实验准备:
技术背景
为啥使用rsync+sersync架构?
- List item
sersync是基于inotify开发的,类似于inotify-tools的工具
- sersync可以记录下被监听目录中发生变化的(包括增加、删除、修改)具体某一个文件或者某一个目录的名字,然后使用rsync同步的时候,只同步发生变化的文件或者目录
什么时候回用到sersync技术
serync仅应用于数据同步,不用于数据备份(这样很不安全,防黑客攻击),大多用于服务器集群管理上
使用rsync备份数据
对client_13网站根目录的/var/www/html目录备份到server_14的/web-back目录
服务端:
1、关闭selinx防火墙
[root@client_13 ~]# iptables -F [root@client_13 ~]# vim /etc/selinux/config 将enforce改成disable [root@client_13 ~]#reboot [root@client_13 ~]# systemctl stop firewalld [root@client_13 ~]# systemctl disable firewalld
2.创建数据备份目录
[root@server_14 ~]# mkdir /web_back/
3.安装rsync
[root@server_14 ~]# yum -y install rsync ……安装过程省略
4.修改配置文件
[root@server_14 ~]# cat /etc/rsyncd.conf |egrep -v '^$|^#' uid = root gid = root address = 192.168.170.14 port = 873 host allow = 192.168.170.0 /24 use chroot = yes max connections = 5 pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock log file = /var/log/rsyncd.log motd file = /etc/rsyncd.motd [wwwroot] path = /web_back/ comment = web rsyncd server read only = false list = yes auth users = rsyncuser secrets file = /etc/rsync.passwd [root@server_14 ~]#
5.设置存储虚拟用户和密码文件
[root@server_14 ~]# vim /etc/rsync.passwd [root@server_14 ~]# cat /etc/rsync.passwd rsyncuser:123456
6.修改600权限,必须是600
[root@server_14 ~]# chmod 600 /etc/rsync.passwd
7.给同步提示信息
[root@server_14 ~]#echo "welcecho "welcome to Backup Server" > /etc/rsyncd.motdome to Backup Server" > /etc/rsyncd.motd
8.启动服务
root@server_14 ~]# rsync --daemon --config=/etc/rsyncd.conf [root@server_14 ~]# ps -ef |grep 873 root 2391 1489 0 12:10 pts/0 00:00:00 grep --color=auto 873 [root@server_14 ~]#
客户端
1)、创建测试目录及数据
[root@client-13 ~]# mkdir -p /var/www/html/ [root@client_13 ~]# cp -a /tmp/ /var/www/html/ [root@client_13 ~]# ls /var/www/html/tmp/ rsync_fail_log.sh systemd-private-baa78c534b3b42d1989a56b60f0fab22-vgauthd.service-FoLvYq systemd-private-baa78c534b3b42d1989a56b60f0fab22-vmtoolsd.service-ckXAQQ yum_save_tx.2019-07-30.14-28.GRlpIO.yumtx [root@client_13 ~]#
2)、写虚拟用户密码
[root@client_13 ~]#vim /etc/rsync.passwd [root@client_13 ~]#cat /etc/rsync.passwd 123456 [root@client_13 ~]chmod 600 /etc/rsync.passwd
3)、测试
[root@client_13 ~]# rsync -avz --delete /var/www/html rsyncuser@192.168.170.14::wwwroot --password-file=/etc/rsync.passwd welcome to Backup Server sending incremental file list html/ html/a html/aaa html/heh.txt html/hehe html/why? html/opt/ html/tmp/ html/tmp/rsync_fail_log.sh html/tmp/yum_save_tx.2019-07-30.14-28.GRlpIO.yumtx html/tmp/.ICE-unix/ html/tmp/.Test-unix/ html/tmp/.X11-unix/ html/tmp/.XIM-unix/ html/tmp/.font-unix/ html/tmp/systemd-private-baa78c534b3b42d1989a56b60f0fab22-vgauthd.service-FoLvYq/ html/tmp/systemd-private-baa78c534b3b42d1989a56b60f0fab22-vgauthd.service-FoLvYq/tmp/ html/tmp/systemd-private-baa78c534b3b42d1989a56b60f0fab22-vmtoolsd.service-ckXAQQ/ html/tmp/systemd-private-baa78c534b3b42d1989a56b60f0fab22-vmtoolsd.service-ckXAQQ/tmp/ html/tmp/systemd-private-baa78c534b3b42d1989a56b60f0fab22-vmtoolsd.service-ckXAQQ/tmp/vmware-root/ sent 1211 bytes received 193 bytes 936.00 bytes/sec total size is 656 speedup is 0.47
下载sersync安装包、上传
上传并解压
[root@client_13 ~]# ls anaconda-ks.cfg autobackup.sh GNU-Linux-x86 serync.tar.gz [root@client_13 ~]# tar zxvf serync.tar.gz GNU-Linux-x86/ GNU-Linux-x86/sersync2 GNU-Linux-x86/confxml.xml [root@client_13 ~]# ls anaconda-ks.cfg autobackup.sh GNU-Linux-x86 serync.tar.gz [root@client_13 ~]# mv GNU-Linux-x86/ sersync 修改名字 [root@client_13 ~]# cd sersync/ [root@client_13 sersync]# ls confxml.xml confxml.xml.bak sersync2 [root@client_13 sersync]# cp confxml.xml confxml.xml.bak 备份一下 [root@client_13 sersync]# ls confxml.xml confxml.xml.bak sersync2 [root@client_13 sersync]#
配置sersyn
[root@client_13 sersync]ilt cp confxmI.xml confxml.xml.bak**
更改优化sersync配置文件:
修改24-28行
#本地同步目录
#rsync模块名
修改31-34行,认证部分【rsync密码认证】
开启守护进程:在对应目录里,sersync2 -d -r -o+配置文件位置
[root@client_13 sersync]# ./sersync2 -d -r -o ./confxml.xml #当前目录下的serync2 -d -r -o 配置文件存放的位置 set the system param execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events parse the command param option: -d run as a daemon option: -r rsync all the local files to the remote servers before the sersync work option: -o config xml name: ./confxml.xml daemon thread num: 10 parse xml config file host ip : localhost host port: 8008 daemon start,sersync run behind the console use rsync password-file : user is rsyncuser passwordfile is /etc/rsync.passwd config xml parse success please set /etc/rsyncd.conf max connections=0 Manually sersync working thread 12 = 1(primary thread) + 1(fail retry thread) + 10(daemon sub threads) Max threads numbers is: 22 = 12(Thread pool nums) + 10(Sub threads) please according your cpu ,use -n param to adjust the cpu rate ------------------------------------------ rsync the directory recursivly to the remote servers once working please wait... execute command: cd /var/www/html && rsync -artuz -R --delete ./ rsyncuser@192.168.170.14::wwwroot --password-file=/etc/rsync.passwd >/dev/null 2>&1 run the sersync: watch path is: /var/www/html [root@client_13 sersync]#
验证:
首先看下server端 [root@server_14 web_back]# ls [root@server_14 web_back]# 客户端修改内容 [root@client_13 ~]# cd /var/www/html/ [root@client_13 html]# touch hehe [root@client_13 html]# mkdir /xf [root@client_13 html]# touch xf{1..10}.txt [root@client_13 html]# 在看服务端: [root@server_14 web_back]# ls hehe xf10.txt xf1.txt xf2.txt xf5.txt xf6.txt xf7.txt xf8.txt xf9.txt [root@server_14 web_back]# watch ls -l [root@server_14 web_back]#
ok!同步成功!
总结
rsynce总体说不准,主要是理解清楚配置文件里的内容;
uid = root #运行进程的身份 gid = root #运行进程的组 address =192.168.0.64 #监听IP port =873 #监听端口 hosts allow =192.168.0.0/24 #允许同步客户端的IP地址,可以是网段,或者用*表示所有 192.168.1.0/24或192.168.1.0/255.255.255.0 use chroot = yes #是否囚牢,锁定家目录,rsync被黑之后,黑客无法再rsync运行的家目录之外创建文件,选项设置为yes max connections =5 #最大连接数 pid file =/var/run/rsyncd.pid #进程PID,自动生成 lock file =/var/run/rsync.lock #指max connectios参数的锁文件 log file =/var/log/rsyncd.log #日志文件位置 motd file =/etc/rsyncd.motd #客户端登陆之后弹出的消息,需要创建 [wwwroot] #共享模块名称 path =/web-back/ #路径 comment = used for web-data root #描述 read only = false #设置服务端文件读写权限 list = yes #是否允许查看模块信息 auth users = rsyncuser #备份的用户,和系统用户无关 secrets file =/etc/rsync.passwd #存放用户的密码文件,格式是 用户名:密码
补充:如何监控多个目录
1、配置多个confxml.xml文件(比如:www、bbs、blog...等等)
284 cp confxml.xml confxml.xml.two 285 ls 286 vim confxml.xml.two 287 ./sersync2 -d -r -o ./confxml.xml.two 288 cd /xjw/ 289 ls 290 touch wr