29.第23章 网络文件共享服务
一.FTP 两种工作模式
主动模式port
FTP主动模式:TCP链接客户端访问FTP,客户端会开启一个大于1024的端口N访问FTP的21端口(控制端口),并通过21端口发送port命令与N+1的端口,服务端收到命令后会使用20(数据端口)主动链接客户端N+1端口进行数据传输。
被动模式pasv
FTP被动模式:TCP链接客户端访问FTP,客户端开启一个大于1024的端口N访问FTP的21端口(控制端口),同时会开启一个N+1的端口,并通过21端口发送pasv命令,FTP同过命令得知处于被动状态,会开放一个大于1024的端口P,然后通过命令通知客户端P数据端口,客户端然后会通过N+1端口链接P端口进行数据传输。
注:
- 由于防火墙机制,主动模式不利于客户端管理,被动模式不利于服务端管理。
- 主动情况下服务端数据端主动链接客户端可能遭到客户端防火墙拦截。
- 被动情况下客户端主动访问服务端数据端口可能遭到服务端防火墙拦截。
二.实现基于MYSQL验证的vsftpd虚拟用户
[root@centos8 ~]# yum -y install mariadb-server
[root@centos8 ~]# systemctl enable --now mariadb
Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.
[root@centos8 ~]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.27-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE vsftpd;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> use vsftpd
Database changed
CREATE TABLE users (
id INT AUTO_INCREMENT NOT NULL PRIMARY KEY,
name CHAR(50) BINARY NOT NULL,
password CHAR(48) BINARY NOT NULL
);
MariaDB [vsftpd]> desc users;
+----------+----------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra |
+----------+----------+------+-----+---------+----------------+
| id | int(11) | NO | PRI | NULL | auto_increment |
| name | char(50) | NO | | NULL | |
| password | char(48) | NO | | NULL | |
+----------+----------+------+-----+---------+----------------+
3 rows in set (0.001 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser1',password('123456'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser2',password('123456'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> INSERT INTO users(name,password) values('ftpuser3',password('123456'));
Query OK, 1 row affected (0.001 sec)
MariaDB [vsftpd]> select * from users;
+----+----------+-------------------------------------------+
| id | name | password |
+----+----------+-------------------------------------------+
| 1 | ftpuser1 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 2 | ftpuser2 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
| 3 | ftpuser3 | *6BB4837EB74329105EE4568DDA7DC67ED2CA2AD9 |
+----+----------+-------------------------------------------+
3 rows in set (0.000 sec)
MariaDB [vsftpd]> GRANT SELECT ON vsftpd.* TO vsftpd@'10.0.0.%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.000 sec)
[root@centos7 ~]# yum -y install vsftpd gcc gcc-c++ make mariadb-devel pam-devel
[root@centos7 ~]# rz -E
rz waiting to receive.
[root@centos7 ~]# tar xf pam_mysql-0.7RC1.tar.gz
[root@centos7 ~]# cd pam_mysql-0.7RC1
[root@centos7 pam_mysql-0.7RC1]# ls
acinclude.m4 config.guess configure CREDITS ltmain.sh missing pam_mysql.c pkg.m4
aclocal.m4 config.h.in configure.in INSTALL Makefile.am mkinstalldirs pam_mysql.spec README
ChangeLog config.sub COPYING install-sh Makefile.in NEWS pam_mysql.spec.in stamp-h.in
[root@centos7 pam_mysql-0.7RC1]# ./configure --with-pam-mods-dir=/lib64/security
[root@centos7 pam_mysql-0.7RC1]# make install
[root@centos7 pam_mysql-0.7RC1]# ll /lib64/security/pam_mysql.*
-rwxr-xr-x 1 root root 882 Mar 13 21:08 /lib64/security/pam_mysql.la
-rwxr-xr-x 1 root root 141712 Mar 13 21:08 /lib64/security/pam_mysql.so
[root@centos7 pam_mysql-0.7RC1]# vim /etc/pam.d/vsftpd.mysql
auth required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
account required pam_mysql.so user=vsftpd passwd=123456 host=10.0.0.8 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2
:wq
[root@centos7 pam_mysql-0.7RC1]# useradd -s /sbin/nologin -d /data/ftproot -r vuser
[root@centos7 pam_mysql-0.7RC1]# id vuser
uid=998(vuser) gid=996(vuser) groups=996(vuser)
[root@centos7 pam_mysql-0.7RC1]# ls /data/ftproot
ls: cannot access /data/ftproot: No such file or directory
[root@centos7 pam_mysql-0.7RC1]# mkdir -p /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# ll -d /data/ftproot/upload
drwxr-xr-x 2 root root 6 Mar 13 21:16 /data/ftproot/upload
[root@centos7 pam_mysql-0.7RC1]# setfacl -m u:vuser:rwx /data/ftproot/upload/
[root@centos7 pam_mysql-0.7RC1]# vim /etc/vsftpd/vsftpd.conf
anonymous_enable=NO
pam_service_name=vsftpd.mysql
guest_enable=YES
guest_username=vuser
:wq
[root@centos7 pam_mysql-0.7RC1]# systemctl enable --now vsftpd
Created symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.
[root@centos7 pam_mysql-0.7RC1]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 32 [::]:21 [::]:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@centos6 ~]# yum -y install ftp
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,57,86).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 6 Mar 13 13:16 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,191,50).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 29 Mar 13 13:36 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos7 ~]# vim /etc/vsftpd/vsftpd.conf
user_config_dir=/etc/vsftpd/conf.d/
:wq
[root@centos7 ~]# mkdir /etc/vsftpd/conf.d/
[root@centos7 conf.d]# vim ftpuser1
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
:wq
[root@centos7 conf.d]# systemctl restart vsftpd
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser1
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,38,124).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 6 Mar 13 13:16 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,195,218).
150 Ok to send data.
226 Transfer complete.
958 bytes sent in 0.00704 secs (136.12 Kbytes/sec)
ftp>
[root@centos7 pam_mysql-0.7RC1]# tail -f /var/log/secure
Mar 13 21:35:02 centos7 polkitd[547]: Registered Authentication Agent for unix-process:11920:442834 (system bus name :1.24 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Mar 13 21:35:02 centos7 polkitd[547]: Unregistered Authentication Agent for unix-process:11920:442834 (system bus name :1.24, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
[root@centos7 conf.d]# ll /data/ftproot/upload/
total 4
-rw------- 1 vuser vuser 958 Mar 13 21:36 anaconda-ks.cfg
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (10,0,0,7,191,50).
150 Here comes the directory listing.
drwxrwxr-x 2 0 0 29 Mar 13 13:36 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,115,217).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos7 conf.d]# mkdir /data/ftproot2
[root@centos7 conf.d]# touch /data/ftproot2/ftproot2.txt
[root@centos7 conf.d]# mkdir /data/ftproot3
[root@centos7 conf.d]# touch /data/ftproot3/ftproot3.txt
[root@centos7 conf.d]# vim ftpuser2
local_root=/data/ftproot2
:wq
[root@centos7 conf.d]# vim ftpuser3
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
local_root=/data/ftproot3
:wq
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser2
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,197,196).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot2.txt
226 Directory send OK.
[root@centos7 conf.d]# mkdir /data/ftproot2/upload
[root@centos7 conf.d]# mkdir /data/ftproot3/upload
ftp> ls
227 Entering Passive Mode (10,0,0,7,209,217).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot2.txt
drwxr-xr-x 2 0 0 6 Mar 13 13:46 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,75,170).
550 Permission denied.
ftp> exit
221 Goodbye.
[root@centos6 ~]# ftp 10.0.0.7
Connected to 10.0.0.7 (10.0.0.7).
220 (vsFTPd 3.0.2)
Name (10.0.0.7:root): ftpuser3
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (10,0,0,7,178,70).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Mar 13 13:41 ftproot3.txt
drwxr-xr-x 2 0 0 6 Mar 13 13:46 upload
226 Directory send OK.
ftp> cd upload
250 Directory successfully changed.
ftp> !ls
anaconda-ks.cfg install.log install.log.syslog
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,49,119).
553 Could not create file.
[root@centos7 conf.d]# ll /data/ftproot3/upload/ -d
drwxr-xr-x 2 root root 6 Mar 13 21:46 /data/ftproot3/upload/
[root@centos7 conf.d]# setfacl -m u:vuser:rwx /data/ftproot3/upload/
ftp> put anaconda-ks.cfg
local: anaconda-ks.cfg remote: anaconda-ks.cfg
227 Entering Passive Mode (10,0,0,7,142,7).
150 Ok to send data.
226 Transfer complete.
958 bytes sent in 0.000108 secs (8870.37 Kbytes/sec)
三.NFS工作原理
什么是NFS?
network file system 网络文件系统
通过网络存储和组织文件的一种方法或机制。
为什么要用NFS?
前端所有的应用服务器接收到用户上传的图片、文件、视频,都会统一放到后端的存储上。
共享存储的好处:方便数据的查找与取出,缺点:存储服务器压力大,坏了丢失全部数据。
NFS工作原理
NFS功能,有很多服务,每个服务都有自己的端口,并且经常变换。
客户端查找这些端口,就需要一个中间人---RPC服务(默认端口号111)。
工作流程:
1.启动RPC服务
2.启动NFS服务(同时向RPC服务注册启动的端口)
3.客户端向RPC请求NFS服务
4.RPC返回端口到客户端
5.客户端用返回的端口地址向NFS请求传输数据。
四.实现NFS
[root@centos8 ~]# dnf -y install nfs-utils
[root@centos8 ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; disabled; vendor preset: disabled)
Active: inactive (dead)
[root@centos8 ~]# systemctl enable --now nfs-server
Created symlink /etc/systemd/system/multi-user.target.wants/nfs-server.service → /usr/lib/systemd/system/nfs-server.service.
[root@centos8 ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Active: active (exited) since Sat 2021-03-13 22:25:46 CST; 14s ago
Process: 9694 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, sta>
Process: 9683 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 9682 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 9694 (code=exited, status=0/SUCCESS)
Mar 13 22:25:46 centos8 systemd[1]: Starting NFS server and services...
Mar 13 22:25:46 centos8 systemd[1]: Started NFS server and services.
[root@centos8 ~]# ss -ntul
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
udp UNCONN 0 0 0.0.0.0:20048 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:111 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:43875 0.0.0.0:*
udp UNCONN 0 0 0.0.0.0:55680 0.0.0.0:*
udp UNCONN 0 0 127.0.0.1:951 0.0.0.0:*
udp UNCONN 0 0 [::]:20048 [::]:*
udp UNCONN 0 0 [::]:36436 [::]:*
udp UNCONN 0 0 [::]:33370 [::]:*
udp UNCONN 0 0 [::]:111 [::]:*
tcp LISTEN 0 64 0.0.0.0:35485 0.0.0.0:*
tcp LISTEN 0 64 0.0.0.0:2049 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:53007 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:111 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:20048 0.0.0.0:*
tcp LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
tcp LISTEN 0 128 [::]:47293 [::]:*
tcp LISTEN 0 64 [::]:2049 [::]:*
tcp LISTEN 0 128 [::]:111 [::]:*
tcp LISTEN 0 128 [::]:20048 [::]:*
tcp LISTEN 0 64 [::]:43313 [::]:*
tcp LISTEN 0 128 [::]:22 [::]:*
[root@centos8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2021-03-13 22:25:45 CST; 3min 18s ago
Docs: man:rpcbind(8)
Main PID: 9663 (rpcbind)
Tasks: 1 (limit: 4763)
Memory: 1.6M
CGroup: /system.slice/rpcbind.service
└─9663 /usr/bin/rpcbind -w -f
Mar 13 22:25:45 centos8 systemd[1]: Starting RPC Bind...
Mar 13 22:25:45 centos8 systemd[1]: Started RPC Bind.
[root@centos8 ~]# systemctl stop rpcbind
Warning: Stopping rpcbind.service, but it can still be activated by:
rpcbind.socket
[root@centos8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: inactive (dead) (thawing) since Sat 2021-03-13 22:29:51 CST; 1s ago
Docs: man:rpcbind(8)
Process: 9663 ExecStart=/usr/bin/rpcbind $RPCBIND_ARGS -w -f (code=exited, status=0/SUCCESS)
Main PID: 9663 (code=exited, status=0/SUCCESS)
Mar 13 22:25:45 centos8 systemd[1]: Starting RPC Bind...
Mar 13 22:25:45 centos8 systemd[1]: Started RPC Bind.
Mar 13 22:29:51 centos8 systemd[1]: Stopping RPC Bind...
Mar 13 22:29:51 centos8 systemd[1]: rpcbind.service: Succeeded.
Mar 13 22:29:51 centos8 systemd[1]: Stopped RPC Bind.
[root@centos8 ~]# systemctl restart nfs-server
[root@centos8 ~]# systemctl status rpcbind
● rpcbind.service - RPC Bind
Loaded: loaded (/usr/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
Active: active (running) (thawing) since Sat 2021-03-13 22:30:05 CST; 2s ago
Docs: man:rpcbind(8)
Main PID: 9728 (rpcbind)
Tasks: 1 (limit: 4763)
Memory: 1.0M
CGroup: /system.slice/rpcbind.service
└─9728 /usr/bin/rpcbind -w -f
Mar 13 22:30:05 centos8 systemd[1]: Starting RPC Bind...
Mar 13 22:30:05 centos8 systemd[1]: Started RPC Bind.
[root@centos8 ~]# mkdir /data/nfsdir{1..2}
[root@centos8 ~]# touch /data/nfsdir1/test1.txt
[root@centos8 ~]# touch /data/nfsdir2/test2.txt
[root@centos8 ~]# ll /etc/exports
-rw-r--r--. 1 root root 0 Sep 10 2018 /etc/exports
[root@centos8 ~]# vim /etc/exports
/data/nfsdir1 *
:wq
[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw)
:wq
[root@centos8 ~]# exportfs -v
[root@centos8 ~]# systemctl status nfs-server
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor preset: disabled)
Active: active (exited) since Sat 2021-03-13 22:30:05 CST; 12min ago
Process: 9723 ExecStopPost=/usr/sbin/exportfs -f (code=exited, status=0/SUCCESS)
Process: 9721 ExecStopPost=/usr/sbin/exportfs -au (code=exited, status=0/SUCCESS)
Process: 9720 ExecStop=/usr/sbin/rpc.nfsd 0 (code=exited, status=0/SUCCESS)
Process: 9747 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then systemctl reload gssproxy ; fi (code=exited, sta>
Process: 9736 ExecStart=/usr/sbin/rpc.nfsd (code=exited, status=0/SUCCESS)
Process: 9735 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 9747 (code=exited, status=0/SUCCESS)
Tasks: 0 (limit: 4763)
Memory: 0B
CGroup: /system.slice/nfs-server.service
Mar 13 22:30:05 centos8 systemd[1]: Starting NFS server and services...
Mar 13 22:30:05 centos8 systemd[1]: Started NFS server and services.
[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
[root@centos6 ~]# showmount -e 10.0.0.8
-bash: showmount: command not found
[root@centos6 ~]# yum provides showmount
1:nfs-utils-1.2.3-78.el6.x86_64 : NFS utilities and supporting clients and daemons for the kernel NFS server
Repo : base
Matched from:
Other : showmount
1:nfs-utils-1.2.3-78.el6_10.1.x86_64 : NFS utilities and supporting clients and daemons for the kernel NFS server
Repo : updates
Matched from:
Other : showmount
1:nfs-utils-1.2.3-78.el6_10.2.x86_64 : NFS utilities and supporting clients and daemons for the kernel NFS server
Repo : updates
Matched from:
Other : showmount
[root@centos6 ~]# yum -y install nfs-utils
[root@centos6 ~]# showmount -e 10.0.0.8
Export list for 10.0.0.8:
/data/nfsdir2 *
/data/nfsdir1 *
[root@centos6 ~]# mkdir /mnt/nfs1
[root@centos6 ~]# mkdir /mnt/nfs2
[root@centos6 ~]# mount 10.0.0.8:/data/nfsdir1 /mnt/nfs1
[root@centos6 ~]# mount 10.0.0.8:/data/nfsdir2 /mnt/nfs2
[root@centos6 ~]# ls /mnt/nfs1
test1.txt
[root@centos6 ~]# ls /mnt/nfs2
test2.txt
[root@centos6 ~]# vim /mnt/nfs1/test1.txt
![](https://img2020.cnblogs.com/blog/2229477/202103/2229477-20210314165117978-1145302583.jpg)
[root@centos6 ~]# vim /mnt/nfs2/test2.txt
![](https://img2020.cnblogs.com/blog/2229477/202103/2229477-20210314165152776-1981835150.jpg)
[root@centos6 ~]# mount
10.0.0.8:/data/nfsdir1 on /mnt/nfs1 type nfs (rw,vers=4,addr=10.0.0.8,clientaddr=10.0.0.6)
10.0.0.8:/data/nfsdir2 on /mnt/nfs2 type nfs (rw,vers=4,addr=10.0.0.8,clientaddr=10.0.0.6)
[root@centos6 ~]# cd /mnt/nfs2
[root@centos6 nfs2]# ls
test2.txt
[root@centos6 nfs2]# touch centos6.txt
touch: cannot touch `centos6.txt': Permission denied
[root@centos6 nfs2]# cd ../nfs1
[root@centos6 nfs1]# touch centos6.txt
touch: cannot touch `centos6.txt': Read-only file system
[root@centos8 ~]# ll -d /data/nfsdir2/
drwxr-xr-x 2 root root 23 Mar 13 22:37 /data/nfsdir2/
[root@centos8 ~]# chmod 777 /data/nfsdir2/
[root@centos8 ~]# ll -d /data/nfsdir2/
drwxrwxrwx 2 root root 23 Mar 13 22:37 /data/nfsdir2/
[root@centos6 nfs1]# cd ../nfs2
[root@centos6 nfs2]# touch centos6.txt
[root@centos6 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# id nobody
uid=65534(nobody) gid=65534(nobody) groups=65534(nobody)
[root@centos6 nfs2]# id nfsnobody
uid=65534(nfsnobody) gid=65534(nfsnobody) groups=65534(nfsnobody)
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
# root_squash 把root 身份压榨成nobody用户权限
[root@centos6 nfs2]# su - neteagle
[neteagle@centos6 ~]$ cd /mnt/nfs2
[neteagle@centos6 nfs2]$ touch neteagle.txt
[neteagle@centos6 nfs2]$ ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1 neteagle neteagle 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1 500 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1 500 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# useradd -u 500 haha
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1 haha 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
# no_all_squash 普通用户不压榨
[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw,no_root_squash)
:wq
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,root_squash,no_all_squash)
[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
[root@centos7 ~]# showmount -e 10.0.0.8
-bash: showmount: command not found
[root@centos7 ~]# yum -y install nfs-utils
[root@centos7 ~]# showmount -e 10.0.0.8
Export list for 10.0.0.8:
/data/nfsdir2 *
/data/nfsdir1 *
[root@centos7 ~]# mkdir /mnt/dir1
[root@centos7 ~]# mkdir /mnt/dir2
[root@centos7 ~]# vim /etc/fstab
10.0.0.8:/data/nfsdir2 /mnt/nfs2 nfs _netdev 0 0
10.0.0.8:/data/nfsdir1 /mnt/nfs1 nfs _netdev 0 0
:wq
#_netdev 一但网络不能访问,不会造成系统启动不了
[root@centos7 ~]# reboot
[root@centos7 ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
devtmpfs 487116 0 487116 0% /dev
tmpfs 497836 0 497836 0% /dev/shm
tmpfs 497836 7816 490020 2% /run
tmpfs 497836 0 497836 0% /sys/fs/cgroup
/dev/sda2 104806400 1490616 103315784 2% /
/dev/sda3 52403200 32992 52370208 1% /data
/dev/sda1 1038336 134232 904104 13% /boot
10.0.0.8:/data/nfsdir1 52403200 398336 52004864 1% /mnt/nfs1
10.0.0.8:/data/nfsdir2 52403200 398336 52004864 1% /mnt/nfs2
tmpfs 99568 0 99568 0% /run/user/0
[root@centos8 ~]# chmod 755 /data/nfsdir2
[root@centos8 ~]# ll -d /data/nfsdir2
drwxr-xr-x 2 root root 62 Mar 13 23:11 /data/nfsdir2
[root@centos7 ~]# cd /mnt/nfs2/
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-rw-r-- 1 500 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos7 nfs2]# touch centos7.txt
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 500 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 haha 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw,no_root_squash,all_squash)
:wq
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash)
[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,all_squash)
[root@centos7 nfs2]# su neteagle
[neteagle@centos7 nfs2]$ touch neteagle2.txt
touch: cannot touch ‘neteagle2.txt’: Permission denied
[root@centos8 ~]# chmod 777 /data/nfsdir2
[neteagle@centos7 nfs2]$ touch neteagle2.txt
[neteagle@centos7 nfs2]$ ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nfsnobody nfsnobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 500 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nobody nobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 haha 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[neteagle@centos7 nfs2]$ exit
exit
[root@centos7 nfs2]# touch root1.txt
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nfsnobody nfsnobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 500 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nobody nobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 haha 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nobody nobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# vim /etc/exports.d/test.exports
/data/nfsdir2 *(rw,no_root_squash,all_squash,anonuid=2,anongid=2)
:wq
[root@centos8 ~]# exportfs -r
exportfs: No options for /data/nfsdir1 *: suggest *(sync) to avoid warning
[root@centos8 ~]# exportfs -v
/data/nfsdir1 <world>(sync,wdelay,hide,no_subtree_check,sec=sys,ro,secure,root_squash,no_all_squash)
/data/nfsdir2 <world>(sync,wdelay,hide,no_subtree_check,anonuid=2,anongid=2,sec=sys,rw,secure,no_root_squash,all_squash)
[root@centos7 nfs2]# touch root2.txt
[root@centos7 nfs2]# ll
total 0
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nfsnobody nfsnobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 500 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nfsnobody nfsnobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 daemon daemon 0 Mar 13 23:47 root2.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
[root@centos8 ~]# ll /data/nfsdir2
total 0
-rw-r--r-- 1 nobody nobody 0 Mar 13 22:58 centos6.txt
-rw-r--r-- 1 root root 0 Mar 13 23:37 centos7.txt
-rw-rw-r-- 1 nobody nobody 0 Mar 13 23:42 neteagle2.txt
-rw-rw-r-- 1 haha 500 0 Mar 13 23:11 neteagle.txt
-rw-r--r-- 1 nobody nobody 0 Mar 13 23:44 root1.txt
-rw-r--r-- 1 daemon daemon 0 Mar 13 23:47 root2.txt
-rw-r--r-- 1 root root 0 Mar 13 22:37 test2.txt
五.sersync 实现实时数据同步
1.基于rsync daemon 实现 sersync
[root@centos8 ~]# hostnamectl set-hostname data
[root@centos8-2 ~]# hostnamectl set-hostname backup
[root@backup ~]# dnf -y install rsync-daemon
[root@backup ~]# vim /etc/rsyncd.conf
uid = root
gid = root
#port = 874
#use chroot = no
max connections = 0
ignore errors
exclude = lost+found/
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsyncd.lock
reverse lookup = no
##hosts allow = 10.0.0.0/24
[backup]
path = /data/backup/
comment = backup dir
read only = no
auth users = rsyncuser
secrets file = /etc/rsync.pas
:wq
[root@backup ~]# mkdir -p /data/backup
[root@backup ~]# echo "rsyncuser:magedu" > /etc/rsync.pas
[root@backup ~]# chmod 600 /etc/rsync.pas
[root@backup ~]# systemctl start rsyncd
[root@backup ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 5 0.0.0.0:873 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 5 [::]:873 [::]:*
[root@data ~]# echo "magedu" > /etc/rsync.pas
[root@data ~]# chmod 600 /etc/rsync.pas
[root@data ~]# rsync rsync://10.0.0.18
backup backup dir
[root@data ~]# rsync rsync://10.0.0.18/backup
-bash: rsync: command not found
[root@data ~]# dnf -y install rsync
[root@data ~]# rsync rsync://10.0.0.18/backup
Password:
@ERROR: auth failed on module backup
rsync error: error starting client-server protocol (code 5) at main.c(1657) [Receiver=3.1.3]
[root@data ~]# rsync rsync://rsyncuser@10.0.0.18/backup
Password:
drwxr-xr-x 6 2021/03/14 18:28:43 .
[root@data ~]# rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.18/backup
drwxr-xr-x 6 2021/03/14 18:28:43 .
[root@backup ~]# mkdir /data/backup/test.txt
[root@data ~]# rsync --password-file=/etc/rsync.pas rsync://rsyncuser@10.0.0.18/backup
drwxr-xr-x 22 2021/03/14 18:39:12 .
drwxr-xr-x 6 2021/03/14 18:39:12 test.txt
[root@data ~]# ls
anaconda-ks.cfg sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@data ~]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@data ~]# ls
anaconda-ks.cfg GNU-Linux-x86 sersync2.5.4_64bit_binary_stable_final.tar.gz
[root@data ~]# cp -a GNU-Linux-x86/ /usr/local/sersync
[root@data ~]# mkdir /data/www
[root@data ~]# vim /usr/local/sersync/confxml.xml
<attrib start="true"/>
<localpath watch="/data/www">
<remote ip="10.0.0.18" name="backup"/>
<auth start="true" users="rsyncuser" passwordfile="/etc/rsync.pas"/>
:wq
[root@data ~]# ln -s /usr/local/sersync/sersync2 /usr/bin/
[root@data ~]# sersync2 -h
set the system param
execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
_______________________________________________________
参数-d:启用守护进程模式
参数-r:在监控前,将监控目录与远程主机用rsync命令推送一遍
c参数-n: 指定开启守护线程的数量,默认为10个
参数-o:指定配置文件,默认使用confxml.xml文件
参数-m:单独启用其他模块,使用 -m refreshCDN 开启刷新CDN模块
参数-m:单独启用其他模块,使用 -m socket 开启socket模块
参数-m:单独启用其他模块,使用 -m http 开启http模块
不加-m参数,则默认执行同步程序
[root@data ~]# ls /data/www
[root@data ~]# cp /etc/fstab /data/www/f1.txt
[root@backup ~]# ls /data/backup/
test.txt
[root@data ~]# sersync2 -dro /usr/local/sersync/confxml.xml
set the system param
execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
option: -d run as a daemon
option: -r rsync all the local files to the remote servers before the sersync work
option: -o config xml name: /usr/local/sersync/confxml.xml
daemon thread num: 10
parse xml config file
host ip : localhost host port: 8008
daemon start,sersync run behind the console
use rsync password-file :
user is rsyncuser
passwordfile is /etc/rsync.pas
config xml parse success
please set /etc/rsyncd.conf max connections=0 Manually
sersync working thread 12 = 1(primary thread) + 1(fail retry thread) + 10(daemon sub threads)
Max threads numbers is: 22 = 12(Thread pool nums) + 10(Sub threads)
please according your cpu ,use -n param to adjust the cpu rate
------------------------------------------
rsync the directory recursivly to the remote servers once
working please wait...
execute command: cd /data/www && rsync -artuz -R --delete ./ rsyncuser@10.0.0.18::backup --password-file=/etc/rsync.pas >/dev/null 2>&1
run the sersync:
watch path is: /data/www
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 18:59:31 2021
total 4
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
[root@data ~]# ps aux |grep sersync
root 10076 0.0 0.1 92336 1328 ? Ssl 18:59 0:00 sersync2 -dro /usr/local/sersync/confxml.xml
root 10092 0.0 0.1 12112 1088 pts/0 R+ 19:00 0:00 grep --color=auto sersync
[root@data ~]# touch /data/www/f2.txt
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 19:01:06 2021
total 4
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root 0 Mar 14 19:00 f2.txt
[root@data ~]# mkdir -p /data/www/d1/d2/d3
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 19:02:12 2021
total 4
drwxr-xr-x 3 root root 16 Mar 14 19:01 d1
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root 0 Mar 14 19:00 f2.txt
[root@backup ~]# tree /data/backup/
/data/backup/
├── d1
│ └── d2
│ └── d3
├── f1.txt
└── f2.txt
3 directories, 2 files
[root@data ~]# cp /etc/fstab /data/www/d1/d2/d3/
[root@backup ~]# tree /data/backup/
/data/backup/
├── d1
│ └── d2
│ └── d3
│ └── fstab
├── f1.txt
└── f2.txt
3 directories, 3 files
[root@data ~]# rm -rf /data/www/d1
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 19:04:33 2021
total 4
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root 0 Mar 14 19:00 f2.txt
[root@data ~]# dd if=/dev/zero of=/data/www/bigfile bs=1M count=1024
1024+0 records in
1024+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.26856 s, 846 MB/s
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 19:06:44 2021
total 1048580
-rw-r--r-- 1 root root 1073741824 Mar 14 19:06 bigfile
-rw-r--r-- 1 root root 709 Mar 14 18:58 f1.txt
-rw-r--r-- 1 root root 0 Mar 14 19:00 f2.txt
2.基于远程shell 实现 sersync
[root@backup ~]# systemctl status rsyncd
● rsyncd.service - fast remote file copy program daemon
Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)
Active: active (running) since Sun 2021-03-14 18:30:08 CST; 38min ago
Main PID: 9785 (rsync)
Tasks: 1 (limit: 4763)
Memory: 400.4M
CGroup: /system.slice/rsyncd.service
└─9785 /usr/bin/rsync --daemon --no-detach
Mar 14 19:03:31 backup rsyncd[10655]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:03:31 backup rsyncd[10655]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:04:20 backup rsyncd[10658]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:04:20 backup rsyncd[10658]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:04:21 backup rsyncd[10660]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:04:21 backup rsyncd[10660]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:06:28 backup rsyncd[10815]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:06:28 backup rsyncd[10815]: connect from UNDETERMINED (10.0.0.8)
Mar 14 19:06:35 backup rsyncd[10844]: params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
Mar 14 19:06:35 backup rsyncd[10844]: connect from UNDETERMINED (10.0.0.8)
[root@backup ~]# systemctl stop rsyncd
[root@backup ~]# ss -ntl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:22 0.0.0.0:*
LISTEN 0 128 [::]:22 [::]:*
[root@data ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:rvnaoTyr5TcOr3w2leySfWZMHeMrBQ+9VXlCaUEYcP4 root@data
The key's randomart image is:
+---[RSA 3072]----+
| ..o=+o.|
| o. +.o|
| .o .o|
| o.+ .|
| S. . *E= |
| . + . * |
| o o= o . . |
| =.BO.o * . |
| ..@@=+ + . |
+----[SHA256]-----+
[root@data ~]# ssh-copy-id 10.0.0.18:
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '10.0.0.18 (10.0.0.18)' can't be established.
ECDSA key fingerprint is SHA256:8eD6mLtx6VPebzeGBEIJMs9np43gsQHfFAmvY7kleRI.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@10.0.0.18's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh '10.0.0.18'"
and check to make sure that only the key(s) you wanted were added.
[root@data ~]# vim /usr/local/sersync/confxml.xml
<localpath watch="/data/www">
<remote ip="10.0.0.18" name="/data/backup"/>
<auth start="false" users="rsyncuser" passwordfile="/etc/rsync.pas"/>
<ssh start="true"/>
:wq
[root@data ~]# ps aux |grep sersync
root 10076 0.0 0.2 116924 1624 ? Ssl 18:59 0:00 sersync2 -dro /usr/local/sersync/confxml.xml
root 10201 0.0 0.1 12112 1096 pts/0 R+ 19:19 0:00 grep --color=auto sersync
[root@data ~]# killall sersync2
-bash: killall: command not found
[root@data ~]# dnf provides killall
Last metadata expiration check: 0:47:44 ago on Sun 14 Mar 2021 06:32:55 PM CST.
psmisc-23.1-5.el8.x86_64 : Utilities for managing processes on your system
Repo : BaseOS
Matched from:
Filename : /usr/bin/killall
[root@data ~]# dnf -y install psmisc
[root@data ~]# killall sersync2
[root@data ~]# ps aux |grep sersync
root 10506 0.0 0.1 12112 1044 pts/0 R+ 19:21 0:00 grep --color=auto sersync
[root@data ~]# sersync2 -dro /usr/local/sersync/confxml.xml
set the system param
execute:echo 50000000 > /proc/sys/fs/inotify/max_user_watches
execute:echo 327679 > /proc/sys/fs/inotify/max_queued_events
parse the command param
option: -d run as a daemon
option: -r rsync all the local files to the remote servers before the sersync work
option: -o config xml name: /usr/local/sersync/confxml.xml
daemon thread num: 10
parse xml config file
host ip : localhost host port: 8008
daemon start,sersync run behind the console
config xml parse success
please set /etc/rsyncd.conf max connections=0 Manually
sersync working thread 12 = 1(primary thread) + 1(fail retry thread) + 10(daemon sub threads)
Max threads numbers is: 22 = 12(Thread pool nums) + 10(Sub threads)
please according your cpu ,use -n param to adjust the cpu rate
------------------------------------------
rsync the directory recursivly to the remote servers once
working please wait...
execute command: cd /data/www && rsync -artuz -R --delete ./ -e ssh 10.0.0.18:/data/backup >/dev/null 2>&1
run the sersync:
watch path is: /data/www
[root@data ~]# rm -f /data/www/f*
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 19:23:22 2021
total 1048576
-rw-r--r-- 1 root root 1073741824 Mar 14 19:06 bigfile
[root@data ~]# touch /data/www/a.txt
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 19:24:06 2021
total 1048576
-rw-r--r-- 1 root root 0 Mar 14 19:23 a.txt
-rw-r--r-- 1 root root 1073741824 Mar 14 19:06 bigfile
[root@data ~]# rm -f /data/www/bigfile
[root@backup ~]# watch -n0.5 ls -l /data/backup/
Every 0.5s: ls -l /data/backup/ backup: Sun Mar 14 19:24:41 2021
total 0
-rw-r--r-- 1 root root 0 Mar 14 19:23 a.txt