Mirror Your Web Site With rsync - Page 2

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Submitted by falko (Contact Author) (Forums) on Thu, 2006-04-20 15:08. ::

5 Configure server1.example.com

Now log in through SSH on server1.example.com as someuser (not root!) and do this:

server1:

(Please do this as someuser!)

mkdir ~/.ssh
chmod 700 ~/.ssh
mv ~/mirror-rsync-key.pub ~/.ssh/
cd ~/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat mirror-rsync-key.pub >> authorized_keys

By doing this, we have appended the contents of mirror-rsync-key.pub to the file /home/someuser/.ssh/authorized_keys. /home/someuser/.ssh/authorized_keys should look similar to this:

server1:

(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys

ssh-dss AAAAB3NzaC1kc3MAAA[...]lSUom root@
mirror

Now we want to allow connections only from mirror.example.com, and the connecting user should be allowed to use only rsync, so we add

command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty

right at the beginning of /home/someuser/.ssh/authorized_keys:

server1:

(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys

command="/home/someuser/rsync/checkrsync",from="mirror.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3NzaC1kc3MAAA[...]lSUom root@
mirror

It is important that you use a FQDN like mirror.example.com instead of an IP address after from=, otherwise the automated mirroring will not work!

Now we create the script /home/someuser/rsync/checkrsync that rejects all commands except rsync.

server1:

(We still do this as someuser!)

mkdir ~/rsync
vi ~/rsync/checkrsync 

#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
        *\&*)
                echo "Rejected"
                ;;
        *\(*)
                echo "Rejected"
                ;;
        *\{*)
                echo "Rejected"
                ;;
        *\;*)
                echo "Rejected"
                ;;
        *\<*)
                echo "Rejected"
                ;;
        *\`*)
                echo "Rejected"
                ;;
        rsync\ --server*)
                $SSH_ORIGINAL_COMMAND
                ;;
        *)
                echo "Rejected"
                ;;
esac

chmod 700 ~/rsync/checkrsync


6 Test rsync On mirror.example.com

Now we must test on mirror.example.com if we can mirror server1.example.com without being prompted for someuser's password. We do this:

mirror:

(We do this as root!)

rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" someuser@server1.example.com:/var/www/ /var/www/

(The --delete option means that files that have been deleted on server1.example.com should also be deleted on mirror.example.com. The --exclude option means that these files/directories should not be mirrored; e.g. --exclude=**/error means "do not mirror /var/www/error". You can use multiple --exclude options. I have listed these options as examples; you can adjust the command to your needs. Have a look at

man rsync

for more information.)

You should now see that the mirroring takes place:

receiving file list ... done

sent 71 bytes  received 643 bytes  476.00 bytes/sec
total size is 64657  speedup is 90.56

without being prompted for a password! This is what we wanted.


7 Create A Cron Job

We want to automate the mirroring, that is why we create a cron job for it on mirror.example.com. Run crontab -e as root:

mirror:

(We do this as root!)

crontab -e

and create a cron job like this:

*/5 * * * * /usr/bin/rsync -azq --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" someuser@server1.example.com:/var/www/ /var/www/

This would run rsync every 5 minutes; adjust it to your needs (see

man 5 crontab

). I use the full path to rsync here (/usr/bin/rsync) just to go sure that cron knows where to find rsync. Your rsync location might differ. Run

mirror:

(We do this as root!)

which rsync

to find out where yours is.


8 Links

up

Copyright © 2006 Falko Timme
All Rights Reserved.
add comment | view as pdf view as pdf | print: this | all page(s) |
Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
You can also avoid
Submitted by Anthony (not registered) on Fri, 2010-01-15 22:55.
You can also avoid generating a rule structure by using shorewall for Linux. You'd just setup a rule to allow rsync requests by specific target IP addresses. Personally, it made it a whole lot easier for my setup.
reply | view as pdf view as pdf
I think you typo in the
Submitted by Anonymous (not registered) on Tue, 2009-07-28 14:00.

I think you typo in the instruction step 5 (configure server1.example.com) ==> I think this is meant to be configure mirror.example.com as you want to configure remote authorized files

reply | view as pdf view as pdf
thks for the details
Submitted by Anonymous (not registered) on Fri, 2009-05-15 14:42.
thks for the details
reply | view as pdf view as pdf
Great Article
Submitted by Michael Potter (not registered) on Mon, 2009-03-02 16:26.
Thanks for the great how-to!
reply | view as pdf view as pdf
rsync error: error in rsync protocol data stream (code 12)
Submitted by jed (not registered) on Tue, 2009-01-13 16:19.

server_A: Red hat

server_B: Window 2003 (cygwin)

i was on server_B running this command: ssh -i /root/rsync/mirror-rsync-key someuser@server_A:/var/www/ /var/www/

all files on server_A to be transferred on server_B /var/www/

I got this error: Connection closed by server_A rsync: connection unexpectedly closed (0 bytes received so far) [receiver] rsync error: error in rsync protocol data stream (code 12) at /home/lapo/packaging/rsync-3.0.4-1/src/rsync-3.0.4/io.c(632) [receiver=3.0.4]

I've already setup ssh on cygwin http://ist.uwaterloo.ca/~kscully/CygwinSSHD_W2K3.html.

Thanks in advance.

reply | view as pdf view as pdf
Re: rsync error: error in rsync protocol data stream (code 12)
Submitted by Anonymous (not registered) on Wed, 2009-01-14 06:38.
I after few hours of tracing the file mirroring is already working. I found out that the error occurs when rsync encounters a unpermitted folders, files etc. that can't be transferred.
reply | view as pdf view as pdf
Automated failover
Submitted by Diego (not registered) on Thu, 2008-09-11 15:34.
Newbie question: How about if the main server goes down, how could I make them switch over automatically to the mirror server?
reply | view as pdf view as pdf
Re: Automated failover
Submitted by Anonymous (not registered) on Mon, 2008-09-15 06:52.

You can do that easily by creating a high-availability load balancer that uses haproxy/hearbeat. I've set up my web server cluster using these instructions:

http://www.howtoforge.com/high-availability-load-balancer-haproxy-heartbeat-debian-etch

It's pretty straightforward and works like a charm.

reply | view as pdf view as pdf
missing coma
Submitted by vanthevirus (registered user) on Wed, 2008-04-16 19:14.

i have been spending several hours to make this thing automatic but it keeps asking for password.

but finally i found the reason of my failure. I forgot a COMA!

"... no-port-forwarding,no-X11-forwarding,no-pty, ssh-dss AAAAB3NzaC1kc3MAAAEBALGZJ34a5QwC2 .... " 

 please update your tutorial for the sake of other newbies out there...

anyway, this howto is very helpful. thanks 

reply | view as pdf view as pdf
Re: missing coma
Submitted by Anonymous (not registered) on Tue, 2009-03-24 17:26.
I have added the comma and I still have the issue with it requesting a password.  What am I doing wrong?
reply | view as pdf view as pdf
Comma or new-line
Submitted by trigar (registered user) on Mon, 2008-08-04 17:42.

What finally worked for me was a new-line instead of a comma.  Also, if you use nano - be careful to switch off long-line wrapping (M-L).

reply | view as pdf view as pdf
Re: Comma or new-line
Submitted by xLinux4Lifex (not registered) on Wed, 2009-08-26 04:52.

Same here.  I also needed a new-line instead of comma.  My OS is SLES11.

reply | view as pdf view as pdf
archive mode
Submitted by amcorona (registered user) on Tue, 2007-08-28 15:24.

I am not sure how important this is but you are using archive mode which preserves file ownership.

You should have the same accounts on both servers if you have some directories on the source server that are owned by different accounts.  I have a file repository that only one specific user has write access to (not apache).  I have to create that owner on the target machine before running this script.  One thing I am not sure about is if the UID has to be identical

 

 

reply | view as pdf view as pdf
Re: archive mode
Submitted by Anonymous (not registered) on Thu, 2008-12-04 15:21.
the --numeric-ids parameter to rsync is for this purpose. No need to create accounts.
reply | view as pdf view as pdf
Looks great and simple, but...
Submitted by Anonymous (not registered) on Mon, 2006-04-24 00:09.
According to the suggested setup if something goes wrong to the contents of the server1.example.com:/var/www/ the mess would be propagated to the mirror server too. On the other hand, as you say you are offering just a plain rsync over ssh mirroring solution not a bullet proof backup solution..

reply | view as pdf view as pdf
Troubleshooting rsync issues
Submitted by Anonymous (not registered) on Tue, 2006-06-13 02:32.

If things work up until the last rsync using the public/private key pair, and you're having problems, use the ssh -v switch:


rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -v -i /root/rsync/mirror-rsync-key" someuser@server1.example.com:/var/www/ /var/www/

reply | view as pdf view as pdf
I understand Rsync has a wi
Submitted by Anonymous (not registered) on Mon, 2006-05-22 22:31.
I understand Rsync has a windows plugin. Does anyone know how to rsync a /Inetpub/ directory to a linux server /backup/ folder?
reply | view as pdf view as pdf
Backup solution
Submitted by Anonymous (not registered) on Thu, 2006-04-27 09:07.
Well, if you run rsync like that then doing incremental backups isn't all that difficult again. This here was the base for my altered script:
http://www.mikerubel.org/computers/rsync_snapshots/
It uses hardlinks. Well, I run the thing as root because I want to keep permissions. Here's my backup.sh
#!/bin/bash
# ----------------------------------------------------------------------
# mikes handy rotating-filesystem-snapshot utility
# ----------------------------------------------------------------------
# this needs to be a lot more general, but the basic idea is it makes
# rotating backup-snapshots of /home whenever called
# ----------------------------------------------------------------------

unset PATH

# suggestion from H. Milz: avoid accidental use of $PATH


# Make MySQL Backups
#!/bin/bash
# Remove old files
rm -f /mysql_backup/*

#Dump new files
USER=root
PASSWORD=************
HOST=localhost

for i in $(echo 'SHOW DATABASES;' | mysql -u$USER -p$PASSWORD -h$HOST|grep -v '^Database$'); do
mysqldump \
-u$USER -p$PASSWORD -h$HOST \
-Q -c -C --add-drop-table --add-locks --quick --lock-tables \
$i > /mysql_backup/$i.sql;
done;


# ------------- system commands used by this script --------------------
ID=/usr/bin/id;
ECHO=/bin/echo;

RM=/bin/rm;
MV=/bin/mv;
CP=/bin/cp;
TOUCH=/bin/touch;

RSYNC=/usr/bin/rsync;
SSH=/usr/bin/ssh
KEY=/root/.ssh/id_rsa

# ------------- file locations -----------------------------------------

SNAPSHOT_RW=/backup/backup;
EXCLUDES=/backup/backup_exclude;

# ------------- the script itself --------------------------------------

# rotating snapshots of /home (fixme: this should be more general)

# step 1: delete the oldest snapshot, if it exists:
if [ -d $SNAPSHOT_RW/hourly.3 ] ; then\
$RM -Rf $SNAPSHOT_RW//hourly.3 ;\
fi;

# step 2: shift the middle snapshots(s) back by one, if they exist
if [ -d $SNAPSHOT_RW/hourly.2 ] ;then\
$MV $SNAPSHOT_RW/hourly.2 $SNAPSHOT_RW/hourly.3 ;\
fi;

if [ -d $SNAPSHOT_RW/hourly.1 ] ; then\
$MV $SNAPSHOT_RW/hourly.1 $SNAPSHOT_RW/hourly.2 ;\
fi;

# step 3: make a hard-link-only (except for dirs) copy of the latest snapshot,
# if that exists
if [ -d $SNAPSHOT_RW/hourly.0 ] ; then\
$CP -al $SNAPSHOT_RW/hourly.0 $SNAPSHOT_RW/hourly.1 ;\
fi;

# step 4: rsync from the system into the latest snapshot (notice that
# rsync behaves like cp --remove-destination by default, so the destination
# is unlinked first. If it were not so, this would copy over the other
# snapshot(s) too!

$RSYNC\
-avz --delete --delete-excluded \
--exclude-from="$EXCLUDES"\
-e "$SSH -i $KEY" \
root@www.server.com:/ $SNAPSHOT_RW/hourly.0 ;

# step 5: update the mtime of hourly.0 to reflect the snapshot time
$TOUCH $SNAPSHOT_RW/hourly.0 ;

I run this script 4 times daily through cron. Then I have another script which makes daily snapshots for 7 days (backup_daily.sh):

#!/bin/bash
# ----------------------------------------------------------------------
# mikes handy rotating-filesystem-snapshot utility
# ----------------------------------------------------------------------
# this needs to be a lot more general, but the basic idea is it makes
# rotating backup-snapshots of /home whenever called
# ----------------------------------------------------------------------

unset PATH

# suggestion from H. Milz: avoid accidental use of $PATH

# ------------- system commands used by this script --------------------
ID=/usr/bin/id;
ECHO=/bin/echo;

RM=/bin/rm;
MV=/bin/mv;
CP=/bin/cp;
TOUCH=/bin/touch;

RSYNC=/usr/bin/rsync;
SSH=/usr/bin/ssh
KEY=/root/.ssh/id_rsa

# ------------- file locations -----------------------------------------

SNAPSHOT_RW=/backup/backup;
EXCLUDES=/backup/backup_exclude;

# ------------- the script itself --------------------------------------

# rotating snapshots of /home (fixme: this should be more general)

# step 1: delete the oldest snapshot, if it exists:
if [ -d $SNAPSHOT_RW/daily.6 ] ; then\
$RM -Rf $SNAPSHOT_RW/daily.6 ;\
fi;

# step 2: shift the middle snapshots(s) back by one, if they exist
if [ -d $SNAPSHOT_RW/daily.5 ] ; then\
$MV $SNAPSHOT_RW/daily.5 $SNAPSHOT_RW/daily.6 ;\
fi;

if [ -d $SNAPSHOT_RW/daily.4 ] ; then\
$MV $SNAPSHOT_RW/daily.4 $SNAPSHOT_RW/daily.5 ;\
fi;

if [ -d $SNAPSHOT_RW/daily.3 ] ; then\
$MV $SNAPSHOT_RW/daily.3 $SNAPSHOT_RW/daily.4 ;\
fi;

if [ -d $SNAPSHOT_RW/daily.2 ] ; then\
$MV $SNAPSHOT_RW/daily.2 $SNAPSHOT_RW/daily.3 ;\
fi;

if [ -d $SNAPSHOT_RW/daily.1 ] ; then\
$MV $SNAPSHOT_RW/daily.1 $SNAPSHOT_RW/daily.2 ;\
fi;

if [ -d $SNAPSHOT_RW/daily.0 ] ; then\
$MV $SNAPSHOT_RW/daily.0 $SNAPSHOT_RW/daily.1 ;\
fi;


# step 3: make a hard-link-only (except for dirs) copy of the latest snapshot,
# if that exists
if [ -d $SNAPSHOT_RW/hourly.3 ] ; then\
$CP -al $SNAPSHOT_RW/hourly.3 $SNAPSHOT_RW/daily.0 ;\
fi;

# step 4: update the mtime of daily.0 to reflect the snapshot time
$TOUCH $SNAPSHOT_RW/daily.0 ;

And finally I have a weekly script that makes weekly snapshots during a 4-week period (backup_weekly.sh):

#!/bin/bash
# ----------------------------------------------------------------------
# mikes handy rotating-filesystem-snapshot utility
# ----------------------------------------------------------------------
# this needs to be a lot more general, but the basic idea is it makes
# rotating backup-snapshots of /home whenever called
# ----------------------------------------------------------------------

unset PATH

# suggestion from H. Milz: avoid accidental use of $PATH

# ------------- system commands used by this script --------------------
ID=/usr/bin/id;
ECHO=/bin/echo;

RM=/bin/rm;
MV=/bin/mv;
CP=/bin/cp;
TOUCH=/bin/touch;

RSYNC=/usr/bin/rsync;
SSH=/usr/bin/ssh
KEY=/root/.ssh/id_rsa

# ------------- file locations -----------------------------------------

SNAPSHOT_RW=/backup/backup;
EXCLUDES=/backup/backup_exclude;

# ------------- the script itself --------------------------------------

# rotating snapshots of /home (fixme: this should be more general)

# step 1: delete the oldest snapshot, if it exists:
if [ -d $SNAPSHOT_RW/weekly.3 ] ; then\
$RM -Rf $SNAPSHOT_RW/weekly.3 ;\
fi;

# step 2: shift the middle snapshots(s) back by one, if they exist
if [ -d $SNAPSHOT_RW/weekly.2 ] ; then\
$MV $SNAPSHOT_RW/weekly.2 $SNAPSHOT_RW/weekly.3 ;\
fi;

if [ -d $SNAPSHOT_RW/weekly.1 ] ; then\
$MV $SNAPSHOT_RW/weekly.1 $SNAPSHOT_RW/weekly.2 ;\
fi;

if [ -d $SNAPSHOT_RW/weekly.0 ] ; then\
$MV $SNAPSHOT_RW/weekly.0 $SNAPSHOT_RW/weekly.1 ;\
fi;


# step 3: make a hard-link-only (except for dirs) copy of the latest snapshot,
# if that exists
if [ -d $SNAPSHOT_RW/daily.6 ] ; then\
$CP -al $SNAPSHOT_RW/daily.6 $SNAPSHOT_RW/weekly.0 ;\
fi;

# step 4: update the mtime of weekly.0 to reflect the snapshot time
$TOUCH $SNAPSHOT_RW/weekly.0 ;


And of course you also need to run crons ^^ # Make Backups
0 0 * * Sun sh /backup/backup_weekly.sh
15 0 * * * sh /backup/backup_daily.sh
45 0,6,12,18 * * * sh /backup/backup.sh



With these scripts there is just a small issue. You need to create first a manual daily.0 and weekly.0 folder :)
reply | view as pdf view as pdf
Some thoughts
Submitted by Anonymous (not registered) on Fri, 2006-04-21 20:03.
Three things:

1.) rsync does only transfer changed files but not even the whole file... but more than just the changes. rSync has some algorithm that splits up the file in multiple sections and then creates a checksum for it and compares it and only the changed parts will then be transmitted.
For example I had a mysql dump of 270 MB. I deleted it and made a new dump with a few changes. Now rsync noted that the file was changed but it didn't transmit the whole 270 MB again but only 25 MB.

2.) Instead of using --exclude I would rather use --exclude-from="/path/to/file" because I think it's much simpler to add there exclusions. Just add one pattern per line. I have for example this here:

/backup/
/bin/
/dev/
/initrd/
/lib/
/lost+found/
/mnt/
/opt/
/proc/
/sbin/
/sys/
/tmp/
/usr/
/var/log/
/var/cache/
/var/spool/
/var/lib/mysql/

I know, I still need to fine-tune that a bit.
3.) I would also add --delete-excluded for the simple reason that when you exclude something from being backuped then you don't want have older versions on the backup server any longer. This switch takes care of that.
reply | view as pdf view as pdf
rdist
Submitted by Anonymous (not registered) on Mon, 2006-05-22 18:38.
Nice post and there is another way to do this also. I just implemented the same functionality for our main website by using rdist. The good thing about this is that it checks timestamp automatically and if the files have been modified it will replicate it accordingly. Put it in cron and you don't have to worry about anything else and let it email you stating which files have changed.
reply | view as pdf view as pdf
rsync can replace files
Submitted by lazyman (registered user) on Mon, 2008-04-28 02:46.
If you use the flag -W rsync will copy the entire file not just the blocks it thinks are modified. http://www.oreillynet.com/linux/cmd/cmd.csp?path=r/rsync
reply | view as pdf view as pdf
Another Port
Submitted by Strong (not registered) on Wed, 2009-05-13 06:36.
Hi..thanks for the tutorial.. I have a question. How if SSH use another port instead of 22 on both server ? e.g port 10000 What is the exact command to run rsync with port 10000 ? Thanks for all Strong
reply | view as pdf view as pdf
Re: Another Port
Submitted by Anonymous (not registered) on Tue, 2009-07-28 13:54.

use -p option.

eg:

rsync --delete-during -zaOH -e 'ssh -2 -i <PrivateKey> -p 10000' /source_folder/ <destination ip>:/<destination_folder>/
 

reply | view as pdf view as pdf
Sponsored Links: Turn your desk phone and mobile phone into one with Sprint Mobile Integration.
www.seamlessenterprise.com

One number. One voicemail. Seize the lead. Sprint Mobile Integration.
www.seamlessenterprise.com

One Number. One Voicemail.
Make it easier for clients to reach you. Turn your desk phone and mobile phone into one with Sprint Mobile Integration.
www.seamlessenterprise.com

One number. One voicemail. Sprint Mobile Integration.
www.seamlessenterprise.com

AT&T Synaptic Compute as a Service. Boost your power on demand.

Trial: IBM Cognos Express Reporting, Analysis & Planning

Learn benefits of Simpana software.
View the Gartner Video