[root@K8S-PROD-LB1 ~]# yum install -y inotify-tools
inotify-tools服务部署后系统上有2个工具:
inotifywait
在被监控的文件或目录上等待特定文件系统事件(open close delete等)发生,执行后处于阻塞状态,适合在Shell脚本中使用。
inotifywatch
收集被监控的文件系统使用的统计数据,指文件系统事件发生的次数统计。
说明:在实时同步的时候,主要是利用inotifywait对目录进行监控
调整inotify参数
/proc/sys/fs/inotify/max_user_watches
默认值:8192,设置inotifywait或inotifywatch命令可以监视的文件数量(单进程)。
/proc/sys/fs/inotify/max_queued_events
默认值:16384,设置inotify实例事件(event)队列可容纳的事件数量。
/proc/sys/fs/inotify/max_user_instances
默认值:128,设置每个用户可以运行的inotifywait或inotifywatch命令的进程数。
部署rsync服务:服务端部署
以K8S-PROD-LB1作为服务端,K8S-PROD-LB2作为客户端;即将K8S-PROD-LB2上的数据单向同步到K8S-PROD-LB1上。
部署rsync
[root@K8S-PROD-LB1 ~]# yum install -y rsync
配置rsync
[root@K8S-PROD-LB1 ~]# vi /etc/rsyncd.conf
...
uid = root
gid = root
use chroot = yes
read only = no
write only = no
pid file = /var/run/rsyncd.pid
hosts allow = 192.168.122.0/24
hosts deny = *
log format = %t %a %m %f %b
log file = /var/log/rsyncd.log
transfer logging = yes
timeout = 900
max connections = 3
[data]
comment = "CI data rsync dir"
path = /data/cicd/
list = no
auth users = root
secrets file = /etc/rsyncd.secrets
ignore errors
创建备份目录
[root@K8S-PROD-LB1 ~]# mkdir -p /data/cicd
创建认证文件
[root@K8S-PROD-LB1 ~]# echo "root:xxxxxx" >> /etc/rsyncd.secrets
[root@K8S-PROD-LB1 ~]# chmod 600 /etc/rsyncd.secrets
启动rsync daemon
[root@K8S-PROD-LB1 ~]# systemctl start rsyncd && systemctl enable rsyncd && systemctl status rsyncd
部署rsync服务:客户端部署
部署rsync
[root@K8S-PROD-LB2 ~]# yum install -y rsync
创建认证文件
[root@K8S-PROD-LB2 ~]# echo "xxxxxx" >> /etc/rsyncd.passwd
[root@K8S-PROD-LB2 ~]# chmod 600 /etc/rsyncd.passwd
同步测试
Rsyncs客户端节点进行测试。
inotify测试
[root@K8S-PROD-LB2 workspace]# inotifywait -mrq --timefmt "%F %H:%M" --format "%Xe %w%f" -e create,modify,delete,attrib,move,close_write /data/cicd/
此命令用来监控/data/cicd/目录下的所有文件的变更事件,-mrq是让命令始终保持监听状态,并且递归的监控目录树的变化,然后只打印事件信息出来。‘%Xe %w%f‘是格式化输出,-e参数指定监听哪些事件,默认是监听所有事件,具体帮助信息可通过inotifywait --help查看。
inotify + rsync测试
[root@K8S-PROD-LB2 ~]# tree /data/cicd/
/data/cicd/
├── gerrit
│ └── READEM.md
└── test.md
[root@K8S-PROD-LB2 ~]# rsync -avzP --delete --password-file=/etc/rsyncd.passwd /data/cicd/ root@192.168.122.31::data
sending incremental file list
./
test.md
5 100% 0.00kB/s 0:00:00 (xfr#1, to-chk=2/4)
gerrit/
gerrit/READEM.md
11 100% 5.37kB/s 0:00:00 (xfr#2, to-chk=0/4)
sent 249 bytes received 77 bytes 652.00 bytes/sec
total size is 16 speedup is 0.05
[root@K8S-PROD-LB1 ~]# tail -f /var/log/rsyncd.log
2020/10/14 15:39:37 [30774] params.c:Parameter() - Ignoring badly formed line in config file: ignore errors
2020/10/14 15:39:37 [30774] connect from K8S-PROD-LB2 (192.168.122.32)
2020/10/14 07:39:37 [30774] rsync to data/ from root@K8S-PROD-LB2 (192.168.122.32)
2020/10/14 07:39:37 [30774] receiving file list
2020/10/14 07:39:37 [30774] ./
2020/10/14 07:39:37 [30774] gerrit/
2020/10/14 07:39:37 [30774] 2020/10/14 07:39:37 192.168.122.32 data test.md 42
2020/10/14 07:39:37 [30774] 2020/10/14 07:39:37 192.168.122.32 data gerrit/READEM.md 48
2020/10/14 07:39:37 [30774] sent 82 bytes received 265 bytes total size 16
[root@K8S-PROD-LB1 ~]# tree /data/cicd/
/data/cicd/
├── gerrit
│ └── READEM.md
└── test.md
1 directory, 2 files
排除不需要同步的文件或目录
默认rsync会同步src目录下的所有文件到备份服务器,如果需要排除某些文件或目录不做同步,可使用--exclude或--exclude-from选项。
下面展示--exclude-from选项,排除源目录/data/cicd/下的指定文件或目录:
[root@K8S-PROD-LB2 cicd]# vi exclude-list.txt
gerrit/review_site/etc/gerrit.config
gerrit/review_site/etc/secure.config
gerrit/review_site/logs/
gerrit/review_site/tmp/
[root@K8S-PROD-LB2 cicd]# rsync -avzP --delete --exclude-from=‘/data/cicd/exclude-list.txt‘ --password-file=/etc/rsyncd.passwd /data/cicd/ root@192.168.122.31::data
inotify + rsync集成脚本
编写脚本:基于免密同步
前提条件是rsync客户端节点和服务器端(备份服务器)已经做了SSH免密。
[root@K8S-PROD-LB2 ~]# cd /data/cicd
[root@K8S-PROD-LB2 cicd]# vi inotify-rsync.sh
#!/bin/bash
src=/data/cicd/ # 需要同步的源路径(本服务器上)
des=/data/cicd/ # 备份服务器上的备份路径
DEST_IP=192.168.122.31 # 备份服务器IP
user=root # rsync --daemon定义的验证用户名称
/usr/bin/inotifywait -mrq --timefmt "%F %H:%M" --format "%Xe %w%f" \
-e create,modify,delete,attrib,close_write,move ${src} | while read line
do
INO_FILE=$(echo ${line} | awk ‘{print $2}‘)
echo "------------$(date)------------"
echo ${line}
rsync -avzP --delete --exclude-from=‘/data/cicd/exclude-list.txt‘ ${src} ${user}@${DEST_IP}:${des}
echo "${INO_FILE} was rsynced"
echodone
优化脚本:基于密码认证同步
[root@K8S-PROD-LB2 cicd]# vi inotify-rsync.sh
#!/bin/bash
src=/data/cicd/ # 需要同步的源路径(本服务器上)
des=data # 备份服务器上rsync --daemon配置发布的名称
DEST_IP=192.168.122.31 # 备份服务器IP
user=root # rsync --daemon定义的验证用户名称
rsync_passwd_file=/etc/rsyncd.passwd # rsync验证的密码文件
/usr/bin/inotifywait -mrq --timefmt "%F %H:%M" --format "%Xe %w%f" \
-e create,modify,delete,attrib,close_write,move ${src} | while read line
do
INO_FILE=$(echo ${line} | awk ‘{print $2}‘)
echo "------------$(date)------------"
echo ${line}
rsync -avzP --delete --exclude-from=‘/data/cicd/exclude-list.txt‘ --password-file=${rsync_passwd_file} ${src} ${user}@${DEST_IP}::${des}
echo "${INO_FILE} was rsynced"
echodone
优化脚本:按照触发事件同步
[root@K8S-PROD-LB2 cicd]# vi inotify-rsync.sh
#!/bin/bash
src=/data/cicd/ # 需要同步的源路径(本服务器上)
des=data # 备份服务器上rsync --daemon配置发布的名称
DEST_IP=192.168.122.31 # 备份服务器IP
user=root # rsync --daemon定义的验证用户名称
rsync_passwd_file=/etc/rsyncd.passwd # rsync验证的密码文件
/usr/bin/inotifywait -mrq --timefmt "%F %H:%M" --format "%Xe %w%f" \
-e create,modify,delete,attrib,move,close_write ${src} | while read line
do
INO_EVENT=$(echo ${line} | awk ‘{print $1}‘)
INO_FILE=$(echo ${line} | awk ‘{print $2}‘)
echo "------------$(date)------------"
echo ${line}
if [[ $INO_EVENT =~ ‘CREATE‘ ]] || [[ $INO_EVENT =~ ‘MODIFY‘ ]] || [[ $INO_EVENT =~ ‘CLOSE_WRITE‘ ]] || [[ $INO_EVENT =~ ‘MOVED_TO‘ ]]
then
echo ‘CREATE or MODIFY or CLOSE_WRITE or MOVED_TO‘
rsync -avzP --delete --exclude-from=‘/data/cicd/exclude-list.txt‘ --password-file=${rsync_passwd_file} ${src} ${user}@${DEST_IP}::${des}
echo
fi
if [[ $INO_EVENT =~ ‘DELETE‘ ]] || [[ $INO_EVENT =~ ‘MOVED_FROM‘ ]]
then
echo ‘DELETE or MOVED_FROM‘
rsync -avzP --delete --exclude-from=‘/data/cicd/exclude-list.txt‘ --password-file=${rsync_passwd_file} ${src} ${user}@${DEST_IP}::${des}
echo
fi
if [[ $INO_EVENT =~ ‘ATTRIB‘ ]]
then
echo ‘ATTRIB‘
if [ ! -d "$INO_FILE" ]
then
rsync -avzP --delete --exclude-from=‘/data/cicd/exclude-list.txt‘ --password-file=${rsync_passwd_file} ${src} ${user}@${DEST_IP}::${des}
echo
fi
fidone
后台运行脚本
方法1:&方式
[root@K8S-PROD-LB2 cicd]# sh inotify-rsync.sh &
[root@K8S-PROD-LB2 cicd]# nohup sh inotify-rsync.sh &
[root@K8S-PROD-LB2 cicd]# jobs
[1]+ Running sh inotify-rsync.sh &
[root@K8S-PROD-LB2 cicd]# fg 1
sh inotify-rsync.sh
[root@K8S-PROD-LB2 cicd]# bg
[root@K8S-PROD-LB2 cicd]# kill -9 $(ps -ef | grep rsync | grep -v grep | awk ‘{print $2}‘)
方法2:screen方式
[root@K8S-PROD-LB2 cicd]# yum install -y screen
[root@K8S-PROD-LB2 cicd]# screen -S rsync
[root@K8S-PROD-LB2 cicd]# sh inotify-rsync.sh &
[1] 8860
[root@K8S-PROD-LB2 cicd]# screen -ad
[root@K8S-PROD-LB2 cicd]# screen -r rsync
开机自动运行脚本
[root@K8S-PROD-LB2 ~]# vi /usr/lib/systemd/system/inotify-rsync.service
[Unit]
Description=inoitify integrates with rsync Service
After=network.target
[Service]
ExecStart=/usr/bin/sh /data/cicd/inotify-rsync.sh
[Install]
WantedBy=multi-user.target
[root@K8S-PROD-LB2 ~]# chmod 775 /data/cicd/inotify-rsync.sh
[root@K8S-PROD-LB2 ~]# systemctl enable inotify-rsync.service
单向同步: cron + rsync方案
定期同步
[root@K8S-PROD-LB2 ~]# crontab -e
00 01 * /bin/bash /root/cron-rsync.sh &> /dev/null
[root@K8S-PROD-LB2 ~]# crontab -l
00 01 * /bin/bash /root/cron-rsync.sh &> /dev/null
定期清理
客户端服务器本地保留最近7天的数据, 避免浪费磁盘空间:
[root@K8S-PROD-LB2 ~]# find /backup/ -type d -mtime +7 | xargs rm -rf
[root@K8S-PROD-LB1 ~]# find /backup/ -type d -mtime +7 | xargs rm -rf
服务端仅保留6个月的备份数据,其余的全部删除:
[root@K8S-PROD-LB1 ~]# find /backup/ -type d -mtime +180 |xargs rm -rf
原文:https://blog.51cto.com/15127525/2658778