rsync-Server unter CentOS 8.x einrichten
Betreiben wir z.B. ein eigenes Repository, so bietet es sich an anderen den Zugang auch via rsync zur Verfügung zustellen, so dass diese wiederum die Inhalte mit Hilfe des Befehles/client rsync
spiegeln können.
Eine genaue Beschreibung dazu findet man auf der rsync web page bzw. auch auf der gut beschriebenen Wikipedia-Seite.
Installation und Konfiguration
manuelle Weg
rsync-Daemon installieren
Als erstes installieren wir uns die für den rsyslog-Daemon-Server notwendigen Pakete via dnf
.
# dnf install rsync-daemon rsync -y
Bei Bedarf informieren wir was bei der Installation der einzelnen Pakete im System installiert wurde.
# rpm -qil rsync-daemon # rpm -qil rsync
rsync-Daemon konfigurieren
Der rsync-Daemon wird über seine Konfigurationsdatei /etc/rsyncd.conf
konfiguriert. Alle Konfigurationsparameter und einige Beispiele finden sich in der man-page zur Konfigurationsdatei.
Bei Bedarf lohnt sich ein Blick in diese Datei sicherlich!
# man /etc/rsyncd.conf
Wir legen uns also unsere individuelle Konfigurationsdatei an.
# vim /etc/rsyncd.conf
- /etc/rsyncd.conf
################################################################################ # # # Django : 2020-07-04 - Musterkonfiguration rsync-Daemon unter CentOS 8 # # # ################################################################################ # Eine Aufstellung aller möglichen Variablen findet man in der man-page zu # rsyncd.conf : # man rsyncd.conf # Auf der Webseite https://dokuwiki.nausch.org/doku.php/centos:rsynd_c8 # findet man darüber hinaus noch viele Erklärungen zur Konfiguration des # rsyn-Daemon. ################################################################################ ## GLOBAL PARAMETERS # # This parameter allows you to specify a "message of the day" to display to # clients on each connect. This usually contains site information and any # legal notices. The default is no motd file. # motd file # This parameter tells the rsync daemon to write its process ID to that file. # If the file already exists, the rsync daemon will abort rather than overwrite # the file. # pid file = /var/run/rsyncd.pid # Specifies the default port the daemon will listen (defaults to 873). # port 873 # Defines the default IP address where the daemon will listening. The default # is listening on all IPv4 and IPv6-adresses. # address # This parameter specifies the user name or user ID that file transfers # to and from that module should take place as when the daemon was run as # root. In combination with the "gid" parameter this determines what file # permissions are available. The default when run by a super-user is to # switch to the system’s "nobody" user. The default for a non-super-user is # to not try to change the user. See also the "gid" parameter. uid = nobody # This parameter specifies one or more group names/IDs that will be used when # accessing the module. The first one will be the default group, and any extra # ones be set as supplemental groups. # You may also specify a "*" as the first gid in the list, which will be # replaced by all the normal groups for the transfer’s user (see "uid"). The # default when run by a super-user is to switch to your OS’s "nobody" (or # perhaps "nogroup") group with no other supplementary groups. The default for # a non-super-user is to not change any group attributes (and indeed, your OS # may not allow a non-super-user to try to change their group settings). gid = nobody # When the "log file" parameter is set to a non-empty string, the rsync daemon # will log messages to the indicated file rather than using syslog. This is # particularly useful on systems (such as AIX) where syslog() doesn’t work for # chrooted programs. The file is opened before chroot() is called, allowing it # to be placed outside the transfer. If this value is set on a per-module basis # instead of globally, the global log will still contain any authorization # failures or config-file error messages. # If the daemon fails to open the specified file, it will fall back to using # syslog and output an error about the failure. # log file = /var/log/rsyncd.log # This parameter allows you to specify the syslog tag to use when logging # messages from the rsync daemon. The default is "rsyncd". # This setting has no effect if the "log file" setting is a non-empty string # (either set in the per-modules settings, or inherited from the global # settings). # syslog tag = rsyncd # This parameter allows you to specify the syslog facility name to use when # logging messages from the rsync daemon. You may use any standard syslog # facility name which is defined on your system. # Common names are auth, authpriv, cron, daemon, ftp, kern, lpr, mail, news, # security, syslog, user, uucp, local0, local1, local2, local3, local4, local5, # local6 and local7. The default is daemon. This setting has no effect if the # "log file" setting is a non-empty string (either set in the per-modules # settings, or inherited from the global settings). # syslog facility = daemon # This parameter enables per-file logging of downloads and uploads in a format # somewhat similar to that used by ftp daemons. The daemon always logs the # transfer at the end, so if a transfer is aborted, no mention will be made in # the log file. # transfer logging = yes # This parameter allows you to specify the maximum number of simultaneous # connections you will allow. Any clients connecting when the maximum has been # reached will receive a message telling them to try later. The default is 0, # which means no limit. A negative value disables the module. # max connections = 0 # This parameter specifies the directory in the daemon’s filesystem to make # available in this module. You must specify this parameter for each module # in rsyncd.conf. # path = /home/ftp # This parameter takes a space-separated list of daemon exclude patterns. As # with the client --exclude option, patterns can be qualified with "- " or # "+ " to explicitly indicate exclude/include. Only one "exclude" parameter # can apply to a given module. # exclude = lost+found/ # If "use chroot" is true, the rsync daemon will chroot to the "path" before # starting the file transfer with the client. This has the advantage of extra # protection against possible implementation security holes, but it has the # disadvantages of requiring super-user privileges, of not being able to # follow symbolic links that are either absolute or outside of the new root # path and of complicating the preservation of users and groups by name # See rsyncd.conf man page for more options. # use chroot = yes # This parameter allows you to override the clients choice for I/O timeout for # this module. Using this parameter you can ensure that rsync won’t wait on a # dead client forever. The timeout is pecified in seconds. A value of zero # means no timeout and is the default. A good choice for anonymous rsync # daemons may be 600 (giving a 10 minute timeout). timeout = 600 # This tells the rsync daemon to completely ignore files that are not readable # by the user. This is useful for public archives that may have some non-read- # able files among the directories, and the sysadmin doesn’t want those files # to be seen at all. # ignore nonreadable = yes # This parameter allows you to select filenames based on wildcard patterns that # should not be compressed when pulling files from the daemon (no analogous # parameter exists to govern the pushing of files to a daemon). Compression is # expensive in terms of CPU usage, so itis usually good to not try to compress # files that won’t compress well, such as already compressed files. # The "dont compress" parameter takes a space-separated list of case-insensi- # tive wildcard patterns. Any source filename matching one of the patterns will # not be compressed during transfer. # dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2 ################################################################################ ## MODULES # # A module begins with the name of the module in square brackets and continues # until the next module begins. Modules contain parameters of the form # "name = value". # This parameter specifies the directory in the daemon’s filesystem to make # available in this module. You must specify this parameter for each module in # rsyncd.conf. # path = /srv/rsync-path # This parameter specifies a description string that is displayed next to the # module name when clients obtain a list of available modules. # The default is no comment. # comment = # This parameter determines whether this module is listed when the client asks # for a listing of available modules. In addition, if this is false, the daemon # will pretend the module does not exist when a client denied by "hosts allow" # or "hosts deny" attempts to access it. Realize that if "reverse lookup" is # disabled globally but enabled for the module, the resulting reverse lookup # to a potentially client-controlled DNS server may still reveal to the client # that it hit an existing module. The default is for modules to be listable. # list = yes # This parameter allows you to specify a list of comma- and/or whitespace- # separated patterns that are matched against a connecting clients hostname # and IP address. If the pattern matches then the connection is rejected. # hosts deny = 192.168.1.0/24 # This parameter allows you to specify a list of comma- and/or whitespace- # separated patterns that are matched against a connecting client’s # hostname and IP address. If none of the patterns match, then the connec- # tion is rejected. # hosts allow = *.mailserver.guru # Module examples: # [ftp] # path = /var/ftp/./pub # comment = whole ftp area (approx 6.1 GB) # # [object] # max connections = 2 # path = /srv/node/ # read only = false # write only = no # list = yes # incoming chmod = 0644 # outgoing chmod = 0644 # lock file = /var/lock/object.lock # hosts allow = *.mailserver.guru #[REPO] #path = /srv/public/mailserver.guru/ #comment = repo.mailserver.guru #allow = 88.217.171.167 [demo] max connections = 2 path = /var/lib/tftpboot/ comment = Demo für rsync Daemon Artikel in Djangos WIKI list = yes hosts allow = 10.0.0.0/24
rsynd.service starten
Nun ist es an der Zeit unseren rsync-Daemon Server das erste mal mit Hilfe von systemd zu starten.
# systemctl start rsyncd.service
Im Syslog wird uns der Start des Daemon entsprechend protokolliert.
Jul 5 00:03:30 vml000190 rsyncd[5920]: rsyncd version 3.1.3 starting, listening on port 873
Ob auf unserem Server nun der TFTP Server läuft und auf Port 69 horcht können wir bei Bedarf auch noch überprüfen.
# netstat -tulpen | grep 873
tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN 0 428589 5920/rsync tcp6 0 0 :::873 :::* LISTEN 0 428590 5920/rsync
Ebenso kann man den Status des Daemons mit Hilfe des Befehls systemctl abfragen.
# systemctl status rsyncd.service
● rsyncd.service - fast remote file copy program daemon Loaded: loaded (/usr/lib/systemd/system/rsyncd.service; disabled; vendor preset: disabled) Active:active (running) since Sun 2020-07-05 00:03:30 CEST; 3min 48s ago Main PID: 5920 (rsync) Tasks: 1 (limit: 12494) Memory: 264.0K CGroup: /system.slice/rsyncd.service └─5920 /usr/bin/rsync --daemon --no-detach Jul 05 00:03:30 vml000190.dmz.nausch.org systemd[1]: Started fast remote file copy program daemon. Jul 05 00:03:30 vml000190.dmz.nausch.org rsyncd[5920]: rsyncd version 3.1.3 starting, listening on port 873
Den automatischen Start unseres TFTP-Serverdienstes aktivieren wir für den Systemstart nun noch mit:
# systemctl enable rsyncd.service
Created symlink /etc/systemd/system/multi-user.target.wants/rsyncd.service → /usr/lib/systemd/system/rsyncd.service.
Ob der rsyncd-Service gestartet wird können wir bei Bedarf wie folgt abfragen:
# systemctl is-enabled rsyncd.service
enabled
Firewall-Daemon anpassen
Damit die Clients später Verbindungsanfragen zu dem geöffneten Port tftp/873unseres rsync-Daemon stellen können, müssen wir für diese noch Änderungen am Paketfilter firewalld vornehmen.
Unter CentOS 8 wird als Standard-Firewall die dynamische firewalld verwendet. Ein großer Vorteil der dynamischen Paketfilterregeln ist unter anderem, dass zur Aktivierung der neuen Firewall-Regel(n) nicht der Daemon durchgestartet werden muss und somit alle aktiven Verbindungen kurz getrennt werden. Sondern unsere Änderungen können on-the-fly aktiviert oder auch wieder deaktiviert werden.
Im ersten Konfigurationsbeispiel werden wir nun den Port 873/tcp für alle öffnen, also unabhängig von der source-IP-Adresse können alle vbeliebeigen clients Daten synchronisieren. Mit Hilfe des Programms firewall-cmd legen wir nun eine permanente Regel in der Zone public für den Port *873/tcp an.
# firewall-cmd --permanent --zone=public --add-port=873/tcp
success
Anschliessend können wir den Firewall-Daemon einmal durchstarten und überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
# firewall-cmd --reload
success
Zum Abfragen ob der Port 873/tcp in der Zone public geöffnet ist verwenden wir folgenden Befehl:
# firewall-cmd --zone=public --list-ports
873/tcp
Wollen wir den Zugriff auf einen spezifischen Host beschränken, werden wir das im zweiten Beispile nun wie folgt konfigurieren.
# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="88.217.171.167/32" port protocol="tcp" port="873" destination address="10.0.0.190/32" accept"
Hiermit wird also der Zugriff nur für den Host mit der IP-Adresse 88.217.171.167/32 gestattet, alle anderen Hostanfragen werden geblockt.
Nun können wir den Firewall-Daemon einmal durchstarten und überprüfen, ob die Regeln auch entsprechend unserer Definition, gezogen haben.
# firewall-cmd --reload
success
Zum Abfragen ob unsere rich-rule gezogen hat, so dass ausschließlich der Host mit der IP-Adresse 88.217.171.167/32 den Zielhost 10.0.0.190/32 auf dem Port 873/tcp in der Zone public erreichen kann, erfahren wir wie folgt:
# firewall-cmd --zone=public --list-rich-rules
rule family="ipv4" source address="88.217.171.167/32" destination address="10.0.0.190/32" port port="873" protocol="tcp" accept
automatisierter Weg mit Hilfe von Ansible
Da wir aber in unserer Produktiven Umgebung alle Server, Dienste und Services mit Hilfe von Ansible werden wir natürlich auch für unseren rsync-Daemon dies über eine entsprechende Ansible-Rolle ansible-role-rsync.tar.gz1) erledigen lassen.
Wir holen uns also das Verzeichnis mit der role auf unseren Rechner.
$ wget https://dokuwiki.nausch.org/lib/exe/fetch.php/centos:pxe_c8:ansible-role-rsync.tar.gz -O ansible-role-rsync.tar.gz
Da wir bei der Installation und Konfiguration von Ansible bereits das Ansible Directory Layout
erzeugt hatten, brauchen wir nur noch das heruntergeladene Archiv an Ort und Stelle entpacken.
$ tar -xvf ansible-role-rsync.tar.gz -C ~/ansible/roles/
Jetzt brauchen wir nur noch die Rolle unserem Server rsync-server zuordnen.
$ vim ~/ansible/rsync.yml
- ~/ansible/rsync.yml
--- # Start des Playbooks für den rsyncd-Server - hosts: rsync-server roles: #- base # Basiskonfiguration (User anlegen) #- chrony # Installation und Konfiguration NTP-Client - rsync # Installation und Konfiguration rsync-Daemon ... # Ende des Playbooks für den rsyncd-Server
Bevor wir nun das Playbook ausführen, passen wir noch ggf. die Firewall-Einstellungen an. Beispiele dazu sind im entsprechenden task
bereits vermerkt.
$ vim ~/ansible/roles/rsync/tasks/firewall.yml
- ~/ansible/roles/rsync/tasks/firewall.yml
--- - name: "*{{ daemon_name }}* : Firewall-Daemon für den {{ daemon_name }} anpassen" firewalld: #https://docs.ansible.com/ansible/latest/modules/firewalld_module.html zone: public port: 873/tcp permanent: yes immediate: yes state: enabled # #zone: public #rich_rule: rule family="ipv4" source address="88.217.171.167/32" port protocol="tcp" port="873" destination address="10.0.0.190/32" accept #permanent: yes #immediate: yes #state: enabled
Die Definition der Parameter für den rsyncd
erfolgt über die Variablen-Datei ~/ansible/roles/rsync/vars/main.yml
$ vim ~/ansible/roles/rsync/vars/main.yml
- ~/ansible/roles/rsync/vars/main.yml
--- # Definition der rollenspezifische Variablen zum rsync Daemon daemon_name : rsyncd config_file : /etc/rsyncd.conf config_backup_file : /etc/rsyncd.conf.orig template_file : templates/rsyncd.conf.j2 # rsyncd config-options rsyncd_motd : "# motd file" rsyncd_pid : "# pid file = /var/run/rsyncd.pid" rsyncd_port : "# port 873" rsyncd_address : "# address" rsyncd_uid : "uid = nobody" rsyncd_gid : "gid = nobody" rsyncd_log_file : "# log file = /var/log/rsyncd.log" rsyncd_syslog_tag : "# syslog tag = rsyncd" rsyncd_syslog_facility : "# syslog facility = daemon" rsyncd_transfer_logging : "transfer logging = yes" rsyncd_max_connections : "# max connections = 0" rsyncd_path : "# path = /home/ftp" rsyncd_exclude : "# exclude = lost+found/" rsyncd_use_chroot : "# use chroot = yes" rsyncd_timeout : "timeout = 600" rsyncd_ignore_nonreadable: "# ignore nonreadable = yes" rsyncd_dont_compress : "dont compress = *.gz *.tgz *.zip *.z *.Z *.rpm *.deb *.bz2" rsyncd_module : "[demo]\nmax connections = 2\npath = /srv/tftp/test\ncomment = Demo für rsync Daemon Artikel in Djangos WIKI\nlist = yes\nhosts allow = 10.10.10.0/26\n"
Wenn man die hostspezfische Konfiguration des rsync-Daemon lieber in der Host-spezifischen Konfiguration vornehmen möchte, braucht man die # rsyncd config-options nur hier bei der Rolle auskommentieren bzw. löschen und in die Hostvariable im Inverntory aufnehmen.
WICHTIG: Variablen in der Rollen-Konfiguration überschreiben (gleichlautende) Variablen-Definitionen aus dem Inventory!
Nun brauchen wir nur noch das Playbook ausführen und unser TFTP-Server steht bereit.
$ ansible-playbook -v ~/ansible/rsync.yml
Using /home/ansible/.ansible.cfg as config file BECOME password: PLAY [rsync-server] ******************************************************************************************************************** TASK [Gathering Facts] ***************************************************************************************************************** ok: [rsync-server]
TASK [*rsyncd* : Installation der relevanten Pakete (in der aktuellsten Version) für den rsyncd] *************************************** changed: [rsync-server] => {"changed": true, "msg": "", "rc": 0, "results": ["Installed: rsync-daemon-3.1.3-7.el8.noarch", "Installed: rsync-3.1.3-7.el8.x86_64"]}
TASK [*rsyncd* : 1) Überprüfen ob das Backup der Konfigurationsdatei '/etc/rsyncd.conf' bereits existiert] ***************************** ok: [rsync-server] => {"changed": false, "stat": {"exists": false}}
TASK [*rsyncd* : 2) Von der bestehenden originalen Konfigurationsdatei '/etc/rsyncd.conf' ein Backup '/etc/rsyncd.conf.orig' erstellen]* changed: [rsync-server] => {"changed": true, "checksum": "5400f2739a22e6831dbf9a26a8946821c21ce844", "dest": "/etc/rsyncd.conf.orig", "gid": 0, "group": "root", "md5sum": "c63fccb45c0dcbbbe17d0f4bdba920ec", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:etc_t:s0", "size": 458, "src": "/etc/rsyncd.conf", "state": "file", "uid": 0}
TASK [*rsyncd* : Template Konfigurationsdatei an Ort und Stelle kopieren und Variablen setzen] ***************************************** changed: [rsync-server] => {"changed": true, "checksum": "0b4dff047064222e2952157d9840b2a93f89b26a", "dest": "/etc/rsyncd.conf", "gid": 0, "group": "root", "md5sum": "5f18235a7e8444010877fe3975641c9d", "mode": "0644", "owner": "root", "secontext": "system_u:object_r:rsync_etc_t:s0", "size": 9459, "src": "/home/ansible/.ansible/tmp/ansible-tmp-1593968476.9547315-8021-252894376954121/source", "state": "file", "uid": 0}
TASK [*rsyncd* : Firewall-Daemon für den rsyncd anpassen] ****************************************************************************** changed: [rsync-server] => {"changed": true, "msg": "Permanent and Non-Permanent(immediate) operation, Changed port 873/tcp to enabled"}
TASK [*rsyncd* : Sicherstellen dass der rsyncd gestartet wird und läuft] *************************************************************** changed: [rsync-server] => {"changed": true, "enabled": true, "name": "rsyncd.service", "state": "started", "status": {"ActiveEnterTimestampMonotonic": "0", "ActiveExitTimestampMonotonic": "0", "ActiveState": "inactive", "After": "systemd-journald.socket basic.target sysinit.target system.slice", "AllowIsolate": "no", "AllowedCPUs": "", "AllowedMemoryNodes": "", "AmbientCapabilities": "", "AssertResult": "no", "AssertTimestampMonotonic": "0", "Before": "shutdown.target", "BlockIOAccounting": "no", "BlockIOWeight": "[not set]", "CPUAccounting": "no", "CPUAffinity": "", "CPUQuotaPerSecUSec": "infinity", "CPUSchedulingPolicy": "0", "CPUSchedulingPriority": "0", "CPUSchedulingResetOnFork": "no", "CPUShares": "[not set]", "CPUUsageNSec": "[not set]", "CPUWeight": "[not set]", "CacheDirectoryMode": "0755", "CanIsolate": "no", "CanReload": "no", "CanStart": "yes", "CanStop": "yes", "CapabilityBoundingSet": "cap_chown cap_dac_override cap_dac_read_search cap_fowner cap_fsetid cap_kill cap_setgid cap_setuid cap_setpcap cap_linux_immutable cap_net_bind_service cap_net_broadcast cap_net_admin cap_net_raw cap_ipc_lock cap_ipc_owner cap_sys_module cap_sys_rawio cap_sys_chroot cap_sys_ptrace cap_sys_pacct cap_sys_admin cap_sys_boot cap_sys_nice cap_sys_resource cap_sys_time cap_sys_tty_config cap_mknod cap_lease cap_audit_write cap_audit_control cap_setfcap cap_mac_override cap_mac_admin cap_syslog cap_wake_alarm cap_block_suspend", "CollectMode": "inactive", "ConditionResult": "no", "ConditionTimestampMonotonic": "0", "ConfigurationDirectoryMode": "0755", "Conflicts": "shutdown.target", "ControlPID": "0", "DefaultDependencies": "yes", "Delegate": "no", "Description": "fast remote file copy program daemon", "DevicePolicy": "auto", "DynamicUser": "no", "EffectiveCPUs": "", "EffectiveMemoryNodes": "", "EnvironmentFiles": "/etc/sysconfig/rsyncd (ignore_errors=no)", "ExecMainCode": "0", "ExecMainExitTimestampMonotonic": "0", "ExecMainPID": "0", "ExecMainStartTimestampMonotonic": "0", "ExecMainStatus": "0", "ExecStart": "{ path=/usr/bin/rsync ; argv[]=/usr/bin/rsync --daemon --no-detach $OPTIONS ; ignore_errors=no ; start_time=[n/a] ; stop_time=[n/a] ; pid=0 ; code=(null) ; status=0/0 }", "FailureAction": "none", "FileDescriptorStoreMax": "0", "FragmentPath": "/usr/lib/systemd/system/rsyncd.service", "GID": "[not set]", "GuessMainPID": "yes", "IOAccounting": "no", "IOSchedulingClass": "0", "IOSchedulingPriority": "0", "IOWeight": "[not set]", "IPAccounting": "no", "IPEgressBytes": "18446744073709551615", "IPEgressPackets": "18446744073709551615", "IPIngressBytes": "18446744073709551615", "IPIngressPackets": "18446744073709551615", "Id": "rsyncd.service", "IgnoreOnIsolate": "no", "IgnoreSIGPIPE": "yes", "InactiveEnterTimestampMonotonic": "0", "InactiveExitTimestampMonotonic": "0", "JobRunningTimeoutUSec": "infinity", "JobTimeoutAction": "none", "JobTimeoutUSec": "infinity", "KeyringMode": "private", "KillMode": "control-group", "KillSignal": "15", "LimitAS": "infinity", "LimitASSoft": "infinity", "LimitCORE": "infinity", "LimitCORESoft": "infinity", "LimitCPU": "infinity", "LimitCPUSoft": "infinity", "LimitDATA": "infinity", "LimitDATASoft": "infinity", "LimitFSIZE": "infinity", "LimitFSIZESoft": "infinity", "LimitLOCKS": "infinity", "LimitLOCKSSoft": "infinity", "LimitMEMLOCK": "65536", "LimitMEMLOCKSoft": "65536", "LimitMSGQUEUE": "819200", "LimitMSGQUEUESoft": "819200", "LimitNICE": "0", "LimitNICESoft": "0", "LimitNOFILE": "262144", "LimitNOFILESoft": "1024", "LimitNPROC": "7809", "LimitNPROCSoft": "7809", "LimitRSS": "infinity", "LimitRSSSoft": "infinity", "LimitRTPRIO": "0", "LimitRTPRIOSoft": "0", "LimitRTTIME": "infinity", "LimitRTTIMESoft": "infinity", "LimitSIGPENDING": "7809", "LimitSIGPENDINGSoft": "7809", "LimitSTACK": "infinity", "LimitSTACKSoft": "8388608", "LoadState": "loaded", "LockPersonality": "no", "LogLevelMax": "-1", "LogRateLimitBurst": "0", "LogRateLimitIntervalUSec": "0", "LogsDirectoryMode": "0755", "MainPID": "0", "MemoryAccounting": "yes", "MemoryCurrent": "[not set]", "MemoryDenyWriteExecute": "no", "MemoryHigh": "infinity", "MemoryLimit": "infinity", "MemoryLow": "0", "MemoryMax": "infinity", "MemorySwapMax": "infinity", "MountAPIVFS": "no", "MountFlags": "", "NFileDescriptorStore": "0", "NRestarts": "0", "NUMAMask": "", "NUMAPolicy": "n/a", "Names": "rsyncd.service", "NeedDaemonReload": "no", "Nice": "0", "NoNewPrivileges": "no", "NonBlocking": "no", "NotifyAccess": "none", "OOMScoreAdjust": "0", "OnFailureJobMode": "replace", "PermissionsStartOnly": "no", "Perpetual": "no", "PrivateDevices": "no", "PrivateMounts": "no", "PrivateNetwork": "no", "PrivateTmp": "no", "PrivateUsers": "no", "ProtectControlGroups": "no", "ProtectHome": "no", "ProtectKernelModules": "no", "ProtectKernelTunables": "no", "ProtectSystem": "no", "RefuseManualStart": "no", "RefuseManualStop": "no", "RemainAfterExit": "no", "RemoveIPC": "no", "Requires": "system.slice sysinit.target", "Restart": "no", "RestartUSec": "100ms", "RestrictNamespaces": "no", "RestrictRealtime": "no", "RestrictSUIDSGID": "no", "Result": "success", "RootDirectoryStartOnly": "no", "RuntimeDirectoryMode": "0755", "RuntimeDirectoryPreserve": "no", "RuntimeMaxUSec": "infinity", "SameProcessGroup": "no", "SecureBits": "0", "SendSIGHUP": "no", "SendSIGKILL": "yes", "Slice": "system.slice", "StandardError": "inherit", "StandardInput": "null", "StandardInputData": "", "StandardOutput": "journal", "StartLimitAction": "none", "StartLimitBurst": "5", "StartLimitIntervalUSec": "10s", "StartupBlockIOWeight": "[not set]", "StartupCPUShares": "[not set]", "StartupCPUWeight": "[not set]", "StartupIOWeight": "[not set]", "StateChangeTimestampMonotonic": "0", "StateDirectoryMode": "0755", "StatusErrno": "0", "StopWhenUnneeded": "no", "SubState": "dead", "SuccessAction": "none", "SyslogFacility": "3", "SyslogLevel": "6", "SyslogLevelPrefix": "yes", "SyslogPriority": "30", "SystemCallErrorNumber": "0", "TTYReset": "no", "TTYVHangup": "no", "TTYVTDisallocate": "no", "TasksAccounting": "yes", "TasksCurrent": "[not set]", "TasksMax": "12494", "TimeoutStartUSec": "1min 30s", "TimeoutStopUSec": "1min 30s", "TimerSlackNSec": "50000", "Transient": "no", "Type": "simple", "UID": "[not set]", "UMask": "0022", "UnitFilePreset": "disabled", "UnitFileState": "disabled", "UtmpMode": "init", "WatchdogTimestampMonotonic": "0", "WatchdogUSec": "0"}}
PLAY RECAP ************************************************************************************************************************************* tftp-server : ok=7 changed=5 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0
Systemtest
Testordner und -dateien anlegen
Für unseren Test legen wir uns einfach eine kleine Textdatei im Arbeitsverzeichnis /srv/tftp/test/
und ein paar Testdokumente an, die unser rsync-Dameon später ausliefern soll.
# mkdir -p /srv/tftp/test/{ordner1,ordner2,ordner3} # date > /srv/tftp/test/file_1 # date > /srv/tftp/test/ordner1/datei_2 # date > /srv/tftp/test/ordner2/datei_3 # date > /srv/tftp/test/ordner3/datei_4
Somit haben wir im Speicherpfad, auf den unser rsync-Daemon zugreifen kann folgende Teststruktur.
/srv/tftp/test/ ├── file_1 ├── ordner1 │ └── datei_2 ├── ordner2 │ └── datei_3 └── ordner3 └── datei_4
Testdatei transferieren
Anschließend melden wir uns auf einem Host im zugehörigen Netzwerksegemnt an, auf dem das RPM-Paket rsync
(Client) installiert ist, an.
Im ersten schritt fragen wir unseren rsync-server welche Module der Server anbietet.
# /usr/bin/rsync rsync://demo.dmz.nausch.org
demo Demo für rsync Daemon Artikel in Djangos WIKI
Wir sehen also das Modul demo
mit der zugehörigen Beschreibung Demo für rsync Daemon Artikel in Djangos WIKI.
Im syslog unseres rsync-Servers wird dies auch entsprechend protokolliert.
Jul 5 20:28:37 vml000190 rsyncd[12198]: connect from vml000057.dmz.nausch.org (10.0.0.57) Jul 5 20:28:37 vml000190 rsyncd[12198]: module-list request from vml000057.dmz.nausch.org (10.0.0.57)
Als nächstes holen wir uns den Inhalt unserer Testumgebung auf den Clientrechner:
# /usr/bin/rsync -vrlptD rsync://demo.dmz.nausch.org:/demo/ /tmp/
receiving incremental file list ./ file_1 ordner1/ ordner1/datei_2 ordner2/ ordner2/datei_3 ordner3/ ordner3/datei_4 sent 123 bytes received 539 bytes 1,324.00 bytes/sec total size is 120 speedup is 0.18
Im syslog wird dies entsprechend protokolliert.
Jul 5 20:32:28 vml000190 rsyncd[12209]: connect from vml000057.dmz.nausch.org (10.0.0.57) Jul 5 20:32:28 vml000190 rsyncd[12209]: rsync on demo/ from vml000057.dmz.nausch.org (10.0.0.57) Jul 5 20:32:28 vml000190 rsyncd[12209]: building file list Jul 5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () file_1 30 Jul 5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner1/datei_2 30 Jul 5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner2/datei_3 30 Jul 5 20:32:28 vml000190 rsyncd[12209]: send vml000057.dmz.nausch.org [10.0.0.57] demo () ordner3/datei_4 30 Jul 5 20:32:28 vml000190 rsyncd[12209]: sent 559 bytes received 128 bytes total size 12
/tmp/ ├── file_1 ├── ordner1 │ └── datei_2 ├── ordner2 │ └── datei_3 └── ordner3 └── datei_4