转载原文:https://www.yangzb.com/?p=123
1. 添加用户配置目录权限
[root@db1 conf]# groupadd sftp #新建用户组
[root@db1 conf]# useradd -g sftp -s /sbin/nologin -M hsi_ftp #添加用户
[root@db1 conf]# passwd hsi_ftp #设置密码
Changing password for user hsi_ftp.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@db1 data]# mkdir -p /data/sftp/hsi_ftp
[root@db1 data]# usermod -d /data/sftp/hsi_ftp hsi_ftp
[root@db1 data]# chown root:sftp /data/sftp/ #根目录所有者必须是root否则无法登录
[root@db1 data]# chown hsi_ftp:sftp /data/sftp/hsi_ftp/ #修改权限
2. 修改配置
[root@db1 data]# vi /etc/ssh/sshd_config
注释行
#Subsystem sftp /usr/libexec/openssh/sftp-server
末尾添加行
Subsystem sftp internal-sftp
Match Group sftp
ChrootDirectory /data/sftp
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding no
重启
[root@db1 data]# service sshd restart
3. 验证
yzb-book:~ yzb$ sftp hsi_ftp@192.168.10.15
hsi_ftp@192.168.10.15's password:
Connected to hsi_ftp@192.168.10.15.
sftp> ls
hsi_ftp
sftp> cd hsi_ftp
sftp> put /Users/yzb/Downloads/dfcf.dmg ./
Uploading /Users/yzb/Downloads/dfcf.dmg to /hsi_ftp/./dfcf.dmg
/Users/yzb/Downloads/dfcf.dmg 100% 28MB 11.0MB/s 00:02
sftp> ls
dfcf.dmg
sftp> rm dfcf.dmg
Removing /hsi_ftp/dfcf.dmg
sftp> ls
sftp>
4. Rsync编译安装,安装前提:需要保持双向同步的服务器主机时间同步
下载地址:https://download.samba.org/pub/rsync/src/rsync-3.1.3.tar.gz
解压编译安装
[root@db1 ~]# tar -zxvf rsync-3.1.3.tar.gz
[root@db1 ~]# cd rsync-3.1.3
[root@db1 rsync-3.1.3]# ./configure --prefix=/usr/local/rsync --disable-ipv6
[root@db1 rsync-3.1.3]# make && make install
[root@db1 rsync-3.1.3]# ln -s /usr/local/rsync/bin/rsync /usr/local/bin/rsync
简历需要同步的目录(客户端主机和服务端主机均需要建目录保持一致)
[root@db1 rsync-3.1.3]# mkdir -p /data/sftp/hsi_ftp/upload/
[root@db1 rsync-3.1.3]# chown -R hsi_ftp:sftp /data/sftp/hsi_ftp/
[root@db1 rsync-3.1.3]# chmod -R 777 /data/sftp/hsi_ftp/
[root@db1 rsync-3.1.3]# vi /etc/xinetd.d/rsync
将disable = yes 改为 no
服务端配置,双向同步时2台服务器是客户端同时也都是服务端
[root@db1 sftp]# vi /usr/local/rsync/rsyncd.conf
pid file = /var/run/rsyncd.pid
port = 873
uid = hsi_ftp#服务端系统用户
gid = sftp#服务端系统用户组
use chroot = yes
max connections = 5
timeout 600
lock file = /var/run/rsyncd.lock
log file = /var/run/rsyncd.log
#secrets file = /usr/local/rsync/rsyncd.secrets
motd file = /etc/rsyncd.motd
[hsi_sftp]#名称可以随意
path = /data/sftp/hsi_ftp/#需要同步的目录,拥有者和用户组必须和上面的pid,gid一致
#ignore errors
read only = no#非只读
write only = no#非只写
list = yes
hosts allow = *
#hosts deny = 0.0.0.0/32
secrets file = /usr/local/rsync/rsyncd.secrets
auth users = hsi_ftp #该用户系统中存在且对后面指定的备份目录拥有权限
comment = sftp hsi_sftp
配置帐号密码格式:帐号:密码
[root@db1 sftp]# vi /usr/local/rsync/rsyncd.secrets
hsi_ftp:hsi_ftp
修改配置文件权限
[root@db1 sftp]# chmod 600 /usr/local/rsync/rsyncd.conf
[root@db1 sftp]# chmod 600 /usr/local/rsync/rsyncd.secrets
客户端配置
客户端登录服务端密码,注意这里只写密码,和服务端的/usr/local/rsync/rsyncd.secrets文件对应
[root@db1 sftp]# vi /usr/local/rsync/rsyncd.pass
hsi_ftp
修改密码配置文件权限,如果不修改则可能无法使用
[root@db1 sftp]# chmod 600 /usr/local/rsync/rsyncd.pass
测试
启动服务端
[root@db1 rsync]# rsync --daemon --config=/usr/local/rsync/rsyncd.conf
[root@db2 ~]# rsync -avz --password-file=/usr/local/rsync/rsyncd.pass /data/sftp/hsi_ftp/ hsi_ftp@192.168.10.15::hsi_sftp
sending incremental file list
upload/
upload/rsyncd.conf1
sent 463 bytes received 39 bytes 334.67 bytes/sec
total size is 492 speedup is 0.98
5. inotify-tools安装(双向同步2台主机分别都要执行操作)
下载
[root@db1 upload]# wget http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz
解压
[root@db1 upload]# tar -zxvf inotify-tools-3.14.tar.gz
[root@db1 upload]# cd inotify-tools-3.14
[root@db1 inotify-tools-3.14]# ./configure --prefix=/usr/local/inotify
[root@db1 inotify-tools-3.14]# make && make install
检查是否安装成功
[root@db1 inotify-tools-3.14]# ls -alh /usr/local/inotify/bin/inotify*
-rwxr-xr-x. 1 root root 44K Feb 28 14:38 /usr/local/inotify/bin/inotifywait
-rwxr-xr-x. 1 root root 41K Feb 28 14:38 /usr/local/inotify/bin/inotifywatch
建立软连接
[root@db1 inotify-tools-3.14]# ln -s /usr/local/inotify/bin/inotifywait /usr/bin/inotifywait
[root@db1 inotify-tools-3.14]# ln -s /usr/local/inotify/bin/inotifywatch /usr/bin/inotifywatch
配置rsync.sh同步监控脚本
[root@db1 inotify]# vi /usr/local/inotify/rsync.sh
# 内容如下
#!/bin/bash
src=/data/sftp/hsi_ftp/ #同步目录
des=hsi_sftp #视情况自己配置,注意与下面的rsync命令结合配置
user=hsi_ftp
host="192.168.10.16" #服务端主机ip
/usr/bin/inotifywait -mrq --timefmt '%d/%m/%y %H:%M' --format '%T %w%f' -e modify,delete,create,attrib $src | while read file
do
rsync -vzrtopg --delete --progress --password-file=/usr/local/rsync/rsyncd.pass $src $user@$host::$des
echo "$file was rsynced" >> /tmp/rsync.log 2>&1
done
[root@db1 inotify]# chmod +x /usr/local/inotify/rsync.sh
nohup sh /usr/local/inotify/rsync.sh &
#建立守护进程运行rsync.sh脚本
echo “nohup sh /usr/local/inotify/rsync.sh &” >> /etc/rc.local
测试:分别在2台机器/data/sftp/hsi_ftp/目录修改,新增,删除文件查看另一台服务器上是否也同步修改
6. Keepalived配置 安装详见 http://www.yangzb.com/article/16
vi /usr/local/keepalived/etc/keepalived/keepalived.conf
后添加内容
virtual_server 192.168.10.160 22 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.10.15 22 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
real_server 192.168.10.16 22 {
weight 1
TCP_CHECK {
connect_timeout 3
retry 3
delay_before_retry 3
}
}
}