rsync守护进程模式详解
预备知识
Push: rsync [OPTION...] SRC... [USER@]HOST::DEST
SRC --本地主机上要进行上传的数据信息
[USER@] --指定一个认证用户信息
HOST --指定远程主机IP地址或者主机名称
DEST --将本地主机信息保存到远程主机的什么模块信息
环境准备
rsync服务端 backup 10.0.0.41 172.16.1.41
rsync客户端 nfs01 10.0.0.31 172.16.1.31
配置rsync配置文件
[root@backup ~]# cat /etc/rsyncd.conf
#Rsync server
##created by oldboy 15:01 2009-6-5
###rsyncd.conf start##
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
hosts allow = 10.0.0.0/24
hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
[data]
comment = www by old0boy 14:18 2012-1-13
path = /data
rsync配置文件详解
![9469008-8b30bdf566a58412.png](https://i-blog.csdnimg.cn/blog_migrate/689ff68663ba969311915e9a0d678b6e.png)
到这一步先不要着急启动服务,因为我们系统默认没有rsync这个用户,没有/data
这个目录。没有/etc/rsync.password这个文件。所以我们需要先创建这些东西
创建rsync用户并设置为虚拟用户,不创建家目录。
[root@backup ~]# useradd -s /sbin/nologin -M rsync
[root@backup ~]# id rsync
uid=1003(rsync) gid=1003(rsync) groups=1003(rsync)
[root@backup ~]# grep rsync /etc/passwd
rsync:x:1003:1003::/home/rsync:/sbin/nologin
创建/data目录并把所有者改为rsync
[root@backup ~]# mkdir -p /data
[root@backup ~]# chown rsync:rsync /data
[root@backup ~]# ll -d /data
drwxr-xr-x 2 rsync rsync 6 May 20 19:26 /data
首先我们要知道的是备份是有rsync这个虚拟用户完成的,虚拟用户是不能在所有者为root用户的目录下创建·文件的。所有需要更改所有者
创建rsync_backup密码文件 并设置权限为600
[root@backup ~]# touch /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password
[root@backup ~]# ll /etc/rsync.password
-rw------- 1 root root 20 May 20 19:52 /etc/rsync.password
[root@backup ~]# vim /etc/rsync.password
rsync_backup:123456
检查进程和端口号
[root@backup ~]# systemctl start rsyncd
[root@backup ~]# ps -ef|grep rsyncd
root 15514 14582 0 16:13 pts/0 00:00:00 grep --color=auto rsyncd
[root@backup ~]# ss -lntup|grep rsync
tcp LISTEN 0 5 *:873 *:* users:(("rsync",pid=15286,fd=3))
tcp LISTEN 0 5 :::873 :::* users:(("rsync",pid=15286,fd=5))
出现上面的结果就表示服务已经启动成功了。
rsync服务实战
[root@nfs01 ~]# rsync -avz /etc/hostname rsync_backup@172.16.1.41::data
Password:
sending incremental file list
hostname
sent 101 bytes received 43 bytes 41.14 bytes/sec
total size is 6 speedup is 0.04
这就表示已经传输成功了,稍后我们检查一下
[root@backup ~]# ll /data
total 4
-rw-r--r-- 1 rsync rsync 6 May 16 17:52 hostname
已经传输过去了。
可以现在有一个问题,我们我们需要的是自动备份,可这还得需要密码。下面来解决这个问题
在nfs01主机下创建一个rsync_backup密码文件,并设置权限为600
[root@nfs01 ~]# cat /etc/rsync.password
123456
[root@nfs01 ~]# chmod 600 /etc/rsync.password
然后在向备份服务器推文件
[root@nfs01 ~]# rsync -avz /etc/hostname rsync_backup@172.16.1.41::data --password-file /etc/rsync.password
sending incremental file list
sent 51 bytes received 20 bytes 142.00 bytes/sec
total size is 6 speedup is 0.08
这样就可以免交互式使用备份服务了。
免交互的基本概念·是交互式需要我们手工输入密码
免交互式是系统输入密码。
还有·个问题我们我们不止一个客户需要上传文件·。如何让不同用户上传到不同的模块呢。
设置配置文件
[root@backup ~]# vim /etc/rsyncd.conf
#Rsync server
##created by oldboy 15:01 2009-6-5
###rsyncd.conf start##
fake super = yes
uid = rsync
gid = rsync
use chroot = no
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
ignore errors
read only = false
list = false
#hosts allow = 10.0.0.0/24
#hosts deny = 0.0.0.0/32
auth users = rsync_backup
secrets file = /etc/rsync.password
#####################################
[data]
comment = www by old0boy 14:18 2012-1-13
path = /data
#####################################
[backup]
comment = www by old0boy 14:18 2012-1-13
path = /backup
创建/backup目录并修改所有者
[root@backup ~]# mkdir /backup
[root@backup ~]# chown rsync:rsync /backup
[root@backup ~]# ll -d /backup
drwxr-xr-x 2 rsync rsync 19 May 20 14:57 /backup
执行备份命令
[root@nfs01 ~]# rsync -avz /etc/hostname rsync_backup@172.16.1.41::backup --password-file /etc/rsync.password
sending incremental file list
hostname
sent 101 bytes received 43 bytes 96.00 bytes/sec
total size is 6 speedup is 0.04
这样就可以往不同的模块传输数据了
rsync错误
[root@backup ~]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::data
Password:
sending incremental file list
hosts
sent 221 bytes received 43 bytes 75.43 bytes/sec
total size is 349 speedup is 1.32
查看日志
2019/05/20 16:52:32 [15755] secrets file must be owned by root when running as root (see strict modes)
![9469008-284dfcd5c47d1e83.png](https://i-blog.csdnimg.cn/blog_migrate/26d53c4bdfcfba8c70029fd3e26da1f3.png)
password file must not be other-accessible
密码文件不能被他人访问
[root@nfs01 ~]# rsync -avz /etc/hostname rsync_backup@172.16.1.41::data --password-file /etc/rsync.password
ERROR: password file must not be other-accessible
rsync error: syntax or usage error (code 1) at authenticate.c(196) [sender=3.1.2]
解决修改权限为600
chmod 600 /etc/rsync.password