Rsync服务端配置-模拟IDC跨机房备份
IP | 角色 | 用户 |
---|---|---|
192.168.1.4 | aaa-服务端(公有云) | root |
192.168.1.5 | bbb-客户端 | root |
192.168.1.6 | ccc-客户端 | root |
- aaa-服务端(公有云)前期准备
//创建一个备份的目录,最好是单独的磁盘
[root@aaa-server /]# mkdir /backup
//创建rsync用户,不允许登陆,不创建home目录
[root@aaa-server share]# useradd -M -s /sbin/nologin rsync
//查看是否建立成功
[root@aaa-server /]# id rsync
uid=1002(rsync) gid=1002(rsync) groups=1002(rsync)
//授权backup目录rsync用户属主属组
[root@aaa-server /]# chown -R rsync.rsync /backup
- Rsync服务端配置,创建密码文件
/etc/rsync.secrets
[root@aaa-server /]# echo "rsync_backup:abc123" > /etc/rsync.secrets
[root@aaa-server /]# chmod 600 /etc/rsync.secrets
[root@aaa-server /]# ll /etc/rsync.secrets
-rw------- 1 root root 20 Sep 28 16:10 /etc/rsync.secrets
[root@aaa-server /]#
- Rsync服务端配置主配置文件
/etc/rsyncd.conf
[root@aaa-server /]# vim /etc/rsyncd.conf
uid = rsync
gid = rsync
port = 873
use chroot = no
max connetion = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/run/rsync.log
ignore errors
read only = false
list = false
address = 192.168.1.4
hosts allow = 192.168.1.0/24
hosts deny = 0.0.0.0/32
auth users = rsync_backup
#########################################
[backup]
path = /backup
secrets file = /etc/rsync.secrets
- 建立服务端密码文件与客户端密码文件(名字写错了/没有创建/配置文件参数写错了,都会报错)
// 在服务端创建rsync.secrets文件,格式不要错
[root@aaa-serverbackup]# vim /etc/rsync.secrets
rsync_backup:123123
//在客户端创建rsync.secrets文件,格式不要错
[root@bbb-client backup]# vim /etc/rsync.secrets
123123
// 服务端与客户端密码文件都设置为600
[root@aaa-server backup]# chmod 600 /etc/rsync.secrets
[root@bbb-client backup]# chmod 600 /etc/rsync.secrets
- 最好建立一个统一管理Rsync配置文件的目录
/etc/rsyncd
用软链接管理
//在/etc/rsyncd目录下建立/etc/rsyncd.conf与/etc/rsync.secrets的软连接
[root@aaa-server rsyncd]# ln -s /etc/rsync.secrets /etc/rsyncd/rsync.secrets
[root@aaa-server rsyncd]# ln -s /etc/rsyncd.conf /etc/rsyncd/rsyncd.conf
[root@aaa-server rsyncd]# ll
total 0
lrwxrwxrwx 1 root root 16 Sep 28 18:06 rsyncd.conf -> /etc/rsyncd.conf
lrwxrwxrwx 1 root root 18 Sep 28 21:30 rsync.secrets -> /etc/rsync.secrets
[root@aaa-server rsyncd]#
- 启动Rsync
1. 启动命令
[root@aaa-server /]# rsync --daemon --config=/etc/rsyncd.conf
//查看端口是873
[root@aaa-server /]# ss -lnp |grep rsync
u_dgr UNCONN 0 0 * 366531 * 8432 users:(("rsync",pid=45916,fd=4))
tcp LISTEN 0 5 192.168.1.4:873 *:* users:(("rsync",pid=45916,fd=3))
[root@aaa-server /]# ps -aux|grep rsync
root 45916 0.0 0.0 114700 384 ? Ss 16:15 0:00 rsync --daemon
root 46010 0.0 0.0 112708 964 pts/1 S+ 16:16 0:00 grep --color=auto rsync
[root@aaa-server /]#
2. 也可以编写启停脚本
[root@aaa-server /]# vim /etc/init.d/rdaemon.sh
#!/bin/bash
source /etc/init.d/functions
function start(){
rsync_pid_dir=/var/run/rsyncd.pid
if [ ! -f /var/run/rsyncd.pid ];then
/usr/bin/rsync --daemon
action "rsync is deamon" /bin/true
else
action "rsync is start" /bin/false
exit 1
fi
}
function stop(){
kill pid=$(ps aux|grep rsync|grep -v grep |awk '{print $2}')
proce_pid=$(ps aux|grep rsync|grep -v grep |wc -l)
if [ "$proce_pid" -eq 0 ];then
action "rsync is no start" /bin/false
else
/bin/kill -9 $kill_pid &>/dev/null
rm -f /var/run/rsyncd.pid &>/dev/null
action "rsync is off" /bin/true
fi
}
case $1 in
start)
start
;;
stop)
stop
;;
restart)
restart
stop
start
;;
*)
echo "USAGE: start|stop|restart"
esac
//再给脚本添加执行权限
[root@aaa-server /]# chmod +x /etc/init.d/rdaemon.sh
//启动rsync
[root@aaa-server /]# /etc/init.d/rdaemon.sh start
3. 当然也可以编辑/etc/xinetd.d/rsync文件,将其中的disable=yes改为disable=no,并重启xinetd服务,如下
[root@aaa-server /]#vim /etc/xinetd.d/rsync
#default: off
# description: The rsync server is a good addition to an ftp server, as it \
# allows crc checksumming etc.
service rsync {
disable = no
socket_type = stream
wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
[root@aaa-server /]# /etc/init.d/xinetd restart
停止 xinetd: [确定]
启动 xinetd: [确定]
- Rsync加入开机自启动
//偷个懒,直接将启动命令写到 /etc/rc.local中
[root@aaa-server /]# echo "rsync --daemon --config=/etc/rsyncd.conf" >> /etc/rc.local
//给/etc/rc.local添加可执行权限
[root@aaa-server /]# chmod +x /etc/rc.local
- Rsync模拟IDC跨机房备份
1. bbb-client推送数据给aaa-server服务端
[root@ccc-client ~]# rsync -avz /data/share rsync_backup@192.168.1.5::backup --password-file=/etc/rsync.secrets
2. ccc-client从aaa-server拉取数据
[root@ccc-client ~]# rsync -avz rsync_backup@192.168.1.4::backup /data/ --password-file=/etc/rsync.secrets
# 以上两部可实现IDC跨机房备份同步
3. bbb-client从aaa-server拉取数据(密码认证方式)
[root@ccc-client ~]# rsync -avz --delete rsync_backup@192.168.1.4::backup /data/ --password-file=/etc/rsync.secrets
- 可能出现的报错:
[root@ccc-client ~]# rsync -avz rsync_backup@192.168.1.4::backup /backup/
Password:
@ERROR: auth failed on module backup
rsync error: error starting client-server protocol (code 5) at main.c(1648) [Receiver=3.1.2]
[root@ccc-client ~]#
错误原因
1> 客户端密码文件的权限不是600
[root@aaa-server backup]# chmod 600 /etc/rsync.secrets
2> 服务端密码文件不是600
[root@bbb-client backup]# chmod 600 /etc/rsync.secrets
3> 服务端密码文件不存在(名字写错了/没有创建/配置文件参数写错了)
[root@bbb-client backup]# vim /etc/rsync.secrets
rsync_backup:123123
4> 客户端密码文件里保存的密码不正确
[root@ccc-client ~]# vim /etc/rsync.secrets
123123
rsync更多报错:https://blog.csdn.net/syaving_________/article/details/65437534