rsync+inotify 实时远程同步

454luikty

发起端master:192.168.2.100

接收端slave：192.168.2.101

发起端（master）：
[iyunv@mail named]#rpm -q httpd
httpd-2.2.15-29.el6.centos.x86_64
[iyunv@mail named]#rpm -q rsync
rsync-3.0.6-9.el6_4.1.x86_64
[iyunv@mail named]#vim /etc/rsyncd.conf

uid = nobody

gid = nobody

use chroot = yes

address = 192.16.2.100

port 873

log file = /var/log/rsyncd.log

pid file = /var/run/rsyncd.pid

hosts allow = 192.168.2.0/24

[wwwroot]

        path =/var/www/html

        comment = Documentroot

        read only = yes

        dont compress =*.gz*.bz2*.tgz*.zip*.rar*.z

        auth users =backuper

        secrets file =/etc/rsyncd_users.db

[iyunv@mail named]#echo "backuper:123" > /etc/rsyncd_users.db
[iyunv@mail named]#cat /etc/* |grep rsyncd_users.db
[iyunv@mail named]#
[iyunv@mail named]#chmod 600 /etc/rsyncd_users.db
[iyunv@mail named]#cat /etc/rsyncd_users.db
backuper:123
[iyunv@mail named]#rsync --daemon
[iyunv@mail named]#netstat -anpt |grep 873
若是没有回显，则执行方法二：
[iyunv@mail named]#vim /etc/xinetd.d/rsync
[iyunv@mail named]#cat /etc/xinetd.d/rsync
# default: off
# description: Thersync server is a good addition to an ftp server, as it \
#    allows crc checksumming etc.
service rsync
{
      disable     = no
      flags         =IPv6
      socket_type     = stream
      wait            = no
      user            = root
      server          = /usr/bin/rsync
      server_args     = --daemon
      log_on_failure  += USERID
}
[iyunv@mail named]#yum -y install xinetd
[iyunv@mail named]#service xinetd start
正在启动 xinetd：                                          [确定]
[iyunv@mail named]#netstat -anpt |grep xinetd
tcp        0     0 :::873                     :::*                        LISTEN      62138/xinetd        

[iyunv@mail named]#

在主机测试

[iyunv@mail run]# mkdir /aaa

[iyunv@mail run]# mkdir /ccc

[iyunv@mail run]# touch /aaa/test{1..5}

[iyunv@mail run]# ls /aaa

test1 test2  test3  test4 test5

[iyunv@mail run]# ls /ccc

[iyunv@mail run]# rsync -r /aaa /ccc

[iyunv@mail run]# ls /ccc

aaa

[iyunv@mail run]# ls /aaa

test1 test2  test3  test4 test5

[iyunv@mail run]# mkdir /bbb

[iyunv@mail run]# rsync -r /aaa/ /bbb

[iyunv@mail run]# ls /bbb

test1 test2  test3  test4 test5

[iyunv@mail run]#

[iyunv@mail run]# touch/var/www/html/file{1..5}

[iyunv@mail run]# ls /var/www/html/

ad file1  file2  file3 file4  file5

接受端（slave）：

[iyunv@localhost ~]# mkdir/test

[iyunv@localhost ~]# rsync -avzbackuper@192.168.2.100::wwwroot /test

Password:

@ERROR: auth failed on module wwwroot

rsync error: error starting client-serverprotocol (code 5) at main.c(1503) [receiver=3.0.6]

若出现报错，把发起端的密码改为pwd123

建议：密码设置在6位数以上，否则可能会报错，也有可能密码输入错误

[iyunv@localhost ~]# rsync -avzbackuper@192.168.2.100::wwwroot /test

Password:

receiving incremental file list

./

file1

file2

file3

file4

file5

ad/

ad/index.html

sent 182 bytes  received 482 bytes  120.73 bytes/sec

total size is 93  speedup is 0.14

[iyunv@localhost ~]# ls /test

ad file1  file2  file3 file4  file5  test1 test2  test3

删除接收端有的文件，而发起端没有的文件

[iyunv@localhost ~]# touch /test/abc{1..5}

[iyunv@localhost ~]# ls /test/

abc1 abc3  abc5  file1 file3  file5  test2

abc2 abc4  ad    file2 file4  test1  test3

[iyunv@localhost ~]# rsync -avz --deletersync://backuper@192.168.2.100::wwwroot/test

ssh: Could not resolve hostname rsync: Nameor service not known

rsync: connection unexpectedly closed (0bytes received so far) [receiver]

rsync error: error in rsync protocol datastream (code 12) at io.c(600) [receiver=3.0.6]

[iyunv@localhost ~]# rsync -avz --deletersync://backuper@192.168.2.100/wwwroot/test

Password:

receiving incremental file list

deleting abc5

deleting abc4

deleting abc3

deleting abc2

deleting abc1

./

sent 65 bytes  received 241 bytes  68.00 bytes/sec

total size is 93  speedup is 0.30

[iyunv@localhost ~]#

[iyunv@localhost ~]# ls /test/

ad file1  file2  file3 file4  file5  test1 test2  test3

[iyunv@localhost ~]#

rsync 原地的免交互处理

接收端：

[iyunv@localhost ~]# touch /test/{a..g}

[iyunv@localhost ~]# ls /test/

a   b  d f      file2  file4 g      test2

ad  c  e file1  file3  file5 test1  test3

[iyunv@localhost ~]# echo "123456" >/etc/server.pass

[iyunv@localhost ~]# chmod 600 /etc/server.pass

[iyunv@localhost ~]# ll /etc/server.pass

-rw-------. 1 root root 7 4月  24 09:28 /etc/server.pass

[iyunv@localhost ~]# /usr/bin/rsync -az  --delete --password-file=/etc/server.pass backuper@192.168.2.100::wwwroot /test/

[iyunv@localhost ~]# ls /test/

ad  file1  file2 file3  file4  file5 test1  test2  test3

--password-file 密码文件

设置定时任务

[iyunv@localhost ~]# crontab -e

no crontab for root - using an empty one

crontab: installing new crontab

[iyunv@localhost ~]# /etc/init.d/crond status

crond (pid  1559) 正在运行...

[iyunv@localhost ~]# chkconfig --list crond

crond                 0:关闭1:关闭  2:启用  3:启用                     4:启用5:启用  6:关闭

[iyunv@localhost ~]# crontab –l （修改内容）

30 08 * * * /usr/bin/rsync –az –delete –password-file=/etc/server.passbackuper@192.168.2.100::wwwroot /test/

rsync+inotify 实时同步

优点：同步源发生变化，立即启动备份，同步更新

缺点：如果同步源发生错误变化，那么导致的是由点到面的连锁性破坏，

产生后果影响自然就严重的多了。

发起端：

[iyunv@mail html]# chown nobody:nobody /var/www/html/

[iyunv@mail html]# sed -i '/read only/ s/yes/no/'/etc/rsyncd.conf

[iyunv@mail html]# cat /etc/rsyncd.conf

uid = nobody

gid = nobody

use chroot = yes

address = 192.16.2.100

port 873

log file = /var/log/rsyncd.log

pid file = /var/run/rsyncd.pid

hosts allow = 192.168.2.0/24

[wwwroot]

        path =/var/www/html

        comment = Documentroot

        read only = no

        dont compress =*.gz*.bz2*.tgz*.zip*.rar*.z

        auth users =backuper

        secrets file =/etc/rsyncd_users.db

[iyunv@mail html]# service xinetd restart

停止 xinetd：                                              [确定]

正在启动 xinetd：                                          [确定]

[iyunv@mail html]# netstat -anpt |grep 873

tcp        0     0 :::873                     :::*                        LISTEN      62485/xinetd        

[iyunv@mail html]#

[iyunv@mail html]# vim /etc/sysctl.conf

[iyunv@mail html]# sysctl -p

net.ipv4.ip_forward = 0

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

error: "net.bridge.bridge-nf-call-ip6tables" is anunknown key

error: "net.bridge.bridge-nf-call-iptables" is anunknown key

error: "net.bridge.bridge-nf-call-arptables" is anunknown key

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 68719476736

kernel.shmall = 4294967296

fs.inotify.max_queued_events= 16384

fs.inotify.max_user_instances= 1024

fs.inotify.max_user_watches= 104576

安装inotify-tools

接收端：

[iyunv@localhost ~]# tar xf inotify-tools-3.14.tar.gz -C /usr/src

[iyunv@localhost ~]# cd /usr/src/inotify-tools-3.14/

[iyunv@localhost inotify-tools-3.14]# ls

aclocal.m4   config.h.in   COPYING     libinotifytools  man     src

AUTHORS       config.sub    depcomp    ltmain.sh        missing

ChangeLog    configure     INSTALL     Makefile.am      NEWS

config.guess configure.ac  install-sh  Makefile.in      README

[iyunv@localhost inotify-tools-3.14]# ./configure &&make&&make install

（监控端，另开一个shell端口）

[iyunv@localhost ~]# cd /var/www/html

[iyunv@localhost html]# touch index.php

[iyunv@localhost html]# echo "abc123">/var/www/html/index.html

[iyunv@localhost html]# touch /var/www/html/a.txt

[iyunv@localhost html]# mv /var/www/html/a.txt  /var/www/html/c.txt

[iyunv@localhost html]# rm -f /var/www/html/c.txt

则监控端：

[iyunv@localhost html]# inotifywait -mrq -emodify,create,move,delete /var/www/html

/var/www/html/CREATE index.php端：

/var/www/html/CREATE index.html

/var/www/html/MODIFY index.html

/var/www/html/MODIFY index.html

/var/www/html/MODIFY index.html

/var/www/html/CREATE a.txt

/var/www/html/MOVED_FROM a.txt

/var/www/html/MOVED_TO c.txt

/var/www/html/DELETE c.txt

编写触发是同步脚本：

[iyunv@localhost html]# vim /opt/inotify.sh

[iyunv@localhost html]# chmod +x /opt/inotify.sh

[iyunv@localhost html]# echo "/opt/inotify.sh">>/etc/rc.local

[iyunv@localhost html]# cat /opt/inotify.sh

#!/bin/bash

INOTIFY_CMD="/usr/local/bin/inotifywait -mrq -emodify,create,attrib,move,delete/var/www/html/"

RSYNC_CMD="/usr/bin/rsync -azH --delete--password-file=/etc/server.pass /var/www/html/backuper@192.168.2.100::wwwroot"

$INOTIFY_CMD |while read DIRECTORY EVENT FILE

do

      if [ $(rsync |wc -l)-le 0  ]; then

              $RSYNC_CMD

      fi

done

[iyunv@localhost html]#

测试：

nohup 可以保证当前执行的用户退出当前系统后，当前程序不停止，仍可以执行后台程序

& 指将当前程序的行程 调入后台运行

接受端：

在/var/www/html/下 ，增添删改，看看发起端的/var/www/html/下是否直接发生同步变化

[iyunv@localhost html]# nohup /bin/bash /opt/inotify.sh &

[1] 48271

[iyunv@localhost html]# nohup: 忽略输入并把输出追加到"nohup.out"

[1]+  Done                    nohup /bin/bash/opt/inotify.sh

[iyunv@localhost html]# ls

index.html  index.php  nohup.out

[iyunv@localhost html]# touch aa{1..3}

[iyunv@localhost html]# ls

aa1  aa2  aa3 index.html  index.php  nohup.out

方法2:

将backuper 系统用户改为自建的用户rput；密码不变 （发起端）

交互式的过程密码：用密钥对来代替 （客户端）

保留私钥，公钥给其他用户

发起端：

[iyunv@mail ~]# useradd rput

[iyunv@mail ~]# passwd rput

更改用户 rput 的密码 。

新的 密码：

无效的密码： 过于简单化/系统化

无效的密码： 过于简单

重新输入新的 密码：

passwd： 所有的身份验证令牌已经成功更新。

[iyunv@mail ~]# ls -ld /var/www/html

drwxr-xr-x 2 nobody nobody 4096 6月  11 01:20 /var/www/html

[iyunv@mail ~]# chown -R rput:rput /var/www/html

[iyunv@mail ~]# cat /etc/rsyncd.conf

uid = nobody

gid = nobody

use chroot = yes

address = 192.16.2.100

port 873

log file = /var/log/rsyncd.log

pid file = /var/run/rsyncd.pid

hosts allow = 192.168.2.0/24

[wwwroot]

        path =/var/www/html

        comment = Documentroot

        dont compress =*.gz*.bz2*.tgz*.zip*.rar*.z

      #  auth users = backuper

      # secrets file = /etc/rsyncd_users.db

接收端：

[iyunv@localhost html]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

98:e5:f6:78:41:dc:10:7d:ea:68:e9:d9:82:a3:43:30root@localhost.local

The key's randomart image is:

+--[ RSA 2048]----+

|          oo     |

|         . o. .  |

|        . o .o   |

|    E  = . .    |

|     oo S .+     |

|      .. o+..    |

|     .  .+oo    |

|      . o.+ .    |

|      .o . .     |

+-----------------+

[iyunv@localhost html]# ls -a /root/.ssh

.  ..  id_rsa id_rsa.pub  known_hosts

[iyunv@localhost .ssh]# ssh-copy-id rput@192.168.2.100

rput@192.168.2.100's password:

Now try logging into the machine, with "ssh'rput@192.168.2.100'", and check in:

  .ssh/authorized_keys

to make sure we haven't added extra keys that you weren'texpecting.

[iyunv@localhost .ssh]#

[iyunv@localhost .ssh]# rsync -azH --delete /var/www/htmlrput@192.168.2.100:/var/www/html

[iyunv@localhost .ssh]# cd /var/www/html/

[iyunv@localhost html]# bash-x /opt/inotify.sh

再开一个shell终端

[iyunv@localhost ~]# cd/var/www/html/

[iyunv@localhost html]# ls

file  test

[iyunv@localhost html]# rm -ftest

[iyunv@localhost html]# rm-rf *

[iyunv@localhost html]# echo"<h1>1213</h1>" >index.html

[iyunv@localhost html]# ls

index.html

[iyunv@localhost html]#

发起端/var/www/html/下是否有同步：

[iyunv@mail html]# ls

index.html

[iyunv@mail html

注意：必须在客户端执行/opt/inotify.sh脚本后，才会同步。

root@localhost ~]# cd/var/www/html/

[iyunv@localhost html]# ls

file  test

[iyunv@localhost html]# rm -ftest

[iyunv@localhost html]# rm-rf *

[iyunv@localhost html]# echo"<h1>1213</h1>" >index.html

[iyunv@localhost html]# ls

index.html

[iyunv@localhost html]#

发起端/var/www/html/下是否有同步：

[iyunv@mail html]# ls

index.html

[iyunv@mail html

注意：必须在客户端执行/opt/inotify.sh脚本后，才会同步。