unison_如何在Ubuntu 16.04上使用Unison备份大目录

unison

The author selected the Free and Open Source Fund to receive a donation as part of the Write for DOnations program.

作者选择了自由开源基金会作为“ Write for DOnations”计划的一部分接受捐赠。

介绍 (Introduction)

Unison is an open-source file synchronization tool. It is very efficient at backing up large corpuses of data where only a few files have been added or updated. This situation occurs in, for example, a corporate Samba file server or an email server.

Unison是一个开源文件同步工具。 在备份仅添加或更新了几个文件的大型数据集时，它非常高效。 例如，在公司的Samba文件服务器或电子邮件服务器中会发生这种情况。

The majority of the files in these servers will remain the same while a small number will be added or modified each day. Unison is able to discover and back up these new files extremely rapidly—even when there are millions of files and terabytes of data. In these situations, traditional tools like rsync can take a longer amount of time to perform the same backup operation.

这些服务器中的大多数文件将保持不变，而每天都会添加或修改少量文件。 Unison能够极其Swift地发现和备份这些新文件，即使有数百万个文件和TB级数据也是如此。 在这些情况下，诸如rsync类的传统工具可能会花费更长的时间来执行相同的备份操作。

In this tutorial, you will install and configure Unison on a pair of servers and use it to back up a directory. You will also configure Unison to use SSH as the secure communication protocol and create a cron job to periodically run Unison.

在本教程中，您将在一对服务器上安装和配置Unison，并使用它来备份目录。 您还将配置Unison以使用SSH作为安全通信协议，并创建一个cron作业以定期运行Unison。

先决条件 (Prerequisites)

Before you begin this guide, you’ll need the following:

在开始本指南之前，您需要满足以下条件：

• Two Ubuntu 16.04 servers, configured using the Initial Server Setup with Ubuntu 16.04 guide.

  两台Ubuntu 16.04服务器，使用“ Ubuntu 16.04初始服务器设置”指南进行配置。

• Familiarity with creating a crontab entry by reading the How To Use Cron To Automate Tasks On a VPS guide.

  熟悉通过阅读如何在VPS指南上使用Cron自动执行任务来创建crontab条目。

This guide will use two servers:

本指南将使用两台服务器：

• primary server: The server that hosts the data that you will back up.

  主服务器：承载要备份数据的服务器。

• backup server: The server that will host the backed up data.

  备份服务器：将托管备份数据的服务器。

第1步-创建其他非root用户 (Step 1 — Creating Additional Non-Root Users)

The Initial Server Setup with Ubuntu 16.04 tutorial guided you through creating a non-root sudo user called sammy on both the primary and backup server. In this step, you will create two new users, one on the primary server and one on the backup server. This prevents confusion as you work through the guide, and an alternative non-root sudo user is required on the backup server if the SSH security configuration is enabled at the end of the guide.

使用Ubuntu 16.04进行的初始服务器设置教程将指导您在主服务器和备用服务器上创建一个名为sammy的非root用户sudo用户。 在此步骤中，您将创建两个新用户，一个在主服务器上，一个在备用服务器上。 这样可以避免您在阅读本指南时产生混乱，并且如果本指南末尾启用了SSH安全配置，则备用服务器上还需要其他非root sudo用户。

You will need to log into both the primary and the backup server as the sammy user over SSH in two terminal windows. The following two SSH commands will log you into these servers:

您将需要在两个终端窗口中以sammy用户身份通过​​SSH登录到主服务器和备份服务器。 以下两个SSH命令将使您登录到这些服务器：

• ssh sammy@primary_server_ip

  ssh sammy @ primary_server_ip

• ssh sammy@backup_server_ip

  ssh sammy @ backup_server_ip

First, on the primary server create a new user called primary_user with this command:

首先，在主服务器上，使用以下命令创建一个名为primary_user的新用户：

• sudo adduser primary_user
  须藤adduser primary_user

Then give them sudo access rights:

然后给他们sudo访问权限：

• sudo usermod -aG sudo primary_user
  sudo usermod -aG sudo primary_user

Finally, change to the primary_user account:

最后，更改为primary_user帐户：

• su - primary_user
  su-primary_user

Next, follow the same steps on the backup server, but create a new user called backup_user. Make sure you are logged into the primary and backup servers as these users for the rest of the guide.

接下来，在备份服务器上执行相同的步骤，但是创建一个名为backup_user的新用户。 在本指南的其余部分，请确保您以这些用户身份登录到主服务器和备份服务器。

Now that you have created the necessary users on both servers, you can move on to installing the Unison software.

现在，您已经在两台服务器上创建了必要的用户，接下来可以继续安装Unison软件了。

步骤2 —在两台服务器上安装Unison (Step 2 — Installing Unison on Both Servers)

In this step, you will install the Unison package on both of the servers.

在此步骤中，您将在两台服务器上安装Unison软件包。

You will use the Ubuntu package manager apt to install Unison on both servers. When using apt for the first time in a while, you should update the local package index with the following command:

您将使用Ubuntu软件包管理器apt在两台服务器上安装Unison。 在一段时间内第一次使用apt时，应使用以下命令更新本地软件包索引：

• sudo apt-get update
  sudo apt-get更新

This ensures that you will install the latest version of Unison. This will also help to avoid installation errors.

这样可以确保您将安装最新版本的Unison。 这也将有助于避免安装错误。

Next, install Unison:

接下来，安装Unison：

• sudo apt-get install unison
  sudo apt-get install统一

You have now completed the installation of Unison. In the next step, you will configure SSH so that Unison is able to communicate between the two servers.

您现在已经完成了Unison的安装。 在下一步中，您将配置SSH，以便Unison能够在两个服务器之间进行通信。

步骤3 —创建SSH密钥和配置SSH (Step 3 — Creating SSH Keys and Configuring SSH)

The first thing you will need to do is to create an SSH key pair on the primary server as you will use key-based authentication for the SSH connection. The advantage of key-based authentication is that a secure connection is possible without entering a password. This is important because you will create an automated backup procedure that must take place without you entering a password every time it occurs.

您需要做的第一件事是在主服务器上创建SSH密钥对，因为您将对SSH连接使用基于密钥的身份验证。 基于密钥的身份验证的优点是无需输入密码即可进行安全连接。 这很重要，因为您将创建一个自动备份过程，该过程必须在每次输入密码时都无需输入密码。

Once you have that key pair on the primary server, you will copy the public key to the backup server and then test that Unison is able to communicate between the servers using SSH.

一旦在主服务器上拥有该密钥对，就将公共密钥复制到备份服务器，然后测试Unison是否能够使用SSH在服务器之间进行通信。

When you create an SSH key pair, you usually use a strong password. However, Unison will run automatically, so a password can’t be manually entered each time it runs. Hit the ENTER key without entering a password. This will generate a passwordless SSH key pair.

创建SSH密钥对时，通常使用强密码。 但是，Unison会自动运行，因此无法在每次运行时手动输入密码。 按下ENTER键而不输入密码。 这将生成无密码的SSH密钥对。

Run the following command from the primary_user home directory on the primary server to generate a SSH key pair:

从主服务器上的primary_user主目录运行以下命令以生成SSH密钥对：

• ssh-keygen -t rsa -b 4096 -f .ssh/unison-primary

  ssh-keygen -t rsa -b 4096 -f .ssh / 统一主要

The options used here mean the following:

此处使用的选项含义如下：

• -t rsa: This sets the type of key that will be created. RSA keys are the most compatible type.

  -t rsa ：这将设置要创建的密钥的类型。 RSA密钥是最兼容的类型。

• -b 4096: This sets the length of the key. The longer a key is, the more secure it is. A key length of 4096 is the current recommended key length for RSA keys.

  -b 4096 ：这设置密钥的长度。 密钥越长，密钥越安全。 密钥长度4096是RSA密钥的当前建议密钥长度。

• -f .ssh/unison-primary: This sets the name of the key and the location where it will be saved. In this case, you will save the key into SSH’s default directory, .ssh, using a name of your choice.

  -f .ssh/ unison-primary ：这设置密钥的名称以及将其保存的位置。 在这种情况下，您将使用您选择的名称将密钥保存到SSH的默认目录.ssh 。

The command shown above creates the public and private SSH keys in the following two files:

上面显示的命令在以下两个文件中创建公用和专用SSH密钥：

• .ssh/unison-primary

  .ssh/unison-primary

• .ssh/unison-primary.pub

  .ssh/unison-primary.pub

The first is the private SSH key and the second is the public key. You need to copy the contents of the public key file to the backup server. The easiest way to display the contents of the public key file for copying is to use the cat command to print the contents to the terminal:

第一个是私有SSH密钥，第二个是公共密钥。 您需要将公钥文件的内容复制到备份服务器。 显示要复制的公共密钥文件内容的最简单方法是使用cat命令将内容打印到终端：

cat .ssh/unison-primary.pub

On the backup server in the backup_user home directory, open the .ssh/authorized_keys file with a text editor. Here, you will use nano:

在backup_user主目录中的备份服务器上，使用文本编辑器打开.ssh/authorized_keys文件。 在这里，您将使用nano ：

• nano .ssh/authorized_keys
  纳米.ssh / authorized_keys

Paste the public key into the editor, then save and exit.

将公钥粘贴到编辑器中，然后保存并退出。

You can now test that the SSH configuration is working by logging into the backup from the primary server via SSH. This is important because you will need to accept and save the SSH server’s key fingerprint of the backup server or Unison will not work. In your terminal on the primary server, run the following command from the primary_user’s home directory:

现在，您可以通过SSH从主服务器登录备份来测试SSH配置是否正常运行。 这很重要，因为您将需要接受并保存备份服务器的SSH服务器的密钥指纹，否则Unison将无法工作。 在主服务器上的终端中，从primary_user的主目录中运行以下命令：

• ssh -i .ssh/unison-primary backup_user@backup_server_ip

  ssh -i .ssh / 统一主要的 backup_user @ backup_server_ip

The -i .ssh/unison-primary option instructs SSH to use a specific key or identity file. Here you will use the new unison-primary key you created.

-i .ssh/ unison-primary选项指示SSH使用特定的密钥或身份文件。 在这里，您将使用您创建的新的unison-primary键。

Accept the fingerprint by pressing Y and then ENTER, and log in and out. You just needed to confirm that SSH works between the servers and save the backup server’s SSH fingerprint. The fingerprint can only be saved manually, so it has to be done before the process is automated later in the tutorial.

按Y ，然后按ENTER接受指纹，然后登录和注销。 您只需要确认SSH在服务器之间正常工作，并保存备份服务器的SSH指纹即可。 指纹只能手动保存，因此必须在教程后面的过程自动化之前完成。

Next, check that Unison will connect by running the following command from the primary_user home directory on the primary server:

接下来，通过从主服务器上的primary_user主目录运行以下命令来检查Unison是否将连接：

• ssh -i .ssh/unison-primary backup_user@backup.example.com unison -version
  ssh -i .ssh / unison-primary backup_user@backup.example.com一致-version

In this command, you used the same SSH command you used to test the connection with the addition of the Unison command at the end. When a command is placed at the end of an SSH connection, SSH will log in, run the command, and then exit. The unison -version command instructs Unison to print its version number.

在此命令中，使用了与测试连接相同的SSH命令，并在最后添加了Unison命令。 在SSH连接的末尾放置命令时，SSH将登录，运行命令，然后退出。 unison -version命令指示Unison打印其版本号。

If everything is working you will see a response showing the version of Unison on the backup server:

如果一切正常，您将看到一个响应，显示备份服务器上Unison的版本：

   
   

    
    Output
   
   
unison version 2.48.3

Now that you have confirmed that Unison can communicate between the servers using the SSH keys, you are ready to move on to configuring Unison.

既然您已经确认Unison可以使用SSH密钥在服务器之间进行通信，那么您就可以继续配置Unison。

第4步-配置Unison (Step 4 — Configuring Unison)

In this step, you will configure Unison to run a simple one-way backup on a directory from the primary server to the backup server.

在此步骤中，您将配置Unison以在从主服务器到备份服务器的目录上运行简单的单向备份。

To configure Unison, you first need to create the configuration directory under the primary_user’s home directory on the primary server:

要配置Unison，首先需要在主服务器上primary_user的主目录下创建配置目录：

• mkdir .unison
  mkdir .unison

Next, you need to open a new file with the name default.prf in a text editor in the .unison directory. This file contains the Unison configuration. Open the file with the following command:

接下来，您需要在.unison目录中的文本编辑器中打开一个名为default.prf的新文件。 该文件包含Unison配置。 使用以下命令打开文件：

• nano .unison/default.prf
  纳米.unison / default.prf

Then enter the following:

然后输入以下内容：

default.prf

default.prf

force = /home/primary_user/data
sshargs = -i /home/primary_user/.ssh/unison-primary

These two lines mean as follows:

这两行的含义如下：

• force: This ensures that changes are only pushed from the primary server to the backup server. The /home/primary_user/data path is the location of the directory that holds the data that you want to back up.

  force ：这可以确保仅将更改从主服务器推送到备份服务器。 /home/ primary_user /data路径是保存要备份的数据的目录的位置。

• sshargs: This option instructs Unison to use the SSH key you generated.

  sshargs ：此选项指示Unison使用您生成的SSH密钥。

If the directory that holds the data that you want to back up is not under the primary_user home directory, then you must make sure that it is readable and writable by the primary_user. If you aren’t familiar with Linux ownership and permissions, check out the Introduction to Linux Permissions guide to learn more.

如果包含要备份的数据的目录不在primary_user主目录下，则必须确保primary_user可读取和写入该目录。 如果您不熟悉Linux所有权和权限，请查看Linux权限简介指南以了解更多信息。

Unison is now configured so you can move on to testing it by backing up a directory.

现在已经配置了Unison，因此您可以通过备份目录来对其进行测试。

步骤5 —使用Unison备份目录 (Step 5 — Backing Up a Directory with Unison)

You are ready to back up a directory now that Unison is configured. You will back up the /home/primary_user/data directory on the primary server to the /home/backup_user/data/ directory on the backup server. The directory that contains the data to back up must be the same directory that you put in the .unison/default.prf next to the force option.

现在已经配置了Unison，您就可以备份目录了。 您将主服务器上的/home/ primary_user /data目录备份到备份服务器上的/home/ backup_user /data/目录。 包含要备份的数据的目录必须与您在force选项旁边的.unison/default.prf放置的目录相同。

You will need some data to back up to test that Unison is working. Create some empty files on the primary server, and then check if Unison transferred them to the backup server.

您将需要一些数据进行备份，以测试Unison是否正常工作。 在主服务器上创建一些空文件，然后检查Unison是否将它们传输到备份服务器。

First, create the directory that will hold the data to back up by running the following command from the primary_user home directory:

首先，通过从primary_user主目录运行以下命令来创建将保存要备份数据的目录：

• mkdir data/
  mkdir数据/

Next, use the touch command to create five empty files:

接下来，使用touch命令创建五个空文件：

• touch data/file{1..5}
  触摸数据/文件{1..5}

The final part of the command, file{1..5}, uses Bash brace expansion to create the five files. When bash is given {1..5}, it automatically fills in the missing numbers, 2, 3, and 4. This technique is useful to quickly enumerate multiple files.

命令的最后部分file{1..5}使用Bash大括号扩展来创建五个文件。 当bash给出{1..5}它会自动填充缺失的数字， 2 ， 3 ，和4 。 此技术对于快速枚举多个文件很有用。

Now that you have the data directory and some test files to back up, you can run Unison to back up the files to the backup server. The following command will do this:

现在您具有要备份的data目录和一些测试文件，您可以运行Unison来将文件备份到备份服务器。 以下命令将执行此操作：

• unison -batch -auto /home/primary_user/data ssh://backup_user@backup_server_ip//home/backup_user/data

  统一-batch -auto / home / primary_user / data ssh：// backup_user @ backup_server_ip // home / backup_user / data

These options mean as follows:

这些选项的含义如下：

• batch: Run without asking any questions.

  batch ：运行时不问任何问题。

• auto: Automatically accept any non-conflicting actions.

  auto ：自动接受任何无冲突的操作。

As you are using Unison in a simple, one-way sync mode, you will not have to resolve any conflicts. This means that you can safely set these options.

当您以简单的单向同步模式使用Unison时，不必解决任何冲突。 这意味着您可以安全地设置这些选项。

A conflict can occur only during Unison’s other mode of operation, where it syncs in both directions. Such a use case would be syncing a directory on someone’s laptop and desktop. When they update a file on the desktop, they want that change pushed to the laptop and vice versa. A conflict occurs if the same file is modified at both ends before a Unison sync occurs, and Unison cannot automatically decide which file to keep and which to overwrite.

仅在Unison的其他操作模式(双向同步)期间，才会发生冲突。 这样的用例将是同步某人的笔记本电脑和台式机上的目录。 当他们在桌面上更新文件时，他们希望该更改被推送到笔记本电脑上，反之亦然。 如果在进行Unison同步之前在两端修改了相同的文件，则会发生冲突，并且Unison无法自动决定保留哪个文件和覆盖哪个文件。

In a one-way push mode, the data on the primary is always retained and the data on the backup is overwritten.

在单向推模式，在主数据被始终保留并在备份中的数据被覆盖。

This command will print a long message the first time that it is run. The message reads as follows:

该命令将在第一次运行时显示一条长消息。 该消息的内容如下：

   
   

    
    Output
   
   
Contacting server...
Connected [//primary_server_ip//home/primary_user/data -> //primary_server_ip//home/backup_user/data]
Looking for changes
Warning: No archive files were found for these roots, whose canonical names are:
        /home/primary_user/data
        //backup_server_ip//home/backup_user/data
This can happen either
because this is the first time you have synchronized these roots, 
or because you have upgraded Unison to a new version with a different
archive format.  

Update detection may take a while on this run if the replicas are 
large.

Unison will assume that the 'last synchronized state' of both replicas
was completely empty.  This means that any files that are different
will be reported as conflicts, and any files that exist only on one
replica will be judged as new and propagated to the other replica.
If the two replicas are identical, then no changes will be reported.

If you see this message repeatedly, it may be because one of your machines
is getting its address from DHCP, which is causing its host name to change
between synchronizations.  See the documentation for the UNISONLOCALHOSTNAME
environment variable for advice on how to correct this.

Donations to the Unison project are gratefully accepted: 
http://www.cis.upenn.edu/~bcpierce/unison

  Waiting for changes from server
Reconciling changes
dir      ---->            /  
Propagating updates
UNISON 2.48.3 started propagating changes at 16:30:43.70 on 03 Apr 2019
[BGN] Copying  from /home/primary_user/data to //backup_server_ip//home/backup_user/data
[END] Copying  
UNISON 2.48.3 finished propagating changes at 16:30:43.71 on 03 Apr 2019
Saving synchronizer state
Synchronization complete at 16:30:43  (1 item transferred, 0 skipped, 0 failed)

This information is warning that this is the first synchronization. It also provides tips on how to resolve an issue if you see this message for every synchronization run. The last section tells you what data Unison synced during this run.

此信息警告这是第一次同步。 如果您在每次同步运行中都看到此消息，则还将提供有关如何解决问题的提示。 最后一部分告诉您Unison在此运行期间同步了哪些数据。

On each subsequent run, it will print much less information. Here is the output when no files have been updated:

在随后的每次运行中，它将打印更少的信息。 这是没有文件更新时的输出：

   
   

    
    Output
   
   
Contacting server...
Connected [//primary_server_ip//home/primary_user/data -> //backup_server_ip//home/backup_user/data]
Looking for changes
  Waiting for changes from server
Reconciling changes
Nothing to do: replicas have not changed since last sync.

This is the output when /data/file1 is modified on the primary server:

这是在主服务器上修改/data/file1时的输出：

   
   

    
    Output
   
   
Contacting server...
Connected [//primary_server_ip//home/primary_user/data -> //backup_server_ip//home/backup_user/data]
Looking for changes
  Waiting for changes from server
Reconciling changes
changed  ---->            file1  
Propagating updates
UNISON 2.48.3 started propagating changes at 16:38:37.11 on 03 Apr 2019
[BGN] Updating file file1 from /home/primary_user/data to //backup_server_ip//home/backup_user/data
[END] Updating file file1
UNISON 2.48.3 finished propagating changes at 16:38:37.16 on 03 Apr 2019
Saving synchronizer state
Synchronization complete at 16:38:37  (1 item transferred, 0 skipped, 0 failed)

After each synchronization run the backup server will have an exact copy of the data directory on the primary server.

每次同步运行后， 备份服务器将在主服务器上具有data目录的精确副本。

Warning: Any new files or changes in the data directory on the backup server will get lost when you run Unison.

警告：运行Unison时， 备份服务器上的任何新文件或data目录中的更改都将丢失。

You are now able to run Unison to back up a directory. In the next step, you will automate the backup process by running Unison with cron.

现在，您可以运行Unison来备份目录。 在下一步中，您将通过使用cron运行Unison来自动执行备份过程。

第6步-创建Unison Cron作业 (Step 6 — Creating a Unison Cron Job)

In this section, you will create a cron job that will run Unison and back up the data directory to the backup server at a specified frequency.

在本部分中，您将创建一个cron作业，该作业将运行Unison并以指定的频率将data目录备份到备份服务器。

The crontab is a file that is read by the cron process. The commands it contains are loaded into the cron process and are executed at the specified intervals.

crontab是cron进程读取的文件。 它包含的命令将加载到cron进程中，并以指定的时间间隔执行。

You can view the contents of the crontab for your current user by running the following command:

您可以通过运行以下命令来查看当前用户的crontab内容：

• crontab -l
  crontab -l

The -l option lists the contents of the current user’s crontab. If you have not edited the crontab before, you will see the following information:

-l选项列出当前用户的crontab的内容。 如果您之前从未编辑过crontab，则将看到以下信息：

# Edit this file to introduce tasks to be run by cron.
# 
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
# 
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').# 
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
# 
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
# 
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
# 
# For more information see the manual pages of crontab(5) and cron(8)
# 
# m h  dom mon dow   command

Next, run the crontab command on the primary server with the -e flag to open it in edit mode:

接下来，在带有-e标志的主服务器上运行crontab命令以在编辑方式下将其打开：

• crontab -e
  crontab -e

If you don’t have a default command line editor configured, you will be asked to select an editor the first time you run the command. Select the editor of your choice to open the crontab.

如果未配置默认的命令行编辑器，则首次运行命令时将要求您选择编辑器。 选择您选择的编辑器以打开crontab。

Once you have the crontab open, add the following command to the first empty line under the existing text:

打开crontab后，将以下命令添加到现有文本下的第一行：

...
* */3 * * * /usr/bin/unison -log -logfile /var/log/unison.log -auto -batch -silent /home/primary_user/data ssh://backup_user@backup_server_ip//home/backup_user/data

The command you will use is almost the same as the one you used above in the manual backup, but with some additional options. These additional options are as follows:

您将使用的命令与上面在手动备份中使用的命令几乎相同，但是具有一些其他选项。 这些其他选项如下：

• -silent: Disables all output except errors. Normal output is not required when Unison is executed from the crontab as there is no one to read it.

  -silent ：禁用所有输出(错误除外)。 从crontab执行Unison时，不需要正常输出，因为没有人可以读取它。

• -log: Instructs Unison to log its actions.

  -log ：指示Unison记录其操作。

• -logfile: Specifies where Unison will log its actions.

  -logfile ：指定Unison记录其操作的位置。

In this example, Unison is run every 3 hours. You can change this to any frequency that better meets your requirements.

在此示例中，Unison每3小时运行一次。 您可以将其更改为更好地满足您要求的任何频率。

Whenever you edit the crontab, you must always put an empty line at the bottom before you save and exit or cron may not load the crontab file correctly. This could cause the commands to not be executed.

每当您编辑crontab时，都必须始终在底部放置一个空行，然后再保存并退出，否则cron可能无法正确加载crontab文件。 这可能会导致命令无法执行。

Once you’ve made these changes, save and close the file.

完成这些更改后，保存并关闭文件。

Next, create the log file that Unison will write to on the primary server. The following command will create this file:

接下来，创建Unison将写入主服务器上的日志文件。 以下命令将创建此文件：

• sudo touch /var/log/unison.log
  须藤触摸/var/log/unison.log

Next, make the primary_user the owner of the file.

接下来，使primary_user成为文件的所有者。

• sudo chown primary_user /var/log/unison.log

  须藤chown primary_user /var/log/unison.log

You can check the status of the Unison backups by reading the log file at /var/log/unison.log. Unison will only log something when it has either backed up a new or updated file or if it encountered an error.

您可以通过读取/var/log/unison.log的日志文件来检查Unison备份的状态。 Unison仅在备份新文件或更新文件时或遇到错误时才记录日志。

Unison is now backing up periodically from the crontab. The last and optional step is to make the SSH configuration more secure.

Unison现在定期从crontab进行备份。 最后一个可选步骤是使SSH配置更安全。

步骤7(可选)—保护SSH (Step 7 (Optional) — Securing SSH)

In this guide, you have created and used an SSH key that does not have a password. This is a security concern that you can address by limiting what the backup_user is able to do when they log in via SSH to the backup server.

在本指南中，您创建并使用了没有密码的SSH密钥。 您可以通过限制backup_user通过SSH登录到备份服务器时可以执行的操作来解决此安全问题。

You will do this by configuring SSH to only allow the backup_user to execute a single command when logged in over SSH. This means that the SSH key that you created can only be used to execute the Unison backups and nothing else. This has the consequence that you will not be able to SSH into the backup server as the backup_user. This is because logging in requires more than the single permitted command.

您可以通过将SSH配置为只允许backup_user在通过SSH登录时执行单个命令来执行此操作。 这意味着您创建的SSH密钥只能用于执行Unison备份，而不能执行其他任何操作。 结果是您将不能以backup_user身份通过SSH进入备份服务器。 这是因为登录所需要的不仅仅是单个允许的命令。

If you need to access the backup server as the backup_user you should log in as the sammy user first, and then change to the backup_user using su - backup_user.

如果您需要访问备份服务器时，你应该请以萨米用户至上的backup_user，然后更改使用backup_user su - backup_user 。

Edit the SSH configuration file on the backup server at /etc/ssh/sshd_config:

在/etc/ssh/sshd_config上的备份服务器上编辑SSH配置文件：

• sudo nano /etc/ssh/sshd_config
  须藤纳米/ etc / ssh / sshd_config

Then add the following lines to the bottom of the file:

然后将以下行添加到文件的底部：

/etc/ssh/sshd_config

/ etc / ssh / sshd_config

Match User backup_user
  ForceCommand unison -server

These configuration options will do the following:

这些配置选项将执行以下操作：

• Match User: When the listed user logs in, SSH will apply the following and indented configuration option.

  Match User ：列出的用户登录后，SSH将应用以下缩进配置选项。

• ForceCommand: This restricts the matched user to the following command. In this case, the backup_user can only run the unison -server command.

  ForceCommand ：这将匹配的用户限制为以下命令。 在这种情况下， backup_user只能运行unison -server命令。

Save and exit your text editor. Next, reload the SSH service to enable the new configuration:

保存并退出您的文本编辑器。 接下来，重新加载SSH服务以启用新配置：

• sudo systemctl reload ssh.service
  sudo systemctl重新加载ssh.service

You can test this by trying to log in to the backup server as the backup_user over SSH from the primary server.

您可以通过尝试从主服务器通过SSH以backup_user身份登录到备份服务器来进行测试 。

• ssh -i .ssh/unison-primary backup_user@backup_server_ip

  ssh -i .ssh / unison-primary backup_user @ backup_server_ip

If the /etc/ssh/sshd_config settings are working, then you will see the following:

如果/etc/ssh/sshd_config设置有效，那么您将看到以下内容：

   
   

    
    Output
   
   
Unison 2.48

The SSH session will hang until the session is killed with with CTRL and C because Unison is waiting for a command.

SSH会话将一直挂起，直到该会话被CTRL和C杀死为止，因为Unison正在等待命令。

This shows that the Unison server was invoked automatically on log in and no other access is possible outside of communicating with the Unison server.

这表明Unison服务器是在登录时自动调用的，并且在与Unison服务器进行通信之外无法进行其他访问。

You now have a working and secure Unison backup system that will back up your data as often as you want it to.

现在，您将拥有一个运行良好且安全的Unison备份系统，该系统将按您希望的频率备份数据。

结论 (Conclusion)

In this guide, you installed and configured the Unison file synchronization software to back up a directory over SSH. You also configured cron to automatically run backups at a specified schedule and secured SSH so the passwordless key cannot be abused.

在本指南中，您安装并配置了Unison文件同步软件以通过SSH备份目录。 您还配置了cron使其按照指定的时间表自动运行备份并保护了SSH，因此无密码密钥不会被滥用。

When determining if you should use Unison, there are a few things that you should consider:

在确定是否应使用Unison时，应考虑以下几点：

• Unison may not be the best choice when you have smaller numbers of files or lower amounts of data. In this case, rsync would be a more appropriate choice. You can read more about using rsync in the How To Use Rsync to Sync Local and Remote Directories on a VPS guide.

  当文件数量较少或数据量较少时，Unison可能不是最佳选择。 在这种情况下， rsync将是一个更合适的选择。 您可以在VPS指南的“ 如何使用Rsync同步本地和远程目录”中阅读有关使用rsync的更多信息。

• Backing up large amounts of data can take a long time and may use up your bandwidth allocation over public network interfaces. If your primary and backup servers are both DigitalOcean Droplets, then you will be able to complete the Unison backup much more rapidly and securely if you use a private network. For more information on the free DigitalOcean private networks, please see the Private Network Overview documentation.

  备份大量数据可能会花费很长时间，并且可能会耗尽公共网络接口上的带宽分配。 如果您的主服务器和备份服务器都是DigitalOcean Droplet，那么如果使用专用网络，则可以更快，更安全地完成Unison备份。 有关免费DigitalOcean专用网络的更多信息，请参见“ 专用网络概述”文档。

翻译自: https://www.digitalocean.com/community/tutorials/how-to-back-up-large-directories-with-unison-on-ubuntu-16-04

unison