I searched for> 5 days, tried many tricks and tips, and even tried to get lsync to help, but all in vain.
I have 2 Red Hat 6.3 web servers that need to synchronize their image directories when uploading an image. We cannot control which server it is loading, but it does not load in another when it is loading.
I just need to tell lsync to use other non-root user credentials. Our information security team does not allow rootless root access. I can’t say that I blame them.
I have an account that has sudo access to do all it takes to get the files to their destination. Although I can get rsync to perform synchronization just fine, it fails with a resolved error when starting from lsync.
I can even copy the command that lsync runs from the log, remove the square brackets and synchronize successfully. So, I'm sure this caused the problem. Just because it starts as root. The shell script makes it run as root. I even tried changing it to a non-root account, and all supporting files were changed along with the script, and it still refuses to sync.
Here are the details of the scripts and files that I have: OS: Red Hat Linux version 6.3 (Santiago) lsyncd configuration file:
---- -- User configuration file for lsyncd. -- -- Simple example for default rsync, but executing moves through on the target. -- -- For more examples, see /usr/share/doc/lsyncd*/examples/ -- -- sync{default.rsyncssh, source="/var/www/html", host="localhost", targetdir="/tmp/htmlcopy/"} settings{ logfile = "/var/log/lsyncd.log", statusFile = "/var/log/lsyncd-status.log", delay = 1, } sync { default.rsyncssh, source="<Absolute path to source directory>", host = "<Host IP>", targetdir = "<Absolute path to target directory>", rsync = { binary = "/usr/bin/rsync", rsh = "sudo -u <Domain>\\<User ID> ssh", sparse = true, update = true, links = true, times = true, } }
Rsyncd.conf file:
log file = /var/log/rsyncd.log pid file = /var/log/rsyncd.pid allow = localhost deny = * list = true uid = 16777218 gid = 16777222 read only = false timeout=600 use chroot = true [Test1] path = "<Absolute path to target/source>" comment = Test for remote transfer
The rsyncd.conf file has been modified to use a different uid / gid, since this is what I wanted it to be changed.
Here is the error log from lsyncd.log:
Thu Aug 22 07:58:57 2013 Debug: daemonizing now. Thu Aug 22 07:58:57 2013 Function: Inotify.addWatch(<Absolute Path to Source> ) Thu Aug 22 07:58:57 2013 Inotify: addwatch( <Absolute Path to Source> )-> 1 Thu Aug 22 07:58:57 2013 Call: getAlarm( ) Thu Aug 22 07:58:57 2013 Alarm: runner.getAlarm returns: (true) Thu Aug 22 07:58:57 2013 Masterloop: immediately handling delays. Thu Aug 22 07:58:57 2013 Call: cycle( ) Thu Aug 22 07:58:57 2013 Function: invokeActions( "Sync1", (Timestamp: 5491559.47) ) Thu Aug 22 07:58:57 2013 Normal: recursive startup rsync: <Absolute Path to Target> -> <Host IP>:<Absolute Path to Target> Thu Aug 22 07:58:57 2013 Exec: /usr/bin/rsync [--delete] [--ignore-errors] [-usltS] [--rsh=sudo -u <Domain>\<User ID> ssh] [-r] [<Absolute Path to Source>] [<Host IP>:<Absolute Path to Target>] Thu Aug 22 07:58:57 2013 Function: write( (Timestamp: 5491559.47) ) Thu Aug 22 07:58:57 2013 Statusfile: writing now Thu Aug 22 07:58:57 2013 Call: getAlarm( ) Thu Aug 22 07:58:57 2013 Alarm: runner.getAlarm returns: (false) Thu Aug 22 07:58:57 2013 Masterloop: going into select ( no timeout ) rsync: Failed to exec sudo: Permission denied (13) rsync error: error in IPC code (code 14) at pipe.c(84) [sender=3.0.6] rsync: connection unexpectedly closed (0 bytes received so far) [sender] rsync error: error in IPC code (code 14) at io.c(600) [sender=3.0.6] Thu Aug 22 07:58:57 2013 Call: collectProcess( ) Thu Aug 22 07:58:57 2013 Delay: collected an event Thu Aug 22 07:58:57 2013 Error: Temporary or permanent failure on startup of "<Absolute Path to Target>". Terminating since "insist" is not set.
NOTE. I sanitized the files and suggested that I understood all the intentions of the application as to where the sources and targets should be.
So, we just understood the goal:
- I have 2 web servers that are load balanced.
- Images will be uploaded without control as to which server they are sent to.
- I am developing a synchronization architecture using lsyncd / rsync as a daemon to update both servers at boot time. This means that for both servers you will need to start lsyncd / rsyncd without uninstalling. No exception assumes that if both servers received a different image at the same time, and then when the server first checked the target, it will delete the target file because it was not in the source.
They talked about trying to figure out how to send images to one server, and then we could use the delete option to make both servers synchronize accurately, without worrying about the synchronization services on both servers and possibly not due to timing In addition, I do not know what will happen if one file is opened and another server tries to delete it.
I am desperate because I cannot even get the author to help. Perhaps this cannot be done, but it would seem that an application so powerful would have this one stupid flaw that would make it completely unsuitable for those who have security problems.
Thanks!