Description:
--password-file= The system can automatically read the password from the file specified under this location.
Summary:
Server-side configuration
1, create configuration file
2, create a password file, change the permissions to 600
3, create system users
4, create the corresponding directory of the module, modify the owner of the directory, the genus group for the system user
5, start damon mode
Client Configuration
1, create a password file for the virtual user with permissions of 600
2, pass files to a module or pull files from a directory
If an error occurs
Step 1; Check the logs
Part 2: Check if selinux, iptables are started
Step 3: Check that the virtual user's file name is correct and that the permissions are correct
Supplement:
--delete: make client-side and server-side files identical
--exclude: excludes specified files when doing file transfers
Exclude implementations (client-side)
Way one:Excluding a file
--exclude=file
Way two:Excluding multiple files
--exclude={file1,file2}
Way 3:The wildcard approach
Exclude implementations (server-side)
Add a keyword exclude to the configuration file: this specifies a list of files to be excluded, the contents of the list are separated by spaces
Example:
exclude =
Principle of Perfect Synchronization
During the transfer of files
What the sender has will be transmitted directly to the receiver
Files that the sender does not have, but the receiver does, are deleted
basic composition
global parameter
......
[Module 1]
Module parameters
. . . . . .
[Module 2]
Module parameters
. . . . . .
global parameter
pid file: Specifies the path and name of the pid file for the rsync process
lock file: Specifies the path and name of the file for the rsync process.
log file: path and name of the rsync log file
uid: specifies in what capacity the rsync process is running in the background, (must be a system user)
gid: specify user group
Module Parameters (can be written in the global section, if it is written in the global section, it works for all modules)
path:Specifies the path to the backup directory.
use chroot: whether to lock the user in the home directory
max connections: Specifies the maximum number of simultaneous connections that can be made.
read only:true|false
write only:true|false
list=true|false: set whether to display the full list of modules.
auth users: specify the user name to be used to access the module, here it is a virtual user (not /etc/password).
secrets file: Specifies the database file in which virtual usernames and passwords are stored.
hosts allow: Specifies the ip addresses that can access the module or the rsync server side.
hosts deny: blacklist
timeout: specify the idle timeout period
Supplement:
When neither parameter is present, then all users have arbitrary access to the
Only allow, then only whitelisted users can access the module
Only deny, then only blacklisted users are prohibited from accessing the module
Both parameters are present, prioritize checking the whitelist
If the match is successful, access is granted
If the match fails, go check the blacklist, and if the match is successful disable access
If none of the matches are successful, what about allowing access?
Real-time file synchronization
rsync+inotify
rsync+sersync
inotify
hardware
Function:
You can monitor files in a specified directory
When a file is changed, an event is triggered so that you can output information about the file that triggered the event
Monitoring Events
establish
removing
modifications
mobility
epel
mounting position
client (computing)
Apps:
/usr/bin/inotifywait: really realizing what I see monitoring program
/usr/bin/inotifywatch: Statistics
inotify+rsync
inotifywait
options (as in computer software settings)
-r: recursive, monitoring files in subdirectories of a directory
-q: prints only a small amount of information (only monitored events)
-m: always monitoring (default is to monitor in the foreground)
-d: daemon way to run (runs in the background)
-o file: output monitored time to file (default is output to standard output)
-s: output error messages to syslog (default is to output error-messages to standard output)
--excludei: ignore file case
-e <event>: Specify the events to monitor
access: access events
modify: edit event
attrib: modify file attribute event (modifies the source data of the file)
close_write: triggered when the current file is closed from write mode
close_nowrote: triggered when a file is closed from read-only mode
close: This event is triggered when the file is closed, regardless of how it was opened.
open: triggered when the file is opened.
moved--to: triggered when a file is moved to that directory
moved_from: Triggered when a file is moved from the monitored directory.
moved_self: This event is triggered when a move operation is performed in the monitored directory
move: this event is triggered whenever a file move occurs
create: event that creates a file
delete: event that deletes a file
-- timefmt <fmt>: Specify the display format for outputting the point in time at which this event occurred
--format <ftm>:: The specified number of messages to be output when an event occurs.
%f: name of the file in which the event was recorded
%w: absolute path to the directory where the event file was recorded
%e: record the name of the event that occurred (if there is more than one event multiple events are separated by spaces)
%xe: record the name of the event that occurred (if there is more than one event, multiple events are separated by X)
%T: outputs the time when the event occurred (the format of the time is given by --timefmt).<fmt>)
Example:
@web1 ~]#inotifywait -mrq --timefmt "%F%T" --format "%T %w%f %e" -e create,delete,modify /var/robot/video/
@web1 video]# touch
web1 ~]# inotifywait -mrq --timefmt "%F%T" --format "%T %w%f %e" -e create,delete,modify /var/robot/video/
2024-07-1915:11:58 /var/robot/video/ CREATE
The real-time monitoring script is as follows:
#!/bin/bash
prog="inotifywait"
events="create,delete,modify,attrib"
iopt="-mrq"
lpath="/var/robot/video"
rhost="192.168.1.10"
user="vuser"
secfile="/etc/"
ropt="-az"
modName="mod"
$prog $iopt --format "%w%f" -e $events $lpath | while read line
do
rsync $ropt $line $user@$rhost::$modName --password-file=$secfile
done
Major:
In practice, a full backup (rsync) needs to be performed first