Mirror Your Web Site With rsync On Fedora 10 - Page 2

5 Configure server1.example.com

Now log in through SSH on server1.example.com as someuser (not root!)...

server1:

su someuser

... and do this:

server1:

(Please do this as someuser!)

mkdir ~/.ssh
chmod 700 ~/.ssh
mv ~/mirror-rsync-key.pub ~/.ssh/
cd ~/.ssh
touch authorized_keys
chmod 600 authorized_keys
cat mirror-rsync-key.pub >> authorized_keys

By doing this, we have appended the contents of mirror-rsync-key.pub to the file /home/someuser/.ssh/authorized_keys. /home/someuser/.ssh/authorized_keys should look similar to this:

server1:

(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys

ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected]

Now we want to allow connections only from server2.example.com, and the connecting user should be allowed to use only rsync, so we add

command="/home/someuser/rsync/checkrsync",from="server2.example.com",no-port-forwarding,no-X11-forwarding,no-pty

right at the beginning of /home/someuser/.ssh/authorized_keys:

server1:

(Still as someuser!)

vi /home/someuser/.ssh/authorized_keys

command="/home/someuser/rsync/checkrsync",from="server2.example.com",no-port-forwarding,no-X11-forwarding,no-pty ssh-dss AAAAB3NzaC1[...]qqOyXtbUx7HOMEw== [email protected]

It is important that you use a FQDN like server2.example.com instead of an IP address after from=, otherwise the automated mirroring will not work!

Now we create the script /home/someuser/rsync/checkrsync that rejects all commands except rsync.

server1:

(We still do this as someuser!)

mkdir ~/rsync
vi ~/rsync/checkrsync

#!/bin/sh

case "$SSH_ORIGINAL_COMMAND" in
        *\&*)
                echo "Rejected"
                ;;
        *\(*)
                echo "Rejected"
                ;;
        *\{*)
                echo "Rejected"
                ;;
        *\;*)
                echo "Rejected"
                ;;
        *\<*)
                echo "Rejected"
                ;;
        *\`*)
                echo "Rejected"
                ;;
        rsync\ --server*)
                $SSH_ORIGINAL_COMMAND
                ;;
        *)
                echo "Rejected"
                ;;
esac

chmod 700 ~/rsync/checkrsync

 

6 Test rsync On server2.example.com

Now we must test on server2.example.com if we can mirror server1.example.com without being prompted for someuser's password. We do this:

server2:

(We do this as root!)

rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/

(The --delete option means that files that have been deleted on server1.example.com should also be deleted on server2.example.com. The --exclude option means that these files/directories should not be mirrored; e.g. --exclude=**/error means "do not mirror /var/www/html/error". You can use multiple --exclude options. I have listed these options as examples; you can adjust the command to your needs. Have a look at

man rsync

for more information.)

You should now see that the mirroring takes place...

[root@server2 ~]# rsync -avz --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/
receiving incremental file list

sent 62 bytes received 48 bytes 73.33 bytes/sec
total size is 20 speedup is 0.18
[root@server2 ~]#

... without being prompted for a password! This is what we wanted.

 

7 Create A Cron Job

We want to automate the mirroring, that is why we create a cron job for it on server2.example.com. Run crontab -e as root:

server2:

(We do this as root!)

crontab -e

and create a cron job like this:

*/5 * * * * /usr/bin/rsync -azq --delete --exclude=**/stats --exclude=**/error --exclude=**/files/pictures -e "ssh -i /root/rsync/mirror-rsync-key" [email protected]:/var/www/html/ /var/www/html/

This would run rsync every 5 minutes; adjust it to your needs (see

man 5 crontab

). I use the full path to rsync here (/usr/bin/rsync) just to go sure that cron knows where to find rsync. Your rsync location might differ. Run

server2:

(We do this as root!)

which rsync

to find out where yours is.

 

Share this page:

3 Comment(s)

Add comment

Comments

From: Nelson

Hi,

 know that this is not the place, where a person should ask for help, but I found something that probably a few others may find too, and it would be a shame if for a small thing this how-to could not produce the desired results.

Anyway, I found that (in my case) the authorized_keys file does not work as it should. After some trial and error, I discovered that using the parameter ' from="server2.example.com" ' result in the rsync command from server1 asking for the password for 'someuser'. If we take this parameter from the authorized_keys file, the rsync command works like a charm.

 I feel that this may lead to an unsecure system, since it may allow a rsync command from any other host, but since i am not sure, this would be a doubt i have.

 Thanks in advance, Nelson Ribeiro.

From: joseph

I found out after several hours of redoing these steps that if you are ssh-ing into any of the computers, ie server1 or server2, you need to ssh into the fqdn to do the key generator and rsync-ing.  Other wise the keys will not match and you will need to put in the someuser's password.

 fyi:

Fedora13, clean install on 6 machines

with: http://www.howtoforge.com/mysql_database_replication

and: http://www.howtoforge.com/high-availability-load-balancer-haproxy-heartbeat-fedora8, but changed to keepalived instead of heartbeat.

From: Senthil

Hi,

 Its work fine...But its asking password when ever connect to master.Also crontab can't be work by this reason.

 Please  any one help me.

 Thanks