标签:rsync+inotify 服务器 安全性 可靠性 服务端
一,简介:
1. rsync是类unix系统下的数据镜像备份工具——remote sync。一款快速增量备份工具 Remote Sync,远程同步 支持本地复制,或者与其他SSH、rsync主机同步。与传统的cp、tar备份方式相比,rsync具有安全性高、备份迅速、支持增量备份等优点,通过rsync可以解决对实时性要求不高的数据备份需求,例如定期的备份文件服务器数据到远端服务器,对本地磁盘定期做数据镜像等。随着应用系统规模的不断扩大,对数据的安全性和可靠性也提出的更好的要求,rsync在高端业务系统中也逐渐暴露出了很多不足,首先,rsync同步数据时,需要扫描所有文件后进行比对,进行差量传输。如果文件数量达到了百万甚至千万量级,扫描所有文件将是非常耗时的。而且正在发生变化的往往是其中很少的一部分,这是非常低效的方式。其次,rsync不能实时的去监测、同步数据,虽然它可以通过Linux守护进程的方式进行触发同步,但是两次触发动作一定会有时间差,这样就导致了服务端和客户端数据可能出现不一致,无法在应用故障时完全的恢复数据。基于以上原因,rsync+inotify组合出现了!
2. Inotify 是一种强大的、细粒度的、异步的文件系统事件监控机制,linux内核从2.6.13起,加入了Inotify支持,通过Inotify可以监控文件系统中添加、删除,修改、移动等各种细微事件,利用这个内核接口,第三方软件就可以监控文件系统下文件的各种变化情况,而inotify-tools就是这样的一个第三方软件。
在上面章节中,我们讲到,rsync可以实现触发式的文件同步,但是通过crontab守护进程方式进行触发,同步的数据和实际数据会有差异,而inotify可以监控文件系统的各种变化,当文件有任何变动时,就触发rsync同步,这样刚好解决了同步数据的实时性问题。
二,环境介绍:
host | status | 系统内核版本 |
192.168.180.4 | client或源端 | CentOS release 6.8(2.6.32-642.3.1.el6.x86_64 ) |
192.168.180.3 | server或目标端 | CentOS release 6.4(2.6.32-358.el6.x86_64) |
三,具体步骤:
(一),先在目标服务器端安装rsync服务端;
1,关闭SELINUX
[root@GJB-UAT ~]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled #SELINUX=enforcing # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. #SELINUXTYPE=targeted
[root@Monitor conf]# setenforce 0 ####立即生效 setenforce: SELinux is disabled
2,开启防火墙tcp873rsync默认的端口
[root@GJB-UAT ~]# vim /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 873 -j ACCEPT "/etc/sysconfig/iptables" 15L, 607C 已写入 [root@GJB-UAT ~]# /etc/init.d/iptables restart [root@GJB-UAT ~]# iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:873 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
3,安装rsync服务端软件;
[root@GJB-UAT ~]# yum install rsync xinetd -y Loaded plugins: fastestmirror Determining fastest mirrors * base: mirrors.cn99.com * extras: mirrors.cn99.com * updates: mirrors.cn99.com base | 3.7 kB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 4.3 MB 00:01 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package rsync.x86_64 0:3.0.6-12.el6 will be installed ---> Package xinetd.x86_64 2:2.3.14-40.el6 will be installed --> Finished Dependency Resolution Dependencies Resolved ========================================================================================================================== Package Arch Version Repository Size ========================================================================================================================== Installing: rsync x86_64 3.0.6-12.el6 base 335 k xinetd x86_64 2:2.3.14-40.el6 base 122 k Transaction Summary ========================================================================================================================== Install 2 Package(s) Total download size: 457 k Installed size: 942 k Is this ok [y/N]: y Downloading Packages: (1/2): rsync-3.0.6-12.el6.x86_64.rpm | 335 kB 00:00 (2/2): xinetd-2.3.14-40.el6.x86_64.rpm | 122 kB 00:00 -------------------------------------------------------------------------------------------------------------------------- Total 2.3 MB/s | 457 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : 2:xinetd-2.3.14-40.el6.x86_64 1/2 Installing : rsync-3.0.6-12.el6.x86_64 2/2 Verifying : rsync-3.0.6-12.el6.x86_64 1/2 Verifying : 2:xinetd-2.3.14-40.el6.x86_64 2/2 Installed: rsync.x86_64 0:3.0.6-12.el6 xinetd.x86_64 2:2.3.14-40.el6 Complete! [root@GJB-UAT ~]# rpm -qa|grep rsync rsync-3.0.6-12.el6.x86_64 [root@GJB-UAT ~]# vim /etc/xinetd.d/rsync #####设置开机自启动 把disable=yes ,改成no # default: off # description: The rsync server is a good addition to an ftp server, as it # allows crc checksumming etc. service rsync { disable = no flags = IPv6 socket_type = stream wait = no user = root server = /usr/bin/rsync server_args = --daemon log_on_failure += USERID }
4,添加新用户和组并赋给相应的权限
[root@GJB-UAT ~]# groupadd rsync [root@GJB-UAT ~]# useradd -g rsync.rsync [root@GJB-UAT ~]# useradd -g rsync rsync [root@GJB-UAT ~]# grep rsync /etc/passwd rsync:x:501:501::/home/rsync:/bin/bash [root@GJB-UAT ~]# mkdir /home/rsync/backup/ [root@GJB-UAT ~]# ll /home/rsync/ 总用量 4 drwxr-xr-x. 2 root root 4096 1月 17 17:15 backup [root@GJB-UAT ~]# chown -R rsync.rsync /home/rsync/backup/ [root@GJB-UAT ~]# ll /home/rsync/ 总用量 4 drwxr-xr-x. 2 rsync rsync 4096 1月 17 17:15 backup
5,创建rsync daemon的配置文件
[root@GJB-UAT ~]# vim /etc/rsyncd.conf uid = rsync gid = rsync use chroot = no x connections = 40 timeout = 300 pid file = /var/run/rsyncd.pid lock file = /var/run/rsyncd.lock log file = /home/rsync/backup/rsyncd.log [backup] path = /home/rsync/backup/ ignore errors read only = false list = false hosts allow = 192.168.180.0/24 auth users = rsync secrets file =/etc/rsync.password [root@GJB-UAT ~]# vim /etc/rsync.password rsync:liqingbiao [root@GJB-UAT ~]# chmod 600 /etc/rsync.password [root@GJB-UAT ~]# chmod 600 /etc/rsyncd.conf
(二)安装rsync客户端(源端)
1,关闭SELINUX
[root@Monitor conf]# vim /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. #SELINUXTYPE=targeted
2,开启防火墙tcp 873端口
[root@Monitor conf] vim /etc/sysconfig/iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 873 -j ACCEPT "/etc/sysconfig/iptables" 15L, 607C 已写入 [root@Monitor conf] /etc/init.d/iptables restart [root@Monitor conf] iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:873 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- 0.0.0.0/0
3,安装配置rsync客户端软件
[root@Monitor conf]# yum install xinetd 已加载插件:fastestmirror 设置安装进程 Determining fastest mirrors epel/metalink | 4.6 kB 00:00 * epel: mirrors.tuna.tsinghua.edu.cn base | 3.7 kB 00:00 dockerrepo | 2.9 kB 00:00 epel | 4.3 kB 00:00 epel/primary_db | 5.9 MB 00:00 extras | 3.4 kB 00:00 updates | 3.4 kB 00:00 updates/primary_db | 4.3 MB 00:00 解决依赖关系 --> 执行事务检查 ---> Package xinetd.x86_64 2:2.3.14-40.el6 will be 安装 --> 完成依赖关系计算 依赖关系解决 ========================================================================================================================== 软件包 架构 版本 仓库 大小 ========================================================================================================================== 正在安装: xinetd x86_64 2:2.3.14-40.el6 base 122 k 事务概要 ========================================================================================================================== Install 1 Package(s) 总下载量:122 k Installed size: 259 k 确定吗?[y/N]:y 下载软件包: xinetd-2.3.14-40.el6.x86_64.rpm | 122 kB 00:00 运行 rpm_check_debug 执行事务测试 事务测试成功 执行事务 正在安装 : 2:xinetd-2.3.14-40.el6.x86_64 1/1 Verifying : 2:xinetd-2.3.14-40.el6.x86_64 1/1 已安装: xinetd.x86_64 2:2.3.14-40.el6 完毕! [root@Monitor conf]# rpm -qa|grep rsync rsync-3.0.6-12.el6.x86_64 [root@Monitor logs]# vim /etc/xinetd.d/rsync # default: off # description: The rsync server is a good addition to an ftp server, as it # allows crc checksumming etc. service rsync { disable = no flags = IPv6 socket_type = stream wait = no user = root server = /usr/bin/rsync server_args = --daemon log_on_failure += USERID } [root@Monitor conf]# /etc/init.d/xinetd start 正在启动 xinetd: [确定] [root@Monitor logs]# netstat -lntp|grep xinetd tcp 0 0 :::873 :::* LISTEN 38518/xinetd
4,创建认证文件
[root@Monitor logs]# vim /etc/rsyncd.passwd liqingbiao [root@Monitor conf]# chmod 600 /etc/rsyncd.passwd
5,测试源服务client器(192.168.180.4)到目标服务器服务端(192.168.180.3)之间的数据同步
[root@Monitor nginx]# rsync -avH --port=873 --progress /data/nginx/ rsync@192.168.180.3::backup --password-file=/etc/rsyncd.passwd sending incremental file list ./ access.log 33777280 100% 39.93MB/s 0:00:00 (xfer#1, to-check=5/7) error.log 201151 100% 227.88kB/s 0:00:00 (xfer#2, to-check=4/7) nginx.access.log 278900324 100% 66.16MB/s 0:00:04 (xfer#3, to-check=3/7) log/ log/access.log 0 100% 0.00kB/s 0:00:00 (xfer#4, to-check=1/7) log/nginx.access.log 10521574 100% 66.89MB/s 0:00:00 (xfer#5, to-check=0/7) sent 323439494 bytes received 386 bytes 71875528.89 bytes/sec total size is 323400329 speedup is 1.00 [root@Monitor nginx]#
去192.168.180.3上查看backup定义的路径查看同步的文件完成,数据测试完成。
(三)安装Inotify-tools工具,实时出发rsync进行同步。
1,查看服务器的内核是否支持inotify(如果列出文件的目录,说明服务器内核支持inotify)
[root@Monitor nginx]# ll /proc/sys/fs/inotify 总用量 0 -rw-r--r-- 1 root root 0 1月 17 20:20 max_queued_events -rw-r--r-- 1 root root 0 1月 17 20:20 max_user_instances -rw-r--r-- 1 root root 0 1月 17 20:20 max_user_watches
2,安装编译工具和inotify-tools
[root@Monitor nginx]# yum install make gcc gcc-c++ 已加载插件:fastestmirror 设置安装进程 Loading mirror speeds from cached hostfile * epel: mirrors.tuna.tsinghua.edu.cn 包 1:make-3.81-23.el6.x86_64 已安装并且是最新版本 包 gcc-4.4.7-17.el6.x86_64 已安装并且是最新版本 包 gcc-c++-4.4.7-17.el6.x86_64 已安装并且是最新版本 无须任何处理 [root@Monitor nginx]# wget http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz --2017-01-17 20:55:41-- http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz 正在解析主机 github.com... 192.30.253.113, 192.30.253.112 正在连接 github.com|192.30.253.113|:80... 已连接。 已发出 HTTP 请求,正在等待回应... 301 Moved Permanently 位置:https://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz [跟随至新的 URL] --2017-01-17 20:55:41-- https://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz 正在连接 github.com|192.30.253.113|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 302 Found 位置:https://cloud.github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz [跟随至新的 URL] --2017-01-17 20:55:43-- https://cloud.github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz 正在解析主机 cloud.github.com... 54.192.127.169, 54.192.127.35, 54.192.127.201, ... 正在连接 cloud.github.com|54.192.127.169|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:358772 (350K) [null] 正在保存至: “inotify-tools-3.14.tar.gz” 86% [=====================================================================> ] 310,532 91.0K/s eta(英国中部时95% [============================================================================> ] 343,300 87.8K/s eta(英国中部时100%[================================================================================>] 358,772 83.0K/s eta(英国中部时100%[================================================================================>] 358,772 83.0K/s in 4.2s 2017-01-17 20:56:00 (83.0 KB/s) - 已保存 “inotify-tools-3.14.tar.gz” [358772/358772]) [root@Monitor nginx]# tar xf inotify-tools-3.14.tar.gz [root@Monitor nginx]# cd inotify-tools-3.14 [root@Monitor inotify-tools-3.14]# ./configure --prefix=/usr/local//inotify [root@Monitor inotify-tools-3.14]#make && make install
3,设置系统环境变量,添加软连接。
[root@Monitor inotify-tools-3.14]# echo "PATH=/usr/local/inotify/bin:$PATH" >>/etc/profile.d/inotify.sh [root@Monitor inotify-tools-3.14]# source /etc/profile.d/inotify.sh [root@Monitor inotify-tools-3.14]# echo "/usr/local/inotify/lib" >/etc/ld.so.conf.d/inotify.conf [root@Monitor inotify-tools-3.14]# ln -s /usr/local/inotify/include /usr/include/inotify [root@Monitor inotify-tools-3.14]# sysctl -a | grep max_queued_events
4,修改inotify默认参数
[root@Monitor inotify-tools-3.14]# sysctl -a | grep max_queued_events fs.inotify.max_queued_events = 99999999 [root@Monitor inotify-tools-3.14]# sysctl -a | grep max_user_watches fs.inotify.max_user_watches = 99999999 fs.epoll.max_user_watches = 797306 [root@Monitor inotify-tools-3.14]# sysctl -a | grep max_user_instances fs.inotify.max_user_instances = 65535 [root@Monitor inotify-tools-3.14]#
修改添加如下参数:
[root@Monitor inotify-tools-3.14]# vim /etc/sysctl.conf fs.inotify.max_queued_events=99999999 fs.inotify.max_user_watches=99999999 fs.inotify.max_user_instances=65535
5,创建脚步,实时触发rsync进行同步
[root@Monitor inotify-tools-3.14]# vim /usr/local/inotify/rsync.sh #!/bin/sh #date:2017-01-17 #author:lqb srcdir=/data/nginx dstdir=backup excludedir=/usr/local/inotify/exclude.list rsyncuser=rsync rsyncpassdir=/etc/rsyncd.passwd dstip="192.168.180.3" #for ip in $dstip #do rsync -avH --port=873 --progress --delete --exclude-from=$excludedir $srcdir $rsyncuser@$ip::$dstdir --password-file=$rsyncpassdir #done /usr/local/inotify/bin/inotifywait -mrq --timefmt ‘%d/%m/%y %H:%M‘ --format ‘%T %w%f%e‘ -e close_write,modify,delete,create,attrib,move $srcdir | while read file do for ip in $dstip do rsync -avH --port=873 --progress --delete --exclude-from=$excludedir $srcdir $rsyncuser@$ip::$dstdir --password-file=$rsyncpassdir echo " ${file} was rsynced" >> /tmp/rsync.log 2>&1 done done [root@Monitor inotify-tools-3.14]#chmod +x /usr/local/inotify/rsync.sh [root@Monitor inotify-tools-3.14]# /usr/local/inotify/rsync.sh rsync: getaddrinfo: 873: No address associated with hostname rsync error: error in socket IO (code 10) at clientserver.c(124) [sender=3.0.6] sending incremental file list nginx/ nginx/inotify-tools-3.14.tar.gz 358772 100% 34.54MB/s 0:00:00 (xfer#1, to-check=54/58) nginx/nginx.access.log 40824576 14% 38.93MB/s 0:00:05
至此,数据进行同步。
本文出自 “清风明月” 博客,请务必保留此出处http://liqingbiao.blog.51cto.com/3044896/1892720
标签:rsync+inotify 服务器 安全性 可靠性 服务端
原文地址:http://liqingbiao.blog.51cto.com/3044896/1892720