welcome to Rsync Server ++++++++++++++++++++
[root@wang etc]# cat /etc/rsyncd.secrets
uplook:abc123
客户端:
[root@ ~]# rsync -Rav --password-file=/etc/rsync.pass uplook@192.168.1.250::tmp /root/
[root@ ~]# ll /etc/rsync.pass
-rw------- 1 root root 7 07-03 15:46 /etc/rsync.pass
[root@ ~]# cat /etc/rsync.pass
abc123
[root@ ~]#
命令解释:
rsync -Rav --delete --password-file=/root/secrets uplook@192.168.1.250::tmp /home/mubiao/
--delete 不以追加形式更新,如果客户端相应目录下没有某文件,
但客户端上有,执行该命令后会删掉客户端上该文件夹
------------------------------------------------------------------------------------------------------------------
密钥+ssh 传输数据 不用rsync服务的873的侦听端口
(1) 解决密钥问题
client:
[root@ .ssh]# ls
known_hosts
[root@ .ssh]# ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
c7:db:5d:ff:c0:c2:f1:2a:99:ab:10:a2:53:ea:7b:90 root@tea.uplooking.com
[root@ .ssh]# ls
id_rsa id_rsa.pub known_hosts
[root@ .ssh]#
[root@ .ssh]# cat id_rsa.pub
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEArbru+k+Zik1lk74YE3I9rCOZyIQTLyVwWkE/a9+uV+0Ag5NqvO5uRVnFPEggjIUgLzzubWfvPFbuXVRvsuzdyPFuWemb3rVp9A5ZPaV+q4MSzTC9Awpj3EXVVIcKl+wBt4lF64mbHq7dbLXgJg5EsSp1Kf/2YCTOm4PnpRSO3x8S/hFF+3zrBxxO5ojkj0gNjzUOsQxtdpmhpYulX+psi1QRsh5AAEXl9kwxmeTucZh4GnMQjUKqApSDAjPHbDhjRnXvgav1XoXQ9Ixx0tP2otZyBzieTzxyqvp8Ctj7ZGKu2+UPwk2SWEtDSkcw6B9aBhw4/WSHiRfSmrEB3L8jNw==
root@tea.uplooking.com
[root@ .ssh]#
server:
将client端的id_rsa.pub文件中的内容全部复制到server中去,并命名为authorized_keys
[root@wang .ssh]# ls
authorized_keys id_rsa id_rsa.pub known_hosts
[root@wang .ssh]# cat authorized_keys
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEArbru+k+Zik1lk74YE3I9rCOZyIQTLyVwWkE/a9+uV+0Ag5NqvO5uRVnFPEggjIUgLzzubWfvPFbuXVRvsuzdyPFuWemb3rVp9A5ZPaV+q4MSzTC9Awpj3EXVVIcKl+wBt4lF64mbHq7dbLXgJg5EsSp1Kf/2YCTOm4PnpRSO3x8S/hFF+3zrBxxO5ojkj0gNjzUOsQxtdpmhpYulX+psi1QRsh5AAEXl9kwxmeTucZh4GnMQjUKqApSDAjPHbDhjRnXvgav1XoXQ9Ixx0tP2otZyBzieTzxyqvp8Ctj7ZGKu2+UPwk2SWEtDSkcw6B9aBhw4/WSHiRfSmrEB3L8jNw==
root@tea.uplooking.com
[root@wang .ssh]#
然后修改该文件的权限
[root@wang .ssh]# chmod 700 authorized_keys
[root@wang .ssh]# ll
总计 16
-rwx------ 1 root root 404 07-03 15:59 authorized_keys
-rw------- 1 root root 1675 07-03 11:53 id_rsa
-rw-r--r-- 1 root root 391 07-03 11:53 id_rsa.pub
-rw-r--r-- 1 root root 2369 07-03 14:18 known_hosts
在client上测试:通过!!!
[root@ .ssh]# ssh 192.168.1.250
Last login: Sun Jul 3 16:01:03 2011 from 192.168.1.254
[root@wang ~]#
(2)利用该密钥方便使用rsync
Server:
[root@wang etc]# /etc/init.d/xinetd stop
停止 xinetd: [确定]
[root@wang etc]# netstat -natu | grep 873
[root@wang etc]#
Client:
[root@ mubiao]# rsync -ar --progress --rsh=ssh -e 'ssh -p 22' root@192.168.1.250:/etc/passwd .
receiving file list ...
1 file to consider
passwd
2113 100% 2.02MB/s 0:00:00 (xfer#1, to-check=0/1)
sent 42 bytes received 2212 bytes 1502.67 bytes/sec
total size is 2113 speedup is 0.94
[root@ mubiao]# ls
passwd
可以看出在服务器端没有873端口监听的情况下,也可以传输文件
--------------------------------------------------------------------------------------------
监控rsync同步情况
Server(该Server上面装有nagios):
/usr/local/nagios/share/side.html 中修改程序,修改nagios的监控界面
查看同步信息
Client:
[root@doo libexec]# cat check_ips.sh
#!/bin/sh
#if [ $# -ne 2 ]
#then
# echo "Usage:$0 -w num1 -c num2"
#exit 3
#fi
ip_conns=`netstat -an | grep tcp | grep EST | wc -l`
if [ $ip_conns -lt $1 ]
then
echo "OK -connect counts is $ip_conns"
exit 0
fi
if [ $ip_conns -gt $1 -a $ip_conns -lt $2 ]
then
echo "Warning -connect counts is $ip_conns"
exit 1
fi
if [ $ip_conns -gt $2 ]
then
echo "Critical -connect counts is $ip_conns"
exit 2
fi
[root@doo libexec]#
[root@doo etc]# ll nrpe.cfg
-rw-r--r-- 1 nagios nagios 7345 07-03 10:15 nrpe.cfg
205 command[check_ips]=/usr/local/nagios/libexec/check_ips.sh 8 10
相当于客户端将检查的结构写到rsync.log中,由服务器的nagios监控该客户端,在nagios界面上点击‘查看同步信息’,即打开rsync.log日志文件,将该文件的内容展现到当前界面上,实现监控功能。
总结:
Rsync
1. 备份数据库
2. 传输数据的同步(除本地,也可做地备份)
Rsync优点:
1. 加密传输
2. 只针对修改部分的同步
3. 保证安全,服务器端通过873端口等待客户端的请求,然后需用户名和密码的认证
Rsync属于xinetd集中管理,此外需要在/etc下创建文件rsyncd.conf为其配置文件,根据该文件内容进行对文件夹、用户名及密码的创建,对文件需要给予600的权限。
pkill –kill –t Pts/4 杀掉某一终端用户
这里面ssh方式设计的密钥问题
其中authorized_keys这个文件的权限为700
私钥是不带.pub的
scp命令利用参数-P来制定端口号
rsync可以与nagios相结合
若A机上有数据误删,则B的所有机器都同步,所以将A机作为rsync的服务器就不适合了,需选取B中的一个机器做同步,可以每天做打包备份,保留一段时间内的数据
当然可以修改下面的这个命令
[root@ mubiao]# rsync -ar --progress --rsh=ssh -e 'ssh -p 22' root@192.168.1.250:/etc/passwd .
可以在这个命令中增加参数—files-from=/etc/file.list针对哪个文件进行更新,file.list文件中列出目录或文件名
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/23168012/viewspace-1052522/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/23168012/viewspace-1052522/