默认分类

rsync同步配置参考

发表于 浏览量 132 评论数 2

一、配置rsync文件服务

以下应以root权限运行

本文章中的密码为测试用,实际应用到生产环境需替换为强密码

查看rsync安装路径

[root@node252 ~]# rpm -qc rsync
/etc/rsyncd.conf
/etc/sysconfig/rsyncd

查看rsync命令

[root@node252 ~]# ll /lib/systemd/system |grep rsync
-rw-r--r--. 1 root root  237 4月   1 2020 rsyncd.service
-rw-r--r--. 1 root root  220 4月   1 2020 rsyncd@.service
-rw-r--r--. 1 root root  138 4月   1 2020 rsyncd.socket

开放相应端口并重新加载服务

[root@node252 ~]# firewall-cmd --zone=public --add-port=873/tcp --permanent
success
[root@node252 ~]# firewall-cmd --reload
success

配置rsyncd.cnf文件

# /etc/rsyncd: configuration file for rsync daemon mode

# See rsyncd.conf man page for more options.

# configuration example:
# port=873 默认端口,修改端口需开放防火墙
uid = root
gid = root
use chroot = no
max connections = 4
pid file = /var/run/rsyncd.pid
log file = /var/log/rsyncd.log
lock file = /var/run/rsyncd.lock
# exclude = lost+found/
# transfer logging = yes
timeout = 900 # 超时时间
ignore nonreadable = yes
secrets file = /etc/rsyncd.passwd # 密码文件
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2

# [ftp]
#        path = /home/ftp
#        comment = ftp export area
[mysqltest]
comment=MySQL remote backup
path = /home/data/mysqltest
read only = no
auth user = user_krscrsync #认证用户

[mysql151]
comment=MySQL remote backup
path = /home/data/mysq151
read only = no
auth user = user_krscrsync #认证用户

[mysql23]
comment=MySQL remote backup
path = /home/data/mysql23
read only = no
auth user = user_krscrsync #认证用户

创建认证用户的密码文件

[root@node252 etc]# echo 'user_rsync:Rsync@123456'>/etc/rsyncd.passwd

查看监听端口

[root@node252 etc]# netstat -lnpt | grep 873
tcp        0      0 0.0.0.0:873             0.0.0.0:*               LISTEN      52435/rsync         
tcp6       0      0 :::873                  :::*                    LISTEN      52435/rsync

查看启动log

[root@node252 etc]# cat /var/log/rsyncd.log 
2022/06/22 09:17:36 [52435] rsyncd version 3.1.2 starting, listening on port 873

客户机创建密码文件,并配置仅root读写,600权限,客户机及服务端都需要

[root@node105 etc]# echo 'Rsync@123456'>/etc/rsyncd.passwd
[root@node105 etc]# chmod 600 /etc/rsyncd.passwd

客户端脚本实例

#!/bin/bash

# mysql config
db_host='10.0.0.151'
db_user='read_only'
db_password='123456'
db_name=$(echo "show databases;" | mysql -u${db_user} -P 33601 -p${db_password} -h ${db_host})  
nodeldb="sys"
nodeldb1="information_schema"
nodeldb2="mysql"
nodeldb3="zabbix"
nodeldb4="performance_schema"

# backup file
bk_time=`date +%Y%m%d_%H%M%S`
# bk_file="/home/databak/mysql/mysql-bk-${bk_time}.sql.gz"

# delete backup 7 days before
find /home/databak/mysql/ -name "*.sql.gz" -type f -mtime +7 -exec rm -rf {} \; > /dev/null 2>&1

# backup all database
for dbname in ${db_name}
do
  if [[ $dbname != ${nodeldb} && $dbname != ${nodeldb1} && $dbname != ${nodeldb2} && $dbname != ${nodeldb3} && $dbname != ${nodeldb4} ]];then
  sqlfile="/home/databak/mysql/mysql-bak-${dbname}-${bk_time}.sql.gz"
mysqldump --opt -h ${db_host} -P 33601 -u${db_user} -p${db_password} --default-character-set=utf8mb4 --set-gtid-purged=off --skip-lock-tables --single-transaction --flush-logs --source-data=2 -B ${dbname} | gzip >${sqlfile}
 fi
done


# rsync to remote machine
nohup rsync -az --include="*.gz" --exclude=* --password-file=/etc/rsyncd.passwd --delete /home/databak/mysql/ user_rsync@10.65.90.252::mysql151 >/dev/null 2>&1 &

服务器端需要关闭selinux

二、mysql数据库配置只读账号

mysql 8.0创建用户

CREATE USER 'read_only'@'10.0.0.%' IDENTIFIED BY '123456';

添加只读权限

GRANT SELECT ON *.* TO 'read_only'@'10.0.0.%' WITH GRANT OPTION;

添加SELECT, RELOAD, LOCK TABLES, REPLICATION CLIENT, SHOW VIEW, EVENT, TRIGGER, PROCESS等权限,select已添加,故:

 GRANT RELOAD,LOCK TABLES,REPLICATION CLIENT,SHOW VIEW,EVENT,TRIGGER,PROCESS ON *.* TO 'read_only'@'10.0.0.%';

刷新权限

flush privileges;

三、客户端配置

1、该脚本因部分软件权限,最好使用root用户进行配置

2、创建脚本中对应的本地数据存放文件夹,添加密码文件,并修改权限

客户机创建密码文件,并配置仅root读写

[root@node105 etc]# echo 'Rsync@123456'>/etc/rsyncd.passwd
[root@node105 etc]# chmod 600 /etc/rsyncd.passwd

3、拷贝脚本文件到适合的目录

4、下载ssl软件包升级ssl到1.1.1(看本地mysqldump是否要求必须升级)

wget https://www.openssl.org/source/openssl-1.1.1i.tar.gz

tar -xzvf openssl-1.1.1i.tar.gz

cd openssl-1.1.1i

./config

make && make install

5、查看ssl版本

openssl version

6、升级后如果执行 openssl version 命令出现openssl: error while loading shared libraries: libssl.so.1.1: cannot open shared object file: No such file or directory错误。执行以下命令即可。

ln -s /usr/local/lib64/libssl.so.1.1 /usr/lib64/libssl.so.1.1
ln -s /usr/local/lib64/libcrypto.so.1.1 /usr/lib64/libcrypto.so.1.1

7、创建定时任务

[root@node31 databak]# crontab -e

30 6,19 * * * nohup /bin/bash /home/databak/mysqlback.sh >> /home/databak/mysqlback.log 2>&1 &

每月1号12点15分,echo命令清空MegaSAS.log日志

15 12 1 * *   echo ""> /MegaSAS.log
crontab命令选项基本只有对用户操作的选项:
     -u 指定一个用户
     -l  列出某个用户的任务
     -r  删除某个用户的任务     -e  编辑某个用户的任务

四、mongodb及minio所在数据文件全目录备份

配置inotify

wget http://github.com/downloads/rvoicilas/inotify-tools/inotify-tools-3.14.tar.gz

[root@asdasda ~]# tar zxf inotify-tools-3.14.tar.gz

[root@asdasda ~]# cd inotify-tools-3.14

[root@asdasda inotify-tools-3.14]# ./configure && make && make install

实时增量备份脚本

#!/bin/bash

src=/home/data/disk2/
des=disk2
ip=10.65.90.252

/usr/local/bin/inotifywait -mrq --timefmt '%d/%m/%y %H:%M' --format  '%T %w%f' --event modify,delete,create,attrib ${src} | while read  file

do

rsync -vzrtopg --delete --progress ${src} user_rsync@10.65.90.252::${des} --password-file=/etc/rsyncd.passwd > /dev/null 2>&1

done

执行测试,发现报错,因为监控文件夹内文件太多,修改文件上限,再次执行测试

[root@node23 databak]# ./diskbak.sh 
Failed to watch /home/krsc/disk2/; upper limit on inotify watches reached!
Please increase the amount of inotify watches allowed per user via `/proc/sys/fs/inotify/max_user_watches'.
[root@node23 databak]# cat /proc/sys/fs/inotify/max_user_watches
8192
[root@node23 databak]# echo 8192000 > /proc/sys/fs/inotify/max_user_watches
8192000 /proc/sys/fs/inotify/max_user_watches

后台执行脚本,以root用户权限执行,如服务器重启,需检查脚本是否正常运行

sh ./diskbak.sh &
rsync
This is just a placeholder img.