RSYSNC Mode of operation
A third way of working is common in the work, and in order to keep the backup server from being pressured, use push as a backup.
650) this.width=650; "Src=" Http://s2.51cto.com/wyfs02/M00/8B/29/wKiom1hGGjvCk70bAABQOmYdj3s353.png-wh_500x0-wm_3 -wmp_4-s_2067049537.png "title=" 123.png "alt=" Wkiom1hggjvck70baabqomydj3s353.png-wh_50 "/>
The first way is an example:
rsync-avz/etc/hosts/tmp/#相当于cp/etc/hosts/tmp/rsync-avz--delete/null//tmp/#相当于rm-rf/tmp/*
An example of the second way:
Rsync-avzp-e ' ssh-p '/tmp [email protected]:/tmp #push方式rsync-avzp-e ' ssh-p ' [email protected]:/tmp/tmp # Pull mode
The Third Way:
rsync-avz/tmp/[Email Protected]::backup #push方式
Service side (the server that holds the backup files)
The first step, create the rsyncd.conf file
[[email protected]_server ~]# vi /etc/rsyncd.confuid = rsync #程序属主gid = rsync #程序属组use chroot = no # whether root account max connetions = 2000 #最大连接的客户端数量timeout = 600 #超时时间, time-out automatic disconnection, need service and then active connection PID file = /var/run/rsyncd.pid #pid文件存放地址lock file = /var/run/rsync.lock #锁文件地址log file = /var/log/rsyncd.log #日志文件存放目录ignore errors #忽略错误read only = false #表示可读可写list = false # Indicates that a remote list can be hosts allow = 192.168.0.0/24 #允许主机地址hosts deny = 0.0.0.0/32 #拒绝主机地址auth users = rsync_backup #运行服务的用户secrets file = / etc/rsync.password #密码文件 #####################[backup] #模块名字comment = This is luruiqi writter #注释path = /backup #需要备份的目录, preferably the same as the module name, easy to find ################### ################
[[email protected]_server ~]# rsync --daemon #启动 [[Email protected]_Server ~]# ps -ef |grep rsync |grep -v grep #检查root 3168 1 0 07:16 ? 00:00:00 rsync --daemon[[email protected]_Server ~]# netstat -lntup |grep rsync #检查tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 3168/rsynctcp 0 0 :::873 :::* LISTEN 3168/rsync[[email protected]_server ~]# ss -lntup |grep rsyn #检查tcp LISTEN 0 5 :::873 :::* Users: (("rsync", 3168,5)) TCP &NBsp listen 0 5 *:873 *:* users: (("rsync", 3168,3) [[Email protected]_server ~]# lsof -i :873 #检查COMMAND PID USER FD TYPE Device size/off node namersync 3168 root 3u ipv4 16481 0t0 TCP *:rsync (LISTEN) rsync 3168 root 5u ipv6 16482 0t0 tcp *:rsync (LISTEN)
[[email protected]_server ~]# useradd rsync -s /sbin/nologin -m #创建rsync账户 [[email protected]_server ~]# id rsync #检查创建用户的结果uid =500 (rsync) gid= Rsync groups=500 (rsync) [[email protected]_server ~]# mkdir /backup # Create a backup directory [[email protected]_server ~]# chown -r rsync /backup #更改备份目录的属组 [[email protected]_server ~]# ll -d /backup/ #检查是否更改属组drwxr-xr-x 2 rsync root 4096 dec 2 07:25 /backup/[[email protected]_server ~]# echo "rsync_backup:123456" >/etc/rsync.password #创建账号和密码 [[email protected]_server ~]# cat /etc/rsync.password #检查是否创建rsync_backup: 123456[[email protected]_Server ~]# chmod 600 /etc/rsync.password #配置密码文件的访问权限 [[Email protected]_server ~]# ll /etc/rsync.password #检查是否更改-rw------- 1 root root 20 dec 2 07:29 /etc/rsync.password
Client (the server that needs to be backed up)
the client does not need to create a rsyncd.conf, just create a password file ,
[Email protected] ~]# echo "123465" >/etc/rsync.password [[email protected] ~]# chmod 600/etc/rsync.password [email Protected] ~]# ll/etc/rsync.password-rw-------1 root root 7 Nov 03:33/etc/rsync.password[[email protected] ~]# cat /etc/rsync.password 123465
Test it.
rsync-avz/tmp/[Email Protected]::backup--password-file=/etc/rsync.password
Server for NFS (rsync client)
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>650 "this.width=650;" src= "http ://s4.51cto.com/wyfs02/m01/8b/26/wkiol1hggfvrbhniaaavuhwpx_4780.png-wh_500x0-wm_3-wmp_4-s_427634834.png "title= "123.png" alt= "Wkiol1hggfvrbhniaaavuhwpx_4780.png-wh_50"/>
Backup server (rsync service side)
650) this.width=650; "src="/e/u261/themes/default/images/spacer.gif "style=" Background:url ("/e/u261/lang/zh-cn/ Images/localimage.png ") no-repeat center;border:1px solid #ddd;" alt= "Spacer.gif"/>650 "this.width=650;" src= "http ://s5.51cto.com/wyfs02/m02/8b/26/wkiol1hgggfqak8uaaayroxf8ug866.png-wh_500x0-wm_3-wmp_4-s_4107373896.png "title = "1234.png" alt= "Wkiol1hgggfqak8uaaayroxf8ug866.png-wh_50"/>
-----------------------------------------------------------
The above see simple configuration has been completed, can complete a simple file backup transfer work.
Restart rsync Combo command pkill rsync #强制关闭服务
Killall rsync #平滑的杀进程 "need to repeat multiple times to ensure the kill process" kill ' Cat/var/run/rsyncd.pid ' #杀进程, also equivalent to shutting down the service rsync--daemon #启动进程kill-hup ' cat/var/r Un/rsyncd.pid ' #平滑的杀死进程kill-usr2 ' cat/var/run/rsyncd.pid ' #平滑的杀死进程
Check for initiated processes
Ps-ef |grep rsync
--------------------------------------------------------------------
Summarize all the above steps
Rsync Server Configuration steps
1. vi/etc/rsyncd.conf
2. Create the rsync user and the shared directory/backup
Useradd rsync-s/sbin/nologin-m
Mkdir/backup
Chown-r Rsync/backup
3. Create a password file
echo "Rsync_backup:oldboy" >/etc/rsync.password
Cat/etc/rsync.password
chmod 600/etc/rsync.password
4. Start the service and check
Rsync--daemon
5. Join the boot-up
echo "Rsync--daemon" >>/etc/rc.local
Tail-2/etc/rc.local
---------------------------------------------------------
The client resumes pulling resources on the server and needs to run the following statement on the client:
Rsync-avz [Email protected]::backup/tmp/--password-file=/etc/rsync.password
-------------------------------------------------------------------------------------------
Note: The server only runs the Rsync service regardless of whether the push-pull is in the client operation
----------------------------------------------------------------------------
Security optimization: 1. Listen for internal IP address
[Email protected]_server backup]# Netstat-lntup|grep rsync
TCP 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 29031/rsync
TCP 0 0::: 873:::* LISTEN 29031/rsync
By the above, the default is to listen to the entire network IP 0.0.0.0:873 we need to change into the intranet segment
Make the following changes to start
[[Email protected]_server backup]# rsync--daemon--address=192.168.1.0
[Email protected]_server backup]# Netstat-lntup|grep rsync
TCP 0 0 192.168.1.0:873 0.0.0.0:* LISTEN 29153/rsync
[[Email Protected]_server backup]#
----------------------------------------------------------------------------------------
The wrong part of the line
Idea: The configuration process must be skilled, according to the operation process Check again
Service-Side troubleshooting:
1.rsync the configuration file path of the service is correct, the default path is,/etc/rsyncd.conf
2. Check the configuration file for host Allow,host deny, allow the IP network segment, whether to allow client access.
3. Check if the path in the paths parameter exists and the permissions are correct (normal should be the genus and owner of the UID parameter in the configuration file)
4. Check if the Rsync service is started, see if the command is Ps-ef |grep rsync, the port exists netstat-lntup |grep 873
5. Check if the iptables firewall and SELinux are enabled to allow the Rsync service to pass, the intranet can be closed.
6. Check if the password file for rsync configuration on the server is 600, the password file format is correct, the correct format is Username:password, the file path and the Secrect files parameter in the configuration file correspond.
7. If you are pushing data, see if the user has read and write permissions to the directory under the module in the configuration rsyncd.conf file.
Client Troubleshooting Ideas:
1. Check if the password file for the client rsync configuration is 600, the password file format is correct, note that only the password is required, and the password is consistent with the server.
2. telnet to the IP address 873 port of the rsync server to see if the service is started (can test if the service-side firewall is blocked) Telnet 192.168.1.8 873
3. The client execution command is RSYNC-AVZP [email protected]::backup/test/--password-file=/etc/rsync.password
The details of this command should be noted that the IP address of the server is followed by a double colon, followed by the name of the server-side module.
This article is from the "richylu____ Records" blog, so be sure to keep this source http://richylu.blog.51cto.com/1481674/1879847
Simple configuration and implementation of Rsync