Note: "permalinks" may not be as permanent as we would like,
direct links of old sources may well be a few messages off.
> Hi Holger, > Yes I am interested you post the rsync script you used to me > and also to the list ! > Thanks by advance, > Fabrice hi, before i provide the scripts let me describe my cluster setup and why i mirror things in different ways. The cluster consists of two nodes (just imagine!) poseidon (SuSE 9.2) and zeus (SuSE 9.3). Some internales: P4 2GHZ,1GByte Ram, 20GByte hda and 90GByte hdb, eepro100 for lan and eepro1000 for replication. They are located in a 192.168.1.0/24 network with the addresses 192.168.1.101 (poseidon) and 192.168.1.102 (zeus). The virtual address (the address serving it all) is 192.168.1.100 (exchange). They are working as a Windows PDC with Samba 3.0.20 and as an "Exchange" server with the "Bynari Insightserver" http://www.bynari.com . They also host the DNS running with dnsmasq http://freshmeat.net/projects/dnsmasq/ Why i use dnsmasq in favour over bind is a little off-topic. Do not hesitate do pm me for questions about dnsmasq. The systems are setted up very basic: /dev/hda1 swap 1024 Mbyte /dev/hda2 / reiserf 16GByte /dev/drbd0 /replic reiserfs 90 Gbyte (this is the whole hdb disk) It is a minimal SuSE installation only with some additions like dnsmasq,rsync and gcc,make a.s.o. for compiling the drbd.rpm 0.7.13 (I do not use the 0.8 drbd provided with SuSE 9.3!!!). So, now what to replicate ? Authorisation is made with /etc/passwd, /etc/group and /etc/shadow in conjunction with tdbsam backend for Samba, so one need to sync at least those files. Why the *.tbd files of samba changes very frequently i softlinked them ln -sf /var/lib/samba /replic/samba/var/lib/samba , so they get mirrored through drbd together with the Windows shares /replic/shares and the home directories /replic/home . The other files changing less often where synced through rsync over ssh . The direction is always passiv retrieves from active. In addition to the above files i sync /etc/hosts /etc/resolv.conf /etc/dnsmasq.conf /etc/ha.d /etc/drbd.conf /etc/cron.* through rsync, too . Why not simply sync whole /etc tree ? Under /etc/sysconfig you have files that of course differ between the two nodes. So you can't sync all files, but you are right when you say, that there are much more equal files which can be added to the list. But in my opinion it is much wiser to only mirror files tending to change and leave the static ones untouched! So we come to my "sync paradima" : Files rapidly changing where replicated through drbd, files less often changing where rsynced and files which only get touched at installation time i left alone. This means you need to install and update and configure *.rpm twice: onces on every node. ..and how do we replicate ? through drbd this is simple ;-) ...and with rsync ? I use rsync over ssh, so we need accounts on every machine which are allowed to overwrite, create and delete files with root rights on the nodes. In fact we create a root-key on every machine "without" passphrase, and exchange the public part with the other node. Now we give that key the right on the other node to "do the replication" . For minimal security i use a wrapper script, which should ensure, that the keys are only used for rsync. The rsync script is then run by a cronjob every minute and terminates, if it recognises, that it is running on the master node. crontab -l * * * * * if [ ! -f "/replic/insight/var/started" ]; then /root/bin/zeus-rsync.sh 2>&1 ; fi The mechanismen is quite simple but it works: In haresources i inserted a startscript which touches /replic/var/startup and in the case of a shutdown it deletes that file. On account only the master node has mounted the /replic filesystem that file can only be accessed on that machine. This is the script running on node "zeus". At the moment the scripts differ a little on both nodes, leaving something left to do ;-) : #!/bin/sh # begin zeus-rsync.sh KEY=/root/.ssh/zeus-rsync-key RUSER=root RHOST=poseidon RFILES='/etc/passwd /etc/group /etc/shadow /etc/hosts /etc/resolv.conf /etc/dnsmasq.conf /etc/ha.d /etc/drbd.conf /etc/samba /etc/cron.*' LPATH=/etc /usr/bin/rsync -cbav -e "/usr/bin/ssh -i $KEY" $RUSER@$RHOST:"$RFILES" $LPATH ; # end zeus-rsync.sh The differences are in the KEY and the RHOST param. This is how the public keys look like (a little bit cut out): from="poseidon.schimmel-gmbh.net",command="/root/bin/rsync-wrapper" ssh-dss AAAAB3NzaC1kc3MAAAEBAK49BE2vUYub1vupRC23kpQFFizQB2YT/ReFACTVt5JsbagSZeYvP1/N PWgf6i4oj0O/C3YzzIccfhumRyVqf/ju1uLane0a2DK6TC+yVmhOA8oWGsyRwW/XeuKUGw+Kh54w YH8pzBr3v2dNg8dRE/Z5g98su3f38S1SG/CHrhFX0qGoeWBHj75pO3FmQBDnCxT2tgsNkQt/AlCz G1y8J98bvy68oGZKmVZaMvx8kbPMW2+DoHh8lofa4zXL/JjiKiomYeoXhPVi6ZgwCxVN4+V3Avfc VmTqxIbJ4xpfC8XtTSczzWw== root at poseidon and the wrapper-script: #!/bin/sh # begin rsync-wrapper case "$SSH_ORIGINAL_COMMAND" in rsync\ --server*) $SSH_ORIGINAL_COMMAND ;; *) echo "Rejected" ;; esac # end rsync-wrapper these are my two cents about replicating with rsync. Comments are highly expected. cu Holgi