1, Rsync characteristics and advantages of the
Mirroring can save an entire directory tree and file system
Permissions can easily do to keep the original file, time, soft and hard links, etc.
No special privileges to install
Fast: The first synchronization rsync will copy the entire contents, but the next value transfer modified files
Compression transmission: rsync during the transmission of data may be carried out compression and decompression operations, it is possible to use less bandwidth
Safety: use scp, ssh, etc. to transfer files, of course, also be connected directly via socket
Support for anonymous transfers, facilitate the site has been mirrored
The selectivity, symbolic links, hard links, file attributes, permissions, and time
2, common backup classification
Full backup, differential backup, incremental backup
Full backup: every time a backup is from a backup source to back up all files or directories to the destination
Differential backup: backup the last full backup data have changed (the last full backup for him, he was the backup process does not clear the archive attribute)
Incremental backup: After the backup last backup data changes (whether he was the type of backup, change the data on the backup, he will clear the archive attribute)
3, rsync operation mode and port
Using C / S mode (client / server Moss) [that is a point to point transfer, directly with rsync]
Port 873
4, the data in a synchronized manner
Push push: a host is responsible for the data transmission to other hosts, great server overhead, more suitable for small back-end server case
Pull pull: a host to find the timing of all hosts pull-up data, the data might lead to slow
Push: The purpose rsync server host configuration, the source host periodically to synchronize it with rsync directory push past (the machine to be backed up is the client machine backup storage is server)
Pull: rsync server configured as a source host, destination host periodic use rsync to synchronize the directory command to pull over (machine needs backup is the server, storage and backup machine is the client)
5, rsync service is installed
Lab topology: Prepare two machines test (source host), test1 (target host)
rsync service depends xinetd, a super service to manage, you need to install rsync server on the target machine
[root@test ~]# yum -y install xinetd rsync
[root@test ~]# rsync --daemon
[root@test ~]# netstat -antup | grep 873
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 3181/rsync
tcp6 0 0 :::873 :::* LISTEN 3181/rsync
6, rsync command
rsync command and scp command is very similar
-a, --archive archive mode permission saving mode, the equivalent of -rlptgoD parameters, archiving, recursive, and so keep the property
-r, - recursive copy all of the following information, recursive processing
-p, - perms rights reserved file, the original file attributes
-t, - times save some time, the time of the original file
-g, - group is a group retain the original
-o, - owner retains file owner (root only)
-D, - devices retention device information (root only)
-l, - links to copy all the connections, copy connection files
-z, - compress the compressed mode, when the data for transmission to the destination file compression
-H, - hard-links to retain hard-linked files
-A, - acls reserved ACL properties file, need to meet --perms
-P, -P parameters and --partial - progress just the same parameters in order to simplify it, represents the transfer progress
--version, output rsync version
-v, - verbose output complex information
-u, - update only update, which is to skip the target location already exists, and the file is later than the time the file to be backed up, not covered by the new file
--port = PORT, defined rsyncd (daemon) to run port (default is tcp873)
--delete, delete some files and then the destination file is not a backup source
--password-file = FILE, to obtain the password from file
--bwlimit = KBPS, display I / O bandwidth
--filter "filename", you need to filter files
--progress, display the backup process
Common choices for -avz
7, the backup data using rsync
To / var / www / html directory test site backup to the root directory of test1 / web-back (note that both servers to be fitted with rsync and start the service)
[Root @ test ~] # mkdir / var / www / html -p # Create a test path
[Root @ test ~] # cp -r / boot / * / var / www / html / # below the release point to the route data
[Root @ test ~] # rsync -avz --delete / var / www / html / [email protected]: / web-back / # rsync backup data to the web-back 135.50 directory
8, rsyncd.conf profile
Profile divided into two parts: global parameter module parameters
Global parameters: The rsync server to take effect, if the module parameters and global parameters conflict, local conflicts take effect module parameters
Module parameters: by definition requires the parameter output directory defined rsync
Common global parameters:
port # → specify the port number used by the daemon, the default is 873.
uid # → When this option is specified when the file transfer module daemon should have uid, which can be accessed with how kind of file permissions gid option can be used to determine the default value is "nobody".
gid # → This option specifies when the file transfer module daemon should have gid. The default is "nobody".
max connections # → connection request this module maximum number of concurrent connections to protect the server exceeds the limit will then be informed again. The default value is 0, that is, there is no limit.
lock file # → Support max connections parameter specifies the lock file, the default value is /var/run/rsyncd.lock.
motd file # → "motd file" argument is used to specify a message file when the client connected to the server to display the contents of the file to the client, the default
There is no motd file.
log file # → "log file" designated rsync log files, not send the logs to syslog.
pid file # → specify the pid file rsync, usually designated as "/var/run/rsyncd.pid", the process ID of the location to store files.
hosts allow = # → single IP address or network address of the client // allow access to the address
Common module parameters: The main server which is defined to be synchronous output, its format must be "[Sharing module name]" form, the name that is seen rsync client's name, in fact, much like the Samba server share name. The data server is synchronized by the real path to specify.
Comment # → module to specify a description, the description is displayed to the client along with the name of the client module when the module is connected to obtain the list. The default is no description definition.
Path # → the module specified for the backup path tree, this parameter must be specified.
read only # → yes is only allowed to download, no to download and upload files to the server
exclude # → specifies a plurality of a plurality of files or directories (relative path) separated by spaces, to add it to exclude list. This is equivalent to specify certain files or directories do not download or upload (both inaccessible) ---- filter or use -exclude client command
exclude from # → specify a file name contains definitions exclude mode, the server reads the exclude list of definitions from the file, each file or directory need to take up a row
include # → to specify not exclude files or directories to meet the requirements. This is equivalent to using --include client command to a specified pattern, you may be defined to include and exclude binding complex exclude / include rules.
include from # → specified file name contains a definition of the pattern include, include a list of definitions from the server reads the file.
auth users # → This option specifies a list of user names separated by spaces or commas, and only these users are allowed to connect to the module. Here the user and the system user does not have any relationship. If "auth users" is set, then the client sends a connection request to the module will be later challenged rsync request for challenge / response authentication protocol to verify the identity used herein. User names and passwords stored in clear text in the "secrets file" option specifies the file. By default, the module can be connected without a password (ie anonymous).
The password file: secrets file # → This option specifies a user-defined name contains. Only when the "auth users" is defined, the files have effect. Each row contains a file username: passwd right. Generally password is best not more than eight characters. There is no default secures file name, note: the file permissions must be a 600, otherwise the client can not connect to the server.
IP hosts allow # → which allows customers to specify the connection module. Definition can be in the form:
A single IP address, for example: 192.167.0.1 , a plurality of IP or network segments separated by a space need,
The entire network segment, for example: 192.168.0.0/24, can also be 192.168.0.0/255.255.255.0
"*" Indicates all, the default is to allow all host connections.
hosts deny # → rsync server connection is not permitted to specify the machine can be used to define the manner defined hosts allow. The default is not defined hosts deny.
list # → This option is set when a customer requests a list of modules that can be used, whether the module should be listed. If this option is set to false,
You can create hidden modules. The default value is true.
timeout # → can cover customer-specific IP timeout by this option. This option ensures that rsync server will not wait forever for a client crash. Timeout units of seconds, 0 means no timeout defined, which is the default. For anonymous rsync servers, the ideal number is 600.
9, the output profile is defined directory
[Root @ test64 ~] # vim /etc/rsyncd.conf // file does not exist, you need to create your own
uid = root # status of running processes
gid = root # group running processes
listening IP address = 192.168.0.64 #
port = 873 # listening port
hosts allow = 192.168.0.0 / 24 # to allow synchronization client IP address, may be a network, or all indicated by * or 192.168.1.0/255.255.255.0 192.168.1.0/24
use chroot = yes # if prison, after locking the home directory, rsync is black, outside the home directory hacker can no longer run rsync create the file, option to yes
max connections = 5 # maximum number of connections
pid file = / var / run / rsyncd.pid # process PID, auto-generated
lock file = / var / run / rsync.lock # refers to the file lock parameters max connectios
log file = / var / log / rsyncd.log # log file location
motd file =/etc/rsyncd.motd
# Client pop-up messages after landing, you need to create
[Wwwroot] # shared module name
path = / web-back / # Path
comment = used for web-data root # Description
read only = false # Set the server file read and write permissions
list = yes # Allow to view module information
auth users = user rsyncuser # backup, and user-independent system
secrets file = / etc / rsync.passwd # to store the user's password file, the format username: password
10, create a file and prompts the user password
[root@test64 ~]# echo "Welcome to Backup Server" > /etc/rsyncd.motd
[root@test64 ~]# vim /etc/rsync.passwd
rsyncuser:password123
[root @ test64 ~] # chmod 600 /etc/rsync.passwd // directory right limit must be 700 or 600, otherwise authentication will fail, when setting rsync user
Start Testing Services
Start with rsync service xinetd
systemctl start xinetd # service xinetd start
systemctl enable xinetd # xinetd service will be added to the boot entry
rsync --daemon --config = / etc / rsyncd.conf # load the configuration file rsyncd.conf start rsync service
[root@test64 ~]# rsync --daemon --config=/etc/rsyncd.conf
[root@test64 ~]# netstat -antup | grep :873
tcp 0 0:::873 :::* LISTEN 45089/xinetd
Test, rsync syntax: rsync option to back up the source server user name @ IP :: shared module name of the target directory
[root@test63 ~]# rsync -avz --delete /var/www/html [email protected]::wwwroot
Welcome to Backup Server
Password: # Enter the password password123
Cryptographic processing
Create a new file to save your password and then use --password-file rsync command can specify this file
[root@test63 ~]# vim /etc/rsync.passwd
password123
[root@test63 ~]# chmod 600 /etc/rsync.passwd
[root@test63 ~]#rsync -avz --delete /var/www/html [email protected]::wwwroot --password-file=/etc/rsync.passwd
Script to achieve timing automatic backup
[root@test63 ~]# vim autobackup.sh
#!/bin/bash
rsync -avz --delete /var/www/html [email protected]::wwwroot --password-file=/opt/passfile
[root@test63 ~]# chmod +x autobackup.sh
[Root @ test64 ~] # rm -rf / web-back / * // test scripts
[root@test63~]# sh autobackup.sh
[root@test64 ~]# echo "01 3 * * * sh /root/autoback.sh &" >> /var/spool/cron/root