centos7.9部署rsync守护进程模式

服务端部署

关闭防火墙 关闭防火墙

修改rsync配置文件

[root@backup ~]# vim /etc/rsyncd.conf

fake super = yes
uid = rsync  
gid = rsync  
use chrroot = no  
max connections = 2000
timeout = 600
pid file = /var/run/rsyncd.pid  
lock file = /var/run/rsync.lock  
log file = /var/log/rsyncd.log  
ignore errors  
read only = false  
list = false  
hosts allow = 10.0.0.0/24   
#hosts deny = 0.0.0.0/32    
auth users = rsync_backup  
secrets file = /etc/rsync.password

#########################################

[backup]
comment = www by nfs01 14:18 2013-1-13
path = /backup

配置文件解析说明

#全局配置

fake super = yes  #7里面必须加这条且是yes，不然传输就会报错

uid = rsync  #运行的用户

gid = rsync  #运行的用户组

 use chrroot = no  #安全相关

max connections = 2000  #同一时间最大连接数

timeout = 600  #连接超时时间/秒

pid file = /var/run/rsyncd.pid  #pid文件路径 、存放服务的pid号（进程号）

lock file = /var/run/rsync.lock  #进程、服务的锁文件路径，

log file = /var/log/rsyncd.log  #rsync日志存放路径

ignore errors  #忽略一些错误

read only = false  #可以进行读写

list = false  #关闭rsync服务端列表功能

hosts allow = 10.0.0.0/24   #只准哪些ip访问

#hosts deny = 0.0.0.0/32    #拒绝哪些ip访问

auth users = rsync_backup  #rsync服务端进行验证用户：用户名

secrets file = /etc/rsync.password # rsync服务端进行验证用户的密码

########################################

#局部变量

[backup]   # 模块名

comment = www by nfs01 14:18 2013-1-13 #注释说明

path = /badkup  #模块对应目录

 

创建虚拟用户

[root@backup ~]# useradd -s /sbin/nologin  -M rsync

创建验证用户和密码

[root@backup ~]# echo 'rsync_backup:123' >/etc/rsync.password

修改权限，不改低权限会报错

ERROR: password file must not be other-accessible
rsync error: syntax or usage error (code 1) at authenticate.c(196) [sender=3.1.2]

[root@backup ~]# ll /etc/rsync.password 
-rw-r--r-- 1 root root 17 Nov 11 08:41 /etc/rsync.password
[root@backup ~]# chmod 600 /etc/rsync.password 
[root@backup ~]# ll /etc/rsync.password 
-rw------- 1 root root 17 Nov 11 08:41 /etc/rsync.password

创建模块backup目录

[root@backup ~]# mkdir -p /backup

修改所属者所属组

[root@backup ~]# chown rsync:rsync /backup

加入开机自启动，启动服务

[root@backup ~]# systemctl enable rsyncd
Created symlink from /etc/systemd/system/multi-user.target.wants/rsyncd.service to /usr/lib/systemd/system/rsyncd.service.
[root@backup ~]# systemctl start rsyncd

看下进程

[root@backup ~]# ps -ef |grep rsync
root       1928      1  0 08:49 ?        00:00:00 /usr/bin/rsync --daemon --no-detach
root       1931   1673  0 08:51 pts/0    00:00:00 grep --color=auto rsync

看下端口

[root@backup ~]# ss -lntup |grep rsync
tcp    LISTEN     0      5         *:873                   *:*                   users:(("rsync",pid=1928,fd=3))
tcp    LISTEN     0      5      [::]:873                [::]:*                   users:(("rsync",pid=1928,fd=5))

本地测试

[root@backup ~]# rsync -avz /etc/hostname rsync_backup@10.0.0.41::backup

 

客户端配置

创建密码文件

[root@nfs01 ~]# echo 123 >/etc/rsync.client
[root@nfs01 ~]# cat /etc/rsync.client
123
[root@nfs01 ~]# chmod 600 /etc/rsync.client

[root@nfs01 ~]# rsync -av /etc/hosts rsync_backup@10.0.0.41::backup --password-file=/etc/rsync.client

 客户端测试也没问题之后可以配合定时任务做备份

备份什么：

• 数据
• 配置文件
• 日志（收集）
• 代码
• 脚本

我是测试环境，没有数据和代码，就拿配置文件测试

创建客户端目录

mkdir /backup

创建放脚本的目录

mkdir -p /server/scripts

编辑一个打包和推送的脚本

[root@nfs01 /backup]# vim /server/scripts/conf-bak.sh
#!/bin/bash

ip=`hostname -I |cut -d " " -f2`
time=`date +%F`
bak_dir=/backup
mkdir -p $bak_dir/$ip

tar zcf $bak_dir/$ip/conf-$time.tar.gz /etc/ /var/spool/cron
find $bak_dir -type f -name '*.tar.gz' |xargs md5sum >$bak_dir/$ip/finger.md5
rsync -avz $bak_dir/ rsync_backup@10.0.0.41::backup --password-file=/etc/rsync.client

运行脚本测试，服务端查看是否传过去

[root@nfs01 ~]# sh /server/scripts/conf-bak.sh
tar: Removing leading `/' from member names
sending incremental file list
./
conf-2021-11-13.tar.gz

sent 10,298,946 bytes  received 46 bytes  6,865,994.67 bytes/sec
total size is 10,500,715  speedup is 1.02

没问题就可以设置定时任务了，先设置每分钟执行，没问题再设置成24:00执行

[root@nfs01 ~]# crontab -e
00 00 * * * sh /server/scripts/conf-bak.sh &>/dev/null

查看crontab日志

[root@nfs01 ~]# tail -f /var/log/cron
Nov 13 10:08:01 nfs01 anacron[3118]: Normal exit (1 job run)
Nov 13 10:45:08 nfs01 crontab[3172]: (root) BEGIN EDIT (root)
Nov 13 10:46:24 nfs01 crontab[3172]: (root) REPLACE (root)
Nov 13 10:46:24 nfs01 crontab[3172]: (root) END EDIT (root)
Nov 13 10:47:01 nfs01 CROND[3175]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null)
Nov 13 10:48:01 nfs01 CROND[3184]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null)
Nov 13 10:49:01 nfs01 CROND[3211]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null)
Nov 13 10:49:24 nfs01 crontab[3219]: (root) BEGIN EDIT (root)
Nov 13 10:50:01 nfs01 CROND[3222]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null)
Nov 13 10:51:01 nfs01 CROND[3230]: (root) CMD (sh /server/scripts/conf-bak.sh &>/dev/null)

检查客户端与服务端备份的数据是否一致

服务端操作

先命令行查看

[root@backup /backup/172.16.1.31]# find /backup -type f -name '*.md5' |xargs md5sum -c
/backup/172.16.1.31/conf-2021-11-13.tar.gz: OK

写成脚本

[root@backup /backup]# vim /server/scripts/check.sh
find /backup -type f -name '*.md5' |xargs md5sum -c

写入定时任务

[root@backup /backup]# crontab -e
30 00 * * * sh /server/scripts/check.sh &>/backup/result.txt

 配置邮件提醒

set from=xiaohanshen@163.com
#set smtp=smtps://smtp.163.com:465
set smtp-auth-user=xiaohanshen@163.com
set smtp-password=授权码
set smtp-auth-login
#set ssl-verify=ignore
#set nss-config-dir=/etc/pki/nssdb/

set from=xiaohanshen@163.com      #发件人地址
set smtp=smtps://smtp.qq.com:465  #发件时调用的服务器 smtp服务器端口25  smtps服务器465（加密）
set smtp-auth-user=xiaohanshen@163.com #发件人
set smtp-password=授权码　　　　发件人授权码set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/

mail -s '网站永不宕机' qq@qq.com </backup/result.txt

写入脚本

[root@backup /backup]# vim /server/scripts/check.sh
find /backup -type f -name '*.md5' |xargs md5sum -c
mail -s '网站永不宕机' qq@qq.com </backup/result.txt