Password-less Rsync over ssh howto

This document describes howto use rsync and the required configuration to have duplication of a cvs tree in a secondary cvs server for backup. The secondary cvs server will use rsync over ssh (public key based auth) to synchronize with the primary cvs server.

This is our setup

The host that has the original cvs repository tree is master.com
The host that will have the duplicated cvs tree is slave.com
The cvs repository is/will be located under /somepath/cvsroot on both hosts
rsync is installed on both hosts
The user rsync exists on both hosts and has read/write permission on the cvs repository

Preparations

Create public/private rsa keys with empty passphrase for the rsync user

master.com$ su - rsync
master.com$ ssh-keygen -t rsa

The keys will be placed in /home/rsync/.ssh.

Place the public key of the rsync user in /home/rsync/.ssh/authorized_keys on both hosts.

master.com$ cat /home/rsync/.ssh/id_rsa.pub > /home/rsync/.ssh/authorized_keys
master.com$ ssh-copy-id -i /home/rsync/.ssh/id_rsa.pub rsync@slave.com

Run an rsync server on both hosts

   rsync --daemon --config=/usr/local/etc/rsync.conf

rsync configuration on the master

See man rsync.conf for details on the configuration file.

The rsync.conf file controls authentication, access and logging. We will rely on ssh for authentication and security.

Set up the file /usr/local/etc/rsync.conf on master.com (primary cvs server) as fllows :

   pid file = /var/run/rsync.pid
   uid = cvs
   gid = cvs
   [cvs]
		path = /somepath/cvsroot
	        comment = cvs repository

Policy

The goal is to implement the following policy using the adequate rsync options.

In order to remove a file, it must be manually removed from both repositories.
Files added to any of the repositories will appear in the other repository after synchronization takes place.
After the sync, the latest version of the file is the same on each server.

Options that will be used

–update (-u) skip files that are newer on the receiver
–recursive (-r) recurse into directories
–times (-t) preserve times
–perms (-p) preserve permissions
–group (-g) preserve group
–delete-after receiver deletes after transfer, not before
-e ssh command specifies the ssh parameters to use for connecting to the remote host.

Synchronizing the secondary repository

Commands to issue on the machine hosting the secondary repository (slave.com)

  /usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa_cvs" cvs@master.com::cvs /somepath/cvsroot

Synchronizing the primary repository

Here is the command to update the primary cvs repository on master.com

  /usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa_cvs"  /somepath/cvsroot cvs@master.com::cvs

Automating the sync

Add crontab entries on the machine hosting the secondary repository slave.com

 01 	05 	* 	*  	*	/usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa" cvs@master.com::cvs /somepath/cvsroot | mail -s "[cron] [rsync-in] [slave.com]" your-email
 01 	07 	* 	*  	*	/usr/local/bin/rsync -urtpgv --delete-after -e "ssh  -i /home/cvs/.ssh/id_rsa" /somepath/cvsroot cvs@master.com::cvs | mail -s "[cron] [rsync-out] [slave.com]" your-email

Labels: howto, coding, unix