Main.Mirroring History
Hide minor edits - Show changes to markup
Rsync del sito della stazione
Rsync del sito della stazione
Rsync del sito della stazione
Tramite rsync e' mirrorato il sito http://brallo.mine.nu sul sito con maggior banda http://www.meteobrallo.com/mirror. Il mirror e' schedultato ogni ora ed effettuato tramite demone di wview. Per poter rendere operativa questa funzionalita' il sito remoto (meteobrallo) deve essere una macchina linux con attivo rsync e l'utente deve avere accesso in ssh. Basta seguire passo passo le istruzioni presenti sul sito di wview per far funzionare la cosa:
14. Secure File Transfer (rsync/ssh)
14.1 Overview
A new wview daemon has been added to support secure file transfers to
remote servers: wviewsshd. It is enabled or disabled in the same way that
the wviewftpd and wvalarmd daemons are - by the presence or absence of the
respective config files. All three of these utility daemons are disabled
in the standard distribution because the config file names are all appended
with "-no-[function]", i.e. "wviewssh.conf-no-ssh". The secure updates are
performed using rsync over an ssh session. To work properly, the wview
server must be able to login and/or execute commands on the destination
server via ssh WITHOUT entering a password. This is accomplished by copying
the wview server's root account shared ssh key to the remote server's
login account.
Suggestion: Don't mix hostname with IP address for the remote server during
the configuration below. Decide NOW whether you are going to use
a hostname or an IP address, and use it consistently for all
references to [remote_host] below. ssh does make a distinction
when storing and verifying shared keys.
Placeholders:
[remote_host] - the host we want to update
[ssh_login_user] - the user account name on the [remote_host] we
want to use for the ssh logins
[remote_test_dir] - remote directory to receive files, relative
to the [ssh_login_user] login home directory
*[ssh_login_user] must have write access to this
directory*
[wview_server] - the wview host
Note: I have included prompts of the form "username@host:# " to help
clarify what is being executed on what host. Your actual shell
prompts may be different, this is only for clarity in this procedure.
Note: This procedure assumes compatible versions of ssh - version 1 and
version 2 of openssh have compatability problems as well as with
ssh.com versions 1 and 2. If you are having problems with the setup,
I strongly suggest going to the following URL for advanced help:
http://www.cs.berkeley.edu/~dtliu/sshinterop.html.
14.2 Prerequisites
14.2.1 Verify rsync is installed on the wview server:
root@[wview_server]:# whereis rsync
If that doesn't produce /usr/bin/rsync or similar, install rsync.
14.2.2 Verify rsync is installed on the remote host:
root@[wview_server]:# ssh -l [ssh_login_user] [remote_host]
[enter password]
[ssh_login_user]@[remote_host]:# whereis rsync
If that doesn't produce /usr/bin/rsync or similar, install rsync.
Logout:
[ssh_login_user]@[remote_host]:# exit
14.3 ssh Shared Key Setup
14.3.1 Generate a public/private key pair for the root user on the wview
server (if it does not already exist) (execute as the root user):
root@[wview_server]:# mkdir -p ~/.ssh
root@[wview_server]:# ssh-keygen -t rsa
Just hit enter for default values when asked questions.
This will create two files, we are interested in the ~/.ssh/id_rsa.pub
file.
14.3.2 Transfer id_rsa.pub to [remote_host]. Use ftp, scp, email, floppy
disk, whatever you want to get this file to the remote host.
14.3.3 Login to [remote_host] as [ssh_login_user] and append the contents of
id_rsa.pub into ~/.ssh/authorized_keys (if authorized_keys does not
exist, just rename id_rsa.pub to authorized_keys).
root@[wview_server]:# ssh -l [ssh_login_user] [remote_host]
[enter password]
[ssh_login_user]@[remote_host]:# mkdir -p ~/.ssh
[ssh_login_user]@[remote_host]:# cd ~/.ssh
[ssh_login_user]@[remote_host]:# cat id_rsa.pub >> authorized_keys
Stay logged in - we need it for the next step.
14.3.4 As [ssh_login_user] on [remote_host], ssh into the wview server as root,
answer "yes" if this is the first time, then logout. This sets the
wview server up in the remote server login account's "known_hosts" file.
[ssh_login_user]@[remote_host]:# ssh -l root [wview_server]
[enter password]
root@[wview_server]:# exit
Now, exit the original ssh session:
[ssh_login_user]@[remote_host]:# exit
14.3.5 As root on the wview server, ssh into [remote_host] as [ssh_login_user],
answer "yes" if this is the first time, then logout. This sets the
[remote_host] up in the wview server root account's "known_hosts" file.
root@[wview_server]:# ssh -l [ssh_login_user] [remote_host]
[no password should be required!]
[ssh_login_user]@[remote_host]:# exit
14.3.6 Finally, we need to set up ssh for the root user so that when
[remote_host] is logged into, ssh uses [ssh_login_user] instead of
root for the login on [remote_host]. This must be done for every
[remote_host] entry in wviewssh.conf. This is what specifies which
user account is used for the ssh login to each [remote_host].
Edit /root/.ssh/config and put the following at the top of the file
(just create a new file if it does not exist):
[text start]
Host [remote_host]
User [ssh_login_user]
[text end]
Save and exit that file.
14.3.7 Mandatory Tests - these must succeed before going any further:
As root on the wview server execute:
root@[wview_server]:# ssh [remote_host]
You should be logged in to [remote_host] as [ssh_login_user] without
entering a password.
Exit the remote host shell:
[ssh_login_user]@[remote_host]:# exit
You should now be able to remotely execute commands over ssh. Verify
this by executing the date command from the wview server as root:
root@[wview_server]:# ssh [remote_host] date
This MUST execute without requiring a password. If it does not, go back
to the beginning of shared key setup and double check your steps.
DO NOT proceed if you cannot login/execute commands remotely as
[ssh_login_user] without a password. This is critical! There is much
online documentation concerning ssh setup, this is only a bare-bones
treatment of the subject.
14.4 Confirming rsync Functionality
14.4.1 Place files in /var/wview/img (if it is not already your "IMAGE_PATH"
in htmlgen.conf):
root@[wview_server]:# cp [some_test_files] /var/wview/img
14.4.2 Create/Verify the destination path on the remote server
(as [ssh_login_user]):
root@[wview_server]:# ssh [remote_host]
[you are now logged in as [ssh_login_user] without a password, right?]
[ssh_login_user]@[remote_host]:# cd ~
[this is your ssh login directory - all wviewssh.conf destination
paths are relative to this directory]
[ssh_login_user]@[remote_host]:# mkdir -p [remote_test_dir]
Note: [remote_test_dir] is a relative path from the [ssh_login_user]
login directory - it CANNOT contain a leading "slash".
Logout:
[ssh_login_user]@[remote_host]:# exit
14.4.3 Test rsync over ssh from the wview server:
root@[wview_server]:# rsync -aqz --rsh=ssh /var/wview/img/ [remote_host]:[remote_test_dir]
This should transfer the files you placed in /var/wview/img to the
remote server in the [remote_test_dir] directory without a password
being required.
*****!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!*****
wview ssh file transfer capability will NOT work until you can
successfully execute this command from the wview server and verify
the file transfers on the remote server.
*****!!!!!!!!!!!!!!!!!!!!!!!!! IMPORTANT !!!!!!!!!!!!!!!!!!!!!!!!!*****
14.5 Configuring wview For Secure Transfers
14.5.1 Stop wview as you normally would:
[FreeBSD] /etc/rc.d/wview stop -OR- [SuSE] /etc/init.d/wview stop -OR- [RH/Fedora] /etc/rc.d/init.d/wview stop
14.5.2a If updating, copy the wviewssh.conf script to your server:
cp .../wview-x.y.z/examples/conf/wviewssh.conf-no-ssh /etc/wview/wviewssh.conf
14.5.2b If a new install, rename the config file:
mv /etc/wview/wviewssh.conf-no-ssh /etc/wview/wviewssh.conf
14.5.3 Copy the new wview start script which will start the wviewsshd daemon:
[FreeBSD] cp .../wview-x.y.z/examples/FreeBSD/wview /etc/rc.d [SuSE] cp .../wview-x.y.z/examples/SuSE/wview /etc/init.d [RH/Fedora] cp .../wview-x.y.z/examples/Fedora/wview /etc/rc.d/init.d
14.5.4 Edit /etc/wview/wviewssh.conf, adding one or more transfer rules: [snip]
- Interval Source Remote Host Remote Destination
- -------- ----------------------------- ------------------------- ---------------------------
1 /var/wview/img [remote_host] [remote_test_dir] [snip]
The example file contains a full description of the columns.
Each [remote_host] entry must have a corresponding "Host" entry in
/root/.ssh/config which specifies the login account ([ssh_login_user])
to use for ssh. See section 14.3 above. Further, the procedures outlined
in sections 14.2-14.4 MUST be followed for each unique [remote_host]
[ssh_login_user] combination.
14.5.5 Start wview as you normally would:
[FreeBSD] /etc/rc.d/wview start -OR- [SuSE] /etc/init.d/wview start -OR- [RH/Fedora] /etc/rc.d/init.d/wview start
