CopyDisable

Friday, 26 April 2013

rsync/ssh without entering password

 

Long time back, I got a task to create DR for one of our production sites. The site  was running on a Ubuntu server and using MySQL and PHP. Replicating DB was not an issue as MySQL was built in with easiest replication technology. But problem was with syncing the Application’s files. We didn’t have any tool to do this task. So I decided to implement it using Linux’s built in rsync command.

image

But problem was that I have to sync using a cron job and shell script. But rsync asks for password of the user (with which I will connect the primary site), and entering password interactively in my cron job’s shell script was not possible.

The workaround was to set up a pair of ssh keys and put the public key in the remote system's .ssh directory.

For this example I have created one user rsync_user which will connect to the primary server and sync the files.

I will run rsync command on the DR site (Say IP 192.168.10.76), it will connect the Primary Site (Say IP 192.168.10.75) and sync the local directory of the DR site with the remote directory of the Primary site.

 

Steps to be done:

On the computer DR site (Say IP 192.168.10.76)

So on the DR site, login as the user that will connect the primary, in my case I will use my rsync_user user for this purpose.

Now run the command ssh-keygen to generate the keys.

$ ssh-keygen -t rsa

This will create the .ssh directory inside the home directory of the user (if already not present). When this command asks for passphrase, just press enter, do not enter any passphrase.

image

The above command will create a private key and a public key.

image

id_rsa is the private key and check the permission for this key. If the permission is not 600 then change the permission.

chmod 600 id_rsa

Now copy the id_rsa.pub file to the Primary Site (this is where I will connect using rsync).

 

On the computer Primary site (Say IP 192.168.10.75)

I have copied the id_rsa.pub file to the home directory of the rsync_user.

image

If .ssh folder is not present, then create it. Then add the id_rsa.pub key of the DR server into the authorized_keys file. If the file is not present then it will be created by the command cat id_rsa.pub >> .ssh/authorized_keys 

image

 

That’s it, we are set to connect through rsync/ssh without entering password.

On the DR server, I will run the rsync/ssh command. Before scripting, manually run the command once, so that the primary site is added to the .ssh/known_hosts file.

image

Now run the rsync command on the DR site.

image

Also we can connect ssh sessions without entering password.

image

All set, now I can add the shell script to sync my site’s folder. The sample script is (filename: /home/rsync_user/scripts/files_sync.sh):

echo "File sync started at" >> /home/rsync_user/scripts/files_sync.log
date >> /home/rsync_user/scripts/files_sync.log

rsync -rtvupgo --delete  rsync_user@192.168.10.75:/var/www/ /var/www/ >> /home/rsync_user/scripts/files_sync.log

echo "File sync completed" >> /home/rsync_user/scripts/files_sync.log
echo "" >> /home/rsync_user/scripts/files_sync.log

Create a cron job to do the sync say in every 5 minutes:

Run

crontab –e

and add the following line:

*/5 * * * *  sh /home/rsync_user/scripts/files_sync.sh

We are ready with our requirement Smile

No comments:

Post a Comment