Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- centos:rsynd_c8 [04.07.2020 20:34. ] – angelegt django
+++ centos:rsynd_c8 [11.04.2021 13:48. ] (aktuell) – django
@@ Zeile 9: / Zeile 9: @@
 ===== Installation und Konfiguration =====
 ==== manuelle Weg ====
-=== TFTP-Server installieren ===
+=== rsync-Daemon installieren ===
 Als erstes installieren wir uns die für den rsyslog-Daemon-Server notwendigen Pakete via **''dnf''**.
    #  dnf install rsync-daemon rsync -y
@@ Zeile 16: / Zeile 16: @@
    # rpm -qil rsync
+=== rsync-Daemon konfigurieren ===
+Der rsync-Daemon wird über seine Konfigurationsdatei **''/etc/rsyncd.conf''** konfiguriert. Alle Konfigurationsparameter und einige Beispiele finden sich in der man-page zur Konfigurationsdatei.
+Bei Bedarf lohnt sich ein Blick in diese Datei sicherlich!
+   # man /etc/rsyncd.conf
+Wir legen uns also unsere individuelle Konfigurationsdatei an.
+   # vim /etc/rsyncd.conf
+<file bash /etc/rsyncd.conf>################################################################################
+#                                                                              #
+#    Django : 2020-07-04 - Musterkonfiguration rsync-Daemon unter CentOS 8     #
+#                                                                              #
+################################################################################
+# Eine Aufstellung aller möglichen Variablen findet man in der man-page zu
+# rsyncd.conf : # man rsyncd.conf
+# Auf der Webseite https://dokuwiki.nausch.org/doku.php/centos:rsynd_c8
+# findet man darüber hinaus noch viele Erklärungen zur Konfiguration des
+# rsyn-Daemon.
+################################################################################
+## GLOBAL PARAMETERS
+#
+# This parameter allows you to specify a "message of the day" to display to
+# clients on each connect. This usually contains site information and any
+# legal notices. The default is no motd  file.
+# motd file
+# This parameter tells the rsync daemon to write its process ID to that file.
+# If  the file already exists, the rsync daemon will abort rather than overwrite
+# the file.
+# pid file = /var/run/rsyncd.pid
+# Specifies the default port the daemon will listen (defaults to 873).
+# port 873
+# Defines the default IP address where the daemon will listening. The default
+# is listening on all IPv4 and IPv6-adresses.
+# address
+# This  parameter specifies  the  user  name or user ID that file transfers
+# to and from that module should take place as when the daemon  was run as
+# root. In combination with the "gid" parameter this determines what file
+# permissions are available. The default when run by a super-user is to
+# switch to the system’s "nobody" user. The default for a non-super-user is
+# to not try to change the user. See also the "gid" parameter.
+uid = nobody
+# This parameter specifies one or more group names/IDs that will be used when
+# accessing the module. The first one will be the default group, and any extra
+# ones be set as supplemental groups.
+# You may also specify a "*" as the first gid in the list, which will be
+# replaced by all the normal groups for the transfer’s user (see "uid"). The
+# default when run by a super-user is to switch to your OS’s "nobody" (or
+# perhaps "nogroup") group with no other supplementary groups. The default for
+# a non-super-user is to not change any group attributes (and indeed, your OS
+# may not allow a non-super-user to try to change their group settings).
+gid = nobody
+# When the "log file" parameter is set to a non-empty string, the rsync daemon
+# will log messages to the indicated file rather than using syslog. This is
+# particularly useful on systems (such as AIX) where syslog() doesn’t work for
+# chrooted programs. The file is opened before chroot() is called, allowing it
+# to be placed outside the transfer. If this value is set on a per-module basis
+# instead of globally, the global log will still contain any authorization
+# failures or config-file error messages.
+# If the daemon fails to open the specified file, it will fall back to using
+# syslog and output an error about the failure.
+# log file = /var/log/rsyncd.log
+# This parameter allows you to specify the syslog tag to use when logging
+# messages from the rsync daemon. The default is "rsyncd".
+# This setting has no effect if the "log file" setting is a non-empty string
+# (either set in the per-modules settings, or inherited from the global
+# settings).
+# syslog tag = rsyncd
+# This parameter allows you to specify the syslog facility name to use when
+# logging messages from the rsync daemon. You may use any standard syslog
+# facility name which is defined on your system.
+# Common names are auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news,
+# security, syslog, user, uucp, local0, local1, local2, local3, local4, local5,
+# local6 and local7. The default is daemon. This setting has no effect if the
+# "log file" setting is a non-empty string (either set in the per-modules
+# settings, or inherited from the global settings).
+# syslog facility = daemon
+# This parameter enables per-file logging of downloads and uploads in a format
+# somewhat similar to that used by ftp daemons. The daemon always logs the
+# transfer at the end, so if a transfer is aborted, no mention will be made in
+# the log file.
+# transfer logging = yes
+# This parameter allows you to specify the maximum number of simultaneous
+# connections you will allow. Any clients connecting when the maximum has been
+# reached will receive a message telling them to try later. The default is 0,
+# which means no limit. A negative value disables the module.
+# max connections = 0
+# This parameter specifies the directory in the daemon’s filesystem to make
+# available in this module. You must specify this parameter for each module
+# in rsyncd.conf.
+# path = /home/ftp
+# This parameter takes a space-separated list of daemon exclude patterns. As
+# with the client --exclude option, patterns can be qualified with "-  " or
+# "+   " to explicitly indicate exclude/include. Only one "exclude" parameter
+# can apply to a given module.
+# exclude = lost+found/
+# If "use chroot" is true, the rsync daemon will chroot to the "path" before
+# starting the file transfer with the client. This has the advantage of extra
+# protection against possible implementation security holes, but it has the
+# disadvantages of requiring super-user privileges, of not being able to
+# follow symbolic links that are either absolute or outside of the new root
+# path and of complicating the preservation of users and groups by name
+# See rsyncd.conf man page for more options.
+# use chroot = yes
+# This parameter allows you to override the clients choice for I/O timeout for
+# this module. Using this parameter you can ensure that rsync won’t wait on a
+# dead client forever. The timeout is pecified in seconds. A value of zero
+# means no timeout and is the  default. A good choice for anonymous rsync
+# daemons may be 600 (giving a 10 minute timeout).
+timeout = 600
+# This tells the rsync daemon to completely ignore files that are not readable
+# by the user. This is useful for public archives that may have some non-read-
+# able files among the directories, and the sysadmin doesn’t want those files
+# to be seen at all.
+# ignore nonreadable = yes
+# This parameter allows you to select filenames based on wildcard patterns that
+# should not be compressed when pulling files from the daemon (no analogous
+# parameter exists to govern the pushing of files to a daemon). Compression is
+# expensive in terms of CPU usage, so itis usually good to not try to compress
+# files that won’t compress well, such as already compressed files.
+# The "dont compress" parameter takes a space-separated list of case-insensi-
+# tive wildcard patterns. Any source filename matching one of the patterns will
+# not be compressed during transfer.
+# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
+################################################################################
+## MODULES
+#
+# A module begins with the name of the module in square brackets and continues
+# until the next module begins. Modules contain parameters of the form
+# "name = value".
+# This parameter specifies the directory in the daemon’s filesystem to make
+# available in this module. You must specify this parameter for each module in
+# rsyncd.conf.
+# path = /srv/rsync-path
+# This parameter specifies a description string that is displayed next to the
+# module name when clients obtain a list of available modules.
+# The default is no comment.
+# comment =
+# This parameter determines whether this module is listed when the client asks
+# for a listing of available modules. In addition, if this is false, the daemon
+# will pretend the module does not exist when a client denied by "hosts allow"
+# or "hosts deny" attempts to access it. Realize that if "reverse lookup" is
+# disabled globally but enabled for the module, the resulting reverse lookup
+# to a potentially client-controlled DNS server may still reveal to the client
+# that it hit an existing module. The default is for modules to be listable.
+# list = yes
+# This parameter allows you to specify a list of comma- and/or whitespace-
+# separated patterns that are matched against a connecting  clients hostname
+# and IP address. If the pattern matches then the connection is rejected.
+# hosts deny = 192.168.1.0/24
+# This parameter allows you to specify a list of comma- and/or whitespace-
+# separated patterns that are matched against a connecting  client’s
+# hostname and IP address. If none of the patterns match, then the connec-
+# tion is rejected.
+# hosts allow = *.mailserver.guru
+# Module examples:
+# [ftp]
+# path            = /var/ftp/./pub
+# comment         = whole ftp area (approx 6.1 GB)
+#
+# [object]
+# max connections = 2
+# path            = /srv/node/
+# read only       = false
+# write only      = no
+# list            = yes
+# incoming chmod  = 0644
+# outgoing chmod  = 0644
+# lock file       = /var/lock/object.lock
+# hosts allow     = *.mailserver.guru
+#[REPO]
+#path       = /srv/public/mailserver.guru/
+#comment    = repo.mailserver.guru
+#allow = 88.217.171.167
+[demo]
+max connections = 2
+path            = /var/lib/tftpboot/
+comment         = Demo für rsync Daemon Artikel in Djangos WIKI
+list            = yes
+hosts allow     = 10.0.0.0/24</file>
+=== rsynd.service starten =====
+Nun ist es an der Zeit unseren rsync-Daemon Server das erste mal mit Hilfe von **systemd** zu starten.
+   # systemctl start rsyncd.service
+Im Syslog wird uns der Start des Daemon entsprechend protokolliert.
+<code>Jul  5 00:03:30 vml000190 rsyncd[5920]: rsyncd version 3.1.3 starting, listening on port 873
+</code>
+Ob auf unserem Server nun der TFTP Server läuft und auf Port **69** horcht können wir bei Bedarf auch noch überprüfen.
+   # netstat -tulpen | grep 873
+<html><pre class="code">
+<font style="color: rgb(0, 0, 0)">tcp        0      0 0.0.0.0:</font><font style="color: rgb(255, 0, 0)"<b>873</b></font><font style="color: rgb(0, 0, 0)">             0.0.0.0:*               LISTEN      0          428589     5920/rsync<font>
+<font style="color: rgb(0, 0, 0)">tcp6       0      0 :::</font><font style="color: rgb(255, 0, 0)"<b>873</b></font><font style="color: rgb(0, 0, 0)">                  :::*                    LISTEN      0          428590     5920/rsync</font></pre>
+</html>
+Ebenso kann man den Status des Daemons mit Hilfe des Befehls **systemctl** abfragen.
+   # systemctl status rsyncd.service
+<html><pre class="code">
+<font style="color: rgb(29, 180, 29)"><b>●</b></font> rsyncd.service - fast remote file copy program daemon
+   Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)
+   Active:<font style="color: rgb(29, 180, 29)"><b>active (running)</b></font> since Sun 2020-07-05 00:03:30 CEST; 3min 48s ago
+ Main PID: 5920 (rsync)
+    Tasks: 1 (limit: 12494)
+   Memory: 264.0K
+   CGroup: /system.slice/rsyncd.service
+           └─5920 /usr/bin/rsync --daemon --no-detach
+Jul 05 00:03:30 vml000190.dmz.nausch.org systemd[1]: Started fast remote file copy program daemon.
+Jul 05 00:03:30 vml000190.dmz.nausch.org rsyncd[5920]: rsyncd version 3.1.3 starting, listening on port 873</font></pre>
+</html>
+Den automatischen Start unseres TFTP-Serverdienstes aktivieren wir für den Systemstart nun noch mit:
+   # systemctl enable rsyncd.service
+  Created symlink /etc/systemd/system/multi-user.target.wants/rsyncd.service → /usr/lib/systemd/system/rsyncd.service.
+Ob der rsyncd-Service gestartet wird können wir bei Bedarf wie folgt abfragen:
+   # systemctl is-enabled rsyncd.service
+  enabled
@@ Zeile 24: / Zeile 271: @@
 Damit die Clients später Verbindungsanfragen zu dem geöffneten Port **tftp/873**unseres rsync-Daemon stellen können, müssen wir für diese noch Änderungen am Paketfilter **firewalld** vornehmen.
-Unter **[[#tftp-server_installieren|CentOS 8]]** wird als Standard-Firewall die dynamische **firewalld** verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbiundungen kurz getrennt werden. Sondern unsere Änderungen können **//on-the-fly//** aktiviert oder auch wieder deaktiviert werden.
+Unter **[[#tftp-server_installieren|CentOS 8]]** wird als Standard-Firewall die dynamische **firewalld** verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können **//on-the-fly//** aktiviert oder auch wieder deaktiviert werden.
 Im ersten Konfigurationsbeispiel werden wir nun den Port **873/tcp** für alle öffnen, also unabhängig von der source-IP-Adresse können alle vbeliebeigen clients Daten synchronisieren. Mit Hilfe des Programms **firewall-cmd** legen wir nun eine **permanente** Regel in der Zone **public** für den Port ***873/tcp** an.
@@ Zeile 71: / Zeile 318: @@
+==== automatisierter Weg mit Hilfe von Ansible ====
+Da wir aber in unserer Produktiven Umgebung alle Server, Dienste und Services mit Hilfe von **[[centos:ansible:start|Ansible]]** werden wir natürlich auch für unseren **rsync**-Daemon dies über eine entsprechende **[[centos:ansible:detail#grundlagen|Ansible-Rolle]] {{:centos:pxe_c8:ansible-role-rsync.tar.gz|ansible-role-rsync.tar.gz}}**((Version v1 vom 05.07.2020)) erledigen lassen.
+/*
+Erzeugen des tar.gz einer Ansible-Rolle:
+   $ cd ~/ansible/roles
+   $ tar -czvPf /tmp/ansible-role-tftp.tar.gz tftp/
+*/
+Wir holen uns also das Verzeichnis mit der **role** auf unseren Rechner.
+   $ wget https://dokuwiki.nausch.org/lib/exe/fetch.php/centos:pxe_c8:ansible-role-rsync.tar.gz -O ansible-role-rsync.tar.gz
+Da wir bei der Installation und **[[centos:ansible:first#ansibledirectory_layout|Konfiguration]]** von Ansible bereits das **''Ansible Directory Layout''** erzeugt hatten, brauchen wir nur noch das heruntergeladene Archiv an Ort und Stelle entpacken.
+   $ tar -xvf ansible-role-rsync.tar.gz -C ~/ansible/roles/
+Jetzt brauchen wir nur noch die Rolle unserem Server **rsync-server** zuordnen.
+   $ vim ~/ansible/rsync.yml
+<file yml ~/ansible/rsync.yml>--- # Start des Playbooks für den rsyncd-Server
+- hosts: rsync-server
+  roles:
+    #- base   # Basiskonfiguration (User anlegen)
+    #- chrony # Installation und Konfiguration NTP-Client
+    - rsync   # Installation und Konfiguration rsync-Daemon
+... # Ende des Playbooks für den rsyncd-Server
+</file>
+Bevor wir nun das Playbook ausführen, passen wir noch ggf. die Firewall-Einstellungen an. Beispiele dazu sind im entsprechenden **''task''** bereits vermerkt.
+   $ vim ~/ansible/roles/rsync/tasks/firewall.yml
+<file bash ~/ansible/roles/rsync/tasks/firewall.yml>---
+  - name: "*{{ daemon_name }}* : Firewall-Daemon für den {{ daemon_name }} anpassen"
+    firewalld: #https://docs.ansible.com/ansible/latest/modules/firewalld_module.html
+      zone: public
+      port: 873/tcp
+      permanent: yes
+      immediate: yes
+      state: enabled
+      #
+      #zone: public
+      #rich_rule: rule family="ipv4" source address="88.217.171.167/32" port protocol="tcp" port="873" destination address="10.0.0.190/32" accept
+      #permanent: yes
+      #immediate: yes
+      #state: enabled</file>
+Die Definition der Parameter für den **''rsyncd''** erfolgt über die Variablen-Datei **''~/ansible/roles/rsync/vars/main.yml''**
+   $ vim ~/ansible/roles/rsync/vars/main.yml
+<file yml ~/ansible/roles/rsync/vars/main.yml>--- # Definition der rollenspezifische Variablen zum rsync Daemon
+daemon_name              : rsyncd
+config_file              : /etc/rsyncd.conf
+config_backup_file       : /etc/rsyncd.conf.orig
+template_file            : templates/rsyncd.conf.j2
+# rsyncd config-options
+rsyncd_motd              : "# motd file"
+rsyncd_pid               : "# pid file = /var/run/rsyncd.pid"
+rsyncd_port              : "# port 873"
+rsyncd_address           : "# address"
+rsyncd_uid               : "uid = nobody"
+rsyncd_gid               : "gid = nobody"
+rsyncd_log_file          : "# log file = /var/log/rsyncd.log"
+rsyncd_syslog_tag        : "# syslog tag = rsyncd"
+rsyncd_syslog_facility   : "# syslog facility = daemon"
+rsyncd_transfer_logging  : "transfer logging = yes"
+rsyncd_max_connections   : "# max connections = 0"
+rsyncd_path              : "# path = /home/ftp"
+rsyncd_exclude           : "# exclude = lost+found/"
+rsyncd_use_chroot        : "# use chroot = yes"
+rsyncd_timeout           : "timeout = 600"
+rsyncd_ignore_nonreadable: "# ignore nonreadable = yes"
+rsyncd_dont_compress     : "dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2"
+rsyncd_module            : "[demo]\nmax connections = 2\npath            = /srv/tftp/test\ncomment         = Demo für rsync Daemon Artikel in Djangos WIKI\nlist            = yes\nhosts allow     = 10.10.10.0/26\n"
+</file>
+<WRAP center round tip 80%>
+Wenn man die hostspezfische Konfiguration des rsync-Daemon lieber in der Host-spezifischen Konfiguration vornehmen möchte, braucht man die **# rsyncd config-options** nur hier bei der Rolle auskommentieren bzw. löschen und in die Hostvariable im Inverntory aufnehmen.
+<WRAP center round important 100%>
+**WICHTIG**: Variablen in der Rollen-Konfiguration überschreiben (gleichlautende) Variablen-Definitionen aus dem Inventory!
+</WRAP>
+</WRAP>
+Nun brauchen wir nur noch das Playbook ausführen und unser TFTP-Server steht bereit.
+   $ ansible-playbook -v ~/ansible/rsync.yml
+<html><pre class="code">
+<font style="color: rgb(43, 100, 164)">Using /home/ansible/.ansible.cfg as config file</font>
+<font style="color: rgb(0, 0, 0)">BECOME password:
+PLAY [rsync-server] ********************************************************************************************************************
+TASK [Gathering Facts] *****************************************************************************************************************</font>
+<font style="color: rgb(25, 100, 5)">ok: [rsync-server]</font><br>
+<font style="color: rgb(0, 0, 0)">TASK [*rsyncd* : Installation der relevanten Pakete (in der aktuellsten Version) für den rsyncd] ***************************************</font>
+<font style="color: rgb(196, 160, 0)">changed: [rsync-server] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: rsync-daemon-3.1.3-7.el8.noarch", "Installed: rsync-3.1.3-7.el8.x86_64"]}</font><br>
+<font style="color: rgb(0, 0, 0)">TASK [*rsyncd* : 1) Überprüfen ob das Backup der Konfigurationsdatei '/etc/rsyncd.conf' bereits existiert] *****************************</font>
+<font style="color: rgb(25, 100, 5)">ok: [rsync-server] => {"changed": false, "stat": {"exists": false}}</font><br>
+<font style="color: rgb(0, 0, 0)">TASK [*rsyncd* : 2) Von der bestehenden originalen Konfigurationsdatei '/etc/rsyncd.conf' ein Backup '/etc/rsyncd.conf.orig' erstellen]*</font>
+<font style="color: rgb(196, 160, 0)">changed: [rsync-server] => {"changed": true, "checksum": "5400f2739a22e6831dbf9a26a8946821c21ce844", "dest": "/etc/rsyncd.conf.orig", "gid": 0, "group": "root", "md5sum": "c63fccb45c0dcbbbe17d0f4bdba920ec", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 458, "src": "/etc/rsyncd.conf", "state": "file", "uid": 0}</font><br>
+<font style="color: rgb(0, 0, 0)">TASK [*rsyncd* : Template Konfigurationsdatei an Ort und Stelle kopieren und Variablen setzen] *****************************************</font>
+<font style="color: rgb(196, 160, 0)">changed: [rsync-server] => {"changed": true, "checksum": "0b4dff047064222e2952157d9840b2a93f89b26a", "dest": "/etc/rsyncd.conf", "gid": 0, "group": "root", "md5sum": "5f18235a7e8444010877fe3975641c9d", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:rsync_etc_t:s0", "size": 9459, "src": "/home/ansible/.ansible/tmp/ansible-tmp-1593968476.9547315-8021-252894376954121/source", "state": "file", "uid": 0}</font><br>
+<font style="color: rgb(0, 0, 0)">TASK [*rsyncd* : Firewall-Daemon für den rsyncd anpassen] ******************************************************************************</font>
+<font style="color: rgb(196, 160, 0)">changed: [rsync-server] => {"changed": true, "msg": "Permanent and Non-Permanent(immediate) operation, Changed port 873/tcp to enabled"}</font><br>
+<font style="color: rgb(0, 0, 0)">TASK [*rsyncd* : Sicherstellen dass der rsyncd gestartet wird und läuft] ***************************************************************</font>
+<font style="color: rgb(196, 160, 0)">changed: [rsync-server] => {"changed": true, "enabled": true, "name": "rsyncd.service", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket basic.target sysinit.target system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "fast remote file copy program daemon", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/rsyncd (ignore_errors=no)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/bin/rsync ; argv[]=/usr/bin/rsync --daemon --no-detach $OPTIONS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/rsyncd.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "rsyncd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "7809", "LimitNPROCSoft": "7809", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "7809", "LimitSIGPENDINGSoft": "7809", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "rsyncd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "12494", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}</font><br>
+<font style="color: rgb(0, 0, 0)">PLAY RECAP *************************************************************************************************************************************</font>
+<font style="color: rgb(196, 160, 0)">tftp-server        </font><font style="color: rgb(0, 0, 0)">: </font><font style="color: rgb(25, 100, 5)">ok=7    </font><font style="color: rgb(196, 160, 0)">changed=5    </font><font style="color: rgb(0, 0, 0)">unreachable=0    failed=0    skipped=0    rescued=0    ignored=0</font><br></pre>
+</html>
+===== Systemtest =====
+=== Testordner und -dateien anlegen ===
+Für unseren Test legen wir uns einfach eine kleine Textdatei im Arbeitsverzeichnis **''/srv/tftp/test/''** und ein paar Testdokumente an, die unser rsync-Dameon später ausliefern soll.
+   # mkdir -p /srv/tftp/test/{ordner1,ordner2,ordner3}
+   # date > /srv/tftp/test/file_1
+   # date > /srv/tftp/test/ordner1/datei_2
+   # date > /srv/tftp/test/ordner2/datei_3
+   # date > /srv/tftp/test/ordner3/datei_4
+Somit haben wir im Speicherpfad, auf den unser rsync-Daemon zugreifen kann folgende Teststruktur.
+<code>/srv/tftp/test/
+├── file_1
+├── ordner1
+│   └── datei_2
+├── ordner2
+│   └── datei_3
+└── ordner3
+    └── datei_4</code>
+=== Testdatei transferieren ===
+Anschließend melden wir uns auf einem Host im zugehörigen Netzwerksegemnt an, auf dem das RPM-Paket **''rsync''** (Client) installiert ist, an.
+Im ersten schritt fragen wir unseren rsync-server welche Module der Server anbietet.
+   # /usr/bin/rsync rsync://demo.dmz.nausch.org
+  demo           	Demo für rsync Daemon Artikel in Djangos WIKI
+Wir sehen also das Modul **''demo''** mit der zugehörigen Beschreibung //Demo für rsync Daemon Artikel in Djangos WIKI//.
+Im syslog unseres rsync-Servers wird dies auch entsprechend protokolliert.
+  Jul  5 20:28:37 vml000190 rsyncd[12198]: connect from vml000057.dmz.nausch.org (10.0.0.57)
+  Jul  5 20:28:37 vml000190 rsyncd[12198]: module-list request from vml000057.dmz.nausch.org (10.0.0.57)
+Als nächstes holen wir uns den Inhalt unserer Testumgebung auf den Clientrechner:
+   # /usr/bin/rsync -vrlptD rsync://demo.dmz.nausch.org:/demo/ /tmp/
+<code>receiving incremental file list
+./
+file_1
+ordner1/
+ordner1/datei_2
+ordner2/
+ordner2/datei_3
+ordner3/
+ordner3/datei_4
+sent 123 bytes  received 539 bytes  1,324.00 bytes/sec
+total size is 120  speedup is 0.18</code>
+Im syslog wird dies entsprechend protokolliert.
+<code>Jul  5 20:32:28 vml000190 rsyncd[12209]: connect from vml000057.dmz.nausch.org (10.0.0.57)
+Jul  5 20:32:28 vml000190 rsyncd[12209]: rsync on demo/ from vml000057.dmz.nausch.org (10.0.0.57)
+Jul  5 20:32:28 vml000190 rsyncd[12209]: building file list
+Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () file_1 30
+Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner1/datei_2 30
+Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner2/datei_3 30
+Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner3/datei_4 30
+Jul  5 20:32:28 vml000190 rsyncd[12209]: sent 559 bytes  received 128 bytes  total size 12</code>
+<code>/tmp/
+├── file_1
+├── ordner1
+│   └── datei_2
+├── ordner2
+│   └── datei_3
+└── ordner3
+    └── datei_4</code>
+====== Links ======
+  * **[[wiki:start|Zurück zu Projekte und Themenkapitel]]**
+  * **[[http://dokuwiki.nausch.org/doku.php/|Zurück zur Startseite]]**