[DRBD-user] Using symlinks to mirror data of system directories...

Holger Wöhle hwoehle at arcor.de
Mon Sep 26 15:52:33 CEST 2005

Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.

> Hi Holger,
> Yes I am interested you post the rsync script you used to me 
> and also to the list !
> Thanks by advance,
> Fabrice

hi,
before i provide the scripts let me describe my cluster setup and why i
mirror things in different ways.
The cluster consists of two nodes (just imagine!) poseidon (SuSE 9.2) and
zeus (SuSE 9.3).
Some internales: P4 2GHZ,1GByte Ram, 20GByte hda and 90GByte hdb, eepro100
for lan and eepro1000 for replication.

They are located in a 192.168.1.0/24 network with the addresses
192.168.1.101 (poseidon)
and 192.168.1.102 (zeus). The virtual address (the address serving it all)
is 192.168.1.100 (exchange).

They are working as a Windows PDC with Samba 3.0.20 and as an "Exchange"
server with the "Bynari Insightserver"
http://www.bynari.com .
They also host the DNS running with dnsmasq
http://freshmeat.net/projects/dnsmasq/
Why i use dnsmasq in favour over bind is a little off-topic. Do not hesitate
do pm me for questions about dnsmasq.

The systems are setted up very basic:
/dev/hda1 swap 1024 Mbyte
/dev/hda2 / reiserf 16GByte
/dev/drbd0 /replic reiserfs 90 Gbyte (this is the whole hdb disk)

It is a minimal SuSE installation only with some additions like
dnsmasq,rsync and gcc,make a.s.o. for compiling the drbd.rpm 0.7.13 (I do
not use the 0.8 drbd provided with SuSE 9.3!!!).

So, now what to replicate ?
Authorisation is made with /etc/passwd, /etc/group and /etc/shadow in
conjunction with tdbsam backend for Samba, 
so one need to sync at least those files. Why the *.tbd files of samba
changes very frequently i softlinked them 
ln -sf /var/lib/samba /replic/samba/var/lib/samba , 
so they get mirrored through drbd together with the Windows shares
/replic/shares and the home directories /replic/home . 
The other files changing less often where synced through rsync over ssh . 
The direction is always passiv retrieves from active. 
In addition to the above files i sync /etc/hosts /etc/resolv.conf
/etc/dnsmasq.conf 
/etc/ha.d /etc/drbd.conf /etc/cron.* through rsync, too .

Why not simply sync whole /etc tree ? 
Under /etc/sysconfig you have files that of course differ between the two
nodes.
So you can't sync all files, but you are right when you say, 
that there are much more equal files which can be added to the list. 
But in my opinion it is much wiser to only mirror files tending to change
and leave the static ones untouched!

So we come to my "sync paradima" : 
Files rapidly changing where replicated through drbd, 
files less often changing where rsynced and 
files which only get touched at installation time i left alone.

This means you need to install and update and configure *.rpm twice: 
onces on every node.

..and how do we replicate ?
through drbd this is simple ;-) ...and with rsync ?
I use rsync over ssh, so we need accounts on every machine 
which are allowed to overwrite, create and delete files with root rights on
the nodes. 
In fact we create a root-key on every machine "without" passphrase, and
exchange the public part with the other node. 
Now we give that key the right on the other node to "do the replication" . 
For minimal security i use a wrapper script, which should ensure, 
that the keys are only used for rsync. 
The rsync script is then run by a cronjob every minute and terminates, 
if it recognises, that it is running on the master node. 

crontab -l
* * * * * if [ ! -f "/replic/insight/var/started" ]; then
/root/bin/zeus-rsync.sh 2>&1 ; fi

The mechanismen is quite simple but it works: In haresources i inserted a
startscript which touches 
/replic/var/startup and in the case of a shutdown it deletes that file. On
account only the master node
has mounted the /replic filesystem that file can only be accessed on that
machine.

This is the script running on node "zeus". At the moment the scripts differ
a little on both nodes, 
leaving something left to do ;-) :

#!/bin/sh
# begin zeus-rsync.sh
KEY=/root/.ssh/zeus-rsync-key
RUSER=root
RHOST=poseidon
RFILES='/etc/passwd /etc/group /etc/shadow /etc/hosts /etc/resolv.conf
/etc/dnsmasq.conf
/etc/ha.d /etc/drbd.conf /etc/samba /etc/cron.*'
LPATH=/etc
/usr/bin/rsync -cbav -e "/usr/bin/ssh -i $KEY" $RUSER@$RHOST:"$RFILES"
$LPATH ;
# end zeus-rsync.sh

The differences are in the KEY and the RHOST param.

This is how the public keys look like (a little bit cut out):

from="poseidon.schimmel-gmbh.net",command="/root/bin/rsync-wrapper" ssh-dss
AAAAB3NzaC1kc3MAAAEBAK49BE2vUYub1vupRC23kpQFFizQB2YT/ReFACTVt5JsbagSZeYvP1/N
PWgf6i4oj0O/C3YzzIccfhumRyVqf/ju1uLane0a2DK6TC+yVmhOA8oWGsyRwW/XeuKUGw+Kh54w
YH8pzBr3v2dNg8dRE/Z5g98su3f38S1SG/CHrhFX0qGoeWBHj75pO3FmQBDnCxT2tgsNkQt/AlCz
G1y8J98bvy68oGZKmVZaMvx8kbPMW2+DoHh8lofa4zXL/JjiKiomYeoXhPVi6ZgwCxVN4+V3Avfc
VmTqxIbJ4xpfC8XtTSczzWw== root at poseidon

and the wrapper-script:

#!/bin/sh
# begin rsync-wrapper

case "$SSH_ORIGINAL_COMMAND" in
        rsync\ --server*)
                $SSH_ORIGINAL_COMMAND
                ;;
        *)
                echo "Rejected"
                ;;
esac
# end rsync-wrapper

these are my two cents about replicating with rsync.
Comments are highly expected.

cu
Holgi

More information about the drbd-user mailing list