HowTo Setup a Rsync Server for Loadbalancing on Linux CentOS 5.3

j0zf 2009.7.23

// Notes on HowTo Setup Rsync on CentOS 5.3 ////////////////////////////////////
// j0zf 2009.7.21

// SETTING UP RSYNCD SERVER ON WWW1 ////////////////////////////////////////////

>> Setup /etc/rsyncd.conf

 -- UNIX COMMANDS --
 touch /etc/rsyncd.conf
 chmod 644 /etc/rsyncd.conf
 vi /etc/rsyncd.conf
 
 *** FILE : /etc/rsyncd.conf ***
motd file = /etc/rsyncd.motd
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock

[an_identifier]
  path = /home/a_username/public_html
  use chroot = no
  max connections = 10
  auth users = a_username
  hosts allow = www1.producttoweb.com www2.yoursite.com www3.yoursite.com
  secrets file = /etc/rsyncd.secrets
  uid = a_username
  gid = a_groupname
  list = yes
  read only = no
 *** EOF : /etc/rsyncd.conf ***

>> Setup your secrets file
 - Passwords are in plain-text so make sure you change the permissions on the 
  file /etc/rsyncd.secrets to disallow all but the root user to view the file.
 - This file can be named anything and located pretty much anywhere, but I
  suggest /etc/rsyncd.secrets so that I can find it easily when I obtain root
  access to your system.
 - On some systems your username and password may need to be 8 characters or less.

 -- UNIX COMMANDS --
 touch /etc/rsyncd.secrets
 chmod 600 /etc/rsyncd.secrets
 vi /etc/rsyncd.secrets
 
 *** FILE : /etc/rsyncd.secrets ***
a_username:a_password
 *** EOF : /etc/rsyncd.secrets ***
   
>> Setup your iptables firewall to allow traffic on port 873
 - You'll need to add the following line into your iptables firewall setup.
  Note that the location of this entry can be important. Although your
  iptables file is not likely to be exactly the same as mine I'll include
  mine for example sakes. 
 
 -- Example of restrictive (by ip address) iptables setup --
 -A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 1] --dport 873
 -A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 2] --dport 873
 -A INPUT -j ACCEPT -p tcp -s [allowed host's ip address 3] --dport 873
 -A INPUT -j DROP -p tcp --dport 873
 
 -- Example of wide open iptables setup --
 # Notice : I'm opening my port 873 to all traffic, but just during the testing process
 -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 873 -j ACCEPT
 
 -- UNIX COMMANDS --
 cp /etc/sysconfig/iptables /etc/sysconfig/iptables_backup
 vi /etc/sysconfig/iptables # see contents file below
 service iptables restart # restart your filewall

 *** FILE : /etc/sysconfig/iptables ***
# Firewall configuration written by system-config-securitylevel
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT

# HTTP(S) - j0zf 2009.7.16
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 443 -j ACCEPT

# RYSNCD - j0zf 2009.7.23
-A RH-Firewall-1-INPUT -p tcp -m tcp --dport 873 -j ACCEPT

-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
 *** EOF : /etc/sysconfig/iptables ***

>> Setup rsyncd to run as a stand-alone daemon
 - It could also be setup to be ran from inetd, but form my investigation I 
  have found that systems which receive frequent connections will be better
  off running it as a daemon. Since this system will by synchronizing 
  several webservers with www1 It'll be a busy bugger.
 
 -- UNIX COMMANDS --
 touch /etc/rc.d/init.d/rsyncd
 chmod 755 /etc/rc.d/init.d/rsyncd
 vi /etc/rc.d/init.d/rsyncd
 ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc2.d/S85rsyncd
 ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc3.d/S85rsyncd
 ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc5.d/S85rsyncd
 ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc0.d/K15rsyncd
 ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc1.d/K15rsyncd
 ln -s /etc/rc.d/init.d/rsyncd /etc/rc.d/rc6.d/K15rsyncd
 service rsyncd start
  
 *** FILE : /etc/rc.d/init.d/rsyncd ***
#!/bin/sh
# Thanks To : http://www.fredshack.com/docs/rsync.html 
# Rsyncd This shell script takes care of starting and stopping the rsync daemon
# description: Rsync is an awesome replication tool.
# Source function library.
. /etc/rc.d/init.d/functions

[ -f /usr/bin/rsync ] || exit 0

case "$1" in
start)
action "Starting rsyncd: " /usr/bin/rsync --daemon
;;
stop)
action "Stopping rsyncd: " killall rsync
;;
*)
echo "Usage: rsyncd {start|stop}"
exit 1
esac
exit 0
 *** EOF : /etc/rc.d/init.d/rsyncd ***


// SETTING UP RSYNC CRON FILES ON WWW2 THROUGHT WWWN SERVERS ///////////////////

Only do this on the secondary web-servers www2, www3, ..., wwwN

>> Create your password file
 - just the password, nothing else no extra spaces or carriage returns or nuttin
 echo "a_password" > /home/a_username/.rsync.www1.secret
 chmod 600 /home/a_username/.rsync.www1.secret
 
>> Create your rsync script 

 -- UNIX COMMANDS --
 touch /home/a_username/rsync_with_www1
 chmod 744 /home/a_username/rsync_with_www1
 vi /home/a_username/rsync_with_www1
 
 *** FILE : /home/a_username/rsync_with_www1 ***
#!/bin/bash
# RSYNC WITH WWW1 - J0ZF 2009.7.23

# 1ST : GET THE NEW FILES FROM WWW1
rsync -rvtpogz a_username@www1.yoursite.com::a_username /home/a_username/public_html/ --password-file /home/a_username/.rsync.www1.secret

# 2ND : SEND ANY NEW FILE ON THIS SERVER TO WWW1
rsync -rvtpogz /home/a_username/public_html/ a_username@www1.yoursite.com::a_username --password-file /home/a_username/.rsync.www1.secret 
 *** EOF : /home/a_username/rsync_with_www1 *** 
 

>> Setup to Automatically Rsync Hourly
 - to run your rsync script every 30 minutes add the following to your crontab file
 
 # RSYNC WITH WWW1 EVERY 30 MINUTES
 00,30 * * * * root /home/a_username/rsync_with_www1

 -- UNIX COMMANDS --
 vi /etc/crontab
  
 *** FILE : /etc/crontab ***
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly

# RSYNC WITH WWW1 EVERY 30 MINUTES
00,30 * * * * root /home/a_username/rsync_with_www1
 *** EOF : /etc/crontab ***

// SOURCES /////////////////////////////////////////////////////////////////////
http://everythinglinux.org/rsync/
http://en.wikipedia.org/wiki/Rsync
http://www.samba.org/rsync/documentation.html
http://www.fredshack.com/docs/rsync.html
http://finmath.uchicago.edu/~wilder/Security/rsync/
http://linux.about.com/library/cmd/blcmdl5_rsyncd.conf.htm




Joseph Frazier | Create Your Badge

This page has been visited 19,557 times since July 23rd, 2009

This is an ApogeeInvent Dynamic Website