~~NOTOC~~







====== Password-less Rsync over ssh howto ======

This document describes howto use **[[http://samba.anu.edu.au/rsync/|rsync]]** and the required configuration to have duplication of a cvs tree in a secondary cvs server for backup. The secondary cvs server will use rsync over ssh (public key based auth) to synchronize with the primary cvs server.



===== This is our setup =====

  * The host that has the original cvs repository tree is master.com
  * The host that will have the duplicated cvs tree is slave.com 
  * The cvs repository is/will be located under /somepath/cvsroot on both hosts
  * rsync is installed on both hosts
  * The user **rsync** exists on both hosts and has read/write permission on the cvs repository


===== Preparations =====

  * Create public/private rsa keys with empty passphrase for the rsync user

<code>
master.com$ su - rsync
master.com$ ssh-keygen -t rsa
</code>

The keys will be placed in /home/rsync/.ssh.

  * Place the public key of the rsync user in /home/rsync/.ssh/authorized_keys on both hosts.

<code>
master.com$ cat /home/rsync/.ssh/id_rsa.pub > /home/rsync/.ssh/authorized_keys
master.com$ ssh-copy-id -i /home/rsync/.ssh/id_rsa.pub rsync@slave.com
</code>

  * Run an rsync server on both hosts

<code>
   rsync --daemon --config=/usr/local/etc/rsync.conf
</code>



===== rsync configuration on the master =====

//See man rsync.conf for details on the configuration file.//

The rsync.conf file controls authentication, access and logging. We will rely on ssh for authentication and security.

Set up the file /usr/local/etc/rsync.conf on master.com (primary cvs server) as fllows :

<code>
   pid file = /var/run/rsync.pid
   uid = cvs
   gid = cvs
   [cvs]
		path = /somepath/cvsroot
	        comment = cvs repository

</code>




===== Policy =====

The goal is to implement the following policy using the adequate rsync options.

  - In order to remove a file, it must be manually removed from both repositories.
  - Files added to any of the repositories will appear in the other repository after synchronization takes place.
  - After the sync, the latest version of the file is the same on each server.


===== Options that will be used =====

  * --update     (-u)           skip files that are newer on the receiver
  * --recursive  (-r)           recurse into directories
  * --times     (-t)            preserve times
  * --perms     (-p)	        preserve permissions
  * --group     (-g)            preserve group
  * --delete-after              receiver deletes after transfer, not before
  * -e	 ssh command	    specifies the ssh parameters to use for connecting to the remote host.



===== Synchronizing the secondary repository =====

Commands to issue on the machine hosting the secondary repository (slave.com) 

    /usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa_cvs" cvs@master.com::cvs /somepath/cvsroot


===== Synchronizing the primary repository =====

Here is the command to update the primary cvs repository on master.com

    /usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa_cvs"  /somepath/cvsroot cvs@master.com::cvs



===== Automating the sync =====

Add crontab entries on the machine hosting the secondary repository slave.com

   01 	05 	* 	*  	*	/usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa" cvs@master.com::cvs /somepath/cvsroot | mail -s "[cron] [rsync-in] [slave.com]" your-email
   01 	07 	* 	*  	*	/usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa" /somepath/cvsroot cvs@master.com::cvs | mail -s "[cron] [rsync-out] [slave.com]" your-email

{{tag>howto coding unix}}