linuxea: lsyncd快速配置安装 Lsyncd-实时同步相比较之前的rsync同步的方式，他可以通过ssh的方式进行同步，这也是为什么要写这篇笔记的原因。通常而言，越简单越高效的东西都有必要和价值来进行分享。rsync+ssh配置起来更加复杂，ssh操作文件和目录。通过配置文件来做自定义配置，使用shell脚本和lua语言编写。配置简单，灵活，详细查看官网手册:https://axkibe.github.io/lsyncd/lsyncd2.2.1需要在源节点和目标节点安装rsync>=3.1。这个需求通常来讲系统自带的就足够了。因此，我们要安装的依赖包就包括lua,liblua,以及cmake：yum install lua lua-devel cmake -y克隆代码[root@linuxea_node ~]# git clone https://github.com/axkibe/lsyncd.git /usr/local/lsyncd Cloning into '/usr/local/lsyncd'... remote: Enumerating objects: 4333, done. remote: Total 4333 (delta 0), reused 0 (delta 0), pack-reused 4333 Receiving objects: 100% (4333/4333), 1.76 MiB | 780.00 KiB/s, done. Resolving deltas: 100% (2577/2577), done.安装依赖包安装几个依赖包[root@linuxea_node ~]# cd /usr/local/lsyncd [root@linuxea_node /usr/local/lsyncd]# yum install lua lua-devel cmake -y编译安装安装完成后进行编译即可[root@linuxea_node /usr/local/lsyncd]# cmake . -- The C compiler identification is GNU 4.8.5 -- The CXX compiler identification is GNU 4.8.5 -- Check for working C compiler: /usr/bin/cc -- Check for working C compiler: /usr/bin/cc -- works -- Detecting C compiler ABI info -- Detecting C compiler ABI info - done -- Check for working CXX compiler: /usr/bin/c++ -- Check for working CXX compiler: /usr/bin/c++ -- works -- Detecting CXX compiler ABI info -- Detecting CXX compiler ABI info - done -- Found Lua: /usr/lib64/liblua.so;/usr/lib64/libm.so (found version "5.1.4") -- Configuring done -- Generating done -- Build files have been written to: /usr/local/lsyncd[root@linuxea_node /usr/local/lsyncd]# make [ 12%] Generating defaults.out Compiling built-in default configs [ 25%] Generating runner.out Compiling built-in runner [ 37%] Generating runner.c Generating built-in runner linkable [ 50%] Generating defaults.c Generating built-in default configs Scanning dependencies of target lsyncd [ 62%] Building C object CMakeFiles/lsyncd.dir/lsyncd.c.o [ 75%] Building C object CMakeFiles/lsyncd.dir/runner.c.o [ 87%] Building C object CMakeFiles/lsyncd.dir/defaults.c.o [100%] Building C object CMakeFiles/lsyncd.dir/inotify.c.o Linking C executable lsyncd [100%] Built target lsyncd[root@linuxea_node /usr/local/lsyncd]# make install [100%] Built target lsyncd Install the project... -- Install configuration: "" -- Installing: /usr/local/bin/lsyncd -- Installing: /usr/local/man/lsyncd.1ssh互通通常而言，我们需要打通目标节点在目标节点放行源节点的端口，假如是iptables，就如下添加iptables -I INPUT 5 -s 172.25.110.49 -p tcp -m tcp -m state --state NEW -m multiport --dports 22,2222 -m comment --comment "ssh" -j ACCEPT在源节点复制key到目标节点[root@linuxea_node /usr/local/lsyncd]# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:0vgvn8tziq24dxuhg0yLTsVl3OGQNakxeWJUIUWNJPg root@172_30_2_44.cluster.com The key's randomart image is: +---[RSA 2048]----+ | o=OX= | | ..B*+o. | | o+*o | | . =E | | * S . | | = = . . | | o + + . | | o .o*oo. | | . ooo=X* | +----[SHA256]-----+[root@linuxea_node /usr/local/lsyncd]# ssh-copy-id 172.25.110.50 /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub" The authenticity of host '172.25.110.50 (172.25.110.50)' can't be established. ECDSA key fingerprint is SHA256:3BVoJtcE0SnDZN3NA9tRMIoiae7d4vi0FkX6ZltAixE. ECDSA key fingerprint is MD5:e0:75:bd:aa:75:13:c7:e0:d6:2f:21:24:1a:45:42:f1. Are you sure you want to continue connecting (yes/no)? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys root@172.25.110.50's password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '172.25.110.50'" and check to make sure that only the key(s) you wanted were added.配置文件我们将nginx的配置文件实时镜像到172.25.110.50上，配置文件如下[root@DT_Node-172_25_244_4 ~]# cat /usr/local/etc/lsyncd.conf -- this file is sync from cserver settings { logfile ="/var/log/nginx_conf_lsyncd.log", statusFile ="/var/run/nginx_conf_lsyncd.status", inotifyMode = "CloseWrite", maxProcesses = 1, insist = true, } servers = { -- "主机位置" "172.25.110.50", -- server2 } for _, server in ipairs(servers) do sync { default.rsyncssh, source="/usr/local/nginx/conf", host=server, targetdir="/usr/local/nginx/conf", maxDelays=5, delay=0, delete="true", exclude={ ".*", "*.tmp" }, rsync = { binary="/usr/bin/rsync", archive = true, compress = true, verbose = true, rsh = "/usr/bin/ssh -p 22992 -o StrictHostKeyChecking=no" } } end启动[root@linuxea_node /usr/local/nginx]# lsyncd -log Exec /usr/local/etc/lsyncd.conf 03:25:20 Normal: --- Startup, daemonizing ---而后，我们清空日志，手动添加文件测试[root@linuxea_node /usr/local/nginx]# > /var/log/nginx_conf_lsyncd.log [root@linuxea_node /usr/local/nginx]# tail -f /var/log/nginx_conf_lsyncd.logtouch一个text.txtroot@linuxea_node ~]# touch /usr/local/nginx/conf/test.txt日志已经显示同步[root@linuxea_node /usr/local/nginx]# tail -f /var/log/nginx_conf_lsyncd.log Sat Mar 21 03:27:19 2020 Normal: Calling rsync with filter-list of new/modified files/dirs /test.txt / Sat Mar 21 03:27:19 2020 Exec: /usr/bin/rsync [<] [/test.txt /] [-gvzsolptD] [--rsh=/usr/bin/ssh -p 22992 -o StrictHostKeyChecking=no] [-r] [--force] [--from0] [--include-from=-] [--exclude=*] [/usr/local/nginx/conf/] [172.25.110.50:/usr/local/nginx/conf/] Sat Mar 21 03:27:19 2020 Exec: one-sweeped pipe sending incremental file list ./ test.txt sent 106 bytes received 38 bytes 288.00 bytes/sec total size is 0 speedup is 0.00 Sat Mar 21 03:27:19 2020 Normal: Finished (list): 0 可以通过远程查看[root@linuxea_node ~]# ssh 172.25.110.50 ls /usr/local/nginx/conf/te* /usr/local/nginx/conf/test.txt配置文件全局设置logfile 定义日志文件 stausFile 定义状态文件 statusInterval 将lsyncd的状态写入上面的statusFile的间隔，默认10秒 nodaemon=true 表示不启用守护模式，默认 inotifyMode 指定inotify监控的事件，默认是CloseWrite，还可以是Modify或CloseWrite or Modify maxProcesses 同步进程的最大个数。假如同时有20个文件需要同步，而maxProcesses = 8，则最大能看到有8个rysnc进程 maxDelays 累计到多少所监控的事件激活一次同步，即使后面的delay延迟时间还未到定义同步参数，可以继续使用maxDelays来重写settings的全局变量。模式运行default.rsync 本地目录间同步，使用rsync，也可以达到使用ssh形式的远程rsync效果，或daemon方式连接远程rsyncd进程； default.direct 本地目录间同步，使用cp、rm等命令完成差异文件备份； default.rsyncssh 同步到远程主机目录，rsync的ssh模式，需要使用key来认证目录设置source 同步的源目录，使用绝对路径。 target 定义目的地址.对应不同的模式有几种写法： /tmp/dest 本地目录同步，可用于direct和rsync模式 172.25.100.10:/tmp/dest 同步到远程服务器目录，可用于rsync和rsyncssh模式 excludeFrom 排除选项，后面指定排除的列表文件，如excludeFrom = "/etc/lsyncd.exclude"，如果是简单的排除，可以使用exclude = LIST。这里的排除规则写法与原生rsync有点不同，更为简单：监控路径里的任何部分匹配到一个文本，都会被排除，例如foo可以匹配/bin/foo/bar 如果规则以斜线/开头，则从头开始要匹配全部 如果规则以/结尾，则要匹配监控路径的末尾 ?匹配单个任何字符，但不包括/ *匹配0或多个字符，但不包括/ **匹配0或多个字符，可以是/delaydelay 累计事件，等待rsync同步延时时间，默认15秒（最大累计到1000个不可合并的事件）。也就是15s内监控目录下发生的改动，会累积到一次rsync同步，避免过于频繁的同步。（可合并的意思是，15s内两次修改了同一文件，最后只同步最新的文件）delete 为了保持target与souce完全同步，Lsyncd默认会delete = true来允许同步删除。它除了false，还有startup、runningtrue Lsyncd将在目标上删除任何不在源中的内容。 在启动时和正常操作中被删除的内容。 false 在lsyncd启动后将在目标上不删除任何不在源中的内容， 在启动时和正常操作中被删除的内容。 startup 启动时将执行一次完全文件同步，保证完全一致；正常运行过程中不会删除target中的文件 running 启动前，增加的会同步，删除的不同步；正常运行过程中会删除target中的文件bwlimit 限速，单位kb/s，与rsync相同 compress 压缩传输默认为true。在带宽与cpu负载之间权衡，本地目录同步可以考虑把它设为false perms 默认保留文件权限。如果你打不开官方例子，配置部分可参考中文文档,或者其他

sersync2文件同步示例 10.0.1.61(分发)10.10.240.113(deam1)10.0.1.49(deam2)当10.0.1.49的/data/wwwroot目录下文件发生改变，sersync2就会同步到10.0.1.61和10.10.240.113上面，首先需要配置rsync同步配置完成，如下：deam安装分别在两台机器上部署rsync，以deam守护启动[root@linuxea ]# yum install rsync -y [root@linuxea ]# echo "rsync_backup:linuxea" >/etc/rsync.password [root@linuxea ]# chmod 600 /etc/rsync.password防火墙放行临时添加如下iptables -I INPUT 4 -p tcp -m state --state NEW,ESTABLISHED -m tcp -m multiport --dports 873 -m comment --comment "rsyncd" -j ACCEPT配置文件如下[root@linuxea ]# vim /etc/rsyncd.conf uid = root gid = root use chroot = no max connections = 2000 timeout = 600 pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock lof file = /var/log/rsyncd.log ignore errors read only = false list = false hosts allow = 10.0.1.61,10.10.240.113,10.0.1.49 #允许的ip hosts deny = * auth users = rsync_backup #认证用户 secrets file = /etc/rsync.password \################################################### [linuxea] path=/data/wwwroot/创建目录后启动[root@linuxea ]# mkdir -p /data/wwwroot [root@linuxea ]# systecmctl start rsyncd同步机器-10.0.1.49在49机器上将本地的文件同步到两台deam中确保可以进行同步,测试安装rsync[root@linuxea ]# yum install rsync -y [root@linuxea ]# echo "rsync_backup:linuxea" >/etc/rsync.password [root@linuxea ]# chmod 600 /etc/rsync.password测试[root@linuxea ]# rsync -avz /data/wwwroot/ rsync_backup@10.10.240.113::linuxea --password-file=/etc/rsync.password sending incremental file list sent 40 bytes received 9 bytes 98.00 bytes/sec total size is 0 speedup is 0.00 [root@linuxea ]# rsync -avz /data/wwwroot/ rsync_backup@10.0.1.61::linuxea --password-file=/etc/rsync.password sending incremental file list sent 40 bytes received 9 bytes 98.00 bytes/sec total size is 0 speedup is 0.00安装sersync2在49的机器安装sersync2，如果49机器的/data/wwwroot下文件发生改变则同步到两台deam机器上我们在这里download ： http://code.google.com/p/sersync/downloads/list[root@linuxea ]# tar xf sersync2.5.4_64bit_binary_stable_final.tar.gz [root@linuxea ]# mkdir /usr/local/sersync/ [root@linuxea ]# mv GNU-Linux-x86/ /usr/local/sersync/ sersyncd启动脚本:[root@linuxea ]# cat /etc/init.d/sersyncd \#!/bin/bash . /etc/rc.d/init.d/functions case "$1" in start) cd /usr/local/sersync/GNU-Linux-x86/ ./sersync2 -r -d -o /usr/local/sersync/GNU-Linux-x86/confxml.xml if [ $? -eq 0 ] then echo -e "Staring sersyncd [ OK ]" exit 0 fi ;; stop) kill `ps -ef|awk '/[s]ersync2/{print $2}'` if [ $? -eq 0 ] then echo -e "Stopping sersyncd [ OK ]" exit 0 fi ;; status) ps -ef|awk '/[s]ersync2/{print $0}' ;; esacconfxml.xml配置1,修改sersync同步的目录 <sersync> <localpath watch="/data/wwwroot"> <remote ip="10.0.1.61" name="linuxea"/> <remote ip="10.10.240.113" name="linuxea"/> </localpath> <rsync>如下： <sersync> <localpath watch="/data/wwwroot"> 本地目录，/data/wwwroot <remote ip="10.0.1.61" name="linuxea"/> 同步到rsync的ip和rsync模块名称，我这里的是linuxea，可参考上rsyncd.conf中的配置 <remote ip="10.10.240.113" name="linuxea"/> </localpath> <rsync>2,修改rsync同步配置| <rsync> | <commonParams params="-artuz"/> | <auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/> | <userDefinedPort start="false" port="874"/><!-- port=874 --> | <timeout start="false" time="100"/><!-- timeout=100 --> | <ssh start="false"/> | </rsync>如下：| <rsync> | <commonParams params="-artuz"/> 同步参数 | <auth start="true" users="rsync_backup" passwordfile="/etc/rsync.password"/> 同步的用户名和密码，这里需要改成true才能生效 | <userDefinedPort start="false" port="874"/><!-- port=874 --> 端口默认 | <timeout start="false" time="100"/><!-- timeout=100 --> timeout设置rsync的timeout时间(-timeout=100)。 | <ssh start="false"/> 如果true时表示ssh使用rsync –e ssh的方式进行传输 | </rsync>3,rsync_fail_log位置修改<failLog path="/usr/local/sersync/GNU-Linux-x86/logs/rsync_fail_log.sh" timeToExecute="60"/><!--default every 60mins execute once-->创建目录/usr/local/sersync/GNU-Linux-x86/logs/4,多实例的同步情况（针对多个模块同步的情况）sersync -r –d –o /usr/local/sersync/GNU-Linux-x86/confxml1.xml sersync -r –d –o /usr/local/sersync/GNU-Linux-x86/confxml2.xml-r :-r参数作用是在开启实时监控之前对主服务器目录与远程目标机目录进行一次整体同步，如果需要将sersync运行前，主服务器目录下已经存在的所有文件或目录全部同步到远端，则需要指定-r参数运行sersync，将本地与远程整体同步一次。说明：如果设置了过滤器，即在xml配置文件中，filter为true，则暂时不能使用-r参数进行整体同步。–o : 不指定-o参数时，sersync可执行文件目录下的默认配置文件confxml.xml，如果需要使用其他的配置文件，可以使用-o参数指定其他配置文件，通过-o参数，我们可以指定多个不同的配置文件，从而实现sersync多进行多实例的数据同步。–n : -n参数为指定默认的线程池的现充总数。-d ：后台运行-m ：不同步，只允许插件5,调试模式： <debug start="false"/> 设置为true值时，开启debug模式，会在sersync正在运行的控制台，打印inotify时间与rsync的同步命令。6,filter文件过滤： <filter start="false"> | <exclude expression="(.*)\.svn"></exclude> | <exclude expression="(.*)\.gz"></exclude> | <exclude expression="^info/*"></exclude> | <exclude expression="^static/*"></exclude> </filter>如下：系统默认提供了以*.gz和.svn以及info，static这些过滤的文件不会被监控，也就意味着不会被同步7,inotify文件监控： <inotify> <delete start="true"/> <createFolder start="true"/> <createFile start="true"/> <closeWrite start="true"/> <moveFrom start="true"/> <moveTo start="true"/> <attrib start="false"/> <modify start="false"/> </inotify>如下： <inotify> <delete start="true"/> 差异同步 <createFolder start="true"/> 目录监控，包括文件，目录，子目录 <createFile start="true"/> 关闭createFile为false可提供性能，减少rsync通讯，因为拷贝文件到监控目录会产生create事件与close_write事件，所以如果关闭create事件，只监控文件拷贝结束时的事件close_write,同样可以实现文件的完整同步。 <closeWrite start="true"/> <moveFrom start="true"/> <moveTo start="true"/> <attrib start="false"/> <modify start="false"/> </inotify>8,定期同步：| <crontab start="false" schedule="600"><!--600mins--> | <crontabfilter start="false"> | | <exclude expression="*.php"></exclude> | | <exclude expression="info/*"></exclude> | </crontabfilter> | </crontab>如下：默认600分钟定期同步一次，这里需要说明，如果开启了文件过滤，那么这里也需要同样的文件过滤配置9,文件系统<fileSystem xfs="true"/> <filter start="false"> <exclude expression="(.*)\.svn"></exclude> <exclude expression="(.*)\.gz"></exclude> <exclude expression="^info/*"></exclude> <exclude expression="^static/*"></exclude> </filter>如下： 对于XFS文件系统的用户，需要将这个选项开启，才能使sersync正常工作对于sersync监控的文件，会默认过滤系统的临时文件（以“.”开头，以“~”结尾），除了这些文件外，在6-11行中，我们还可以自定义其它需要过滤的文件。通过将 start 设置为 true 后可开启过滤功能，在exclude标签中可使用正则表达式。默认给出的两个例子分别是过滤以“.gz”结尾的文件与过滤监控目录下的info路径（监控路径/info/*），可以根据需求自己添加。但在开启的时候，自己一定要测试下，如果正则表达式出现错误，控制台会有相应提示。相比较使用 Rsync 的 exclude 功能，被过滤的路径，不会加入监控，大大减少 Rsync 同步的通讯量配置文件如下：

ssh使用root拉取和批量执行命令 1，文件分发，批量命令执行2，拉取文件SSH配置文件！GSSAPIAuthentication noUseDNS nossh-copy-id -i .ssh/id_dsa.pub 如果不是22端口ssh-copy-id -i "-p 2222 linuxea@nfs"指定用户做分发：在做之前，通常我们不适用root远程登录，在本次案例中使用root，和非root提权[root@NFS-server ~]# useradd linuxea [root@NFS-server ~]# su - linuxea [linuxea@NFS-server ~]$ ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/linuxea/.ssh/id_dsa): Created directory '/home/linuxea/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/linuxea/.ssh/id_dsa. Your public key has been saved in /home/linuxea/.ssh/id_dsa.pub. The key fingerprint is: 1b:3c:32:ee:fa:7e:b7:b5:84:83:42:14:7c:f8:28:f7 linuxea@NFS-server The key's randomart image is: +--[ DSA 1024]----+ | ... | | o.. | | .+ | | ..o.. | | o+.S | | o oE= . | | o o o o | | . .. .+ . | | .++. .... | +-----------------+ [linuxea@NFS-server ~]$ ls -l .ssh/ total 8 -rw------- 1 linuxea linuxea 672 Dec 26 01:59 id_dsa---------私钥 -rw-r--r-- 1 linuxea linuxea 608 Dec 26 01:59 id_dsa.pub-----公钥 [linuxea@NFS-server ~]$ 如果端口不是22：则ssh-copy-id -i id_dsa.pub "ip 2222 root@10.0.0.54"[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub root@10.0.0.54 The authenticity of host '10.0.0.54 (10.0.0.54)' can't be established. RSA key fingerprint is b8:e2:26:b5:fb:b4:42:31:11:f8:15:45:71:0b:68:61. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.0.0.54' (RSA) to the list of known hosts. root@10.0.0.54's password: Now try logging into the machine, with "ssh 'root@10.0.0.54'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [linuxea@NFS-server ~]$ 当我们面对小规模时候，使用linux复制一些文件，如hosts，如dns文件都可以使用这样的方式进行发送当把秘钥已经做好了，就可以发送这些文件，可以单台，也可以多台单台：[linuxea@NFS-server ~]$ scp -P22 /etc/hosts root@10.0.0.55 多台写个简单脚本即可！[linuxea@NFS-server ~]$ vim hosts.sh scp -P22 /etc/hosts root@10.0.0.51 echo ===================================== scp -P22 /etc/hosts root@10.0.0.52 echo ===================================== scp -P22 /etc/hosts root@10.0.0.53 echo ===================================== scp -P22 /etc/hosts root@10.0.0.55 [linuxea@NFS-server ~]$ sh hosts.sh 也可以这样：写一个脚本，运行时输入需要复制的文件或目录，，并且打印出结果！如下：如果不输入内容则输出结果！[linuxea@NFS-server ~]$ vim hosts.sh #!/bin/sh . /etc/init.d/functions if [ $# -ne 1 ] then echo "USAGE:$0 {FILE NAME|DIR NAME}" exit 1 fi for n in 53 54 55 do scp -P22 -r $1 root@10.0.0.$n:~ &>/dev/null if [ $? -eq 0 ] then action "file put ok $!" /bin/true else action "file put ok $!" /bin/false fi done 运行脚本，并且输入需要复制的文件路径/etc/hosts[linuxea@NFS-server ~]$ sh hosts.sh /etc/hosts file put ok [ OK ] file put ok [ OK ] file put ok [ OK ] [linuxea@NFS-server ~]$ 如果不输入则提示：[linuxea@NFS-server ~]$ bash hosts.sh USAGE:hosts.sh {FILE NAME|DIR NAME} [linuxea@NFS-server ~]$ 优化二：修改上面的脚本进行远程传递参数：[linuxea@NFS-server ~]$ cat command.sh #!/bin/sh if [ $# -ne 1 ] then echo "USAGE:$0 COMMAND" exit 1 fi for n in 53 54 55 do ssh -p22 root@10.0.0.$n $1 done 运行并且输出需要传递的参数，用“/sbin/ifconfig eth1"[linuxea@NFS-server ~]$ sh command.sh "/sbin/ifconfig eth1" eth1 Link encap:Ethernet HWaddr 00:0C:29:6A:AB:0F inet addr:10.0.0.53 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe6a:ab0f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1069 errors:0 dropped:0 overruns:0 frame:0 TX packets:619 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:98330 (96.0 KiB) TX bytes:60915 (59.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:88:53:53 inet addr:10.0.0.54 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fe88:5353/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1097 errors:0 dropped:0 overruns:0 frame:0 TX packets:652 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:104498 (102.0 KiB) TX bytes:64988 (63.4 KiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:CE:B5:7D inet addr:10.0.0.55 Bcast:10.0.255.255 Mask:255.255.0.0 inet6 addr: fe80::20c:29ff:fece:b57d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:730 errors:0 dropped:0 overruns:0 frame:0 TX packets:354 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:77161 (75.3 KiB) TX bytes:48873 (47.7 KiB) [linuxea@NFS-server ~]$ 查看版本号！[linuxea@NFS-server ~]$ sh command.sh "cat /etc/redhat-release" CentOS release 6.6 (Final) CentOS release 6.6 (Final) CentOS release 6.6 (Final) [linuxea@NFS-server ~]$ 关于错误的权限问题，1，/etc/下的内容大部分是没有写权限的，如果是root则可以，上面则是root权限在使用2, 把需要分发的文件cp到服务器家目录，然后sudo提权复制分发文件到对于的权限目录3, 将操作命令做成suid4， saltstack，puppet等！

linux下发送系统邮件的两种方式 ssh秘钥分发useradd linuxea[linuxea@NFS-server ~]$ useradd linuxea [linuxea@NFS-server ~]$ echo 123|passwd --stdin linuxea 实现本地登录远程免秘钥[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.55 实现本地用户让远程用户免密码登录！[linuxea@NFS-server ~]$ scp -p .ssh/id_dsa linuxea@10.0.0.53:~/.ssh [linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.52 发邮件[root@NFS-server ~]# /etc/init.d/postfix restart Shutting down postfix: [ OK ] Starting postfix: [ OK ] [root@NFS-server ~]# su - linuxea^C [root@NFS-server ~]# lsof -i :25 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME master 5223 root 12u IPv4 45229 0t0 TCP localhost:smtp (LISTEN) master 5223 root 13u IPv6 45231 0t0 TCP localhost:smtp (LISTEN) [root@NFS-server ~]# mail -s "linuxea title" 734943463@qq.com </etc/hosts [root@NFS-server ~]# mailq Mail queue is empty [root@NFS-server ~]# ![1.png][1] if [ -s "/var/log/backupSQLfile.log" ] then mail -s "$(date +%F-%T) backup" 734943463@qq.com <</var/log/backSQLfail.log >/var/log/backSQLfile.log fi163:[root@NFS-server ~]# vim /etc/mail.rc #######set mail set from=usertzc@163.com smtp=smtp.163.com set smtp-auth-user=usertzc smtp-auth-password=password smtp-auth=login [root@NFS-server ~]# mail -s linuxea 734943463@qq.com < /etc/rc.local

小环境中利用ssh的sudo提权分发文件用法 利用ssh的sudo提权分发1.在10.0.0.55上创建用户，添加密码，并且给用户sudo权限[root@NFS-BACKUP home]# useradd linuxea [root@NFS-BACKUP home]# echo 123|passwd --stdin linuxea [root@NFS-BACKUP home]# echo 'linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync'>>/e^C/sudoers [root@NFS-BACKUP home]# grep linuxea /etc/sudoers linuxea ALL=(ALL) NOPASSWD:/usr/bin/rsync [root@NFS-BACKUP home]# visudo -c /etc/sudoers: parsed OK [root@NFS-BACKUP home]# 2.在10.0.0.52上将秘钥传输过去[linuxea@NFS-server ~]$ ssh-copy-id -i .ssh/id_dsa.pub linuxea@10.0.0.55 linuxea@10.0.0.55's password: Now try logging into the machine, with "ssh 'linuxea@10.0.0.55'", and check in: .ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. [linuxea@NFS-server ~]$ 3，在分发端，将文件复制到对方的linuxea家目录[linuxea@NFS-server ~]$ scp -P22 -r /etc/hosts linuxea@10.0.0.55:~ hosts 100% 182 0.2KB/s 00:00 在对端家目录使用sudo rsync 将文件复制到/etc/ [linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 sudo rsync hosts /etc/ Connection to 10.0.0.55 closed. [linuxea@NFS-server ~]$ ssh -t linuxea@10.0.0.55 'cat /etc/hosts' 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 Connection to 10.0.0.55 closed. [linuxea@NFS-server ~]$ 4，脚本实现：脚本的实现也需要在远端机器创建用户和visudo授权使用rsync命令1，编辑脚本[linuxea@NFS-server ~]$ cat sudolocal.sh #!/bin/sh . /etc/init.d/functions if [ $# -ne 2 ] then echo "USAGE:$0 Local->RemoteHost" exit 1 fi for n in 53 54 55 do echo ==========================10.0.0.$n====================== scp -P22 -r $1 linuxea@10.0.0.$n:~ &>/dev/null &&\ ssh -t linuxea@10.0.0.$n sudo rsync $1 $2 &>/dev/null if [ $? -eq 0 ] then action "Local->RemoteHost $!" /bin/true else action "Local->RemoteHost $!" /bin/false fi done [linuxea@NFS-server ~]$ 在root下复制到linuxea的家目录[root@NFS-server ~]# cp /etc/hosts /home/linuxea/切换价目路，把hosts文件发到远端的/etc/下[root@NFS-server ~]# su - linuxea [linuxea@NFS-server ~]$ bash sudolocal.sh hosts /etc ==========================10.0.0.53====================== Local->RemoteHost [ OK ] ==========================10.0.0.54====================== Local->RemoteHost [ OK ] ==========================10.0.0.55====================== Local->RemoteHost [ OK ] [linuxea@NFS-server ~]$ 查看[linuxea@NFS-server ~]$ bash command.sh "cat /etc/hosts" =========10.0.0.53==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 =========10.0.0.54==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 =========10.0.0.55==================== #test 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 10.0.0.52 nfs-server ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [linuxea@NFS-server ~]$ 其它方式：修改rsync权限，不安全chmod 4755 /usr/bin/rsyncscp -P22 -r hosts linuxea@10.0.0.8:~ssh -t linuxea@10.0.0.8 rsync ~/hosts /etc/

inotify优化 inotify优化/proc/sys/fs/inotify的三个文件max_user_watches：设置inotifywait或inotifywatch命令可以监控文件数量（单进程）max_user_instances:设置每个用户可以运行的inotifywait或inotifywatch命令的进程数max_queued_events：设置inotify实例事件（event）队列可容纳的事件数量[root@NFS-server ~]# echo "5000000" >/proc/sys/fs/inotify/max_user_watches [root@NFS-server ~]# echo "5000000" >/proc/sys/fs/inotify/max_queued_events 200个文件并发，数据的延迟几乎忽略不计inotify优点：配合rsync实现数据同步inotify缺点：1，并发如果大于200个文件（10-100k），同步就会有延迟2，每次推送增量脚本3，监控到事件后，调用rsync同步是单进程(并发)，rsync多进程同步sersync：功能较多:1,真正的守护进程socket2，可以对失败文件定时传送（定时重新传送）3，第三方http借口4，默认多进程同步5，通过配置文件来实现数据其他同步方式：1，（sersync）inotify+rsync2，业务逻辑解决3，drdb文件系统级别4，第三方软件：mysql，oracle,mongodb5，程序双写

rsync+inotify实现nfs实时备份 一，rsync服务端配置1,1配置rsyncd配置文件[root@Rsync ~]# cat /etc/rsyncd.conf #rsync server uid = rsync gid = rsync use chroot = no max connections = 2000 timeout = 600 pid file = /var/run/rsyncd.pid lock file = /var/run/rsync.lock lof file = /var/log/rsyncd.log ignore errors read only = false list = false hosts allow = 10.0.0.0/24 hosts deny = 0.0.0.0/32 auth users = rsync_backup secrets file = /etc/rsync.password ################################################### [backup] comment = bakcup by linuxea path = /backup 1,2创建rsync用户并启动[root@Rsync ~]# useradd rsync -M [root@Rsync ~]# rsync --daemon [root@Rsync ~]# ps -ef |grep rsync|grep -v grep root 2094 1 0 03:44 ? 00:00:00 rsync --daemon 1,3创建备份文件目录并授权[root@Rsync ~]# mkdir /backup [root@Rsync ~]# chown -R rsync /backup [root@Rsync ~]# ls -ld /backup/ drwxr-xr-x 2 rsync root 4096 Dec 19 03:51 /backup/ [root@Rsync ~]# 1,4创建连接密码文件[root@Rsync ~]# echo "rsync_backup:linuxea" >/etc/rsync.password [root@Rsync ~]# cat /etc/rsync.password rsync_backup:linuxea 1,5开机启动[root@Rsync ~]# echo "rsync --daemon" >>/etc/rc.local 二,配置NFS-server,在NFS-server上配置inotify-tools+rsync客户端1，配置NFS-server1,1安装nfs[root@Rsync ~]# yum install nfs-utils rpcbind -y 1,2修改配置文件[root@Rsync ~]# vim /etc/exports /data 10.0.0.0/24(rw,sync,all_sqiash) 1,3创建挂载目录[root@Rsync ~]# mkdir /data 1,4修改属性[root@Rsync ~]# chown -R nfsnobody /data/ [root@Rsync ~]# /etc/init.d/rpcbind start Starting rpcbind: [ OK ] [root@Rsync ~]# /etc/init.d/nfs start [FAILED] Starting NFS quotas: [ OK ] Starting NFS mountd: [ OK ] Starting NFS daemon: [ OK ] Starting RPC idmapd: [ OK ] 1,5开机挂载[root@Rsync ~]# vim /etc/rc.local /etc/init.d/rpcbind start /etc/init.d/nfs start /bin/sh /rsync/scripts/rsync-inotify.sh & 2,配置rsync+inotify-tools安装,inotify-tools和nfs-server跑在同一个服务器上的[root@rsync-nfs src]# wget http://nchc.dl.sourceforge.net/project/inotify-tools/inotify-tools/3.13/inotify-tools-3.13.tar.gz 2,1查看是否支持事件监控[root@rsync-nfs src]# ls -l /proc/sys/fs/inotify/ total 0 -rw-r--r-- 1 root root 0 Dec 24 06:18 max_queued_events -rw-r--r-- 1 root root 0 Dec 24 06:18 max_user_instances -rw-r--r-- 1 root root 0 Dec 24 06:18 max_user_watches 2,2开始编译安装inotify[root@rsync-nfs src]# tar xf inotify-tools-3.13.tar.gz [root@rsync-nfs src]# cd inotify-tools-3.13 [root@rsync-nfs inotify-tools-3.13]# ./configure --prefix=/usr/local/inotify-tools-3.14 [root@rsync-nfs inotify-tools-3.13]# echo $? 0 [root@rsync-nfs inotify-tools-3.13]# make && make install 2,3为了方便软件升级，做一个软连接[root@rsync-nfs inotify-tools-3.13]# ln -s /usr/local/inotify-tools-3.14/ /usr/local/inotify-tools [root@rsync-nfs inotify-tools-3.13]# ls -l /usr/local/inotify-tools lrwxrwxrwx 1 root root 30 Dec 24 06:23 /usr/local/inotify-tools -> /usr/local/inotify-tools-3.14/ [root@rsync-nfs inotify-tools-3.13]# 2,4其他介绍2个工具inotifywait inotifywatch[root@rsync-nfs bin]# pwd /usr/local/inotify-tools/bin [root@rsync-nfs bin]# ll total 80 -rwxr-xr-x 1 root root 38614 Dec 24 06:22 inotifywait -rwxr-xr-x 1 root root 40377 Dec 24 06:22 inotifywatch [root@rsync-nfs bin]# inotifywait：在被监控的文件或目录上等待特定的文件系统事件发生，执行后处于阻塞状态inotifywatch：收集被监控的文件系统使用统计数据，指文件系统事件发生的次数统计2,5创建脚本目录文件[root@rsync-nfs scripts]# mkdir /rsync/scripts/ -p && cd /rsync/scripts/2,6推送data脚本[root@rsync-nfs scripts]# vim rsync-inotify.sh #!/bin/bash inotify=/usr/local/inotify-tools/bin/inotifywait $inotify -mrq --timefmt '%d/%m/%y %H:%M' --format '%T %w%f' -e create,close_write,delete /data \ |while read file do cd / && rsync -az ./data --delete rsync_backup@10.0.0.55::backup \ --password-file=/etc/rsync.password done 2,7后台运行[root@rsync-nfs scripts]# /bin/sh /rsync/scripts/rsync-inotify.sh & [1] 11888 [root@rsync-nfs scripts]# 三,web1和web2需要挂载/data目录，和配置rsync每天备份/var/www/html/以及其他的文件到rsync备份服务器上1，web-nfs配置1,1安装yum install nfs-utils rpcbind -y [root@NFS-WEB1 ~]# /etc/init.d/rpcbind start Starting rpcbind: [ OK ] [root@NFS-WEB1 ~]# chkconfig rpcbind on [root@NFS-WEB1 backup]# showmount -e 10.0.0.30 Export list for 10.0.0.30: /data 10.0.0.0/24 1,2挂载[root@NFS-WEB1 backup]# mount -t nfs 10.0.0.30:/data /mnt [root@NFS-WEB1 backup]# df -h Filesystem Size Used Avail Use% Mounted on /dev/sda2 18G 2.5G 15G 15% / tmpfs 238M 0 238M 0% /dev/shm /dev/sda1 283M 28M 240M 11% /boot 10.0.0.30:/data 18G 2.5G 15G 15% /mnt [root@NFS-WEB1 backup]# 1,3开机挂载[root@NFS-WEB1 backup]# vim /etc/rc.local /etc/init.d/rpcbind start mount -t nfs 10.0.0.30:/data /mnt 2，web-rsync配置2,1创建推送密码文件[root@NFS-WEB1 /]# echo "linuxea" >/etc/rsync.password [root@NFS-WEB1 /]# chmod 600 /etc/rsync.password 2,2创建脚本文件[root@NFS-WEB1 /]# mkdir /rsync/scripts/ && cd /rsync/scripts/ [root@NFS-WEB1 scripts]# ls rsync.sh2,3推送文件脚本[root@NFS-WEB1 scripts]# cat rsync.sh #!/bin/sh path=/backup dir="`ifconfig eth1|awk -F '[ :]+' 'NR==2 {print $4}'`_$(date +%F-%T)" mkdir $path/$dir -p &&\ /bin/cp -pr /var/www/html/ $path/web-$dir &&\ /bin/cp /etc/rc.local $path/$dir/rc.local-$(date +%F-%T) &&\ rsync -az $path/ rsync_backup@10.0.0.55::backup/ --password-file=/etc/rsync.password 2,4计划任务计划任务：每天晚上1点备份[root@NFS-WEB1 ]# crontab -e */5 * * * * /usr/sbin/ntpdate time.nist.gov >/dev/null 2>&1 00 01 * * * /bin/sh /rsync/scripts/rsync.sh >/dev/null 2>&1