Help us understand the problem. What is going on with this article?

[AWS] lsyncd+rsyncでの複数サーバ同期の設定 (リアルタイムミラーリング)

More than 1 year has passed since last update.

AWSに以下の環境を構築するまでの流れを実施したので、備忘録として残しておこうと思います。

前提・開発環境

・AmazonLinux
・Apache2.2
・PHP7
EC2の設定は下記です。
[AWS] EC2+RDS開発環境設定 Apache2.2+PHP7+MySQL+WordPress+phpMyAdmin

実施事項

lsyncd+rsyncでの複数サーバ同期の設定
ミラーリング対象のディレクトリは、/var/www/html以下のディレクトリ・ファイル
イメージ

master(ミラー元) EC2のIPアドレス → XXX:XXX:XXX:XXX
slave(ミラー先)EC2のIPアドレス → YYY:YYY:YYY:YYY

スクリーンショット 2017-03-01 16.05.57.png

設定

最初にmaster側の設定

master
[ec2-user@ip-10-0-1-187 ~]$ sudo yum -y install lsyncd
[ec2-user@ip-10-0-1-187 ~]$ cd /etc
[ec2-user@ip-10-0-1-187 etc]$ sudo vi lsyncd.conf

lsyncd.confの編集/追加
=========================
settings{
    logfile = "/var/log/lsyncd.log",
    statusFile = "/tmp/lsyncd.stat",
    statusInterval = 1,
}
sync{
    default.rsync,
    source="/var/www/html/",
    target="YYY.YYY.YYY.YYY::qiita",
    rsync = {
        archive = true,
        links = true,
        update = true,
        verbose = false
    }
}
=========================
[ec2-user@ip-10-0-1-187 etc]$ sudo chkconfig lsyncd on
[ec2-user@ip-10-0-1-187 etc]$ sudo /etc/rc.d/init.d/lsyncd start
Starting lsyncd:                                           [  OK  ]

別シェルを立ち上げて下記のtailコマンドでログを拾っておくとエラーの状況が把握しやすいです。

master_log
[ec2-user@ip-10-0-1-187 ~]$ tail -f /var/log/lsyncd.log
Wed Mar  1 07:27:58 2017 Error: Temporary or permanent failure on startup of "/var/www/html/". Terminating since "insist" is not set.
・・・・・

次にslave側の設定

slave
[ec2-user@ip-10-0-2-165 ~]$ sudo yum -y install xinetd
[ec2-user@ip-10-0-2-165 ~]$ cd /etc/xinetd.d
[ec2-user@ip-10-0-2-165 xinetd.d]$ sudo vi rsync

rsyncの編集
=========================
# default: off
# description: The rsync server is a good addition to an ftp server, as it \
#       allows crc checksumming etc.
service rsync
{
        disable = no yesをnoに修正
        flags           = IPv6
        socket_type     = stream
        wait            = no
        user            = root
        server          = /usr/bin/rsync
        server_args     = --daemon
        log_on_failure  += USERID
}
=========================

[ec2-user@ip-10-0-2-165 xinetd.d]$ cd ..
[ec2-user@ip-10-0-2-165 etc]$ sudo touch rsyncd.conf
[ec2-user@ip-10-0-2-165 etc]$ sudo vi rsyncd.conf

rsyncd.confの編集追加
=========================
uid = root
gid = root
read only = no
log file = /home/slave/logs/rsyncd.log
pid file = /home/slave/logs/rsyncd.pid
port = 873

[qiita]
path = /var/www/html/
hosts allow = XXX.XXX.XXX.XXX
read only = false
=========================
[ec2-user@ip-10-0-2-165 etc]sudo chkconfig xinetd on
[ec2-user@ip-10-0-2-165 etc]$ cd
[ec2-user@ip-10-0-2-165 ~]$ sudo  service xinetd start
Starting xinetd:                                           [  OK  ]

lsyncd(master側)とrsync(slave側)の設定は以上です。

しかし、これだけではミラーリング出来ないので下記の2つの設定を実施します。
1. EC2(slave側)において、TCPのポート(873)の解放
2. サーバ間のSSH接続をするためのRSA認証

1.EC2(slave側)において、TCPのポート(873)の解放

EC2(slave側)のセキュリティグループのインバウンドルールを追加する。
スクリーンショット 2017-03-01 18.18.21.png

2.masterとslaveのサーバ間でRSA公開鍵認証

2-1 RSA鍵の生成
2-2 EC2(master)からEC2(slave)に生成された公開鍵を渡すための準備
   1) EC2(slave)のSSHポートを一旦全て解放 (上記1のTCPと同様の手順)※後ほど要閉鎖
   2) EC2(slave)のシークレットキーをEC2(master)の/.sshに一時保存※後ほど要削除
2-3 EC2(master)からEC2(slave)への公開鍵の送信
2-4 EC2(slave)の/.sshに公開鍵が渡されたか確認とEC2(slave)のxinetdを再起動
2-5 EC2(master)のlsyncdの再起動
2-6 EC2(master_log)の確認

2-1 RSA鍵の生成

master
[ec2-user@ip-10-0-1-187 etc]$ cd 
[ec2-user@ip-10-0-1-187 ~]$ ssh-keygen -t rsa -N ""
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): (そのままEnter)
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
12:34:56:78:90:ab:cd:ef:gh:ij:kl:mn:op:qr:st:uv root@ip-10-0-1-187
The keys randomart image is:
+--[ RSA 2048]----+
|          ... oo |
|          +. oo .|
|         . +E+.. |
|         イメージ|
+-----------------+
[ec2-user@ip-10-0-1-187 ~]$ cd .ssh
[ec2-user@ip-10-0-1-187 .ssh]$ ls -la
合計 24
drwx------ 2 ec2-user ec2-user 4096  3  1 08:21 .
drwx------ 3 ec2-user ec2-user 4096  2 27 08:21 ..
-rw------- 1 ec2-user ec2-user  774  3  1 01:59 authorized_keys
-rw------- 1 ec2-user ec2-user 1675  3  1 08:21 id_rsa #秘密鍵
-rw-r--r-- 1 ec2-user ec2-user  404  3  1 08:21 id_rsa.pub #公開鍵
[ec2-user@ip-10-0-1-187 .ssh]$ exit
ログアウト
Connection to XXX.XXX.XXX.XXX closed.

2-2 EC2(master)からEC2(slave)に生成された公開鍵を渡すための準備

master
Myname-no-MacBook-Pro:~myname$ scp -i .ssh/key_of_XXX.pem .ssh/key_of_YYY.pem ec2-user@XXX.XXX.XXX.XXX:~/.ssh 
key_of_YYY.pem                                                                                                                                                                        100% 1696     1.7KB/s   00:00    
Myname-no-MacBook-Pro:~ myname$ ssh -i ~/.ssh/key_of_XXX.pem ec2-user@XXX.XXX.XXX.XXX
Last login: Wed Mar  1 07:55:18 2017 from k99999.ppp.hogehoge-net.or.jp

       __|  __|_  )
       _|  (     /   Amazon Linux AMI
      ___|\___|___|

https://aws.amazon.com/amazon-linux-ami/2016.09-release-notes/
[ec2-user@ip-10-0-1-187 ~]$ cd .ssh
[ec2-user@ip-10-0-1-187 .ssh]$ ls -la
合計 24
drwx------ 2 ec2-user ec2-user 4096  3  1 08:21 .
drwx------ 3 ec2-user ec2-user 4096  2 27 08:21 ..
-rw------- 1 ec2-user ec2-user  774  3  1 01:59 authorized_keys
-rw------- 1 ec2-user ec2-user 1675  3  1 08:21 id_rsa
-rw-r--r-- 1 ec2-user ec2-user  404  3  1 08:21 id_rsa.pub
-r-------- 1 ec2-user ec2-user 1696  3  1 08:19 key_of_YYY.pem

2-3 EC2(master)からEC2(slave)への公開鍵の送信

[ec2-user@ip-10-0-1-187 ~]$ scp -i .ssh/key_of_YYY.pem .ssh/id_rsa.pub ec2-user@YYY.YYY.YYY.YYY:~/.ssh
The authenticity of host YYY.YYY.YYY.YYY(YYY.YYY.YYY.YYY) cant be established.
ECDSA key fingerprint is 12:34:56:78:90:ab:cd:ef:gh:ij:kl:mn:op:qr:st:uv.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'YYY.YYY.YYY.YYY' (ECDSA) to the list of known hosts.
id_rsa.pub                                                                                                                                                                       100%  404     0.4KB/s   00:00 
[ec2-user@ip-10-0-1-187 .ssh]$ sudo rm -r key_of_YYY.pem

2-4 EC2(slave)の/.sshに公開鍵が渡されたか確認とEC2(slave)のxinetdを再起動

slave
[ec2-user@ip-10-0-2-165 ~]$ cd .ssh
[ec2-user@ip-10-0-2-165 .ssh]$ ls -la
合計 16
drwx------ 2 ec2-user ec2-user 4096  3  1 08:28 .
drwx------ 3 ec2-user ec2-user 4096  2 27 08:21 ..
-rw------- 1 ec2-user ec2-user  774  3  1 02:04 authorized_keys
-rw-r--r-- 1 ec2-user ec2-user  404  3  1 08:28 id_rsa.pub #公開鍵
[ec2-user@ip-10-0-2-165 ~]$ sudo service xinetd restart
Stopping xinetd:                                           [  OK  ]
Starting xinetd:                                           [  OK  ]

2-5 EC2(master)のlsyncdの再起動

master
[ec2-user@ip-10-0-1-187 ~]$ sudo /etc/rc.d/init.d/lsyncd restart
lsyncd を停止中:                                           [  OK  ]
lsyncd を起動中:                                           [  OK  ]

2-6 EC2(master_log)の確認

master_log
Wed Mar  1 09:13:16 2017 Normal: --- TERM signal, fading ---
Wed Mar  1 09:13:16 2017 Normal: recursive startup rsync: /var/www/html/ -> YYY.YYY.YYY.YYY::qiita/
Wed Mar  1 09:13:17 2017 Normal: Startup of "/var/www/html/" finished.

Startup of "/var/www/html/" finishedとなれば成功
htmlディレクトリ内にファイルを作成/ファイルの変更で確認

logは以下のように推移(html内のhogeディレクトリを変更)

master_log
Wed Mar  1 09:04:37 2017 Normal: --- TERM signal, fading ---
Wed Mar  1 09:04:37 2017 Normal: recursive startup rsync: /var/www/html/ -> YYY.YYY.YYY.YYY::qiita/
Wed Mar  1 09:04:38 2017 Normal: Startup of "/var/www/html/" finished.
Wed Mar  1 09:05:07 2017 Normal: Calling rsync with filter-list of new/modified files/dirs
/hoge/assets/cache/pages/hoge/docid_1.pageCache.php
/hoge/assets/cache/pages/hoge/
/hoge/assets/cache/pages/
/hoge/assets/cache/
/hoge/assets/
/hoge/
/
/hoge/assets/cache/pages/hoge/***
/hoge/assets/cache/pages/***
/hoge/assets/cache/.tmp_2624_58b68eb4bacf0
/hoge/assets/cache/basicConfig.php
/hoge/assets/cache/.tmp_23766_58b68eb7697b0
Wed Mar  1 09:05:08 2017 Normal: Finished a list after exitcode: 0

以上です。

まだまだ、勉強不足です。
ご指摘があればコメントいただけますと幸いです。

また、今回はslaveサーバは1台でしたが、複数台同時に同期する場合は、masterのlsyncd.confを下記のように追加修正することで対応できるようです。

lsyncd.conf
settings{
    logfile = "/var/log/lsyncd.log",
    statusFile = "/tmp/lsyncd.stat",
    statusInterval = 1,
}
sync_base = {
    default.rsync,
    source="/var/www/html/",
    rsync = {
        archive = true,
        links = true,
        update = true,
        verbose = false
    }
}

sync {sync_base, target='target=YYY.YYY.YYY.YYY::qiita'}
sync {sync_base, target='target=ZZZ.ZZZ.ZZZ.ZZZ::qiita'}

大変参考にさせていただきました。
xinetdとは
lsyncd + rsyncdでリアルタイム同期する CentOS6
リアルタイムミラーリングツール導入(lsyncd+rsyncd)
CentOS rsync+lsync
ssh公開鍵認証を実装する
lsyncdで複数サーバーをターゲットに同期する際のtips

Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Comments
Sign up for free and join this conversation.
If you already have a Qiita account
Why do not you register as a user and use Qiita more conveniently?
You need to log in to use this function. Qiita can be used more conveniently after logging in.
You seem to be reading articles frequently this month. Qiita can be used more conveniently after logging in.
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away