rsync实践

rsync实践

[@more@]Normal07.8 磅02falsefalsefalseMicrosoftInternetExplorer4

搭建rsync服务器

服务器端：

[root@wang xinetd.d]# cat rsync

# default: off

# description: The rsync server is a good addition to an ftp server, as it

# allows crc checksumming etc.

service rsync

{

disable = no

socket_type = stream

wait = no

user = root

server = /usr/bin/rsync

server_args = --daemon

log_on_failure += USERID

}

[root@wang xinetd.d]# pwd

/etc/xinetd.d

[root@wang xinetd.d]#

[root@wang etc]# cat rsyncd.conf

uid = nobody

gid = nobody

use chroot = no

max connections = 4

pid file = /var/run/rsyncd.pid

lock file = /var/run/rsync.lock

log file = /var/log/rsyncd.log

motd file = /etc/rsyncd.motd

[tmp]

path = /root

comment = www service html

ignore errors

read only = true

list = false

hosts allow = 192.168.1.254

hosts deny = 0.0.0.0/32

auth users = uplook

secrets file = /etc/rsyncd.secrets

[root@wang etc]#

[root@wang etc]# ll /etc/rsync*(保证权限为600)

-rw------- 1 root root 383 07-03 15:41 /etc/rsyncd.conf

-rw------- 1 root root 67 07-03 13:37 /etc/rsyncd.motd

-rw------- 1 root root 14 07-03 15:32 /etc/rsyncd.secrets

-rw------- 1 root root 7 07-03 15:41 /etc/rsync.pass

[root@wang etc]#

[root@wang etc]# cat /etc/rsyncd.motd

+++++++++++++++++++ Welcome to Rsync Server ++++++++++++++++++++

[root@wang etc]# cat /etc/rsyncd.secrets

uplook:abc123

客户端：

[root@ ~]# rsync -Rav --password-file=/etc/rsync.pass uplook@192.168.1.250::tmp /root/

[root@ ~]# ll /etc/rsync.pass

-rw------- 1 root root 7 07-03 15:46 /etc/rsync.pass

[root@ ~]# cat /etc/rsync.pass

abc123

[root@ ~]#

命令解释：

rsync -Rav --delete --password-file=/root/secrets uplook@192.168.1.250::tmp /home/mubiao/

--delete 不以追加形式更新，如果客户端相应目录下没有某文件，

但客户端上有，执行该命令后会删掉客户端上该文件夹

------------------------------------------------------------------------------------------------------------------

密钥＋ssh 传输数据 不用rsync服务的873的侦听端口

(1) 解决密钥问题

client:

[root@ .ssh]# ls

known_hosts

[root@ .ssh]# ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

c7:db:5d:ff:c0:c2:f1:2a:99:ab:10:a2:53:ea:7b:90 root@tea.uplooking.com

[root@ .ssh]# ls

id_rsa id_rsa.pub known_hosts

[root@ .ssh]#

[root@ .ssh]# cat id_rsa.pub

ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAQEArbru+k+Zik1lk74YE3I9rCOZyIQTLyVwWkE/a9+uV+0Ag5NqvO5uRVnFPEggjIUgLzzubWfvPFbuXVRvsuzdyPFuWemb3rVp9A5ZPaV+q4MSzTC9Awpj3EXVVIcKl+wBt4lF64mbHq7dbLXgJg5EsSp1Kf/2YCTOm4PnpRSO3x8S/hFF+3zrBxxO5ojkj0gNjzUOsQxtdpmhpYulX+psi1QRsh5AAEXl9kwxmeTucZh4GnMQjUKqApSDAjPHbDhjRnXvgav1XoXQ9Ixx0tP2otZyBzieTzxyqvp8Ctj7ZGKu2+UPwk2SWEtDSkcw6B9aBhw4/WSHiRfSmrEB3L8jNw==

root@tea.uplooking.com

[root@ .ssh]#

server:

将client端的id_rsa.pub文件中的内容全部复制到server中去，并命名为authorized_keys

[root@wang .ssh]# ls

authorized_keys id_rsa id_rsa.pub known_hosts

[root@wang .ssh]# cat authorized_keys

ssh-rsa

AAAAB3NzaC1yc2EAAAABIwAAAQEArbru+k+Zik1lk74YE3I9rCOZyIQTLyVwWkE/a9+uV+0Ag5NqvO5uRVnFPEggjIUgLzzubWfvPFbuXVRvsuzdyPFuWemb3rVp9A5ZPaV+q4MSzTC9Awpj3EXVVIcKl+wBt4lF64mbHq7dbLXgJg5EsSp1Kf/2YCTOm4PnpRSO3x8S/hFF+3zrBxxO5ojkj0gNjzUOsQxtdpmhpYulX+psi1QRsh5AAEXl9kwxmeTucZh4GnMQjUKqApSDAjPHbDhjRnXvgav1XoXQ9Ixx0tP2otZyBzieTzxyqvp8Ctj7ZGKu2+UPwk2SWEtDSkcw6B9aBhw4/WSHiRfSmrEB3L8jNw==

root@tea.uplooking.com

[root@wang .ssh]#

然后修改该文件的权限

[root@wang .ssh]# chmod 700 authorized_keys

[root@wang .ssh]# ll

总计 16

-rwx------ 1 root root 404 07-03 15:59 authorized_keys

-rw------- 1 root root 1675 07-03 11:53 id_rsa

-rw-r--r-- 1 root root 391 07-03 11:53 id_rsa.pub

-rw-r--r-- 1 root root 2369 07-03 14:18 known_hosts

在client上测试：通过！！！

[root@ .ssh]# ssh 192.168.1.250

Last login: Sun Jul 3 16:01:03 2011 from 192.168.1.254

[root@wang ~]#

（2）利用该密钥方便使用rsync

Server:

[root@wang etc]# /etc/init.d/xinetd stop

停止 xinetd： [确定]

[root@wang etc]# netstat -natu | grep 873

[root@wang etc]#

Client:

[root@ mubiao]# rsync -ar --progress --rsh=ssh -e 'ssh -p 22' root@192.168.1.250:/etc/passwd .

receiving file list ...

1 file to consider

passwd

2113 100% 2.02MB/s 0:00:00 (xfer#1, to-check=0/1)

sent 42 bytes received 2212 bytes 1502.67 bytes/sec

total size is 2113 speedup is 0.94

[root@ mubiao]# ls

passwd

可以看出在服务器端没有873端口监听的情况下，也可以传输文件

--------------------------------------------------------------------------------------------

监控rsync同步情况

Server（该Server上面装有nagios）:

/usr/local/nagios/share/side.html 中修改程序，修改nagios的监控界面

查看同步信息

Client:

[root@doo libexec]# cat check_ips.sh

#!/bin/sh

#if [ $# -ne 2 ]

#then

# echo "Usage:$0 -w num1 -c num2"

#exit 3

#fi

ip_conns=`netstat -an | grep tcp | grep EST | wc -l`

if [ $ip_conns -lt $1 ]

then

echo "OK -connect counts is $ip_conns"

exit 0

fi

if [ $ip_conns -gt $1 -a $ip_conns -lt $2 ]

then

echo "Warning -connect counts is $ip_conns"

exit 1

fi

if [ $ip_conns -gt $2 ]

then

echo "Critical -connect counts is $ip_conns"

exit 2

fi

[root@doo libexec]#

[root@doo etc]# ll nrpe.cfg

-rw-r--r-- 1 nagios nagios 7345 07-03 10:15 nrpe.cfg

205 command[check_ips]=/usr/local/nagios/libexec/check_ips.sh 8 10

相当于客户端将检查的结构写到rsync.log中，由服务器的nagios监控该客户端，在nagios界面上点击‘查看同步信息’，即打开rsync.log日志文件，将该文件的内容展现到当前界面上，实现监控功能。

总结:

Rsync

1. 备份数据库

2. 传输数据的同步(除本地,也可做地备份)

Rsync优点:

1. 加密传输

2. 只针对修改部分的同步

3. 保证安全,服务器端通过873端口等待客户端的请求,然后需用户名和密码的认证

Rsync属于xinetd集中管理，此外需要在/etc下创建文件rsyncd.conf为其配置文件，根据该文件内容进行对文件夹、用户名及密码的创建，对文件需要给予600的权限。

pkill –kill –t Pts/4 杀掉某一终端用户

这里面ssh方式设计的密钥问题

其中authorized_keys这个文件的权限为700

私钥是不带.pub的

scp命令利用参数-P来制定端口号

rsync可以与nagios相结合

若A机上有数据误删，则B的所有机器都同步，所以将A机作为rsync的服务器就不适合了，需选取B中的一个机器做同步，可以每天做打包备份，保留一段时间内的数据

当然可以修改下面的这个命令

[root@ mubiao]# rsync -ar --progress --rsh=ssh -e 'ssh -p 22' root@192.168.1.250:/etc/passwd .

可以在这个命令中增加参数—files-from=/etc/file.list针对哪个文件进行更新，file.list文件中列出目录或文件名

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/23168012/viewspace-1052522/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/23168012/viewspace-1052522/