ip 地址 | 系统版本 |
---|---|
192.168.64.99(客户端) | centos7 |
192.168.64.100(同步源) | centos7 |
[root@localhost ~]# systemctl stop firewalld.service [root@localhost ~]# setenforce 0
注:以上是临时关闭,系统重启后设置无效,作为演示环境,这里不作延伸
线上环境防火墙开启时应配置策略放端口
#Debian sudo apt-get install rsync #Red Hat sudo yum install rsync
同步源及客户端都需要安装rsync
[root@localhost ~]# vim /etc/rsyncd.conf
添加以下内容:
log file = /var/log/rsyncd.log pid file = /var/run/rsyncd.pid uid = nobody gid = nobody use chroot = yes address = 192.168.64.100 port = 873 hosts allow = 192.168.64.0/24 [rsyncfile] path = /opt/myfile read only = yes auth users = backuper secrets file = /etc/rsyncd_users.db
为备份账户创建数据文件
[root@localhost ~]# vim /etc/rsyncd_users.db [root@localhost ~]# cat /etc/rsyncd_users.db backuper:pwd123
启动rsync
服务程序
[root@localhost ~]# rsync --daemon [root@localhost ~]# ps -ef | grep rsync root 11416 1 0 18:57 ? 00:00:00 rsync --daemon root 11422 1668 0 18:57 pts/0 00:00:00 grep --color=auto rsync
如果要结束rsync进程,可以执行下面的命令,进程号是刚刚ps
命令查出来的
[root@localhost ~]# kill -9 11416
修改认证文件权限,创建备份路径,测试文件
[root@localhost myfile]# chmod 600 /etc/rsyncd_users.db [root@localhost ~]# mkdir /opt/myfile [root@localhost ~]# cd /opt/myfile/ [root@localhost myfile]# touch test1.txt [root@localhost myfile]# ll 总用量 0 -rw-r--r--. 1 root root 0 8月 25 19:12 test1.txt
[root@localhost ~]# rsync -avz backuper@192.168.64.100::rsyncfile /opt/myfile/Password: receiving incremental file listcreated directory /opt/myfile./test1.txtsent 46 bytes received 107 bytes 43.71 bytes/sectotal size is 0 speedup is 0.00[root@localhost ~]# cd /opt/myfile/[root@localhost myfile]# ll总用量 0-rw-r--r--. 1 root root 0 8月 25 19:12 test1.txt
测试在客户端新增文件后,加--delete
参数同步文件
[root@localhost myfile]# touch client.txt[root@localhost myfile]# ll总用量 0-rw-r--r--. 1 root root 0 8月 25 19:23 client.txt-rw-r--r--. 1 root root 0 8月 25 19:12 test1.txt[root@localhost myfile]# rsync -avzH --delete backuper@192.168.64.100::rsyncfile /opt/myfile/Password: receiving incremental file listdeleting client.txt./sent 27 bytes received 71 bytes 21.78 bytes/sectotal size is 0 speedup is 0.00[root@localhost myfile]# ll总用量 0-rw-r--r--. 1 root root 0 8月 25 19:12 test1.txt
可以看到同步源没有的文件会被删除
如:每天晚上22:00对服务器的网站做一次同步
这里因为测试,使用每分钟同步一次的计划
首先在客户端创建密码文件,保存备份账户的密码,设置权限
[root@localhost myfile]# vim /etc/rsync.pass[root@localhost myfile]# cat /etc/rsync.pass pwd123[root@localhost myfile]# chmod 600 /etc/rsync.pass
做计划任务
[root@localhost myfile]# crontab -e内容如下:* * * * * /usr/bin/rsync -az --delete --password-file=/etc/rsync.pass backuper@192.168.64.100::rsyncfile /opt/myfile
然后在同步源的同步路径下修改文件测试客户端是否有变化。
192.168.64.100[root@localhost myfile]# touch plantest2.txt192.168.64.99[root@localhost myfile]# ll总用量 0-rw-r--r--. 1 root root 0 8月 25 19:38 plantest2.txt-rw-r--r--. 1 root root 0 8月 25 19:12 test1.txt
可以看到文件已经从同步源备份到了客户端,计划任务里面的 * * * * *是crontab
表达式,感兴趣的可以自行查阅了解
作用:将rsync工具与inotify机制相结合,可以实现触发式备份(实时同步),只要同步源的文档有变化,立刻启动备份操作
下载工具包,然后上传至服务器解压
[root@localhost ~]# ll总用量 356-rw-------. 1 root root 1421 8月 7 00:01 anaconda-ks.cfg-rw-r--r--. 1 root root 358772 8月 25 20:06 inotify-tools-3.14.tar.gz[root@localhost ~]# tar -xvf inotify-tools-3.14.tar.gz[root@localhost ~]# ll总用量 360-rw-------. 1 root root 1421 8月 7 00:01 anaconda-ks.cfgdrwxrwxrwx. 5 yinmy yinmy 4096 3月 14 2010 inotify-tools-3.14-rw-r--r--. 1 root root 358772 8月 25 20:06 inotify-tools-3.14.tar.gz
进入解压后的目录
[root@localhost ~]# cd inotify-tools-3.14/[root@localhost inotify-tools-3.14]# ./configure若有以下报错,安装一下gccconfigure: error: in `/root/inotify-tools-3.14':configure: error: no acceptable C compiler found in $PATHSee `config.log' for more details.[root@localhost inotify-tools-3.14]# yum install gcc -y[root@localhost inotify-tools-3.14]# ./configure [root@localhost inotify-tools-3.14]# make && make install
客户端创建用户,配置允许rsync用户登录:
[root@localhost myfile]# useradd rsync && passwd rsync更改用户 rsync 的密码 。新的 密码:重新输入新的 密码:passwd:所有的身份验证令牌已经成功更新。[root@localhost myfile]# vim /etc/ssh/sshd_config 在文件中增加AllowUsers rsync@192.168.64.100# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2# but this is overridden so installations will only check .ssh/authorized_keysAuthorizedKeysFile .ssh/authorized_keysAllowUsers rsync@192.168.64.100#AuthorizedPrincipalsFile none修改同步目录权限 [root@localhost opt]# chmod -R 777 /opt/myfile/
同步源配置ssh免密登录客户端
[root@localhost /]# ssh-keygen Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa): Created directory '/root/.ssh'.Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.Your public key has been saved in /root/.ssh/id_rsa.pub.The key fingerprint is:SHA256:0DGvYW6mK94lsOqyUD3phS2ub8wEcHvZ/+8uFKoF4JM root@localhost.localdomainThe key's randomart image is:+---[RSA 2048]----+| o ||. . . . + || o o =. + . || o.E+o+ o. || .oB.ooS. . || . o.* ++ . ||. ++ oo.o ||o o=..+ o ||.+++o.o =+ |+----[SHA256]-----+[root@localhost /]# ssh-copy-id rsync@192.168.64.99/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"The authenticity of host '192.168.64.99 (192.168.64.99)' can't be established.ECDSA key fingerprint is SHA256:qehSfNDKLquXCwUvekxdNeUekmUO0rpT8bkiCNCRZsM.ECDSA key fingerprint is MD5:8e:b5:53:5c:be:c3:70:bb:0d:2f:db:cd:a9:88:67:73.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysrsync@192.168.64.99's password: Number of key(s) added: 1Now try logging into the machine, with: "ssh 'rsync@192.168.64.99'"and check to make sure that only the key(s) you wanted were added.
生成秘钥时一路回车即可,第二步传输秘钥文件时输入yes,后输入rsync的密码
同步源测试ssh免密登录客户端
[root@localhost /]# ssh rsync@192.168.64.99[rsync@localhost ~]$
[root@localhost opt]# vim /opt/inotify_rsync.sh 脚本内容为#!/bin/bashINOTIFY_CMD="inotifywait -mrq -e modify,create,attrib,move,delete /opt/myfile"RSYNC_CMD="rsync -azH --delete /opt/myfile rsync@192.168.64.99:/opt/myfile"$INOTIFY_CMD | while read DIRECTORY EVENT FILEdoif [ $(pgrep "^rsync$" | wc -l) -ne 0 ] ; then$RSYNC_CMDfidone
执行脚本,修改同步源文件测试(注意删除客户端crontab的内容,避免影响测试结果)
[root@localhost opt]# sh -x inotify_rsync.sh + INOTIFY_CMD='inotifywait -mrq -e modify,create,attrib,move,delete /opt/myfile'+ RSYNC_CMD='rsync -azH --delete /opt/myfile rsync@192.168.64.99:/opt/myfile'+ inotifywait -mrq -e modify,create,attrib,move,delete /opt/myfile+ read DIRECTORY EVENT FILE复制会话或者新建终端窗口,在同步源新增一个文件[root@localhost myfile]# touch inotifytest4.txt[root@localhost myfile]# 查看刚刚窗口的脚本执行输出[root@localhost opt]# sh -x inotify_rsync.sh + INOTIFY_CMD='inotifywait -mrq -e modify,create,attrib,move,delete /opt/myfile'+ RSYNC_CMD='rsync -azH --delete /opt/myfile rsync@192.168.64.99:/opt/myfile'+ inotifywait -mrq -e modify,create,attrib,move,delete /opt/myfile+ read DIRECTORY EVENT FILE++ pgrep '^rsync$'++ wc -l+ '[' 1 -ne 0 ']'+ rsync -azH --delete /opt/myfile rsync@192.168.64.99:/opt/myfile+ read DIRECTORY EVENT FILE++ pgrep '^rsync$'++ wc -l+ '[' 1 -ne 0 ']'+ rsync -azH --delete /opt/myfile rsync@192.168.64.99:/opt/myfile+ read DIRECTORY EVENT FILE 没有报错即执行成功,报错的话根据报错结果去修改
客户端目录查看是否实时触发同步成功
[root@localhost opt]# chmod +x /opt/inotify_rsync.sh [root@localhost myfile]# /opt/inotify_rsync.sh &
如有任何问题欢迎联系:
author:yinmy
wechat:rainsimple