我搜索了> 5天,尝试了许多技巧和提示,甚至试图让lsync的作者帮助,但都是徒劳。
我有2台Red Hat 6.3 Web服务器需要在上传图像时同步其图像目录。我们无法控制上传到哪个服务器,但是在上传时它不会被加载到另一个服务器上。
我只需要能够告诉lsync使用除root之外的其他用户的凭据。我们的信息安全团队不允许无密码root访问。不能说我责备他们。
我有一个拥有sudo权限的帐户,可以执行将文件送到目的地所需的一切。虽然我可以使用rsync来执行同步,但是当从lsync运行时,它会因为权限被拒绝而失败。
我甚至可以从日志中复制lsync执行的命令,删除方括号并成功同步。所以,我很确定是导致问题的lsync。仅仅因为它是以root身份运行的。 shell脚本强制它以root身份运行。我甚至尝试将其更改为非root帐户,并且所有支持文件都随脚本一起更改,但仍然拒绝同步。
以下是我所拥有的脚本和文件的详细信息: 操作系统:Red Hat Linux 6.3版(圣地亚哥) lsyncd配置文件:
----
-- User configuration file for lsyncd.
--
-- Simple example for default rsync, but executing moves through on the target.
--
-- For more examples, see /usr/share/doc/lsyncd*/examples/
--
-- sync{default.rsyncssh, source="/var/www/html", host="localhost", targetdir="/tmp/htmlcopy/"}
settings{
logfile = "/var/log/lsyncd.log",
statusFile = "/var/log/lsyncd-status.log",
delay = 1,
}
sync {
default.rsyncssh,
source="<Absolute path to source directory>",
host = "<Host IP>",
targetdir = "<Absolute path to target directory>",
rsync = {
binary = "/usr/bin/rsync",
rsh = "sudo -u <Domain>\\<User ID> ssh",
sparse = true,
update = true,
links = true,
times = true,
}
}
rsyncd.conf文件:
log file = /var/log/rsyncd.log
pid file = /var/log/rsyncd.pid
allow = localhost
deny = *
list = true
uid = 16777218
gid = 16777222
read only = false
timeout=600
use chroot = true
[Test1]
path = "<Absolute path to target/source>"
comment = Test for remote transfer
rsyncd.conf文件已更改为使用其他uid / gid,因为这是我希望将其更改为。
以下是来自lsyncd.log的错误日志:
Thu Aug 22 07:58:57 2013 Debug: daemonizing now.
Thu Aug 22 07:58:57 2013 Function: Inotify.addWatch(<Absolute Path to Source> )
Thu Aug 22 07:58:57 2013 Inotify: addwatch( <Absolute Path to Source> )-> 1
Thu Aug 22 07:58:57 2013 Call: getAlarm( )
Thu Aug 22 07:58:57 2013 Alarm: runner.getAlarm returns: (true)
Thu Aug 22 07:58:57 2013 Masterloop: immediately handling delays.
Thu Aug 22 07:58:57 2013 Call: cycle( )
Thu Aug 22 07:58:57 2013 Function: invokeActions( "Sync1", (Timestamp: 5491559.47) )
Thu Aug 22 07:58:57 2013 Normal: recursive startup rsync: <Absolute Path to Target> -> <Host IP>:<Absolute Path to Target>
Thu Aug 22 07:58:57 2013 Exec: /usr/bin/rsync [--delete] [--ignore-errors] [-usltS] [--rsh=sudo -u <Domain>\<User ID> ssh] [-r] [<Absolute Path to Source>] [<Host IP>:<Absolute Path to Target>]
Thu Aug 22 07:58:57 2013 Function: write( (Timestamp: 5491559.47) )
Thu Aug 22 07:58:57 2013 Statusfile: writing now
Thu Aug 22 07:58:57 2013 Call: getAlarm( )
Thu Aug 22 07:58:57 2013 Alarm: runner.getAlarm returns: (false)
Thu Aug 22 07:58:57 2013 Masterloop: going into select ( no timeout )
rsync: Failed to exec sudo: Permission denied (13)
rsync error: error in IPC code (code 14) at pipe.c(84) [sender=3.0.6]
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in IPC code (code 14) at io.c(600) [sender=3.0.6]
Thu Aug 22 07:58:57 2013 Call: collectProcess( )
Thu Aug 22 07:58:57 2013 Delay: collected an event
Thu Aug 22 07:58:57 2013 Error: Temporary or permanent failure on startup of "<Absolute Path to Target>". Terminating since "insist" is not set.
注意:我对文件进行了清理,并假设我理解了应用程序关于源和目标应该位于何处的所有意图。
所以,我们明确了目标:
他们正在讨论如何试图找出如何将图像定向到一台服务器然后我们可以使用删除选项使两台服务器准确同步,而不必担心在两台服务器上都有同步服务而且可能由于时间原因而丢失一台服务器。另外,不知道如果一个文件打开而另一个服务器试图删除它会发生什么。
我很绝望,因为我甚至无法让作者帮忙。也许它无法完成,但似乎这个功能强大的应用程序会有这个愚蠢的小缺陷,使得那些有安全问题的人完全无法使用它。
谢谢!
答案 0 :(得分:8)
你必须在lsyncd.conf文件的rsyncopts部分设置用户名和密钥文件(在ubuntu上是/etc/lsyncd/lsyncd.conf.lua)。密钥文件必须存在于运行lsyncd守护程序的主机上。
sync{
default.rsyncssh,
source="/path/to/source",
host="target.example.org",
targetdir="/path/on/target",
rsyncOpts={"-e", "/usr/bin/ssh -l someuser123 -i /home/someuser123/.ssh/id_rsa"}
}
答案 1 :(得分:1)
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd.status"
}
sync {
default.rsyncssh,
source = "/home/vagrant/local",
host = "vagrant@192.168.33.11",
targetdir = "/home/vagrant/remote",
rsync = {
rsh = "/usr/bin/ssh -l vagrant -i /home/vagrant/.ssh/id_rsa -o StrictHostKeyChecking=no"
}
}