29.第23章 网络文件共享服务

一.FTP 两种工作模式

主动模式port
  FTP主动模式:TCP链接客户端访问FTP,客户端会开启一个大于1024的端口N访问FTP的21端口(控制端口),并通过21端口发送port命令与N+1的端口,服务端收到命令后会使用20(数据端口)主动链接客户端N+1端口进行数据传输。
被动模式pasv
  FTP被动模式:TCP链接客户端访问FTP,客户端开启一个大于1024的端口N访问FTP的21端口(控制端口),同时会开启一个N+1的端口,并通过21端口发送pasv命令,FTP同过命令得知处于被动状态,会开放一个大于1024的端口P,然后通过命令通知客户端P数据端口,客户端然后会通过N+1端口链接P端口进行数据传输。

注:

  •   由于防火墙机制,主动模式不利于客户端管理,被动模式不利于服务端管理。
  •   主动情况下服务端数据端主动链接客户端可能遭到客户端防火墙拦截。
  •   被动情况下客户端主动访问服务端数据端口可能遭到服务端防火墙拦截。

二.实现基于MYSQL验证的vsftpd虚拟用户

[root@centos8 ~]# yum -y install mariadb-server

[root@centos8 ~]# systemctl enable --now mariadb
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.

[root@centos8 ~]# mysql
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.27-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> use vsftpd
Database changed

CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);

MariaDB [vsftpd]> desc users;
+----------+----------+------+-----+---------+----------------+
| Field    | Type     | Null | Key | Default | Extra          |
+----------+----------+------+-----+---------+----------------+
| id       | int(11)  | NO   | PRI | NULL    | auto_increment |
| name     | char(50) | NO   |     | NULL    |                |
| password | char(48) | NO   |     | NULL    |                |
+----------+----------+------+-----+---------+----------------+
3 rows in set (0.001 sec)

MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser1',password('123456'));
Query OK, 1 row affected (0.001 sec)

MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser2',password('123456'));
Query OK, 1 row affected (0.001 sec)

MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser3',password('123456'));
Query OK, 1 row affected (0.001 sec)

MariaDB [vsftpd]> select * from users;
+----+----------+-------------------------------------------+
| id | name     | password                                  |
+----+----------+-------------------------------------------+
|  1 | ftpuser1 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
|  2 | ftpuser2 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
|  3 | ftpuser3 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+----+----------+-------------------------------------------+
3 rows in set (0.000 sec)

MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@'10.0.0.%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.000 sec)

[root@centos7 ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel

[root@centos7 ~]# rz -E
rz waiting to receive.
[root@centos7 ~]# tar xf pam_mysql-0.7RC1.tar.gz 
[root@centos7 ~]# cd pam_mysql-0.7RC1
[root@centos7 pam_mysql-0.7RC1]# ls
acinclude.m4  config.guess  configure     CREDITS     ltmain.sh    missing        pam_mysql.c        pkg.m4
aclocal.m4    config.h.in   configure.in  INSTALL     Makefile.am  mkinstalldirs  pam_mysql.spec     README
ChangeLog     config.sub    COPYING       install-sh  Makefile.in  NEWS           pam_mysql.spec.in  stamp-h.in

[root@centos7 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security

[root@centos7 pam_mysql-0.7RC1]# make install

[root@centos7 pam_mysql-0.7RC1]# ll /lib64/security/pam_mysql.*
-rwxr-xr-x 1 root root    882 Mar 13 21:08 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141712 Mar 13 21:08 /lib64/security/pam_mysql.so

[root@centos7 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
:wq

[root@centos7 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@centos7 pam_mysql-0.7RC1]# id vuser
uid=998(vuser) gid=996(vuser) groups=996(vuser)
[root@centos7 pam_mysql-0.7RC1]# ls /data/ftproot
ls: cannot access /data/ftproot: No such file or directory

[root@centos7 pam_mysql-0.7RC1]# mkdir -p /data/ftproot/upload

[root@centos7 pam_mysql-0.7RC1]# ll -d /data/ftproot/upload
drwxr-xr-x 2 root root 6 Mar 13 21:16 /data/ftproot/upload

[root@centos7 pam_mysql-0.7RC1]# setfacl -m u:vuser:rwx /data/ftproot/upload/

[root@centos7 pam_mysql-0.7RC1]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO  

pam_service_name=vsftpd.mysql
guest_enable=YES
guest_username=vuser
:wq

[root@centos7 pam_mysql-0.7RC1]# systemctl enable --now vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@centos7 pam_mysql-0.7RC1]# ss -ntl
State       Recv-Q Send-Q                  Local Address:Port                                 Peer Address:Port              
LISTEN      0      128                                 *:22                                              *:*                  
LISTEN      0      100                         127.0.0.1:25                                              *:*                  
LISTEN      0      32                               [::]:21                                           [::]:*                  
LISTEN      0      128                              [::]:22                                           [::]:*                  
LISTEN      0      100                             [::1]:25                                           [::]:*

[root@centos6 ~]# yum -y install ftp

[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,57,86).
150 Here comes the directory listing.
drwxrwxr-x    2 0        0               6 Mar 13 13:16 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg  install.log  install.log.syslog
ftp> put anaconda-ks.cfg 
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.

[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,191,50).
150 Here comes the directory listing.
drwxrwxr-x    2 0        0              29 Mar 13 13:36 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg  install.log  install.log.syslog
ftp> put anaconda-ks.cfg 
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.

[root@centos7 ~]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/   
:wq

[root@centos7 ~]# mkdir /etc/vsftpd/conf.d/

[root@centos7 conf.d]# vim ftpuser1
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES  
:wq

[root@centos7 conf.d]# systemctl restart vsftpd

[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,38,124).
150 Here comes the directory listing.
drwxrwxr-x    2 0        0               6 Mar 13 13:16 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> put anaconda-ks.cfg 
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,195,218).
150 Ok to send data.
226 Transfer complete.
958 bytes sent in 0.00704 secs (136.12 Kbytes/sec)
ftp>

[root@centos7 pam_mysql-0.7RC1]# tail -f /var/log/secure
Mar 13 21:35:02 centos7 polkitd[547]: Registered Authentication Agent for unix-process:11920:442834 (system bus name :1.24 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 13 21:35:02 centos7 polkitd[547]: Unregistered Authentication Agent for unix-process:11920:442834 (system bus name :1.24, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)

[root@centos7 conf.d]# ll /data/ftproot/upload/
total 4
-rw------- 1 vuser vuser 958 Mar 13 21:36 anaconda-ks.cfg

[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,191,50).
150 Here comes the directory listing.
drwxrwxr-x    2 0        0              29 Mar 13 13:36 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg  install.log  install.log.syslog
ftp> put anaconda-ks.cfg 
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.

[root@centos7 conf.d]# mkdir /data/ftproot2
[root@centos7 conf.d]# touch /data/ftproot2/ftproot2.txt

[root@centos7 conf.d]# mkdir /data/ftproot3
[root@centos7 conf.d]# touch /data/ftproot3/ftproot3.txt

[root@centos7 conf.d]# vim ftpuser2
local_root=/data/ftproot2
:wq

[root@centos7 conf.d]# vim ftpuser3
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot3
:wq

[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,197,196).
150 Here comes the directory listing.
-rw-r--r--    1 0        0               0 Mar 13 13:41 ftproot2.txt
226 Directory send OK.

[root@centos7 conf.d]# mkdir /data/ftproot2/upload

[root@centos7 conf.d]# mkdir /data/ftproot3/upload

ftp> ls
227 Entering Passive Mode (10,0,0,7,209,217).
150 Here comes the directory listing.
-rw-r--r--    1 0        0               0 Mar 13 13:41 ftproot2.txt
drwxr-xr-x    2 0        0               6 Mar 13 13:46 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> put anaconda-ks.cfg 
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,75,170).
550 Permission denied.
ftp> exit
221 Goodbye.

[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser3
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,178,70).
150 Here comes the directory listing.
-rw-r--r--    1 0        0               0 Mar 13 13:41 ftproot3.txt
drwxr-xr-x    2 0        0               6 Mar 13 13:46 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg  install.log  install.log.syslog
ftp> put anaconda-ks.cfg 
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,49,119).
553 Could not create file.

[root@centos7 conf.d]# ll /data/ftproot3/upload/ -d
drwxr-xr-x 2 root root 6 Mar 13 21:46 /data/ftproot3/upload/

[root@centos7 conf.d]# setfacl -m u:vuser:rwx /data/ftproot3/upload/

ftp> put anaconda-ks.cfg 
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,142,7).
150 Ok to send data.
226 Transfer complete.
958 bytes sent in 0.000108 secs (8870.37 Kbytes/sec)

三.NFS工作原理

什么是NFS?
network file system 网络文件系统
通过网络存储和组织文件的一种方法或机制。

为什么要用NFS?
前端所有的应用服务器接收到用户上传的图片、文件、视频,都会统一放到后端的存储上。
共享存储的好处:方便数据的查找与取出,缺点:存储服务器压力大,坏了丢失全部数据。

NFS工作原理
NFS功能,有很多服务,每个服务都有自己的端口,并且经常变换。
客户端查找这些端口,就需要一个中间人---RPC服务(默认端口号111)。
工作流程:
1.启动RPC服务
2.启动NFS服务(同时向RPC服务注册启动的端口)
3.客户端向RPC请求NFS服务
4.RPC返回端口到客户端
5.客户端用返回的端口地址向NFS请求传输数据。

四.实现NFS

[root@centos8 ~]# dnf -y install nfs-utils

[root@centos8 ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
   Active: inactive (dead)

[root@centos8 ~]# systemctl enable --now nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.

[root@centos8 ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
   Active: active (exited) since Sat 2021-03-13 22:25:46 CST; 14s ago
  Process: 9694 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, sta>
  Process: 9683 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
  Process: 9682 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
 Main PID: 9694 (code=exited, status=0/SUCCESS)

Mar 13 22:25:46 centos8 systemd[1]: Starting NFS server and services...
Mar 13 22:25:46 centos8 systemd[1]: Started NFS server and services.

[root@centos8 ~]# ss -ntul
Netid        State          Recv-Q         Send-Q                 Local Address:Port                  Peer Address:Port        
udp          UNCONN         0              0                            0.0.0.0:20048                      0.0.0.0:*           
udp          UNCONN         0              0                            0.0.0.0:111                        0.0.0.0:*           
udp          UNCONN         0              0                            0.0.0.0:43875                      0.0.0.0:*           
udp          UNCONN         0              0                            0.0.0.0:55680                      0.0.0.0:*           
udp          UNCONN         0              0                          127.0.0.1:951                        0.0.0.0:*           
udp          UNCONN         0              0                               [::]:20048                         [::]:*           
udp          UNCONN         0              0                               [::]:36436                         [::]:*           
udp          UNCONN         0              0                               [::]:33370                         [::]:*           
udp          UNCONN         0              0                               [::]:111                           [::]:*           
tcp          LISTEN         0              64                           0.0.0.0:35485                      0.0.0.0:*           
tcp          LISTEN         0              64                           0.0.0.0:2049                       0.0.0.0:*           
tcp          LISTEN         0              128                          0.0.0.0:53007                      0.0.0.0:*           
tcp          LISTEN         0              128                          0.0.0.0:111                        0.0.0.0:*           
tcp          LISTEN         0              128                          0.0.0.0:20048                      0.0.0.0:*           
tcp          LISTEN         0              128                          0.0.0.0:22                         0.0.0.0:*           
tcp          LISTEN         0              128                             [::]:47293                         [::]:*           
tcp          LISTEN         0              64                              [::]:2049                          [::]:*           
tcp          LISTEN         0              128                             [::]:111                           [::]:*           
tcp          LISTEN         0              128                             [::]:20048                         [::]:*           
tcp          LISTEN         0              64                              [::]:43313                         [::]:*           
tcp          LISTEN         0              128                             [::]:22                            [::]:*   

[root@centos8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2021-03-13 22:25:45 CST; 3min 18s ago
     Docs: man:rpcbind(8)
 Main PID: 9663 (rpcbind)
    Tasks: 1 (limit: 4763)
   Memory: 1.6M
   CGroup: /system.slice/rpcbind.service
           └─9663 /usr/bin/rpcbind -w -f

Mar 13 22:25:45 centos8 systemd[1]: Starting RPC Bind...
Mar 13 22:25:45 centos8 systemd[1]: Started RPC Bind.
[root@centos8 ~]# systemctl stop rpcbind
Warning: Stopping rpcbind.service, but it can still be activated by:
  rpcbind.socket
[root@centos8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: inactive (dead) (thawing) since Sat 2021-03-13 22:29:51 CST; 1s ago
     Docs: man:rpcbind(8)
  Process: 9663 ExecStart=/usr/bin/rpcbind $RPCBIND_ARGS -w -f (code=exited, status=0/SUCCESS)
 Main PID: 9663 (code=exited, status=0/SUCCESS)

Mar 13 22:25:45 centos8 systemd[1]: Starting RPC Bind...
Mar 13 22:25:45 centos8 systemd[1]: Started RPC Bind.
Mar 13 22:29:51 centos8 systemd[1]: Stopping RPC Bind...
Mar 13 22:29:51 centos8 systemd[1]: rpcbind.service: Succeeded.
Mar 13 22:29:51 centos8 systemd[1]: Stopped RPC Bind.
[root@centos8 ~]# systemctl restart nfs-server
[root@centos8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
   Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
   Active: active (running) (thawing) since Sat 2021-03-13 22:30:05 CST; 2s ago
     Docs: man:rpcbind(8)
 Main PID: 9728 (rpcbind)
    Tasks: 1 (limit: 4763)
   Memory: 1.0M
   CGroup: /system.slice/rpcbind.service
           └─9728 /usr/bin/rpcbind -w -f

Mar 13 22:30:05 centos8 systemd[1]: Starting RPC Bind...
Mar 13 22:30:05 centos8 systemd[1]: Started RPC Bind.


[root@centos8 ~]# mkdir /data/nfsdir{1..2}

[root@centos8 ~]# touch /data/nfsdir1/test1.txt
[root@centos8 ~]# touch /data/nfsdir2/test2.txt

[root@centos8 ~]# ll /etc/exports
-rw-r--r--. 1 root root 0 Sep 10  2018 /etc/exports

[root@centos8 ~]# vim /etc/exports
/data/nfsdir1 *
:wq

[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw)  
:wq

[root@centos8 ~]# exportfs -v

[root@centos8 ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
   Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
   Active: active (exited) since Sat 2021-03-13 22:30:05 CST; 12min ago
  Process: 9723 ExecStopPost=/usr/sbin/exportfs -f (code=exited, status=0/SUCCESS)
  Process: 9721 ExecStopPost=/usr/sbin/exportfs -au (code=exited, status=0/SUCCESS)
  Process: 9720 ExecStop=/usr/sbin/rpc.nfsd 0 (code=exited, status=0/SUCCESS)
  Process: 9747 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, sta>
  Process: 9736 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
  Process: 9735 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
 Main PID: 9747 (code=exited, status=0/SUCCESS)
    Tasks: 0 (limit: 4763)
   Memory: 0B
   CGroup: /system.slice/nfs-server.service

Mar 13 22:30:05 centos8 systemd[1]: Starting NFS server and services...
Mar 13 22:30:05 centos8 systemd[1]: Started NFS server and services.
[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning

[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)


[root@centos6 ~]# showmount -e 10.0.0.8
-bash: showmount: command not found

[root@centos6 ~]# yum provides showmount
1:nfs-utils-1.2.3-78.el6.x86_64 : NFS utilities and supporting clients and daemons for the kernel NFS server
Repo        : base
Matched from:
Other       : showmount



1:nfs-utils-1.2.3-78.el6_10.1.x86_64 : NFS utilities and supporting clients and daemons for the kernel NFS server
Repo        : updates
Matched from:
Other       : showmount



1:nfs-utils-1.2.3-78.el6_10.2.x86_64 : NFS utilities and supporting clients and daemons for the kernel NFS server
Repo        : updates
Matched from:
Other       : showmount


[root@centos6 ~]# yum -y install nfs-utils

[root@centos6 ~]# showmount -e 10.0.0.8
Export list for 10.0.0.8:
/data/nfsdir2 *
/data/nfsdir1 *

[root@centos6 ~]# mkdir /mnt/nfs1
[root@centos6 ~]# mkdir /mnt/nfs2

[root@centos6 ~]# mount 10.0.0.8:/data/nfsdir1 /mnt/nfs1
[root@centos6 ~]# mount 10.0.0.8:/data/nfsdir2 /mnt/nfs2

[root@centos6 ~]# ls /mnt/nfs1
test1.txt
[root@centos6 ~]# ls /mnt/nfs2
test2.txt


[root@centos6 ~]# vim /mnt/nfs1/test1.txt
![](https://img2020.cnblogs.com/blog/2229477/202103/2229477-20210314165117978-1145302583.jpg)

[root@centos6 ~]# vim /mnt/nfs2/test2.txt
![](https://img2020.cnblogs.com/blog/2229477/202103/2229477-20210314165152776-1981835150.jpg)

[root@centos6 ~]# mount
10.0.0.8:/data/nfsdir1 on /mnt/nfs1 type nfs (rw,vers=4,addr=10.0.0.8,clientaddr=10.0.0.6)
10.0.0.8:/data/nfsdir2 on /mnt/nfs2 type nfs (rw,vers=4,addr=10.0.0.8,clientaddr=10.0.0.6)

[root@centos6 ~]# cd /mnt/nfs2
[root@centos6 nfs2]# ls
test2.txt
[root@centos6 nfs2]# touch centos6.txt
touch: cannot touch `centos6.txt': Permission denied

[root@centos6 nfs2]# cd ../nfs1
[root@centos6 nfs1]# touch centos6.txt
touch: cannot touch `centos6.txt': Read-only file system

[root@centos8 ~]# ll -d /data/nfsdir2/
drwxr-xr-x 2 root root 23 Mar 13 22:37 /data/nfsdir2/

[root@centos8 ~]# chmod 777 /data/nfsdir2/
[root@centos8 ~]# ll -d /data/nfsdir2/
drwxrwxrwx 2 root root 23 Mar 13 22:37 /data/nfsdir2/

[root@centos6 nfs1]# cd ../nfs2
[root@centos6 nfs2]# touch centos6.txt
[root@centos6 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root      root      0 Mar 13 22:37 test2.txt

[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt

[root@centos8 ~]# id nobody
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)

[root@centos6 nfs2]# id nfsnobody
uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody)

[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
# root_squash   把root 身份压榨成nobody用户权限

[root@centos6 nfs2]# su - neteagle
[neteagle@centos6 ~]$ cd /mnt/nfs2
[neteagle@centos6 nfs2]$ touch neteagle.txt
[neteagle@centos6 nfs2]$ ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1 neteagle  neteagle  0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root      root      0 Mar 13 22:37 test2.txt

[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1    500    500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt

[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1    500    500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt
[root@centos8 ~]# useradd -u 500 haha
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1 haha      500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt

[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
# no_all_squash  普通用户不压榨

[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw,no_root_squash)
:wq

[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning
[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)

[root@centos7 ~]# showmount -e 10.0.0.8
-bash: showmount: command not found
[root@centos7 ~]# yum -y install nfs-utils

[root@centos7 ~]# showmount -e 10.0.0.8
Export list for 10.0.0.8:
/data/nfsdir2 *
/data/nfsdir1 *

[root@centos7 ~]# mkdir /mnt/dir1
[root@centos7 ~]# mkdir /mnt/dir2

[root@centos7 ~]# vim /etc/fstab
10.0.0.8:/data/nfsdir2                    /mnt/nfs2               nfs     _netdev         0 0
10.0.0.8:/data/nfsdir1                    /mnt/nfs1               nfs     _netdev         0 0
:wq
#_netdev   一但网络不能访问,不会造成系统启动不了

[root@centos7 ~]# reboot

[root@centos7 ~]# df
Filesystem             1K-blocks    Used Available Use% Mounted on
devtmpfs                  487116       0    487116   0% /dev
tmpfs                     497836       0    497836   0% /dev/shm
tmpfs                     497836    7816    490020   2% /run
tmpfs                     497836       0    497836   0% /sys/fs/cgroup
/dev/sda2              104806400 1490616 103315784   2% /
/dev/sda3               52403200   32992  52370208   1% /data
/dev/sda1                1038336  134232    904104  13% /boot
10.0.0.8:/data/nfsdir1  52403200  398336  52004864   1% /mnt/nfs1
10.0.0.8:/data/nfsdir2  52403200  398336  52004864   1% /mnt/nfs2
tmpfs                      99568       0     99568   0% /run/user/0

[root@centos8 ~]# chmod 755 /data/nfsdir2
[root@centos8 ~]# ll -d /data/nfsdir2
drwxr-xr-x 2 root root 62 Mar 13 23:11 /data/nfsdir2

[root@centos7 ~]# cd /mnt/nfs2/
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1       500       500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root      root      0 Mar 13 22:37 test2.txt
[root@centos7 nfs2]# touch centos7.txt
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root      root      0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1       500       500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root      root      0 Mar 13 22:37 test2.txt

[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root   root   0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 haha      500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt

[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw,no_root_squash,all_squash)
:wq

[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning
[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,all_squash)

[root@centos7 nfs2]# su neteagle
[neteagle@centos7 nfs2]$ touch neteagle2.txt
touch: cannot touch ‘neteagle2.txt’: Permission denied

[root@centos8 ~]# chmod 777 /data/nfsdir2

[neteagle@centos7 nfs2]$ touch neteagle2.txt
[neteagle@centos7 nfs2]$ ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root      root      0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nfsnobody nfsnobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1       500       500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root      root      0 Mar 13 22:37 test2.txt

[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root   root   0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nobody nobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 haha      500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt

[neteagle@centos7 nfs2]$ exit
exit
[root@centos7 nfs2]# touch root1.txt
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root      root      0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nfsnobody nfsnobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1       500       500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 root      root      0 Mar 13 22:37 test2.txt

[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root   root   0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nobody nobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 haha      500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nobody nobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt

[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw,no_root_squash,all_squash,anonuid=2,anongid=2)
:wq

[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning
[root@centos8 ~]# exportfs -v
/data/nfsdir1 	<world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 	<world>(sync,wdelay,hide,no_subtree_check,anonuid=2,anongid=2,sec=sys,rw,secure,no_root_squash,all_squash)

[root@centos7 nfs2]# touch root2.txt
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root      root      0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nfsnobody nfsnobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1       500       500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 daemon    daemon    0 Mar 13 23:47 root2.txt
-rw-r--r-- 1 root      root      0 Mar 13 22:37 test2.txt

[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root   root   0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nobody nobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 haha      500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nobody nobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 daemon daemon 0 Mar 13 23:47 root2.txt
-rw-r--r-- 1 root   root   0 Mar 13 22:37 test2.txt

五.sersync 实现实时数据同步

1.基于rsync daemon 实现 sersync

[root@centos8 ~]# hostnamectl set-hostname data
[root@centos8-2 ~]# hostnamectl set-hostname backup

[root@backup ~]# dnf -y install rsync-daemon

[root@backup ~]# vim /etc/rsyncd.conf
uid = root
gid = root
#port = 874
#use chroot = no
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
##hosts allow = 10.0.0.0/24
[backup]
path = /data/backup/
comment = backup dir
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pas  
:wq

[root@backup ~]# mkdir -p /data/backup

[root@backup ~]# echo "rsyncuser:magedu" > /etc/rsync.pas
[root@backup ~]# chmod 600 /etc/rsync.pas

[root@backup ~]# systemctl start rsyncd
[root@backup ~]# ss -ntl
State            Recv-Q           Send-Q                     Local Address:Port                     Peer Address:Port          
LISTEN           0                128                              0.0.0.0:22                            0.0.0.0:*             
LISTEN           0                5                                0.0.0.0:873                           0.0.0.0:*             
LISTEN           0                128                                 [::]:22                               [::]:*             
LISTEN           0                5                                   [::]:873                              [::]:*

[root@data ~]# echo "magedu" > /etc/rsync.pas
[root@data ~]# chmod 600 /etc/rsync.pas

[root@data ~]# rsync rsync://10.0.0.18
backup         	backup dir

[root@data ~]# rsync rsync://10.0.0.18/backup
-bash: rsync: command not found
[root@data ~]# dnf -y install rsync

[root@data ~]# rsync rsync://10.0.0.18/backup
Password: 
@ERROR: auth failed on module backup
rsync error: error starting client-server protocol (code 5) at main.c(1657) [Receiver=3.1.3]

[root@data ~]# rsync rsync://rsyncuser@10.0.0.18/backup
Password: 
drwxr-xr-x              6 2021/03/14 18:28:43 .

[root@data ~]# rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.18/backup
drwxr-xr-x              6 2021/03/14 18:28:43 .

[root@backup ~]# mkdir /data/backup/test.txt

[root@data ~]# rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.18/backup
drwxr-xr-x             22 2021/03/14 18:39:12 .
drwxr-xr-x              6 2021/03/14 18:39:12 test.txt

[root@data ~]# ls 
anaconda-ks.cfg  sersync2.5.4_64bit_binary_stable_final.tar.gz

[root@data ~]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz 
[root@data ~]# ls
anaconda-ks.cfg  GNU-Linux-x86  sersync2.5.4_64bit_binary_stable_final.tar.gz

[root@data ~]# cp -a GNU-Linux-x86/ /usr/local/sersync

[root@data ~]# mkdir /data/www

[root@data ~]# vim /usr/local/sersync/confxml.xml
<attrib start="true"/>

    <localpath watch="/data/www">
        <remote ip="10.0.0.18" name="backup"/>

        <auth start="true" users="rsyncuser" passwordfile="/etc/rsync.pas"/>
:wq

[root@data ~]# ln -s /usr/local/sersync/sersync2 /usr/bin/
[root@data ~]# sersync2 -h
set the system param
execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
_______________________________________________________
参数-d:启用守护进程模式
参数-r:在监控前,将监控目录与远程主机用rsync命令推送一遍
c参数-n: 指定开启守护线程的数量,默认为10个
参数-o:指定配置文件,默认使用confxml.xml文件
参数-m:单独启用其他模块,使用 -m refreshCDN 开启刷新CDN模块
参数-m:单独启用其他模块,使用 -m socket 开启socket模块
参数-m:单独启用其他模块,使用 -m http 开启http模块
不加-m参数,则默认执行同步程序


[root@data ~]# ls /data/www
[root@data ~]# cp /etc/fstab /data/www/f1.txt

[root@backup ~]# ls /data/backup/
test.txt

[root@data ~]# sersync2 -dro /usr/local/sersync/confxml.xml
set the system param
execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
option: -d 	run as a daemon
option: -r 	rsync all the local files to the remote servers before the sersync work
option: -o 	config xml name:  /usr/local/sersync/confxml.xml
daemon thread num: 10
parse xml config file
host ip : localhost	host port: 8008
daemon start,sersync run behind the console 
use rsync password-file :
user is	rsyncuser
passwordfile is 	/etc/rsync.pas
config xml parse success
please set /etc/rsyncd.conf max connections=0 Manually
sersync working thread 12  = 1(primary thread) + 1(fail retry thread) + 10(daemon sub threads) 
Max threads numbers is: 22 = 12(Thread pool nums) + 10(Sub threads)
please according your cpu ,use -n param to adjust the cpu rate
------------------------------------------
rsync the directory recursivly to the remote servers once
working please wait...
execute command: cd /data/www && rsync -artuz -R --delete ./ rsyncuser@10.0.0.18::backup --password-file=/etc/rsync.pas >/dev/null 2>&1 
run the sersync: 
watch path is: /data/www

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 18:59:31 2021

total 4
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt

[root@data ~]# ps aux |grep sersync
root       10076  0.0  0.1  92336  1328 ?        Ssl  18:59   0:00 sersync2 -dro /usr/local/sersync/confxml.xml
root       10092  0.0  0.1  12112  1088 pts/0    R+   19:00   0:00 grep --color=auto sersync

[root@data ~]# touch /data/www/f2.txt

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 19:01:06 2021

total 4
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root   0 Mar 14 19:00 f2.txt

[root@data ~]# mkdir -p /data/www/d1/d2/d3

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 19:02:12 2021

total 4
drwxr-xr-x 3 root root  16 Mar 14 19:01 d1
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root   0 Mar 14 19:00 f2.txt


[root@backup ~]# tree /data/backup/
/data/backup/
├── d1
│   └── d2
│       └── d3
├── f1.txt
└── f2.txt

3 directories, 2 files

[root@data ~]# cp /etc/fstab /data/www/d1/d2/d3/

[root@backup ~]# tree /data/backup/
/data/backup/
├── d1
│   └── d2
│       └── d3
│           └── fstab
├── f1.txt
└── f2.txt

3 directories, 3 files

[root@data ~]# rm -rf /data/www/d1

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 19:04:33 2021

total 4
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root   0 Mar 14 19:00 f2.txt

[root@data ~]# dd if=/dev/zero of=/data/www/bigfile bs=1M count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.26856 s, 846 MB/s

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 19:06:44 2021

total 1048580
-rw-r--r-- 1 root root 1073741824 Mar 14 19:06 bigfile
-rw-r--r-- 1 root root        709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root          0 Mar 14 19:00 f2.txt

2.基于远程shell 实现 sersync

[root@backup ~]# systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
   Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)
   Active: active (running) since Sun 2021-03-14 18:30:08 CST; 38min ago
 Main PID: 9785 (rsync)
    Tasks: 1 (limit: 4763)
   Memory: 400.4M
   CGroup: /system.slice/rsyncd.service
           └─9785 /usr/bin/rsync --daemon --no-detach

Mar 14 19:03:31 backup rsyncd[10655]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:03:31 backup rsyncd[10655]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:04:20 backup rsyncd[10658]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:04:20 backup rsyncd[10658]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:04:21 backup rsyncd[10660]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:04:21 backup rsyncd[10660]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:06:28 backup rsyncd[10815]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:06:28 backup rsyncd[10815]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:06:35 backup rsyncd[10844]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:06:35 backup rsyncd[10844]: connect from UNDETERMINED (10.0.0.8)
[root@backup ~]# systemctl stop rsyncd
[root@backup ~]# ss -ntl
State            Recv-Q           Send-Q                     Local Address:Port                     Peer Address:Port          
LISTEN           0                128                              0.0.0.0:22                            0.0.0.0:*             
LISTEN           0                128                                 [::]:22                               [::]:*  

[root@data ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rvnaoTyr5TcOr3w2leySfWZMHeMrBQ+9VXlCaUEYcP4 root@data
The key's randomart image is:
+---[RSA 3072]----+
|          ..o=+o.|
|           o. +.o|
|            .o .o|
|            o.+ .|
|        S. . *E= |
|       .  + . *  |
|      o o= o . . |
|     =.BO.o * .  |
|    ..@@=+ + .   |
+----[SHA256]-----+

[root@data ~]# ssh-copy-id 10.0.0.18:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.18 (10.0.0.18)' can't be established.
ECDSA key fingerprint is SHA256:8eD6mLtx6VPebzeGBEIJMs9np43gsQHfFAmvY7kleRI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.18's password: 

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh '10.0.0.18'"
and check to make sure that only the key(s) you wanted were added.

[root@data ~]# vim /usr/local/sersync/confxml.xml
    <localpath watch="/data/www">
        <remote ip="10.0.0.18" name="/data/backup"/>

        <auth start="false" users="rsyncuser" passwordfile="/etc/rsync.pas"/>  

        <ssh start="true"/>  
:wq

[root@data ~]# ps aux |grep sersync
root       10076  0.0  0.2 116924  1624 ?        Ssl  18:59   0:00 sersync2 -dro /usr/local/sersync/confxml.xml
root       10201  0.0  0.1  12112  1096 pts/0    R+   19:19   0:00 grep --color=auto sersync
[root@data ~]# killall sersync2
-bash: killall: command not found
[root@data ~]# dnf provides killall
Last metadata expiration check: 0:47:44 ago on Sun 14 Mar 2021 06:32:55 PM CST.
psmisc-23.1-5.el8.x86_64 : Utilities for managing processes on your system
Repo        : BaseOS
Matched from:
Filename    : /usr/bin/killall

[root@data ~]# dnf -y install psmisc

[root@data ~]# killall sersync2
[root@data ~]# ps aux |grep sersync
root       10506  0.0  0.1  12112  1044 pts/0    R+   19:21   0:00 grep --color=auto sersync

[root@data ~]# sersync2 -dro /usr/local/sersync/confxml.xml
set the system param
execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
option: -d 	run as a daemon
option: -r 	rsync all the local files to the remote servers before the sersync work
option: -o 	config xml name:  /usr/local/sersync/confxml.xml
daemon thread num: 10
parse xml config file
host ip : localhost	host port: 8008
daemon start,sersync run behind the console 
config xml parse success
please set /etc/rsyncd.conf max connections=0 Manually
sersync working thread 12  = 1(primary thread) + 1(fail retry thread) + 10(daemon sub threads) 
Max threads numbers is: 22 = 12(Thread pool nums) + 10(Sub threads)
please according your cpu ,use -n param to adjust the cpu rate
------------------------------------------
rsync the directory recursivly to the remote servers once
working please wait...
execute command: cd /data/www && rsync -artuz -R --delete ./  -e ssh 10.0.0.18:/data/backup >/dev/null 2>&1 
run the sersync: 
watch path is: /data/www

[root@data ~]# rm -f /data/www/f*

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 19:23:22 2021

total 1048576
-rw-r--r-- 1 root root 1073741824 Mar 14 19:06 bigfile

[root@data ~]# touch /data/www/a.txt

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 19:24:06 2021

total 1048576
-rw-r--r-- 1 root root          0 Mar 14 19:23 a.txt
-rw-r--r-- 1 root root 1073741824 Mar 14 19:06 bigfile

[root@data ~]# rm -f /data/www/bigfile

[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/                                                                backup: Sun Mar 14 19:24:41 2021

total 0
-rw-r--r-- 1 root root 0 Mar 14 19:23 a.txt
posted @ 2021-03-14 16:29  网络之鹰  阅读(791)  评论(0编辑  收藏  举报