wiki:linux/rsync
Last modified 6 years ago

rsync

$ rsync -PSavz --delete -bwlimit=500 -e "ssh -i ~/.ssh/mirror_data"  mirror@remote:.

オプション

  • P: 転送を中断した場合、ファイルを保持(--partial)、進捗情報を表示(--progress)
  • S: sparseファイルのコピーを効率化する。
  • a: アーカイブモード。ユーザやパーミッションなどを同じにしてミラー
  • v: verbose。詳細なログ表示
  • z: 圧縮
  • delete: srcからファイルが削除された場合、同期先のファイルも削除する

セキュリティの強化

rsyncの実行のみリモートユーザに許可して、セキュリティを強化することができる。

鍵作成

[root@desthost ~]# ssh-keygen -f rsynckey -t rsa -b 4096 -C "youname@hoge.com"
Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in rsynckey.
Your public key has been saved in rsynckey.pub.
The key fingerprint is:
SHA256:UEcdnGoXW4E6jyjBkm71U1bbyx2mVj1T6q4tCkal7eo youname@hoge.com
The key's randomart image is:
+---[RSA 4096]----+
|        ..oo.+.. |
|       . .  B . .|
|     o.   .+ * .o|
|    o +. +B + o*.|
|   . o oS=.= o+o+|
|    o ..+.. .o+ .|
|   .   .o.. ..   |
|       . o  ...  |
|       .E ...o.  |
+----[SHA256]-----+
[root@desthost ~]# ls
anaconda-ks.cfg  rsynckey  rsynckey.pub

バックアップ元に鍵を配置

SSHでログインできるようにする。 

[root@srchost ~]# adduser rsync-user
[root@srchost ~]# cd /home/rsync-user/
[root@srchost rsync-user]# mkdir .ssh
[root@srchost rsync-user]# chmod 700 .ssh/
[root@srchost rsync-user]# mv /root/rsynckey.pub .ssh/authorized_keys
[root@srchost rsync-user]# chown rsync-user.rsync-user -R .ssh/
[root@srchost rsync-user]# restorecon -R .ssh/

バックアップ先

鍵認証でログインできるか確認確認 

[root@desthost ~]# ssh -i rsynckey rsync-user@192.168.1.155
[rsync-user@srchost ~]$

鍵認証でrsyncが動作するか確認

[root@desthost ~]# sync -vvv -PSavz --delete --bwlimit=500 -e "ssh -i /root/rsynckey"  rsync-user@srchost:/var/www/html/mariadb /var/www/html
opening connection using: ssh -i rsynckey -l rsync-user srchost rsync --server --sender -vvvlogDtprSze.iLsf --bwlimit=500 . /var/www/html/mariadb
receiving incremental file list
server_sender starting pid=1439
[sender] make_file(mariadb,*,0)
recv_file_name(mariadb)
received 1 names
...
generate_files finished

sent 92 bytes  received 6075 bytes  12334.00 bytes/sec
total size is 206849027  speedup is 33541.27
[generator] _exit_cleanup(code=0, file=main.c, line=1518): about to call exit(0)

rsyncのみの実行に絞る絞る

セキュリティの観点では、sshで全ての実行を可能とするのはよろしくない。sshの接続にのみ絞るには、上記rsyncを実行した結果を利用する。

opening connection using: ssh -i rsynckey -l rsync-user srchost rsync --server --sender -vvvlogDtprSze.iLsf --bwlimit=500 . /var/www/html/mariadb

エラー処理について

エラー発生時のエラーコード(echo $?)の値は、下記の通り。

  • 転送中ののネットワーク切断: 12
  • サーバ側rsyncプロセスのクラッシュ: 22
  • sshが繋がらない: 255

ネットワーク切断

[root@desthost ~]# rsync --timeout 60 -vv -PSavz --delete --bwlimit=500 -e "ssh -i rsynckey"  rsync-user@srchost:/var/www/html/mariadb /var/www/html
....

[receiver] io timeout after 60 seconds -- exiting
set uid of mariadb/rpms/.MariaDB-10.1.29-centos7-x86_64-backup.rpm.NPdON0 from 0 to 48
set gid of mariadb/rpms/.MariaDB-10.1.29-centos7-x86_64-backup.rpm.NPdON0 from 0 to 48
renaming mariadb/rpms/.MariaDB-10.1.29-centos7-x86_64-backup.rpm.NPdON0 to mariadb/rpms/MariaDB-10.1.29-centos7-x86_64-backup.rpm
rsync error: timeout in data send/receive (code 30) at io.c(140) [receiver=3.0.9]
[receiver] _exit_cleanup(code=30, file=io.c, line=140): about to call exit(30)
rsync: connection unexpectedly closed (82 bytes received so far) [generator]
rsync error: error in rsync protocol data stream (code 12) at io.c(605) [generator=3.0.9]
[generator] _exit_cleanup(code=12, file=io.c, line=605): about to call exit(12)
[root@localhost ~]# echo $?
12

ssh不通

[root@localhost ~]# rsync --timeout 60 -vv -PSavz --delete --bwlimit=500 -e "ssh -i rsynckey"  rsync-user@srchost:/var/www/html/mariadb /var/www/html
opening connection using: ssh -i rsynckey -l rsync-user srchost rsync --server --sender -vvvlogDtprSze.iLsf --timeout=60 --bwlimit=500 . /var/www/html/mariadb
ssh: connect to host srchost port 22: No route to host
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: unexplained error (code 255) at io.c(605) [Receiver=3.0.9]
[Receiver] _exit_cleanup(code=12, file=io.c, line=605): about to call exit(255)
[root@localhost ~]# echo $?
255

rsyncプロセスの死亡

rsync: connection unexpectedly closed (9162874 bytes received so far) [receiver]
set uid of mariadb/rpms/.MariaDB-10.1.29-centos7-x86_64-backup.rpm.ipt9fC from 0 to 48
set gid of mariadb/rpms/.MariaDB-10.1.29-centos7-x86_64-backup.rpm.ipt9fC from 0 to 48
renaming mariadb/rpms/.MariaDB-10.1.29-centos7-x86_64-backup.rpm.ipt9fC to mariadb/rpms/MariaDB-10.1.29-centos7-x86_64-backup.rpm
rsync error: error in rsync protocol data stream (code 12) at io.c(605) [receiver=3.0.9]
[receiver] _exit_cleanup(code=12, file=io.c, line=605): about to call exit(12)
rsync: connection unexpectedly closed (82 bytes received so far) [generator]
rsync error: received SIGINT, SIGTERM, or SIGHUP (code 20) at io.c(605) [generator=3.0.9]
[generator] _exit_cleanup(code=12, file=io.c, line=605): about to call exit(20)
[root@localhost ~]# echo $?
20