[daodu]rsync是linux系统下的数据镜像备份工具。使用快速增量备份工具Remote Sync可以远程同步,支持本地复制,与其他SSH、rsync主机同步数据。[/daodu]
[yiji]一、rsync命令的用法:[/yiji]
基本格式:rsync [选项] 原始位置 目标位置
常用选项:
-a 归档模式,递归并保留对象属性,等同于 -rlptgoD
-v 显示同步过程的详细(verbose)信息
-z 在传输文件时进行压缩(compress)
-H 保留硬链接文件
-A 保留ACL属性
--delete 删除目标位置有而原始位置没有的文件
-r 递归模式,包含目录及子目录中所有文件
-l 对于软链接文件仍然复制为软链接文件
-p 保留文件的权限标记
-t 保留文件的时间标记
-g 保留文件的属组标记(仅超级用户使用)
-o 保留文件的属主标记(仅超级用户使用)
-D 保留设备文件及其他特殊文件
[yiji]二、配置rsync[/yiji]
在配置rsync前,先来做个小测试:
服务端
#在服务端网站首页写入一些内容[root@localhost Desktop]# cd /var/www/html[root@localhost html]# vim index.html[root@localhost html]# cat index.html Hello World!
Hello Jaking!
[root@localhost html]# ifconfigeth0 Link encap:Ethernet HWaddr 00:0C:29:BE:68:3F
inet addr:192.168.142.132 Bcast:192.168.142.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:febe:683f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:580 errors:0 dropped:0 overruns:0 frame:0
TX packets:390 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:57739 (56.3 KiB) TX bytes:41856 (40.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)
[root@localhost rsync]# service httpd restartStopping httpd: [ OK ]
Starting httpd: httpd: Could not reliably determine the server's fully qualified domain name, using localhost.localdomain for ServerName
[ OK ]
客户端
#客户端能成功访问服务端网站首页的内容[root@localhost Desktop]# curl 192.168.142.132Hello World!Hello Jaking!
刚刚的小测试其实是基于SSH实现的,rsync有两种同步源,一种是基于SSH的同步源,另一种是基于rsync的同步源。
[yiji]三、基于SSH的同步源[/yiji]
设置ACL权限:setfacl -m user:用户名:rwx /服务器目录
下行同步:rsync -avz 用户名@服务器地址:/服务器目录 /本地目录
上行同步:rsync -avz /本地目录 用户名@服务器地址:/服务器目录
为确保服务端的数据能同步到客户端,接下来,我先从SSH的同步源开始配置:
在配置前,分别在服务端和客户端上执行yum install -y rsync,确保rsync已安装。
[erji]1.在服务端授权一个用户,也就是创建一个用户:[/erji]
[root@localhost html]# useradd server[root@localhost html]# passwd serverChanging password for user server.New password:
BAD PASSWORD: The password is shorter than 8 characters
Retype new password:
passwd: all authentication tokens updated successfully.
[erji]2.在客户端创建ssh目录,同步服务端数据:[/erji]
[root@localhost Desktop]# mkdir /client[root@localhost Desktop]# cd /client/[root@localhost client]# mkdir ssh[root@localhost client]# rsync -avz server@192.168.142.132:/var/www/html/* /client/sshserver@192.168.142.132's password:
receiving incremental file list
index.html
sent 68 bytes received 219 bytes 114.80 bytes/sec
total size is 27 speedup is 0.09
30 bytes received 104 bytes 15.76 bytes/sec
total size is 27 speedup is 0.20
[root@localhost client]# cd ssh
[root@localhost ssh]# ls
index.html
[root@localhost ssh]# cat index.html
Hello World!
Hello Jaking!
#客户端已成功同步服务端数据
[erji]3.刚刚的同步是下行同步,即从服务器端把数据同步到客户端。接下来我将演示一遍上行同步,即把客户端的数据同步到服务端:[/erji]
#在客户端创建新文件,准备同步到服务端。[root@localhost ssh]# touch a.txt b.txt[root@localhost ssh]# lsa.txt b.txt index.html
[root@localhost ssh]# rsync -avz /client/ssh/* server@192.168.142.132:/var/www/htmlserver@192.168.142.132's password:
sending incremental file list
a.txt
b.txt
rsync: mkstemp "/var/www/html/.a.txt.6JDDzO" failed: Permission denied (13)
rsync: mkstemp "/var/www/html/.b.txt.p7hCLz" failed: Permission denied (13)
sent 131 bytes received 50 bytes 40.22 bytes/sec
total size is 27 speedup is 0.15
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1052) [sender=3.0.9]
#同步失败,从报错结果可以server用户权限不足,server用户对/var/www/html目录没有写权限。
[erji]4.在服务端设置比较安全的ACL权限:[/erji]
[root@localhost html]# setfacl -m user:server:rwx /var/www/html
[erji]5.再次在客户端执行上行同步操作:[/erji]
[root@localhost ssh]# rsync -avz /client/ssh/* server@192.168.142.132:/var/www/htmlserver@192.168.142.132's password:
sending incremental file list
a.txt
b.txt
sent 131 bytes received 50 bytes 51.71 bytes/sec
total size is 27 speedup is 0.15
#由同步的过程可以看出,index.html没有被上传,由此可知rsync使用的同步机制是增量备份的机制。
在服务端查看:
[root@localhost html]# lsa.txt b.txt index.html#客户端数据已成功同步到服务端
[yiji]四、基于rsync的同步源[/yiji]
/etc/rsyncd_users.db文件权限必须是600
**做上行同步时,nobody需要有写入权限。 **
rsync -avz 用户名@服务器地址::共享模块名 /本地目录
rsync -avz rsync://用户名@服务器地址/共享模块名 /本地目录
使用SSH的同步源需要创建用户,对于服务器来说,存在过多的用户不是一件好事。而用基于rsync的同步源则不需要创建用户,指定的用户只需写在配置文件里即可,这样的用户是虚拟用户。
[erji]1.修改配置文件:[/erji]
服务端
[root@localhost html]# vim /etc/rsyncd.conf#若配置文件不存在则直接创建[root@localhost html]# cat /etc/rsyncd.confaddress = 192.168.142.132
port 873
pid file = /var/run/rsyncd.pidlog file = /var/log/rsyncd.log
[share]
comment = soft
path = /server/rsync read only = yes
dont compress = *.gz *.bz2 *.zip
auth users = wang
secrets file = /etc/rsyncd_users.db
[root@localhost html]# vim /etc/rsyncd_users.db[root@localhost html]# cat /etc/rsyncd_users.dbwang:123456 #rsync不支持复杂密码,尽量设简单一点。[root@localhost html]# vim /etc/xinetd.d/rsync[root@localhost html]# cat /etc/xinetd.d/rsync# default: off# description: The rsync server is a good addition to an ftp server, as it \# allows crc checksumming etc.service rsync
{ disable = yes
flags = IPv6
socket_type = stream wait = no
user = root
server = /usr/bin/rsync
server_args = --daemon
log_on_failure += USERID
}
[root@localhost html]# rsync --daemon #启动rsync[root@localhost html]# netstat -pantu | grep 873tcp 0 0 192.168.142.132:873 0.0.0.0:* LISTEN 6779/rsync
[root@localhost html]# mkdir -p /server/rsync[root@localhost html]# cd !$cd /server/rsync
[root@localhost rsync]# touch rsync.txt[root@localhost rsync]# lsrsync.txt
[root@localhost rsync]# chmod 600 /etc/rsyncd_users.db #一定要给密码文件赋予600权限,否则同步数据将出错!
[erji]2.执行同步操作:[/erji]
客户端
[root@localhost rsync]# rsync -avz wang@192.168.142.132::share /client/rsyncPassword: receiving incremental file list
./
rsync.txt
sent 77 bytes received 151 bytes 50.67 bytes/sec
total size is 0 speedup is 0.00[root@localhost rsync]# lsrsync.txt#数据同步成功[root@localhost rsync]# pwd/client/rsync
下行同步已完成,接下来我将演示上行同步:
服务端
#在执行上行同步前一定要修改模块权限和ACL权限[root@localhost rsync]# vim /etc/rsyncd.conf [root@localhost rsync]# cat /etc/rsyncd.confaddress = 192.168.142.132
port 873
pid file = /var/run/rsyncd.pidlog file = /var/log/rsyncd.log
[share]
comment = soft
path = /server/rsync read only = no #这里一定要改为no
dont compress = *.gz *.bz2 *.zip
auth users = wang
secrets file = /etc/rsyncd_users.db
[root@localhost rsync]# setfacl -m u:nobody:rwx /srver/rsync #设置ACL权限[root@localhost rsync]# pkill rsync #关闭rsync[root@localhost rsync]# rsync --daemon #启动rsync
客户端
[root@localhost rsync]# touch client.txt[root@localhost rsync]# rsync -avz /client/rsync/* wang@192.168.142.132::sharePassword:
sending incremental file list
client.txt
sent 85 bytes received 27 bytes 32.00 bytes/sec
total size is 0 speedup is 0.00#上行同步成功
在服务端查看:
[root@localhost rsync]# lsclient.txt rsync.txt
[root@localhost rsync]# pwd/server/rsync
[erji]3.上行同步的另一种格式:[/erji]
客户端
[root@localhost rsync]# lsclient.txt rsync.txt
[root@localhost rsync]# touch test.txt[root@localhost rsync]# rsync -avz /client/rsync/* rsync://wang@192.168.142.132/sharePassword: sending incremental file list
test.txt
sent 102 bytes received 27 bytes 28.67 bytes/sec
total size is 0 speedup is 0.00
服务端
[root@localhost rsync]# lsclient.txt rsync.txt test.txt
[yiji]五、配置免密码验证[/yiji]
[erji]1、基于SSH的同步源[/erji]
通过秘钥对实现
客户端
[root@localhost ssh]# pwd/client/ssh
[root@localhost ssh]# lsa.txt b.txt index.html
[root@localhost ssh]# rm -rf *[root@localhost ssh]# ssh-keygenGenerating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase):
Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:3d:fe:c8:0e:2c:b7:90:b0:f4:0d:31:af:b4:d3:9e:87 root@localhost.localdomain
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| o |
| + . |
| o o S o |
| . = O . . |
| . O *.. |
| *E=.o |
| +o+ . |
+-----------------+
[root@localhost ssh]#
[root@localhost ssh]# ssh-copy-id server@192.168.142.132
server@192.168.142.132's password: Now try logging into the machine, with "ssh 'server@192.168.142.132'", and check in:
.ssh/authorized_keys
to make sure we haven't added extra keys that you weren't expecting.
[root@localhost ssh]# id server #server用户在服务端id: server: No such user
[root@localhost ssh]# ssh server@192.168.142.132[server@localhost ~]$ ifconfig#成功登录服务端eth0 Link encap:Ethernet HWaddr 00:0C:29:BE:68:3F
inet addr:192.168.142.132 Bcast:192.168.142.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:febe:683f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:935 errors:0 dropped:0 overruns:0 frame:0
TX packets:660 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:112043 (109.4 KiB) TX bytes:89842 (87.7 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:960 (960.0 b) TX bytes:960 (960.0 b)
[server@localhost ~]$ exit
logout
Connection to 192.168.142.132 closed.
[root@localhost ssh]# ls[root@localhost ssh]# pwd/client/ssh
[root@localhost ssh]# rsync -avz server@192.168.142.132:/var/www/html/* /client/ssh/receiving incremental file list
a.txt
b.txt
index.html#现在执行同步操作不需要输入密码sent 68 bytes received 219 bytes 191.33 bytes/sec
total size is 27 speedup is 0.09
[root@localhost ssh]# lsa.txt b.txt index.html#被删除的文件又从服务端同步过来了
[erji]2、基于rsync的同步源[/erji]
通过系统变量实现
RSYNC_PASSWORD
客户端
[root@localhost client]# cd rsync/[root@localhost rsync]# lsclient.txt rsync.txt test.txt
[root@localhost rsync]# rm -rf *[root@localhost rsync]# export RSYNC_PASSWORD=123456 #123456为虚拟用户wang的密码[root@localhost rsync]# rsync -avz wang@192.168.142.132::share /client/rsyncreceiving incremental file list
./
client.txt
rsync.txt
test.txt#现在执行同步操作不需要输入密码sent 115 bytes received 265 bytes 760.00 bytes/sec
total size is 0 speedup is 0.00[root@localhost rsync]# lsclient.txt rsync.txt test.txt#被删除的文件又从服务端同步过来了
转载于:https://blog.51cto.com/14047707/2335981