rsync-Server unter CentOS 8.x einrichten

Bild: rysnc Logo Betreiben wir z.B. ein eigenes Repository, so bietet es sich an anderen den Zugang auch via rsync zur Verfügung zustellen, so dass diese wiederum die Inhalte mit Hilfe des Befehles/client rsync spiegeln können.

Eine genaue Beschreibung dazu findet man auf der rsync web page bzw. auch auf der gut beschriebenen Wikipedia-Seite.

rsync-Daemon installieren

Als erstes installieren wir uns die für den rsyslog-Daemon-Server notwendigen Pakete via dnf.

 #  dnf install rsync-daemon rsync -y

Bei Bedarf informieren wir was bei der Installation der einzelnen Pakete im System installiert wurde.

 # rpm -qil rsync-daemon
 # rpm -qil rsync

rsync-Daemon konfigurieren

Der rsync-Daemon wird über seine Konfigurationsdatei /etc/rsyncd.conf konfiguriert. Alle Konfigurationsparameter und einige Beispiele finden sich in der man-page zur Konfigurationsdatei. Bei Bedarf lohnt sich ein Blick in diese Datei sicherlich!

 # man /etc/rsyncd.conf

Wir legen uns also unsere individuelle Konfigurationsdatei an.

 # vim /etc/rsyncd.conf
/etc/rsyncd.conf
################################################################################
#                                                                              #
#    Django : 2020-07-04 - Musterkonfiguration rsync-Daemon unter CentOS 8     #
#                                                                              #
################################################################################
 
# Eine Aufstellung aller möglichen Variablen findet man in der man-page zu
# rsyncd.conf : # man rsyncd.conf 
# Auf der Webseite https://dokuwiki.nausch.org/doku.php/centos:rsynd_c8
# findet man darüber hinaus noch viele Erklärungen zur Konfiguration des
# rsyn-Daemon.
 
################################################################################
## GLOBAL PARAMETERS
#
 
# This parameter allows you to specify a "message of the day" to display to  
# clients on each connect. This usually contains site information and any 
# legal notices. The default is no motd  file.
# motd file
 
# This parameter tells the rsync daemon to write its process ID to that file.
# If  the file already exists, the rsync daemon will abort rather than overwrite 
# the file.
# pid file = /var/run/rsyncd.pid
 
# Specifies the default port the daemon will listen (defaults to 873).
# port 873
 
# Defines the default IP address where the daemon will listening. The default
# is listening on all IPv4 and IPv6-adresses.
# address
 
# This  parameter specifies  the  user  name or user ID that file transfers 
# to and from that module should take place as when the daemon  was run as 
# root. In combination with the "gid" parameter this determines what file 
# permissions are available. The default when run by a super-user is to 
# switch to the system’s "nobody" user. The default for a non-super-user is 
# to not try to change the user. See also the "gid" parameter.
uid = nobody
 
# This parameter specifies one or more group names/IDs that will be used when
# accessing the module. The first one will be the default group, and any extra 
# ones be set as supplemental groups.
# You may also specify a "*" as the first gid in the list, which will be 
# replaced by all the normal groups for the transfer’s user (see "uid"). The 
# default when run by a super-user is to switch to your OS’s "nobody" (or 
# perhaps "nogroup") group with no other supplementary groups. The default for
# a non-super-user is to not change any group attributes (and indeed, your OS
# may not allow a non-super-user to try to change their group settings).
gid = nobody
 
# When the "log file" parameter is set to a non-empty string, the rsync daemon
# will log messages to the indicated file rather than using syslog. This is 
# particularly useful on systems (such as AIX) where syslog() doesn’t work for
# chrooted programs. The file is opened before chroot() is called, allowing it 
# to be placed outside the transfer. If this value is set on a per-module basis
# instead of globally, the global log will still contain any authorization 
# failures or config-file error messages.
# If the daemon fails to open the specified file, it will fall back to using
# syslog and output an error about the failure.
# log file = /var/log/rsyncd.log
 
# This parameter allows you to specify the syslog tag to use when logging 
# messages from the rsync daemon. The default is "rsyncd".
# This setting has no effect if the "log file" setting is a non-empty string
# (either set in the per-modules settings, or inherited from the global 
# settings).
# syslog tag = rsyncd
 
# This parameter allows you to specify the syslog facility name to use when 
# logging messages from the rsync daemon. You may use any standard syslog 
# facility name which is defined on your system.
# Common names are auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news,
# security, syslog, user, uucp, local0, local1, local2, local3, local4, local5,
# local6 and local7. The default is daemon. This setting has no effect if the 
# "log file" setting is a non-empty string (either set in the per-modules 
# settings, or inherited from the global settings).
# syslog facility = daemon
 
# This parameter enables per-file logging of downloads and uploads in a format 
# somewhat similar to that used by ftp daemons. The daemon always logs the 
# transfer at the end, so if a transfer is aborted, no mention will be made in 
# the log file.
# transfer logging = yes
 
# This parameter allows you to specify the maximum number of simultaneous 
# connections you will allow. Any clients connecting when the maximum has been
# reached will receive a message telling them to try later. The default is 0, 
# which means no limit. A negative value disables the module. 
# max connections = 0
 
# This parameter specifies the directory in the daemon’s filesystem to make 
# available in this module. You must specify this parameter for each module 
# in rsyncd.conf.
# path = /home/ftp
 
# This parameter takes a space-separated list of daemon exclude patterns. As
# with the client --exclude option, patterns can be qualified with "-  " or
# "+   " to explicitly indicate exclude/include. Only one "exclude" parameter
# can apply to a given module. 
# exclude = lost+found/
 
# If "use chroot" is true, the rsync daemon will chroot to the "path" before 
# starting the file transfer with the client. This has the advantage of extra 
# protection against possible implementation security holes, but it has the 
# disadvantages of requiring super-user privileges, of not being able to 
# follow symbolic links that are either absolute or outside of the new root
# path and of complicating the preservation of users and groups by name
# See rsyncd.conf man page for more options.
# use chroot = yes
 
# This parameter allows you to override the clients choice for I/O timeout for
# this module. Using this parameter you can ensure that rsync won’t wait on a 
# dead client forever. The timeout is pecified in seconds. A value of zero 
# means no timeout and is the  default. A good choice for anonymous rsync 
# daemons may be 600 (giving a 10 minute timeout).
timeout = 600
 
# This tells the rsync daemon to completely ignore files that are not readable
# by the user. This is useful for public archives that may have some non-read-
# able files among the directories, and the sysadmin doesn’t want those files 
# to be seen at all.
# ignore nonreadable = yes
 
# This parameter allows you to select filenames based on wildcard patterns that
# should not be compressed when pulling files from the daemon (no analogous 
# parameter exists to govern the pushing of files to a daemon). Compression is
# expensive in terms of CPU usage, so itis usually good to not try to compress 
# files that won’t compress well, such as already compressed files.
# The "dont compress" parameter takes a space-separated list of case-insensi-
# tive wildcard patterns. Any source filename matching one of the patterns will
# not be compressed during transfer.
# dont compress   = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2
 
################################################################################
## MODULES
#
# A module begins with the name of the module in square brackets and continues 
# until the next module begins. Modules contain parameters of the form 
# "name = value".
 
# This parameter specifies the directory in the daemon’s filesystem to make 
# available in this module. You must specify this parameter for each module in
# rsyncd.conf.
# path = /srv/rsync-path
 
# This parameter specifies a description string that is displayed next to the 
# module name when clients obtain a list of available modules. 
# The default is no comment.
# comment = 
 
# This parameter determines whether this module is listed when the client asks
# for a listing of available modules. In addition, if this is false, the daemon
# will pretend the module does not exist when a client denied by "hosts allow"
# or "hosts deny" attempts to access it. Realize that if "reverse lookup" is 
# disabled globally but enabled for the module, the resulting reverse lookup
# to a potentially client-controlled DNS server may still reveal to the client
# that it hit an existing module. The default is for modules to be listable.
# list = yes
 
# This parameter allows you to specify a list of comma- and/or whitespace-
# separated patterns that are matched against a connecting  clients hostname
# and IP address. If the pattern matches then the connection is rejected.
# hosts deny = 192.168.1.0/24
 
# This parameter allows you to specify a list of comma- and/or whitespace-
# separated patterns that are matched against a connecting  client’s  
# hostname and IP address. If none of the patterns match, then the connec-
# tion is rejected.
# hosts allow = *.nausch.org
 
# Module examples:
# [ftp]
# path            = /var/ftp/./pub
# comment         = whole ftp area (approx 6.1 GB)
#
# [object]
# max connections = 2
# path            = /srv/node/
# read only       = false
# write only      = no
# list            = yes
# incoming chmod  = 0644
# outgoing chmod  = 0644
# lock file       = /var/lock/object.lock
# hosts allow     = *.nausch.org
 
#[REPO]
#path       = /srv/public/nausch.org/
#comment    = repo.nausch.org
#allow = 88.217.171.167
 
[demo]
max connections = 2
path            = /var/lib/tftpboot/
comment         = Demo für rsync Daemon Artikel in Djangos WIKI
list            = yes
hosts allow     = 10.0.0.0/24

rsynd.service starten

Nun ist es an der Zeit unseren rsync-Daemon Server das erste mal mit Hilfe von systemd zu starten.

 # systemctl start rsyncd.service

Im Syslog wird uns der Start des Daemon entsprechend protokolliert.

Jul  5 00:03:30 vml000190 rsyncd[5920]: rsyncd version 3.1.3 starting, listening on port 873

Ob auf unserem Server nun der TFTP Server läuft und auf Port 69 horcht können wir bei Bedarf auch noch überprüfen.

 # netstat -tulpen | grep 873

tcp        0      0 0.0.0.0:873             0.0.0.0:*               LISTEN      0          428589     5920/rsync
tcp6       0      0 :::873                  :::*                    LISTEN      0          428590     5920/rsync

Ebenso kann man den Status des Daemons mit Hilfe des Befehls systemctl abfragen.

 # systemctl status rsyncd.service

 rsyncd.service - fast remote file copy program daemon
   Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled)
   Active:active (running) since Sun 2020-07-05 00:03:30 CEST; 3min 48s ago
 Main PID: 5920 (rsync)
    Tasks: 1 (limit: 12494)
   Memory: 264.0K
   CGroup: /system.slice/rsyncd.service
           └─5920 /usr/bin/rsync --daemon --no-detach

Jul 05 00:03:30 vml000190.dmz.nausch.org systemd[1]: Started fast remote file copy program daemon.
Jul 05 00:03:30 vml000190.dmz.nausch.org rsyncd[5920]: rsyncd version 3.1.3 starting, listening on port 873

Den automatischen Start unseres TFTP-Serverdienstes aktivieren wir für den Systemstart nun noch mit:

 # systemctl enable rsyncd.service
Created symlink /etc/systemd/system/multi-user.target.wants/rsyncd.service → /usr/lib/systemd/system/rsyncd.service.

Ob der rsyncd-Service gestartet wird können wir bei Bedarf wie folgt abfragen:

 # systemctl is-enabled rsyncd.service
enabled

Firewall-Daemon anpassen

Damit die Clients später Verbindungsanfragen zu dem geöffneten Port tftp/873unseres rsync-Daemon stellen können, müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.

Unter CentOS 8 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.

Im ersten Konfigurationsbeispiel werden wir nun den Port 873/tcp für alle öffnen, also unabhängig von der source-IP-Adresse können alle vbeliebeigen clients Daten synchronisieren. Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public für den Port *873/tcp an.

 # firewall-cmd --permanent --zone=public --add-port=873/tcp
success

Anschliessend können wir den Firewall-Daemon einmal durchstarten und überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.

 # firewall-cmd --reload
success

Zum Abfragen ob der Port 873/tcp in der Zone public geöffnet ist verwenden wir folgenden Befehl:

 # firewall-cmd --zone=public --list-ports
873/tcp

Wollen wir den Zugriff auf einen spezifischen Host beschränken, werden wir das im zweiten Beispile nun wie folgt konfigurieren.

# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="88.217.171.167/32" port protocol="tcp" port="873" destination address="10.0.0.190/32" accept"

Hiermit wird also der Zugriff nur für den Host mit der IP-Adresse 88.217.171.167/32 gestattet, alle anderen Hostanfragen werden geblockt.

Nun können wir den Firewall-Daemon einmal durchstarten und überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.

 # firewall-cmd --reload
success

Zum Abfragen ob unsere rich-rule gezogen hat, so dass ausschließlich der Host mit der IP-Adresse 88.217.171.167/32 den Zielhost 10.0.0.190/32 auf dem Port 873/tcp in der Zone public erreichen kann, erfahren wir wie folgt:

 # firewall-cmd --zone=public --list-rich-rules
rule family="ipv4" source address="88.217.171.167/32" destination address="10.0.0.190/32" port port="873" protocol="tcp" accept

Da wir aber in unserer Produktiven Umgebung alle Server, Dienste und Services mit Hilfe von Ansible werden wir natürlich auch für unseren rsync-Daemon dies über eine entsprechende Ansible-Rolle ansible-role-rsync.tar.gz1) erledigen lassen.

Wir holen uns also das Verzeichnis mit der role auf unseren Rechner.

 $ wget https://dokuwiki.nausch.org/lib/exe/fetch.php/centos:pxe_c8:ansible-role-rsync.tar.gz -O ansible-role-rsync.tar.gz

Da wir bei der Installation und Konfiguration von Ansible bereits das Ansible Directory Layout erzeugt hatten, brauchen wir nur noch das heruntergeladene Archiv an Ort und Stelle entpacken.

 $ tar -xvf ansible-role-rsync.tar.gz -C ~/ansible/roles/

Jetzt brauchen wir nur noch die Rolle unserem Server rsync-server zuordnen.

 $ vim ~/ansible/rsync.yml
~/ansible/rsync.yml
--- # Start des Playbooks für den rsyncd-Server
- hosts: rsync-server
 
  roles:
    #- base   # Basiskonfiguration (User anlegen)
    #- chrony # Installation und Konfiguration NTP-Client
    - rsync   # Installation und Konfiguration rsync-Daemon
 
... # Ende des Playbooks für den rsyncd-Server

Bevor wir nun das Playbook ausführen, passen wir noch ggf. die Firewall-Einstellungen an. Beispiele dazu sind im entsprechenden task bereits vermerkt.

 $ vim ~/ansible/roles/rsync/tasks/firewall.yml
~/ansible/roles/rsync/tasks/firewall.yml
---
  - name: "*{{ daemon_name }}* : Firewall-Daemon für den {{ daemon_name }} anpassen"
    firewalld: #https://docs.ansible.com/ansible/latest/modules/firewalld_module.html
      zone: public
      port: 873/tcp
      permanent: yes
      immediate: yes
      state: enabled
      #
      #zone: public
      #rich_rule: rule family="ipv4" source address="88.217.171.167/32" port protocol="tcp" port="873" destination address="10.0.0.190/32" accept
      #permanent: yes
      #immediate: yes
      #state: enabled

Die Definition der Parameter für den rsyncd erfolgt über die Variablen-Datei ~/ansible/roles/rsync/vars/main.yml

 $ vim ~/ansible/roles/rsync/vars/main.yml
~/ansible/roles/rsync/vars/main.yml
--- # Definition der rollenspezifische Variablen zum rsync Daemon
daemon_name              : rsyncd
config_file              : /etc/rsyncd.conf
config_backup_file       : /etc/rsyncd.conf.orig
template_file            : templates/rsyncd.conf.j2
# rsyncd config-options
rsyncd_motd              : "# motd file"
rsyncd_pid               : "# pid file = /var/run/rsyncd.pid"
rsyncd_port              : "# port 873"
rsyncd_address           : "# address"
rsyncd_uid               : "uid = nobody"
rsyncd_gid               : "gid = nobody"
rsyncd_log_file          : "# log file = /var/log/rsyncd.log"
rsyncd_syslog_tag        : "# syslog tag = rsyncd"
rsyncd_syslog_facility   : "# syslog facility = daemon"
rsyncd_transfer_logging  : "transfer logging = yes"
rsyncd_max_connections   : "# max connections = 0"
rsyncd_path              : "# path = /home/ftp"
rsyncd_exclude           : "# exclude = lost+found/"
rsyncd_use_chroot        : "# use chroot = yes"
rsyncd_timeout           : "timeout = 600"
rsyncd_ignore_nonreadable: "# ignore nonreadable = yes"
rsyncd_dont_compress     : "dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2"
rsyncd_module            : "[demo]\nmax connections = 2\npath            = /srv/tftp/test\ncomment         = Demo für rsync Daemon Artikel in Djangos WIKI\nlist            = yes\nhosts allow     = 10.10.10.0/26\n"

Wenn man die hostspezfische Konfiguration des rsync-Daemon lieber in der Host-spezifischen Konfiguration vornehmen möchte, braucht man die # rsyncd config-options nur hier bei der Rolle auskommentieren bzw. löschen und in die Hostvariable im Inverntory aufnehmen.

WICHTIG: Variablen in der Rollen-Konfiguration überschreiben (gleichlautende) Variablen-Definitionen aus dem Inventory!

Nun brauchen wir nur noch das Playbook ausführen und unser TFTP-Server steht bereit.

 $ ansible-playbook -v ~/ansible/rsync.yml

Using /home/ansible/.ansible.cfg as config file
BECOME password: 

PLAY [rsync-server] ********************************************************************************************************************

TASK [Gathering Facts] *****************************************************************************************************************
ok: [rsync-server]
TASK [*rsyncd* : Installation der relevanten Pakete (in der aktuellsten Version) für den rsyncd] *************************************** changed: [rsync-server] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: rsync-daemon-3.1.3-7.el8.noarch", "Installed: rsync-3.1.3-7.el8.x86_64"]}
TASK [*rsyncd* : 1) Überprüfen ob das Backup der Konfigurationsdatei '/etc/rsyncd.conf' bereits existiert] ***************************** ok: [rsync-server] => {"changed": false, "stat": {"exists": false}}
TASK [*rsyncd* : 2) Von der bestehenden originalen Konfigurationsdatei '/etc/rsyncd.conf' ein Backup '/etc/rsyncd.conf.orig' erstellen]* changed: [rsync-server] => {"changed": true, "checksum": "5400f2739a22e6831dbf9a26a8946821c21ce844", "dest": "/etc/rsyncd.conf.orig", "gid": 0, "group": "root", "md5sum": "c63fccb45c0dcbbbe17d0f4bdba920ec", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 458, "src": "/etc/rsyncd.conf", "state": "file", "uid": 0}
TASK [*rsyncd* : Template Konfigurationsdatei an Ort und Stelle kopieren und Variablen setzen] ***************************************** changed: [rsync-server] => {"changed": true, "checksum": "0b4dff047064222e2952157d9840b2a93f89b26a", "dest": "/etc/rsyncd.conf", "gid": 0, "group": "root", "md5sum": "5f18235a7e8444010877fe3975641c9d", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:rsync_etc_t:s0", "size": 9459, "src": "/home/ansible/.ansible/tmp/ansible-tmp-1593968476.9547315-8021-252894376954121/source", "state": "file", "uid": 0}
TASK [*rsyncd* : Firewall-Daemon für den rsyncd anpassen] ****************************************************************************** changed: [rsync-server] => {"changed": true, "msg": "Permanent and Non-Permanent(immediate) operation, Changed port 873/tcp to enabled"}
TASK [*rsyncd* : Sicherstellen dass der rsyncd gestartet wird und läuft] *************************************************************** changed: [rsync-server] => {"changed": true, "enabled": true, "name": "rsyncd.service", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket basic.target sysinit.target system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "fast remote file copy program daemon", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/rsyncd (ignore_errors=no)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/bin/rsync ; argv[]=/usr/bin/rsync --daemon --no-detach $OPTIONS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/rsyncd.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "rsyncd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "7809", "LimitNPROCSoft": "7809", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "7809", "LimitSIGPENDINGSoft": "7809", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "rsyncd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "12494", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}
PLAY RECAP ************************************************************************************************************************************* tftp-server : ok=7 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0

Testordner und -dateien anlegen

Für unseren Test legen wir uns einfach eine kleine Textdatei im Arbeitsverzeichnis /srv/tftp/test/ und ein paar Testdokumente an, die unser rsync-Dameon später ausliefern soll.

 # mkdir -p /srv/tftp/test/{ordner1,ordner2,ordner3}
 # date > /srv/tftp/test/file_1
 # date > /srv/tftp/test/ordner1/datei_2
 # date > /srv/tftp/test/ordner2/datei_3
 # date > /srv/tftp/test/ordner3/datei_4

Somit haben wir im Speicherpfad, auf den unser rsync-Daemon zugreifen kann folgende Teststruktur.

/srv/tftp/test/
├── file_1
├── ordner1
│   └── datei_2
├── ordner2
│   └── datei_3
└── ordner3
    └── datei_4

Testdatei transferieren

Anschließend melden wir uns auf einem Host im zugehörigen Netzwerksegemnt an, auf dem das RPM-Paket rsync (Client) installiert ist, an.

Im ersten schritt fragen wir unseren rsync-server welche Module der Server anbietet.

 # /usr/bin/rsync rsync://demo.dmz.nausch.org
demo           	Demo für rsync Daemon Artikel in Djangos WIKI

Wir sehen also das Modul demo mit der zugehörigen Beschreibung Demo für rsync Daemon Artikel in Djangos WIKI. Im syslog unseres rsync-Servers wird dies auch entsprechend protokolliert.

Jul  5 20:28:37 vml000190 rsyncd[12198]: connect from vml000057.dmz.nausch.org (10.0.0.57)
Jul  5 20:28:37 vml000190 rsyncd[12198]: module-list request from vml000057.dmz.nausch.org (10.0.0.57)

Als nächstes holen wir uns den Inhalt unserer Testumgebung auf den Clientrechner:

 # /usr/bin/rsync -vrlptD rsync://demo.dmz.nausch.org:/demo/ /tmp/
receiving incremental file list
./
file_1
ordner1/
ordner1/datei_2
ordner2/
ordner2/datei_3
ordner3/
ordner3/datei_4

sent 123 bytes  received 539 bytes  1,324.00 bytes/sec
total size is 120  speedup is 0.18

Im syslog wird dies entsprechend protokolliert.

Jul  5 20:32:28 vml000190 rsyncd[12209]: connect from vml000057.dmz.nausch.org (10.0.0.57)
Jul  5 20:32:28 vml000190 rsyncd[12209]: rsync on demo/ from vml000057.dmz.nausch.org (10.0.0.57)
Jul  5 20:32:28 vml000190 rsyncd[12209]: building file list
Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () file_1 30
Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner1/datei_2 30
Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner2/datei_3 30
Jul  5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner3/datei_4 30
Jul  5 20:32:28 vml000190 rsyncd[12209]: sent 559 bytes  received 128 bytes  total size 12
/tmp/
├── file_1
├── ordner1
│   └── datei_2
├── ordner2
│   └── datei_3
└── ordner3
    └── datei_4

Links


1)
Version v1 vom 05.07.2020
Diese Website verwendet Cookies. Durch die Nutzung der Website stimmen Sie dem Speichern von Cookies auf Ihrem Computer zu. Außerdem bestätigen Sie, dass Sie unsere Datenschutzbestimmungen gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website.Weitere Information
  • centos/rsynd_c8.txt
  • Zuletzt geändert: 18.11.2024 19:02.
  • von 127.0.0.1