背景:
NodeA:
ip:10.0.0.1
CentOS Linux release 7.6.1810 (Core)
NodeB:
ip:10.0.0.2
CentOS Linux release 7.6.1810 (Core)
两台Nginx 配置文件目录:
/etc/nginx/conf
/etc/nginx/cert
需求:
NodeA的配置发生变更实时写入至NodeB
0x00 前期准备
- 配置公网 yum 源
配置阿里云服务器的 yum 源本次部署使用,部署服务器为 Centos 7.6,所以使用如下 yum 源。
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum makecache
0x01 安装及配置 rsync
1x00 NodeA 安装及配置:
- Yum 安装rsync
yum install rsync -y
- 检查安装结果
rpm -qa | grep rsync
- 客户端密码配置文件
vim /etc/rsync.pass
---
P@ssw0rd
- 修改密码文件权限
chmod 600 /etc/rsync.pass
- 设置开机自启动
systemctl enable rsyncd
systemctl start rsyncd
1x01 NodeB 安装及配置:
- Yum 安装rsync
yum install rsync -y
- 检查安装结果
rpm -qa | grep rsync
- 配置rsync.conf
cat /etc/rsyncd.conf
---
uid = root
gid = root
use chroot = no
max connetctions = 200
timeout = 100
pid file = /var/run/rsyncd.pid
lock file = /var/run/rsync.lock
log file = /var/log/rsyncd.log
motd file = /var/rsyncd/rsync.motd
[nginx]
path = /etc/nginx/conf.d
ignore errors
read only = false
list = false
hosts allow = 10.0.0.1
hosts deny = 0.0.0.0/0
auth users = rsync
secrets file = /etc/rsync.auth
[cert]
path = /etc/nginx/cert
ignore errors
read only = false
list = false
hosts allow = 10.0.0.1
hosts deny = 0.0.0.0/0
auth users = rsync
secrets file = /etc/rsync.auth
- 配置认证文件
vim /etc/rsync.auth
---
rsync:P@ssw0rd
- 配置认证文件权限
chmod 600 /etc/rsync.auth
- 设置开机自启
systemctl enable rsyncd
systemctl start rsyncd
- 防火墙放行rsync 端口
firewall-cmd --zone=public --add-port=873/tcp --permanent
firewall-cmd --reload
1x03 测试:
- NodeA同步NodeB文件到本地
/usr/bin/rsync -avh --port 873 --progress --delete --password-file=/etc/rsync.pass rsync@10.0.0.2::nginx /etc/nginx/conf.d/
- NodeA推送本地文件到NodeB
/usr/bin/rsync -avh --port 873 --progress --delete --password-file=/etc/rsync.pass /etc/nginx/conf.d/ rsync@10.0.0.2::nginx
0x02 安装 inotify-tools
仅需在NodeA 节点安装
2x00 安装及配置:
- yum 安装 inotify
yum install epel-release -y
yum install inotify-tools -y
- 检查安装结果
rpm -qa | grep inotify
- 创建同步脚本
mkdir -p /usr/local/src/rsync
touch /usr/local/src/rsync/rsync_conf.sh
touch /usr/local/src/rsync/rsync_cert.sh
- 设置脚本执行权限
chmod 755 /usr/local/src/rsync/rsync_conf.sh
chmod 755 /usr/local/src/rsync/rsync_cert.sh
- 编辑
conf
目录同步脚本
vim /usr/local/src/rsync/rsync_conf.sh
---
#!/bin/bash
/usr/bin/inotifywait -mrq --timefmt '%d/%m/%y %H:%M' --format '%T %f%e' -e modify,delete,create,attrib /etc/nginx/conf.d/ | while read files
do
/usr/bin/rsync -avh --progress --delete --password-file=/etc/rsync.pass /etc/nginx/conf.d/ rsync@10.0.0.2::nginx
echo "${files} was rsynced" >>/tmp/rsync.log 2>&1
done
- 编辑
cert
目录同步脚本
vim /usr/local/src/rsync/rsync_cert.sh
---
#!/bin/bash
/usr/bin/inotifywait -mrq --timefmt '%d/%m/%y %H:%M' --format '%T %f%e' -e modify,delete,create,attrib /etc/nginx/cert/ | while read files
do
/usr/bin/rsync -avh --progress --delete --password-file=/etc/rsync.pass /etc/nginx/cert/ rsync@10.0.0.2::cert
echo "${files} was rsynced" >>/tmp/rsync.log 2>&1
done
2x01 配置进程守护
- yum 安装
yum -y install supervisor
- 初始化配置
echo_supervisord_conf > /etc/supervisord.conf
- 修改配置文件路径
echo "[include]" >> /etc/supervisord.conf
echo "files = /etc/supervisord.d/*.conf" >> /etc/supervisord.conf
- 创建配置文件
mkdir -p /etc/supervisord.d/
touch /etc/supervisord.d/rsync.conf
- 编写项目配置文件
vim /etc/supervisord.d/rsync.conf
---
[program:rsync_conf]
command=/bin/bash /usr/local/src/rsync/rsync_conf.sh ; supervisor启动命令
directory=/root/ ; 项目的文件夹路径
startsecs=10 ; 启动时间
stopwaitsecs=60 ; 终止等待时间
autostart=true ; 是否自动启动
autorestart=true ; 是否自动重启
stdout_logfile=/etc/supervisord.d/log.log ; log 日志
stderr_logfile=/etc/supervisord.d/log.err ; 错误日志
[program:rsync_cert]
command=/bin/bash /usr/local/src/rsync/rsync_cert.sh ; supervisor启动命令
directory=/root/ ; 项目的文件夹路径
startsecs=10 ; 启动时间
stopwaitsecs=60 ; 终止等待时间
autostart=true ; 是否自动启动
autorestart=true ; 是否自动重启
stdout_logfile=/etc/supervisord.d/log.log ; log 日志
stderr_logfile=/etc/supervisord.d/log.err ; 错误日志
- 其他常用命令
systemctl enable supervisord.service
systemctl start supervisord.service
supervisord -c /etc/supervisord.conf
supervisorctl reload
supervisorctl uoload
supervisorctl start all
supervisorctl status
0x03 参考文献
https://blog.51cto.com/ljohn/2047156
https://blog.csdn.net/xjjj064/article/details/120156672
https://blog.csdn.net/yhbywcz/article/details/108170754
https://blog.csdn.net/liuwkk/article/details/109144703
https://blog.csdn.net/yfanjy/article/details/105975723
文档信息
- 本文作者:Minggle
- 本文链接:https://mingsec.com/2022/05/10/rsync-inotify-nginx/
- 版权声明:自由转载-非商用-非衍生-保持署名(创意共享3.0许可证)