1.守护进程方式(socket)
语法:
Access via rsync daemon: Pull: rsync [OPTION...] [USER@]HOST::SRC... [DEST] rsync [OPTION...] rsync://[USER@]HOST[:PORT]/SRC... [DEST] Push: rsync [OPTION...] SRC... [USER@]HOST::DEST(DEST为模块名字) rsync [OPTION...] SRC... rsync://[USER@]HOST[:PORT]/DEST
1.1、rsync 软件部署过程(服务端):
1.确认rsync软件服务是否存在【一般为系统自带】
[root@backup ~]# ## 01: 确认rsync软件服务是否存在 [root@backup ~]# rpm -qa rsyncrsync-3.0.6-12.el6.x86_64[root@backup ~]# rpm -qa|grep rsyn*rsyslog-5.8.10-10.el6_6.x86_64rsync-3.0.6-12.el6.x86_64
2.编辑配置文件【自己创建的】
[root@backup ~]#vim /etc/rsyncd.conf##rsyncd.conf start##uid = rsyncgid = rsyncuse chroot = nomax connections = 200 ##多少个人可以并发往服务器上传输数据timeout = 300pid file = /var/run/rsyncd.pidlock file = /var/run/rsync.lock ##服务停止的时候会用到,不用创建也会有log file = /var/log/rsyncd.log[backup] ##模块名称path = /backupignore errorsread only = falselist = false ##当list = true 可以看到配置文件中所有的模块信息:rsync rsync_backup@172.16.1.41::hosts allow = 172.16.1.0/24hosts deny = 0.0.0.0/32auth users = rsync_backupsecrets file = /etc/rsync.password
3.创建用户
[root@backup ~]# # 创建用户[root@backup ~]# useradd -s /sbin/nologin -M rsync[root@backup ~]# id rsyncuid=923(rsync) gid=923(rsync) groups=923(rsync)
4.创建目录
[root@backup ~]# # 创建目录[root@backup ~]# mkdir /backup -p[root@backup ~]# ll -d /backup/drwxr-xr-x 2 root root 4096 May 4 12:00 /backup/
5、修改备份目录权限
[root@backup ~]# # 修改备份目录权限[root@backup ~]# chown -R rsync.rsync /backup/[root@backup ~]# ll -d /backup/drwxr-xr-x 2 rsync rsync 4096 May 4 12:00 /backup/
6、创建认证用户密码文件
[root@backup ~]# # 创建认证用户密码文件[root@backup ~]# echo "rsync_backup:123456" >/etc/rsync.password[root@backup ~]# cat /etc/rsync.passwordrsync_backup:123456[root@backup ~]# chmod 600 /etc/rsync.password[root@backup ~]# ll /etc/rsync.password-rw------- 1 root root 20 May 4 12:04 /etc/rsync.password
7、启动rsync守护进程服务
启动rsync守护进程服务rsync --daemon[root@backup /]# rsync --daemon[root@backup /]# ps -ef |grep rsyncroot 1885 1 0 12:08 ? 00:00:00 rsync --daemonroot 1887 1250 0 12:09 pts/1 00:00:00 grep rsync
经过上面的配置,服务器已经配置好了,但是每次开机的时候都要开启守护进程,这个时候我们就要利用下面几种方式来实现开机自启动。
另外,还可以将守护进程加入开机自启动,下面提供几种开机自启动的方式。
1) 利用/etc/rc.local
[root@backup ~]# echo "# rsync boot info" >>/etc/rc.local
[root@backup ~]# echo "rsync --daemon" >>/etc/rc.local
[root@backup ~]# tail -2 /etc/rc.local
# rsync boot info
rsync --daemon
2) 编写脚本文件
编写出脚本文件,可以利用rsync --daemon启动命令
将编写脚本文件,放置到/etc/init.d/ 目录下面
脚本内容信息要添加 # chkconfig: 2345 55 25
授予脚本执行权限
添加到chkconfig启动管理服务列表中
3) xinetd自启动rsync服务,添加到chkconfig启动管理服务列表中
1.如果机器上没有xinetd这个软件,要先安装[root@backup backup]# yum install -y xinetdLoaded plugins: fastestmirror, securitySetting up Install ProcessDetermining fastest mirrors * base: mirrors.aliyun.com * epel: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com(省略安装过程)2.修改配置文件vim /etc/xinetd.d/rsync,将disable改为no[root@backup xinetd.d]# vim /etc/xinetd.d/rsync# default: off# description: The rsync server is a good addition to an ftp server, as it \# allows crc checksumming etc.service rsync{ disable = no ##(原有的yes改成no) flags = IPv6 socket_type = stream wait = no user = root server = /usr/bin/rsync server_args = --daemon log_on_failure += USERID}3.开启xinetd服务[root@backup xinetd.d]# /etc/init.d/xinetd startStarting xinetd: [ OK ][root@backup xinetd.d]#4.查看xinetd端口,看是否开启[root@backup xinetd.d]# netstat -lntup|grep 873 ###查看xinetdtcp 0 0 :::873 :::* LISTEN 4070/xinetd [root@backup xinetd.d]# /etc/init.d/xinetd stopStopping xinetd: [ OK ][root@backup xinetd.d]# rsync --daemon[root@backup xinetd.d]# netstat -lntup|grep 873tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 4091/rsync tcp 0 0 :::873 :::* LISTEN 4091/rsync5.添加到chkconfig启动管理服务列表中[root@backup run]# chkconfig --add xinetd[root@backup run]# chkconfig --list |grep 3:oncrond 0:off 1:off 2:on 3:on 4:on 5:on 6:offnetwork 0:off 1:off 2:on 3:on 4:on 5:on 6:offrsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:offsshd 0:off 1:off 2:on 3:on 4:on 5:on 6:offsysstat 0:off 1:on 2:on 3:on 4:on 5:on 6:offxinetd 0:off 1:off 2:off 3:on 4:on 5:on 6:off[root@backup run]# 1.2、rsync 软件部署(客户端):
客户端采取守护进程推送的方式来传输数据:
Push: rsync [OPTION...] SRC... [USER@]HOST::DEST(DEST为模块名字)
往备份服务器上推送文件:
[root@nfs01 ~]# rsync -avzP /etc/hosts rsync_backup@172.16.1.41::backupPassword: ##需要输入连接172.16.1.41的服务器密码。sending incremental file listhosts 323 100% 0.00kB/s 0:00:00 (xfer#1, to-check=0/1)sent 199 bytes received 27 bytes 41.09 bytes/sectotal size is 323 speedup is 1.43
如果连接服务器免密码登录时,接下来配置过程:
1、rsync客户端密码认证文件
[root@nfs01 ~]# echo "dadong123" >"/etc/rsync.password" [root@nfs01 ~]# cat /etc/rsync.password dadong123
2、客户端密码文件授权修改600
[root@nfs01 ~]# ll -d /etc/rsync.password-rw-r--r-- 1 root root 7 May 5 09:56 /etc/rsync.password[root@nfs01 ~]# chmod 600 /etc/rsync.password[root@nfs01 ~]# ll -d /etc/rsync.password-rw------- 1 root root 7 May 5 09:56 /etc/rsync.password[root@nfs01 ~]#
3、实现免秘钥登录
[root@nfs01 ~]# rsync -avz /etc/sysconfig/network rsync_backup@172.16.1.41::backup --password-file=/etc/rsync.password sending incremental file listnetworksent 98 bytes received 27 bytes 250.00 bytes/sectotal size is 30 speedup is 0.24[root@nfs01 ~]#
经过上面三步,客户端向服务器推文件,即可实现免密码传输。
1.2.1、rsync客户端访问服务端原理
原理讲解:
1)客户端执行推送命令,将客户端上面的数据传送到服务器。2)数据到达服务器端验证阶段时,需要经过秘钥和用户名等验证,客户端这时候就要知道服务器上配置文件中的普通用户使用rsync时的用户名和密码;如果通过验证,用户的身份就会变成服务器上预先设定好的用户rsync。3)当普通用户进入到服务器端时,身份变成rsync时,那么他对模块中的路径/backup就有执行和管理权限,因为在做服务器端配置时,就已经将/backup的属组和属组设为rsync。4)完成传输。
1.3、守护进程常见问题排错
1.3.1 常见问题:@ERROR: auth failed on module dadong
客户端的错误现象: [root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backupPassword:@ERROR: auth failed on module backuprsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6] 异常问题解决: 1. 密码真的输入错误,用户名真的错误 2. secrets file = /etc/rsync.password指定的密码文件和实际密码文件名称不一致 3. /etc/rsync.password文件权限不是600 4. rsync_backup:123456密码配置文件后面注意不要有空格 5. rsync客户端密码文件中只输入密码信息即可,不要输入虚拟认证用户名称
1.3.2 错误问题:rsync服务端开启的iptables防火墙
【客户端的错误】 No route to host 【错误演示过程】 [root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup rsync: failed to connect to 172.16.1.41: No route to host (113) rsync error: error in socket IO (code 10) at clientserver.c(124) [sender=3.0.6] 【异常问题解决】 关闭rsync服务端的防火墙服务(iptables) [root@backup mnt]# /etc/init.d/iptables stop iptables: Setting chains to policy ACCEPT: filter [ OK ] iptables: Flushing firewall rules: [ OK ] iptables: Unloading modules: [ OK ] [root@backup mnt]# /etc/init.d/iptables status iptables: Firewall is not running.
1.3.3 错误问题:rsync客户端执行rsync命令错误:
客户端的错误现象: [root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::/backup ERROR: The remote path must start with a module name not a / rsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6] 异常问题解决: rsync命令语法理解错误,::/backup是错误的语法,应该为::backup(rsync模块)
1.3.4 错误问题:Unknown module 'backup'
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backup@ERROR: Unknown module 'backup'rsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6] 异常问题解决: 1. /etc/rsyncd.conf配置文件模块名称书写错误
1.3.5 错误问题:Permission denied
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backupPassword:sending incremental file listhostsrsync: mkstemp ".hosts.5z3AOA" (in backup) failed: Permission denied (13)sent 196 bytes received 27 bytes 63.71 bytes/sectotal size is 349 speedup is 1.57rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1039) [sender=3.0.6] 异常问题解决: 1. 共享目录的属主和属组不正确,不是rsync 2. 共享目录的权限不正确,不是755
1.3.6 错误问题:chdir failed
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backupPassword:@ERROR: chdir failedrsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6] 异常问题解决: 1. 备份存储目录没有建立 2. 建立的备份存储目录和配置文件定义不一致说明:如果没有备份存储目录
1.3.7 错误问题:invalid uid rsync
[root@nfs01 tmp]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backupPassword:@ERROR: invalid uid rsyncrsync error: error starting client-server protocol (code 5) at main.c(1503) [sender=3.0.6] 异常问题解决:rsync服务对应rsync虚拟用户不存在了
1.3.8 rsync客户端连接慢问题
错误日志输出2017/03/08 20:14:43 [3422] params.c:Parameter() - Ignoring badly formed line in configuration file: ignore errors2017/03/08 20:14:43 [3422] name lookup failed for 172.16.1.31: Name or service not known2017/03/08 20:14:43 [3422] connect from UNKNOWN (172.16.1.31)2017/03/08 20:14:43 [3422] rsync to backup/ from rsync_backup@unknown (172.16.1.31)2017/03/08 20:14:43 [3422] receiving file list2017/03/08 20:14:43 [3422] sent 76 bytes received 83 bytes total size 349正确日志输出2017/03/08 20:16:45 [3443] params.c:Parameter() - Ignoring badly formed line in configuration file: ignore errors2017/03/08 20:16:45 [3443] connect from nfs02 (172.16.1.31)2017/03/08 20:16:45 [3443] rsync to backup/ from rsync_backup@nfs02 (172.16.1.31)2017/03/08 20:16:45 [3443] receiving file list2017/03/08 20:16:45 [3443] sent 76 bytes received 83 bytes total size 349 异常问题解决:查看日志进行分析
1.3.9 rsync服务没有正确启动
Connection refused (111)[root@dadong-muban ~]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backuprsync: failed to connect to 172.16.1.41: Connection refused (111)rsync error: error in socket IO (code 10) at clientserver.c(124) [sender=3.0.6]解决 rsync服务没开启[root@dadong-muban ~]# rsync --daemon[root@dadong-muban ~]# ss -lntup |grep rsynctcp LISTEN 0 5 :::873 :::* users:(("rsync",1434,5))tcp LISTEN 0 5 *:873 *:* users:(("rsync",1434,4))[root@dadong-muban ~]# rsync -avz /etc/hosts rsync_backup@172.16.1.41::backupPassword:sending incremental file listhostssent 196 bytes received 27 bytes 49.56 bytes/sectotal size is 349 speedup is 1.57 1.3.10 rsync error: errors selecting input/output file
[root@web02 172.16.1.7]# rsync -avzP /backup rsync_backup@172.16.1.41::backuprsync: getcwd(): No such file or directory (2)rsync error: errors selecting input/output files, dirs (code 3) at util.c(992) [receiver=3.0.6][root@web02 172.16.1.7]# cd /[root@web02 /]# rsync -avzP /backup rsync_backup@172.16.1.41::backupPassword:sending incremental file listbackup/backup/.tar.gz 1121 100% 0.00kB/s 0:00:00 (xfer#1, to-check=0/2)sent 1225 bytes received 31 bytes 34.41 bytes/sectotal size is 1121 speedup is 0.89[root@web02 /]#出现上面的问题原因是当前目录在所要传送的目录里面,跳出当前目录即可。
2、本地复制方式(相当于cp scp ls)
语法:Local: rsync [OPTION...] SRC... [DEST]
2.1、rsync命令等价rm命令
[root@backup ~]# # rm删除命令[root@backup ~]# rm -f dadong/*[root@backup ~]# ll dadongtotal 0[root@backup ~]# rsync --delete dadong /tmp/rsync: --delete does not work without -r or -d.rsync error: syntax or usage error (code 1) at main.c(1422) [client=3.0.6][root@backup ~]# rsync -r --delete dadong /tmp/[root@backup ~]# ll /tmp/total 16drwxr-xr-x 78 root root 4096 May 4 08:56 etc-rw-r--r-- 1 root root 324 May 3 16:20 hostsdrwxr-xr-x 2 root root 4096 May 4 09:20 dadong-rw-r--r-- 1 root root 3280 May 4 08:54 passwd[root@backup ~]# [root@backup ~]# rsync -r --delete dadong/ /tmp/[root@backup ~]# ll /tmp/total 0
2.2、rsync等价于ls
[root@backup ~]# # 查看文件信息命令ls,但是rsync查看文件时,后面必须要加上文件名,不能单独使用。[root@backup ~]# rsync /tmp/drwxrwxrwt 4096 2017/05/04 09:21:42 .[root@backup ~]# rsync /etc/drwxr-xr-x 4096 2017/05/04 09:07:46 .-rw------- 0 2017/03/08 12:03:35 .pwd.lock-rw-r--r-- 4439 2016/04/12 15:56:23 DIR_COLORS-rw-r--r-- 5139 2016/04/12 15:56:23 DIR_COLORS.256color-rw-r--r-- 4113 2016/04/12 15:56:23 DIR_COLORS.lightbgcolor
2.3、rsync等价于scp
[root@backup ~]# # 将hosts文件复制NFS服务器/tmp目录中[root@backup ~]# scp -rp dadong 10.0.0.31:/tmp/The authenticity of host '10.0.0.31 (10.0.0.31)' can't be established.RSA key fingerprint is 38:2f:fc:b7:05:37:43:2e:f9:44:3d:eb:d7:cb:f9:54.Are you sure you want to continue connecting (yes/no)? yesWarning: Permanently added '10.0.0.31' (RSA) to the list of known hosts.root@10.0.0.31's password: b 100% 0 0.0KB/s 00:00 c 100% 0 0.0KB/s 00:00 a[root@backup ~]# rsync -r dadong 10.0.0.31:/tmp/root@10.0.0.31's password:
3.隧道方式(scp)
语法:Access via remote shell: Pull: rsync [OPTION...] [USER@]HOST:SRC... [DEST] Push: rsync [OPTION...] SRC... [USER@]HOST:DEST
实例
[root@backup ~]# # rsync [OPTION...] SRC... [USER@]HOST:DEST[root@backup ~]# rsync -rp /etc/hosts root@10.0.0.31:/tmproot@10.0.0.31's password: rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at rsync.c(546) [sender=3.0.6][root@backup ~]# rsync -rp -e "ssh -p 22" /etc/hosts root@10.0.0.31:/tmp root@10.0.0.31's password:rsync -vzrtopgP -e 'ssh -p 22' dadong@172.16.1.41:/opt /tmp说明:[USER@]中的user是推送到目标服务器上的一个用户,这个用户必须先存在,而且要对目标文件有写入权限,即user可以是普通用户dadong,必须对/tmp有写入权限。如果没有可以通过授权属主和属组的方式授权。
解决方法:
1.在目标服务器上的root权限下将普通用户yu设置为文件mao的属组和属主[yu@nfs01 opt]$ su - rootPassword: [root@nfs01 ~]# cd /home/[root@nfs01 home]# lsmao dadong stu4 stu5 yu[root@nfs01 home]# id yuuid=893(yu) gid=893(yu) groups=893(yu)[root@nfs01 home]# chown yu.yu mao[root@nfs01 home]# lltotal 20drwx------ 2 yu yu 4096 May 4 15:13 maodrwxr-xr-x. 4 root root 4096 May 3 15:00 dadongdrwx------. 2 stu4 stu4 4096 May 3 13:39 stu4drwx------. 2 stu5 stu5 4096 May 3 13:39 stu5drwx------ 3 yu yu 4096 May 4 16:02 yu[root@nfs01 home]2.客户端服务器上推送[root@backup opt]# rsync -avzP -e "ssh -p 22" /tmp/passwd yu@10.0.0.31:/home/maoyu@10.0.0.31's password: ##此时普通用户yu对于文件有所有权限sending incremental file listpasswd 1173 100% 0.00kB/s 0:00:00 (xfer#1, to-check=0/1)sent 542 bytes received 31 bytes 163.71 bytes/sectotal size is 1173 speedup is 2.05[root@backup opt]#注:此处隧道方式使用的密码是ssh连接Linux的密码,即登录Linux的密码。